unit CopyHookImpl;interfaceuses
Windows, ComObj, shellapi,shlobj;type
TCopyHook = class(TComObject, ICopyHook)
protected
{Declare ICopyHook methods here}
function copycallback(wnd:hwnd;wfunc,wflags:uint;
pszsrcfile:pansichar;dwsrcattribs:dword;
pszdestfile:pansichar;dwdestattribs:dword):uint;stdcall;
end; tchclassfactory=class(tcomobjectfactory)
public
procedure updateregistry(register:boolean);override;
end;const
Class_CopyHook: TGUID = '{E68581C0-89B8-11D6-A34D-000000000000}';implementationuses ComServ;function TCopyHook.copycallback(wnd:hwnd;wfunc,wflags:uint;
pszsrcfile:pansichar;dwsrcattribs:dword;
pszdestfile:pansichar;dwdestattribs:dword):uint;stdcall;
var
opstring:string;
begin
case wfunc of
fo_move:opstring:=' 移动 ';
fo_copy:opstring:=' 拷贝 ';
fo_delete:opstring:=' 删除 ';
fo_rename:opstring:=' 重命名 ';
end;
result:=messagebox(wnd,pchar('要'+opstring+pszsrcfile+' 吗?'),'CopyHookDemo',mb_yesnocancel);
end;procedure TCHClassFactory.UpDateregistry(register:boolean);
begin
inherited updateregistry(register); if register then begin
createregkey('directory\shellex\CopyHookHandlers\'+classname,'',guidtostring(classid));
end else begin
deleteregkey('directory\shellex\CopyHookHandlers\'+classname);
end;
end;initialization
{$ifdef ver100}
tchclassfactory.create(COMserver,tcopyhook,class_copyhook,'CopyHook','',cimultiinstance);
{$else}
tchclassfactory.create(COMserver,tcopyhook,class_copyhook,'CopyHook','',
cimultiinstance,tmapartment);
{$endif}
//TComObjectFactory.Create(ComServer, TCopyHook, Class_CopyHook,
// 'CopyHook', '', ciMultiInstance, tmApartment);
end.
library CopyHookDemo;uses
ComServ,
CopyHookImpl in 'CopyHookImpl.pas',
CopyHookDemo_TLB in 'CopyHookDemo_TLB.pas';exports
DllGetClassObject,
DllCanUnloadNow,
DllRegisterServer,
DllUnregisterServer;{$R *.TLB}{$R *.RES}begin
end.
Windows, ComObj, shellapi,shlobj;type
TCopyHook = class(TComObject, ICopyHook)
protected
{Declare ICopyHook methods here}
function copycallback(wnd:hwnd;wfunc,wflags:uint;
pszsrcfile:pansichar;dwsrcattribs:dword;
pszdestfile:pansichar;dwdestattribs:dword):uint;stdcall;
end; tchclassfactory=class(tcomobjectfactory)
public
procedure updateregistry(register:boolean);override;
end;const
Class_CopyHook: TGUID = '{E68581C0-89B8-11D6-A34D-000000000000}';implementationuses ComServ;function TCopyHook.copycallback(wnd:hwnd;wfunc,wflags:uint;
pszsrcfile:pansichar;dwsrcattribs:dword;
pszdestfile:pansichar;dwdestattribs:dword):uint;stdcall;
var
opstring:string;
begin
case wfunc of
fo_move:opstring:=' 移动 ';
fo_copy:opstring:=' 拷贝 ';
fo_delete:opstring:=' 删除 ';
fo_rename:opstring:=' 重命名 ';
end;
result:=messagebox(wnd,pchar('要'+opstring+pszsrcfile+' 吗?'),'CopyHookDemo',mb_yesnocancel);
end;procedure TCHClassFactory.UpDateregistry(register:boolean);
begin
inherited updateregistry(register); if register then begin
createregkey('directory\shellex\CopyHookHandlers\'+classname,'',guidtostring(classid));
end else begin
deleteregkey('directory\shellex\CopyHookHandlers\'+classname);
end;
end;initialization
{$ifdef ver100}
tchclassfactory.create(COMserver,tcopyhook,class_copyhook,'CopyHook','',cimultiinstance);
{$else}
tchclassfactory.create(COMserver,tcopyhook,class_copyhook,'CopyHook','',
cimultiinstance,tmapartment);
{$endif}
//TComObjectFactory.Create(ComServer, TCopyHook, Class_CopyHook,
// 'CopyHook', '', ciMultiInstance, tmApartment);
end.
