How to know the process which created a file

Question

0.00/5 (No votes)

See more:

C++

I know how to monitor for a file creation event.
But how can I get the process which created the file?

Posted 5-Jan-10 1:42am

aaaehb

Updated 5-Jan-10 4:44am

v3

Add a Solution

4 solutions

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Jaligamap · Answer 1 · 2010-01-05T10:28:00

If the file is already opened, you can see with the process explorer which process owns the file at that time.

Open Process Explorer, select "View Handles" from the toolbar. For each process you see the handles it owns for each resource. This includes file handles too. Of course this gives the current process holding the file handle but does not give info on which process created the file.

I dont think if there is any way to know programatically which process created the file.
If there is a way, I am also intrested to know. :)

By the way, what would be your intention in finding the owner of a file.

aaaehb · Answer 2 · 2010-01-05T11:15:00

Solution 2

Thank you very much for your help
but that's not what I need, I need to know programatically using VC++
and the intention to do that is I have a virus which writes files on my computer, and I want to know the process to kill this damned virus :)

Posted 5-Jan-10 11:15am

aaaehb

Naveen · Answer 3 · 2010-01-05T19:58:00

Solution 3

I think you have to create a file filter driver if you want to monitor the files created by processes. Process monitor [^]is a typical example of such an aplication.

Posted 5-Jan-10 19:58pm

Naveen

aaaehb · Answer 4 · 2010-01-13T07:36:00

Solution 4

Thank you vry much Naveen
It's a very helpful program

Posted 13-Jan-10 7:36am

aaaehb

How to know the process which created a file

4 solutions

Solution 1

Solution 2

Solution 3

Solution 4

Add your solution here

Preview 0

Existing Members

...or Join us