Process Hacker and Windows discussion


hook a process and get files it`s created\deleted\renamed

Sun Oct 09, 2016 4:44 pm

I have created a c# program which gets new loaded process

startWatch.EventArrived += new ventArrivedEventHandler(startWatch_EventArrived);

and doing stuff when eventHandler fire.

afterwards im using:

foreach (var runningProcess in Process.GetProcessesByName(ShortProcessName))

to get runningProcess.MainModule data for the current process and after that

foreach (System.Diagnostics.ProcessModule module in MYPROCESS.Modules)

to get list of child process and modules.

My next wish is to get an output of files which created \ deleted \ renamed \ changed \ whatever by the process i catched. I have tried digging the 'Process' constructure and modules but didnt find anything for that. also tried using filewatcher, but also here cannot get you the parent process responsible for file changes. i guess this cannot be done using high level language such as c# but lower.

Unfortunatly im not familiar with lowers. in the end i want a service \ watcher to hook a process real-time and create an output (file) of which file he has been messing with.

hope someone save my day :) Thanks!

Who is online

Users browsing this forum: Yandex and 6 guests