[Filemon logo] Copyright © 1996-1997 Mark Russinovich and Bryce Cogswell last updated March 16, 1996 Filemon - Windows 95 File Monitor V2.0 Introduction Filemon is a file system monitor for Windows 95 that displays detailed information about every file system access that takes place. See our NTFilemon program for an equivalent program for Windows NT. This latest version includes advanced filtering capability that allows output to be captured based on process or path names. Sample Screen This is a screenshot of Filemon watching file system Shot activity. Installation and Install Filemon by copying Filevxd.vxd and Filemon.exe Use to the same directory on your hard drive, and start it by running Filemon.exe from that directory. The GUI dynamically loads the virtual device driver (VxD), which starts filtering all file system accesses. The menus can be used to toggle on and off monitoring, disable event capturing, control the scrolling of the listview, and save the listview contents to an ASCII file. How Filemon Works The heart of Filemon is in the virtual device driver, Filevxd.vxd. It is dynamically loaded, and in its initialization it installs a file system filter via the VxD service, IFSMGR_InstallFileSystemApiHook, to insert itself onto the call chain of all file system requests. When Filemon sees an open, create or close call, it updates an internal hash table that serves as the mapping between internal file handles and file path names. Whenever it sees calls that are handle based, it looks up the handle in the hash table to obtain the full name for display. If a handle-based access references a file opened before Filemon started, Filemon will fail to find the mapping in it hash table and will simply present the handle's value instead. Information on accesses is dumped into an ASCII buffer that is periodically copied up to the GUI for it to print in its listbox. More Information The following serve as additional sources of information on the Windows 95 file system: * The Windows 95 DDK * "Examining the Windows 95 Layered File System," by Mark Russinovich and Bryce Cogswell, Dr. Dobb's Journal, December 1995 * "System Programming for Windows 95," by Walter Oney, Microsoft Press, 1996 (a must have for VxD writers) ---------------------------------------------------------------------------- Download Filemon (24KB) Download Filemon Plus Source (96KB) [Image]