6

I need to | findstr SomePATH in order to search if a program access and close immediately a specific path. On Linux, I would use myprogram | strace 2>&1 | grep SomPATH.

But what’s the equivalent on Windows ?

user2284570
  • 1,799
  • 7
  • 35
  • 62
  • 3
    Does it have to be on the command line? Would Process Monitor by Microsoft/Sysinternals help you? – HelpingHand Dec 27 '18 at 00:30
  • @HelpingHand as I wrote in the question I have to filter out a specific path. If it’s not command line it would need to have a search filter. Process Monitor is only for opened files not directories. In my case it is for tracking directories and files which are opened then copied to ram then closed immediatly (less than 10ms) so that the fact they don’t appear in procexp doesn’t means anything. – user2284570 Dec 27 '18 at 14:57
  • Can you check you’re not confusing Process Explorer with Process Monitor. Process Monitor should do what you want. – HelpingHand Dec 27 '18 at 16:36
  • @HelpingHand Hem then, the answer is still no because I need to know if it’s the process I launched which accessed the file and not the System in general. Remember also that I also want to check if my program access modification time of files wich might occurs without opening them ever. – user2284570 Dec 28 '18 at 03:52
  • 2
    I'm sure Process Monitor will give you the information you need -https://live.sysinternals.com/Procmon.exe. It uses a file system mini filter to "see" the file system events taking place and can attribute them to a process or the system process. The system process is excluded in the default filter. – HelpingHand Dec 28 '18 at 17:08
  • @HelpingHand what I want to catch only happens on program startup. Things would be easier on Command line. That’s said I wouldn’t mind about doing it with powershell. – user2284570 Dec 29 '18 at 14:00
  • You can use the `runtime` command line switch to procmon if you only want to capture for a short time. I can't think of a simpler way to see file access of a process over time without instrumenting the other application. – HelpingHand Dec 29 '18 at 15:54
  • Related question: https://stackoverflow.com/questions/3847745/systrace-for-windows – Vasantha Ganesh Jun 07 '21 at 10:29

0 Answers0