是否有任何 winapi 调用在事件发生时得到通知
Is there any winapi call to get notify when an event occured
我正在 windows 机器上监控进程 activity。我从 MSDN 得到了一个有用的 link 说重要 Events to Monitor with this information I started building a small piece of code using WINAPI call - SetWinEventHook 代码在下面
但是当遇到那些列在 link Events to Monitor
上的事件时,我无法使用它来控制
任何人都可以提出建议,为什么我无法收到这些提到的事件
LRESULT CALLBACK WndProc(HWND hwnd, UINT iMsg, WPARAM wParam, LPARAM lParam)
{
switch (iMsg)
{
case WM_CREATE:
{
HWINEVENTHOOK st;
// EVENT_SYSTEM_MENUSTART
st = SetWinEventHook(0x44E, 0x44E, NULL, WinEventProc, 0, 0, WINEVENT_SKIPOWNPROCESS);
break;
}
case WM_SHOWWINDOW:
{
//MessageBox(hwnd, L"WM_SHOWWINDOW", L"Message", MB_OK);
break;
}
case WM_DESTROY:
{
PostQuitMessage(0);
ExitProcess(0);
break;
}
}
return DefWindowProc(hwnd, iMsg, wParam, lParam);
}
void CALLBACK WinEventProc(HWINEVENTHOOK hWinEventHook, DWORD event, HWND hwnd, LONG idObject, LONG idChild, DWORD idEventThread, DWORD dwmsEventTime)
{
char buffer[100] = {"[=10=]"};
sprintf_s(buffer, "Event [%d]\n Handle [%p]\n idEventThread [%d]\n EventTime [%d]", event, hwnd, idEventThread, dwmsEventTime);
MessageBoxA(hwnd, buffer, "Message", MB_OK);
}
SetWinEventHook :Sets an event hook function for a range of
events.
一系列事件,请参考Event Constants。
This topic describes the events that are generated by the operating
system and by server applications. The constants are listed in
alphabetical order.
Prior to using these events, client applications should use Accessible
Event Watcher to verify that these events are used by UI elements.
For more information about events in general, see What Are WinEvents?
and System Level and Object Level Events. For more information about
the events sent by the system, see Appendix A: Supported User
Interface Elements Reference.
可以说SetWinEventHook没有那么厉害。它能检测到的事件不包括你说的the malicious activities
我正在 windows 机器上监控进程 activity。我从 MSDN 得到了一个有用的 link 说重要 Events to Monitor with this information I started building a small piece of code using WINAPI call - SetWinEventHook 代码在下面
但是当遇到那些列在 link Events to Monitor
上的事件时,我无法使用它来控制任何人都可以提出建议,为什么我无法收到这些提到的事件
LRESULT CALLBACK WndProc(HWND hwnd, UINT iMsg, WPARAM wParam, LPARAM lParam)
{
switch (iMsg)
{
case WM_CREATE:
{
HWINEVENTHOOK st;
// EVENT_SYSTEM_MENUSTART
st = SetWinEventHook(0x44E, 0x44E, NULL, WinEventProc, 0, 0, WINEVENT_SKIPOWNPROCESS);
break;
}
case WM_SHOWWINDOW:
{
//MessageBox(hwnd, L"WM_SHOWWINDOW", L"Message", MB_OK);
break;
}
case WM_DESTROY:
{
PostQuitMessage(0);
ExitProcess(0);
break;
}
}
return DefWindowProc(hwnd, iMsg, wParam, lParam);
}
void CALLBACK WinEventProc(HWINEVENTHOOK hWinEventHook, DWORD event, HWND hwnd, LONG idObject, LONG idChild, DWORD idEventThread, DWORD dwmsEventTime)
{
char buffer[100] = {"[=10=]"};
sprintf_s(buffer, "Event [%d]\n Handle [%p]\n idEventThread [%d]\n EventTime [%d]", event, hwnd, idEventThread, dwmsEventTime);
MessageBoxA(hwnd, buffer, "Message", MB_OK);
}
SetWinEventHook :Sets an event hook function for a range of events.
一系列事件,请参考Event Constants。
This topic describes the events that are generated by the operating system and by server applications. The constants are listed in alphabetical order.
Prior to using these events, client applications should use Accessible Event Watcher to verify that these events are used by UI elements.
For more information about events in general, see What Are WinEvents? and System Level and Object Level Events. For more information about the events sent by the system, see Appendix A: Supported User Interface Elements Reference.
可以说SetWinEventHook没有那么厉害。它能检测到的事件不包括你说的the malicious activities