Solved

Monitor file activity like System Internals file monitor

Posted on 2004-08-08
9
215 Views
Last Modified: 2010-04-04
Help,

I need to be able to monitor file activity like filemon but need to imbed in my application.
so I can't use their application.
I can't use FindFirstChangeNotification because I need more info about the activity, like
who, what, where and when.

Thanks
Bill
0
Comment
Question by:bnemmers
  • 3
  • 3
9 Comments
 
LVL 7

Expert Comment

by:LRHGuy
Comment Utility
0
 
LVL 7

Expert Comment

by:LRHGuy
Comment Utility
Another good one (that I like better) is the TurboPower "ShellShock" version...it's free at sourceforge:

http://sourceforge.net/projects/tpshellshock/

It has a nice component you can attach event handlers to.
0
 
LVL 1

Author Comment

by:bnemmers
Comment Utility
LRHGuy,

Thanks

I’ve already looked at AlfaFile Monitor. It does most of what I need, but not all.
What I need is the, how they do it. I have some special needs and I will need to do this from the ground-up. I look into getting the source code for both but their costs are way way out of my budget. I’m looking for a starting point, where in the OS do I hook into.

Bill
0
Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

 
LVL 7

Expert Comment

by:LRHGuy
Comment Utility
I would think the shellshock is the way to go. The source is there and free, too.

Specifically look at STSHLCTL.PAS ...

It boils down to registering your handler method with the shell:

    HNotify := SHChangeNotifyRegister(Handle,
      SHCNF_ACCEPT_INTERRUPTS or SHCNF_ACCEPT_NON_INTERRUPTS,
      Flags, MSG_SHELLNOTIFY, 1, NR);
    Registered := (HNotify <> 0);

then dealing with the event when it arrives.
0
 
LVL 1

Author Comment

by:bnemmers
Comment Utility
LRHGuy,

Thanks for your time, but this is no different than “FindFirstChangeNotification”
What I need is
who is opening or closing the file writing etc..,
where they are, (user name),
what process or application acted on the file, etc...

I didn’t find anywhere that SHChangeNotifyRegister did all of these. I need to watch all file I/O operations. And if the user is on a local or remote computer. Think I need to hook into HAL.dll or ntoskrnl.exe

Bill
0
 
LVL 1

Author Comment

by:bnemmers
Comment Utility
I found out that I need to create a device driver, and I can’t use Delphi to create device drivers. So looks like I going to have to go back to using VC.
Thanks LRHGuy for your efforts

Bill
 
0
 

Accepted Solution

by:
OzzMod earned 0 total points
Comment Utility
Closed, 500 points refunded.
OzzMod
Community Support Moderator (Graveyard shift)
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Suggested Solutions

The uses clause is one of those things that just tends to grow and grow. Most of the time this is in the main form, as it's from this form that all others are called. If you have a big application (including many forms), the uses clause in the in…
Creating an auto free TStringList The TStringList is a basic and frequently used object in Delphi. On many occasions, you may want to create a temporary list, process some items in the list and be done with the list. In such cases, you have to…
This tutorial demonstrates a quick way of adding group price to multiple Magento products.
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now