Solved

Trapping a Windows Message

Posted on 2004-04-21
15
553 Views
Last Modified: 2008-03-06
I have a application that runs on a server.  I would like to create an event procedure that fires when ever a Window Message tells a process (test.exe) to start.  Before the Message actually tells the process to start I need my application to check certain things, then if everything is good let the Message through to start the process.

1.  Is there a tool that will show me the Window Message that start an application or process?  Maybe something by sysinternals?

2.  How can I create an Procedure that traps the message that starts the app or process?

Thanks
0
Comment
Question by:jbauer22
  • 7
  • 5
  • 2
15 Comments
 
LVL 19

Expert Comment

by:BrianGEFF719
ID: 10883291
well you can modify a registry value to intercept all running of EXE Files...this is acctually how some viruses load. It might be highly un-conventional, but it will work. The same way a TEXT file knows to open with Notepad, you can make an EXE file load with your program.

Then just process the command line args.

dim cmds as string
cmds = commands$
if instr(commands$,"virus") then
 msgbox "This program is not allowed to run"
else
 shell(command$)
end if


modify HKEY_CLASSES_ROOT\EXEFile\Shell\Open\Command to

c:\interceptprogram.exe "%1" %*
0
 
LVL 19

Expert Comment

by:BrianGEFF719
ID: 10883300
sorry it should be COMMAND$
0
 
LVL 27

Expert Comment

by:Ark
ID: 10884596
Take a look on my sample http://www.freevbcode.com/ShowCode.Asp?ID=1308
>>This is a .dll that uses a number of shell functions (including some undocumented ones) to hook and log a variety of shell messages (e.g., window creation, window activation, window deactivation). Included is a sample client project that illustrates how to use the .dll to log shell events. Be sure to register the .dll before running the sample project.<<
0
 
LVL 19

Expert Comment

by:BrianGEFF719
ID: 10884877
The reason I recommended my way was because, we all know a window is not needed to execute code. Thats the reason I suggested my highly un-orthodox code.



-Brian
0
 
LVL 27

Expert Comment

by:Ark
ID: 10884911
Brian, this key is for shell open command (ie if you start app from explorer/desktop). Try your sample with command prompt/Run menu.
0
 
LVL 19

Expert Comment

by:BrianGEFF719
ID: 10884921
but doesnt the visual basic Shell() command do the same thing. The only thing that would work different would be CreateProcess() API.


-Brian
0
 
LVL 19

Expert Comment

by:BrianGEFF719
ID: 10884922
Correct Me if I am wrong.

0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 19

Expert Comment

by:BrianGEFF719
ID: 10884965
Acctually I retract my previous statement. Shell() Command does not at all play with the registry nor does CreateProcess(). So maybe a combination of Window Checking and Explorer shell modifying would be in order.


-Brian
0
 
LVL 27

Expert Comment

by:Ark
ID: 10884971
Yes, but most application (c++/other then VB based) use CreateProcess() instead of ShellExecute(.."open")
0
 
LVL 2

Author Comment

by:jbauer22
ID: 10894664
Brian - I'd like to intercept the specific message that is starting the EXE.

Ark - It looks like the example only captures window events.

Thanks.
0
 
LVL 27

Expert Comment

by:Ark
ID: 10895995
Sory, probably I misundersood smth. What do you mean "Window Message that start an application or process"? Messages are sending to already opened windows and can not start a process.
0
 
LVL 19

Expert Comment

by:BrianGEFF719
ID: 10896720
Ark: I think what he is saying is that he wants to intercept all CreateProcess() API Calls and all ShellExecute API calls which cannot be easily done.
0
 
LVL 2

Author Comment

by:jbauer22
ID: 10972412
Brian - Are there any tools to help me intercept the CreateProcess and ShcellExecute Calls?
0
 
LVL 27

Accepted Solution

by:
Ark earned 500 total points
ID: 10982566
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

The debugging module of the VB 6 IDE can be accessed by way of the Debug menu item. That menu item can normally be found in the IDE's main menu line as shown in this picture.   There is also a companion Debug Toolbar that looks like the followin…
This article describes some techniques which will make your VBA or Visual Basic Classic code easier to understand and maintain, whether by you, your replacement, or another Experts-Exchange expert.
Get people started with the process of using Access VBA to control Outlook using automation, Microsoft Access can control other applications. An example is the ability to programmatically talk to Microsoft Outlook. Using automation, an Access applic…
Show developers how to use a criteria form to limit the data that appears on an Access report. It is a common requirement that users can specify the criteria for a report at runtime. The easiest way to accomplish this is using a criteria form that a…

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now