Event API for opened files in filesystem

Discussion in 'Mac Programming' started by Codeaholic, Aug 4, 2011.

  1. Codeaholic macrumors newbie

    Joined:
    Aug 4, 2011
    #1
    Hey folks,

    I'm looking for a way to get a notification in my C program when any process is opening (or reading from) any file in a previously defined directory (including subdirectories).

    I detected an API called FSEvents but that is for write-operations only. Of
    course, it's possible to capture the output of lsof but that is not realy cool.

    Does somebody has an idea or is that impossible without patching the kernel? :)
     
  2. chown33, Aug 4, 2011
    Last edited: Aug 4, 2011

    chown33 macrumors 604

    Joined:
    Aug 9, 2009
    #2
    First, see 'man fs_usage'.

    Second, see if fs_usage source is available from the Darwin ports project.


    If fs_usage isn't enough, dtrace would probably work.

    The Instruments.app has built-in instruments for many file-system system-calls. These instruments are likely written using dtrace.

    Here's the Instruments page:
    http://developer.apple.com/library/.../Built-InInstruments/Built-InInstruments.html

    You will also have to look at the dtrace man page, and the linked reference docs. There's also a section of the Instruments reference about making custom instruments. So look there, too, and look for sample code for custom dtrace instruments.

    FYI, dtrace almost always requires elevated privileges, so you should plan to learn how to do that, unless you're already familiar with it.
     
  3. Codeaholic thread starter macrumors newbie

    Joined:
    Aug 4, 2011
    #3
  4. chown33 macrumors 604

    Joined:
    Aug 9, 2009
    #4
    It would be even stranger if we were able to figure out the problem from that description.

    We can't see your screen. All we know about the problem is what you tell us.

    Start by posting the exact text of any error messages. Continue by identifying your OS version and Xcode version.
     
  5. Codeaholic thread starter macrumors newbie

    Joined:
    Aug 4, 2011
    #5
    Sure :)

    My command (from fs_usage Makefile):

    Code:
    /Developer/usr/bin/cc -arch x86_64 -arch i386 -g -Os -pipe -Wall -Werror -I/System/Library/Frameworks/System.framework/PrivateHeaders -I/System/Library/Frameworks/System.framework/PrivateHeaders/bsd -I/tmp/UNTITLED_PROJECT/Build/UNTITLED_PROJECT -dead_strip -lutil -Wall -Werror -I/System/Library/Frameworks/System.framework/PrivateHeaders -I/System/Library/Frameworks/System.framework/PrivateHeaders/bsd -I/tmp/UNTITLED_PROJECT/Build/UNTITLED_PROJECT fs_usage.c -o fs_usage
    
    and here the output:

