像Sysinternals的ProcMon一样监视IO [英] Monitoring IO like Sysinternals' ProcMon
本文介绍了像Sysinternals的ProcMon一样监视IO的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
Sysinternals中的进程监视器"如何像这样监视文件IO活动?如果启用了高级信息,则可以看到以前显示为CreateFile的调用现在显示为IRP_MJ_CREATE,这表明它钩了一些相当低级的内容.有谁确切知道它的钩子/如何工作?
How does the Process Monitor from Sysinternals monitor file IO activity like it does? If you enable the advanced information, you can see that calls that were previously shown as CreateFile are now shown as IRP_MJ_CREATE which suggests that it hooks some rather low level stuff. Does anyone know exactly what it hooks/how it works?
推荐答案
也许您的答案是 查看全文
