I'm trying to use QSharedMemory and QClipboard to share data between a SYSTEM process (running on the WinSta0\\Winlogon desktop) and a normal user process, but both fail to share data with others non-SYSTEM processes running on the normal desktop. I belive this is because the WinSta0\\Winlogon desktop is a isolated desktop.
My app is a program that takes shots of the Windows Secure Desktop and send it to clipboard.
The question is: Is there any way to share memory data between that process and non-SYSTEM processes? (Actually I'm using a file to do the job).
On Windows Vista and later, system services run in an isolated session ("session 0"). This is the most likely cause of your problem. (Note that all system services run in session 0, regardless of whether they are running in the SYSTEM security context or not. Similarly, it is possible to launch processes as SYSTEM in an arbitrary session.)
Each session has a separate WinSta0 workstation, and hence a separate clipboard. So clipboard functionality is not going to work here.
It is possible for file mapping objects (shared memory) to work across session boundaries. However, I don't know whether it is possible to do this with Qt. The best bet would appear to be to use setNativeKey which presumably determines the name of the file mapping; to make a file mapping cross session boundaries, use a name that begins with Global\ as described in the MSDN article on CreateFileMapping. If possible, consider using the Win32 API directly rather than Qt.
Related
We manage an legacy system from the early 80s. It is awkward to access the file system on it, and we're therefore thinking on methods to work with the files from Windows.
We have looked at two methods for doing this:
Create a user space file system (eg with Callback File System).
Looks to me like the best solution, but it is expensive
Create a CIFS/SMB server to share the files on the network and mount using "net use"
I'm not sure if this option even is possible
I have not found any good examples of how I write an SMB server. Maybe there's a reason for that?
My questions are:
Is the method two possible?
Is it possible to mount a CIFS/SMB share locally if there is no network connection?
What are the pros and cons of the two methods?
Edit
The legacy system runs under Windows in a house developed emulator (which works in much the same way as VMware). It is in this emulator we want to expand the functionality to distribute the file system in the legacy system to Windows.
The legacy system is totally unique. Both the operating system and file system is house developed (and very odd).
I need to customize right click so that I can scan a directory with my anti-virus. I know how to do that using registry keys, but the problem is that I don't want to start a new instance of my program every time I want to scan a directory. My anti-virus needs to load some signature databases so it will take around 15 seconds for the program to load those. I need to use the instance of the program which I have already opened and is running for scanning the directory. How can I do that?
I am using C++Builder.
Thanks.
Considering you already know how to add the item to the right click contextual menu, I suggest implementing a client/server set of applications:
A server that loads up when you turn your computer on and does the scanning, and
The client that tells it what to do using IPC - inter-process communication.
You then add the client application to various contextual menus, passing it arguments that indicate what it should get the server to do depending on what you right-clicked on.
IPC is a bit of a pain in the butt, the easiest way is to use TCP/IP to and do local networking using a network library. There are many out there, however given you'll likely want to have other features such as UI elements and a tray icon, I suggest you look at Qt, namely the following components:
QtNetwork: For performing communication between the client and the server executable.
QSystemTrayIcon: For displaying a small icon on the tray.
There are quite a few other little bits of Qt you'll no doubt encounter (like all the fabulous UI stuff), and fortunately Qt is well documented and help is always available here, and from the Qt Developer Network. You can get started with Qt by downloading and installing the SDK:
http://qt.nokia.com/downloads/
Best of luck :).
Implement a DDE server in your anti-virus, and then add a ddeexec subkey to your Registry key. Alternatively, add an OLE Automation object to your app that implements the IDropTarget interface, and then add a DropTarget subkey to your Registry key that specifies the object's CLSID.
Either way, whenever your menu item is then invoked, Windows will call into your existing app instance if it is already running, otherwise it will launch a new instance and then call into it. Either way, Windows is handling all of that for you. All you are doing is providing an entry point for Windows to call into.
I would suggest the IDropTarget method, because DDE is deprecated, and because IDropTarget is more flexible. While your app is running, you could re-use the same IDropTarget object to handle OLE Drag&Drop operations on your app's UI window and Taskbar button, and support automated invokations of your scanner by other apps.
This seems to be typical application:
1. One part of the program should scan for audio files in background and write tags to the database.
2. The other part makes search queries and shows results.
The application should be crossplatform.
