windows 文件监控

关于windows文件监控，EaseFilter FileMonitor SDK vs FileSystemWatcher，FileSystemWatcher Class 不能到用户级别，EaseFilter FileMonitor SDK 可以到用户名和进程名级别

精细文件监控需要用户自己实现，Windows系统功能有限，一般的精细监控都是第三方软件实现好的付费拿来用，要么就自己开发

EaseFilter FileMonitor SDK vs FileSystemWatcher Class

[FileSystemWatcher Class]

https://docs.microsoft.com/en-us/dotnet/api/system.io.filesystemwatcher

[EaseFilter FileMonitor SDK]

https://www.easefilter.com/kb/FileSystemWatcher.htm

The features EaseFilter FileMonitor SDK has, but FileSystemWatcher doesn't have

1.Track who changed the file in the folder with the requestor's user name and process name of the file event.

The EaseFilter FileMonitor SDK can provide the user name and process name for every callback file Io. You will know who ( user name and process name) accessed your files when the file was accessed or changed in real time. If the file was accessed by network share, the EaseFilter file monitor also can provide the remote IP address.

2.The file IO information

The EaseFilter FileMonitor SDK not only provides the file name, but also provides the file size, file attributes, file time information in the callback event.

3.The file IO activities.

·The file open or file create IO

Reference CreateFile or FltCreateFile API, you will know how the file was opened. In the file open/create callback event, you will know the file open option "DesiredAccess","CreateOption", "Disposition". You will know the status of the file open: if the status is succeeded, you will know that the file was opened or created sucessfully, if the file open is failed, you will know the reason of the file open failure.

·The read file IO

Reference ReadFile or FltReadFile API, you will know how the file was read. In the file read callback event, you will know the read offset, read length information, if the read succeeded, you will get the read data.

·The write file IO

Reference WriteFile or FltWriteFile API, you will know how the file was written. In the file write callback event, you will know the write offset, write lenght information, written data to the file.

·The file rename IO

Reference MoveFile API, you will get the file rename callback event with the new file name, the requestor's user name and processname

·The delete file IO

Reference DeleteFile API, you will get the file delete callback event with the file information, the requestor's user name and process name.

·The get file size or set file size IO

Reference GetFileSize, SetEndOfFile API, you will get the file size information if the file size query was succeeded, you will know the file size was set for the set file size IO.

·The query or set file attribue, file last access time, file last write time, file creation time IO

Reference GetFileAttributes, SetFileAttributes, GetFileTime and SetFileTime API, you will get the file attributes and file time information with the callback event.

·The query or set file security IO

Reference GetSecurityInfo, SetSecurityInfo API, you will the file security descriptor was queried or set in the callback event.

·The directory file list IO

Reference FindFirstFile and FindNextFile API, you will get the file list of the directory in the callback event.

·The file handle close IO

Reference CloseHandle API, you will get the file information in the file handle close callback event.