Sign in to follow this  
brwarner

File Read/Write Hooks [C++]

Recommended Posts

I was looking through the SetWindowsHookEx documentation and some related reading but I could not find anything that can monitor file read/write operations, such as every time a file is opened or read or saved (most specifically I am looking for "open"). I have seen a program (I believe it's called procmon or something from sysinternals) that can do this. Does anyone know how (in C++ Windows API)?

Share this post


Link to post
Share on other sites
A window hook provides a way to intercept window related events. It's not surprising that you wouldn't find a way to monitor files using that approach.

FileMon probably uses a driver these days. The source code for an older version once floated on the web, a bit of heavy searching might turn something up. No guarantees with that. In the meantime, have you looked at FindFirstChangeNotification and related functions? Have you looked for shell functions to see if anything there fits? What about overlapped files and FileIOCompletionRoutine?

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this