I'm dealing with some hundreds of thousands of lines of code, and I'm stumped where this process is accessing a particular file. I've given up searching the code, I just cannot find out.
So, here I am -- asking a question I'm almost certain there is no simple solution for.
I've tried FileMon, ProcMon from SysInternals, and while I can see the file got accessed, it doesn't show the call stack or any useful piece of information.
I wish I could break into the debugger when that happens; I thought maybe I could write some extension for FileMon that would signal to me when an access happens, and then I could throw a Debug.Break into my process.
Any insight or ideas appreciated.
Set a breakpoint on CreateFile(). Write one in main() so you can easily trace into it an find the API entrypoint. Switch to disassembly view before single-stepping.