Selectively restore files using VSS
https://stackoverflow.com/questions/10620988
-
09-06-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I want to write an application that will monitor the files that are modified by a "client" application (with all its processes) and will restore them to the original state when the client app's execution is finished. Can this be achieved using Volume Shadow Service or should I write a File System Filter Driver since it seems that I would need to write a driver for figuring out what files are accessed by a specific process.
Solution
To be able to monitor files on a per process basis, you would need a file system filter driver. Other ways to monitor changes to files in user mode would be using the APIs FindFirstChangeNotification, FindNextChangeNotification and ReadDirectoryChangesW
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
