I want to write an application that will monitor the files that are modified by a "client" application (with all its processes) and will restore them to the original state when the client app's execution is finished. Can this be achieved using Volume Shadow Service or should I write a File System Filter Driver since it seems that I would need to write a driver for figuring out what files are accessed by a specific process.
Asked
Active
Viewed 271 times
1 Answers
3
To be able to monitor files on a per process basis, you would need a file system filter driver. Other ways to monitor changes to files in user mode would be using the APIs FindFirstChangeNotification, FindNextChangeNotification and ReadDirectoryChangesW
Superman
- 3,027
- 1
- 15
- 10