Page 1 of 1

Notify on handles created/destroyed

Posted: Wed May 23, 2007 9:49 am
by drphobos
Hi,

I need to check cyclical which are the handles created/destroyed. In particular the handles of type otFile and otFileMapping.

I try to check processes.items[x].handles cyclical but the function is very very slow.
There is any other solution?

Thanks.

Posted: Thu Jun 07, 2007 7:56 pm
by madshi
Sorry for the late reply. What purpose do you need this for?

Posted: Fri Jun 08, 2007 10:13 am
by drphobos
I need to see files open in real time and the associated handle.

Posted: Tue Jun 19, 2007 6:20 pm
by madshi
Polling is just dead slow for such a purpose. You might want to use a kernel mode driver for such a thing. Alternatively you could use API hooking in user land. But it's difficult to do this kind of stuff in a way which doesn't eat too much performance. The driver approach would be the best one.