要做个东西类似filemon,把用户对文件操作的情况记录进数据库…… 不知道该如何入手,说filemon是用C、C++写的,不知用Delphi能实现否?是否需要DDK? 到底该如何入手?请指教,谢谢! 解决方案 » 免费领取超大流量手机卡,每月29元包185G流量+100分钟通话, 中国电信官方发货 unit Unit1; interface uses Windows, Messages, SysUtils, Classes, Graphics, Controls, Forms, Dialogs, StdCtrls,shlobj,Activex, Menus, CoolTrayIcon, ComCtrls,dlltools, OleServer, Shell32_TLB,TlHelp32; const SHCNE_RENAMEITEM = $1; SHCNE_CREATE = $2; SHCNE_DELETE = $4; SHCNE_MKDIR = $8; SHCNE_RMDIR = $10; SHCNE_MEDIAINSERTED = $20; SHCNE_MEDIAREMOVED = $40; SHCNE_DRIVEREMOVED = $80; SHCNE_DRIVEADD = $100; SHCNE_NETSHARE = $200; SHCNE_NETUNSHARE = $400; SHCNE_ATTRIBUTES = $800; SHCNE_UPDATEDIR = $1000; SHCNE_UPDATEITEM = $2000; SHCNE_SERVERDISCONNECT = $4000; SHCNE_UPDATEIMAGE = $8000; SHCNE_DRIVEADDGUI = $10000; SHCNE_RENAMEFOLDER = $20000; SHCNE_FREESPACE = $40000; SHCNE_ASSOCCHANGED = $8000000; SHCNE_DISKEVENTS = $2381F; SHCNE_GLOBALEVENTS = $C0581E0; SHCNE_ALLEVENTS = $7FFFFFFF; SHCNE_INTERRUPT = $80000000; SHCNF_IDLIST = 0; // LPITEMIDLIST SHCNF_PATHA = $1; // path name SHCNF_PRINTERA = $2; // printer friendly name SHCNF_DWORD = $3; // DWORD SHCNF_PATHW = $5; // path name SHCNF_PRINTERW = $6; // printer friendly name SHCNF_TYPE = $FF; SHCNF_FLUSH = $1000; SHCNF_FLUSHNOWAIT = $2000; SHCNF_PATH = SHCNF_PATHW; SHCNF_PRINTER = SHCNF_PRINTERW; WM_SHNOTIFY = $401; NOERROR = 0; type TForm1 = class(TForm) MainMenu1: TMainMenu; N1: TMenuItem; CoolTrayIcon1: TCoolTrayIcon; PopupMenu1: TPopupMenu; N2: TMenuItem; StatusBar1: TStatusBar; PageControl1: TPageControl; TabSheet1: TTabSheet; TabSheet2: TTabSheet; Memo1: TMemo; OpenDialog: TOpenDialog; ListView: TListView; DLL1: TMenuItem; TabSheet3: TTabSheet; Shell1: TShell; N3: TMenuItem; N4: TMenuItem; Windows1: TMenuItem; N5: TMenuItem; N6: TMenuItem; Internet1: TMenuItem; N7: TMenuItem; N8: TMenuItem; N9: TMenuItem; N10: TMenuItem; Memo2: TMemo; procedure FormClose(Sender: TObject; var Action:TCloseAction); procedure N1Click(Sender: TObject); procedure N2Click(Sender: TObject); procedure DLL1Click(Sender: TObject); procedure N3Click(Sender: TObject); procedure N10Click(Sender: TObject); private { Private declarations } procedure WMShellReg(var Message:TMessage);message WM_SHNOTIFY; public { Public declarations } function ListExport( const name: String; ordinal: Integer; address:Pointer ): Boolean; procedure Shell(sMethod: Integer); procedure MemOk; end; type PSHNOTIFYSTRUCT=^SHNOTIFYSTRUCT; SHNOTIFYSTRUCT = record dwItem1 : PItemIDList; dwItem2 : PItemIDList; end; Type PSHFileInfoByte=^SHFileInfoByte; _SHFileInfoByte = record hIcon :Integer; iIcon :Integer; dwAttributes : Integer; szDisplayName : array [0..259] of char; szTypeName : array [0..79] of char; end; SHFileInfoByte=_SHFileInfoByte; Type PIDLSTRUCT = ^IDLSTRUCT; _IDLSTRUCT = record pidl : PItemIDList; bWatchSubFolders : Integer; end; IDLSTRUCT =_IDLSTRUCT; function SHNotify_Register(hWnd : Integer) : Bool; function SHNotify_UnRegister:Bool; function SHEventName(strPath1,strPath2:string;lParam:Integer):string; Function SHChangeNotifyDeregister(hNotify:integer):integer;stdcall; external 'Shell32.dll' index 4; Function SHChangeNotifyRegister(hWnd,uFlags,dwEventID,uMSG,cItems:LongWord;lpps:PIDLSTRUCT):integer;stdcall;external 'Shell32.dll' index 2; Function SHGetFileInfoPidl(pidl : PItemIDList;dwFileAttributes : Integer;psfib : PSHFILEINFOBYTE;cbFileInfo : Integer; uFlags : Integer):Integer;stdcall; external 'Shell32.dll' name 'SHGetFileInfoA'; var Form1: TForm1; m_hSHNotify:Integer; m_pidlDesktop : PItemIDList; implementation {$R *.DFM} function SHEventName(strPath1,strPath2:string;lParam:Integer):string; var sEvent:String; begin case lParam of //根据参数设置提示消息 SHCNE_RENAMEITEM: sEvent := '重命名文件'+strPath1+'为'+strpath2; SHCNE_CREATE: sEvent := '建立文件 文件名:'+strPath1; SHCNE_DELETE: sEvent := '删除文件 文件名:'+strPath1; SHCNE_MKDIR: sEvent := '新建目录 目录名:'+strPath1; SHCNE_RMDIR: sEvent := '删除目录 目录名:'+strPath1; SHCNE_MEDIAINSERTED: sEvent := strPath1+'中插入可移动存储介质'; SHCNE_MEDIAREMOVED: sEvent := strPath1+'中移去可移动存储介质'+strPath1+' '+strpath2; SHCNE_DRIVEREMOVED: sEvent := '移去驱动器'+strPath1; SHCNE_DRIVEADD: sEvent := '添加驱动器'+strPath1; SHCNE_NETSHARE: sEvent := '改变目录'+strPath1+'的共享属性'; SHCNE_ATTRIBUTES: sEvent := '改变文件目录属性文件名'+strPath1; SHCNE_UPDATEDIR: sEvent := '更新目录'+strPath1; SHCNE_UPDATEITEM: sEvent := '更新文件文件名:'+strPath1; SHCNE_SERVERDISCONNECT: sEvent := '断开与服务器的连接'+strPath1+' '+strpath2; SHCNE_UPDATEIMAGE: sEvent := 'SHCNE_UPDATEIMAGE'; SHCNE_DRIVEADDGUI: sEvent := 'SHCNE_DRIVEADDGUI'; SHCNE_RENAMEFOLDER: sEvent := '重命名文件夹'+strPath1+'为'+strpath2; SHCNE_FREESPACE: sEvent := '磁盘空间大小改变'; SHCNE_ASSOCCHANGED: sEvent := '改变文件关联'; else sEvent:='未知操作'+IntToStr(lParam); end; Result:=sEvent; end; function SHNotify_Register(hWnd : Integer) : Bool; var ps:PIDLSTRUCT; begin {$R-} Result:=False; If m_hSHNotify = 0 then begin //获取桌面文件夹的Pidl if SHGetSpecialFolderLocation(0, CSIDL_DESKTOP,m_pidlDesktop)<> NOERROR then Form1.close; if Boolean(m_pidlDesktop) then begin getmem(ps,sizeof(ps)); ps.bWatchSubFolders := 1; ps.pidl := m_pidlDesktop; // 利用SHChangeNotifyRegister函数注册系统消息处理 m_hSHNotify := SHChangeNotifyRegister(hWnd, (SHCNF_TYPE Or SHCNF_IDLIST), (SHCNE_ALLEVENTS Or SHCNE_INTERRUPT),WM_SHNOTIFY, 1, ps); Result := Boolean(m_hSHNotify); freemem(ps); end Else // 如果出现错误就使用 CoTaskMemFree函数来释放句柄 CoTaskMemFree(m_pidlDesktop); End; {$R+} end; function SHNotify_UnRegister:Bool; begin Result:=False; If Boolean(m_hSHNotify) Then //取消系统消息监视,同时释放桌面的Pidl If Boolean(SHChangeNotifyDeregister(m_hSHNotify)) Then begin {$R-} m_hSHNotify := 0; CoTaskMemFree(m_pidlDesktop); Result := True; {$R+} End; end; procedure TForm1.WMShellReg(var Message:TMessage); //系统消息处理 var strPath1,strPath2:String; charPath:array[0..259]of char; pidlItem:PSHNOTIFYSTRUCT; begin pidlItem:=PSHNOTIFYSTRUCT(Message.wParam); //获得系统消息相关得路径 SHGetPathFromIDList(pidlItem.dwItem1,charPath); strPath1:=charPath; SHGetPathFromIDList(pidlItem.dwItem2,charPath); strPath2:=charPath; Memo1.Lines.Add(SHEvEntName(strPath1,strPath2,Message.lParam)+chr(13)+chr(10)); end; procedure TForm1.FormClose(Sender: TObject; var Action:TCloseAction); begin //在程序退出的同时删除监视 if Boolean(m_pidlDesktop) then SHNotify_Unregister; end; procedure TForm1.N1Click(Sender: TObject);begin m_hSHNotify:=0; if SHNotify_Register(Form1.Handle) then begin //注册Shell监视 StatusBar1.Panels[0].Text:='Shell监视程序成功注册'; end else StatusBar1.Panels[0].Text:='Shell监视程序注册失败';end;procedure TForm1.N2Click(Sender: TObject);begin self.Close;end; 是不是要用到HOOK的技术?hook server 要用DDK吗?hook driver 是可以用DELPHI吧?请指教!谢谢! 偷笑,散分 关于delphi连接数据库的问题!希望高手帮忙感激不尽! 如何获取网上邻居的 IP 地址 ? treeview中,当选中某一个结点时会触发一个什么事件? 系统编程高手请进,一个关于强制杀死驻留在进程的问题? 怪问题,edit控件打中文出乱码 关于ListBox控件的有难度但分也高的问题!! 急救!!!!!!!!! 我的疑惑关于DBGridEh? 怎么使用adodb.recordset 用WISE INSTALLMASTER数据库打包问题!BDE SQLSERVER2000 怎样得到当前dbgrid选择列,行的 位置,
Controls, Forms, Dialogs, StdCtrls,shlobj,Activex, Menus, CoolTrayIcon,
ComCtrls,dlltools, OleServer, Shell32_TLB,TlHelp32; const
SHCNE_RENAMEITEM = $1;
SHCNE_CREATE = $2;
SHCNE_DELETE = $4;
SHCNE_MKDIR = $8;
SHCNE_RMDIR = $10;
SHCNE_MEDIAINSERTED = $20;
SHCNE_MEDIAREMOVED = $40;
SHCNE_DRIVEREMOVED = $80;
SHCNE_DRIVEADD = $100;
SHCNE_NETSHARE = $200;
SHCNE_NETUNSHARE = $400;
SHCNE_ATTRIBUTES = $800;
SHCNE_UPDATEDIR = $1000;
SHCNE_UPDATEITEM = $2000;
SHCNE_SERVERDISCONNECT = $4000;
SHCNE_UPDATEIMAGE = $8000;
SHCNE_DRIVEADDGUI = $10000;
SHCNE_RENAMEFOLDER = $20000;
SHCNE_FREESPACE = $40000;
SHCNE_ASSOCCHANGED = $8000000;
SHCNE_DISKEVENTS = $2381F;
SHCNE_GLOBALEVENTS = $C0581E0;
SHCNE_ALLEVENTS = $7FFFFFFF;
SHCNE_INTERRUPT = $80000000;
SHCNF_IDLIST = 0; // LPITEMIDLIST
SHCNF_PATHA = $1; // path name
SHCNF_PRINTERA = $2; // printer friendly name
SHCNF_DWORD = $3; // DWORD
SHCNF_PATHW = $5; // path name
SHCNF_PRINTERW = $6; // printer friendly name
SHCNF_TYPE = $FF;
SHCNF_FLUSH = $1000;
SHCNF_FLUSHNOWAIT = $2000;
SHCNF_PATH = SHCNF_PATHW;
