I would like to advise on choosing a method to gather file access data on NTFS volumes under Windows Vista and Windows 7; 64-bit) I want to count / create, delete, read / write files for every file
API hooking is out I need a system-wide count, and both 32 and Without leaving the 64-bit OS on top of the OS Besides, I do not think shell notifications will work.
I know that I can do this by installing a file system filter driver. Windows are DDK samples, and so does Marc Russianovich's fileman (Sisninernal) works.
I think I can also use WMI, but I'm not sure. This is a crazy messy API. But if Microsoft will collect statistics for me, then I will use it.
So the question is, this method will be the best; Why. Do I miss another possibility, and what will WMI do?
No comments:
Post a Comment