which module creates a specific file?
-
Hi every body! Is there any way/tool to find out which module creates a specific file? E.g one can see a process named Process.exe and this process has loaded a few DLL. What I want to know is which of theses DLLs creates a given file (e.g. C:\file.ext)
Thank you masters!
-
Hi every body! Is there any way/tool to find out which module creates a specific file? E.g one can see a process named Process.exe and this process has loaded a few DLL. What I want to know is which of theses DLLs creates a given file (e.g. C:\file.ext)
Thank you masters!
unless you have the source code to the dll, I doubt it after the file has been created and closed. If the file is open, there are tools around that are the windows equivalent of the 'lsof' command - systinternals (now part of Microsoft) has a tool to display (iirc) open files vs the processes that have them open 'g' [edit] I was wondering if the file properties (custom) would be useful, but surely that depends on a well behaved application filling them out in the first place[/edit]
-
Hi every body! Is there any way/tool to find out which module creates a specific file? E.g one can see a process named Process.exe and this process has loaded a few DLL. What I want to know is which of theses DLLs creates a given file (e.g. C:\file.ext)
Thank you masters!
Check with FileMon http://technet.microsoft.com/en-us/sysinternals/bb896642.aspx[^]
Thanks and Regards, Selvam, http://www.wincpp.com
-
unless you have the source code to the dll, I doubt it after the file has been created and closed. If the file is open, there are tools around that are the windows equivalent of the 'lsof' command - systinternals (now part of Microsoft) has a tool to display (iirc) open files vs the processes that have them open 'g' [edit] I was wondering if the file properties (custom) would be useful, but surely that depends on a well behaved application filling them out in the first place[/edit]
Thank you for your answer. I meant something like that I can examine a specific DIRECTORY or FOLDER so that I can catch every process that attamps to create or modifiy a file.
Thank you masters!
-
Hi every body! Is there any way/tool to find out which module creates a specific file? E.g one can see a process named Process.exe and this process has loaded a few DLL. What I want to know is which of theses DLLs creates a given file (e.g. C:\file.ext)
Thank you masters!
-
Hi every body! Is there any way/tool to find out which module creates a specific file? E.g one can see a process named Process.exe and this process has loaded a few DLL. What I want to know is which of theses DLLs creates a given file (e.g. C:\file.ext)
Thank you masters!
-
If an API is not a tool, then please tell us what it is? :rolleyes:
"Old age is like a bank account. You withdraw later in life what you have deposited along the way." - Unknown
"Fireproof doesn't mean the fire will never come. It means when the fire comes that you will be able to withstand it." - Michael Simmons