Hi All, Is it possible to write some sort of kernel mode app that hooks on to all file system calls / IO calls and logs all of these ? I took a look at the File Alteration Monitor (FAM) but that doesn't achieve this completely. It doesn't log file reads. I am basically trying to write a utility that will log every file that is accessed (read / write) in a particular directory in the system. What would be the best way to go about doing this? Is a kernel hook the only way? Is there anything that has already been done along these lines (quite sure it has)? Any help on this will be greatly appreciated. Thanks Krishna Monian __________________________________ Do you Yahoo!? Yahoo! Mail - Helps protect you from nasty viruses. http://promotions.yahoo.com/new_mail _______________________________________________ darwin-kernel mailing list | darwin-kernel@lists.apple.com Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/darwin-kernel Do not post admin requests to the list. They will be ignored.