开发者

Addresses in a File Where Executable Reads From

开发者 https://www.devze.com 2023-02-17 05:54 出处:网络
I am sure this is non-trivial, and I might be asking something absurd.If so, tell me so and I will be done with. Is there a way to debug a Win32 application such that I can see which addresses in a fi

I am sure this is non-trivial, and I might be asking something absurd. If so, tell me so and I will be done with. Is there a way to debug a Win32 application such that I can see which addresses in a file the executable is reading at a given time during开发者_开发知识库 certain operations (I mean like I click buttons on my own, but filter data from a like more extreme version of ProcessExplorer to see what exact sections of a file it is reading)?


If I understand the question correct you might give the Sysinternals Process Monitor an try.

The program shows realtime filesystem, Registry and process activity - you could filter for specific processname, PID, show only filesystem operations, the accessed filename and many more.

It shows you every accessed file, the offset, the length, I/O-Flags and more.

But keep in mind that most programs use some sort of Cache (reading/writing 4KB / 16KB blocks or more in memory before processing). In that case you can only see what part of an file is accessed at an given time, but you don't see when the programm processes the data.

EDIT: No, I dont' think you can take such an deep lock into it with procmon.

0

精彩评论

暂无评论...
验证码 换一张
取 消