library CopyHookDemo;uses
ComServ,
CopyHookImpl in 'CopyHookImpl.pas',
CopyHookDemo_TLB in 'CopyHookDemo_TLB.pas';exports
DllGetClassObject,
DllCanUnloadNow,
DllRegisterServer,
DllUnregisterServer;{$R *.TLB}{$R *.RES}begin
end.
解决方案 »
- 如何判断Tshape当前形状
- osql的问题
- 〓〓〓使用WebBrowser打开网页时,如何屏蔽Ctrl+N组合键?〓〓
- spcomm的接受问题(现在我只能接受字符串,怎样既能接受字符串又能接受16进制数?)
- 求救呀!!!我的硬盘被别人格式化了,恢复完后,EXCEL,WORD文件名称都变成file1.xls,file2.xls,file3.xls了但文件可以正常打开?
- 一个小问题!!!数据互导问题
- 用listbox控件多列显示数据表中的字段问题
- 怎么把只有一个字母的string型转成char型 ,或者怎么来把一个字符进行异或运算??
- 我在做报表,如何ColumnHeaderBand里设置显示多少调纪录?
- 7z sdk 压缩和解压ZIP文件
- 高手求救:如何创建一个程序外壳,监控其运行,限制某值的大小?(追加500分求解)
- 难一点的问题:如何在Soap的head中加入某种属性,并使其能在WebService的客户端SOAP包中能发送,服务器端中能解析出来?
但它是对文件夹的操作进行监控的而且我在学习这个的时候 有个疑惑 顺便问一句了
这问题比较菜 见笑了
这个单元是作为什么东东来执行的 dll吗?
为什么我没有达到预想的功能呢?
ADVAPI32.RegCloseKey
ADVAPI32.RegCreateKeyExW
ADVAPI32.RegCreateKeyW
ADVAPI32.RegDeleteValueW
ADVAPI32.RegEnumKeyExW
ADVAPI32.RegEnumKeyW
ADVAPI32.RegEnumValueW
ADVAPI32.RegNotifyChangeKeyValue
ADVAPI32.RegOpenKeyExA
ADVAPI32.RegOpenKeyExW
ADVAPI32.RegQueryInfoKeyW
ADVAPI32.RegQueryValueExA
ADVAPI32.RegQueryValueExW
ADVAPI32.RegQueryValueW
ADVAPI32.RegSetValueExW
ADVAPI32.RegSetValueW
BROWSEUI.Ordinal:006A
BROWSEUI.Ordinal:006B
BROWSEUI.Ordinal:0076
BROWSEUI.Ordinal:0087
GDI32.BitBlt
GDI32.CombineRgn
GDI32.CreateCompatibleBitmap
GDI32.CreateCompatibleDC
GDI32.CreateDIBSection
GDI32.CreateFontIndirectW
GDI32.CreatePatternBrush
GDI32.CreateRectRgn
GDI32.CreateRectRgnIndirect
GDI32.DeleteDC
GDI32.DeleteObject
GDI32.ExtTextOutW
GDI32.GetBkColor
GDI32.GetClipBox
GDI32.GetClipRgn
GDI32.GetDeviceCaps
GDI32.GetLayout
GDI32.GetObjectW
GDI32.GetStockObject
GDI32.GetTextExtentPoint32W
GDI32.GetTextExtentPointW
GDI32.GetTextMetricsW
GDI32.GetViewportOrgEx
GDI32.IntersectClipRect
GDI32.OffsetViewportOrgEx
GDI32.OffsetWindowOrgEx
GDI32.PatBlt
GDI32.SelectClipRgn
GDI32.SelectObject
GDI32.SetBkColor
GDI32.SetBkMode
GDI32.SetStretchBltMode
GDI32.SetTextColor
GDI32.SetViewportOrgEx
GDI32.StretchBlt
GDI32.TranslateCharsetInfo
KERNEL32.AssignProcessToJobObject
KERNEL32.CloseHandle
KERNEL32.CompareFileTime
KERNEL32.CreateEventA
KERNEL32.CreateEventW
KERNEL32.CreateFileW
KERNEL32.CreateIoCompletionPort
KERNEL32.CreateJobObjectW
KERNEL32.CreateMutexW
