I'm wondering if there's a plugin that would allow me to break on opening a specific filename (names are not in the executable as strings, but are instead computed on runtime).

I've tried using MemoryWatch to break on seeing the ASCII name going through the registers, but it hasn't seemed to work yet, and there are over 500 files loaded before the one I want so hitting F9 for every instance of CreateFileA isn't gonna cut it.

Thank you for any help!

Hi,

You can use conditional breakpoint on CreateFileA/CreateFileW .
Conditional jump for CreateFileA:


Conditional jump for CreateFileW:


Where XXX is the generated file name (case-insensitive) .

I don't think a real application will use lower-level API to create the file (like NtCreateFile) .

Regards,
GM