I'm asking this question after I got a very good answer to: How do I detect the 2 states of “Switch User” in Windows
My intention is to find out if the Switch User under KDE/Gnome has a similar API call I can monitor with FreePascal.
If not with FreePascal, at least the respective lib entry used in C/C++
Yes, a dbus package is installed, and afaik I ran the examples end of last year.
See /packages/dbus/examples/busexample.pp for an example
I'm pretty sure that monitoring DBUS messages you can catch messages about session enter and exit. Actually i don't know if FreePascal provide DBUS apis.
A dirty solution can be execution and parse /usr/bin/dbus-monitor output.
Good luck
Related
Where can I find all messages translated into different languages for netsh.exe?
My problem is that I run netsh.exe to handle a Wi-Fi hotspot in my application and read/parse the output to see what happened. Now the problem is, that I cannot really parse the output, because it is different in every language version of Windows.
I am looking for a site that could have all the localized messages from the netsh.exe. Is there any? Another solution would be to somehow force the messages to another language (English), but I haven’t seen a good way to do that.
I went with alternative solution: .NET and P/Invoke
Solution on GitHub.
I was wondering if it was even possible with RUBY to watch other applications and if a certain application is below a memory threshold it kills it and starts it again.
Operating System would be Windows 7+
Things I need to be able to do:
Monitor Memory
Determine between different processes
Kill Processes
Start new process (bat script or powershell)
Start monitoring again
The watched application running would run high memory when it is working and that is good. If it goes below 1gb I want this application to kill it. Of course when it restarts it would give a grace period for it to load the RAM.
I was going to use the Shoes gui framework to make something nice to wrap around it. It would be theoretically nice to have some sort of auto detection if the application is running.
If this is possible, but requires Gem you think may help I would like to hear about them.
I found Usagewatch Gem seems to be headed the right way, but from a glance at the documentation it is general and I need to be specific about which process I am watching.
If this question is not appropriate here please let me know via a comment and I will remove it and/or move it to a proper place for this type of question to be asked.
I appreciate your time and effort into helping me with this endeavor.
Thank You
I would suggest using the win32 gem. Than start by looking through the Win32 Api documentation. This will give you the most flexible solution and will give you the whole system programming power for Windows. My advice is to make some wrapper functions about the things connected with Windows you need and use them that way, so if you find a more appriete solution you can switch to it easily.
I am working on building a system that can monitor how users react to security alerts on their systems (software updates, warnings etc.). It also needs to monitor the web traffic and the processes running on the system and I am looking to the community to help me design this system. We intend to provide users with test laptops and monitor their behavior over a period of time to see how they react to security alerts thrown by various applications and the OS(windows in this case).
Following are my questions
Can I use windows hooks to solve the first problem i.e finding how users reacted to the alerts thrown by various applications. Specifically, can global hooks be used to solve this?
(How this information should be collected (XML?) and relayed back to a server(how frequently?) is another problem)
Can I do this in C# or it has to be done only in c++ or VB?
Do you know any alternate approach to solve the problem? Is there any software that has these capabilities.
I have many more questions but getting these answered would be a good first step. Really hoping for some good insights from the knowledgeable people on this community
Thank you in advance
Edit:
Example scenario is when adobe prompts you to update the flash player or the antivirus prompts you to update definitions or any application displays a notification(security related having keywords like update, warning, install etc.) needing the user to take some action. Windows system updates is another example. I want to know how the user reacted to these alerts/notifications/updates (which are typically a pop-up window). So i was wondering if i placed a global hook that can monitor the content of the windows displayed on screen and notify me(server) when certain words like update, alert, warning etc. appear in the content/title of the windows and what the user did with the message(dismissed it, Oked it etc). Unfortunately, i do not have any more specifications than this. I can use anything I want to achieve this and I am not clear on what my choices are.
Edit 2:
After having reviewed my requirements and having read about hooks, I feel like I could achieve this by a combination of hooks and the following textGrab SDK, http://www.renovation-software.com/en/text-grab-sdk/textgrab-sdk.html. I want some guidance to know if I am on the right track. I am thinking if I can install hooks then it gives me handles to all possible windows on the screen and I can use the textGRAB SDK to look for certain keywords in those windows. Although this may capture some interesting text, I am still not sure how I will know what action the user had taken on the window. Anybody having any experience with either hooks or textGRAB, please let me know if this looks like a reasonable thing to do. If the community has some other Ideas on how I could possibly monitor security related messages thrown by any application in the system, please suggest. I am looking forward to some useful advice for completing a challenging project.
First of all, you need to define, how you will "see" security alerts in code. "Security alert" is quite a vague term. Will it be some window with some caption and some message to the user or ... ?
