hooking windows file creations

Posted on 2010-01-02
Last Modified: 2013-12-03
easy 500 for win32api gurus..
i need to hook/call to know when there is either:
1. a new call to create a file through windows
2. a file is being written to.

In both cases i need to know :
a. the filename
b. if possible, the parent process name (not the handle)

Talk through code for full points.. a delphi sample should be included
Question by:controlr
    LVL 44

    Expert Comment

    This seems like it should be the information you want:

    There are also some components that help you do this.

    Author Comment

    unfortunately, the TSCHangeNotify does NOT work on all windows versions.
    im looking for PURE API callbacks/hooks
    LVL 44

    Expert Comment

    What version of Delphi are you using?
    What Windows versions are you targeting?

    Author Comment

    D2010 - must work on   XP,2K3 , Vista,Win7
    LVL 44

    Accepted Solution

    From Peter Below (TeamB) on the Embarcadero Developer Network:
    "The ShellApi or ShlObj units are the logical candidates here, I think.
    Yup, ShlObj it is, it contains ShChangeNotify."

    You might get some development leverage by using a component/wrapper:
    Freeware component (with source):

    Shareware ($25) component:


    Featured Post

    Why You Should Analyze Threat Actor TTPs

    After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

    Join & Write a Comment

    Objective: - This article will help user in how to convert their numeric value become words. How to use 1. You can copy this code in your Unit as function 2. than you can perform your function by type this code The Code   (CODE) The Im…
    Have you ever had your Delphi form/application just hanging while waiting for data to load? This is the article to read if you want to learn some things about adding threads for data loading in the background. First, I'll setup a general applica…
    This is Part 3 in a 3-part series on Experts Exchange to discuss error handling in VBA code written for Excel. Part 1 of this series discussed basic error handling code using VBA.…
    This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…

    732 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    22 Experts available now in Live!

    Get 1:1 Help Now