Capturing network status change event - c++

I am trying to get events when the internet connection is reestablished after it is lost. It is for a data transfer software that I am developing. If I lose the network during data transfer, I would like to be notified when it is back and continue the transfer automatically.
I can of course create a separate thread and check the network once in a while with a timer, but maybe there is a better option out there.
I am developing for windows mainly, in C++ (not .net).
I can also use wxwidgets (I use it for GUI) but I doubt it offers any related functionality.

You might want to check out the System Event Notification Server (SENS) API http://msdn.microsoft.com/en-us/library/cc185680(VS.85).aspx
I have not actually used it, but it seems like it supplies the events your looking for.
EDIT:
WMI appears to have all the information you need about various network connectivity and state changes. It also has an asynchronous event model that can be used to get notifications. The trick is, i suppose, generating the proper WMI query to get the information you want. This blog looks like the right type of query, and this MSDN explains how to handle the events asynchronously.

I don't know which protocol you use and whether you can control the destination, but in that case, the destination can poll for a retry. The destination knows best what it has received, so it can give the received number of bytes as offset for the retransmission.

This MSDN link gives a very detailed example of how to capture events on WMI with COM. The example doesn't actually capture network events - but I believe that if you plug the right query in, it would work.
(lots of code here, so I'm not copying it into the answer)
http://msdn.microsoft.com/en-us/library/aa390425%28v=vs.85%29.aspx

this Codeproject link gives detail on
How to use the Windows NLM API to get notified of new network
connectivity
And maybe helpful to any challenge related to this one.
An application often needs to know if the machine has internet
connectivity and take actions depending on that. In this sample, we
are looking at the usage of the Windows NLM API in managed code so
that an application can choose to respond to internet connectivity
changes. There are many other specific NLM APIs for checking domain
connectivity, network adapter interfaces etc., that haven't been
mentioned in this article; you can refer to this link for further
details. The downloadable zip file has the source code.
more reading here
https://www.codeproject.com/Articles/34650/How-to-use-the-Windows-NLM-API-to-get-notified-of

Related

Is it possible to get a event in C++ program if Windows firewall status changes

I need to write a C++ application that should read firewall status of Windows, and then need to keep an eye continuously if admin/someuser
changes the firewall status (lets say when my program was started firewall was disabled and after sometime Admin enabled it).
To implement this, I have created a thread that periodically(10 seconds) poll the code that checks Windows firewall status, but this doesn't look an efficient solution to me as continuous polling is required.
Is there a way to get event automatically in my program if firewall status changes (for example, FindFirstChangeNotification, using this I can get notification if any change in directory)? This will avoid continuous polling and will make program more efficient I think.
Any help is appreciated.
I know there is Windows ETW which anti-viruses use and which has all the info you need. It is a big system log where you subscribe to log/event providers. Pretty much everything that happens in system gets reported there via event which you can listen/wait for. I don't know the links to more useful pages with a list of loggers connected to ETW so here is the more general page: https://learn.microsoft.com/en-us/windows-hardware/drivers/devtest/event-tracing-for-windows--etw-. You need to find out how to use C++ ETW API and the name/ID of the firewall events provider with a list of event types, then using API subscribe to this provider and setup a callback for when an event that interests you (here change of firewall status) occurs and that is it.

Windows API for DNS change notification

I am looking for a way to receive a notification whenever the configured DNS server address of a network interface changes, using native Windows APIs (C/C++). For both performance and reaction time reasons, I'd obviously want to avoid polling.
There is, for example, the NotifyIpInterfaceChange API in Iphlpapi.dll. In my tests, it reliably triggers a notification when the host's IP address, subnet mask, or default gateway changes, but not at all when only the DNS addresses change.
My only "solution" up to this point is using WMI event queries, but it actually polls in the background, so to avoid hogging down the system, the polling interval (WQL WITHIN clause) needs to be set to several seconds, which results in a long and annoying delay for my application. Also, for various reasons (which are not the topic of this discussion), I prefer to avoid WMI usage anyway, resorting to it only when there is no other way.
Actual credit for this answer should go to RbMm, but he's not posting the answer and seems to have gone MIA.
To receive DNS change notifications, the only non-polling solution seems to be using the RegNotifyChangeKeyValue WinApi to monitor for changes under the HKLM\SYSTEM\CurrentControlSet\Services\Tcpip[6]\Parameters\Interfaces key. Note that there's separate Tcpip and Tcpip6 keys for IPv4 and IPv6 respectively. Anyway, I've implemented and thoroughly tested the solution since the original suggestion and it works without problems.
A semi-related warning: RegNotifyChangeKeyValue has its non-intuitive peculiarities, and it is unlike most other notification APIs, so be sure to study its docs.

Is is possile to Hook file-download event of a program?