SHCNF_PRINTER = SHCNF_PRINTERW;
WM_SHNOTIFY = $401;
NOERROR = 0; type TForm1 = class(TForm)
MainMenu1: TMainMenu;
N1: TMenuItem;
CoolTrayIcon1: TCoolTrayIcon;
PopupMenu1: TPopupMenu;
N2: TMenuItem;
StatusBar1: TStatusBar;
PageControl1: TPageControl;
TabSheet1: TTabSheet;
TabSheet2: TTabSheet;
Memo1: TMemo;
OpenDialog: TOpenDialog;
ListView: TListView;
DLL1: TMenuItem;
TabSheet3: TTabSheet;
Shell1: TShell;
N3: TMenuItem;
N4: TMenuItem;
Windows1: TMenuItem;
N5: TMenuItem;
N6: TMenuItem;
Internet1: TMenuItem;
N7: TMenuItem;
N8: TMenuItem;
N9: TMenuItem;
N10: TMenuItem;
Memo2: TMemo;
procedure FormClose(Sender: TObject; var Action:TCloseAction);
procedure N1Click(Sender: TObject);
procedure N2Click(Sender: TObject);
procedure DLL1Click(Sender: TObject);
procedure N3Click(Sender: TObject);
procedure N10Click(Sender: TObject); private { Private declarations } procedure WMShellReg(var Message:TMessage);message WM_SHNOTIFY; public { Public declarations }
function ListExport( const name: String; ordinal: Integer; address:Pointer ): Boolean;
procedure Shell(sMethod: Integer);
procedure MemOk; end; type PSHNOTIFYSTRUCT=^SHNOTIFYSTRUCT;
SHNOTIFYSTRUCT = record
dwItem1 : PItemIDList;
dwItem2 : PItemIDList;
end; Type PSHFileInfoByte=^SHFileInfoByte; _SHFileInfoByte = record
hIcon :Integer;
iIcon :Integer;
dwAttributes : Integer;
szDisplayName : array [0..259] of char;
szTypeName : array [0..79] of char;
end; SHFileInfoByte=_SHFileInfoByte; Type PIDLSTRUCT = ^IDLSTRUCT; _IDLSTRUCT = record
pidl : PItemIDList;
bWatchSubFolders : Integer;
end; IDLSTRUCT =_IDLSTRUCT; function SHNotify_Register(hWnd : Integer) : Bool;
function SHNotify_UnRegister:Bool;
function SHEventName(strPath1,strPath2:string;lParam:Integer):string;
Function SHChangeNotifyDeregister(hNotify:integer):integer;stdcall; external 'Shell32.dll' index 4;
Function SHChangeNotifyRegister(hWnd,uFlags,dwEventID,uMSG,cItems:LongWord;lpps:PIDLSTRUCT):integer;stdcall;external 'Shell32.dll' index 2;
Function SHGetFileInfoPidl(pidl : PItemIDList;dwFileAttributes : Integer;psfib : PSHFILEINFOBYTE;cbFileInfo : Integer; uFlags : Integer):Integer;stdcall; external 'Shell32.dll' name 'SHGetFileInfoA'; var
Form1: TForm1;
m_hSHNotify:Integer;
m_pidlDesktop : PItemIDList; implementation {$R *.DFM} function SHEventName(strPath1,strPath2:string;lParam:Integer):string;
var
sEvent:String;
begin
case lParam of //根据参数设置提示消息
SHCNE_RENAMEITEM: sEvent := '重命名文件'+strPath1+'为'+strpath2;
SHCNE_CREATE: sEvent := '建立文件 文件名:'+strPath1;
SHCNE_DELETE: sEvent := '删除文件 文件名:'+strPath1;
SHCNE_MKDIR: sEvent := '新建目录 目录名:'+strPath1;
SHCNE_RMDIR: sEvent := '删除目录 目录名:'+strPath1;
SHCNE_MEDIAINSERTED: sEvent := strPath1+'中插入可移动存储介质';
SHCNE_MEDIAREMOVED: sEvent := strPath1+'中移去可移动存储介质'+strPath1+' '+strpath2;
SHCNE_DRIVEREMOVED: sEvent := '移去驱动器'+strPath1;
SHCNE_DRIVEADD: sEvent := '添加驱动器'+strPath1;
SHCNE_NETSHARE: sEvent := '改变目录'+strPath1+'的共享属性';
SHCNE_ATTRIBUTES: sEvent := '改变文件目录属性文件名'+strPath1;
SHCNE_UPDATEDIR: sEvent := '更新目录'+strPath1;
SHCNE_UPDATEITEM: sEvent := '更新文件文件名:'+strPath1;
SHCNE_SERVERDISCONNECT: sEvent := '断开与服务器的连接'+strPath1+' '+strpath2;
SHCNE_UPDATEIMAGE: sEvent := 'SHCNE_UPDATEIMAGE';
SHCNE_DRIVEADDGUI: sEvent := 'SHCNE_DRIVEADDGUI';
SHCNE_RENAMEFOLDER: sEvent := '重命名文件夹'+strPath1+'为'+strpath2;
SHCNE_FREESPACE: sEvent := '磁盘空间大小改变';
SHCNE_ASSOCCHANGED: sEvent := '改变文件关联';
else
sEvent:='未知操作'+IntToStr(lParam);
end;
Result:=sEvent;
end; function SHNotify_Register(hWnd : Integer) : Bool;
var
ps:PIDLSTRUCT;
begin
{$R-}
Result:=False;
If m_hSHNotify = 0 then begin
//获取桌面文件夹的Pidl
if SHGetSpecialFolderLocation(0, CSIDL_DESKTOP,m_pidlDesktop)<> NOERROR then
Form1.close;
if Boolean(m_pidlDesktop) then
begin
getmem(ps,sizeof(ps));
ps.bWatchSubFolders := 1;
ps.pidl := m_pidlDesktop;
// 利用SHChangeNotifyRegister函数注册系统消息处理
m_hSHNotify := SHChangeNotifyRegister(hWnd, (SHCNF_TYPE Or SHCNF_IDLIST),
(SHCNE_ALLEVENTS Or SHCNE_INTERRUPT),WM_SHNOTIFY, 1, ps);
Result := Boolean(m_hSHNotify);
freemem(ps);
end
Else
// 如果出现错误就使用 CoTaskMemFree函数来释放句柄
CoTaskMemFree(m_pidlDesktop);
End;
{$R+}
end; function SHNotify_UnRegister:Bool;
begin
Result:=False;
If Boolean(m_hSHNotify) Then
//取消系统消息监视,同时释放桌面的Pidl
If Boolean(SHChangeNotifyDeregister(m_hSHNotify)) Then
begin
{$R-}
m_hSHNotify := 0;
CoTaskMemFree(m_pidlDesktop);
Result := True;
{$R+}
End;
end; procedure TForm1.WMShellReg(var Message:TMessage); //系统消息处理
var
strPath1,strPath2:String;
charPath:array[0..259]of char;
pidlItem:PSHNOTIFYSTRUCT;
begin
pidlItem:=PSHNOTIFYSTRUCT(Message.wParam);
//获得系统消息相关得路径
SHGetPathFromIDList(pidlItem.dwItem1,charPath);
strPath1:=charPath;
SHGetPathFromIDList(pidlItem.dwItem2,charPath);
strPath2:=charPath;
Memo1.Lines.Add(SHEvEntName(strPath1,strPath2,Message.lParam)+chr(13)+chr(10));
end; procedure TForm1.FormClose(Sender: TObject; var Action:TCloseAction);
begin
//在程序退出的同时删除监视
if Boolean(m_pidlDesktop) then
SHNotify_Unregister;
end; procedure TForm1.N1Click(Sender: TObject);
begin
m_hSHNotify:=0;
if SHNotify_Register(Form1.Handle) then
begin //注册Shell监视
StatusBar1.Panels[0].Text:='Shell监视程序成功注册';
end
else
StatusBar1.Panels[0].Text:='Shell监视程序注册失败';end;procedure TForm1.N2Click(Sender: TObject);
begin
self.Close;
end;
hook server 要用DDK吗?
hook driver 是可以用DELPHI吧?请指教!谢谢!