Mat_a
asked on
Detecting application launches
Is there a way (I suspect a particular windows message) to find out when people launch programs/applications? Secondly once I can detect that is it possible to find out if it was launced with any parameters etc.?
ASKER
I'm not looking to see if my app is run again, I'm wanting to monitor all application activity. If you have any info on windows hooks to do this I will award the points, any answer to this would be great :)
Mat,
I was not talking about a second instance of your application, I meant a totally different application (I think that's what you are aiming at, right ;-)).
What kind of activity are you after? If you just want to know if app xy is launched, you could do it with a hook (if you got the classname, window title, ... of it).
If nobody else has a better idea I'll have a look at my personal code library for an example! ;-)
Markus
I was not talking about a second instance of your application, I meant a totally different application (I think that's what you are aiming at, right ;-)).
What kind of activity are you after? If you just want to know if app xy is launched, you could do it with a hook (if you got the classname, window title, ... of it).
If nobody else has a better idea I'll have a look at my personal code library for an example! ;-)
Markus
ASKER
Markus
Ok, just double checking... A present it will be monitoring game launches. I could put a fake exe file there that send all teh params on and reports, but it's a lot of hassle for end users (and I don't even know if my idea will work), so I was hoping to find out when a game gets launched and what params are used :)
Have to say I've never done hooks before.
Ok, just double checking... A present it will be monitoring game launches. I could put a fake exe file there that send all teh params on and reports, but it's a lot of hassle for end users (and I don't even know if my idea will work), so I was hoping to find out when a game gets launched and what params are used :)
Have to say I've never done hooks before.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
btw: the sample above subclasses notepad, just compile, run it and open notepad...
you can use the IShellExecuteHook (doesn't 'catch' the apps run with CreateProcess)
http://www.delphi-si.com/forum/prikazisporocila.php?tema=271&mesto=0
// main unit source
unit mainunit;
interface
uses
Windows, ActiveX, ComObj, ShlObj, ShellAPI, SysUtils;
type
TTShellExeWiz = class(TComObject, IShellExecuteHook)
protected
{Declare IShellExecuteHook methods here}
function Execute(var ShellExecuteInfo: TShellExecuteInfo): HResult; stdcall;
end;
const
Class_TShellExeWiz: TGUID = '{EEF655B2-0ADA-11D3-A850- 00A0240CD0 D7}';
implementation
uses ComServ, Dialogs;
{ TTShellExeWiz }
function TTShellExeWiz.Execute(
var ShellExecuteInfo: TShellExecuteInfo): HResult;
begin
Result := S_FALSE; // Allow the action to be processed
with ShellExecuteInfo do
begin
if (Pos('notepad', ExtractFileName(lpFile)) > 0) then
begin
hInstApp := 33; // Must be >32 not to be an error
Result := S_OK;
ShowMessage('Jurk pa ne pusti zagnat Notepad.exe :-)');
end;
end;
end;
initialization
TComObjectFactory.Create(C omServer, TTShellExeWiz, Class_TShellExeWiz,
'TShellExeWiz', '', ciMultiInstance, tmApartment);
end.
// dll source
library IShellHook;
uses
ComServ,
Registry,
ActiveX,
Windows,
mainu in 'mainu.pas',
IShellHook_TLB in 'IShellHook_TLB.pas';
function DllRegisterServer: HResult;
begin
Result:=ComServ.DllRegiste rServer;
if Failed(Result) then exit;
with TRegistry.Create do
try
RootKey:=HKEY_LOCAL_MACHIN E;
if OpenKey('Software\Microsof t\Windows\ CurrentVer sion\explo rer\ShellE xecuteHook s', false) then begin
try
WriteString('{EEF655B2-0AD A-11D3-A85 0-00A0240C D0D7}', 'ShellExecCOMHook');
Result:=S_OK;
except
Result:=E_FAIL;
end;
CloseKey;
end;
finally
Free;
end;
end;
function DllUnregisterServer: HResult;
begin
Result:=ComServ.DllUnRegis terServer;
if Failed(Result) then exit;
with TRegistry.Create do
try
RootKey:=HKEY_LOCAL_MACHIN E;
if OpenKey('Software\Microsof t\Windows\ CurrentVer sion\explo rer\ShellE xecuteHook s', false) then begin
if DeleteValue('ShellExecCOMH ook') then
Result:=S_OK;
CloseKey;
end;
finally
Free;
end;
end;
exports
DllGetClassObject,
DllCanUnloadNow,
DllRegisterServer,
DllUnregisterServer;
{$R *.TLB}
{$R *.RES}
begin
end.
I'll try to find the complete project and post a link to it
http://www.delphi-si.com/forum/prikazisporocila.php?tema=271&mesto=0
// main unit source
unit mainunit;
interface
uses
Windows, ActiveX, ComObj, ShlObj, ShellAPI, SysUtils;
type
TTShellExeWiz = class(TComObject, IShellExecuteHook)
protected
{Declare IShellExecuteHook methods here}
function Execute(var ShellExecuteInfo: TShellExecuteInfo): HResult; stdcall;
end;
const
Class_TShellExeWiz: TGUID = '{EEF655B2-0ADA-11D3-A850-
implementation
uses ComServ, Dialogs;
{ TTShellExeWiz }
function TTShellExeWiz.Execute(
var ShellExecuteInfo: TShellExecuteInfo): HResult;
begin
Result := S_FALSE; // Allow the action to be processed
with ShellExecuteInfo do
begin
if (Pos('notepad', ExtractFileName(lpFile)) > 0) then
begin
hInstApp := 33; // Must be >32 not to be an error
Result := S_OK;
ShowMessage('Jurk pa ne pusti zagnat Notepad.exe :-)');
end;
end;
end;
initialization
TComObjectFactory.Create(C
'TShellExeWiz', '', ciMultiInstance, tmApartment);
end.
// dll source
library IShellHook;
uses
ComServ,
Registry,
ActiveX,
Windows,
mainu in 'mainu.pas',
IShellHook_TLB in 'IShellHook_TLB.pas';
function DllRegisterServer: HResult;
begin
Result:=ComServ.DllRegiste
if Failed(Result) then exit;
with TRegistry.Create do
try
RootKey:=HKEY_LOCAL_MACHIN
if OpenKey('Software\Microsof
try
WriteString('{EEF655B2-0AD
Result:=S_OK;
except
Result:=E_FAIL;
end;
CloseKey;
end;
finally
Free;
end;
end;
function DllUnregisterServer: HResult;
begin
Result:=ComServ.DllUnRegis
if Failed(Result) then exit;
with TRegistry.Create do
try
RootKey:=HKEY_LOCAL_MACHIN
if OpenKey('Software\Microsof
if DeleteValue('ShellExecCOMH
Result:=S_OK;
CloseKey;
end;
finally
Free;
end;
end;
exports
DllGetClassObject,
DllCanUnloadNow,
DllRegisterServer,
DllUnregisterServer;
{$R *.TLB}
{$R *.RES}
begin
end.
I'll try to find the complete project and post a link to it
ASKER
DaFox - Works well.... I'm trying to figure out how to adapt this to watch all run apps, or how to remove the hook automatically after the info has been checked/tested
Lee - Can't find the IShellHook_TLB unit
Thanks guys for the help, I've upped points to 200 to grab for you help
Lee - Can't find the IShellHook_TLB unit
Thanks guys for the help, I've upped points to 200 to grab for you help
Hi, the code that i sent to you shows how to implement the communication mechanism between the dll and the Delphi app. It does not cover the shellexecute hook as it was covered in a previous post. I will check your code and see what can be done...
A windows hook would be one possibility to detect the launch though.
Markus