KERNEL32.CreateProcessW
KERNEL32.CreateThread
KERNEL32.DelayLoadFailureHook
KERNEL32.DeleteCriticalSection
KERNEL32.DeviceIoControl
KERNEL32.EnterCriticalSection
KERNEL32.ExitProcess
KERNEL32.ExpandEnvironmentStringsW
KERNEL32.FindClose
KERNEL32.FindFirstFileW
KERNEL32.FindNextFileW
KERNEL32.FlushInstructionCache
KERNEL32.FreeLibrary
KERNEL32.GetBinaryTypeW
KERNEL32.GetCommandLineW
KERNEL32.GetCurrentProcess
KERNEL32.GetCurrentProcessId
KERNEL32.GetCurrentThread
KERNEL32.GetCurrentThreadId
KERNEL32.GetDateFormatW
KERNEL32.GetEnvironmentVariableW
KERNEL32.GetFileAttributesExW
KERNEL32.GetFileAttributesW
KERNEL32.GetLastError
KERNEL32.GetLocaleInfoW
KERNEL32.GetLocalTime
KERNEL32.GetLongPathNameW
KERNEL32.GetModuleFileNameW
KERNEL32.GetModuleHandleA
KERNEL32.GetModuleHandleW
KERNEL32.GetPrivateProfileStringW
KERNEL32.GetProcAddress
KERNEL32.GetProcessHeap
KERNEL32.GetProcessTimes
KERNEL32.GetProfileStringW
KERNEL32.GetQueuedCompletionStatus
KERNEL32.GetStartupInfoW
KERNEL32.GetSystemDefaultLCID
KERNEL32.GetSystemDirectoryW
KERNEL32.GetSystemTimeAsFileTime
KERNEL32.GetThreadPriority
KERNEL32.GetTickCount
KERNEL32.GetTimeFormatW
KERNEL32.GetUserDefaultLangID
KERNEL32.GetUserDefaultLCID
KERNEL32.GetVersionExA
KERNEL32.GetWindowsDirectoryW
KERNEL32.GlobalAlloc
KERNEL32.GlobalFree
KERNEL32.GlobalGetAtomNameW
KERNEL32.HeapAlloc
KERNEL32.HeapDestroy
KERNEL32.HeapFree
KERNEL32.HeapReAlloc
KERNEL32.HeapSize
KERNEL32.InitializeCriticalSection
KERNEL32.InterlockedCompareExchange
KERNEL32.InterlockedDecrement
KERNEL32.InterlockedExchange
KERNEL32.InterlockedIncrement
KERNEL32.IsBadCodePtr
KERNEL32.LeaveCriticalSection
KERNEL32.LoadLibraryA
KERNEL32.LoadLibraryW
KERNEL32.LocalAlloc
KERNEL32.LocalFree
KERNEL32.lstrcatW
KERNEL32.lstrcmpiA
KERNEL32.lstrcmpiW
KERNEL32.lstrcmpW
KERNEL32.lstrcpynW
KERNEL32.lstrcpyW
KERNEL32.lstrlenW
KERNEL32.MoveFileW
KERNEL32.MulDiv
KERNEL32.OpenEventW
KERNEL32.OpenProcess
KERNEL32.ReadProcessMemory
KERNEL32.RegisterWaitForSingleObject
KERNEL32.ReleaseMutex
KERNEL32.ResetEvent
KERNEL32.ResumeThread
KERNEL32.SetCurrentDirectoryW
KERNEL32.SetErrorMode
KERNEL32.SetEvent
KERNEL32.SetInformationJobObject
KERNEL32.SetLastError
KERNEL32.SetPriorityClass