So, the main search loop, including adding data to database is not a problem. The questions are:
1. What is the best way to implement this background working service? Boost(asio) or Qt(services framework?)?
2. What is the best approach, to make a native service wrapper using mentioned libraries or emulate it using non gui application?
3. Should I connect gui to the service(how they will communicate using boost or qt?) or directly to the database (could locks be there?)?
4. Will decsision in point 1 consume all CPU usage? And how to avoid that? How to implement scanning for files less cpu consumable?S
I like to use Poco which has a convenient ServerApplication class, which can be used in an application that can be run as either a normal command-line application, or as a Windows service, or as a *nix daemon without having to touch the code.
If you use a "real" database (MySQL, PostgreSQL, SQL Server), then querying the database from the GUI application is probably fine and easier to do. If you use another type of database that isn't necessarily multi-user friendly, then you should communicate with the service using loopback sockets or pipes.
As far as CPU usage, you could just use a bunch of "sleep" calls within your code that searches files to make sure it doesn't hog the CPU and IO ports. Or use some kind of interval notification to allow it to search in chunks periodically.
I was having a discussion with a colleague about whether or not the following is possible:
Install an MFC application from a USB drive in Windows XP (this installation would be initiated manually by a user with sufficient privileges to install software).
After rebooting, this application should start instead of the default Windows XP shell (explorer.exe).
Does anyone know how I might accomplish this?
You won't be able to run an MFC application before windows starts up because by definition MFC runs off of windows DLLs that are not loaded until windows itself is. Not to mention that Windows is what is responsible for loading a PE in the first place, so you won't even be able to load a compiled EXE or DLL without a custom bootstrapper.
In order to do what you want to do you have a few options. There are (easy) ways for windows to be set to load an application on startup. If that is what you want, then this is entirely possible.
However, if you wish to execute code before and while windows is starting up, then you must first overwrite the bootstrapper (with something like GRUB), execute your code (again, you will not have access to any standard library - you will have to operate directly on the buffers made available to you by the CPU if you wish to do any sort of I/O), then start up windows by launching its bootstrapper. I have no idea how to do this; but that is the general overview of what must happen.
You mentioned DLL injection, which is another possibility. I am not familiar with what DLLs, and in what order, are loaded during windows startup. That will be an exercise for you. What you will have to take into consideration, is that the higher level you want to exist in (i.e. what libraries are available for you to do File/Console I/O) the higher up you need to execute your code in the windows startup process.
My suggestion to you is simply write a program that executes as a service that is started up during windows initialization. Its easy to do, and you will have the entire HAL loaded and ready to actually perform tasks - rather then you having to write device-specific drivers in order to manipulate hardware before window's loads the HAL.
Modify HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit registry value with full path to your application. This key specifies what program should be launched right after a user logs into Windows. The default program for this key is C:\windows\system32\userinit.exe. Userinit.exe is a program that restores your profile, fonts, colors, etc for your username. It is possible to add further programs that will launch from this key by separating the programs with a comma
From kernel mode in Windows I'm able to intercept and monitor virtually all actions performed on a particular disk. When a file is opened for any purpose I get an event.
Now I want to trace which application that opened it. I think this should be possible but don't know how.
I'm using the standard file management functions in Windows Win32 API.
Thanks in advance.
/Robert
Sysinternals Filemon (free) does this, and better yet they describe how they did it:
For the Windows 9x driver, the heart
of FileMon is in the virtual device
driver, Filevxd.vxd. It is dynamically
loaded, and in its initialization it
installs a file system filter via the
VxD service,
IFSMGR_InstallFileSystemApiHook, to
insert itself onto the call chain of
all file system requests. On Windows
NT the heart of FileMon is a file
system driver that creates and
attaches filter device objects to
target file system device objects so
that FileMon will see all IRPs and
FastIO requests directed at drives.
When FileMon sees an open, create or
close call, it updates an internal
hash table that serves as the mapping
between internal file handles and file
path names. Whenever it sees calls
that are handle based, it looks up the
handle in the hash table to obtain the
full name for display. If a
handle-based access references a file
opened before FileMon started, FileMon
will fail to find the mapping in its
hash table and will simply present the
handle's value instead.
-Adam
Sysinternals did a so good job at doing it and explaining it, that some source code of old version are still available here for instance, and the code is well documented (imho). It could be a good start as well.
I would use the "handle.exe" app from Sysinternals.
Or, are you actually trying to do this programmactically?
Just use Win32 N.API to get the pid from the File handle.
It's a FAQ for 15 years...