Is that possible?
I wanna know the file(s) involved whenever a disk activity occurs.
My guess is to load urself into ring 0 and intercept VM msgs.
but I guess it can be done in an easier way.
Know how?
Printable View
Is that possible?
I wanna know the file(s) involved whenever a disk activity occurs.
My guess is to load urself into ring 0 and intercept VM msgs.
but I guess it can be done in an easier way.
Know how?
There were "WaitForSingleObject" code snippets published here recently. Some watched for activity in a folder, others watched for activity on a certain file.
That is not the same way round that you were wanting (wait for activity, now tell me which file is involved) but it might give a starting clue.
Yes I know that.
In fact I've already done one.
http://www.vbforums.com/showthread.p...hlight=filemon
http://www.vbforums.com/attachment.p...postid=1252996
But that only notifies me of what had happen. It's a post-action notification, not a pre- nor in-, which means to say I can't
intercept the action.
Not only that, but this WaitForMultipleObjects or
WaitForSingleObject also never tell me of what file(s) are
involved in the event. I want to get their filename. I can
understand this situation, because it is basically sort of event
callback: I ask another thread to just callback me whenever
something happens. Anyway the function that monitor the
changes for me doesn't check the file(s) involved.