Solved

Monitor file activity like System Internals file monitor

Posted on 2004-08-08
9
220 Views
Last Modified: 2010-04-04
Help,

I need to be able to monitor file activity like filemon but need to imbed in my application.
so I can't use their application.
I can't use FindFirstChangeNotification because I need more info about the activity, like
who, what, where and when.

Thanks
Bill
0
Comment
Question by:bnemmers
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
9 Comments
 
LVL 7

Expert Comment

by:LRHGuy
ID: 11746685
0
 
LVL 7

Expert Comment

by:LRHGuy
ID: 11746771
Another good one (that I like better) is the TurboPower "ShellShock" version...it's free at sourceforge:

http://sourceforge.net/projects/tpshellshock/

It has a nice component you can attach event handlers to.
0
 
LVL 1

Author Comment

by:bnemmers
ID: 11748040
LRHGuy,

Thanks

I’ve already looked at AlfaFile Monitor. It does most of what I need, but not all.
What I need is the, how they do it. I have some special needs and I will need to do this from the ground-up. I look into getting the source code for both but their costs are way way out of my budget. I’m looking for a starting point, where in the OS do I hook into.

Bill
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 7

Expert Comment

by:LRHGuy
ID: 11748746
I would think the shellshock is the way to go. The source is there and free, too.

Specifically look at STSHLCTL.PAS ...

It boils down to registering your handler method with the shell:

    HNotify := SHChangeNotifyRegister(Handle,
      SHCNF_ACCEPT_INTERRUPTS or SHCNF_ACCEPT_NON_INTERRUPTS,
      Flags, MSG_SHELLNOTIFY, 1, NR);
    Registered := (HNotify <> 0);

then dealing with the event when it arrives.
0
 
LVL 1

Author Comment

by:bnemmers
ID: 11748962
LRHGuy,

Thanks for your time, but this is no different than “FindFirstChangeNotification”
What I need is
who is opening or closing the file writing etc..,
where they are, (user name),
what process or application acted on the file, etc...

I didn’t find anywhere that SHChangeNotifyRegister did all of these. I need to watch all file I/O operations. And if the user is on a local or remote computer. Think I need to hook into HAL.dll or ntoskrnl.exe

Bill
0
 
LVL 1

Author Comment

by:bnemmers
ID: 12129505
I found out that I need to create a device driver, and I can’t use Delphi to create device drivers. So looks like I going to have to go back to using VC.
Thanks LRHGuy for your efforts

Bill
 
0
 

Accepted Solution

by:
OzzMod earned 0 total points
ID: 13369623
Closed, 500 points refunded.
OzzMod
Community Support Moderator (Graveyard shift)
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Creating an auto free TStringList The TStringList is a basic and frequently used object in Delphi. On many occasions, you may want to create a temporary list, process some items in the list and be done with the list. In such cases, you have to…
Introduction I have seen many questions in this Delphi topic area where queries in threads are needed or suggested. I know bumped into a similar need. This article will address some of the concepts when dealing with a multithreaded delphi database…
This is a high-level webinar that covers the history of enterprise open source database use. It addresses both the advantages companies see in using open source database technologies, as well as the fears and reservations they might have. In this…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question