From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michal Novotny Subject: Re: Logging Access to HDD Date: Tue, 19 Apr 2011 12:22:49 +0200 Message-ID: <4DAD6279.90003@redhat.com> References: <4DAD5296.70204@seceng.informatik.tu-darmstadt.de> <4DAD5968.1030408@seceng.informatik.tu-darmstadt.de> <4DAD6175.1090905@redhat.com> Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <4DAD6175.1090905@redhat.com> List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xensource.com Errors-To: xen-devel-bounces@lists.xensource.com To: Laszlo Ersek Cc: xen-devel@lists.xensource.com, Sebastian Biedermann List-Id: xen-devel@lists.xenproject.org On 04/19/2011 12:18 PM, Laszlo Ersek wrote: > On 04/19/11 11:44, Sebastian Biedermann wrote: > >>>> For now, I want to log the disk accesses of a running windows 7 domU >>>> instance. >> I dont need to log every single byte, it would be enough to know which >> file is accessed by the domU inside its image. > Perhaps try Filemon from Sysinternals ^W^W^W Process Monitor: > > http://technet.microsoft.com/en-us/sysinternals/bb896645 > Laszlo, those tools are basically using the API I mentioned above - the FindFirstChange() or similar API I already mentioned. If Sebastian wants it to be done for one-time or user-assisted monitoring then it's fine to use those Sysinternals utilities however if his intention is to create an application to be monitoring it "on-the-fly" then writing his own app is better. Michal -- Michal Novotny , RHCE Virtualization Team (xen userspace), Red Hat