How to find out which program is accessing the disk and what is reading?

E

Egor Nevedov2016-08-10 19:23:56

Programming

Egor Nevedov, 2016-08-10 19:23:56

The question is more out of a desire to understand than out of practical need.
Plugged in an external hard drive. I don't read anything from him, I don't write anything. However, I launch the opera, and ... I hear "opera" - the disk starts to crackle and read something. Not the swap file for sure. I wonder if it is possible to somehow find out what exactly (which program) is accessing the disk and what exactly is being read / written? So that each access fact is written to the log, for example. If there is no ready-made solution, how difficult is it to write your own (under win7x64)?
The ideal answer would be a simple open source logger utility in C++

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

N

nirvimel, 2016-08-10
@nirvimel

Тот самый DiskMon от Марка Руссиновича.

A

andreyNN, 2016-08-10
@andreyNN

есть "Аудит файловой системы" в групповых политиках, включаете, настраиваете папки для мониторинга, получаете события в журнале. журнал можно фильтровать в павершелле или где вам удобно.
минус данного решения 1. не все системные вызовы записываются. 2. никогда не видел что бы использовали для всего диска.
плюсы в простоте и близости к ос.