检测在Windows文件“复制”操作 [英] Detect file 'COPY' operation in Windows
问题描述
说我要被告知只要文件复制发布在我的系统,并获取文件名,它是被复制或移动目标和副本的时间。
Say I want to be informed whenever a file copy is launched on my system and get the file name, the destination where it is being copied or moved and the time of copy.
这可能吗?你会如何做呢?如果你钩的CopyFile API函数?
Is this possible? How would you go about it? Should you hook CopyFile API function?
有一个已经完成这个软件吗?
Is there any software that already accomplishes this?
推荐答案
Windows有I / O的过滤器,让你可以拦截所有的I / O操作,并选择执行其他操作结果的概念。它们主要用于A / V类型的情景,但可以编程为各种各样的任务。 Sysinternals的进程监视器例如使用I / O过滤器,以查看文件级别的访问。
Windows has the concept of I/O filters which allow you to intercept all I/O operations and choose to perform additional actions as a result. They are primarily used for A/V type scenarios but can be programmed for a wide variety of tasks. The SysInternals Process Monitor for example uses a I/O filter to see the file level access.
您可以(从命令提示符fltmc.exe)查看使用MS过滤器管理器的当前过滤器,
You can view your current filters using MS Filter Manager, (fltmc.exe from a command prompt)
有一个工具包,以帮助你编写过滤器,你可以得到的驱动程序和开发自己。
There is a kit to help you write filters, you can get the drivers and develop your own.
http://www.microsoft.com/whdc/driver/filterdrv/ default.mspx 是一个开始的地方得到深入的信息
http://www.microsoft.com/whdc/driver/filterdrv/default.mspx is a starting place to get in depth info
这篇关于检测在Windows文件“复制”操作的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!