Davej said:
I use both XP and Win7 and occasionally I see disk accesses occurring
and would like to know which processes are responsible. Is there any
way to figure this out? Thanks.
If you want some tools to play with, there is Process Monitor and
Process Explorer from Sysinternals (bought out by Microsoft).
http://technet.microsoft.com/en-us/sysinternals/bb896645
http://technet.microsoft.com/en-us/sysinternals/bb896653
It takes a while, to get the value out of those programs.
Process Monitor produces "gobs" of data, and it can take
hours to swim through it, looking for something. I use it,
to see what registry entries a program might be reading.
But it can trace a lot more stuff.
Process Explorer has an interface rather like Task Manager, but
with a little additional information added.
You can never be sure though, whether every activity on a
computer is "visible" to tools like that. Even the Performance
plugin and counters, don't show certain kinds of file system
operations. So if you wanted some guarantee you were "seeing
it all", no tool can really do that. Maybe a kernel debugger
could see it, but regular tools can't hook everything.
Also of note - some AV programs become unhappy, when Sysinternals
programs are probing or hooking resources. Those kinds of activities
would look similar to what a malware program would do, and
can trigger heuristic malware detection. When I had Kaspersky
on my other system, it used to lock up the computer when I'd
run some of those programs. So the first time you test, don't
be editing a MS Word doc without saving it first (in case the
machine locks up). Test on a relatively idle system, so there is
less file system cleanup to do on a reboot.
Paul
