Check file access, get process id

Question

Hi, is it possible to check if a file in a specific directory is accessed by a process X and get the process id (in c++ or better c#) ?

I think there must be a moment, when the file is accessed by a process before it is opened by it. (for example anti-virus tools are using this too)

Example:

1. I double-click a txt file
2. Before notepad is automatically opened, the c++ or c# program should get the process id of notepad, before it is opened.

Is this possible? Someone told me, it could be done with low-level-hooks but I haven't found an "file access hook".

Thanks.

Answer 1

Sorry, Should work on windows systems (WinXP and higher)

Answer 2

HWND hWnd = FindWindow(0, "Untitled - Notepad"); //Specify the title of notepad.exe
DWORD ProcessId = GetWindowThreadProcessId(hWnd, &ProcessId);

Answer 3

I think the only way to do this is by hooking API functions. See this: http://www.codeproject.com/KB/system/hooksys.aspx

API hooking is a very difficult task and prone to a lot of errors. If you must do this, I suggest using a third party library, such as the one here: http://madshi.net/

You would want to hook the functions associated with opening files. I wouldn't recommend doing it unless you really know what you're doing and unless you have a very good reason to; like I said before, it can cause a lot of stuff to stop working. For example, API hooking could conflict with security settings and even security software such as antiviruses or firewalls.

Doing this in C# from scratch is even harder, if at all possible.

Answer 4

As far as I know, there is no direct way to monitor files in the way you described above with C#; as these low level tasks always done in kernel mode.

You will need to create a system file driver, which is not a simple task, but if you like to try it yourself, here is where you should start from.