markzzz markzzz - 4 months ago 11
C Question

Is it possible to create an application to check every opened file on windows?

I'd like to build an application (if there isn't already one) to log every Windows (7, 64-bit) opened file (including attributes) on C#.

What do you think? Could it be possible? Is there another software already built to do this? Do I Need to use a low-level language (C?) and manage kernel events?

Answer

I mean, if I open this c:/programs/file.exe /my-attributes how can I catch /my-attributes

What you are really asking for is the command line that was used to start a process. An entirely different problem from trying to discover what files are opened by a process. And one that you can actually do with C#, using System.Management to run a query on the Win32_Process class. Start a new console mode project and add a reference to System.Management. Make the code look like this:

using System;
using System.Management;  // NOTE: add a reference to System.Management!

class Program {
    static void Main(string[] args) {
        ManagementObjectSearcher searcher =
            new ManagementObjectSearcher("root\\CIMV2",
            "SELECT * FROM Win32_Process");

        foreach (ManagementObject queryObj in searcher.Get()) {
            Console.WriteLine(queryObj["CommandLine"]);
        }
        Console.ReadLine();
    }
}

Beware that the output is not very clean and requires parsing. Some processes may appear with their internal Windows path (like \??\etc), some processes don't have a full path name. Review the Win32_Process class documentation to see what other properties are available.