Semen, is the only real solution then to use a file monitoring driver ? such as www.sysinternals.com FileMon
(nobody here seems to have done the PB <-> driver thang before though?) which would require one driver for 95/98, and one for NT/2K i suppose..
------------------
-
ShellExecute(Ex), which is used by explorer:
1) At first, search execute module
2) Then starts it, using CreateProcess.
iShellExecuteHook receives information about study 1, not about study 2.
For some purposes it's good, for some - not, because really it doesn't control creating of processes.
iShellHook is not able to detect, when one program starts another by Shell "...".
Unlike iShellExecuteHook, global hooks are directly linked with processes.
But if to speak about console apps ...
Yes, it's well known - global hooks doesn't work for them.
Alone solution, which I know, to detect console app is to enumerate processes (for example, by timer).
------------------
E-MAIL: [email protected]Leave a comment:
-
One curiousity I noticed with your demo compared to ShellExecuteHook, is that when you go Start | Run | c:\test.vbs, instead of saying "c:\test.vbs is doing its stuff", it says "c:\winnt\system32\msscript.exe is doing its stuff"
Also, if you start the programs from the Command Prompt, they dont seem to get recognised either
the ShellExecuteHook demo is different in that it will say "c:\test.vbs has been started, allow it to run?"
however both fail when it comes to detecting programs started in Command Prompt
any ideas? ShellExecuteHook is the closest non-driver solution im aware of , but youre right in that it is more of a callback from explorer.exe than anything else
------------------
Leave a comment:
-
wayne --
there are different global hooks. but all works so.
when (new or old) process is activated, windows inserts a dll with global hook.
i used this feature to detect any process.
if you want to detect new processes only, first of all it's necessary to retrieve a list of currently running.
it's not very difficult, but a lot of code - see http://www.powerbasic.com/support/pb...ead.php?t=2521
------------------
e-mail: [email protected]Leave a comment:
-
Outstanding, a thousand thankyous Semen!
[This message has been edited by Wayne Diamond (edited October 27, 2000).]Leave a comment:
-
Wayne --
Yes, it's more than simple.
For example, in previous variant of DLL replace %DLL_PROCESS_ATTACH processing
Be careful and don't kill explorer.exeCode:Case %DLL_PROCESS_ATTACH Local TmpAsciiz As Asciiz * %MAX_PATH hInstDLL = hInstance Local hDlg As Long GetModuleFileName(GetModuleHandle(ByVal %Null), TmpAsciiz, SizeOf(TmpAsciiz) If MessageBox (0, TmpAsciiz, "To Kill ?", %MB_YESNO) = 7 Then LibMain = 1 Else _ FreeLibraryAndExitThread hInstDLL, 0&
[This message has been edited by Semen Matusovski (edited October 27, 2000).]Leave a comment:
-
Many thanks for that Semen, id never seen an implementation like that (works perfectly on my NT4 box) - can it be modified so that the file execution can be blocked?
------------------
[This message has been edited by Wayne Diamond (edited October 27, 2000).]Leave a comment:
-
iShellExecute is too specific "hook".
It's not even a hook in classic understanding (mostly "callback" for ShellExecute).
Well, I modified CBT hook (tested under 2000 only, but, hope, worsk everywhere).
When app is activated first time it's sends a message (see textbox).
