Notify on handles created/destroyed

delphi package - easy access to kernel objects etc.

Notify on handles created/destroyed

Postby drphobos » Wed May 23, 2007 9:49 am

Hi,

I need to check cyclical which are the handles created/destroyed. In particular the handles of type otFile and otFileMapping.

I try to check processes.items[x].handles cyclical but the function is very very slow.
There is any other solution?

Thanks.
drphobos
 
Posts: 4
Joined: Fri Mar 23, 2007 10:36 am

Postby madshi » Thu Jun 07, 2007 7:56 pm

Sorry for the late reply. What purpose do you need this for?
madshi
Site Admin
 
Posts: 9265
Joined: Sun Mar 21, 2004 5:25 pm

Postby drphobos » Fri Jun 08, 2007 10:13 am

I need to see files open in real time and the associated handle.
drphobos
 
Posts: 4
Joined: Fri Mar 23, 2007 10:36 am

Postby madshi » Tue Jun 19, 2007 6:20 pm

Polling is just dead slow for such a purpose. You might want to use a kernel mode driver for such a thing. Alternatively you could use API hooking in user land. But it's difficult to do this kind of stuff in a way which doesn't eat too much performance. The driver approach would be the best one.
madshi
Site Admin
 
Posts: 9265
Joined: Sun Mar 21, 2004 5:25 pm


Return to madKernel

Who is online

Users browsing this forum: Google [Bot] and 1 guest