Is there any way to hook all disk writes going thru the system, and receive the file names of whatever’s being modified, using the Win32 API? Or is this something that would require writing a driver?
Share
Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Is there any way to hook all disk writes going thru the system, and receive the file names of whatever’s being modified, using the Win32 API? Or is this something that would require writing a driver?
You can’t do this in user mode, it needs to be kernel mode and so that means a driver. You need a File System Filter Driver.