15,892,674 members
Sign in
Sign in
Email
Password
Forgot your password?
Sign in with
home
articles
Browse Topics
>
Latest Articles
Top Articles
Posting/Update Guidelines
Article Help Forum
Submit an article or tip
Import GitHub Project
Import your Blog
quick answers
Q&A
Ask a Question
View Unanswered Questions
View All Questions
View C# questions
View C++ questions
View Javascript questions
View Visual Basic questions
View Python questions
discussions
forums
CodeProject.AI Server
All Message Boards...
Application Lifecycle
>
Running a Business
Sales / Marketing
Collaboration / Beta Testing
Work Issues
Design and Architecture
Artificial Intelligence
ASP.NET
JavaScript
Internet of Things
C / C++ / MFC
>
ATL / WTL / STL
Managed C++/CLI
C#
Free Tools
Objective-C and Swift
Database
Hardware & Devices
>
System Admin
Hosting and Servers
Java
Linux Programming
Python
.NET (Core and Framework)
Android
iOS
Mobile
WPF
Visual Basic
Web Development
Site Bugs / Suggestions
Spam and Abuse Watch
features
features
Competitions
News
The Insider Newsletter
The Daily Build Newsletter
Newsletter archive
Surveys
CodeProject Stuff
community
lounge
Who's Who
Most Valuable Professionals
The Lounge
The CodeProject Blog
Where I Am: Member Photos
The Insider News
The Weird & The Wonderful
help
?
What is 'CodeProject'?
General FAQ
Ask a Question
Bugs and Suggestions
Article Help Forum
About Us
Search within:
Articles
Quick Answers
Messages
Comments by Aner Izraeli (Top 5 by date)
Aner Izraeli
10-Oct-16 11:35am
View
Hmmm, it`s actually mentioning the puprpose, for example, the table goes like this:
Process name | PID | Operation | Path
someprocess.exe | 123 | CreateFile | c:\tempfolder\newcreatedfile.bat
i wish i could add screenshot...
Aner Izraeli
10-Oct-16 3:28am
View
Shalom Eliyahu, thanks for replying :)
yes, you can link file to his process.
the great process explorer (sysinternal tool) can do it, so it`s possible.
that`s what im looking for, some Command line tool that`s able to hook a process and tell which files have been created by him.
i even buy one if found one.
Aner Izraeli
9-Oct-16 15:47pm
View
Thanks! check those two suggestions.
it`s a solution for current handeled files\modules.
im looking for previous handeled file by a process.
for example:
1. a process helloworld.exe loaded.
2. the process creating a file - "testfile.bat"
I want to know that testfile.bat was created by helloworld.exe.
hope im more clear.
Thanks :)
Aner Izraeli
9-Oct-16 15:02pm
View
no,
im talking about which file created\deleted\renamed right now, by a process.
Aner Izraeli
9-Oct-16 15:02pm
View
think of a malware approach,
you cant know in which folder the malware will create\delete\rename files.
if i would know the folder path, than i can easly use filewatcher. :)
Submit an article or tip