Hi,

I am trying to write an application that will launch a second application
using CreateProcess...

SECURITY_ATTRIBUTES sa;
STARTUPINFO si;
PROCESS_INFORMATION pi;

::ZeroMemory( &sa, sizeof(sa) );
sa.nLength = sizeof(sa);
sa.lpSecurityDescriptor = NULL;
sa.bInheritHandle = TRUE;

::ZeroMemory( &si, sizeof(si) );
si.cb = sizeof(si);

::ZeroMemory( &pi, sizeof(pi) );

// Start the child process.
if ( !CreateProcess(
NULL,
"C:\\second_app.exe",
&sa,
&sa,
TRUE,
0,
NULL,
"C:\\",
&si,
&pi )
)
{
return;
}

What I want to do is monitor the second process for file read/write, in
other words if the second application interacts with the file system at all,
I want to know how and where, and place that information into a log file. I
know CreateProcess gives me...

pi.dwProcessId
pi.dwThreadId
pi.hProcess
pi.hThread

How can I do this? Any suggestions, ideas are greatly appreciated.

Thanks,
Kal

In article <kxanc.42140$mX.14362146@twister.nyc.rr.com>,
kal@nyc.rr.com says...

[ ... ]

Write the parent as basically a debugger. Set Breakpoints in the
child on the functions you care about, and when they're called, your
parent will receive control.

Of course, writing a debugger is a somewhat non-trivial task, but it
looks to me like about the most reasonable way to accomplish what
you're asking for.

--
Later,
Jerry.

The universe is a figment of its own imagination.

you'll need a specific privilege to begin with,
and you'll need to also programmatically obtain too,
it's the debug privilege (I am assuming you are using NT based OSes and
2000, XP).
you'll need to get a token to the process and so on...
these are just hints, I got the code but it's too long to attach

"kal" <kal@nyc.rr.com> wrote in message
news:kxanc.42140$mX.14362146@twister.nyc.rr.com...

Hi Andrea,

That is not correct. You don't need the debug privilege to debug a process
you are starting up as a debuggee yourself.

Ronald Laeremans
Visual C++ team

"andrea catto'" <acatto@dataflight.com> wrote in message
news:ucSn6vqNEHA.3712@TK2MSFTNGP10.phx.gbl...