检测在Windows文件“复制”操作 [英] Detect file 'COPY' operation in Windows

问题描述

说我要被告知只要文件复制发布在我的系统，并获取文件名，它是被复制或移动目标和副本的时间。

Say I want to be informed whenever a file copy is launched on my system and get the file name, the destination where it is being copied or moved and the time of copy.

这可能吗？你会如何​​做呢？如果你钩的CopyFile API函数？

Is this possible? How would you go about it? Should you hook CopyFile API function?

有一个已经完成这个软件吗？

Is there any software that already accomplishes this?

推荐答案

Windows有I / O的过滤器，让你可以拦截所有的I / O操作，并选择执行其他操作结果的概念。它们主要用于A / V类型的情景，但可以编程为各种各样的任务。 Sysinternals的进程监视器例如使用I / O过滤器，以查看文件级别的访问。

Windows has the concept of I/O filters which allow you to intercept all I/O operations and choose to perform additional actions as a result. They are primarily used for A/V type scenarios but can be programmed for a wide variety of tasks. The SysInternals Process Monitor for example uses a I/O filter to see the file level access.

您可以（从命令提示符fltmc.exe）查看使用MS过滤器管理器的当前过滤器，

You can view your current filters using MS Filter Manager, (fltmc.exe from a command prompt)

有一个工具包，以帮助你编写过滤器，你可以得到的驱动程序和开发自己。

There is a kit to help you write filters, you can get the drivers and develop your own.

http://www.microsoft.com/whdc/driver/filterdrv/ default.mspx 是一个开始的地方得到深入的信息

http://www.microsoft.com/whdc/driver/filterdrv/default.mspx is a starting place to get in depth info

这篇关于检测在Windows文件“复制”操作的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！