I'm trying to reverse-engineer a program that does some basic parsing: text in, text out. I've got an executable "reference implementation" and the source code to what must be a different version, since the compiled source output != executable output.
The process creates and deletes temporary files very quickly in a multi-step parsing process. If I could take a look at the individual temporary files, I could get some great diagnostic data to narrow down where my source differs from the binary.
Is there any way to do any of the following?
- Freeze a directory so that file creation will work but file deletion will fail silently?
- Run a program in "slow motion" so that I can look at the files that it creates?
- Log everything that a program does, including any data written out to files?