如何实时监控计算机执行的程序,当前活动的窗口有一些记录计算机活动软件,可以记录计算机执行过的程序,当前活动的窗口等等。
请问该类程序是如何检测到计算机执行的程序,当前活动的窗口的?
是不是系统在执行了一个应用程序,或者切换到一个应用程序窗口后,系统会发布某种消息,类似于鼠标点击消息。
如果是这样,请问谁能给出一段代码,比如实现这个功能:在切换了一个窗口后,这段代码可以显示该活动窗口的标题(另外:有一个笨方法可以实现上面的功能:就是不停的扫描系统过程,获得执行应用程序了一个应用程序;不停的扫描当前窗口,以获得标题)
请问该类程序是如何检测到计算机执行的程序,当前活动的窗口的?
是不是系统在执行了一个应用程序,或者切换到一个应用程序窗口后,系统会发布某种消息,类似于鼠标点击消息。
如果是这样,请问谁能给出一段代码,比如实现这个功能:在切换了一个窗口后,这段代码可以显示该活动窗口的标题(另外:有一个笨方法可以实现上面的功能:就是不停的扫描系统过程,获得执行应用程序了一个应用程序;不停的扫描当前窗口,以获得标题)
////数据结构////
unit HookType;interfaceuses
Windows, Messages;const
WM_USERCMD = WM_APP + 1;
UC_WINCREATE = WM_APP + 2;
BUFFER_SIZE = 16 * 1024;
HOOK_MEM_FILENAME = 'MEM_FILE';
type
TShared = record
KeyHook :HHook;
ShellHook:HHook;
CallHook :HHook;
MainWnd :THandle;
Moudle :THandle;
end;
PShared = ^TShared;implementationend.///////dll代码////////
library hook;uses
Windows, Messages, SysUtils, HookType;var
MemFile: THandle;
Shared: PShared;
function ShellProc(iCode: Integer; wParam: WPARAM; lParam: LPARAM): LRESULT; stdcall;
begin
case iCode of
HSHELL_WINDOWCREATED:
begin
PostMessage(Shared^.MainWnd,WM_USERCMD ,UC_WINCREATE,wParam);
end;
end;
Result := CallNextHookEx(Shared^.ShellHook,iCode,wParam,lParam);
end;function InstallHook:Boolean;
begin
Shared^.Moudle:= hInstance;
Shared^.ShellHook := SetWindowsHookEx(WH_SHELL, @ShellProc, Shared^.Moudle, 0);
if Shared^.KeyHook = 0 then
begin
Result := False;
Exit;
end;
Result := true;
end;procedure DllEntry(dwReason : integer);
begin
case dwReason Of
DLL_PROCESS_ATTACH:
begin
MemFile := OpenFileMapping(FILE_MAP_WRITE,False,HOOK_MEM_FILENAME);
if MemFile = 0 then
MemFile := CreateFileMapping($FFFFFFFF,nil,
PAGE_READWRITE,
0,
SizeOf(TShared),
HOOK_MEM_FILENAME);
Shared := MapViewOfFile(MemFile,
File_MAP_WRITE,
0,
0,
0);
end;
DLL_PROCESS_DETACH:
begin
//
end;
else;
end;
end;
exports
InstallHook,
UninstallHook;
begin
DllProc := @DllEntry;
DllEntry(DLL_PROCESS_ATTACH);
end.
////应用程序/////
unit MainFrm;interfaceuses
Windows, Messages, SysUtils, Forms, HookType, Math,
StdCtrls, Controls, Classes, Dialogs;type
TForm1 = class(TForm)
Button1: TButton;
Memo1: TMemo;
Button2: TButton;
Button3: TButton;
Button4: TButton;
Label1: TLabel;
Label2: TLabel;
procedure FormCreate(Sender: TObject);
procedure Button1Click(Sender: TObject);
procedure Button2Click(Sender: TObject);
procedure Button3Click(Sender: TObject);
procedure Button4Click(Sender: TObject);
private
{ Private declarations }
function FindRev(parent: HWND):HWND;
function FindSend(parent: HWND):HWND;
function GetwinText(hwd: HWND):String;
function GetText(hwd: HWND):String;
public
{ Public declarations }
protected
procedure WndProc(var Msg: TMessage); override;
end;var
Form1: TForm1;
MemFile: THandle;
Shared: PShared;function InstallHook: boolean; stdcall; external 'hook.dll';
function UninstallHook: Boolean; stdcall; external 'hook.dll';implementation{$R *.dfm}procedure TForm1.FormCreate(Sender: TObject);
begin
MemFile := OpenFileMapping(FILE_MAP_WRITE,False,HOOK_MEM_FILENAME);
if MemFile = 0 then
MemFile := CreateFileMapping($FFFFFFFF,nil,
PAGE_READWRITE,
0,
SizeOf(TShared),
HOOK_MEM_FILENAME);
Shared := MapViewOfFile(MemFile,
File_MAP_WRITE,
0,
0,
0);
Shared^.MainWnd := Handle;
end;
procedure TForm1.WndProc(var Msg: TMessage);
begin
with Msg do
begin
if Msg = WM_USERCMD then
begin
case wParam of
UC_WINCREATE :
begin
//证明有应用程序创建了,这里是你的处理(如你可以记录什么时候应用程序启动了)。
end;
end;
end;
end;
inherited;
end;initialization
InstallHook;finalization
UninstallHook;
end.////////这是我的一个程序改的,我也没有测试,原理应该是一样的,你自己看看吧!