Is there a way to access file system info via some type of Windows API? If not what other methods are available to a user mode developer?
Not very clean, but you can use DeviceIoControl()
Open volume as a file, pass resulting handle to DeviceIoControl() together with control code. Check MSDN for control codes, there is something like "read journal record".
In another post, someone recommended this : Keeping an Eye on Your NTFS Drives: the Windows 2000 Change Journal Explained.
It explains how to use the NTFS Filesystem with C++ through Windows 2000.
The implementation might have changed.
Related
I'm writing a program to maintain computers at my workplace. I want to use msinfo32 to automatically collect system information about computers in network remotely and use this data in my program.
The only way I found is to manually connect using interface of msinfo32, export all data and then parse it with my program. But I want to improve this process and do it automatically, update all info automatically etc.
Is there any way I could collect all pc info remotely using msinfo32 from inside of my program?
Please, send me link to how-to with code examples, or explain why I can not do this or how I could.
Sorry for my english, thank you for your attention.
UPD: possibly, I can run msinfo32.exe from inside, but I rather use library than running external program in cmd.
Depends on what exactly do you need to gather. You have some WinApi functions and classes that can give you the system info.
GetSystemInfo() or Computer System Hardware Classes
But I think it's not that bad to use msinfo32.exe directly if it works.
You can't. You should use WINAPI functions, because msinfo32 does not provide console output interface, which could be best solution.
Related: How do I get hardware info such as CPU name, total RAM, etc. with VB6?
You can also use registry keys to check any system settings, all documentation is in the net. Getting system information using registry is not reliable, though.
Msinfo32 documentation
I don't know if in 2015 there was already the "/nfo" option that allows you to have all the results exported to a file.
So just execute:
msinfo32 /nfo "c:\delme\msinfo32.nfo"
and then, via XML, read the desired results.
When I connect the iPod (or iPhone) to the Windows PC,
it look like an USB drive, but I can't open a file on it because I can't know the correct file path.
I was also unable to drop the file to my application because the drag source does not have CF_HDROP.
Some applications can open a file on iPod, but it was a copy on the local temp folder.
screenshot http://img862.imageshack.us/img862/5396/ipodx.png
My question is ..
How can I directly (programmatically) open and read the picture file on iPod?
If I double click on it (or right click and select Preview menu),
it launches Windows Photo Viewer -- it is not my default picture viewer.
Can I change the file (.PNG) association to other application?
What's the viewer application's requirement to be a default viewer for files on ipod?
Applications that do that use Picture Transfer Protocol (PTP). On Windows Microsoft implements many interfaces as part of Windows Image Acquisition (WIA). Read more here: http://msdn.microsoft.com/en-us/library/ms630344(v=VS.85).aspx
http://support.microsoft.com/kb/307859 or manually edit registry at HKEY_CLASSES_ROOT\.png
Try the iPhoneBrowser program. It should give you a fair idea of the path.
From everything I've read I don't think Apple gives you access to the file system on the iPhone / iTouch / iPad; they want you to use iTunes to transfer files back and forth. I believe the Android and Windows Phone environments have similar restrictions. (If you "jailbreak" or "root" your device that's obviously a different story, which is why many such utilities explicitly state they only work on rooted devices.)
In part, this is a security precaution: if it were possible to directly access the file system on the mobile device it would be that much easier for someone to plant malware on your phone or PDA.
For this reason, updates to the various mobile OSes frequently include changes to (1) make jailbreaking more difficult and/or (2) close the loopholes that allow software like the iPhoneBrowser to work.
Some of the portable music players that use (Windows) Media Player have similar limitations. For example, I had a Sansa m100 (I think) where I could just drag files to the device and the playlist would automatically get updated; on at least some of the newer models (eg the c200) you have to use Media Player to download content. Which to me is annoying since there doesn't seem to be a way to use Media Player to delete content from the device.
There probably are APIs to do this sort of thing, but I would guess they're somewhat specific to the platform you're using -- ie I don't think you're going to be able to just use CreateFile() or something like that.
i need to add some files to results returned by FindFirstFile and FindNextFile under windows. Is this possible by file system filter driver or what type of drivers?
Thank you
You can do this by File System Filter Driver. But you can do this by implementing a system wide API hook. I have not tried it before but you really don't need to take the pains of writing the drivers and making the system unstable in case of spoiling the driver stack.
System Wide API Hooking
API Hooking Revealed
As pointed out you can use a file system filter driver (legacy or mini-filter, based on fltmgr). However, I would strongly recommend against the system-wide API hooking. Simple reason: if you do it in usermode it's not really going to be system-wide and if you use an SSDT-hook or some hotpatching method you risk the system's stability. An alternative, albeit equally shady as system-wide hooking, would be entry-point stealing. In this case you use the device object of the volume (in which you're interested, just listen for the attach notifications or enumerate them at startup) to find the driver responsible for it and modify the major function entry points in the driver object (Ilho pointed you into the right direction already).
A file system filter driver is the supported method to do just that.
In the latest Windows 7 WDK the sample under 7600.16385.1\src\filesys\miniFilter\minispy provides a good starting point. Biggest problem with mini filters for a private person is to get assigned an altitude for the driver to load at. Because using just any altitude can well lead to BSODs - and in case of FSFDs you might even risk your data integrity (although the kernel steps in with the BSOD to prevent that). You only need to fake IRP_MN_QUERY_DIRECTORY - this is the minor control code you're looking for when you are handling the IRP_MJ_DIRECTORY_CONTROL major control code. All others you can pass through as long as you don't need to allow the file to be opened, read or written and such. How to do that can be seen in the 7600.16385.1\src\filesys\miniFilter\passThrough sample source.
I feel somewhat noob yet with this of getting the Information of Hardware of the CPU, so i come with this request: Hard Drive, CD/DVD/Bluray reader, Floppy and if it's possible USB.
I've been looking on MSDN GetDriveType but seems i'm bad at searching or i don't understand it. Any idea?
I'm not sure what you didn't understand about the documentation you linked to...
The sole argument accepted by the function is the root directory of the drive you want to get information about (including a trailing backslash). The function returns a value indicating which type of drive that is. A chart is shown that gives the possible return values and what each of them mean.
For example:
GetDriveType(_T("C:\\")) // returns DRIVE_FIXED if C:\ is my hard drive
GetDriveType(_T("A:\\")) // returns DRIVE_REMOVABLE if A:\ is my floppy drive
GetDriveType(_T("D:\\")) // returns DRIVE_CDROM if D:\ is a CD-ROM drive
GetDriveType(_T("N:\\")) // returns DRIVE_REMOTE if N:\ is a network drive
It also says that if you want to determine whether a drive is a USB-type drive, you need to call the SetupDiGetDeviceRegistryProperty function and specify the SPDRP_REMOVAL_POLICY property.
If you want to determine that a device is USB device, you can open its handle and send IOCTL queries using DeviceIoControl() to get bus type a device is connected to.
EnumUsbDrivesLetters - the post is in Russian but it contains C++ source code, so the matter could be understood easily.
Cheers, Andriy
The only all-in-one API I know of for Windows with that information is WMI, but it's not terribly simple to use. On the other hand, many programs communicate with devices directly, using pass-through control codes, or I/O control codes like SMART_RCV_DRIVE_DATA.
(I don't know how Speccy works, but I'm guessing it uses a combination of these methods to get the system info needed.)
From kernel mode in Windows I'm able to intercept and monitor virtually all actions performed on a particular disk. When a file is opened for any purpose I get an event.
Now I want to trace which application that opened it. I think this should be possible but don't know how.
I'm using the standard file management functions in Windows Win32 API.
Thanks in advance.
/Robert
Sysinternals Filemon (free) does this, and better yet they describe how they did it:
For the Windows 9x driver, the heart
of FileMon is in the virtual device
driver, Filevxd.vxd. It is dynamically
loaded, and in its initialization it
installs a file system filter via the
VxD service,
IFSMGR_InstallFileSystemApiHook, to
insert itself onto the call chain of
all file system requests. On Windows
NT the heart of FileMon is a file
system driver that creates and
attaches filter device objects to
target file system device objects so
that FileMon will see all IRPs and
FastIO requests directed at drives.
When FileMon sees an open, create or
close call, it updates an internal
hash table that serves as the mapping
between internal file handles and file
path names. Whenever it sees calls
that are handle based, it looks up the
handle in the hash table to obtain the
full name for display. If a
handle-based access references a file
opened before FileMon started, FileMon
will fail to find the mapping in its
hash table and will simply present the
handle's value instead.
-Adam
Sysinternals did a so good job at doing it and explaining it, that some source code of old version are still available here for instance, and the code is well documented (imho). It could be a good start as well.
I would use the "handle.exe" app from Sysinternals.
Or, are you actually trying to do this programmactically?
Just use Win32 N.API to get the pid from the File handle.
It's a FAQ for 15 years...