Windows NT File System Monitor (Filemon)

Copyright (C) 1996 Mark Russinovich and Bryce Cogswell

Mark can be reached at markr@numega.com and Bryce can be
reached at cogswell@cs.uoregon.edu.

You have the right to take and use this code for whatever purpose, 
commercial or otherwise, that you want.

----------------------------------------------------------------------
RUNNING FILEMON

Filemon was compiled for the x86 platform. See below for building 
versions for other hardware.

To run Filemon, "CD" to the GUI\WINDEBUG directory and type "filemon."
Your account must allow you the privilege of installing device
drivers in order to run Filemon.

Note about network drives: Multiple local drives can be mounted on the
same network drive. This means that when Filemon hooks one local
drive, it will see requests for all other local drives mounted on the
same network drive. Using the "Drives" menu to select or deselect
one of these local drives will automatically select or deselect the
other drives of the group.

Note about formatting: Filemon can be used to watch NT format floppy
drives. However, when a floppy format is complete, NT deletes the 
device object that represents the drive and creates a new one. This
means that subsequent accesses to the floppy will not be  seen by
Filemon unless the floppy drive is first deselected and then selected
again in order to hook the newly created floppy device object.

----------------------------------------------------------------------
BUILDING FILEMON

Overview: The executables included are for the x86, although the
source code for the GUI and device driver are platform portable.

Directories:

SYS: The device driver for Filemon. It can be built using the NT DDK's
build utility, or by using the Makefile that has been designed for it. 
The compiler used to produce the executable was VC 4.1. Debugging
output is off by default when the code is built using the Makefile. 
They can be enabled by settting setting "DBG" to "1" in the Makefile.
Note that Nu-Mega Technologies' NT-ICE debugger was used during the
developement of Filemon so NT-ICE related statements are included
in the Makefile.

GUI: The Filemon GUI. This is a UNICODE Win32 program. The executables
and project are from VC 4.1 and the NT final release DDK. 
