0

I just came up with a Question thats bugging me. I would like to create or find a Program that can observe filesystem changes and registry etc. Changes made by another Executable. Like Starting a Program through Another and observing the windows api calls or something.

Is that possible? And how would I go about it?

Thanks in advance.

user1090755
  • 517
  • 1
  • 4
  • 14
  • 1
    If you want an *existing* tool sysinternals process monitor; http://technet.microsoft.com/en-gb/sysinternals/bb795533.aspx / http://stackoverflow.com/questions/4833972/how-does-sysinternals-processmonitor-work – Alex K. Mar 18 '14 at 12:33
  • These tools look promising, especially Process Explorer and Process Manager. I will look a little deeper. If I wanted to use something like dll injection can I observe and log the windows api calls? I have seen some programs observing text write calls etc. – user1090755 Mar 18 '14 at 14:46

1 Answers1

0

You can use this api http://msdn.microsoft.com/en-us/library/windows/desktop/aa365261(v=vs.85).aspx This api is limited and if your task is out of scope of this api you must go in minifilter driver wonderland.

Evgenii Gostiukhin
  • 970
  • 4
  • 8