Tracing which process that has opened a particular file

Question

From kernel mode in Windows I\'m able to intercept and monitor virtually all actions performed on a particular disk. When a file is opened for any purpose I get an event.

Answer 1

Sysinternals did a so good job at doing it and explaining it, that some source code of old version are still available here for instance, and the code is well documented (imho). It could be a good start as well.