tags:

views:

218

answers:

4
+1  Q: 

Cross platform file-access tracking

I'd like to be able to track file read/writes of specific program invocations. No information about the actual transactions is required, just the file names involved.

Is there a cross platform solution to this? What are various platform specific methods? On linux I know there's strace/ptrace (if there are faster methods that'd be good too). I think on mac os there's ktrace. What about windows?

Also, it would be amazing if it would be possible to block (stall out) file accesses until some later time.

Thanks!

+1  A: 

On Windows you can use the command line tool Handle or the GUI version Process Explorer to see which files a given process has open.

If you're looking for a get this information in your own program you can use the IFS kit from Microsoft to write a file system filter. The file system filter will show all file system operation for all process. File system filters are used in AV software to scan files before they are open or to scan newly created files.

 2008-08-21 20:32:31
A: 

shamer - Thanks for the answer! Yes, I need the information in my own program. I'm afraid I need a solution that would be compatible with inclusion in an opensource project, so I'm afraid both handle and IFS kit are out. I really like sysinternals software, but sadly the command line tools are not redistributable.

mat - Ok, yeah, I will probably have to implement my own cross platform interface to this. That is ok. How do I do it well on each platform?

Edit - this is very interesting - http://okmij.org/ftp/syscall-interpose.html

mgsloan  2008-08-21 21:28:21
+1  A: 

The short answer is no. There are plenty of platform specific solutions which all probably have similar interfaces, but they aren't inherently cross platform since file systems tend to be platform specific.

How do I do it well on each platform?

Again, it will depend on the platform :) For Windows, if you want to track reads/writes in flight, you might have to go with IFS. If you just want to get notified of changes, you can use ReadDirectoryChangesW or the NTFS change journal.

I'd recommend using the NTFS change journal only because it tends to be more reliable.

MSN

Mat Noguchi  2008-08-21 21:47:59
A: 

As long as your program launches the processes you want to monitor, you can write a debugger and then you'll be notified every time a process starts or exits. When a process starts, you can inject a DLL to hook the CreateFile system calls for each individual process. The hook can then use a pipe or a socket to report file activity to the debugger.

Emil  2010-01-14 06:42:42

related questions

Solid Config for webdev in emacs under linux AND windows ?
How do you keep the machine awake?
Is there a way to embed a browser in Java?
How to monitor the computer's cpu, memory, and disk usage in Java?
Best practices for portable C#
Standard way to open a folder window in linux?
PGP signatures from Python?
Using C in a shared multi-platform POSIX environment.
Portably handle exceptional errors in C++
Up-to-date libFoundation alternative
On the web, what fonts should I use to create an equivalent experience cross-platform?
Writing cross-platform apps in C
How do I make Windows aware of a service I have written in Python?
Should I use a cross-platform GUI-toolkit or rely on the native ones?
How can I measure CppUnit test coverage (on win32 and Unix)?
Can I run a Python script as a service (in Windows)? How?
Change own process priority in C
Get current process CPU usage in C
Shutting down a computer using Java
Best UML Application for MAC OSX / Cross Platform
Is a Homogeneous development platform good for the industry?
any good tool for makefile generation?
How can I create Debian install packages in Windows for a Visual Studio project?
Generate list of all possible permutations of a string