|
-
Feb 16th, 2000, 01:58 PM
#1
Thread Starter
Member
The Problem I'm faced with is how to detect, from within a VB program running in the background, when the OS or another program accesses the hard drive. I'm writing a small app to log user activity for a security company. The app has to run in the background undetected, thus the need to detect when the harddrive spins up and "piggyback" writes in order to not arouse suspicion.
Any ideas?
-
Feb 17th, 2000, 01:40 AM
#2
Thread Starter
Member
I'm thinking there must be some windows system variables somewhere which would give me this info.
Intellectually, this is quite a stimulating project, but I'm not sure how I feel about it on a personal level. On the other hand, the individuals this app is targeted at are suspected of some real scumbag activities (like child porn and gambling). Just don't much like the idea of snooping (even if it's completely legal).
Any suggestions will be greatly appreciated.
Thanks
-
Feb 17th, 2000, 11:34 AM
#3
mhh... maybe u use a callback (every 5 secs or so) and then check the tasklist....
thats only one idea.... if any1 know to make better.... TELL ME 
taLON
-
Feb 17th, 2000, 11:38 AM
#4
So Unbanned
Make it a VxD or run as a service.
------------------
DiGiTaIErRoR
VB, QBasic, Iptscrae, HTML
Quote: There are no stupid questions, just stupid people.
-
Feb 17th, 2000, 02:21 PM
#5
Thread Starter
Member
Hmmm...not sure I understand these replies.
Having the program hidden from both the taskbar and task list (ctrl-alt-del) is pretty simple. Not worried about the program itself being detected directly (unless my code gets too bloated, in which case the target computers would slow to a crawl). What I'm trying to avoid is having the hard drive spin up every five to ten seconds, like clockwork. Any semi-knowledgable computer literate person would know something was up with that. So what I want to do is just buffer as much info as possible, detect when another process uses the harddrive, and send the buffered data right after (at a time when the user expects the harddrive to be active).
-
Feb 17th, 2000, 03:42 PM
#6
Lively Member
Just an idea: Is there a windows message like 'I want to read from harddisk' that you can get with a message hook?
RogerH
-
Feb 18th, 2000, 01:10 AM
#7
Thread Starter
Member
Yea, I was thinking something similar. After rereading his post, I think taLON was referring to doing something like that.
Hopefully, someone out there can give us an overview and the specifics of how to do this. Otherwise, I'm gonna have to get off my lazy butt and do some research. (and that would be just terrible  )
[This message has been edited by ShepherdOfChaos (edited 02-18-2000).]
[This message has been edited by ShepherdOfChaos (edited 02-18-2000).]
-
Feb 18th, 2000, 10:45 PM
#8
New Member
You might want to check out this site:
http://www.sysinternals.com/filemon.htm
The FileMon utility does exactly what you want for Windows 9x or NT and it includes full source. It's in C however. You might be able to figure out how it's done... Don't know if it's possible with only VB.
-
Feb 20th, 2000, 02:45 PM
#9
Thread Starter
Member
Hey cool, thanks
C is an old friend of mine, so deciphering the code should be easy. Understanding "how" it does what it does is another matter.
-
Feb 21st, 2000, 09:23 AM
#10
Junior Member
This might be what you are looking for. and it's in VB.
http://www.mvps.org/btmtz/shnotify/shnotify11.zip
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|
Reply With Quote