Next, about web and processes: Windows hooks won't help you with your task. They are more low-level and not as advanced as you'd need. You can't hook network traffic (you need either network filter driver for pre-Vista or Microsoft Filtering Platform for Vista and later). See this question for some information about checking the process list with C# (there seems to be no easy way to catch process startup either).
It honestly sounds like you need a more solid direction. I commend you for trying to provide details, but It appears that you still need more information about your problem(s)..
I will attempt to answer some of your questions, but like I said - it sounds like you need to know more about your problems before we can provide you with optimal answer(s).
-Alerts is too vague a term, you will need to define this better. Are these 'alerts' applications that YOU have control over or are they third party applications? Not every application will show an 'Alert' in the same fashion, and even if they did - I think using a System Level Hook would probably be too problematic to implement your solution with. I'm not saying it's necessarily impossible, but you're talking about possibly implementing a different set of logic(to determine the data for a given application's Alert(s)) for each application that you want to monitor.
-It's impossible for any of us to determine the optimal storage mechanism for your particular needs, that is something that you will either need to provide more details about or decide on your own.
-How often you collect data is also something that you will have to either provide more details for or decide for on your own.
-C/C++ Would probably provide you with the most portable solution, although there is nothing preventing you from using c# to call Win32 API. (Not everyone has the .NET framework installed - believe it or not)
-The problem that you mentioned appears to be a somewhat specialized problem... I don't know of any existing software that will do everything that you want to do.
Another possible issue that you haven't touched on:
You haven't specified your target audience for this 'service', but I want you to know that if I found an application monitoring as many events as what you're talking about doing, I would promptly remove it and write a nasty letter to the company that wrote it.
In summary, Read this Article on hooks to get a better understanding of how they work.
There was an "API Monitor" program, but it seems discontinued. Doesn't work on my system.
Is there any such tool, which can work on Windows 7 x64?
I need to log API calls from a selected set, better when parameter values.
I use the API Monitor tool at http://www.rohitab.com/apimonitor. It's not abandoned, the author seems to be releasing regular updates including some from the past year. I found it relatively easy to learn, and have used it to discover API calls made by some components of Windows that I was studying, among other debugging tasks.
Heres is an list of such tools: http://www.woodmann.com/collaborative/tools/index.php/Category:API_Monitoring_Tools. You could try the first one, its OpenSource and was last updated this year: http://jacquelin.potier.free.fr/winapioverride32/
Edit:
You could try this one for x64 http://www.autodebug.com/
There's also Detours, free from Microsoft, it's a library to hook the windows API, but it's not a complete monitor program, you have to do some work to intercept the API calls.
http://www.bladeapimonitor.com/ seems to be doing what you need.
Depending on what you want to see, Procmon might also do the job.
I wonder if it is possible to figure out what keys user was pressing while his Mac OS was starting up?
Any way will do. As far as I understand it there is no easy way to simply hook an app/script to start working and capturing keystrokes simultaneously along with the OS. But maybe there is a way to some kind of reverse engineer this? Maybe looking into a specific log file or something like that?
Any results will do. Basically what I'm interested in is in finding out, which key the user pressed/held during the OS startup. It may be string, a character code or a hex, doesn't really matter.
UPDATE: guided by Pekka's advice I've found a kernel extension that should do the job. And it, hopefully, will do it, after this follow-up question - Why this keyboard intercepting kernel extension doesn’t work? is answered. :)
I'm no OS guru, but I think very, very, very hardly. I don't suppose stuff like this is automatically recorded anywhere.
I guess you would have to look whether the part of the system that handles the startup keys is somehow accessible, and can be extended to invoke a command defined by you.
The second best thing that comes to mind is for you to write some sort of custom device driver or startup script that gets loaded at startup, and listens to keypress events.
How to approach this depends completely on what point in the boot process you want to check for keys.
If you want to check really early, your only choice is to play with the EFI (firmware) environment -- maybe you could modify rEFIt to do what you want?
After the firmware, control passes to boot.efi (BootX on PPC Macs). This could presumably be replaced/hacked, and I'd expect the source to be available from as part of Darwin, but I don't see it on a quick inspection.
After that, the kernel loads (you could build your own kernel) with a minimal set of cached drivers (you could write a driver, not sure how to get it to be cached, though).
After that, all sorts of things happen more or less at once. Normal drivers get loaded, /etc/rc.local gets run, launchd items in /System/Library/LaunchDaemons and Library/LaunchDaemons become active... If you're willing to wait until this phase of the boot process, you have many options.
It's not just not recorded anywhere, for quite a while during startup there is no keyboard driver. So from the point of view of software, during that interval the keyboard simply doesn't exist.