Tracing which process that has opened a particular file

后端未结

关注

 4  583

忘了有多久 2020-12-17 06:36

From kernel mode in Windows I\'m able to intercept and monitor virtually all actions performed on a particular disk. When a file is opened for any purpose I get an event.

4条回答

清歌不尽 (楼主)

2020-12-17 07:11

Just use Win32 N.API to get the pid from the File handle. It's a FAQ for 15 years...

0 讨论(0)

查看其它4个回答
发布评论:

提交评论
- 加载中...