Cross platform file

2018-06-19 09:17:03

I'd like to be able to track file read/writes of specific program invocations. No information about the actual transactions is required, just the file names involved.

Is there a cross platform solution to this?
What are various platform specific methods?
On Linux I know there's strace/ptrace (if there are faster methods that'd be good too).
I think on mac os there's ktrace.
What about Windows?

Also, it would be amazing if it would be possible to block (stall out) file accesses until some later time.

Thanks!

The short answer is no. There are plenty of platform specific solutions which all probably have similar interfaces, but they aren't inherently cross platform since file systems tend to be platform specific.

How do I do it well on each platform?

Again, it will depend on the platform :) For Windows, if you want to track reads/writes in flight, you might have to go with IFS. If you just want to get notified of changes, you can use ReadDirectoryChangesW or the NTFS change journal.

I'd recommend using the NTFS change journal only because it tends to be more reliable.

On Windows you can use the command line tool Handle or the GUI version Process Explorer to see which files a given process has open.

If you're looking for a get this information in your own program you can use the IFS kit from Microsoft to write a file system filter. The file system filter will show all file system operation for all process. File system filters are used in AV software to scan files before they are open or to scan newly created files.

As long as your program launches the processes you want to monitor, you can write a debugger and then you'll be notified every time a process starts or exits. When a process starts, you can inject a DLL to hook the CreateFile system calls for each individual process. The hook can then use a pipe or a socket to report file activity to the debugger.

链接地址: http://www.djcxy.com/p/54594.html

上一篇: 平台编译Qt应用程序

下一篇: 跨平台文件