I am developing a file monitor to monitor file access of any exe. I monitor that exe for any file it opens/closes,reads/writes and collect the stats.
I am total newcomer to ETW (as from my research, it does not look there is any other way to do this.)
while I have been able to get some c++ code going, my client would prefer a c# solution.is there enough support in c# to monitor file io?
the samples in msdn are c++/c specific. I read vance Morrison's blogs.but its beyond me at the moment and they don't seem to suit "nt kernel logging sessions/ monitor file io" scenarios.
can anyone give me a simple sample or point me to a useful link ? any inputs is welcome on this.
In windows, ultimately any file access is granted, by the underlying winapi. See CreateFile and familly. These functions are hook-able by Microsoft Detours (though it is intended for instrumention purposes). There are also a handfull of other libraries for this sort of purposes e.g. easyhook.