Using FileSystemWatcher we can monitor the IO activity of a particular file system, but is there anyway to know that which one of the running processes is causing that IO?
More specifically, suppose a running process viz. abc.exe is creating a file text.txt on drive D. We can monitor that a file named text.txt has been created in drive D using FileSystemWatcher, but can we determine programmatically that a process named abc.exe is creating that particular file in drive D?
handle.exe from SysInternals is a command line tool that allow programmatic access to which program has a particular file or directory open.
Produces this output:
Handle v3.42 Copyright (C) 1997-2008 Mark Russinovich Sysinternals - www.sysinternals.com devenv.exe pid: 5240 184: C:\Windows\System32\stdole2.tlb Ssms.exe pid: 5000 1F4: C:\Windows\System32\stdole2.tlb
Which can be parsed programmatically.