How to determine what resource is being accessed by recent applications

Question

Hi everyone,
I'm an undergraduate student and I need to build a program which can identify the recent applications which was used in a windows 10 machine and also which resources were accessed by those applications. The meaning of the resources is whether the application was accessing LAN or the internet. I need to build this at a very basic level and I'm using "pycharm" as my IDE. If anyone can give me guidance or provide me references to get the knowledge to do this, it will be very helpful.

Thanks in advance.

Answer 1

One option would be to shell out netstat.exe and tasklist.exe and capture their stdout/stderr. Then parse the output into a hash table or whatever collection functionality Python has.

Use the process ID (PID) to match the process to the connection.

netstat.exe -on
tasklist.exe 

You would need a loop with a delay in it to watch the processes and connections. You won't catch everything but it would fit the "need to build this at a very basic level" criteria.

Answer 2

You'll need to look at firewall logs if you want to know if the computer accessed internal or external IP addresses. But I don't think that log file would contain the identity of the process doing the connecting (or receiving). Even low-level functions like GetExtendedTcpTable don't hold that information (or at least I don't think they do). You'd probably have to write and install you own filter that hooks some system function to get that info in real time.