KERNEL32.SetProcessShutdownParameters
KERNEL32.SetThreadPriority
KERNEL32.Sleep
KERNEL32.SystemTimeToFileTime
KERNEL32.TerminateProcess
KERNEL32.TerminateThread
KERNEL32.UnregisterWait
KERNEL32.WaitForSingleObject
msvcrt._except_handler3
msvcrt._ftol
msvcrt._itow
msvcrt.free
msvcrt.memmove
msvcrt.realloc
ntdll.NtQueryInformationProcess
ntdll.RtlNtStatusToDosError
ole32.CoCreateInstance
ole32.CoFreeUnusedLibraries
ole32.CoInitializeEx
ole32.CoMarshalInterThreadInterfaceInStream
ole32.CoRegisterClassObject
ole32.CoRevokeClassObject
ole32.CoUninitialize
ole32.DoDragDrop
ole32.OleInitialize
ole32.OleUninitialize
ole32.RegisterDragDrop
ole32.RevokeDragDrop
OLEAUT32.SysAllocString
OLEAUT32.VariantClear
SHDOCVW.Ordinal:006E
SHDOCVW.Ordinal:006F
SHDOCVW.Ordinal:007D
SHELL32.DuplicateIcon
SHELL32.ExtractIconExW
SHELL32.Ordinal:0002
SHELL32.Ordinal:0004
SHELL32.Ordinal:0006
SHELL32.Ordinal:0010
SHELL32.Ordinal:0011
SHELL32.Ordinal:0012
SHELL32.Ordinal:0015
SHELL32.Ordinal:0016
SHELL32.Ordinal:0017
SHELL32.Ordinal:0019
SHELL32.Ordinal:001C
SHELL32.Ordinal:0036
SHELL32.Ordinal:003C
SHELL32.Ordinal:003D
SHELL32.Ordinal:0040
SHELL32.Ordinal:0043
SHELL32.Ordinal:0044
SHELL32.Ordinal:0047
SHELL32.Ordinal:0048
SHELL32.Ordinal:004D
SHELL32.Ordinal:0052
SHELL32.Ordinal:0055
SHELL32.Ordinal:0059
SHELL32.Ordinal:005A
SHELL32.Ordinal:005B
SHELL32.Ordinal:0064
SHELL32.Ordinal:0066
SHELL32.Ordinal:007F
SHELL32.Ordinal:0084
SHELL32.Ordinal:0086
SHELL32.Ordinal:0089
SHELL32.Ordinal:0093
SHELL32.Ordinal:0094
SHELL32.Ordinal:0095
SHELL32.Ordinal:0098
SHELL32.Ordinal:009A
SHELL32.Ordinal:009B
SHELL32.Ordinal:00A1
SHELL32.Ordinal:00A2
SHELL32.Ordinal:00B5
SHELL32.Ordinal:00B6
SHELL32.Ordinal:00BC
SHELL32.Ordinal:00BE
SHELL32.Ordinal:00C1
SHELL32.Ordinal:00C3
SHELL32.Ordinal:00C4
SHELL32.Ordinal:00C8
SHELL32.Ordinal:00C9
SHELL32.Ordinal:00CA
SHELL32.Ordinal:00E9
SHELL32.Ordinal:00EC
SHELL32.Ordinal:00F1
SHELL32.Ordinal:00F4
SHELL32.Ordinal:00F5
SHELL32.Ordinal:00FE
SHELL32.Ordinal:0284
SHELL32.Ordinal:0285
SHELL32.Ordinal:028D
SHELL32.Ordinal:0294
SHELL32.Ordinal:02A8
SHELL32.Ordinal:02C7
SHELL32.Ordinal:02CF
SHELL32.Ordinal:02D3
SHELL32.Ordinal:02D7
SHELL32.Ordinal:02DB
SHELL32.Ordinal:02DC
SHELL32.Ordinal:02DD
SHELL32.Ordinal:02EB
