Display processes that access a folder

I am trying to write a simple program, preferably in C, that will watch a given directory. Whenever a process accesses that directory, I just want to print out the name of that process. It seems simple, but I am coming up short for solutions on MSDN. Does anyone know which library calls I will need for this, or any helpful advice? I have considered repeatedly querying for what processes have handles on the given directory and just wa开发者_开发技巧tching for additions to that list.This approach just seems very intensive and I am hoping there is an easier way. Thanks.

I'm not sure if there's an easier way, but one way is to use a file system filter driver. Or easier a file system minifilter driver.

You can filter, log, track, control, ... all IO.

There is no supported way to do this from user mode. You can use the FindFirstChangeNotification API to tell when a file or directory has changed, but that doesn't tell you who did it. You might be able to hook some things to obtain this information... but that is of course not supported.

If you can use a driver, you can use Event Tracing for Windows for this information. This is what Sysinternals ProcMon uses. But installation of a driver is a very invasive process, bugs in your driver cause BSODs, and installation of a driver requires administrative rights. Something to keep in mind.