我怎样才能得到一个文件正在读取OS X的通知? [英] How can I get notifications that a file is being read on OS X?
问题描述
IRP_MJ_READ 。这样做的示例应用程序可以在 github <一>。这适用于Windows支持的任何用户和大多数文件系统。 我需要为OS X开发类似的软件(仅适用于桌面和服务器)。我看的东西:
我的预订是:FSEvents可能不是非常高性能,因为我需要监视根 问题:如何获取通知:任何用户正在读取根 使用内核扩展,内核授权提供了,允许您监视 在访问之前调用 如果你想要更多的粒度的行动, VNode范围提供了一组更大的操作,包括 这样的内核扩展的代码示例可以在Singh的 Mac OS X内部设备 I have a piece of software that works on Windows. The software has two components: file system minifilter driver that works in kernel mode and a user mode component that talks to the driver. Driver receives notifications on IO interrupt requests, such as I need to develop similar piece of software for OS X (desktop and server only). Things I looked at: My reservations are: FSEvents may not be very performant, as I need to monitor root Question: how can I get notifications that a file in any (recursive) folder in root With a kernel extension, Kernel Authorization provides the File Operation Scope, allowing you to monitor the The If you want more granularity of actions, the VNode scope provides a larger set of actions, including Example code for such a kernel extension can be found in Singh's Mac OS X Internals 这篇关于我怎样才能得到一个文件正在读取OS X的通知?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋! /
/ 中的任何(递归)文件夹中的文件在OS X上?
。,允许您监视 KAUTH_FILEOP_OPEN 对所有vnodes执行操作。
$ b KAUTH_FILEOP_OPEN 到所有文件,从而允许你监视文件访问。
KAUTH_VNODE_READ_DATA ,但是请注意,这个范围可能很嘈杂y,在任何时候触发大量的操作。
IRP_MJ_READ. A sample application that does this can be found on github. This works for any user and most file systems supported by Windows.
/ folder and any mounted devices. I have very limited understanding of kernel queues and syscalls API hijacking may make it very hard to port to different OS X versions and can cause conflicts with AV or OS protection (such as PaX hardening)./ is being read by any user on OS X? KAUTH_FILEOP_OPENaction for all vnodes.KAUTH_FILEOP_OPENaction will be called before access to all files, thus allowing you to monitor file access.KAUTH_VNODE_READ_DATA, but be aware that this scope can be very noisy, triggering a very large number of actions at any one time.