SHELL32.Ordinal:02F1
SHELL32.SHAddToRecentDocs
SHELL32.SHBindToParent
SHELL32.SHChangeNotify
SHELL32.ShellExecuteExW
SHELL32.SHGetDesktopFolder
SHELL32.SHGetFolderLocation
SHELL32.SHGetFolderPathW
SHELL32.SHGetPathFromIDListA
SHELL32.SHGetPathFromIDListW
SHELL32.SHGetSpecialFolderLocation
SHELL32.SHGetSpecialFolderPathW
SHELL32.SHUpdateRecycleBinIcon
SHLWAPI.AssocQueryKeyW
SHLWAPI.AssocQueryStringW
SHLWAPI.Ordinal:0008
SHLWAPI.Ordinal:0009
SHLWAPI.Ordinal:000A
SHLWAPI.Ordinal:009A
SHLWAPI.Ordinal:009C
SHLWAPI.Ordinal:009D
SHLWAPI.Ordinal:009E
SHLWAPI.Ordinal:00A3
SHLWAPI.Ordinal:00A4
SHLWAPI.Ordinal:00A5
SHLWAPI.Ordinal:00AB
SHLWAPI.Ordinal:00AC
SHLWAPI.Ordinal:00AE
SHLWAPI.Ordinal:00AF
SHLWAPI.Ordinal:00B0
SHLWAPI.Ordinal:00B1
SHLWAPI.Ordinal:00B2
SHLWAPI.Ordinal:00B8
SHLWAPI.Ordinal:00C0
SHLWAPI.Ordinal:00C1
SHLWAPI.Ordinal:00C2
SHLWAPI.Ordinal:00C5
SHLWAPI.Ordinal:00C7
SHLWAPI.Ordinal:00CC
SHLWAPI.Ordinal:00D4
SHLWAPI.Ordinal:00D5
SHLWAPI.Ordinal:00D7
SHLWAPI.Ordinal:00D9
SHLWAPI.Ordinal:00DB
SHLWAPI.Ordinal:00E1
SHLWAPI.Ordinal:00EC
SHLWAPI.Ordinal:00ED
SHLWAPI.Ordinal:00F0
SHLWAPI.Ordinal:00F1
SHLWAPI.Ordinal:00F4
SHLWAPI.Ordinal:00FA
SHLWAPI.Ordinal:0104
SHLWAPI.Ordinal:0116
SHLWAPI.Ordinal:0117
SHLWAPI.Ordinal:0124
SHLWAPI.Ordinal:015A
SHLWAPI.Ordinal:0164
SHLWAPI.Ordinal:019D
SHLWAPI.Ordinal:01B1
SHLWAPI.Ordinal:01B5
SHLWAPI.Ordinal:01B7
SHLWAPI.Ordinal:01CC
SHLWAPI.Ordinal:01D3
SHLWAPI.Ordinal:01DC
SHLWAPI.Ordinal:01DE
SHLWAPI.Ordinal:01DF
SHLWAPI.Ordinal:01FD
SHLWAPI.Ordinal:0200
SHLWAPI.Ordinal:0201
SHLWAPI.Ordinal:0224
SHLWAPI.PathAppendW
SHLWAPI.PathCombineW
SHLWAPI.PathFileExistsW
SHLWAPI.PathFindExtensionW
SHLWAPI.PathFindFileNameW
SHLWAPI.PathGetArgsW
SHLWAPI.PathGetDriveNumberW
SHLWAPI.PathIsDirectoryW
SHLWAPI.PathIsNetworkPathW
SHLWAPI.PathIsPrefixW
SHLWAPI.PathParseIconLocationW
SHLWAPI.PathQuoteSpacesW
SHLWAPI.PathRemoveArgsW
SHLWAPI.PathRemoveBlanksW
SHLWAPI.PathRemoveFileSpecW
SHLWAPI.PathStripToRootW
SHLWAPI.PathUnquoteSpacesW
SHLWAPI.SHCreateThread
SHLWAPI.SHDeleteEmptyKeyW
SHLWAPI.SHDeleteKeyW
SHLWAPI.SHDeleteValueW
SHLWAPI.SHGetValueW
SHLWAPI.SHOpenRegStream2W
SHLWAPI.SHQueryValueExW
SHLWAPI.SHRegCloseUSKey
SHLWAPI.SHRegCreateUSKeyW
SHLWAPI.SHRegGetBoolUSValueW
