Notify on handles created/destroyed

delphi package - easy access to kernel objects etc.
Post Reply
drphobos
Posts: 4
Joined: Fri Mar 23, 2007 10:36 am

Notify on handles created/destroyed

Post by drphobos »

Hi,

I need to check cyclical which are the handles created/destroyed. In particular the handles of type otFile and otFileMapping.

I try to check processes.items[x].handles cyclical but the function is very very slow.
There is any other solution?

Thanks.
madshi
Site Admin
Posts: 10753
Joined: Sun Mar 21, 2004 5:25 pm

Post by madshi »

Sorry for the late reply. What purpose do you need this for?
drphobos
Posts: 4
Joined: Fri Mar 23, 2007 10:36 am

Post by drphobos »

I need to see files open in real time and the associated handle.
madshi
Site Admin
Posts: 10753
Joined: Sun Mar 21, 2004 5:25 pm

Post by madshi »

Polling is just dead slow for such a purpose. You might want to use a kernel mode driver for such a thing. Alternatively you could use API hooking in user land. But it's difficult to do this kind of stuff in a way which doesn't eat too much performance. The driver approach would be the best one.
Post Reply