public void AddFileEntry (int processId, FileEntry entry) { if (!FileEntries.ContainsKey (processId)) { FileEntries.Add (processId, new List <FileEntry>()); } FileEntries [processId].Add (entry); }
/// <summary> /// This callback is invoked whenever this process calls CreateFile(). This is where we can modify parameters and other cool things. /// </summary> /// <remarks> /// The method signature must match the original CreateFile(). /// </remarks> private IntPtr OnCreateFile(string filePath, uint desiredAccess, uint shareMode, IntPtr securityAttributes, uint creationDisposition, uint flags, IntPtr templateFile) { try { /* * Note that we can do whatever we want in this callback. We could change the file path, return an access denied (pretend we're an antivirus program), * but we won't do that in this program. This program only monitors file access from processes. */ var fileEntry = new FileEntry() {FullPath = filePath, Timestamp = DateTime.Now }; var processId = Process.GetCurrentProcess().Id; IpcInterface.AddFileEntry(processId, fileEntry); } catch (Exception ex) { IpcInterface.PostException(ex); } // The process had originally intended to call CreateFile(), so let's actually call Windows' original CreateFile() return CreateFile(filePath, desiredAccess, shareMode, securityAttributes, creationDisposition, flags, templateFile); }