Menu
I am trying to snoop on a log file that an application is writing to.
I have successfully hooked createfile with the detours library from MSR, but createfile never seems to be called with file I am interested in snooping on. I have also tried hooking openfile with the same results.
I am not an experienced windows/c++ programmer (or even an experienced programmer), so my initial two thoughts were either that the application calls createfile before I hook the apis, or that there is some other api for creating files/obtaining handles for them.
Edit: Thanks for the two great replys. I would upvote codingthewheel's reply since it was informative, but I don't have enough rep :(
464
You can use Sysinternal's FileMon. It is an excellent monitor that can tell you exactly which file-related system calls are being made and what are the parameters.
I think that this approach is much easier than hooking API calls and much less intrusive.
92
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
