|
Hi all,
Just wondering if anyone can point me in the general direction of some resoures relating to developing software for Windows Server 2000/2003. I'm developing a back-end processing application that I'd like to run on Windows Server. Basically, all it does is connect via ODBC to a database, do some statistical analysis, and then append a couple of tables. It needs to do be running constantly to be effective.
Obviously it's going to be a little different that the Windows front-ends I've been developing thus far. It's for the banking industry, so has to be fairly compliant with standards and fairly robust too. I guess running the app as a console app, or as a windows service, would be the way to go... anyone got any ideas?
Cheers,
Ritcho
|
|
|
|
|
I've written a program that detects the presence of a keylogger on a process ... If I detect one - I wish to scan the process and find the location of the dll who's being using as a logger ..
So far I've detected a logger - and have the list of dll's which are loaded in the process memory .. but how can I know which one is the hook dll ??
I haven't got a clue so far and whereever I look I find myself emtyhanded - can any1 please help me ??
michaelnoam@hotmail.com
Michael Noam
|
|
|
|
|
Check for the following string in each of the dll's : "SetWindowsHook"
You can open the dll's in notepad.exe .. most of the compiled code will be garbled .. however imported function names are always in text form.
|
|
|
|
|
thank you for your quick answer -- however ....
The string "setwindowshook"/"setwindowshookex" isn't nessecarely in the dll !!
the function might have been called from an exe file (for a global hook!) and the only function in the dll is the callback function !!
But thank you nevertheless .. I'll try thinking of a function which has to be in the dll ... (b.t.w. the callback function name is up to the programmer - therefor it's of no help!)
|
|
|
|
|
Correct... my mistake.
But the dll must call "CallNextHookEx" ..inside the callback function( whatever the programmer decides to name it). So you can search for this string instead.
|
|
|
|
|
What if they use a WndProc that doesn't directly call "CallNextHookEx"? They could pass the arguments back to the EXE file and call it from there. Also, a hook does not even need the DLL file to hook the keyboard. I've writen a hook that is completely contained in an EXE. The way it's done is to use WriteProcessMemory() to copy the WndProc function as well as a control function into the target process. (SAS Window class in my case) Then call CreateRemoteThread() to the control thread to start the hook. The control thread then hooks the keyboard through the WndProc() function. Completely contained in an EXE.
|
|
|
|
|
Your original poser was about about locating the correct hooking DLL.
I assume you inject SAS to hide taskmanager/ capture change passwords sequence/ capture ALT-CTRL-DEL. If so, then the method you use (quite tricky to code correctly) seems ok.
To capture system-wide keybd input for all threads/windows(except SAS input) one can also do without DLLs in far simpler fashion..
check this http://neworder.box.sk/newsread.php?newsid=10952
|
|
|
|
|
munawar1968 wrote:
Your original poser was about about locating the correct hooking DLL.
I assume you inject SAS to hide taskmanager/ capture change passwords sequence/ capture ALT-CTRL-DEL. If so, then the method you use (quite tricky to code correctly) seems ok.
To capture system-wide keybd input for all threads/windows(except SAS input) one can also do without DLLs in far simpler fashion..
check this http://neworder.box.sk/newsread.php?newsid=10952
I use it to capture CTRL+ALT+DEL. It works well. I've also done basically the same thing as you linked to. I use that to create hotkeys on my keyboard and mouse. It works really well.
As for the OP, I don't know if there's a way to catch a keylogger since it's possible to completely contain it in an exe file. One thing you could try is to append a hook function on the end of the callback chain. In it you could peek at the stack and see if there are any hooks that aren't normally there in a clean windows installation. If you find one, you might be able to use the address on the stack to find out the thread that hooked the keyboard. note: the preceeding may or may not actually be possible to do. I haven't tried it and I'm no expert on hooks.
|
|
|
|
|
When I'm trying to get the Domain Name, I make use of the following functions. However, in the domain field, it is NULL.
nStatus = NetServerEnum(NULL,dwLevel,<br />
(LPBYTE *) &pBuf,<br />
dwPrefMaxLen,<br />
&dwEntriesRead,<br />
&dwTotalEntries,<br />
dwServerType,<br />
NULL,<br />
&dwResumeHandle);
I do not want to make my whole program complicated. I only want to add a single function to extract the domain name. Please help.
~~~~ Landy
|
|
|
|
|
Are you trying to enumerate all the Domain Controllers in your network ? In that case wot is the value of the "dwServerType".
Or is that you just want to know the current user's Domain Name ?
suhredayan There is no spoon.
|
|
|
|
|
I just want to obtain the current user's domain name.
|
|
|
|
|
|
Use NetWkstaGetInfo() .
"Ideas are a dime a dozen. People who put them into action are priceless." - Unknown
|
|
|
|
|
Hi
Anyone know how to determine the name of the service that starts an executable? Let's say I have an executable that is called Service.exe and I register it as Service1 and Service2. How can I tell which service was started when the SCM starts the executable?
Thanks
Bernhard
|
|
|
|
|
One kludge way is to, provide different command line parameters while registering the services.
suhredayan There is no spoon.
|
|
|
|
|
That seems to be the kludge I'll go for. Additional parameters will specify the service name and exe name. This will make a copy of the exe, register the service, and make a registry entry that links the exe name to the service name.
Then, at run time, I can get the module (exe) name, look up the service name in the registry, and then determine the registry key for that service's parameters.
This is neither elegant nor something to be proud of, but time is money.
Thanks
Don't worry, nobody lives forever.
|
|
|
|
|
Hi!
In winXP if you see in control panel or in Printer Folder you can see a section on left as "See also".
In Printer folder it contains Manufacture's Website and what I found is it comes from registry key with OEM URL.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows NT x86\Drivers\Version-3\<printer>
Now I want to add couple of more urls in this "See Also" section.
I am not sure if I can get this done just by adding registry keys or I have to write some code for Shell extention.
Pls. let me know if anybody has got expirence with it.
Thanks
Naveen
|
|
|
|
|
i want to add menu to my propertysheet. how can i acheive it?
menu cannot be added to property pages? how i implemt the concept of menu in property sheets or property pages?
|
|
|
|
|
Is there any way I install my software in intranet just giving the IP address of any machine where I want to install it. But there(on remote m/c) won't be any client programm running.
|
|
|
|
|
This [^] article has the code to copy an exe to remote LAN machine and execute it remotely. But it requires Administrator access to the remote machine.
suhredayan There is no spoon.
|
|
|
|
|
hello,
i want to show dialog in my activex,but failed,the code is below:
in the WM_CREATE map func:
CDialogTest *dlg= new CDialogTest ();
dlg->Create(IDD_DIALOG,NULL);
dlg->ShowWindow(SW_SHOW);
and i use the vc tools ole view and tested that it can popup the dialog,
but i my test application,how to popup the dialog?even i use the code
CActivex m_activex;
m_activex.AboutBox();
to show the about dialog and i also crashed,what is the matter?please help me?
|
|
|
|
|
I have an idea for a new extention to C/C++. I'm not going to say exactly what it is, but it's similar to how a class is an extention of a struct. My question is, how was C extended to C++ to include the class keyword? It's not just a header file/library as far as I can tell. Is there a way I can create a new concept of data/code encapsulation in a header/library without completely rewriting the compiler/linker/IDE? I'm not trying to just create a new datatype.
Thanks!
|
|
|
|
|
CorvetteZ0606 wrote:
how was C extended to C++ to include the class keyword?
Initially, a pre compiler was written that turned C++ code into C, and it was passed to a C compiler from there. So classes would have been turned into structs. Now, the compilers are written to understand what a class is.
CorvetteZ0606 wrote:
Is there a way I can create a new concept of data/code encapsulation in a header/library without completely rewriting the compiler/linker/IDE?
No.
Christian Graus - Microsoft MVP - C++
|
|
|
|
|
Christian Graus wrote:
CorvetteZ0606 wrote:
Is there a way I can create a new concept of data/code encapsulation in a header/library without completely rewriting the compiler/linker/IDE?
No.
Well maybe there should be
|
|
|
|
|
You could write your own precompiler and add it to the MSVC++ IDE via a pre-build step.
|
|
|
|