Hi, I'm not sure this is the right place to ask. I'm sorry if I'm wrong.

I'm interested in learning/making a program, that tracks the behaviour of another program (where it writes on a disk, or what it changes in the registry, especially the last one).

Any ideas, what should I look for?

Thank you in advance,
Z.
Posted on 2002-02-15 14:27:41 by Zingam
File and registry access monitoring is well described by M.Russinovich and released in his FileMon and RegMon programms.
He submited sources (C++) of both programms.
You can get it on systeminternals.com (if I spelt it right :))
Posted on 2002-02-15 18:15:31 by The Svin
Posted on 2002-02-15 18:35:33 by JCP
The GoBack/Norton Cleansweep has a similar function. It keeps track which files you deleted...

I really don't know about these files, what they do... but I heard that these are the ones that those tracking software checks:

win.ini
system.ini
config.sys
autoexec.bat

for files, you have to create a database with the filename and date last modified.
Posted on 2002-02-15 19:03:48 by stryker
1. Clean (I would rather call it "dirty") sweep do monitoring slow
and buggy way.
2. I never heard about sources
3.
for files, you have to create a database with the filename and date last modified

No, you don't need to:
- This way you can see only that file was modified, not accessed
- You can do it in a fly without comparing (see M.R. method)
Posted on 2002-02-15 19:54:15 by The Svin