SHLWAPI.SHRegGetUSValueW
SHLWAPI.SHRegOpenUSKeyW
SHLWAPI.SHRegQueryUSValueW
SHLWAPI.SHRegSetUSValueW
SHLWAPI.SHRegWriteUSValueW
SHLWAPI.SHSetValueW
SHLWAPI.SHStrDupW
SHLWAPI.StrCatBuffW
SHLWAPI.StrCatW
SHLWAPI.StrChrW
SHLWAPI.StrCmpIW
SHLWAPI.StrCmpNIW
SHLWAPI.StrCmpNW
SHLWAPI.StrCmpW
SHLWAPI.StrCpyNW
SHLWAPI.StrCpyW
SHLWAPI.StrDupW
SHLWAPI.StrRetToBufW
SHLWAPI.StrRetToStrW
SHLWAPI.StrStrIW
SHLWAPI.StrToIntW
SHLWAPI.wnsprintfW
USER32.AdjustWindowRectEx
USER32.AllowSetForegroundWindow
USER32.AppendMenuW
USER32.BeginDeferWindowPos
USER32.BeginPaint
USER32.BringWindowToTop
USER32.CallWindowProcW
USER32.CascadeWindows
USER32.ChangeDisplaySettingsW
USER32.CharNextA
USER32.CharNextW
USER32.CharUpperBuffW
USER32.CharUpperW
USER32.CheckDlgButton
USER32.CheckMenuItem
USER32.ChildWindowFromPoint
USER32.ChildWindowFromPointEx
USER32.ClientToScreen
USER32.CloseDesktop
USER32.CopyIcon
USER32.CopyRect
USER32.CreatePopupMenu
USER32.CreateWindowExW
USER32.DeferWindowPos
USER32.DefWindowProcW
USER32.DeleteMenu
USER32.DestroyIcon
USER32.DestroyMenu
USER32.DestroyWindow
USER32.DialogBoxParamW
USER32.DispatchMessageW
USER32.DrawCaption
USER32.DrawEdge
USER32.DrawFocusRect
USER32.DrawTextW
USER32.EnableMenuItem
USER32.EnableWindow
USER32.EndDeferWindowPos
USER32.EndDialog
USER32.EndPaint
USER32.EndTask
USER32.EnumChildWindows
USER32.EnumDisplayDevicesW
USER32.EnumDisplayMonitors
USER32.EnumDisplaySettingsExW
USER32.EnumWindows
USER32.EqualRect
USER32.ExitWindowsEx
USER32.FillRect
USER32.FindWindowW
USER32.GetActiveWindow
USER32.GetAncestor
USER32.GetAsyncKeyState
USER32.GetCapture
USER32.GetClassInfoExW
USER32.GetClassLongW
USER32.GetClassNameW
USER32.GetClientRect
USER32.GetCursorPos
USER32.GetDC
USER32.GetDCEx
USER32.GetDesktopWindow
USER32.GetDlgCtrlID
USER32.GetDlgItem
USER32.GetDlgItemInt
USER32.GetDoubleClickTime
USER32.GetFocus
USER32.GetForegroundWindow
USER32.GetIconInfo
USER32.GetKeyState
USER32.GetLastActivePopup
USER32.GetMenuDefaultItem
USER32.GetMenuItemCount
USER32.GetMenuItemID
USER32.GetMenuItemInfoW
USER32.GetMenuState
USER32.GetMessagePos
USER32.GetMonitorInfoW
USER32.GetNextDlgGroupItem
USER32.GetNextDlgTabItem
USER32.GetParent
USER32.GetPropW
USER32.GetScrollInfo
USER32.GetShellWindow
