Is it possible to trace file operations with .NET?

Question

Is it possible to trace file operations with .NET?

Is it possible when a file operation is called in some way - for example, open or closed - I can process it before the request arrives by the operating system and, if possible, cancel it. NET ? If .NET does not have such capabilities, how can I do this?

+8

c # file .net

Halil Ibrahim May 10, '12 at 20:11

source share

4 answers

You can connect the Windows API if you want. Check this way to do this in .NET / C #:

EasyHook Windows API

+3

negEntropy May 10, '12 at 20:21

source share

Sysinternals offers a free tool called Process Monitor, one of which is designed to connect to arbitrary Windows processes (including .NET applications) and to capture system calls, including opening files, closing, reading, etc.

You can download it from the Process Monitor download page .

EDIT

When I re-read your question, I see that you are asking to intercept and possibly cancel such operations. I believe that the FileSystemWatcher class will be your best choice, although I do not think it can cancel file operations unilaterally - you will need to create some kind of cooperative mechanism to signal the caller that it has stopped working.

+2

Ben May 10 '12 at 20:46

source share

I am sure that you need to get into the kernel during such an operation, and I am sure that this means that you will need to write code in C. Look at the file system drivers .

UPDATE: this SO> link can help.

UPDATE: added google search Windows file system drivers

ALSO What is a good resource to start developing your Windows file system drivers?

+1

kenny May 10, '12 at 21:43

source share

Icemanind · Accepted Answer · 2012-05-10T21:50:07+0000

What you ask for can be done. Virus scanners, for example, do this all the time. You can easily monitor file activity using Process Monitor . You can also do this programmatically in C # using the FileSystemWatcher class . But an attempt to prevent a program from opening or trying to stop access to a program file cannot be made in C #. You will need to use C or C ++. You need to create a file system filter driver . This is a difficult task, but just what you need. To quote MSDN:

A file system filter driver intercepts requests targeted at a file system or another file system filter driver. By intercepting the request before it reaches its intended target, the filter driver can extend or replace functionality provided by the original target of the request. Examples of file system filter drivers include anti-virus filters, backup agents, and encryption products.

Is it possible to trace file operations with .NET?

More articles: