|
|
I don' t know if the problem was clear. I don't want to remove the ethernet-card. I will remove the cable from the Adapter. In this case windows shows a tip text message in the right bottom corner.
I thought that I can caught this windows message.
|
|
|
|
|
Check this
/*
* ndis_events - test program for receiving NdisMIndicateStatus()
* events
* Copyright (c) 2004, Jouni Malinen <jkmaline@cc.hut.fi>
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* version 2 as published by the Free Software Foundation.
*
* Alternatively, this software may be distributed under the terms
* of BSD license.
*
* See README and COPYING for more details.
*/
#define _WIN32_WINNT 0x0400
#include <windows.h>
#include <stdio.h>
#include <wbemidl.h>
#include <winsock.h>
class CNdisSink;
struct EVENT_HANDLER_MAP
{
const wchar_t* EventName;
void (CNdisSink::*Handler)(IWbemClassObject *pObj);
};
class CNdisSink : public IWbemObjectSink
{
public:
CNdisSink();
~CNdisSink();
// IUnknown members
STDMETHOD(QueryInterface)(REFIID, LPVOID *);
STDMETHOD_(ULONG, AddRef)(void);
STDMETHOD_(ULONG, Release)(void);
// IWbemObjectSink members
STDMETHOD(Indicate)(
long lObjectCount,
IWbemClassObject **ppObjArray);
STDMETHOD(SetStatus)(
long lFlags,
HRESULT hResult,
BSTR strParam,
IWbemClassObject *pObjParam);
public:
int RegisterAsyncNotification(IWbemServices *pSvc);
private:
void AdapterArrival(IWbemClassObject *pObj){}
void AdapterRemoval(IWbemClassObject *pObj){}
void ResetStart(IWbemClassObject *pObj){}
void ResetEnd(IWbemClassObject *pObj){}
void LinkSpeedChange(IWbemClassObject *pObj){}
void MediaConnect(IWbemClassObject *pObj);
void MediaDisconnect(IWbemClassObject *pObj);
void MediaSpecific(IWbemClassObject *pObj);
void ProtocolBind(IWbemClassObject *pObj){}
void ProtocolUnbind(IWbemClassObject *pObj){}
void DevicePowerOn(IWbemClassObject *pObj){}
void DevicePowerOff(IWbemClassObject *pObj){}
private:
static EVENT_HANDLER_MAP s_EventHandlerMap[];
UINT m_cRef;
};
EVENT_HANDLER_MAP CNdisSink::s_EventHandlerMap[] =
{
{ L"MSNdis_NotifyAdapterArrival", &CNdisSink::AdapterArrival },
{ L"MSNdis_NotifyAdapterRemoval", &CNdisSink::AdapterRemoval },
{ L"MSNdis_StatusResetStart", &CNdisSink::ResetStart },
{ L"MSNdis_StatusResetEnd", &CNdisSink::ResetEnd },
{ L"MSNdis_StatusLinkSpeedChange",
&CNdisSink::LinkSpeedChange },
{ L"MSNdis_StatusMediaConnect", &CNdisSink::MediaConnect },
{ L"MSNdis_StatusMediaDisconnect", &CNdisSink::MediaDisconnect },
{ L"MSNdis_StatusProtocolBind", &CNdisSink::ProtocolBind },
{ L"MSNdis_StatusProtocolUnbind", &CNdisSink::ProtocolUnbind },
{ L"MSNdis_StatusDevicePowerOn",
&CNdisSink::DevicePowerOn },
{ L"MSNdis_StatusDevicePowerOff", &CNdisSink::DevicePowerOff },
};
CNdisSink::CNdisSink()
{
m_cRef = 1;
}
CNdisSink::~CNdisSink()
{
}
STDMETHODIMP CNdisSink::QueryInterface(REFIID riid, LPVOID *ppv)
{
*ppv = 0;
if (riid == IID_IUnknown || riid == IID_IWbemObjectSink) {
*ppv = (IWbemObjectSink *) this;
AddRef();
return NOERROR;
}
return E_NOINTERFACE;
}
ULONG CNdisSink::AddRef()
{
return ++m_cRef;
}
ULONG CNdisSink::Release()
{
if (--m_cRef == 0)
{
delete this;
return 0;
}
return m_cRef;
}
void CNdisSink::MediaConnect(IWbemClassObject *pObj)
{
}
void CNdisSink::MediaDisconnect(IWbemClassObject *pObj)
{
}
void CNdisSink::MediaSpecific(IWbemClassObject *pObj)
{
VARIANT vt;
HRESULT hr;
LONG lower, upper, k;
UCHAR ch;
char *data, *pos;
size_t data_len;
printf("MSNdis_StatusMediaSpecificIndication\n");
/* This is the StatusBuffer from NdisMIndicateStatus() call */
hr = pObj->Get(L"NdisStatusMediaSpecificIndication", 0, &vt, NULL,
NULL);
if (FAILED(hr)) {
printf("Could not get NdisStatusMediaSpecificIndication from "
"the object?!\n");
return;
}
SafeArrayGetLBound(V_ARRAY(&vt), 1, &lower);
SafeArrayGetUBound(V_ARRAY(&vt), 1, &upper);
data_len = upper - lower + 1;
data = (char *) malloc(data_len);
if (data == NULL) {
printf("Failed to allocate buffer for event data\n");
VariantClear(&vt);
return;
}
printf(" Data(len=%d):", data_len);
pos = data;
for (k = lower; k <= upper; k++) {
SafeArrayGetElement(V_ARRAY(&vt), &k, &ch);
*pos++ = ch;
printf(" %02x", ch);
}
printf("\n");
VariantClear(&vt);
hr = pObj->Get(L"InstanceName", 0, &vt, NULL, NULL);
if (SUCCEEDED(hr)) {
printf(" InstanceName: '%S'\n", vt.bstrVal);
VariantClear(&vt);
}
free(data);
}
HRESULT CNdisSink::Indicate(long lObjectCount,
IWbemClassObject __RPC_FAR *__RPC_FAR *ppObjArray)
{
//printf("Notification received - %d object(s)\n", lObjectCount);
for (long i = 0; i < lObjectCount; i++)
{
IWbemClassObject *pObj = ppObjArray[i];
HRESULT hr;
VARIANT vtClass;
hr = pObj->Get(L"__CLASS", 0, &vtClass, NULL, NULL);
if (FAILED(hr)) {
printf("Failed to get __CLASS from event.\n");
break;
}
VARIANT vtInstanceName;
hr = pObj->Get(L"InstanceName",
0, &vtInstanceName, NULL, NULL);
if (FAILED(hr)) {
printf("Failed to get __CLASS from event.\n");
continue;
}
for(
size_t j = 0;
j<sizeof(s_eventhandlermap) sizeof(s_eventhandlermap[0]);
="" ++j)
="" {
="" if(wcscmp(
="" vtclass.bstrval,=""
="" s_eventhandlermap[j].eventname)
="=0)
" if(s_eventhandlermap[j].handler)
="" (this-="">*s_EventHandlerMap[j].Handler)(pObj);
break;
}
}
printf(
"%S:\t'%S'\n",
vtClass.bstrVal,
vtInstanceName.bstrVal);
VariantClear(&vtInstanceName);
VariantClear(&vtClass);
}
return WBEM_NO_ERROR;
}
HRESULT CNdisSink::SetStatus(
long lFlags,
HRESULT hResult,
BSTR strParam,
IWbemClassObject *pObjParam)
{
printf("%s\n", "SetStatus");
return WBEM_NO_ERROR;
}
int CNdisSink::RegisterAsyncNotification(IWbemServices *pSvc)
{
wchar_t Sql[128];
for(
size_t i=0;
i<sizeof(s_eventhandlermap) sizeof(s_eventhandlermap[0]);
="" ++i)
="" {
="" wcsncpy(sql,="" l"select="" *="" from="" ",="" 128);
="" wcsncat(sql,="" s_eventhandlermap[i].eventname,="" if="" (psvc-="">ExecNotificationQueryAsync(
L"WQL",
Sql,
0, 0, this) != 0)
return -1;
}
return 0;
}
int main(int argc, char *argv[])
{
HRESULT hr;
hr = CoInitializeEx(0, COINIT_MULTITHREADED);
if (FAILED(hr)) {
printf("CoInitializeEx() failed - returned 0x%x", hr);
return -1;
}
hr = CoInitializeSecurity(NULL, -1, NULL, NULL,
RPC_C_AUTHN_LEVEL_PKT_PRIVACY,
RPC_C_IMP_LEVEL_IMPERSONATE,
NULL, EOAC_SECURE_REFS, NULL);
if (FAILED(hr)) {
printf("CoInitializeSecurity() failed - returned 0x%x", hr);
return -1;
}
IWbemLocator *pLoc = NULL;
hr = CoCreateInstance(
CLSID_WbemLocator,
0,
CLSCTX_INPROC_SERVER,
IID_IWbemLocator,
(LPVOID *) &pLoc);
if (FAILED(hr)) {
printf("CoCreateInstance() failed - returned 0x%x\n", hr);
CoUninitialize();
return -1;
}
IWbemServices *pSvc = 0;
hr = pLoc->ConnectServer(
L"ROOT\\WMI", NULL, NULL, 0, 0, 0, 0, &pSvc);
if (hr) {
printf("Could not connect to server - error 0x%x\n", hr);
CoUninitialize();
return -1;
}
printf("Connected to ROOT\\WMI.\n");
CNdisSink *pSink = new CNdisSink;
if (pSink == NULL) {
printf("Could not allocate sink for events.\n");
CoUninitialize();
return -1;
}
if (pSink->RegisterAsyncNotification(pSvc) < 0) {
printf("Failed to register async notifications\n");
CoUninitialize();
return -1;
}
/* Just wait.. sink will be called with events.. */
while (getchar() != '\n');
pSvc->CancelAsyncCall(pSink);
pSink->Release();
pSvc->Release();
pLoc->Release();
CoUninitialize();
return 0;
}
|
|
|
|
|
Thank you,
I will try it.
|
|
|
|
|
how do i copy a dialog box from one project to another?
|
|
|
|
|
Add 1st project to the second projects solution. Now from the resource view -> Drag and drop the required *Dialog* between the projects. Remember to hold the "Ctrl" while dragging.
suhredayan There is no spoon.
|
|
|
|
|
I assume you have a class connected to the dialog. I also assume that it is an MFC project. I also assume it is VC6.
Right-click on the dialog class. A menu appears. Click "Add to Gallery".
Then in the other project, go to Project->Add To Project->Components and Controls. Then open the folder for your old application in there. It should have a file called: xxxx.ogx.
Add it to your project. It adds the class, as well as the dialog resource.
this is this.
|
|
|
|
|
|
Thanx ...
This new thing i leran today!
|
|
|
|
|
I have project wich is dependant on another project. I've set this in the Project>Dependancies. Project P2 is dependant on project P1. P1 contains Release and Debug configurations (builds P1.lib).
P2 contains Debug, release, Release 2 and release 3 configurations.
Where to specify that for example P2/release3 is dependant on P1/Release ?
For Release 2 this is working good, but for release 3 it's trying to build and link it with debug version of P1 althought I've used release 2 as original when I was creating release 3. I didn't change anything after creating release 3!
Any ideas ? Thank you !
rrrado
|
|
|
|
|
Hello,
I'm having a bit of a problem using the same menu for my mainframe and childframe.
Basically I don't need the menu that comes with the childframe.
In my mainframe menu, I'm dynamically building one menu entry, and I don't want to do this processing for every child window I open, that's why I want to use the mainframe menu for the childmenu.
Is there a way to prevent loading of the childframe menu?
I tried to load the mainframe menu in the OnCreate Handler of my childframe, but that doesn't seem to work:
<br />
int CChildFrame::OnCreate(LPCREATESTRUCT lpCreateStruct) <br />
{<br />
if (CMDIChildWnd::OnCreate(lpCreateStruct) == -1)<br />
return -1;<br />
<br />
CMDIFrameWnd* frame=(CMDIFrameWnd*)AfxGetMainWnd();<br />
CMainFrame* mfrm;<br />
<br />
mfrm=(CMainFrame*)frame;<br />
<br />
CMenu NewMenu; <br />
NewMenu.m_hMenu=mfrm->m_hMenuDefault;<br />
ASSERT(NewMenu);<br />
SetMenu(NULL);<br />
::DestroyMenu(m_hMenuDefault); <br />
SetMenu(&NewMenu);<br />
m_hMenuDefault = NewMenu;<br />
<br />
return 0;<br />
}<br />
|
|
|
|
|
Just do what I do - remove the second menu from the project entirely. When MFC tries to swap menus, it
fails, and gives up with a TRACE complaint. But my first menu is untouched. You just have to make sure
it has all the menu options you'll want on it, as you won't be swapping depending on situation.
Iain.
|
|
|
|
|
Cool, works great
Thanks Iain!
Wim
|
|
|
|
|
Hi all,
Just wondering if anyone can point me in the general direction of some resoures relating to developing software for Windows Server 2000/2003. I'm developing a back-end processing application that I'd like to run on Windows Server. Basically, all it does is connect via ODBC to a database, do some statistical analysis, and then append a couple of tables. It needs to do be running constantly to be effective.