    Code:
    fs_usage.c:259: error: expected declaration specifiers or ‘...’ before ‘kd_buf’
    fs_usage.c:260: error: expected declaration specifiers or ‘...’ before ‘kd_buf’
    fs_usage.c:262: error: expected declaration specifiers or ‘...’ before ‘kd_buf’
    fs_usage.c:884: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘bufinfo’
    cc1: warnings being treated as errors
    fs_usage.c: In function ‘main’:
    fs_usage.c:1926: warning: implicit declaration of function ‘reexec_to_match_kernel’
    fs_usage.c:2069: error: ‘kd_buf’ undeclared (first use in this function)
    fs_usage.c:2069: error: (Each undeclared identifier is reported only once
    fs_usage.c:2069: error: for each function it appears in.)
    fs_usage.c: In function ‘set_pidcheck’:
    fs_usage.c:2196: error: ‘kd_regtype’ undeclared (first use in this function)
    fs_usage.c:2196: error: expected ‘;’ before ‘kr’
    fs_usage.c:2198: error: ‘kr’ undeclared (first use in this function)
    fs_usage.c:2198: error: ‘KDBG_TYPENONE’ undeclared (first use in this function)
    fs_usage.c: In function ‘set_pidexclude’:
    fs_usage.c:2223: error: ‘kd_regtype’ undeclared (first use in this function)
    fs_usage.c:2223: error: expected ‘;’ before ‘kr’
    fs_usage.c:2227: error: ‘kr’ undeclared (first use in this function)
    fs_usage.c:2227: error: ‘KDBG_TYPENONE’ undeclared (first use in this function)
    fs_usage.c: At top level:
    fs_usage.c:2245: error: expected ‘)’ before ‘*’ token
    fs_usage.c: In function ‘set_init’:
    fs_usage.c:2284: error: ‘kd_regtype’ undeclared (first use in this function)
    fs_usage.c:2284: error: expected ‘;’ before ‘kr’
    fs_usage.c:2286: error: ‘kr’ undeclared (first use in this function)
    fs_usage.c:2286: error: ‘KDBG_RANGETYPE’ undeclared (first use in this function)
    fs_usage.c: In function ‘sample_sc’:
    fs_usage.c:2315: error: ‘kd_buf’ undeclared (first use in this function)
    fs_usage.c:2315: error: ‘kd’ undeclared (first use in this function)
    fs_usage.c:2321: warning: implicit declaration of function ‘get_bufinfo’
    fs_usage.c:2321: error: ‘bufinfo’ undeclared (first use in this function)
    fs_usage.c:2354: error: ‘KDBG_WRAPPED’ undeclared (first use in this function)
    fs_usage.c:2371: error: expected expression before ‘)’ token
    fs_usage.c:2393: warning: implicit declaration of function ‘kdbg_get_timestamp’
    fs_usage.c:2587: error: incompatible type for argument 4 of ‘enter_event’
    fs_usage.c:2587: error: too many arguments to function ‘enter_event’
    fs_usage.c:2641: error: too many arguments to function ‘extend_syscall’
    fs_usage.c: At top level:
    fs_usage.c:2673: error: expected declaration specifiers or ‘...’ before ‘kd_buf’
    fs_usage.c: In function ‘enter_event_now’:
    fs_usage.c:2691: error: ‘kd’ undeclared (first use in this function)
    fs_usage.c: At top level:
    fs_usage.c:2766: error: expected declaration specifiers or ‘...’ before ‘kd_buf’
    fs_usage.c: In function ‘enter_event’:
    fs_usage.c:2771: error: ‘kd’ undeclared (first use in this function)
    fs_usage.c:2771: error: incompatible type for argument 4 of ‘enter_event_now’
    fs_usage.c:2771: error: too many arguments to function ‘enter_event_now’
    fs_usage.c:2780: error: incompatible type for argument 4 of ‘enter_event_now’
    fs_usage.c:2780: error: too many arguments to function ‘enter_event_now’
    fs_usage.c:2789: error: incompatible type for argument 4 of ‘enter_event_now’
    fs_usage.c:2789: error: too many arguments to function ‘enter_event_now’
    fs_usage.c: At top level:
    fs_usage.c:2802: error: expected declaration specifiers or ‘...’ before ‘kd_buf’
    fs_usage.c: In function ‘extend_syscall’:
    fs_usage.c:2811: error: ‘kd’ undeclared (first use in this function)
    fs_usage.c: In function ‘read_command_map’:
    fs_usage.c:3963: error: ‘kd_threadmap’ undeclared (first use in this function)
    fs_usage.c:3963: error: ‘mapptr’ undeclared (first use in this function)
    fs_usage.c:3969: error: ‘bufinfo’ undeclared (first use in this function)
    fs_usage.c:3973: error: expected expression before ‘)’ token
    fs_usage.c:4029: error: expected expression before ‘)’ token
    fs_usage.c:259: error: expected declaration specifiers or ‘...’ before ‘kd_buf’
    fs_usage.c:260: error: expected declaration specifiers or ‘...’ before ‘kd_buf’
