Hello, I would like to log the name of all the files I access from a particular network share (and the process accessing the the file).
What are the solutions in C++ / Win32 preferably ?
Kind Regards,
Bear
A:
You need ReadDirectoryChangesW and the FILE_NOTIFY_CHANGE_LAST_ACCESS notification flag.
I don't think the old FindFirstChangeNotification will work for you as it only notifies on changes, not access, but I've traditionally used that for file/directory notifications.
gbjbaanb
2008-11-13 23:34:05
A:
Unfortunetely,
it isn't an option in my context:
1) last access time may be disabled by user
2) I don't know the resolution of the update for mapped NTFS drives but:
"On the NTFS file system, access time has a resolution of 1 hour" http://msdn.microsoft.com/en-us/library/aa363788.aspx
Any other ideas ?
I would like to not use hooking.
MechanTOurS
2008-11-14 07:18:26
+1
A:
Process Monitor from sysinternals.com can be set up to filter on the path. You can set the path to the UNC you're interested in watching.
http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx
piCookie
2008-11-18 22:44:55
A:
I often use File Monitor and didn't know Process Monitor : thanks for the link.
But, i need to do it myself in C++ / Win32 or have a library that calls me on such activity events.
MechanTOurS
2008-11-19 07:34:40
I guess i'll have to hook the system like File Monitor does.
MechanTOurS
2008-11-19 07:35:33