开发者

Intercepting writes to disk blocks. What level would this operation reside at? At the FS layer or between the LVM and FS?

开发者 https://www.devze.com 2023-03-05 06:51 出处:网络
Scenario: You open notepad.exe in Windows 7. Write 1024 characters and save the file.Windows obviously saves this file to the hard disk.At which point can I determine what block the data is written t

Scenario:

You open notepad.exe in Windows 7. Write 1024 characters and save the file. Windows obviously saves this file to the hard disk. At which point can I determine what block the data is written to. A simple file monitor will give me the information notifying me of the event, but at the filesystem layer, does it also include the block that the data was written to? Given the file is under 4kb, it will only use 1 block. Does the filesy开发者_如何学Gostem KNOW which block it will go to?

Can someone explain the process a little more in depth? At what layer in the stack does the determination of which block the data will end up in. Does a file monitor that utilizes a driver at the filesystem level guarantee the final block destination? Or is this determined between the filesystem layer and the logical volume layer meaning I would need an upper volume filter driver?


The file system driver (or maybe even below level, depending whether you are interested in cluster number of physical location of the file on the plate of the HDD) decides what block (or cluster) the data goes to. I am not sure that even using volume filter driver you would be able to link the file and the block. All in all the file can be sparse or compressed or encrypted, and even having a file system filter capturing the data (to match them to the data being saved to the block) you won't be able to do the match. If you explain what the purpose of your tracking is, maybe someone will come with a better idea, than building a bunch of filter drivers.

0

精彩评论

暂无评论...
验证码 换一张
取 消