Solved

Detect program starting

Posted on 1998-07-22
10
159 Views
Last Modified: 2010-04-04
How can I detect from Delphi 2.0 programs if any Windows program is starting and read it's path? HELP ME, fastest as yu can!
0
Comment
Question by:mmilan
  • 3
  • 3
  • 2
  • +2
10 Comments
 

Expert Comment

by:westy100697
ID: 1358379
This is not really an answer more of a direction I think you should look at. Have a look in the Win32 help file for Event Logging Information. The procedures to look at i reckon relate to the registry and log files. These are as follows

GetNumberofEventLogRecords()
GetOldestEventLogRecord()
OpenEventLog()
ReportEvent()
ReportEventLog()
etc etc

See if that helps at all...
Like I said may not be a solution but may point you in direction...

WESTY
0
 
LVL 4

Expert Comment

by:erajoj
ID: 1358380
An easy way, not the best, is to scan the process list (process walking) by using
Process32First and Process32Next. Then you will get a complete list of all available
Win32 processes.

OR

.even easier, if you just want to detect windowed "programs"; use EnumWindows, EnumChildWindows to get all visible windows.

/// John
0
 
LVL 4

Accepted Solution

by:
d003303 earned 50 total points
ID: 1358381
Yo,
set a WH_SHELL hook with SetWindowsHookEx and listen to the HSHELL_WINDOWCREATED hook code in your hook proc.
Hook procedures need to resist in a DLL and are mapped in the process space where the hook event occured. So you cannot pass parameters through global DLL variables. You need memory mapped files for that.
For sample code, you'll have to increase the points ;-)

Slash/d003303
0
Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 

Expert Comment

by:bome
ID: 1358382
Well, don't want to offend you, d003303, but I have made a freely available shell hook component. mmilan, give him the points and I'll give you the component... ;)

On the other hand I don't understand ..."and read it's path?"
What do you want to say with that ?

bome
0
 
LVL 4

Expert Comment

by:erajoj
ID: 1358383
The executable filename?
0
 

Author Comment

by:mmilan
ID: 1358384
Is it OK, HURRY UP!
0
 
LVL 4

Expert Comment

by:d003303
ID: 1358385
Yo,
mmilan, reject my answer and give bome the points !
bome, no problem. Just didn't know you have something for hooking in stock ;-)

Slash/d003303
0
 

Expert Comment

by:bome
ID: 1358386
OK, read the executable filename. My component does not provide that.

mmilan, what do you mean with hurry up ?

bome
0
 

Expert Comment

by:bome
ID: 1358387
OK, d003303.
mmilan, download it at
http://clio.unice.fr/~fbomers/Watch100.zip

I don't want the points, d003303, your answer was right and appropriate for the points.

bome

PS: and I was too late :)
0
 
LVL 4

Expert Comment

by:d003303
ID: 1358388
Yo,
I took a look at your problem with the program path. The only thing you can get is the name of the module (EXE, DLL, VXD, DRV, ...) and the name of the process (EXE) the window belongs to. AFAIK there is no way to get the complete path out.
If you want to write a log with all used apps on the system, you may want to create a continiously updated table with EXE files in the system and search through that with the process file name.

Slash/d003303
0

Featured Post

Free Tool: Postgres Monitoring System

A PHP and Perl based system to collect and display usage statistics from PostgreSQL databases.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

A lot of questions regard threads in Delphi.   One of the more specific questions is how to show progress of the thread.   Updating a progressbar from inside a thread is a mistake. A solution to this would be to send a synchronized message to the…
Introduction The parallel port is a very commonly known port, it was widely used to connect a printer to the PC, if you look at the back of your computer, for those who don't have newer computers, there will be a port with 25 pins and a small print…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question