ericbetin4e2
Reputation: 9
How can I detect which process in Windows modified/deleted a specific file using C++ honeypot?
I need to detect, using C++, which process in the system (Windows) modified or deleted a specific file. I created a 'bait' file to simulate a honeypot for testing ransomware.
I would like to identify and return the exact process responsible for this modification or deletion.
I have already tried using ReadDirectoryChangesW, but it doesn't return the process responsible for the modification.
Upvotes: 0
Views: 63
Answers (0)
Related Questions
- Node / Express: EADDRINUSE, Address already in use - how can I stop the process using the port?
- Image Processing: Algorithm Improvement for 'Coca-Cola Can' Recognition
- How can I measure the actual memory usage of an application or process?
- How can I get the list of files in a directory using C or C++?
- The difference between fork(), vfork(), exec() and clone()
- How to find whether a file is modified in Windows using C++?
- How to identify which Daemon Process is writing to the file