USER32.GetSubMenu
USER32.GetSysColor
USER32.GetSysColorBrush
USER32.GetSystemMenu
USER32.GetSystemMetrics
USER32.GetWindow
USER32.GetWindowInfo
USER32.GetWindowLongA
USER32.GetWindowLongW
USER32.GetWindowPlacement
USER32.GetWindowRect
USER32.GetWindowThreadProcessId
USER32.InflateRect
USER32.InsertMenuW
USER32.InternalGetWindowText
USER32.IntersectRect
USER32.InvalidateRect
USER32.IsChild
USER32.IsDlgButtonChecked
USER32.IsHungAppWindow
USER32.IsIconic
USER32.IsRectEmpty
USER32.IsWindow
USER32.IsWindowEnabled
USER32.IsWindowVisible
USER32.IsZoomed
USER32.KillTimer
USER32.LoadAcceleratorsW
USER32.LoadBitmapW
USER32.LoadCursorW
USER32.LoadIconW
USER32.LoadImageW
USER32.LoadMenuW
USER32.LoadStringW
USER32.MapWindowPoints
USER32.MessageBeep
USER32.MessageBoxW
USER32.ModifyMenuW
USER32.MonitorFromPoint
USER32.MonitorFromRect
USER32.MonitorFromWindow
USER32.MoveWindow
USER32.MsgWaitForMultipleObjects
USER32.NotifyWinEvent
USER32.OffsetRect
USER32.OpenInputDesktop
USER32.PeekMessageW
USER32.PostMessageW
USER32.PostQuitMessage
USER32.PrintWindow
USER32.PtInRect
USER32.RedrawWindow
USER32.RegisterClassExW
USER32.RegisterClassW
USER32.RegisterClipboardFormatW
USER32.RegisterHotKey
USER32.RegisterWindowMessageW
USER32.ReleaseDC
USER32.RemoveMenu
USER32.RemovePropW
USER32.ScreenToClient
USER32.SendDlgItemMessageW
USER32.SendMessageCallbackW
USER32.SendMessageTimeoutW
USER32.SendMessageW
USER32.SendNotifyMessageW
USER32.SetActiveWindow
USER32.SetCapture
USER32.SetClassLongW
USER32.SetCursor
USER32.SetCursorPos
USER32.SetDlgItemInt
USER32.SetFocus
USER32.SetForegroundWindow
USER32.SetMenuDefaultItem
USER32.SetMenuItemInfoW
USER32.SetParent
USER32.SetPropW
USER32.SetRect
USER32.SetScrollInfo
USER32.SetScrollPos
USER32.SetTimer
USER32.SetWindowLongA
USER32.SetWindowLongW
USER32.SetWindowPlacement
USER32.SetWindowPos
USER32.SetWindowRgn
USER32.SetWindowTextW
USER32.ShowWindow
USER32.ShowWindowAsync
USER32.SubtractRect
USER32.SwitchToThisWindow
USER32.SystemParametersInfoW
USER32.TileWindows
USER32.TrackMouseEvent
USER32.TrackPopupMenu
USER32.TrackPopupMenuEx
USER32.TranslateAcceleratorW
USER32.TranslateMessage
USER32.UnionRect
USER32.UnregisterHotKey
USER32.UpdateWindow
USER32.WaitMessage
