I have to write a litle app that will process files saved in a given dir. I doesn´t pleases me the idea of writing infinite loops, timers and that kind of stuff.
I´d like to know if there if (I would bet a finger that there is!) there is any windows API that would send my app a message for any file saved in that given dir.
ReadDirectoryChangesW is non-trivial to use correctly. There is a working sample here. I have worked with production code closely derived from this, and I've found no better sample to work from.
Note that there are known issues with the API (admittedly corner cases that may not affect you) that are described here and here, and further suggestions on usage here.
The function you're looking for is ReadDirectoryChangesW.
you can use the FindFirstChangeNotification funciton too. Exist an component called TJvChangeNotify from the JEDI JVCL collection wich encapsules this function which makes it easier to use.
Related
On Windows, all disk I/O ultimately happens via Win32 API calls like CreateFile, SetFilePointer, etc.
Now, is it possible to intercept these disk I/O Win32 calls and hook in your own code, at run time, for all dynamically-linked Windows applications? That is, applications that get their CreateFile functionality via a Windows DLL instead of a static, C library.
Some constraints that I have are:
No source code: I won't have the source code for the processes I'd like to intercept.
Thread safety: My hook code may dynamically allocate its own memory. Further, because this memory is going to be shared with multiple intercepted processes (and their threads), I'd like to be able to serialize access to it.
Conditional delegation and overriding : In my hook code, I would like to be able to decide whether to delegate to the original Win32 API functionality, or to use my own functionality, or both. (Much like the optional invocation of the super class method in the overriding method of the subclass in C++ or Java.)
Regular user-space code: I want to be able to accomplish the above without having to write any device-driver, mainly due to the complexity involved in writing one.
If this is possible, I'd appreciate some pointers. Source code is not necessary, but is always welcome!
You may want to look into mhook if Detours isn't what you want.
Here are a couple of problems you may run into while working with hooks:
ASLR can prevent injected code from intercepting the intended calls.
If your hooks are global (using AppInit_DLLs for example), only Kernel32.dll and User32.dll are available when your DLL is loaded. If you want to target functions outside of those modules, you'll need to manually make sure they're available.
I suggest you start with Microsoft Detours. It's free edition also exists and its rather powerful stable as well. For injections you will have to find which injection method will work for your applications in target. Not sure whether you need to code those on your own or not, but a simple tool like "Extreme Injector" would serve you well for testing your approaches. And you definitely do not need any kernel-land drivers to be developed for such a simple task, in my opinion at least. In order to get the full help of me and others, I'd like to see your approach first or list more constraints to the problem at hand or where have you started so far, but had problems. This narrows down a lot chit-chats and can save your time as well.
Now, if you are not familiar with Detours from Microsoft (MSFT) please go ahead and download it from the following link: http://research.microsoft.com/en-us/projects/detours/ once you download it. You are required to compile it yourself. It's very straightforward and it comes with a compiled HTML help file and samples. So far your profiles falls under IAT (Import Address Table) and EAT (Export Address Table).
I hope this non-snippet answer helps you a little bit in your approach to the solution, and if you get stuck come back again and ask. Best of luck!
I cant decide between this two options.
M Project vs Sproutcore
I'm building an application that will be primary served on mobile but has to be viable on desktop.
Mproject is on the edge with number and variability of his prebuilded widgets and may happen that I will need some more or at least alter some behavior.
So this is kind of down side of Mproject. But it looked for first review that Mproject need less code for basic stuff.
And the second problem comes with the skins. I will basicaly need reskin everything a lot. The design of app has to be very unique.
So I want to know which of them is easily to reskin not just by theme-roller and similar stuff.
I would appreciate any other JavaScript-only frameworks recommendations.
Thanks for all replies.
I'm not sure what kind of application are you building so you should take care with my answer.
M-Project solved our problems fine, and help us to make it clear code ... when you understand how it works. It requires a bit of hard work, the documentation is a bit poor and is a new project where some things are not yet implemented. You can change application look modifying HTML and CSS so I think you should have no problems with this.
Also you can download their code and modify it without problems, it is easy to read and modify if you need any specific behavior.
On other side, I never used Sproutcore, it have a really nice look. But documentation say it is focused on desktop applications. Probably you will not have too much problems to adapt the output HTML for mobile devices, I guess.
Lastly, I think you can take a look on Lungo.js Framework.
Best regards.
I must intercept execution in very big application in many places.
What programs I can use to do this? What techniques exists for this problems?
Manually reverse engineering and adding hooks is maybe not optimal solution for this problem, because application is very big and some part of application can be updated in some time, i think with some tools or good practices for this problem i can do this faster, anyone know how to do?
Anybody help me?
seeing as the tools part has been covered, here is something for the techniques.
Depending what it is you need to hook and whether or not there is protection invloved, there are a few methods:
Relative call/jmp patching in the virtualized binary: this is the simplest, but also a lot of work if you can't automatically find all references to a function, this probably won't work in this cause due to your criteria.
IAT/EAT hooking: this is use for imports(IAT) and exports(EAT), great if your targeting a known importted/exported set of API functions. a good example of this can be found here or here
Hot-Patching: Windows XP SP2 introduced something called "hot-patching" (used for realtime system function updates), where all its (the WinAPI) functions start with a 'mov edi,edi', allowing a relative jump to be patched into the free space created above every hot-patchable function(one can do it too). this is generally used for programs that checksum there IAT's or have other funny forms of protection, more info can be found here and here
Code-Caving: capturing execution flow by placing redirections in arbitrary code space. see here, here or here
VFT/COM Redirection: basically overwriting entries in a objects virtual function table, useful for OOP/COM based applications. see this
There are a lot of 3rd party libraries, most famous would probably be MS Detours, one can also look at APIHijack or a mini-hook engine.
Ofcourse nothing can substitute for the initial poking you'll need to do with a debugger like ollydbg, but knowing the method your gonna use can drastically short them amount time time spent poking around
Some details on what exactly you need to do (e.g. how do you determine where to break) would be nice. Depending on your situation, something like Pin might work.
I suggest using Deviare API Hook. It's the easiest way you can do what you need. It has some COM objects that you can use to hook an application from a different process. In your process you get full parameter information and you can use it in any programming language (I'm using C# and it works like a charm).
If you need to intercept registry API I suggest using Deviare to debug what you need to intercept but then you will have to make your own hooks, otherwise, you'll find performance issues.
You can do API Hooking if you are interested in intercepting method calls.
Or use some disassembler like softice or ollydbg or win32dasm.
I'm looking for a straightforward way to watch the contents of a folder using Win32 (minimum target is XP). If possible, it would be nice to use an event-driven approach rather than a polling-type approach. To complicate things, the watched folder may be a network share.
I'm really only interested in capturing "new files". I don't care if I am not informed of renamed or removed files.
Is there an event-driven way, or is polling my only choice when dealing with Win32?
Have you tried out FindFirstChangeNotification and FindNextChangeNotification .
Download an example source code from here
FindFirstChangeNotification is the right API here, as Suraj says. I did however find when using this (many years ago), that it sometimes failed if used it to watch a network share with an infinite wait on the handle it returns. I simply applied a timeout and re-issued the FFCN every so often, which solved the problem.
I don't know if later OS updates solved this problem, we never went back and checked :-).
I am writing a sort of screen-recording app for Windows and wish to know when and which regions of the screen/active window have changed.
Is there a Windows API I can hook to get notified of screen changes?
Or would I need to manually write something like this? :(
I always figured that Remote Desktop used some sort of API to detect what regions of the screen had changed and only sent back those images - this is exactly the behavior that I need.
I don't think there is an API in Windows that can tell you which parts of the screen have changed.
One possible way is using a video mirror driver like UltraVNC uses.
I think you'll find some clues here Screen Event Recorder DLL/Application, here About Hooks, and here Writing a Macro Recorder/Player using Win32 Journal Hooks
It would seem that you're going to have to do a fair bit of work to detect screen changes. This posting at tech-archive.net for instance. With this you can copy to RAM a reference screen and then take another and compare the two. It'd be up to you to define what kind of a change is a meaningful one. It's similar material to this article on desktop capture.
I think Remote Desktop streams GDI like commands. I don't know how they capture them in the first place.
Thanks for your help everyone. I ended up writing an image differencing class which seems to calculate the changed rectangles suprisingly quick. I've posted the gist of how it works here.
At the moment I'm just doing it in a timer but planning to do it after input events too.
Thanks heaps for your links Boost - I've only just looked at this thread again so I'll check them out soon.