|
Here is the initialization:
STARTUPINFO startup;
GetStartupInfo(&startup);
memset (&procinfo, 0, sizeof (PROCESS_INFORMATION));
memset (&startup, 0, sizeof (STARTUPINFO));
startup.cb = sizeof(&startup);
//start process in SUSPEND mode
CreateProcess(filePath, 0, 0, 0, TRUE, CREATE_SUSPENDED, 0, 0, &startup, &procinfo);
CU
|
|
|
|
|
Shouldn't you be assigning a value, other than 0 , to the wShowWindow member?
"Normal is getting dressed in clothes that you buy for work and driving through traffic in a car that you are still paying for, in order to get to the job you need to pay for the clothes and the car and the house you leave vacant all day so you can afford to live in it." - Ellen Goodman
"To have a respect for ourselves guides our morals; to have deference for others governs our manners." - Laurence Sterne
|
|
|
|
|
What is the difference between the following two statements?
1. if ((nID & 0xFFF0) == IDM_ABOUTBOX)
2. if ( nID == IDM_ABOUTBOX)
|
|
|
|
|
by doing nID & 0xFFF0 , you're forcing the lower significant bytes to 0.
read this article[^] to understand the & operator better.
|
|
|
|
|
Sakthi_Vel wrote: 1. if ((nID & 0xFFF0) == IDM_ABOUTBOX)
This only looks at the three most significant (upper) bytes, and then compares the result to IDM_ABOUTBOX .
"Normal is getting dressed in clothes that you buy for work and driving through traffic in a car that you are still paying for, in order to get to the job you need to pay for the clothes and the car and the house you leave vacant all day so you can afford to live in it." - Ellen Goodman
"To have a respect for ourselves guides our morals; to have deference for others governs our manners." - Laurence Sterne
|
|
|
|
|
DavidCrow wrote: This only looks at the three most significant (upper) bytes
Have to disagree, 0xFFF0 only represents 2 bytes or 16 bits, how can the expression look at three bytes? The expression nID & 0xFFF0 ignores only the lower 4 bits of nID.
|
|
|
|
|
Hello All,
how to get Current System Date in Long?
Any Help?
Manish Patel
|
|
|
|
|
The last Long equivalent Date type I heard of was in VB6, these days you'll probably need to do your own conversion or put up with storing at least 8 bytes. Have a look at the GetSystemTime and SystemTimeToFileTime API calls and their associated structures. A conversion to something like
<br />
struct LongDate<br />
{<br />
WORD Year;
WORD DayNumber;
};<br />
would be pretty trivial and you could shoe-horn that into a long.
Nothing is exactly what it seems but everything with seems can be unpicked.
|
|
|
|
|
Manish_mnp wrote: how to get Current System Date in Long?
Use the time() function.
"Normal is getting dressed in clothes that you buy for work and driving through traffic in a car that you are still paying for, in order to get to the job you need to pay for the clothes and the car and the house you leave vacant all day so you can afford to live in it." - Ellen Goodman
"To have a respect for ourselves guides our morals; to have deference for others governs our manners." - Laurence Sterne
|
|
|
|
|
Hi,
How can I know, that an application has been launched ?
Is there a windows event or something like that ?
Thank you for helping me.
Jphil
|
|
|
|
|
You can only know reliably if the launched application chooses to tell you. The best and most common way to do this, for example to prevent more than one copy of an app running, is to use a named Kernel object like a Mutex or Semaphore which can be accessed by name from more than one process and locked to prevent multiple usage. A shared named Kernel Event Object could be used if you simply want to watch for an app launch. If it's a 3rd party, black box app that you can't change then you'll either need to use some form of Dll injection to add the Event code to it or fall back to older unreliable methods like enumerating top level windows to look for an application specific name.
Nothing is exactly what it seems but everything with seems can be unpicked.
|
|
|
|
|
Matthew,
Thank you for you reply.
It gives me some clues.
In fact I want to control the launching of application developed by third parties.
You tell about DLL injection ? could you tell me more about that ?
Up to kow, I used a method based on the function "CreateToolHelp32Snapshot" to get a view of all running process. Of course I need to take a snapshot very often (in a loop). Hopefully, it seems no to take to much resources.
Once I see the launching of a new application I could kill it, if not authorized.
But the window of the application is displayed for a short time, which is no very beautifull !!
I'm sure that hackers can catch application launching.
Thank you for your help
Jean-Philippe
|
|
|
|
|
The principle of Dll injection is that you get the 3rd party app to load your dll into itself which gives you an opportunity to run some code, override window classes, install some hooks or whatever into an exisiting application. I'm no expert on this but there are articles on CP about it.
In this case your injected Dll would need to establish the command line of the executable that had loaded it, this info is accessible as part of the PROCESS_INFO structure which it should be able to retrieve. If this is an app you want to block then it would Set a named shared Kernel Event that your other process is already waiting on. It might also need some way of communicating the Process ID of the 'bad' process to the monitor, or you could kep the ToolHelp sapshot based scan and just trigger it on the event, or just get the Dll to kill the process itself,
This may indeed be able to shut down the disallowed process before the user sees anything but it really is no substitute to preventing them launching it in the first place using the Windows user account permissions system.
Nothing is exactly what it seems but everything with seems can be unpicked.
|
|
|
|
|
Have you tried looking for the WM_CREATE message via SetWindowsHookEx(WH_CALLWNDPROC, ...) ?
"Normal is getting dressed in clothes that you buy for work and driving through traffic in a car that you are still paying for, in order to get to the job you need to pay for the clothes and the car and the house you leave vacant all day so you can afford to live in it." - Ellen Goodman
"To have a respect for ourselves guides our morals; to have deference for others governs our manners." - Laurence Sterne
|
|
|
|
|
Using a global hook similar to the one above is what I used great success
Cheers
Tom
Philosophy: The art of never getting beyond the concept of life.
Religion: Morality taking credit for the work of luck.
"The object of life is not to be on the side of the majority, but to escape finding oneself in the ranks of the insane."
- Marcus Aurelius
|
|
|
|
|
I try a hook function CallWndProc to catch the WM_CREATE event.
The problem is that a lot of windows are created when a program is launched.
It is not easy to determine the first one. Moreover, the first one is not always the main window of the launched application.
Also the name of the executable is not returned by the Hook function.
Maybe is there another message ? I dind't see it !!
|
|
|
|
|
|
What is this supposed to mean :
bool CMyClass::MyFuntion( LPCTSTR pStr, const XStr *&pSourceStr )
Is this legal ? What is the idea behind ?
~RaGE();
I think words like 'destiny' are a way of trying to find order where none exists. - Christian Graus
Do not feed the troll ! - Common proverb
|
|
|
|
|
Yes, it is valid if it is given in Correct manour
&pSourceStr -> it gives address of the pSourceStr
And
*&pSourceStr -> it gives Data on that address.
|
|
|
|
|
Yes it is legal, this is how it breaks down, assuming the function was static just for example's sake
LPCTSTR pStr = _T("SomeString");
const XStr Source = _T("SomeSuperString");
const XStr* pSourceStr = &Source;
bool bResult = CMyClass::MyFunction( pStr, pSourceStr );
//pSourceStr may have been modified by the call but Source will still be the same
The function takes a pointer-by-reference, that is a reference to a pointer, as its second parameter. What this means to the caller is that when the function returns pSourceStr might have changed, it might point somewhere else now, but Source will not have.
This is usually done to get, in effect, a second return value from the function. The function will modify pSourceStr in order to communicate it back to the caller along with the bool result.
Nothing is exactly what it seems but everything with seems can be unpicked.
|
|
|
|
|
Cristal clear, thanks Matthew !
~RaGE();
I think words like 'destiny' are a way of trying to find order where none exists. - Christian Graus
Do not feed the troll ! - Common proverb
|
|
|
|
|
Rage wrote: What is the idea behind ?
Without knowing all the relevant analysis information it is not possible to say with any certainty, but it very likely means a design flaw.
|
|
|
|
|
Hi All,
I like to learn Debugging tools.
Can any one send some links which r useful for me
Thx a lot..
|
|
|
|
|
MSDN is one option
Greetings.
--------
M.D.V.
If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about?
Help me to understand what I'm saying, and I'll explain it better to you
|
|
|
|
|
sheshidar wrote: I like to learn Debugging tools.
Can any one send some links which r useful for me
which debugging tool you want to learn, friend. there are many, but best one is Visual Studio itself. just put breakpoint in source code and debugged the application.
"Opinions are neither right nor wrong. I cannot change your opinion. I can, however, change what influences your opinion." - David Crow Never mind - my own stupidity is the source of every "problem" - Mixture
cheers,
Alok Gupta
VC Forum Q&A :- I/ IV
Support CRY- Child Relief and You
|
|
|
|