vendredi 6 juin 2008 11:35Hi all!
I would like to kno if anyone here knows what file in windows is modified when a user executes an application. I want to create a watch on that file so everytime an application is executed is executes a function...
for example if i run internet explorer is kicks something off...then when i run word it kicks something else off...
thanks in advance for any help!!
Toutes les réponses
lundi 13 octobre 2008 08:00
Using a debugger might help . Err .. Reverse Engineering is illegal . But you may take a look at Soft ICE , populary known as ICE
lundi 27 octobre 2008 12:20
I don't think ANY file is modifed when an app is executed (else how would you run apps from read-only media or LiveCDs?). You need to install a filter like Antiviruses do. Don't remember if the opensource ClamAntivirus has such a filter (online/realtime/on-demand scanning), can check it out and if so see its sourcecode. The easiest way could be to plug into Windows Shell to get such notifications, but that won't cover all scenarios (execute from batch file etc.). Anyway to monitor the FileSystem, checkout FileMon from SysInternals (http://www.sysinternals.com), now a part of Microsoft. Also RegMon from them to monitor the registry (you have more chance to see some registry access there to keys MS uses to accelerate application startup - similar goes to some special folders MS uses for that)