Monitoring certain system calls done by a process in Windows

by

There are several options on Windows.

Windows Performance Toolkit can be used to enable tracing of various system events, including file I/O, and includes tools for processing and viewing these events. You can use xperf to begin trace variously classes of events and save to an ETL file that you can then process or view using the same tools later.

Process Monitor from Sysinternals is another, very easy to use, option, and enables you to quickly see all file and registry accesses any process on the system is doing. You can also run Process Monitor in an automated fashion.

If you’d like to do this completely programmatically, you can use the ETW functions (StartTrace, EnableTrace, etc.) to snap file I/O events and save to an ETL file. Sample code here.

More Related Contents:

  1. How do I get the application exit code from a Windows command line?
  2. How can a program delete its own executable
  3. How do I automatically destroy child processes in Windows?
  4. Kill a Process by Looking up the Port being used by it from a .BAT
  5. Can I send some text to the STDIN of an active process under Windows?
  6. How to suspend/resume a process in Windows?
  7. How to wait for a shell process to finish before executing further code in VB6
  8. Can I handle the killing of my windows process through the Task Manager?
  9. Taskkill /f doesn’t kill a process
  10. Python multiprocessing stdin input
  11. How to delete subfolders and Files but not parent Folder in windows using Script? [closed]
  12. Running PowerShell in Task Scheduler
  13. Cross-platform subprocess with hidden window
  14. How do I get the current username in Windows PowerShell?
  15. Windows equivalent of the ‘tail’ command [duplicate]
  16. Why does only the first line of this Windows batch file execute but all three lines execute in a command shell?
  17. How do I ignore the Perl shebang on Windows with Apache 2?
  18. Why does this batch variable never change even when set?
  19. echo -e equivalent in Windows?
  20. Qt 5.0 program runs in QtCreator but not outside
  21. How to create a self-signed certificate for a domain name for development on Windows 10 and below?
  22. File is older than 4 minutes in Batch file
  23. Git file permissions on Windows
  24. Why is “MINGW64” appearing on my Git bash?
  25. IndexedDB view all Databases and Object Stores
  26. Not able to access tomcat application on Docker VM with host(windows) IP while using docker toolbox
  27. MSysGit vs. Git for Windows
  28. DEP0001 : Unexpected Error: -1988945906 while deploying Windows UWP app to phone
  29. Can’t get Freeglut to work with Haskell on Windows
  30. Windows equivalent of /dev/random

Leave a Comment