ConsCtl

.cpp

Скачиваний:

Добавлен:

15.06.2014

Размер:

5.48 Кб

Скачать

☆

//---------------------------------------------------------------------------
//
// ConsCtl.cpp
//
// SUBSYSTEM: 
//              Monitoring process creation and termination  
//
// MODULE:    
//				Control application for monitoring NT process and 
//              DLLs loading observation. 
//
// DESCRIPTION:
//
// AUTHOR:		Ivo Ivanov
//                                                                         
//---------------------------------------------------------------------------

#include "Common.h"
#include <conio.h>
#include <tchar.h>
#include "ApplicationScope.h"
#include "CallbackHandler.h"

//
// This constant is declared only for testing putposes and
// determines how many process will be created to stress test
// the system
//
const int MAX_TEST_PROCESSES = 10;
//---------------------------------------------------------------------------
// 
// class CWhatheverYouWantToHold
//
// Implements a dummy class that can be used inside provide callback 
// mechanism. For example this class can manage sophisticated methods and 
// handles to a GUI Win32 Window. 
//
//---------------------------------------------------------------------------
class CWhatheverYouWantToHold
{
public:
	CWhatheverYouWantToHold()
	{
		_tcscpy(m_szName, TEXT("This could be any user-supplied data."));
		hwnd = NULL;
	}
private:
	TCHAR  m_szName[MAX_PATH];
	// 
	// You might want to use this attribute to store a 
	// handle to Win32 GUI Window
	//
	HANDLE hwnd;
};


//---------------------------------------------------------------------------
// 
// class CMyCallbackHandler
//
// Implements an interface for receiving notifications
//
//---------------------------------------------------------------------------
class CMyCallbackHandler: public CCallbackHandler
{
	//
	// Implements an event method
	//
	virtual void OnProcessEvent(
		PQUEUED_ITEM pQueuedItem, 
		PVOID        pvParam
		)
	{
		TCHAR szFileName[MAX_PATH];
		//
		// Deliberately I decided to put a delay in order to 
		// demonstrate the queuing / multithreaded functionality 
		//
		::Sleep(500);
		//
		// Get the dummy parameter we passsed when we 
		// initiated process of monitoring (i.e. StartMonitoring() )
		//
		CWhatheverYouWantToHold* pParam = static_cast<CWhatheverYouWantToHold*>(pvParam);
		//
		// And it's about time to handle the notification itself
		//
		if (NULL != pQueuedItem)
		{
			TCHAR szBuffer[1024];
			::ZeroMemory(
				reinterpret_cast<PBYTE>(szBuffer),
				sizeof(szBuffer)
				);
			GetProcessName(
				reinterpret_cast<DWORD>(pQueuedItem->hProcessId), 
				szFileName, 
				MAX_PATH
				);
			if (pQueuedItem->bCreate)
				//
				// At this point you can use OpenProcess() and
				// do something with the process itself
				//
				wsprintf(
					szBuffer,
					TEXT("Process has been created: PID=0x%.8X %s\n"),
					pQueuedItem->hProcessId,
					szFileName
					);
			else
				wsprintf(
					szBuffer,
					TEXT("Process has been terminated: PID=0x%.8X\n"),
					pQueuedItem->hProcessId);
			//
			// Output to the console screen
			//
			_tprintf(szBuffer);
		} // if
	}
};

//---------------------------------------------------------------------------
// Perform
//
// Thin wrapper around __try..__finally
//---------------------------------------------------------------------------
void Perform(
	CCallbackHandler*        pHandler,
	CWhatheverYouWantToHold* pParamObject
	)
{
	DWORD processArr[MAX_TEST_PROCESSES] = {0};
	int i;
	STARTUPINFO si = { sizeof(si) };
	PROCESS_INFORMATION pi;
	TCHAR szBuffer[MAX_PATH];  // buffer for Windows directory
	::GetWindowsDirectory(szBuffer, MAX_PATH);
	_tcscat(szBuffer, TEXT("\\notepad.exe"));

	//
	// Create the only instance of this object
	//
	CApplicationScope& g_AppScope = CApplicationScope::GetInstance(
		pHandler     // User-supplied object for handling notifications
		);
	__try
	{
		//
		// Initiate monitoring
		//
		g_AppScope.StartMonitoring(
			pParamObject // Pointer to a parameter value passed to the object 
			);
		for (i = 0; i < MAX_TEST_PROCESSES; i++)
		{
			// Spawn Notepad's instances
			if ( ::CreateProcess(NULL, szBuffer, NULL, NULL, FALSE, 0, NULL, NULL, &si, &pi)) 
			{
				::WaitForInputIdle(pi.hProcess, 1000);
				processArr[i] = pi.dwProcessId;
				::CloseHandle(pi.hThread);
				::CloseHandle(pi.hProcess);
			} // if
		} // for
		::Sleep(5000);
		for (i = 0; i < MAX_TEST_PROCESSES; i++)
		{
			HANDLE hProcess = ::OpenProcess(
				PROCESS_ALL_ACCESS, 
				FALSE,
				processArr[i]
				);
			if (NULL != hProcess)
			{
				__try
				{
					// Close Notepad's instances
					::TerminateProcess(hProcess, 0);
				}
				__finally
				{
					::CloseHandle(hProcess);
				}
			} // if
			::Sleep(10);
		} // for
	
		while(!kbhit())
		{
		}
		_getch();
	}
	__finally
	{
		//
		// Terminate the process of observing processes
		//
		g_AppScope.StopMonitoring();
	}
}

//---------------------------------------------------------------------------
// 
// Entry point
//
//---------------------------------------------------------------------------
int main(int argc, char* argv[])
{
	CMyCallbackHandler      myHandler;
	CWhatheverYouWantToHold myView; 

	Perform( &myHandler, &myView );

	return 0;
}
//--------------------- End of the file -------------------------------------

Соседние файлы в папке ConsCtl

#
15.06.20146.94 Кб58ApplicationScope.cpp
#
15.06.20143.82 Кб58ApplicationScope.h
#
15.06.20143.3 Кб59CallbackHandler.cpp
#
15.06.20142.04 Кб58CallbackHandler.h
#
15.06.20141.5 Кб58Common.h
#
15.06.20145.48 Кб58ConsCtl.cpp
#
15.06.20145.44 Кб58ConsCtl.dsp
#
15.06.201414.56 Mб58ConsCtl.ncb
#
15.06.2014879 б58ConsCtl.sln
#
15.06.201420.99 Кб58ConsCtl.suo
#
15.06.20149.28 Кб58ConsCtl.vcproj