|
Hi all!
i have injected the kernel32.dll for the "CreateFileW" and i have customized the funcation.
i wana log only the files created by the user not by the system exe and dll and processes.
i have filtered by using "dwCreationDisposition" and dwFlagsAndAttributes
even though i cant filter some of the files created temperarily and some exe files.
has anybody known any filtering techniques in the kernel.
i welcome if someone leads me for a good technique
Thanks all!
Regards
Jack
|
|
|
|
|
I added a static variable in a file "shared.h"
static bool bDone;
and inclued in "shared.h" in two file "abc.cpp" and "xyz.cpp"
because I want to set the value in "abc.cpp" and use it in "xyz.cpp".
But when I do this I get the below linker error
error LNK2001: unresolved external symbol "public: static bool bDone, before addition of this variable every thing compiles fine
Please advice
|
|
|
|
|
By declaring it static , you've restricted the scope of that variable to the file where it is declared. You might want to look into the keyword extern (declare the variable globally without the static keyword and declare it as extern where you are trying to use it)
It is a crappy thing, but it's life -^ Carlo Pallini
|
|
|
|
|
so in my case I should do as below
Shared.h
bool bDone;
abc.h
#include "Shared.h"
extern bDone;
xyz.h
#include "Shared.h"
extern bDone;
If I am not worng
|
|
|
|
|
Are you going to wait until I say "yes, go ahead"? Why not try it in the IDE and ask queries if it didn't work?
It is a crappy thing, but it's life -^ Carlo Pallini
|
|
|
|
|
Now I get the below error
error LNK2005: "bool m_Cursor" (?m
.exe : fatal error LNK1169: one or more multiply defined symbols found
|
|
|
|
|
<a href="http://msdn.microsoft.com/en-us/library/dabb5z75(VS.80).aspx" target="_blank" title="New Window">__declspec</a>(<a href="http://msdn.microsoft.com/en-us/library/5tkz6s71(VS.80).aspx" target="_blank" title="New Window">selectany</a>) bool bVar;
#include "MyHeader.h"
extern bool bVar = 0;
#include "MyHeader.h"
extern bool bVar = 1;
It is a crappy thing, but it's life -^ Carlo Pallini
|
|
|
|
|
No luck
now I got
.obj : error LNK2001: unresolved external symbol "bool m_BusyCursor"
|
|
|
|
|
do it all extern (declaration), AND "bool bDone = false;" in the Shared.cpp (instanciation)
Press F1 for help or google it.
Greetings from Germany
|
|
|
|
|
Now I get the below error
error LNK2005: "bool m_Cursor" (?m
.exe : fatal error LNK1169: one or more multiply defined symbols found
|
|
|
|
|
I dont believe that you have done what i wrote.
Make only 1 instance of your bool !!!!
Press F1 for help or google it.
Greetings from Germany
|
|
|
|
|
hello Friends
I want to save zip file.is any function that displays a dialog that asks user where to save in?Thanks In Advance.
Regards
Yogesh
|
|
|
|
|
CFileDialog: Lets user select a filename to open or save
You need to google first, if you have "It's urgent please" mentioned in your question.
_AnShUmAn_
|
|
|
|
|
I m not using MFC .Please suggest me if any in c++ or win32?
Regards
Yogesh
|
|
|
|
|
See GetSaveFileName .
Of one Essence is the human race
thus has Creation put the base
One Limb impacted is sufficient
For all Others to feel the Mace
(Saadi )
|
|
|
|
|
GetSaveFileName() will do the job
Press F1 for help or google it.
Greetings from Germany
|
|
|
|
|
Hi,
Please let me know is there any API to Get the Drive in which im inserting the Disk..
|
|
|
|
|
See GetLogicalDrives .
Of one Essence is the human race
thus has Creation put the base
One Limb impacted is sufficient
For all Others to feel the Mace
(Saadi )
|
|
|
|
|
But how will i know in which drive my disk is inserted
|
|
|
|
|
Hi
Get GetLogicalDrives.
and use the folloing function to find out the drive type
UINT uDriveType = GetDriveType(sDriveLabel)
0 - Unknown drive
1 - Invalid Path
2 - Removable Drive
..etc
Regards
.....Jack
|
|
|
|
|
Handle WM_DEVICECHANGE message
|
|
|
|
|
If possible can u suggest me any sample regarding the same...
|
|
|
|
|
|
I had code to access the serial number of a hard drive. I was running this in user mode, getting a handle to the drive as follows:
HANDLE hDrive ;
wchar_t driveName[128];
for(int i = 0; i < 16; ++i)
{
wsprintf(driveName, L"\\\\.\\PhysicalDrive%d", drive);
hDrive = CreateFile(driveName, GENERIC_READ | GENERIC_WRITE, FILE_SHARE_READ | FILE_SHARE_WRITE , NULL, OPEN_EXISTING, 0, NULL);
...
}
I'm now trying to do the same thing in a driver. However I'm not sure how to open the actual drive. Currently the code I have is:
HANDLE hDrive;
WCHAR sDriveName[128];
OBJECT_ATTRIBUTES oa;
UNICODE_STRING usDriveName;
IO_STATUS_BLOCK iosb;
NTSTATUS Status = STATUS_UNSUCCESSFUL;
int drive;
for(drive = 0; drive < MAX_IDE_DRIVES; drive++)
{
_snwprintf(sDriveName, 128, L"\\Device\\Harddisk%lu", drive);
RtlInitUnicodeString(&usDriveName, sDriveName);
InitializeObjectAttributes(&oa, &usDriveName, OBJ_INHERIT, NULL, NULL);
if(NT_SUCCESS(ZwOpenFile(&hDrive, FILE_ALL_ACCESS, &oa, &iosb, FILE_SHARE_READ | FILE_SHARE_WRITE, FILE_DIRECTORY_FILE)))
{
...
}
}
However the call to ZwOpenFile is failing with iosb.Status == 3.
Any ideas what I am doing wrong here??
Thanks.
|
|
|
|
|
andrew_dk wrote: However the call to ZwOpenFile is failing with iosb.Status == 3.
Does that equal STATUS_WAIT_3 ?
"Old age is like a bank account. You withdraw later in life what you have deposited along the way." - Unknown
"Fireproof doesn't mean the fire will never come. It means when the fire comes that you will be able to withstand it." - Michael Simmons
|
|
|
|