    fs_usage.c:262: error: expected declaration specifiers or ‘...’ before ‘kd_buf’
    fs_usage.c:884: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘bufinfo’
    cc1: warnings being treated as errors
    fs_usage.c: In function ‘main’:
    fs_usage.c:1926: warning: implicit declaration of function ‘reexec_to_match_kernel’
    fs_usage.c:2069: error: ‘kd_buf’ undeclared (first use in this function)
    fs_usage.c:2069: error: (Each undeclared identifier is reported only once
    fs_usage.c:2069: error: for each function it appears in.)
    fs_usage.c: In function ‘set_pidcheck’:
    fs_usage.c:2196: error: ‘kd_regtype’ undeclared (first use in this function)
    fs_usage.c:2196: error: expected ‘;’ before ‘kr’
    fs_usage.c:2198: error: ‘kr’ undeclared (first use in this function)
    fs_usage.c:2198: error: ‘KDBG_TYPENONE’ undeclared (first use in this function)
    fs_usage.c: In function ‘set_pidexclude’:
    fs_usage.c:2223: error: ‘kd_regtype’ undeclared (first use in this function)
    fs_usage.c:2223: error: expected ‘;’ before ‘kr’
    fs_usage.c:2227: error: ‘kr’ undeclared (first use in this function)
    fs_usage.c:2227: error: ‘KDBG_TYPENONE’ undeclared (first use in this function)
    fs_usage.c: At top level:
    fs_usage.c:2245: error: expected ‘)’ before ‘*’ token
    fs_usage.c: In function ‘set_init’:
    fs_usage.c:2284: error: ‘kd_regtype’ undeclared (first use in this function)
    fs_usage.c:2284: error: expected ‘;’ before ‘kr’
    fs_usage.c:2286: error: ‘kr’ undeclared (first use in this function)
    fs_usage.c:2286: error: ‘KDBG_RANGETYPE’ undeclared (first use in this function)
    fs_usage.c: In function ‘sample_sc’:
    fs_usage.c:2315: error: ‘kd_buf’ undeclared (first use in this function)
    fs_usage.c:2315: error: ‘kd’ undeclared (first use in this function)
    fs_usage.c:2321: warning: implicit declaration of function ‘get_bufinfo’
    fs_usage.c:2321: error: ‘bufinfo’ undeclared (first use in this function)
    fs_usage.c:2354: error: ‘KDBG_WRAPPED’ undeclared (first use in this function)
    fs_usage.c:2371: error: expected expression before ‘)’ token
    fs_usage.c:2393: warning: implicit declaration of function ‘kdbg_get_timestamp’
    fs_usage.c:2587: error: incompatible type for argument 4 of ‘enter_event’
    fs_usage.c:2587: error: too many arguments to function ‘enter_event’
    fs_usage.c:2641: error: too many arguments to function ‘extend_syscall’
    fs_usage.c: At top level:
    fs_usage.c:2673: error: expected declaration specifiers or ‘...’ before ‘kd_buf’
    fs_usage.c: In function ‘enter_event_now’:
    fs_usage.c:2691: error: ‘kd’ undeclared (first use in this function)
    fs_usage.c: At top level:
    fs_usage.c:2766: error: expected declaration specifiers or ‘...’ before ‘kd_buf’
    fs_usage.c: In function ‘enter_event’:
    fs_usage.c:2771: error: ‘kd’ undeclared (first use in this function)
    fs_usage.c:2771: error: incompatible type for argument 4 of ‘enter_event_now’
    fs_usage.c:2771: error: too many arguments to function ‘enter_event_now’
    fs_usage.c:2780: error: incompatible type for argument 4 of ‘enter_event_now’
    fs_usage.c:2780: error: too many arguments to function ‘enter_event_now’
    fs_usage.c:2789: error: incompatible type for argument 4 of ‘enter_event_now’
    fs_usage.c:2789: error: too many arguments to function ‘enter_event_now’
    fs_usage.c: At top level:
    fs_usage.c:2802: error: expected declaration specifiers or ‘...’ before ‘kd_buf’
    fs_usage.c: In function ‘extend_syscall’:
    fs_usage.c:2811: error: ‘kd’ undeclared (first use in this function)
    fs_usage.c: In function ‘read_command_map’:
    fs_usage.c:3963: error: ‘kd_threadmap’ undeclared (first use in this function)
    fs_usage.c:3963: error: ‘mapptr’ undeclared (first use in this function)
    fs_usage.c:3969: error: ‘bufinfo’ undeclared (first use in this function)
    fs_usage.c:3973: error: expected expression before ‘)’ token
    fs_usage.c:4029: error: expected expression before ‘)’ token
    lipo: can't figure out the architecture type of: /private/tmp/ccnfrlev.out
    make: *** [fs_usage] Error 1
    
    uname -a:
    Code:
    Darwin macosx 11.0.0 Darwin Kernel Version 11.0.0: Sat Jun 18 12:56:35 PDT 2011; root:xnu-1699.22.73~1/RELEASE_X86_64 x86_64
    Xcode version: 4.2
    Mac OS: 10.7
     

Share This Page