问题
Using FileSystemWatcher we can monitor the IO activity of a particular file system, but is there anyway to know that which one of the running processes is causing that IO?
More specifically, suppose a running process viz. abc.exe is creating a file text.txt on drive D. We can monitor that a file named text.txt has been created in drive D using FileSystemWatcher, but can we determine programmatically that a process named abc.exe is creating that particular file in drive D?
回答1:
handle.exe from SysInternals is a command line tool that allow programmatic access to which program has a particular file or directory open.
C:\>handle.exe c:\Windows\system32\stdole2.tlb
Produces this output:
Handle v3.42
Copyright (C) 1997-2008 Mark Russinovich
Sysinternals - www.sysinternals.com
devenv.exe pid: 5240 184: C:\Windows\System32\stdole2.tlb
Ssms.exe pid: 5000 1F4: C:\Windows\System32\stdole2.tlb
Which can be parsed programmatically.
http://technet.microsoft.com/en-us/sysinternals/bb896655.aspx
回答2:
No, this is not possible. FSW sits at a very low level in the file system driver stack. It can only tell that the file system is getting modified, it doesn't know by whom. This is very much by design, it might be a process that sits half-way across the world, using a VPN connection over the internet to use a file share. There is no reasonable alternative for your request.
回答3:
I would recommend SysInternals utilities for this rather than rolling your own.
http://technet.microsoft.com/en-us/sysinternals/bb842062.aspx
来源:https://stackoverflow.com/questions/3971180/how-to-monitor-process-io-activity-using-c