Solved

Trapping WM_CREATE message

Posted on 2004-08-11
11
932 Views
Last Modified: 2008-02-01
Is it possible to execute an event whenever a process is being created?

When i take a look at WinSight32, i see that it's able to catch all WM_CREATE messages. However, Application.OnMessage won't catch them all, only those that are sent directly to my application.

Thus, actually, my question comes down to: "can i trap ALL WM_CREATE messages?"

Thanks!
Evarest
0
Comment
Question by:Evarest
  • 7
  • 4
11 Comments
 
LVL 12

Expert Comment

by:Ivanov_G
ID: 11781096
unit Unit1;

interface

uses
  Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
  Dialogs;

type
  TForm1 = class(TForm)
  private
  protected
    procedure OnWMCreate (var Msg: TWMCreate); message WM_CREATE;
  public
  end;

var
  Form1: TForm1;

implementation

{$R *.dfm}

{ TForm1 }

procedure TForm1.OnWMCreate(var Msg: TWMCreate);
begin
  // your code here
  ShowMessage('CREATE');
end;

end.
0
 
LVL 4

Author Comment

by:Evarest
ID: 11781835
That's the code i used, but this won't work for messages _outside_ my application.

Again, i want to have a procedure that can trap ->ALL<- WM_CREATE messages, thus also those that originate from other applications...

Evarest
0
 
LVL 12

Expert Comment

by:Ivanov_G
ID: 11781875
If you want to take all WM_CREATE messages - you will have to use global hook DLL.

http://www.gajits.com/delphihooks.asp
this is a good place to start from.
0
 
LVL 4

Author Comment

by:Evarest
ID: 11782143
That works!

However it seems that setting hooks slows down your system quite a bit. When I set the hook and open an app, all tends to take more time than before... Can it be that these hooks are kind of bottlenecks?
0
 
LVL 4

Author Comment

by:Evarest
ID: 11782147
And if so, is there a better way to know when a new process is being started (without having to create a list with all processes)?
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 
LVL 4

Author Comment

by:Evarest
ID: 11782200
Forget i asked, i think i'm being somewhat paranoid :-)

However, still, is there a way to know when a new process is being started (without having to create a list with all processes)? I'd rather not use the hook, as WM_CREATE messages tend to popup quite often...

Evarest
0
 
LVL 12

Accepted Solution

by:
Ivanov_G earned 50 total points
ID: 11782206
Frankly, I don't know another way to trap messages from another application.

I used hooks before (for key-logger) and I don't think this slows down the system. You can cause some slow with some wrong loop inside the hook or something else. But basically the hook will not affect the system performance in a way that user can notice.
0
 
LVL 4

Author Comment

by:Evarest
ID: 11784025
OK,

seems that there isn't another way to see when a process in being launched...

Thanks!
Evarest
0
 
LVL 4

Author Comment

by:Evarest
ID: 11789023
Just for the curious ones :-)

I have managed to find why my code seemed to slow down my computer.

The problem lays in the code included in the hooking dll Ivanov_G directed me to:

http://www.gajits.com/delphihooks.asp

When I run this code (i used the dll CALLWNDPROCRET.dpr), it'll do a callback on a procedure:

function WNDPROCRET_HookProc(nCode: Integer; iWPARAM: wParam; iLPARAM: lParam): LResult; stdcall;

As your dll is kind-a attached to your application, by use of SetMainHandle(Handle: HWND), it'll get into problems when you focus or even move your mouse over any form, control, whatever of your application! You'll see that your CPU usage jumps from 0-95 in about a sec :-)

I couldn't find a real solution, except sending some extra information whether the program was maximized or not to the dll. However, this didn't seem to work completely...

As i couldn't solve this problem completely, i decided not to use Hooks after all...

Evarest
0
 
LVL 12

Expert Comment

by:Ivanov_G
ID: 11790723
"your CPU usage jumps from 0-95 in about a sec"

I didn't have this problem when using hooks. I don't know what to advice you.
0
 
LVL 4

Author Comment

by:Evarest
ID: 11791314
Maybe that's because you only use the WH_GETMESSAGE. This will only monitor the mousebutton and keyboard, and thus won't give any problems regarding CPU... (as all other messages are disregarded)
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

Suggested Solutions

Objective: - This article will help user in how to convert their numeric value become words. How to use 1. You can copy this code in your Unit as function 2. than you can perform your function by type this code The Code   (CODE) The Im…
Creating an auto free TStringList The TStringList is a basic and frequently used object in Delphi. On many occasions, you may want to create a temporary list, process some items in the list and be done with the list. In such cases, you have to…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now