Monitor file activity like System Internals file monitor

Help,

I need to be able to monitor file activity like filemon but need to imbed in my application.
so I can't use their application.
I can't use FindFirstChangeNotification because I need more info about the activity, like
who, what, where and when.

Thanks
Bill
LVL 1
bnemmersAsked:
Who is Participating?
 
OzzModConnect With a Mentor Commented:
Closed, 500 points refunded.
OzzMod
Community Support Moderator (Graveyard shift)
0
 
LRHGuyCommented:
0
 
LRHGuyCommented:
Another good one (that I like better) is the TurboPower "ShellShock" version...it's free at sourceforge:

http://sourceforge.net/projects/tpshellshock/

It has a nice component you can attach event handlers to.
0
Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
bnemmersAuthor Commented:
LRHGuy,

Thanks

I’ve already looked at AlfaFile Monitor. It does most of what I need, but not all.
What I need is the, how they do it. I have some special needs and I will need to do this from the ground-up. I look into getting the source code for both but their costs are way way out of my budget. I’m looking for a starting point, where in the OS do I hook into.

Bill
0
 
LRHGuyCommented:
I would think the shellshock is the way to go. The source is there and free, too.

Specifically look at STSHLCTL.PAS ...

It boils down to registering your handler method with the shell:

    HNotify := SHChangeNotifyRegister(Handle,
      SHCNF_ACCEPT_INTERRUPTS or SHCNF_ACCEPT_NON_INTERRUPTS,
      Flags, MSG_SHELLNOTIFY, 1, NR);
    Registered := (HNotify <> 0);

then dealing with the event when it arrives.
0
 
bnemmersAuthor Commented:
LRHGuy,

Thanks for your time, but this is no different than “FindFirstChangeNotification”
What I need is
who is opening or closing the file writing etc..,
where they are, (user name),
what process or application acted on the file, etc...

I didn’t find anywhere that SHChangeNotifyRegister did all of these. I need to watch all file I/O operations. And if the user is on a local or remote computer. Think I need to hook into HAL.dll or ntoskrnl.exe

Bill
0
 
bnemmersAuthor Commented:
I found out that I need to create a device driver, and I can’t use Delphi to create device drivers. So looks like I going to have to go back to using VC.
Thanks LRHGuy for your efforts

Bill
 
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.