I am wondering if there is a tool which can trace a list of files (Text/any external file/s) my C# Program is using/Accessing ? =D
is there any sort of tool?
p.s. its to test Program Security .. ;)
ProcessMonitor monitors any filesystem, registry, thread, network and eventlog activity.
Process Explorer can be helpful.
Yes, there is an excellent program by SysInternals, now bought by MS. Take a look at http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
I agree with VVS that Process Monitor is just the right tool for your needs. Just wanted to add that to get what you need you would have to set up some filters. Press Ctrl-L and create a filter based on the process name. You can also see registry and network activity. Process Explorer doesn't show the detailed log of all operations, rather you can see the current activity and open handles.
Thank you much..
Process monitor has great abilities and it tensed me .. :'(
Because i am storing Hdd serials informations for security in text files and this software has traced almost everything ...
Now i know why my last program was hacked :CRY:
Related
I know how works FileSystemWatcher in C#.
It allows us to give a message when file is already created.
no matter which program/process has created this file!
Or it allows us to give information about what is a name of created file, or when it was created "few second ago"...
Also it allows us to give a message about file which was deleted or changed.
But it does not allows us to create that kind of event:
when file is being creating, but it is not yet/still created!
what if I want to terminate or pause the file creation process programmatically?
For example I want to handle or terminate file creation process programmatically according it's information which tells us that size of this file is 4GB?
no matter which program/process is trying to create this file!
Or there is another question:
What if I want to calculate when was file creation started and when was it created? as well distance between this two dates!?
I think you understood that we need more info about file before process will start to create it!
I think you might know that in windows 10 the explorer.exe allows us to do it anytime!
It even allows us to resume a copy process any time!
So if it is possible to do it in explorer.exe then it also might be possible to do it using .NET
But forget this resume capability of explorer.exe
I just need to cancel any file creation process for example if the size of this file is 4GB!
no matter which program is trying to create file!
So please help me to find out How to pop up a messageBox during file creation process?
Thank you!
Sorry my bad English!
The only way to be notified about the file operation before it is actually performed is to utilize a filesystem filter driver. This is a kernel-mode driver which you need to write in C. There exist samples of such drivers in the internet. An alternative to writing such driver yourself is to use one of the libraries that include pre-created filter drivers and let you handle all or chosen filesystem requests in user-mode (including .NET). Our company offers CallbackFilter product for this purpose.
i'm making a small project. it's Windows Form Application. i got some sources in a folder (C:/sources). When my program runs, it uses sources from the folder. Currently i can edit the folder by windows explorer, it can cause errors for my program. So i want to lock the folder (C:/sources) from being edited/renamed/deleted when my program runs. How to do so?
EDIT;
Is it possible to show a message like this when user has tried to edit the folder:
"the action cannot be completed because the folder or a file in it is open in another program"
the program that we are talking about is mine..
There are a couple of approaches that you could venture and they vary in difficulty of implementation. It all depends on how important this task is for you. But, before discussing these options; can't you embed those resources in your WinForms application instead? If this is not an option then you can do one of the following:
Write a device driver that can prohibit the access of such resources if your application is running. There are fallbacks to this approach. For example one can impersonate your application by having the same name. But, am not getting in to too much details in trying to break any approach as I am trying to address possible solutions to the current problem. There are different types of drivers that you can consider. Probably the simplest form of this approach would be to implement a mini-filter driver.
Hook certain API's like CreateFile(), NtCreateFile(), ZwCreateFile() although there are many ways to circumvent such mechanism of defense. But, again we are only venturing what you can do to address this constraint of yours.
Open these resources directly from your application and lock it exclusively. For example:
File.Open("test.txt", FileMode.Open, FileAccess.Read, FileShare.None);
as this will result in people getting the message that you desire if they try to open the file.
Maybe you can give more information on what these resources are and we can help you determine which is the best way to protect your files in a reasonable fashion?
Although I don't believe it's the best idea to have files that are critical to the application in a open area like the C: drive, I would look into NTFS file permissions and set the folder to read only, but this wont stop administrative users
See these two posts
restrict access to folder outside of program c#
Setting NTFS permissions in C#.NET
I want to write a monitor program. It will monitor a special software. When this software open files, it remember the launch history. So I can make my own "Favorite file" or "History" system for some software.
i.e. I use Total Commander frequently. I used tc as a program launcher. Most of my docs or programs opened in TC. But TC does not have a open file history system. So I plan to make one.
When the files opened in TC. TC is the parent process. I think there is a way to write C# code to get all the files opened by TC (It is about message sending and monitor code). TC is written in delphin, It use stand listbox control. C# could solve the problem nice.
But I am new to C#, I have a little Autohotkey and python programming skill. I am learning C# now. Can someone give me some tips to write the code? Core idea is OK, I will handle with the GUI things.
You may not need to write your own. Process monitor from sysinternals/Microsoft can monitor files. And with the filters you can filter by process.
http://technet.microsoft.com/en-us/sysinternals/bb896645
im also doing a child monitoring software for university project.
i found a few solutions for doing this.
Windows HOOK and intercept all the fileread write..etc.(hard & complex)
why not just check MyRecentDocuments folder... :P ( user may change settings which has both pros and cons)
donno if we can use "Process" class and do something.. :P
EDIT----------------
i almost forgot...
when i was implementing the Process Monitoring Component, i found that when a user double clicks a file "dllhost.exe" gets to run. :) i guess u hv a clue of what to do now.. im also still working on it..
I want to develop the application which logs the files / directories accessed on the machine.
e.g. I go to D:\ and into a folder documents and open a word file. I want my application to create a log in the following format:
D:\ Opened
D:\documents Opened
D:\documents\secret.docx Opened
I've used FileSystemWatcher to achieve the other type of file system activity but unable to get events for accessing this.
sounds like you wanna do a FileMon program like sys internals. in their website Mark tells about the way FileMon works so you can get some inspiration by reading the article.
also see here: How do you monitor file access and changes on a file server by user name?
Not sure this sort of monitoring can be achieved with filesystemwatcher as it is aimed at monitoring changes I believe. You could use filesystem Auditing (by going into advanced security settings) which will log events in eventlog and you can pull it from there.
Most viable option is use of file system filter driver. Such driver gives you fine-grain control over all requests going to particular file system. The only issue with this approach is complexity of developing such driver in kernel mode.
I'm not sure if the question's title makes sense, and I'm sorry if it doesn't; I didn't really know what to title it.. Anyway, is there a way to make your program track the viewing of a folder?
What I'm trying to achieve: Windows 7 Home Premium doesn't allow encryption. So, I made a folder inside my user directory, and set it to hidden. Although, you can easily find it by changing windows settings.. So, is there a way to make a program pull up a window if the user tries to access that certain folder?
I don't think you can detect the "opening" of a folder.
Instead, you may want to set a FileSystemWatcher to detect any file access to the files in that particular folder.
Hope this helps.
First of all, I have to wonder why you're not just setting an ACL on the directory to prevent access.
However, it sounds like you want to find when somebody is accessing a particular directory. To do this, you enable filesystem auditing, then set the audit ACL to generate audit entries for "List folder". This will cause entries to be generated in the Security Event Log whenever the directory is viewed.
Now you just have to write a program that watches the Security event log looking for entries indicating that somebody has listed the directory in question and take action as necessary.
Well, there is an article on code project describing how you can hook into windows system calls: http://www.codeproject.com/KB/system/hooksys.aspx - it's not simple though (and also not C#) and has the potential to screw with your system but if it might be a fun project to work on.
A simpler option would be: Use a 3rd party desktop encryption tool - not much programming involved here but it might do the job better than anything else.