Solved

Monitor file activity like System Internals file monitor

Posted on 2004-08-08
9
218 Views
Last Modified: 2010-04-04
Help,

I need to be able to monitor file activity like filemon but need to imbed in my application.
so I can't use their application.
I can't use FindFirstChangeNotification because I need more info about the activity, like
who, what, where and when.

Thanks
Bill
0
Comment
Question by:bnemmers
  • 3
  • 3
9 Comments
 
LVL 7

Expert Comment

by:LRHGuy
ID: 11746685
0
 
LVL 7

Expert Comment

by:LRHGuy
ID: 11746771
Another good one (that I like better) is the TurboPower "ShellShock" version...it's free at sourceforge:

http://sourceforge.net/projects/tpshellshock/

It has a nice component you can attach event handlers to.
0
 
LVL 1

Author Comment

by:bnemmers
ID: 11748040
LRHGuy,

Thanks

I’ve already looked at AlfaFile Monitor. It does most of what I need, but not all.
What I need is the, how they do it. I have some special needs and I will need to do this from the ground-up. I look into getting the source code for both but their costs are way way out of my budget. I’m looking for a starting point, where in the OS do I hook into.

Bill
0
Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

 
LVL 7

Expert Comment

by:LRHGuy
ID: 11748746
I would think the shellshock is the way to go. The source is there and free, too.

Specifically look at STSHLCTL.PAS ...

It boils down to registering your handler method with the shell:

    HNotify := SHChangeNotifyRegister(Handle,
      SHCNF_ACCEPT_INTERRUPTS or SHCNF_ACCEPT_NON_INTERRUPTS,
      Flags, MSG_SHELLNOTIFY, 1, NR);
    Registered := (HNotify <> 0);

then dealing with the event when it arrives.
0
 
LVL 1

Author Comment

by:bnemmers
ID: 11748962
LRHGuy,

Thanks for your time, but this is no different than “FindFirstChangeNotification”
What I need is
who is opening or closing the file writing etc..,
where they are, (user name),
what process or application acted on the file, etc...

I didn’t find anywhere that SHChangeNotifyRegister did all of these. I need to watch all file I/O operations. And if the user is on a local or remote computer. Think I need to hook into HAL.dll or ntoskrnl.exe

Bill
0
 
LVL 1

Author Comment

by:bnemmers
ID: 12129505
I found out that I need to create a device driver, and I can’t use Delphi to create device drivers. So looks like I going to have to go back to using VC.
Thanks LRHGuy for your efforts

Bill
 
0
 

Accepted Solution

by:
OzzMod earned 0 total points
ID: 13369623
Closed, 500 points refunded.
OzzMod
Community Support Moderator (Graveyard shift)
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Creating an auto free TStringList The TStringList is a basic and frequently used object in Delphi. On many occasions, you may want to create a temporary list, process some items in the list and be done with the list. In such cases, you have to…
Introduction Raise your hands if you were as upset with FireMonkey as I was when I discovered that there was no TListview.  I use TListView in almost all of my applications I've written, and I was not going to compromise by resorting to TStringGrid…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question