How to listen the Process for the resource usage?

How to listen the Process for the resource usage?: Posted by kanagaraj manickam on October 8th, 2007; Hi,

I am planning to write an kernel module for listening for the
create/modify/deleteion of resource like file/registry entry/etc by an
particular process. so can i use the KMDF dummy driver for this. Please
advise me if there is an another best method than using a dummy driver

Thanks
Kanagaraj M; Posted by Don Burn on October 8th, 2007; Well what are you monitoring? Lets break this down:

File Operations - You will need a file system filter driver. This is
probably best done with the "mini-filter" model. Note: KMDF cannot do this.

Registry Operations - You can do this with a simple legacy device driver (or
with KMDF). Since the driver does not do PnP or Power KMDF does not add a
lot of benefit.

Network Operations - You will need an NDIS Intermediate Driver.

I am not sure what else you are looking at, but basically for each major
type operations/devices you are probably going to need a seperate driver.

--
Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
Website: http://www.windrvr.com
Blog: http://msmvps.com/blogs/WinDrvr
Remove StopSpam to reply

"kanagaraj manickam" <kanagarajmanickam@discussions.microsoft.com> wrote in
message news:056EBEDE-DAB4-496F-A25E-5DB5D364B838@microsoft.com...; Posted by kanagaraj manickam on October 9th, 2007; Hi Don Burn,

Thanks

Let me define the requirement in detail,
In windows there is no way we could get the list of resources like file
sets/registry entries/etc for an given application. Because the installation
of an application varies for each application like using MSI, simple ZIP,
install anywhere, etc. so I am planning to write an tool that will help to
achieve it.

so i split the requirement in to 2 parts.
1. Monitor the installation of the application and create the resource list.
2. Monitor the application while its running and create the resource list.

To achieve this requirement, I am planning to do as below:
1. From the user mode, Create the Process for Installing/Runing the
particular application.
2. Pass that Process Id to the Kernel module
3. Kernel module should be able to create the resource list. I know only
kernel module that we could write is an driver. Please correct me if i am
wrong. you have suggested that for each kind of resource, i have to write
different driver with mini-filter model.

Would you please help me on how to write the mini-filter model for achieving
my requirement.
Also please advise me, If it is possible to hook an call-back method saying
"when ever THIS process touch ANY resource like file/registry/etc Please call
me"

Thanks
Kanagaraj M

"Don Burn" wrote:; Posted by ShivaP on October 9th, 2007; Hi Kanagaraj,

You may use procmon.exe for all that you had mentioned unless you wanted to
develop a tool for yourself.

Procmon.exe from systinternals(now MS)

http://www.microsoft.com/technet/sys...ssmonitor.mspx

you need to apply the filter to filter out the activity for your installer /
application.

But for network packet capture you need to have microsoft network monitor or
ethereal .

Shiv; Posted by kanagaraj manickam on October 10th, 2007; Thanks Shiv, Process Monitor doesn't solve my purpose as it does give only
the dll and other executable module and doesn't give all the resources like
config file which is belong to that process. so i am trying to write a tool
to fulfill my requirements.

"ShivaP" wrote:

Similar Posts

More on How to monitor resource usage - Help? (Computer Hardware) by gecko
Rec for a firewall that's light on resource-usage (Software & Applications) by Gazorp
firewalls resource usage (Software & Applications) by Bloned
System Process - High CPU usage (Windows NT) by Tim Rogers
CPU usage 100 % process system (Windows NT) by WNT4