|
Hello ,
My application needs to monitor all other running applications on the system. Is there some way I could get notified on exit of every application exe?
The methods I could find:
1) Use PSAPI functions to get the list of running exes at frequent intervals. At each poll compare with the previous list to find which application/process has exited.
Disadvantage: Requires constant polling, will take CPU time.
2) Set a global hook for WM_CLOSE message: Using this I would be able to get a notification when any application gets closed through the close button on the title bar
Disadvantage:
(-) Not all the applications are generating a WM_CLOSE message (Ex: Total Video Player Exe)
(-) If the application was closed through the "Exit" menu or button (e.g. File->Exit) , I can't trap that message
Is there any other better way that I missed? Please advise.
|
|
|
|
|
WindowsPistha wrote: Not all the applications are generating a WM_CLOSE message (Ex: Total Video Player Exe)
(-) If the application was closed through the "Exit" menu or button (e.g. File->Exit) , I can't trap that message
Why don't you capture WM_QUIT instead? This is the only message that finally halts the Message Loop.
But, you won't be able to track abnormal termination of an application with this.
|
|
|
|
|
Taran9 wrote: Why don't you capture WM_QUIT instead? This is the only message that finally halts the Message Loop.
But, you won't be able to track abnormal termination of an application with this.
But our application needs to handle that case too.
|
|
|
|
|
You will need to hook APIs like TerminateProcess in addition to installing a message hook.
«_Superman_»
I love work. It gives me something to do between weekends.
|
|
|
|
|
Just out of curiousity, what kind of an application are you writing?
It is a crappy thing, but it's life -^ Carlo Pallini
|
|
|
|
|
3) Use WMI, as shown in this message[^]. The sample code is VBScript (and would need to be rewritten as below), but it works well enough.
' Get a reference to the WMI service
Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\cimv2")
' Open a WMI query for __instancedeletionevents where the target instance is a Win32_Process
Set colMonitoredProcesses = objWMIService. _
ExecNotificationQuery("select * from __instancedeletionevent " & _
"within 1 where TargetInstance isa 'Win32_Process'")
' This call will complete the next time a process is deleted.
colMonitoredProcesses.NextEvent
Java, Basic, who cares - it's all a bunch of tree-hugging hippy cr*p
|
|
|
|
|
Stuart Dootson wrote: 3) Use WMI, as shown in this message[^]. The sample code is VBScript (and would need to be rewritten as below), but it works well enough.
Does this required WMI service running in the machine.
If it is turned off , will i able to catch this event "__InstanceCreationEvent"
Thanks
|
|
|
|
|
WindowsPistha wrote: Does this required WMI service running in the machine.
Yes, if you want your application to be capable of monitoring process creation/termination and also not rely on any Microsoft services then you will need to implement your own device driver. Typically anti-virus and other types of security products are using PsSetCreateProcessNotifyRoutine[^] to be notified of process creation and termination. An example of its usage is available here on codeproject:
Detecting Windows NT/2K process execution[^]
Best Wishes,
-David Delaune
|
|
|
|
|
Hello,
I am also looking for a similar solution. My Questions are:
1) The solution requires DDK to be installed. Where can I download DDK from ?
2) Will this solution work on Vista ?
Thanks.
|
|
|
|
|
Hello there.
Identity Undisclosed wrote: 1) The solution requires DDK to be installed. Where can I download DDK from ?
The marketing people over at Microsoft change the name of their products every few years which really drives me crazy. The Microsoft DDK is now called WDK (Windows Driver Kit[^]) and the Download Kits and Tools[^] page will eventually bring you to the direct download link.
Identity Undisclosed wrote: 2) Will this solution work on Vista ?
Yes the PsSetCreateProcessNotifyRoutine [^] callback is avilable for Windows Vista and the driver will function correctly. However, Vista is very strict about loading unsigned drivers. You will need to sign the driver in order for Vista to load it. Below are some methods to get around the issue during the development phase:
Installing an Unsigned Driver during Development and Test[^]
TESTSIGNING Boot Configuration Option[^]
Best Wishes,
-David Delaune
|
|
|
|
|
I don't know if this is possible, but I'd explore the possibility of getting a list of running exes. Duplicate their handle. Wait on that handle.
Anyone who thinks he has a better idea of what's good for people than people do is a swine.
- P.J. O'Rourke
|
|
|
|
|
Hello,
This is the solution I found from another source:
=======================================================
Apart from WMI, a nice and elegant way to do that is to place a small DLL "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs"
(see also http://support.microsoft.com/kb/197571 - "Working with the AppInit_DLLs registry value")
DLLs listed in AppInit_DLLs will be loaded into every newly created process and will allow you to perform any notification via the DLL's 'DllMain().
