Based On Kernel-mode Drivers, File System Monitoring

With the development of network technology, enterprises applies more and more network, and the security of LAN becomes more and more important. The data in the computer stored as files, therefore, file system security is a key in the security of LAN. The research object of this project is file system monitoring and controlling based on kernel-mode driver in Windows.This work described the structure of file system monitoring and controlling module and the collaboration among three submodules, summarized the working principle of file system filter driver and the flow of developing a file system filter driver, and detailed attaching to a volume device, getting a file full path, getting a process name, comparing current file name with a key file name using NFA. In order to convenience the reader to understand kernel mode and drivers, this thesis introduces concepts about that first.In this project, I took part in the reaserch of the subject, and took charge of the design and implement of the file system monitoring and controlling module, and tested the module for a long time. Finally file system monitoring and controlling module found application as a part of LAN monitoring and controlling system.