Announcement

Collapse
No announcement yet.

Get a handle of ALL files that are opened

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1

    Get a handle of ALL files that are opened

    I've seen a Enum example about a year ago that did something like
    this but I want to expand on this idea alittle. I wish to make
    an application to secure our network, when someone saves a certian
    file to the hard drive I want to be able to get the
    location/filename in my program.

    How would I approach this. Something similar to a Virus Scan
    package.

    I just want to be able to receive information of location/filename
    as soon as the file is saved to hard drive.

    Thanks

    ------------------
    -Greg
    -Greg
    [email protected]
    MCP,MCSA,MCSE,MCSD
    Tags: None
  • #2
    See the FindFirstChangeNotification and FindNextChangeNotification API calls, along with WaitForSingelObject.

    Those will let you write a program whose sole job is to sit and wait for a change in the file system and spring into action when a change occurs.

    MCM
    Michael Mattias
    Tal Systems Inc. (retired)
    Racine WI USA
    [email protected]
    http://www.talsystems.com

    Comment

    • #3
      Here is my code so far, what API do I need to look at to get the
      path of the filename/directory?

      I assume I get it from the FindFirstChangeNotification return
      value?

      Thanks

      Code:
      #COMPILE EXE
#INCLUDE "win32api.inc"
%INVALID_HANDLE_VALUE  = -1
%WAIT_FAILED = &HFFFF

FUNCTION PBMAIN() AS LONG
    MSGBOX "starting"
    DIM lcPathSpec AS ASCIIZ * 255
    lcPathSpec = "C:\test"
    lbWatchSubtree& = %TRUE

    lihNotify& = FindFirstChangeNotification(lcPathSpec, lbWatchSubtree&, %FILE_NOTIFY_CHANGE_DIR_NAME)

    IF lihNotify& <= %INVALID_HANDLE_VALUE THEN
        MSGBOX "ERROR"
    END IF

    liWaitReturn& = WaitForSingleObject(lihNotify&, %INFINITE)
          IF liWaitReturn& >= %WAIT_FAILED THEN
              MSGBOX "WaitFailed
           ELSE
              MSGBOX lcPathSpec + " occurred"
          END IF
    liWaitReturn& = FindCloseChangeNotification(lihNotify&)
END FUNCTION
      ------------------
      -Greg

      [This message has been edited by Gregery D Engle (edited January 10, 2001).]
      -Greg
      [email protected]
      MCP,MCSA,MCSE,MCSD

      Comment

      • #4
        > I assume I get it from the FindFirstChangeNotification return value?

        Don't hope


        ------------------
        E-MAIL: [email protected]

        Comment

        • #5
          All the examples I've found either finds the filename based on
          the time/date being different.

          Does anyone know of an api that will give me the path of the
          filename?

          ------------------
          -Greg
          -Greg
          [email protected]
          MCP,MCSA,MCSE,MCSD

          Comment

          • #6
            Well, there is the ReadDirectoryChangesW (Unicode) function
            which will give you more detailed info - unfortunately it's
            only valid on NT (and probably Win2000 now, don't know about
            Win98/ME).

            Cheers

            Florent

            ------------------

            Comment

            • #7
              This might help a little.
              http://bcbcaq.freeservers.com/Project_Monitor.html
              http://www.mvps.org/vbnet/code/filea...chedfolder.htm
              ----------
              Ron

              [This message has been edited by Ron Pierce (edited January 10, 2001).]

              Comment

              • #8
                Ron,

                I have already seen those examples. The VB example simply
                returns the filename with the archive bit set. What if the
                directory has multiple archive bits? What if its a sub directory
                of the directory.

                I am really wanting to monitor all files that are written to
                C:\ so if something is modified in the windows\system directory
                I'll be able to get that info.

                Mcafee Anti-Virus does this, if I download a file to my
                hard drive that has a virus, it will immediatly rename that file
                to *.VIR and tell me its a virus.

                to find the file in one directory is simple but multiple directories
                or sub directories would be almost impossible. Everytime
                I get a message that "C:\" is modified then I'll have to sweep
                the entire hard drive.

                Any more ideas?
                ------------------
                -Greg

                [This message has been edited by Gregery D Engle (edited January 10, 2001).]
                -Greg
                [email protected]
                MCP,MCSA,MCSE,MCSD

                Comment

                • #9
                  How about this idea since I can't get the actual handle of the
                  filename or directory.

                  Can I do this and remain stable
                  ...
                  a(0) = FindFirstChangeNotification("C:\", %FALSE, %FILE_NOTIFY_CHANGE_DIR_NAME)
                  a(1) = FindFirstChangeNotification("C:\WINDOWS", %FALSE, %FILE_NOTIFY_CHANGE_DIR_NAME)
                  a(2) = FindFirstChangeNotification("C:\TEMP", %FALSE, %FILE_NOTIFY_CHANGE_DIR_NAME)
                  a(3) = FindFirstChangeNotification("C:\WINDOWS\SYSTEM", %FALSE, %FILE_NOTIFY_CHANGE_DIR_NAME)
                  a(4) = FindFirstChangeNotification("C:\MYDOCU~1", %FALSE, %FILE_NOTIFY_CHANGE_DIR_NAME)
                  ....

                  since I can't actually get a pointer to the subdirectory that is
                  changed I simply want to make a loop and make multiple calls to
                  FindFirstChangeNotification (as many directories/subdirectories
                  that are present)

                  Stable?



                  ------------------
                  -Greg
                  -Greg
                  [email protected]
                  MCP,MCSA,MCSE,MCSD

                  Comment

                  Previous template Next
                  Working...
                  X

                  We process personal data about users of our site, through the use of cookies and other technologies, to deliver our services, and to analyze site activity. For additional details, refer to our Privacy Policy.

                  By clicking "I AGREE" below, you agree to our Privacy Policy and our personal data processing and cookie practices as described therein. You also acknowledge that this forum may be hosted outside your country and you consent to the collection, storage, and processing of your data in the country where this forum is hosted.

                  I Agree