• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 225
  • Last Modified:

Monitor file activity like System Internals file monitor

Help,

I need to be able to monitor file activity like filemon but need to imbed in my application.
so I can't use their application.
I can't use FindFirstChangeNotification because I need more info about the activity, like
who, what, where and when.

Thanks
Bill
0
bnemmers
Asked:
bnemmers
  • 3
  • 3
1 Solution
 
LRHGuyCommented:
0
 
LRHGuyCommented:
Another good one (that I like better) is the TurboPower "ShellShock" version...it's free at sourceforge:

http://sourceforge.net/projects/tpshellshock/

It has a nice component you can attach event handlers to.
0
 
bnemmersAuthor Commented:
LRHGuy,

Thanks

I’ve already looked at AlfaFile Monitor. It does most of what I need, but not all.
What I need is the, how they do it. I have some special needs and I will need to do this from the ground-up. I look into getting the source code for both but their costs are way way out of my budget. I’m looking for a starting point, where in the OS do I hook into.

Bill
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LRHGuyCommented:
I would think the shellshock is the way to go. The source is there and free, too.

Specifically look at STSHLCTL.PAS ...

It boils down to registering your handler method with the shell:

    HNotify := SHChangeNotifyRegister(Handle,
      SHCNF_ACCEPT_INTERRUPTS or SHCNF_ACCEPT_NON_INTERRUPTS,
      Flags, MSG_SHELLNOTIFY, 1, NR);
    Registered := (HNotify <> 0);

then dealing with the event when it arrives.
0
 
bnemmersAuthor Commented:
LRHGuy,

Thanks for your time, but this is no different than “FindFirstChangeNotification”
What I need is
who is opening or closing the file writing etc..,
where they are, (user name),
what process or application acted on the file, etc...

I didn’t find anywhere that SHChangeNotifyRegister did all of these. I need to watch all file I/O operations. And if the user is on a local or remote computer. Think I need to hook into HAL.dll or ntoskrnl.exe

Bill
0
 
bnemmersAuthor Commented:
I found out that I need to create a device driver, and I can’t use Delphi to create device drivers. So looks like I going to have to go back to using VC.
Thanks LRHGuy for your efforts

Bill
 
0
 
OzzModCommented:
Closed, 500 points refunded.
OzzMod
Community Support Moderator (Graveyard shift)
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now