Filemon-ish behavior by Python?

[David Bolen]

google at chrislevis.com (Chris) writes:

> I like filemon, but I'd like it better if I could run it at the
> command line, and have the option of piping the output all over the
> place.  Does anyone out there know of an existing utility that can do
> this, or, barring that, can you point me to a good place to start on
> making such a tool using Python?  I'm not sure what I would have to
> hook into to watch these operations on the disk.

Given the level of "guts" that filemon is doing to hook into
filesystem access, and if you really want to use Python, I'd probably
suggest an approach where you continued to use the sysinternals
filemon device drivers (vxd/sys), and just replaced their GUI with
your own Python code.

You can get the source to filemon from the sysinternals site (or at
least you could the last time I downloaded it), and see how it works.

The key is dynamically loading and unloading the VXD, and then issuing
IOCtls to it to retrieve information.  My bet is you could handle that
part of the interface with ctypes, although you'll have to work a bit
to match up the precise IOCtl structures used by the driver.

If you're not totally dead set on Python but just want better control
over the output (and if you've got MSVC), you might even consider just
modifying their GUI application to do what you want.

-- David