FileMonitorKit file operation monitoring tool, filemonitorkit monitoring
I am writing a file operation monitoring tool in my spare time. It has stable functions and good results. If you are interested, you can download and play it.
:
32-bit: http://pan.baidu.com/s/1o64ZFIi
FileMonitorKitV1.0_Win32.rar MD5: 8dd1048474a2fcb57829c78859cead69
64-bit: http://pan.baidu.com/s/1eQcPHHw
FileMonitorKitV1.0_x64.rar MD5: 0971afc7c4eb632429f61571662e0a8c
Run as administrator.
Monitor all operations of a software
Microsoft ProcessMonitor can be used to monitor software.
Process Monitor is an advanced monitoring tool from Microsoft. It can Monitor and report Windows file systems, registries, processes, and threads in real time.
From the interface, Process Monitor is like the Filemon and Regmon of Sysinternals acquired by Microsoft, but in fact it is completely rewritten and enhanced based on Filemon and Regmon, for example, you can monitor the startup and exit of process threads and load DLL files and kernel drivers, rich non-destructive filtering, session ID and user name, and other large amounts of event attributes, reliable process information, and comprehensive thread stack, synchronize records to log files, analyze process relationships, and delete searches.
These features make Process Monitor a powerful system diagnostic and malware capturing tool.
Process Monitor supports Windows 2000/XP/Server 2003/Vista and other systems, including 64-bit versions.
: Download.sysinternals.com/Files/ProcessMonitor.zip
Tutorial and introduction: tech.163.com/...T.html
Technet.microsoft.com/zh-cn/sysinternals/bb896645 (en-us). aspx
File Operation Monitoring
Create a thread and scan the monitoring directory cyclically to check whether files under the directory are created, deleted, or modified. The following functions are used:
FindFirstChangeNotification (); FindNextChangeNotification ();
FindCloseChangeNotification (); WaitForMultipleObjects ().
For more information about function usage, see.