Geek Answers Handbook

Handling system folder events in windows

I am writing C # code and I need to determine if a specific folder was opened in my Windows file system while the application was running. Is there any way to do this? Perhaps WinAPI?

+8
c # filesystems event-handling winapi
source share
6 answers

There are three API things that I think you should check out:

FindFirstChangeNotification () http://msdn.microsoft.com/en-us/library/aa364417%28VS.85%29.aspx This gives you a pen that you can wait and use to look for changes to a file in a specific file, directory, or directory tree. It will not tell you when the directory is being viewed, but it will tell you when the file will be saved, renamed, etc. Etc.

SetWindowsHookEx () http://msdn.microsoft.com/en-us/library/ms644990%28v=VS.85%29.aspx You can set this to give you a callback when any number of events happen - on I'm actually pretty sure that you can get this callback when you open the directory, but it will probably be overly complicated because you will intercept messages in the Explorer window. This way you will reboot during debugging.

Windows Shells http://msdn.microsoft.com/en-us/library/bb776778%28v=VS.85%29.aspx If this wasn’t painful enough, you can try writing a shell program.

If you are trying to write a rootkit, I suppose you do not want me to spoil your details. If you are NOT trying to write a rootkit, I suggest you study it carefully. There are open source rootkits, and all of them basically should control access to files in such a way as to hide from the user / OS.

+2
source share

Go to the Windows shell extension. You can use shell namespace extensions to create a “virtual” folder that does not exist (or hides the real one), for example, GAC (C: \ Windows \ assembly)

Here are some examples of Shell shell coding in .NET 4.0 .

A column handler will let you know when the folder is “Open,” and even let you provide additional data for each of the files (new columns).

+1
source share

Check out the FileSystemWatcher class.

0
source share

The closest thing I can think of that might be useful to you is using the static Directory class. It provides methods for determining the last access to a file or directory. You can configure BackgroundWorker to control directory access for a given interval. Track the start and end of the interval using DateTime, and if the last access time falls between them, you can use the BackgroundWorker ProgressChanged event to notify the application.

BackgroundWorker folderWorker = new BackgroundWorker(); folderWorker.WorkerReportsProgress = true; folderWorker.WorkerSupportsCancellation = true; folderWorker.DoWork += FolderWorker_DoWork; folderWorker.ProgressChanged += FolderWorker_ProgressChanged; folderWorker.RunWorkerAsync(); void FolderWorker_DoWork(object sender, DoWorkEventArgs e) { BackgroundWorker worker = (BackgroundWorker)sender; while(!worker.CancellationPending) { DateTime lastAccess = Directory.GetLastAccessTime(DIRECTORY_PATH); //Check to see if lastAccess falls between the last time the loop started //and came to end. if(/*your check*/) { object state; //Modify this if you need to send back data. worker.ReportProgress(0, state); } } } void FolderWorker_ProgressChanged(object sender, ProgressChangedEventArgs e) { //Take action here from the worker.ReportProgress being invoked. }
0
source share

You can use FileSystemInfo LastAccessProperty. The problem is that it can be cached.

FileSystemInfo: http://msdn.microsoft.com/en-us/library/975xhcs9.aspx

LastAccessTime: http://msdn.microsoft.com/en-us/library/system.io.filesysteminfo.lastaccesstimeutc.aspx

As already noted, this can be pre-cached.

"The value of the LastAccessTimeUtc property is pre-cached if the current instance of the FileSystemInfo object was returned from any of the following DirectoryInfo methods:

Getdirectories

Getfiles

GetFileSystemInfos

EnumerateDirectories

Enumeratefiles

EnumerateFileSystemInfos

To get the last value, call the Refresh method.

Therefore, call the Refresh method, but it may still be out of date due to Windows caching the value. (This corresponds to msdn doc "FileSystemInfo.Refresh takes a snapshot of the file from the current file system. The update cannot fix the underlying file system even if the file system returns incorrect or outdated information. This can happen on platforms such as Windows 98." - link : http://msdn.microsoft.com/en-us/library/system.io.filesysteminfo.refresh.aspx

0
source share

I think that the only way you can do this is to keep track of current running processes and closely monitor new instances of Explorer.exe and / or create new threads for Explorer.exe (setting "Run each window in a separate process" interferes here) .

I admit that I have no idea how to code this, but what I would like to find.

-2
source share

More articles:


All Articles