Let me know, if you need help with source code.
|
|
|
|
|
Just wanted to add some comments for your consideration. The AppInit_DLLs entry will not have any effect on applications which are not linked with user32.dll. Generally this isn't much of an issue because 99% of all usermode applications are linked against user32. However if your developing a security product then this might not be acceptable.
Also you need to be aware that the future of AppInit DLLs is uncertain and is changing. Just like loading device drivers, future AppInit DLLs will have a code signature requirement. Microsoft has outlined this new behavior here:
AppInit DLLs in Windows 7 and Windows Server 2008 R2[^]
Best Wishes,
-David Delaune
|
|
|
|
|
Does the TRACE macro work with Unicode string as well?
There is sufficient light for those who desire to see, and there is sufficient darkness for those of a contrary disposition.
Blaise Pascal
|
|
|
|
|
sashoalm wrote: Does the TRACE macro work with Unicode
I'd be shocked if it doesn't.
TRACE(L"Hello, world");
It is a crappy thing, but it's life -^ Carlo Pallini
|
|
|
|
|
Try it and found out.
|
|
|
|
|
How to use graphics in cpp.........
when i try to intialise graphics system generates an error graphic driver not detected (something like that)
help me pleaseeeeeeeeee
|
|
|
|
|
What Graphics? If you are writing applications in C++/MFC, you may start at Windows GDI Start Page (Windows)[^]
CodeProject also has a Graphics[^] section and a GDI[^] section.
Markandaiya Harsh wrote: an error graphic driver not detected (something like that)
Something like that? See point #2 and #4 in How to get an answer to your question[^]
Markandaiya Harsh wrote: pleaseeeeeeeeee
Nooooooooooooo
It is a crappy thing, but it's life -^ Carlo Pallini
|
|
|
|
|
Hi..Sakthi here..
First i would like to thank all Expert's for your good response..
Here i have given the question with one Ex:
My question is th check whether the entered input text is meaningful or not...For this we need to compare the given input in english dictionary,if we have found then we can accept it ..We are checking in terms of spelling ..
Class -------- > Text ( Selected )
Klass --------- > Spelling mistake ( Rejected )
------------------------------------------------------------
Like that we need to implement the english dictionary in visual c++..
Waiting for good response
Thanks in advane ..
|
|
|
|
|
You were given an answer here[^], so stop re-posting the same thing.
It is a crappy thing, but it's life -^ Carlo Pallini
|
|
|
|
|
Hi all,
i m using CFile function to create a file, i want to create a text file that is have full permission control to user.
please tell me how can i do this.
thanks in advance.
To accomplish great things, we must not only act, but also dream;
not only plan, but also believe.
|
|
|
|
|
1) You can try exploring the flags of CFile ctor.
2) And if not satiated with what you are trying to achieve, then try using CreateFile, modify its security attributes and pass its handle to CFile ctor.
|
|
|
|
|
Which flag is useful for this.
if possible please can u explain me with example.
thanks in advance.
To accomplish great things, we must not only act, but also dream;
not only plan, but also believe.
|
|
|
|
|
HANDLE WINAPI CreateFile(
__in LPCTSTR lpFileName,
__in DWORD dwDesiredAccess,
__in DWORD dwShareMode,
__in_opt LPSECURITY_ATTRIBUTES lpSecurityAttributes,
__in DWORD dwCreationDisposition,
__in DWORD dwFlagsAndAttributes,
__in_opt HANDLE hTemplateFile
);
dwDesiredAccess [in]
The requested access to the file or device, which can be summarized as read, write, both or neither (zero).
The most commonly used values are GENERIC_READ, GENERIC_WRITE, or both (GENERIC_READ | GENERIC_WRITE). For more information, see Generic Access Rights and File Security and Access Rights.
If this parameter is zero, the application can query certain metadata such as file, directory, or device attributes without accessing that file or device, even if GENERIC_READ access would have been denied.
You cannot request an access mode that conflicts with the sharing mode that is specified by the dwShareMode parameter in an open request that already has an open handle.
For more information, see the Remarks section of this topic and Creating and Opening Files.
There is sufficient light for those who desire to see, and there is sufficient darkness for those of a contrary disposition.
Blaise Pascal
|
|
|
|
|
"_$h@nky_" wrote: i m using CFile function to create a file, i want to create a text file that is have full permission control to user.
What is this supposed to mean?
It is a crappy thing, but it's life -^ Carlo Pallini
|
|
|
|