forum.vdsworld.com Forum Index forum.vdsworld.com
Visit VDSWORLD.com
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


MSGEVENTS

 
Post new topic   Reply to topic    forum.vdsworld.com Forum Index -> General Help
View previous topic :: View next topic  
Author Message
webdaddy
Contributor
Contributor


Joined: 14 Nov 2004
Posts: 151
Location: Raleigh NC

PostPosted: Tue Apr 30, 2013 9:34 pm    Post subject: MSGEVENTS Reply with quote

Anybody know how to catch windows message events when a file is accessed? What I'm trying to do is everytime a file is deleted in Windows to actually write the file name to a log file so I have a record of what was deleted. Would also be useful if I could do the same when a file is written as well.

I looked at the documentation and I must be a dummy. I did this once before but I can't find the code I used to get VDS to trigger the section of code I used.

Thanks in advance! You guys are great!

_________________
K Wetzel
Programming - Technology - Communications
"The Home of the SLC Security Console"
SLC now available for Linux...
Back to top
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger MSN Messenger
Garrett
Moderator Team


Joined: 04 Oct 2001
Posts: 2149
Location: A House

PostPosted: Wed May 01, 2013 4:54 pm    Post subject: Reply with quote

I don't know if there's a msg or not, maybe there's even an api but I don't know. What I do know is that you could keep track of files in any given directory by keeping a list of the files in a directory and every so often load a list of files and compare them with a list you already have of the files. If a file is missing, note it and then update your original list and vice versa for any new files.

I had something of this nature long ago, but it's source code is hidden on some ancient harddrive in box somewhere.

In fact, my script tracked file size, date and time and I believe I was only tracking in crucial system directories such as Windows, System32 and such. It was not resource heavy either and didn't drag the system down at all.

If memory serves, this was any easy one to put together because I also used the same general idea for making a registry monitor to go along with the file monitor.

_________________
'What you do not want done to yourself, do not do to others.' - Confucius (550 b.c. to 479 b.c.)
Back to top
View user's profile Send private message
webdaddy
Contributor
Contributor


Joined: 14 Nov 2004
Posts: 151
Location: Raleigh NC

PostPosted: Wed May 01, 2013 5:06 pm    Post subject: File Monitoring Reply with quote

Yeah that's exactly what I'm trying to do BUT I need to figure out how to see what windows itself is doing in regard to IO meaning the read and writes. All I'm trying to do is log what files are written to the filesystem but at the OS level. There are definitely message events that do this but I can't really figure out how the message events work.

I'm thinking this is the correct one. The WriteFileEx system event.

http://msdn.microsoft.com/en-us/library/windows/desktop/aa365747%28v=vs.85%29.aspx

I just can't figure out exactly what will allow me to catch ALL of the reads and writes in realtime through the Windows API. The Windows API really annoys me. They should open things up more like on Linux. At least there they tell you exactly where to look for the information on the filesystem activity.

Thanks for the assistance. I'm still trying to figure it out.

_________________
K Wetzel
Programming - Technology - Communications
"The Home of the SLC Security Console"
SLC now available for Linux...
Back to top
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger MSN Messenger
cnodnarb
Professional Member
Professional Member


Joined: 11 Sep 2002
Posts: 762
Location: Rockeledge, GA

PostPosted: Thu May 02, 2013 1:59 pm    Post subject: Reply with quote

Well, I think your barking up the wrong tree.

Here's the right one.

FindFirstChangeNotification

http://msdn.microsoft.com/en-us/library/windows/desktop/aa364417(v=vs.85).aspx
Back to top
View user's profile Send private message AIM Address
webdaddy
Contributor
Contributor


Joined: 14 Nov 2004
Posts: 151
Location: Raleigh NC

PostPosted: Thu May 02, 2013 4:37 pm    Post subject: Thanks Reply with quote

Thanks for sharing that. I'll see if that works. I appreciate it.
_________________
K Wetzel
Programming - Technology - Communications
"The Home of the SLC Security Console"
SLC now available for Linux...
Back to top
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger MSN Messenger
Display posts from previous:   
Post new topic   Reply to topic    forum.vdsworld.com Forum Index -> General Help All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum

Twitter@vdsworld       RSS

Powered by phpBB © 2001, 2005 phpBB Group