Best method for gathering NTFS file access statistics?

I'd like advice on choosing a method to collect file access statistics on NTFS volumes under Windows Vista and Windows 7 (32 & 64-bit). I'd like to count file create/open, delete, read/write accesses for every file.

API hooking is out. I need system-wide counts, and both 32 and 64-bit OS without mucking up the OS. Also, I don't think Shell Notification would work.

I know I could do it by installing a file system filter driver. The Windows DDK has a sample开发者_Go百科s, and that's how Mark Russinovich's FileMon (Sysinternals) works.

I think I might also accomplish this using WMI, but I'm not sure. That is one crazy messed up API. But if Microsoft will gather the stats for me, I'll use it.

So the question is, which method would be best & why. Am I missing another possibility, and would WMI do it?

In windows Vista you can try Reliability and Performance Monitor with User Defined Data Collector Set. Click "New", then go custom, add System counter for file control operations.

The Windows Change Journal should do the job: http://msdn.microsoft.com/en-us/library/aa363798%28VS.85%29.aspx

It gives you exacly what you need.

Getting the full filename is a bit of a problem but there is a nice article around that describes exacly how to do that.