in windows, I use sysinternals' processpx to detect if a process tries to access a file that doesn't exist. Is there a way to do this on osx?
You can do this relatively easily with a dtrace script.
We want to record all open calls for filename, if the open fails, and the errno is ENOENT, then display the process name, pid and filename.
syscall::open*:entry
{ self->path = copyinstr(arg0); }
syscall::open*:return
/ arg0 < 0 && errno == ENOENT /
{ printf("%s(%d): %s", execname, pid, self->path); }
then sudo dtrace -s <script>.
On OSX, though, with system integrity protection, a lot of processes will not be monitored by this.