Obviously it's going to be a little different that the Windows front-ends I've been developing thus far. It's for the banking industry, so has to be fairly compliant with standards and fairly robust too. I guess running the app as a console app, or as a windows service, would be the way to go... anyone got any ideas?
Cheers,
Ritcho
|
|
|
|
|
I've written a program that detects the presence of a keylogger on a process ... If I detect one - I wish to scan the process and find the location of the dll who's being using as a logger ..
So far I've detected a logger - and have the list of dll's which are loaded in the process memory .. but how can I know which one is the hook dll ??
I haven't got a clue so far and whereever I look I find myself emtyhanded - can any1 please help me ??
michaelnoam@hotmail.com
Michael Noam
|
|
|
|
|
Check for the following string in each of the dll's : "SetWindowsHook"
You can open the dll's in notepad.exe .. most of the compiled code will be garbled .. however imported function names are always in text form.
|
|
|
|
|
thank you for your quick answer -- however ....
The string "setwindowshook"/"setwindowshookex" isn't nessecarely in the dll !!
the function might have been called from an exe file (for a global hook!) and the only function in the dll is the callback function !!
But thank you nevertheless .. I'll try thinking of a function which has to be in the dll ... (b.t.w. the callback function name is up to the programmer - therefor it's of no help!)
|
|
|
|
|
Correct... my mistake.
But the dll must call "CallNextHookEx" ..inside the callback function( whatever the programmer decides to name it). So you can search for this string instead.
|
|
|
|
|
What if they use a WndProc that doesn't directly call "CallNextHookEx"? They could pass the arguments back to the EXE file and call it from there. Also, a hook does not even need the DLL file to hook the keyboard. I've writen a hook that is completely contained in an EXE. The way it's done is to use WriteProcessMemory() to copy the WndProc function as well as a control function into the target process. (SAS Window class in my case) Then call CreateRemoteThread() to the control thread to start the hook. The control thread then hooks the keyboard through the WndProc() function. Completely contained in an EXE.
|
|
|
|
|
Your original poser was about about locating the correct hooking DLL.
I assume you inject SAS to hide taskmanager/ capture change passwords sequence/ capture ALT-CTRL-DEL. If so, then the method you use (quite tricky to code correctly) seems ok.
To capture system-wide keybd input for all threads/windows(except SAS input) one can also do without DLLs in far simpler fashion..
check this http://neworder.box.sk/newsread.php?newsid=10952
|
|
|
|
|
munawar1968 wrote:
Your original poser was about about locating the correct hooking DLL.
I assume you inject SAS to hide taskmanager/ capture change passwords sequence/ capture ALT-CTRL-DEL. If so, then the method you use (quite tricky to code correctly) seems ok.
To capture system-wide keybd input for all threads/windows(except SAS input) one can also do without DLLs in far simpler fashion..
check this http://neworder.box.sk/newsread.php?newsid=10952
I use it to capture CTRL+ALT+DEL. It works well. I've also done basically the same thing as you linked to. I use that to create hotkeys on my keyboard and mouse. It works really well.
As for the OP, I don't know if there's a way to catch a keylogger since it's possible to completely contain it in an exe file. One thing you could try is to append a hook function on the end of the callback chain. In it you could peek at the stack and see if there are any hooks that aren't normally there in a clean windows installation. If you find one, you might be able to use the address on the stack to find out the thread that hooked the keyboard. note: the preceeding may or may not actually be possible to do. I haven't tried it and I'm no expert on hooks.
|
|
|
|
|
When I'm trying to get the Domain Name, I make use of the following functions. However, in the domain field, it is NULL.
nStatus = NetServerEnum(NULL,dwLevel,<br />
(LPBYTE *) &pBuf,<br />
dwPrefMaxLen,<br />
&dwEntriesRead,<br />
&dwTotalEntries,<br />
dwServerType,<br />
NULL,<br />
&dwResumeHandle);
I do not want to make my whole program complicated. I only want to add a single function to extract the domain name. Please help.
~~~~ Landy
|
|
|
|
|
Are you trying to enumerate all the Domain Controllers in your network ? In that case wot is the value of the "dwServerType".
Or is that you just want to know the current user's Domain Name ?
suhredayan There is no spoon.
|
|
|
|
|
I just want to obtain the current user's domain name.
|
|
|
|
|
|