2

Is there a way to hook into the windows API to view all files accessed by the operating system?

Jon Seigel
  • 12,035
  • 8
  • 56
  • 92
ryudice
  • 35,196
  • 32
  • 106
  • 157
  • If you just want to know the all open handles, see http://stackoverflow.com/questions/733384/how-to-enumerate-process-handles/750579#750579 –  Feb 22 '10 at 19:27

1 Answers1

1

No, there is no user-mode API to do this.

If you really need this, you have to write a pseudo-device driver that becomes a part of the I/O stack in the kernel, which is definitely not for the faint of heart. This is how Process Monitor works; it extracts code from its own EXE and dynamically loads it as a device driver (of course, this needs admin permissions).

Timores
  • 14,206
  • 3
  • 44
  • 45