What is modified in windows when an application is executed? RRS feed

  • Question

  • Hi all!

    I would like to kno if anyone here knows what file in windows is modified when a user executes an application. I want to create a watch on that file so everytime an application is executed is executes a function...
    for example if i run internet explorer is kicks something off...then when i run word it kicks something else off...

    thanks in advance for any help!!

    Friday, June 6, 2008 11:35 AM

All replies

  • Using a debugger might help . Err .. Reverse Engineering is illegal . But you may take a look at Soft ICE , populary known as ICE




    Monday, October 13, 2008 8:00 AM
  • I don't think ANY file is modifed when an app is executed (else how would you run apps from read-only media or LiveCDs?). You need to install a filter like Antiviruses do. Don't remember if the opensource ClamAntivirus has such a filter (online/realtime/on-demand scanning), can check it out and if so see its sourcecode. The easiest way could be to plug into Windows Shell to get such notifications, but that won't cover all scenarios (execute from batch file etc.). Anyway to monitor the FileSystem, checkout FileMon from SysInternals (http://www.sysinternals.com), now a part of Microsoft. Also RegMon from them to monitor the registry (you have more chance to see some registry access there to keys MS uses to accelerate application startup - similar goes to some special folders MS uses for that)

    Monday, October 27, 2008 12:20 PM