#1
|
|||
|
|||
File System Filter
Hi All,
I'm researching subj, got book "NT File System Internals" and its sample and found few threads online. Some people say that they used sysinternal's filemon driver as sample. Where can I get source code of it. I didn't find it on sysinternals.com they have only the executable. |
#2
|
||||
|
||||
you can use system hooks.
You can hook any file's function (exactly any file API ) and then you can alter with your function. If you read my post "how to hide a file" you will have a example. There's the posibility to make a LOG wtih the createfile, or with readfile,etc... Uses your imagination... |
#3
|
|||
|
|||
Really, RegMon comes with sources, FileMon not.
Strange as it may seem. I'm also looking for similar sources and found this link _http://www.softdepia.com/alfa_file_monitor_with_drivers_source_code_download_4145.html Description: "Professional file change notification system for Win32 developers. Provides an easy to use component and library for use inside Delphi/BCB and MSVC++. The SysSource license also provides the full source code for the AFM drivers." |
#4
|
||||
|
||||
www.driverdevelop.com/source/filesrc.zip, old version source code of filemon.
__________________
AKA Solomon/blowfish. |
|
|