From d05547d8edabde438c4bfbf92c7226e5e803c406 Mon Sep 17 00:00:00 2001 From: Positivity <150298820+ptvty@users.noreply.github.com> Date: Fri, 29 Mar 2024 21:28:19 +0300 Subject: [PATCH] Create README.md --- README.md | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100644 README.md diff --git a/README.md b/README.md new file mode 100644 index 0000000..7309889 --- /dev/null +++ b/README.md @@ -0,0 +1,29 @@ +# Windows File Read Events + +A Windows CLI utility to watch the file system for file *read* events. + +It writes to the console the file path along with the offset and IO size in bytes. + +## Usage + +To watch a specific file: + + WinFileReadEvents.exe C:\test\target.txt + +Or without any argument to watch system-wide: + + WinFileReadEvents.exe + +Press `ctrl+c` to stop watching. + +## Output format + +Outputs to the stdout any file read event including the file path, along with the offset and read size in the following format: + + >||| + +In case of an error, a line will be written to the stdout in the following format: + + x| + +This utility uses Event Tracing for Windows (ETW) via [`Microsoft.Diagnostics.Tracing.TraceEvent`](https://www.nuget.org/packages/Microsoft.Diagnostics.Tracing.TraceEvent/) package.