|
Stuart Dootson wrote: 3) Use WMI, as shown in this message[^]. The sample code is VBScript (and would need to be rewritten as below), but it works well enough.
Does this required WMI service running in the machine.
If it is turned off , will i able to catch this event "__InstanceCreationEvent"
Thanks
|
|
|
|
|
WindowsPistha wrote: Does this required WMI service running in the machine.
Yes, if you want your application to be capable of monitoring process creation/termination and also not rely on any Microsoft services then you will need to implement your own device driver. Typically anti-virus and other types of security products are using PsSetCreateProcessNotifyRoutine[^] to be notified of process creation and termination. An example of its usage is available here on codeproject:
Detecting Windows NT/2K process execution[^]
Best Wishes,
-David Delaune
|
|
|
|
|
Hello,
I am also looking for a similar solution. My Questions are:
1) The solution requires DDK to be installed. Where can I download DDK from ?
2) Will this solution work on Vista ?
Thanks.
|
|
|
|
|
Hello there.
Identity Undisclosed wrote: 1) The solution requires DDK to be installed. Where can I download DDK from ?
The marketing people over at Microsoft change the name of their products every few years which really drives me crazy. The Microsoft DDK is now called WDK (Windows Driver Kit[^]) and the Download Kits and Tools[^] page will eventually bring you to the direct download link.
Identity Undisclosed wrote: 2) Will this solution work on Vista ?
Yes the PsSetCreateProcessNotifyRoutine [^] callback is avilable for Windows Vista and the driver will function correctly. However, Vista is very strict about loading unsigned drivers. You will need to sign the driver in order for Vista to load it. Below are some methods to get around the issue during the development phase:
Installing an Unsigned Driver during Development and Test[^]
TESTSIGNING Boot Configuration Option[^]
Best Wishes,
-David Delaune
|
|
|
|
|
I don't know if this is possible, but I'd explore the possibility of getting a list of running exes. Duplicate their handle. Wait on that handle.
Anyone who thinks he has a better idea of what's good for people than people do is a swine.
- P.J. O'Rourke
|
|
|
|
|
Hello,
This is the solution I found from another source:
=======================================================
Apart from WMI, a nice and elegant way to do that is to place a small DLL "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs"
(see also http://support.microsoft.com/kb/197571 - "Working with the AppInit_DLLs registry value")
DLLs listed in AppInit_DLLs will be loaded into every newly created process and will allow you to perform any notification via the DLL's 'DllMain().
Let me know, if you need help with source code.
|
|
|
|
|
Just wanted to add some comments for your consideration. The AppInit_DLLs entry will not have any effect on applications which are not linked with user32.dll. Generally this isn't much of an issue because 99% of all usermode applications are linked against user32. However if your developing a security product then this might not be acceptable.
Also you need to be aware that the future of AppInit DLLs is uncertain and is changing. Just like loading device drivers, future AppInit DLLs will have a code signature requirement. Microsoft has outlined this new behavior here:
AppInit DLLs in Windows 7 and Windows Server 2008 R2[^]
Best Wishes,
-David Delaune
|
|
|
|
|
Does the TRACE macro work with Unicode string as well?
There is sufficient light for those who desire to see, and there is sufficient darkness for those of a contrary disposition.
Blaise Pascal
|
|
|
|
|
sashoalm wrote: Does the TRACE macro work with Unicode
I'd be shocked if it doesn't.
TRACE(L"Hello, world");
It is a crappy thing, but it's life -^ Carlo Pallini
|
|
|
|
|
Try it and found out.
|
|
|
|
|
How to use graphics in cpp.........
when i try to intialise graphics system generates an error graphic driver not detected (something like that)
help me pleaseeeeeeeeee
|
|
|
|
|
What Graphics? If you are writing applications in C++/MFC, you may start at Windows GDI Start Page (Windows)[^]
CodeProject also has a Graphics[^] section and a GDI[^] section.
Markandaiya Harsh wrote: an error graphic driver not detected (something like that)
Something like that? See point #2 and #4 in How to get an answer to your question[^]
Markandaiya Harsh wrote: pleaseeeeeeeeee
Nooooooooooooo
It is a crappy thing, but it's life -^ Carlo Pallini
|
|
|
|
|
Hi..Sakthi here..
First i would like to thank all Expert's for your good response..
Here i have given the question with one Ex:
My question is th check whether the entered input text is meaningful or not...For this we need to compare the given input in english dictionary,if we have found then we can accept it ..We are checking in terms of spelling ..
Class -------- > Text ( Selected )
Klass --------- > Spelling mistake ( Rejected )
------------------------------------------------------------
Like that we need to implement the english dictionary in visual c++..
