Filemon-like tool with FileSpy driver

Hi, all

I am thinking about to write a tool which will look
as filemon, with the exception that it will show the output
from FileSpy driver.
I decided to do that because Filemon’s output
is sometimes not enough for me.

I would like to create something more comfortable
than the text output of the current FileSpy version.
(Menus, save to file, maybe more - depends
of how much time I will have)

Before I will start, I would like to ask

  1. Does anyone know if something like this already exists ?
    (except for filemon itself, of course -))

  2. If I’ll decide to make the tool publicly available
    with the tool sources (but *not* with the filter sources),
    will it violate some copyrights/licenses/rules/etc. ?

L.

Ladislav,

As far as I know nothing like this currently exists. No, you will not
be violating any copyrights by doing this and I believe this would be
very useful for everyone.

Neal Christiansen
Microsoft File System Filter Group Lead
This posting is provided “AS IS” with no warranties, and confers no
rights

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Ladislav Zezula
Sent: Friday, January 07, 2005 1:09 AM
To: Windows File Systems Devs Interest List
Subject: [ntfsd] Filemon-like tool with FileSpy driver

Hi, all

I am thinking about to write a tool which will look
as filemon, with the exception that it will show the output
from FileSpy driver.
I decided to do that because Filemon’s output
is sometimes not enough for me.

I would like to create something more comfortable
than the text output of the current FileSpy version.
(Menus, save to file, maybe more - depends
of how much time I will have)

Before I will start, I would like to ask

  1. Does anyone know if something like this already exists ?
    (except for filemon itself, of course -))

  2. If I’ll decide to make the tool publicly available
    with the tool sources (but *not* with the filter sources),
    will it violate some copyrights/licenses/rules/etc. ?

L.


Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17

You are currently subscribed to ntfsd as: xxxxx@windows.microsoft.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

> As far as I know nothing like this currently exists. No, you will not

be violating any copyrights by doing this and I believe this would be
very useful for everyone.

Well, if someone considers it useful and/or eventually
could help me with telling what else is missing
for good file system monitoring (from the point of view
of a FS developer), here is the link for downloading
the first version.

http://www.zezula.net/download/filespy.zip (96 KB)
No installing, just run.

If you’ll have any hints,
send them to zezula_at_volny_dot_cz, not to NTFSD.

Now I have to use it for some time to refine
the GUI application. When done, I will release
its sources and make them available for download.

Comparing to Filemon, FileSpy has some additional capabilities

  • Additional output of several flags as text values
    instead of hexa value (e.g. IRP_NOCACHE
    instead of 0x00000001)
  • It can monitor new processes only
  • More detailed filtering by process, by IRP/FastIo,
    or by path
  • Possibility to choose columns in the log and output file.
  • Possibility to attach to Non-MS redirectors (by name)

Some things are missing (comparing to Filemon)

  • Load list
  • Find in list
  • Path properties
  • Process properties

L.