Monitor program
(Harbin Zhao Xiaohui)
Monitor, this name seems to be very strange. Its use is mainly in the background surveillance system
Changes in key information, such as changes in registry and changes caused by file operation on hard disk
and many more.
Maybe someone will ask, what is the value of making such a program? The file on the hard disk changed,
As long as I don't know if I am in the resource manager? The problem is of course not simple,
Now everyone's hard drives have used G to do units, a 4.3G hard disk, large and small text
There will be a number of thousands of thousands of pieces, and friends who believe in new purchase will consider the big hard drive of IBM10.1G.
The number of files will be even more imaginable), let alone those who invisible system files and hidden files
. Coupled with the registry, the rules of the rules are not less than the file on the hard disk.
If you want to know if your machine changes, it is definitely not a very easy thing. Monitor
The program can detect these changes at any time to help us understand these situations.
Of course, this is only part of the monitoring program. Its biggest role is to record certain
The change before and after the software installation, thereby providing an important basis for uninstalling this software. although
Windows comes with a Uninstall Shield, but it doesn't seem to be very cleanly
The software is removed, each uninstalled will always leave some annoying residues, causing spam in the system.
Continuously, our hard disk space is always inexplicably and less. So some
A dedicated uninstall tool that is fully uninstalling software is delivered. In this, there are some use.
Monitor the technology of the system, such as Uninstaller Manager and Regmonitor.
Below we are beginning to discuss how to program the implementation of this monitoring. First introduce a few important
API function:
Findfirstchangenotification ();
FINDNEXTCHANGENOTIFICATION ();
WaitforsingleObject ();
Where FindfirstChangenotification (LPZPATH, FWATCHSUBTREE, FDWFILTER)
LPZPath denotes the path name to be monitored, and fWATCHSUBTREE determines if the subdirectories are viewed.
FDWFilter is an event to be monitored, and the function will return a handle after successful.
The value of the parameter fdwfilter and its implications are as follows:
FILE_NOTIFY_CHANGE_FILE_NAME
View changes to any file name in the specified directory
FILE_NOTIFY_CHANGE_DIR_NAME
View changes to any directory name in the specified directory
FILE_NOTIFY_CHANGE_SIZE
View changes in file size in the specified directory
FILE_NOTIFY_CHANGE_ATTRIBUTES
View changes to file properties in the specified directory
FindnextChangeNotification (HChange), Hchan
GE is the handle returned by FindFirstChangenNotification, its function is the request system
When the corresponding change is detected next time, a change notification message handle is issued. When the function is successfully returned, it should
Use the program to wait for WaitFormultiPleObjects or WaitfforSingleObject to wait
Notice of changing changes. WaitforsingleObject (HChange, dwmilliseconds)
Hchange is a handle returned by FindfirstChangeNotification, dwmilliseconds
For the waiting time value, specify the time waiting to complete the time, the unit is millisecond. This value is -1 indicates that the time is infinite. It is best to use FindClosechangenotification (HChange) before ending the monitoring program.
To close the handle.
The following is given a simple instance, its function is to monitor whether the C: / PWIN98 directory is
There is a change in file. Once you have a rename, create or delete the situation, control over the EDIT
A tip is given.
//
----------------
#Include
#Pragma HDRSTOP
#Include "unit1.h"
// ----------------
#Pragma package (smart_init)
#Pragma resource "* .dfm"
TFORM1 * FORM1;
// -----------------
__fastcall tform1 :: tform1 (tComponent * Owner)
: TFORM (OWNER)
{
}
// -------------------
Void __fastcall tform1 :: formcreate (TOBJECT * SENDER)
{
DWORD DWWAITSTATUS;
Handle dwchangehandle; // Return to the handle of the notification
DWChangeHandle = FindfirstchanGenotification
"C: // PWIN98", FALSE, FILE_NOTIFY_CHANGE_FILE_NAME); // Set the handle of returning notification
IF (dwchangehandle == invalid_handle_value)
// Judgment whether it is set successfully
EXITPROCESS (GetLastError ());
While (TRUE) {// Set loop, monitoring
DwWaitStatus = WaitforsingleObject (dwchangehandle, -1); // Notification Back
Switch (dwwaitstatus) {
Case 0:
Edit1-> text = "something change"; / / give a prompt
FindClosechangenNotification (dwcchangehandle); // Close handle
EXIT (exit_success); // Exit the program
DEFAULT:
EXITPROCESS (GetLastError ());
}
}
}
The program is passed under C Builder4 / PWIN98, because the C Builder language is very standard, so it is easy to extend to other programming locale.
This example shows how to monitor file changes in the hard disk, have functions for the registry.
RegNOTIFYCHANGEKEYVALUE () can achieve similar features, here is omitted here.
How, I read this article, whether it is for Uninstaller Manager and REG MONITOR?
The software has a more in-depth understanding. In Windows programming, some API functions have played an important
The role allows the program to achieve many advanced features. Because the API function is based on C language syntax
It is given, so C Builder has a unique advantage to support the API function and macro.
very good. Not good, how do you run questions?
Still dry, don't you want to hurry to prepare your own Uninstaller Manager?