Waiting for good response
Thanks in advane ..
|
|
|
|
|
You were given an answer here[^], so stop re-posting the same thing.
It is a crappy thing, but it's life -^ Carlo Pallini
|
|
|
|
|
Hi all,
i m using CFile function to create a file, i want to create a text file that is have full permission control to user.
please tell me how can i do this.
thanks in advance.
To accomplish great things, we must not only act, but also dream;
not only plan, but also believe.
|
|
|
|
|
1) You can try exploring the flags of CFile ctor.
2) And if not satiated with what you are trying to achieve, then try using CreateFile, modify its security attributes and pass its handle to CFile ctor.
|
|
|
|
|
Which flag is useful for this.
if possible please can u explain me with example.
thanks in advance.
To accomplish great things, we must not only act, but also dream;
not only plan, but also believe.
|
|
|
|
|
HANDLE WINAPI CreateFile(
__in LPCTSTR lpFileName,
__in DWORD dwDesiredAccess,
__in DWORD dwShareMode,
__in_opt LPSECURITY_ATTRIBUTES lpSecurityAttributes,
__in DWORD dwCreationDisposition,
__in DWORD dwFlagsAndAttributes,
__in_opt HANDLE hTemplateFile
);
dwDesiredAccess [in]
The requested access to the file or device, which can be summarized as read, write, both or neither (zero).
The most commonly used values are GENERIC_READ, GENERIC_WRITE, or both (GENERIC_READ | GENERIC_WRITE). For more information, see Generic Access Rights and File Security and Access Rights.
If this parameter is zero, the application can query certain metadata such as file, directory, or device attributes without accessing that file or device, even if GENERIC_READ access would have been denied.
You cannot request an access mode that conflicts with the sharing mode that is specified by the dwShareMode parameter in an open request that already has an open handle.
For more information, see the Remarks section of this topic and Creating and Opening Files.
There is sufficient light for those who desire to see, and there is sufficient darkness for those of a contrary disposition.
Blaise Pascal
|
|
|
|
|
"_$h@nky_" wrote: i m using CFile function to create a file, i want to create a text file that is have full permission control to user.
What is this supposed to mean?
It is a crappy thing, but it's life -^ Carlo Pallini
|
|
|
|
|
I want,if i create any text file from admin account,and want to access this file from user or guest account than this file cannot editable by user or guest.
i want to make it editable by all users and guest.
so please tell me how can i create file with full access ,so all user an edit it.
thanks in advance.
To accomplish great things, we must not only act, but also dream;
not only plan, but also believe.
|
|
|
|
|
I have a dialog with with a list box and a Add button. When any item in the list box is selected then the Add button has to be enabled. I have a requirement where I would select the item in list box by pressing the Shift+Tab combination. (Shift+Tab combination would move the focus from control to control) How to know that Shift+Tab combination has occured.
|
|
|
|
|
|
|
If the list box loses focus, you might disable the "Add" button and if the list box gains focus, you can enable the button. That sounds viable? This way you do not have to know if shift+tab was pressed or not.
It is a crappy thing, but it's life -^ Carlo Pallini
|
|
|
|
|
Hi,
I have a Visual Studio 2008 MFC doc/view application. I have choosed a docking pane type. The dock is a tree control like Windows explorer. When I click an item on the tree, I want to change the form in the view area.
For that I have to acces the document to get a member function. The code is working but I get memory leak.
Perhaps I don't take the good way.
Any suggestions ?
Claude
Here's my code:
void CViewTree::OnTvnSelchanged(NMHDR *pNMHDR, LRESULT *pResult)
{
LPNMTREEVIEW pNMTreeView = reinterpret_cast<LPNMTREEVIEW>(pNMHDR);
// TODO : ajoutez ici le code de votre gestionnaire de notification de contrôle
*pResult = 0;
CString strItem;
HTREEITEM hItem = GetSelectedItem();
strItem = GetItemText(hItem);
// Pointeurs vers le document
CFrameWnd *pFrameWnd = (CFrameWnd*)AfxGetApp()->m_pMainWnd;
CCDSView* pView;
pView = (CCDSView*)pFrameWnd->GetActiveView(); //
// Detected memory leaks!
//Dumping objects ->
//{1272} normal block at 0x03E2C478, 530 bytes long.
// Data: < 6 > 14 36 19 01 0F 00 00 00 00 01 00 00 01 00 00 00
//{1190} normal block at 0x03E28F20, 530 bytes long.
// Data: < 6 ( > 14 36 19 01 28 00 00 00 00 01 00 00 01 00 00 00
//Object dump complete.
CCDSDoc* pDoc = pView->GetDocument();
pDoc->ToDoc(strItem);
}
|
|
|
|