Dll
ExeCode:#Compile Dll "Hook.Dll" #Register None #Dim All #Include "Win32Api.Inc" $WndNm = "Any unique name" %NotifyId = %WM_USER + 401 Global hHook As Long, hInstDLL As Long Function LibMain(ByVal hInstance As Long, ByVal fwdReason As Long, _ ByVal lpvReserved As Long) Export As Long Select Case fwdReason Case %DLL_PROCESS_ATTACH: hInstDLL = hInstance: LibMain = 1 Case %DLL_PROCESS_DETACH: LibMain = 1 End Select End Function Function HookProc(ByVal nCode As Long, ByVal wParam As Long, ByVal lParam As Long) Export As Long Static hDlg As Long, NotFirstTime As Long Function = CallNextHookEx(ByVal hHook, ByVal nCode, ByVal wParam, ByVal lParam) If (nCode = %HCBT_ACTIVATE) And IsFalse (NotFirstTime) Then NotFirstTime = %True hDlg = FindWindow("", $WndNm) If IsTrue(hDlg) And hdlg <> wParam Then _ PostMessage hDlg, %NotifyId, GetCurrentProcessId, 0 End If End Function Function SetHookWindow Alias "SetHookWindow" (hWnd As Long) Export As Long hHook = SetWindowsHookEx (%WH_CBT, CodePtr(HookProc), ByVal hInstDLL, ByVal 0) End Function Function UnHookWindow Alias "UnHookWindow" Export As Long UnhookWindowsHookEx hHook End Function
------------------Code:#Compile Exe #Dim All #Register None #Include "Win32Api.Inc" $WndNm = "Any unique name" %NotifyId = %WM_USER + 401 Declare Function SetHookWindow Lib "Hook.Dll" Alias "SetHookWindow" (hWnd As Long) As Long Declare Function UnHookWindow Lib "Hook.Dll" Alias "UnHookWindow" As Long CallBack Function DlgProc Select Case CbMsg Case %WM_INITDIALOG: SetHookWindow CbHndl Case %WM_DESTROY : UnHookWindow Case %NotifyId : Control Set Text CbHndl, 101, "ProcessId = &H" + Hex$(CbWparam) End Select End Function Function PbMain() Local hDlg As Long Dialog New 0, $WndNm, 0, 0, 200, 14, %WS_CAPTION Or %WS_SYSMENU, %WS_EX_TOPMOST To hDlg Control Add TextBox, hDlg, 101, "", 0, 0, 200, 14 Dialog Show Modal hDlg Call DlgProc End Function
E-MAIL: [email protected]Leave a comment:
-
It works in VB, and works quite well, although VB really isnt too good for this because the DLL requires all the VB bloat on top
- and its only a tiny DLL that does the hook, so it's bigtime resource overkill, and remembering that this load is for every single execution on your system, so it can in some cases slow file execution down ...
a PB implementation wouldn't have any of those problems. The only issue is the Type Library...
best of luck!
------------------
Leave a comment:
-
Guest repliedWayne,
Thanks for the link. Haven't tried it yet, but I'll play around with it later. From a quick glance of the code it'll hook ShellExecute calls, which is what MS says you should use to start processes, but I'm guessing that too many processes are started using CreateProcess. But it's a start.
If it works in VB, that's fine
.
Thanks,
Jason
------------------
Leave a comment:
-
Jason,
Try http://www.domaindlx.com/e_morcillo/...cod/shlext.asp
It's VB only sorry, but there is a demo there called ShellExecuteHook, which uses an activex dll as the hook. With your dll properly installed in the correct way, correct registry keys in place etc, youre ready. When you start a program, the operating system will ask your DLL if it can contine processing the file... you respond with 1 - yes continue with the file (allow it to execute), or 0 - block the execution of the file.
Sorry that it's only in VB, but it seems to do what you're after
Ive used the ShellExecutehook myself, but I would LOVE to see it converted to PB! As it uses a Type Library, im not sure if its possible or not
Best of luck,
Wayne
------------------
Leave a comment:
-
jason --
probably a global hook will satisfy you.
look "source code": i posted some variants. http://www.powerbasic.com/support/pb...ad.php?t=22658
for example, cbt (last).
------------------
e-mail: [email protected]Leave a comment:
-
Guest repliedSemen,
I don't see how CreateProcess notifies you when a process is started up. I'm not looking for a way to start up a process myself. I'm looking for a way to:
1) Start up my process (call it p1).
2) Have p1 call some Win32 function and pass it a function pointer.
3) Whenever a process is started up (like Word or Notepad) that p1 did not start up, the callback function would be fired (I'm assuming it would pass a PID or process handle, maybe?).
CreateProcess doesn't do this, according to the SDK; it only starts up the app you specify in lpApplicationName. Or maybe it does, and I don't see it. Could you post some code showing how you would do this?
Thanks,
Jason
------------------
Leave a comment:
-
Start an app using CreateProcess and do not close a handle. You will receive all.
------------------
E-MAIL: [email protected]Leave a comment:
-
Process Creation Notification
Is there any way to receive some kind of notification call from the OS when a process is created? I know that I can call EnumProcesses in PSAPI, but I'd rather not use a polling technique if I can get a notification via a callback function. Any suggestions?
Thanks,
Jason Bock
------------------
Leave a comment: