I am writing my own version of DebugView using this article:
https://www.codeproject.com/Articles/23776/Mechanism-of-OutputDebugString
as a starting point.
According to the article OutputDebugString() first locks a mutex named "DBWinMutex" and the writes to a 4096 bytes area of shared memory named "DBWIN_BUFFER" and then signals an event named "DBWIN_DATA_READY".
The code seems to be working fine. However how can I make sure that it will work for all versions of Window?
What prevents Microsoft from e.g. renaming the shared memory area to "DBWIN_BUFFER2"?
I am looking for some offical documentation of the DBWIN mechanism and ideally also a header file with defines of these string constants.
This is asking about implementation details, that are deliberately not publicly documented. The documented way to receive data from a call to OutputDebugString is to call WaitForDebugEventEx and evaluate OUTPUT_DEBUG_STRING_INFO DEBUG_EVENTs.
The documentation comes with a full sample on how to write the debugger's main loop.
Related
I need to hook copyfile in order to stop the process whenever a malicious file is being copied. I saw a question asked by Cat Man Do
Hook into the Windows File Copy API from C#
and he mentioned that there is a solution for this problem in c++. I am using embarcadero c++ builder(non-MFC). Is this solution applicable for c++ builder and if it is can anybody post the link or give me a hint on how to hook copyfile in c++?
You're not being specific about what you mean by "stop the process" - whether there is a specific process you are interested in, or whether you want to block all file copies throughout the entire system. If you want to block all file copies throughout the system, then what you're looking for is a file system filter driver. This is extremely advanced, since you will be writing a kernel-mode driver. Not for the faint of heart. Note also that you may end up being flagged as malware yourself, since malware will try to hook the file system in order to hide themselves.
I recommend using Deviare API hook to do it. You can use its COM objects to intercept CopyFile and CopyFileEx APIs and prevent the call returning ACCESS DENIED in the last error.
How can I lock a file in windows to only current thread (no other threads from same process and no other processes) can access (read/write) the file?
If it is possible please tell me some fcntl-like solution (solution which locks file having its descriptor). But in any case other solutions are welcome too.
In Windows, you can open a file with exclusive access with the API function CreateFile and specifying 0 as the share mode. More details at this MSDN link, and this MSDN link.
Use the WinAPI call LockFile, Here is a example of its use. However this will only protect you from other processes from touching your file, it still lets other threads in the same process use the file.
EDIT:
I did not see this was C++ sorry, I only know the inter thread c# solution, however that MSDN link can at least get you started on preventing other processes from touching your file.
How do I go about hooking/redirecting a function in a DLL (say, CreateThread from Kernel32.dll) loaded in the current process?
(I don't have control over which pieces of code call CreateThread, so it's not like I can just have the code something else instead.)
The language doesn't matter much; I'm guessing C/C++ would be the best choices for this.
Update:
I forgot to mention: I'm not looking for solutions that require the bundling of extra libraries into my program; I was looking for a manual way of doing the hooking (such as by rewriting the address of the function), not for using an external library to do this.
But thanks to those who mentioned an external library; sorry I didn't say this earlier.
there's MS library for this: Detours
(This most likely would have been more appropriate as a "comment" under the "Detours" answer, but, as my "reputation" isn't enough yet to add comments I guess, let me post it as an answer)
This post under this thread ("DirectShow question") mentions a replacement/home-grown alternative to Detours (with some rough code example as well) by Alessandro Angeli.
I've actually first found it quoted in another thread ("problem in hooking cocreateinstance") while also searching for COM component creation hooking/tracing (This second thread is more focused on cross-process hooking though).
Let me also add a link for WinAPIOverride32 (by Jacquelin Potier) for convenience here as well. It seems to have "developer designed GUI" :) but, no complaints at all as it is open source (as mentioned above).
Check out http://easyhook.codeplex.com/
It's an API Hooking framework.
Its open source, very easy to use!
I was looking up something, and stumbled upon this code:
http://google.com/codesearch?q=kBrowserThreadNames
Where can I find the source for base::Thread?
(Thing is, in debugging something running under firefox.exe, I notice Gecko_IOThread is setting it's thread name in some kind of way and wanted to look up how.)
A quick Mozilla MXR lookup seems to indicate that it's defined in mozilla/ipc/chromium/src/base/thread.h
Edit:
I was also curious about the presence of Chronium code in Mozilla so I googled a bit and found this on the blog of Benjamin Smedberg the commiter of the code:
IPDL is a language which precisely
describes the messages that can be
passed between processes, and allows
developers to define a state machine
and error handling conditions for
messages and resources shared across
processes. IPDL layers on top of an
IPC stack that Mozilla copied from the
Chromium codebase
Just click your way into the code...
http://google.com/codesearch/p?hl=en#cFooKvxdTls/ipc/chromium/src/base/thread.cc&q=kBrowserThreadNames&d=2
I want to execute a certain batch file and redirect its console output to a text control in visual c++ or redirect the console output at the same time the logs/echo are showing.
Basically, you have to make the run process to write to a pipe, and to read the output of this pipe.
[EDIT] I know how SciTE does that (you can take a look at the source: win32/SciTEWin.cxx, ExecuteOne function), I searched a slightly more generic way, found How to spawn console processes with redirected standard handles from Microsoft itself.
If you seach CreatePipe PeekNamedPipe CreateProcess keyword, for example, you might find other examples.
Another option is to use Boost.Process (Boost.Process is not (yet) an official Boost C++ library. It must be downloaded and installed separately).
The example "Child.4 - Reading from a child using asynchronous I/O" shows how to redirect the output of the child process into a C++ stream (and later access the content).
Example "Child.4 - Reading from a child using asynchronous I/O" show how to use Boost.Process togehter with Boost.Asio to access the childs I/O asynchronous.
The advantages of this method is, that Boost.Process supports the Windows API and POSIX API.
If elegance is not a priority then a really simple solution might be to redirect the output to a file, and then read in the file contents.