Please tell me is it possile to know when a program is trying to download a file ( like in Internet Download Manager ). I want to catch that event (hook it), get the download url, and then destroy the event.
Thanks in advance..
#Jerry Coffin:Sr, I forgot to tell you that this feature of IDM is not active by default. It is only turned on when you enable the "Use advance browser integration" option at "Download/Options" of IDM menu.
Like here :
http://files.myopera.com/UenX/files/Detect.jpg
+ Check the (1) options, OK, then reboot.
+ After reboot, the (2) option will appear, check it, OK, and now run your software. You should see some thing likes (3)
( this appear when I run the msgr9us.exe ( Yahoo! Messenger setup file) )
Give it a try..
For a specific program such as Internet Explorer, doing this is quite reasonable (IE includes hooks to invoke your code under the right circumstances). For most programs it's not possible though -- they simply don't generate any "event" for you to hook and "destroy".
To make a long story short, to get anywhere with this, you'll almost certainly need to handle the situation on a case-by-base basis, writing code specific to each application you want to deal with -- and know that any other application and even newer versions of the applications you've dealt with will probably break what you're trying to do.
Not really. Consider how a browser typically downloads a file: it opens a TCP socket connection to a remote server, either on port 23 or 80, and using the FTP protocol or HTTP protocol on that connection. These things you can detect, intercept and modify with high reliability. But there are other programs that use other mthods. for instance, P2P filesharing programs such as BitTorrent do not use HTTP or FTP, nor do they download a file from a single server.
So, while you don't need to understand every program, you must be able to detect and understand every file download protocol instead.
you could hook the network stream and filter for http download requests.
you'll need some library to capture network traffic (e.g. http://en.wikipedia.org/wiki/Pcap).
Then you'll have to parse the network packets for the appropriate HTTP messages (sorry, I can't give them to you, I don't know them). I don't know if you can actually prevent packets from being sent though.
Another (easier) way would be to implement a proxy server (or modify an existing one) to do what you want. Then you just have to connect the IE to your proxy using the proxy server settings. Check for example Privoxy, which already does some kind of filtering.

Wait for certain website to be accessed

My objective is to have an event that is triggered when a website is accessed.
Now, maybe through the window title, or the text in the window. Or maybe even reading a URL.
As of now I am aware of FindWindow (class,title);
However all attempts to put this line of code into a loop and it's exit condition being when the window appears have been fruitless.
Any assistance would be very helpful.
That's not possible. At least if I understood you correctly.
You want to register a callback when ANY software on your machine accesses a specific website?
Just imagine a browser uses SSL, there is no way to detect this by listening to the traffic or something similar.
However, if you want to be notified about all connections to a specific IP, then you could use sniffing mechanisms of your kernel or even redirect all traffic to this IP to a proxy you have set up with iptables or similar.
Windows has a sniffing library called WinPCap, on linux you could use tcpdump.
Though, more information about your problem would be nice.
Looking for window titles can be a bit problematic. I don't know how much control you have over the desktop, but you might consider building an addon for Firefox (or the equivalent in IE) to look for this particular site.
https://developer.mozilla.org/En/Extensions/Firefox
You might also consider building a simple local proxy server (depending on what you are doing) that looks for this site and performs some action. You would have to make sure all the browsers on the machine point to this local proxy to get it working correctly. See the link below for some discussion on a custom proxy server:
How to create a simple proxy in C#?

How do you block selected applications from accessing the internet (C++, Win32)

I want to have an application or service that is running that, on some schedule, can disable access to the internet for all applications except for specific ones.
I'm trying to create a filter that can be turned on or off under programmatic control. Not just IP addresses and ports, but I want to be able to block specific applications as well, much like Zone Alarm and other software firewalls let you block.
For example, iexplore.exe, skype.exe, firefox.exe, aim.exe. But still need to allow other applications to connect as needed.
It has to work on Vista as well as XP, but I kind of expect that the method will be different on each of those platforms.
Basically, the filter has to tie the network communication back to the executable that is making the request and then allow or deny it.
Update:
On Vista at least, it looks like I want to use filters in the ALE layers of the WFP.
On XP, I'm still looking for the best way to do it. Do I really need to be writing device drivers and dealing with kernel stuff? I'm just a lowly application developer. Kill me now.
Update 2:
Currently looking at the PfCreateInterface and related Pf* API's for pre-Vista systems.
You can change both Vista and XP's firewall policies dynamically using the INetFwAuthorizedApplications interface from the Windows Firewall API.
Also see this question.
You'll have to write a device driver that filters traffic based on the executable requesting the traffic.
by limiting its access to internet using firewall. go to firewall setting advanced tab (win 7)
and do that
I'm not sure, but I think you'd need to do it by getting the program to run as a user that has limited permissions, the question is, can you make a user account that stops such things?
You'll need to redirect all (or at least many) calls to the WinSock API functions of any running program to your own replacement functions. That means getting into the memory of each running program and hijacking those functions, which is an... interesting... exercise. :-)
That might be enough of a pointer to get you started, or at least to suggest some more specific questions to ask.
Could you move aside (ie rename) the system's winsock DLL and replace it with your own ?
Yours should provide the same API, but check the the process name of incoming requests... return an error code to blocked applications and forward the calls from allowed apps onto the real DLL.