Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
294 views
in Technique[技术] by (71.8m points)

How do i determine which files are created or manipulated by a specific process programatically in c# windows OS

Im coding an utility, which has to keep track of an installation.

What directories and files does this installation create on my computer.

The language is c# .net, the OS is windows.

So far iv'e used FileWatcher, which is a step on the way, but there is a LOT of OS noise that you have to clean up, and it makes the end result, a textfile with the filesystem alterations, and prone to error, which makes it unusable.

I've even filtered it so that only the events of the user (BUILTINAdministrators) which runs the installation is being tracked, but still there is a lot of noise.

.
.
.

owner = (new FileInfo(e.FullPath).GetAccessControl().GetOwner(typeof(SecurityIdentifier)).Translate(typeof(NTAccount)) as NTAccount).Value;

if (owner.Contains("BUILTIN\" + "Administratorer"))
   {
      eventList.Add(">" + e.FullPath + "<" + e.ChangeType + ":" + owner);
   }
.
.
.

Ive also tried to use the output of "handle64.exe -p processname.exe" from microsoft, but it only takes a snapshot, and is not able to keep running during an installation.

Does anybody have any idea about how to go about it in c# or if it is even possible.

Thankyou very much for your time and effort

question from:https://stackoverflow.com/questions/66059844/how-do-i-determine-which-files-are-created-or-manipulated-by-a-specific-process

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

You will want to use windows api functions to determine what processes have handles to the files your looking for specifically NtQuerySystemInformation api function to query for all handles this can be achieved with P/Invoke.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...