windows 如何跟踪进程及其子进程打开的所有文件?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/3267326/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How to trace all files opened by a process and its child processes?
提问by R.D
I tried Sysinternals - Process Monitor, but there is no way to dynamically attach filters for child processes
我尝试了 Sysinternals - Process Monitor,但是没有办法为子进程动态附加过滤器
回答by R.D
To make it programming related: you can use Import Address Table Hookingand dole out your own implementation :-)
为了使其与编程相关:您可以使用导入地址表挂钩并分发您自己的实现:-)
If you are looking for a tool, I believe someone has already done that for you: StraceNT: A system call tracer for Windows.
如果您正在寻找一种工具,我相信有人已经为您完成了:StraceNT:Windows 系统调用跟踪器。
The website claims it is an strace clone and strace supports tracing child processes (I haven't used this tool myself, so not sure of the claim).
该网站声称它是一个 strace 克隆,并且 strace 支持跟踪子进程(我自己没有使用过这个工具,所以不确定声明)。
(strace is a utility available on linux environments, which allows you to trace system calls, I suppose that explains the name straceNT).
(strace 是 linux 环境中可用的实用程序,它允许您跟踪系统调用,我想这解释了名称 straceNT)。
Hope that helps!
希望有帮助!
回答by Benjamin Weiss
Try OpenedFilesView from Nirsoft. http://www.nirsoft.net/utils/opened_files_view.html
试试 Nirsoft 的 OpenedFilesView。 http://www.nirsoft.net/utils/opened_files_view.html
The download is on the bottom of the page. (Actually hard to find)
下载位于页面底部。(其实很难找)
回答by Francis
Try Process Monitor. http://technet.microsoft.com/en-in/sysinternals/bb896645.aspxby Microsoft.
尝试进程监视器。http://technet.microsoft.com/en-in/sysinternals/bb896645.aspx由微软提供。
