I want to develop the application which logs the files / directories accessed on the machine.
e.g. I go to D:\ and into a folder documents and open a word file. I want my application to create a log in the following format:
D:\ Opened
D:\documents Opened
D:\documents\secret.docx Opened
I've used FileSystemWatcher to achieve the other type of file system activity but unable to get events for accessing this.
sounds like you wanna do a FileMon program like sys internals. in their website Mark tells about the way FileMon works so you can get some inspiration by reading the article.
also see here: How do you monitor file access and changes on a file server by user name?
Not sure this sort of monitoring can be achieved with filesystemwatcher as it is aimed at monitoring changes I believe. You could use filesystem Auditing (by going into advanced security settings) which will log events in eventlog and you can pull it from there.
Most viable option is use of file system filter driver. Such driver gives you fine-grain control over all requests going to particular file system. The only issue with this approach is complexity of developing such driver in kernel mode.
Related
i'm making a small project. it's Windows Form Application. i got some sources in a folder (C:/sources). When my program runs, it uses sources from the folder. Currently i can edit the folder by windows explorer, it can cause errors for my program. So i want to lock the folder (C:/sources) from being edited/renamed/deleted when my program runs. How to do so?
EDIT;
Is it possible to show a message like this when user has tried to edit the folder:
"the action cannot be completed because the folder or a file in it is open in another program"
the program that we are talking about is mine..
There are a couple of approaches that you could venture and they vary in difficulty of implementation. It all depends on how important this task is for you. But, before discussing these options; can't you embed those resources in your WinForms application instead? If this is not an option then you can do one of the following:
Write a device driver that can prohibit the access of such resources if your application is running. There are fallbacks to this approach. For example one can impersonate your application by having the same name. But, am not getting in to too much details in trying to break any approach as I am trying to address possible solutions to the current problem. There are different types of drivers that you can consider. Probably the simplest form of this approach would be to implement a mini-filter driver.
Hook certain API's like CreateFile(), NtCreateFile(), ZwCreateFile() although there are many ways to circumvent such mechanism of defense. But, again we are only venturing what you can do to address this constraint of yours.
Open these resources directly from your application and lock it exclusively. For example:
File.Open("test.txt", FileMode.Open, FileAccess.Read, FileShare.None);
as this will result in people getting the message that you desire if they try to open the file.
Maybe you can give more information on what these resources are and we can help you determine which is the best way to protect your files in a reasonable fashion?
Although I don't believe it's the best idea to have files that are critical to the application in a open area like the C: drive, I would look into NTFS file permissions and set the folder to read only, but this wont stop administrative users
See these two posts
restrict access to folder outside of program c#
Setting NTFS permissions in C#.NET
I want to build an app that needs to monitor the opening of the files but I don't find any way to can do it.
With FileSystemWatcher there is no option to can monitor the opening of the files. Just the created, removed and modified ones.
So I wonder if there is any functionality implemented in the advanced searches that could give me the infomration of the files opened after a concrete date. (At least in Mac it's possible but I am not sure if Windows has implemented this)
Other solution would be to develop a File System Filter Driver, but I find this way too hard
I cant give you a direct answer (because I dont know) but since Microsoft publish the FileMon tool which does exactly what you are after, it seems that Windows does have a way of notifying file open, close and access. This is discussed here Getting a notification when a local file is accessed in windows but this only covers the change of files, not opening and closing. There is a way of getting all the files opened by a process discussed here Delphi - get what files are opened by an application which is possibly what FileMon is using, but there are caveats (i.e. its an internal OS API).
Hope this helps, sorry cannot give a direct answer.
I've developed an add-in and now I'd like to enable it to store/retrieve settings upon the launch of Outlook. I've checked the current working directory using Environment.CurrentDirectory but when I tried to File.WriteAllText to it, I failed due to access rights. So, my question is twofold.
Will any directory suffice or is there a recommended one?
Do I need to store the settings in a local file or is there a neater method?
I use the Environment class as follows.
String dir = Environment.GetFolderPath(
Environment.SpecialFolder.ApplicationData);
A bit lengthy syntax but it does the job well. Not sure if you'll have full access rights from an add-in, though. Also, It'd be good to know if somebody will suggest a better storage method. Once I used a web service until I discovered that my user often will do his job while sitting on the train (read: off-line). It worked unless he didn't reboot his machine before getting on board.
Is there a way to lunch a process in C# with limited read file permissions?
For example: Launch notepad.exe so it is unable to read C:\temp\ but can read C:\abc.
I have code to launch a process in low integrity mode but this only stops the process from writing files. It can still read most files on the disk.
I have code to launch a process in low integrity mode but this only stops the process from writing files. It can still read most files on the disk.
Yes, and as well it should be able to. The solution here is not to modify the privileges of the application, but rather to modify the permissions of the individual files.
You can take advantage of discrete user accounts to help you keep things organized. Windows has lots of file security features built in. Ask more questions about that on Server Fault. This is not a programming-related problem, it's an operating system security configuration issue.
Code Access Security appears to be what you are looking for.
I've been working on a program to monitor a network folder to find out which spreadsheets our company uses are the most popular. I'm using the FileSystemWatcher class in C# to do the monitoring. I've noticed I'm getting updates to files that are in folders that my user does not have permission to browse. I understand that my software is subscribing to a list of updates done by other system software and not actually browsing those files itself, but is this functionality intentional or is it a bug?
The FileSystemWatcher is intended to monitor for any changes, not just a user opening the file.
EDIT: I'm pretty sure this is done by design. Think of trying to have a program check a network location for updates. You might not want the user to have access to that file location, but you want to be able to check for file changes, and download new files when they are available.
You may also have programs (like BizTalk) generating or editing files that other programs need to access, so these other programs just sit there and watch for file changes.