I'm trying to clear out the WinInet cache using Win32 API - by invalidating the cache entries, or deleting them (doesn't matter). I can't find any way to do this for the whole cache (other than iterating over each entry - example in C#, another in VB) - is this even possible?
Apparently, it is possible to (ab)use the Internet Options panel to clear the cache files by executing this:
RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 8
Will try to call this as a DLL.
Source: http://www.vbforums.com/archive/index.php/t-440508.html , comment by technorobbo
I'm fairly certain doing the FindFirst/FindNextUrlCacheEntry() then DeleteUrlCacheEntry() is the only way to make sure it works across all versions of IE.
Alternatively you can use FindFirst/FindNextUrlCacheGroup() and DeleteUrlCacheGroup() with "CACHEGROUP_FLAG_FLUSHURL_ONDELETE" but you have to make sure you only delete what you want. For example, history, cookies and temporary internet files are all Cache groups.
Do not use the method: RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 8
This is unsupported by Microsoft and has been shown to break the cache and cause all sorts of unusual problems.
FTR: The exact meaning of the argument (8 above, means only Temporary Internet Files and not Cookies etc.) is explained e.g. on http://www.howtogeek.com/howto/windows/clear-ie7-browsing-history-from-the-command-line.
BTW: Unfortunately RunDll32 is asynchronous, which makes it not ideal for running before e.g. automated web tests. Would anybody have an idea either how to run this as a blocking call, or to how to programmatically find the exact directory name of the "Temporary Internet Files" directory so it can be polled until empty? Code it in C (need it in Java, could do JNI) is really the only option, huh? ;(
PS: How can one post a reply to an existing answer instead of starting a new answer on stackoverflow?
Related
Let me first explain my situation:
I have an old application and don't have any possibility of changing it. This application works with sqlite tables, one of them being a "temporary" database, but does not create temporary tables in memory but rather uses normal tables.
I install this application in a terminal server and the problem is that the application tries to read from a static path from the temporary table.
I need to redirect the "open syscall" to another file, so I want to know if I could do that with some software or by programming it.
Several options in order of "preferableness":
Create a junction. Click the link to get a tool for doing this.
Use a shim if possible.
If the above are not possible then you could use Madshi's madCodeHook lib to intercept the(*) call. Somebody over here is having a similar question, the discussion there also applies to your situation.
Be careful though when using API hooking and always ask yourself what would happen if two programs are doing it at the same time. This would likely result in an unstable system a.k.a. a mess.
(*) You would also have to figure out which call you actually need to hook.
You should be able to do that with a junction point.
This question already has answers here:
Rewrite Registry File in Windows
(3 answers)
Closed 9 years ago.
This is out of curiosity, but I have seen several (and some of them very popular) software called registry defragmenter. While I can see the benefit they offer, but I am very curious on how exactly do you do registry defragmenting? Note that I'm not asking for software name, just a basic description of how it's done programmatically. I understand there is disk defragmenting API from microsoft. Is this that they are using? Or is there "registry defragmenting" api?
While disk defragmenting would be helpful, the more important speed benefit which could be obtained would be arranging the registry nodes so that a typical depth-first search would put the sequentially-accessed nodes in the same registry page.
I'm not aware of any API for that. The algorithm is a straightforward reordering and rewriting operation, complicated by dealing with Windows' concurrent access.
I suspect they're just defragmenting the files used to store registry information. Since the registry files are open during all normal Windows operation, a "normal" file defragmenting tool won't even touch them.
Answer: Most parse the file format directly and manually.
There is another possible way: Using the RegSaveKey and then the RegReplaceKey functions, which are used by the Windows Backup utility.
How do they prevent crashes in a live OS? Simple, they reroute API calls to the Windows Reg* functions and handle them themselves. Caching any changes that need to be written later. It would also be wise to hold an exclusive lock on the hive files.
I trust defragmenters MUCH more than I trust optimizers. Registry Optimizers can set untested or broken keys and enable broken features. With the mass commercialization of them, this is less of a problem. But still, with what I've seen in the past I don't trust them mucking my stable system up in ways that are too hard to pin down.
I came across a small hack, which claims it enables smb:// on windows.
The complaint was that things like text weren't working.
While true that you can use file:///// in your url's, the user wanted to use smb:// so that it's cross-platform.
