View previous topic :: View next topic |
Author |
Message |
webdaddy Contributor
Joined: 14 Nov 2004 Posts: 151 Location: Raleigh NC
|
Posted: Tue Apr 30, 2013 9:34 pm Post subject: MSGEVENTS |
|
|
Anybody know how to catch windows message events when a file is accessed? What I'm trying to do is everytime a file is deleted in Windows to actually write the file name to a log file so I have a record of what was deleted. Would also be useful if I could do the same when a file is written as well.
I looked at the documentation and I must be a dummy. I did this once before but I can't find the code I used to get VDS to trigger the section of code I used.
Thanks in advance! You guys are great! _________________ K Wetzel
Programming - Technology - Communications
"The Home of the SLC Security Console"
SLC now available for Linux... |
|
Back to top |
|
|
Garrett Moderator Team
Joined: 04 Oct 2001 Posts: 2149 Location: A House
|
Posted: Wed May 01, 2013 4:54 pm Post subject: |
|
|
I don't know if there's a msg or not, maybe there's even an api but I don't know. What I do know is that you could keep track of files in any given directory by keeping a list of the files in a directory and every so often load a list of files and compare them with a list you already have of the files. If a file is missing, note it and then update your original list and vice versa for any new files.
I had something of this nature long ago, but it's source code is hidden on some ancient harddrive in box somewhere.
In fact, my script tracked file size, date and time and I believe I was only tracking in crucial system directories such as Windows, System32 and such. It was not resource heavy either and didn't drag the system down at all.
If memory serves, this was any easy one to put together because I also used the same general idea for making a registry monitor to go along with the file monitor. _________________ 'What you do not want done to yourself, do not do to others.' - Confucius (550 b.c. to 479 b.c.) |
|
Back to top |
|
|
webdaddy Contributor
Joined: 14 Nov 2004 Posts: 151 Location: Raleigh NC
|
Posted: Wed May 01, 2013 5:06 pm Post subject: File Monitoring |
|
|
Yeah that's exactly what I'm trying to do BUT I need to figure out how to see what windows itself is doing in regard to IO meaning the read and writes. All I'm trying to do is log what files are written to the filesystem but at the OS level. There are definitely message events that do this but I can't really figure out how the message events work.
I'm thinking this is the correct one. The WriteFileEx system event.
http://msdn.microsoft.com/en-us/library/windows/desktop/aa365747%28v=vs.85%29.aspx
I just can't figure out exactly what will allow me to catch ALL of the reads and writes in realtime through the Windows API. The Windows API really annoys me. They should open things up more like on Linux. At least there they tell you exactly where to look for the information on the filesystem activity.
Thanks for the assistance. I'm still trying to figure it out. _________________ K Wetzel
Programming - Technology - Communications
"The Home of the SLC Security Console"
SLC now available for Linux... |
|
Back to top |
|
|
cnodnarb Professional Member
Joined: 11 Sep 2002 Posts: 762 Location: Rockeledge, GA
|
|
Back to top |
|
|
webdaddy Contributor
Joined: 14 Nov 2004 Posts: 151 Location: Raleigh NC
|
Posted: Thu May 02, 2013 4:37 pm Post subject: Thanks |
|
|
Thanks for sharing that. I'll see if that works. I appreciate it. _________________ K Wetzel
Programming - Technology - Communications
"The Home of the SLC Security Console"
SLC now available for Linux... |
|
Back to top |
|
|
|