2

I'm working on a script that should check on certain system events (like opening of a file, or changing of a registry key) and start further actions depending on that. But I haven't found a clean way to get the information into my script.

I'm looking for a way to get the output of Sysinternals Process Monitor into another program. This should happen without user interaction in close to real time; so saving into a CSV/XML and than using this doesn't work. I've checked on using the backing file, but this is in the Process Monitor PML format, which i haven't found to be documented anywhere.

Does anybody know a way how I can get the output of Process Monitor into my script? Or an other (not too messy) way to get a real time list of opened files, registry keys etc into a python program?

Thanks!

4

1 回答 1

0

如果您想解析标准输出或文件,并且您可以使用仅 32 位的解决方案,请尝试Dr Strace或ntstrace

您还可以研究ospy或其他 ProcMon 替代方案。ospy 是开源的,因此至少您可以查看用于捕获事件的源代码。

这是ProcMon 的替代列表。

于 2014-12-24T15:57:41.943 回答