I wanna keep track of the files that are being accessed by an application in real time. For example, consider my program is running. I'm also working with Msword and it is accessing some doc files. I just want my application to know the doc files that r being accessed by my Msword software. How can i do it? can any one help me? Another thing my exam was just using MsWord. But i wanna keep track of all the softwares accessing all the files. Thanks for ur will to help me

go to www.sysinternals.com they have a free utility that does this.

Originally posted by TheCPUWizard
go to www.sysinternals.com they have a free utility that does this.

well since you mentioned it cpuwiz...

the way to do it is to create a filter hook driver and hook the system service table functions such as ZwCreateFile(...) ZwOpenFile(...) etc etc. You will need to order the DDK from microsoft, there are samples on how to hook the system service table that come with the DDK, recommend you buy gary nebbitts windows nt/2000 native api reference and use google ;)

thanks a lot Mick. For the reply. I was suffering with it a long time. take care.