Menu
How does the Process Monitor from Sysinternals monitor file IO activity like it does? If you enable the advanced information, you can see that calls that were previously shown as CreateFile are now shown as IRP_MJ_CREATE which suggests that it hooks some rather low level stuff. Does anyone know exactly what it hooks/how it works?
653
Perhaps your answer is with this SO post
136
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
