Filemon-ish behavior by Python?

Collapse
This topic is closed.
X
X
 
  • Time
  • Show
Clear All
new posts
  • Chris

    Filemon-ish behavior by Python?

    (For those who don't know what filemon is, it is a utility by System
    Internals that hooks into something and watches every file-access
    performed by the system (in this case, Win 2000), and outputs to the
    GUI the files being accessed).

    I like filemon, but I'd like it better if I could run it at the
    command line, and have the option of piping the output all over the
    place. Does anyone out there know of an existing utility that can do
    this, or, barring that, can you point me to a good place to start on
    making such a tool using Python? I'm not sure what I would have to
    hook into to watch these operations on the disk.

    TIA
    -cjl
  • Josiah Carlson

    #2
    Re: Filemon-ish behavior by Python?

    [color=blue]
    > (For those who don't know what filemon is, it is a utility by System
    > Internals that hooks into something and watches every file-access
    > performed by the system (in this case, Win 2000), and outputs to the
    > GUI the files being accessed).
    >
    > I like filemon, but I'd like it better if I could run it at the
    > command line, and have the option of piping the output all over the
    > place. Does anyone out there know of an existing utility that can do
    > this, or, barring that, can you point me to a good place to start on
    > making such a tool using Python? I'm not sure what I would have to
    > hook into to watch these operations on the disk.[/color]

    Unless you want to slow down your machine, you probably don't want to.
    Your computer can likely handle a few hundred thousand disk requests
    each second, which would result in a (relatively slow) Python callback
    for each of them.

    In terms of how you would get access to such information, I don't know.
    You may want to ask the System Internals guys.

    - Josiah

    Comment

    • David Bolen

      #3
      Re: Filemon-ish behavior by Python?

      google@chrislev is.com (Chris) writes:
      [color=blue]
      > I like filemon, but I'd like it better if I could run it at the
      > command line, and have the option of piping the output all over the
      > place. Does anyone out there know of an existing utility that can do
      > this, or, barring that, can you point me to a good place to start on
      > making such a tool using Python? I'm not sure what I would have to
      > hook into to watch these operations on the disk.[/color]

      Given the level of "guts" that filemon is doing to hook into
      filesystem access, and if you really want to use Python, I'd probably
      suggest an approach where you continued to use the sysinternals
      filemon device drivers (vxd/sys), and just replaced their GUI with
      your own Python code.

      You can get the source to filemon from the sysinternals site (or at
      least you could the last time I downloaded it), and see how it works.

      The key is dynamically loading and unloading the VXD, and then issuing
      IOCtls to it to retrieve information. My bet is you could handle that
      part of the interface with ctypes, although you'll have to work a bit
      to match up the precise IOCtl structures used by the driver.

      If you're not totally dead set on Python but just want better control
      over the output (and if you've got MSVC), you might even consider just
      modifying their GUI application to do what you want.

      -- David

      Comment

      Working...