One technique would be to construct a wrapper/filter that would intercept Win32 system calls. I think you would have something to start with in this location:
http://msdn.microsoft.com/msdnmag/issues/1000/VTrace/VTrace.asp It's the decription of a system tracer that logs the activity in windows NT and 2K. Also, sysinternals is a good place to search for this kind of things... http://www.sysinternals.com Regards, Nuno Pereira
