[Kamran.Teimoori]

Hello all.
I want to write a FS Filter driver to control the file operation on system (log or control), I read some about filter drivers an know there isn't any routine way to detect File copy/move and only can detect CreateFile and Read/Write file. Now my question is: there is any way to detect this files operations ? if no ! what is should do to detect file copy/move ????


** I'm novice in kernel (Learning)

Excuse my if my English is bad.

[Vrtule]

Hello,

I know no simple way to detect this. What problem are you trying to solve? Maybe, you actually do not need to detect file copy/move operations but something simpler in order to achieve your task.

BTW: you can detect file moves in case they are done by renaming.

[Kamran.Teimoori]

I want to prevent file copy from local disk to removable disks. and create a log from all copied/moved files name in a period time.

[t4L]

You can just deny file creation on removable devices. Problem solved.