The hack goes as follows:
1) Create this Reg file, save and execute it:
REGEDIT4
[HKEY_CLASSES_ROOT\smb]
#="URL:smb Protocol"
"URL Protocol"=""
[HKEY_CLASSES_ROOT\smb\shell]
[HKEY_CLASSES_ROOT\smb\shell\open]
[HKEY_CLASSES_ROOT\smb\shell\open\command]
#="\"C:\\smb.bat\" \"%1\""
And then create the smb.bat file in your C-folder, containing this:
#echo off
cd C:\
set url=%~dpnx1
explorer \%url:~7%
exit
My question: how safe is this, and any other thoughts on the matter? Besides the file:///// thing I mean.
To me, it looks damn dangerous because it allows any website to place "\\RESOURCENAME" URLs, which will work regardless of context, and smb.bat will be called if you click such a link. I don't entirely understand the batch syntax (the ~ part especially) but it seems to me it's possible to pass any kind of argument to explorer.exe.
There's probably no immediate danger because it's very unlikely an outside attacker would guess you have this set up. Still, safe it's not.
I'd much rather have the server detect windows clients output \servername\path scheme for those and smb:// for everything else.
Not to mention, SMB isn't the only protocol that uses that syntax, so does any other filesystem such as WebDAV. Somewhat clever idea though, and I wish that smb:// worked too.
I'm looking for a straightforward way to watch the contents of a folder using Win32 (minimum target is XP). If possible, it would be nice to use an event-driven approach rather than a polling-type approach. To complicate things, the watched folder may be a network share.
I'm really only interested in capturing "new files". I don't care if I am not informed of renamed or removed files.
Is there an event-driven way, or is polling my only choice when dealing with Win32?
Have you tried out FindFirstChangeNotification and FindNextChangeNotification .
Download an example source code from here
FindFirstChangeNotification is the right API here, as Suraj says. I did however find when using this (many years ago), that it sometimes failed if used it to watch a network share with an infinite wait on the handle it returns. I simply applied a timeout and re-issued the FFCN every so often, which solved the problem.
I don't know if later OS updates solved this problem, we never went back and checked :-).
I would like to create events for certain resources that are used across various processes and access these events by name. The problem seems to be that the names of the events must be known to all applications referring to them.
Is there maybe a way to get a list of names events in the system?
I am aware that I might use some standard names, but it seems rather inflexible with regard to future extensibility (all application would require a recompile).
I'm afraid, I can't even consider ZwOpenDirectoryObject, because it is described as needing Windows XP or higher, so it is out of question. Thanks for the suggestion though.
I am a little unsure about shared memory, because I haven't tried it so far. Might do some reading in that area I guess. Configuration files and registry are a slight problem, because they do tend to fail with Vista due to access problems. I am a bit afraid, that shared memory will have the same problem.
The idea with ProcessExplorer sounds promising. Does anyone know an API that could be used for listing events for a process? And, does it work without administrative rights?
Thank you for the clarification.
There is not really a master process. It is more of a driver dll that is used from different processes and the events would be used to "lock" resources used by these processes.
I am thinking about setting up a central service that has sufficient access rights even under Vista. It will certainly complicate things, but it might be the only thing left facing the problems with security.
No, there is not any facility to enumerate named events. You could enumerate all objects in the respective object manager directory using ZwOpenDirectoryObject and then filter for events. But this routine is undocumented and therefore should not be used without good reason.
Why not use a separate mechanism to share the event names? You could list them in a configuration file, a registry key or maybe even in shared memory.
Do not mix up the user mode ZwOpenDirectoryObject with the kernel mode ZwOpenDirectoryObject -- the kernel mode API (http://msdn.microsoft.com/en-us/library/ms800966.aspx) indeed seems to available as of XP only, but the user mode version should be available at least since NT 4. Anyway, I would not recommend using ZwOpenDirectoryObject.
Why should configuration files and registry keys fail on Vista? Of course, you have to get the security settings right -- but you would have to do that for your named events as well -- so there should not be a big difference here. Maybe you should tell us some more details about the nature of your processes -- do they all run within the same logon session or do they run as different users even? And is there some master process or who creates the events in the first place?
Frankly, I tend to find the Process Explorer idea to be not a very good one. Despite the fact that you probably will not be able to accomplish that without using undocumented APIs and/or a device driver, I do not think that a process should be spelunking around in the handle table of another process just to find out the names of some kernel objects. And, of course, the same security issues apply again.
ProcessExplorer is able to enumerate all the named events held by some specific process. You could go over the entire process list and do something similar although I have now clue as to what API is used to get the list...