USER32.WindowFromPoint
USER32.wsprintfW
UxTheme.CloseThemeData
UxTheme.DrawThemeBackground
UxTheme.DrawThemeParentBackground
UxTheme.DrawThemeText
UxTheme.GetThemeBackgroundContentRect
UxTheme.GetThemeBackgroundRegion
UxTheme.GetThemeBool
UxTheme.GetThemeColor
UxTheme.GetThemeFont
UxTheme.GetThemeMargins
UxTheme.GetThemePartSize
UxTheme.GetThemeRect
UxTheme.GetThemeTextExtent
UxTheme.IsAppThemed
UxTheme.OpenThemeData
UxTheme.Ordinal:002F
UxTheme.SetWindowTheme调用的全部API(是XP下的)^_^
我把你的列表中看起来比较像的API都HOOK了 但是都没有反应后来我用API SPY监视了explorer里调用的API
发现只要explorer要调用某个dll里的API
它就会首先调用GetProcAddress 于是我就把GetProcAddress给HOOK
HOOK了GetProcAddress之后 我取得它所找的procedure的名称
结果 都是一个叫什么event什么notify的方法
所谓API 应该是OS提供给应用程序的接口
那么当操作系统做什么操作的时候 它完全可以不使用这些接口
因为这些接口都是在它之上的
我截不到API 会不会是这个原因呢
当然每次都先调用它!
因为API不外是dll中的接口
可是 结果在点开文件夹的时候 只截获到一个如上所述叫什么event什么notify的方法
给你段代码!
#define DEVICE_MAIN
#include "ifshook.h"
#undef DEVICE_MAIN //typedef EventHdl(pevent pev,pioreq pir); typedef struct _Monitored_Files{
struct _Monitored_Files *pNext_Monitored_Files;//pointer to next struct
struct _Monitored_Files *pPre_Monitored_Files;//pointer to previous struct
int sfn;//system file number
int open_count;
char path[260]; //ansi path name
}_Monitored_Files,*pMonitored_Files; //
//Declare virtual device
//
Declare_Virtual_Device(IFSHOOK) _Monitored_Files Monitored_Files;
ppIFSFileHookFunc PrevHook; DefineControlHandler(SYS_VM_INIT, OnSysVMInit);
DefineControlHandler(SYS_DYNAMIC_DEVICE_INIT, OnSysDynamicDeviceInit);
DefineControlHandler(SYS_DYNAMIC_DEVICE_EXIT, OnSysDynamicDeviceExit);
DefineControlHandler(SYS_VM_TERMINATE, OnSysVMTerminate); PCHAR ConvertPath( int drive, path_t ppath, PCHAR fullpathname )
{
int i = 0;
_QWORD result; //
// Stick on the drive letter if we know it.
//
if( drive != 0xFF ) { fullpathname[0] = drive+'A'-1;
fullpathname[1] = ':';
i = 2;
}
UniToBCSPath( &fullpathname[i], ppath->pp_elements, 260 , BCS_WANSI, &result );
return( fullpathname );
} pMonitored_Files IsFileOpened(int i){
pMonitored_Files p=&Monitored_Files; while (p){
if (i==p->sfn){
return p;
}
p=p->pNext_Monitored_Files;
}
return 0;
} BOOL ControlDispatcher(
DWORD dwControlMessage,
DWORD EBX,
DWORD EDX,
DWORD ESI,
DWORD EDI,
DWORD ECX)
{
START_CONTROL_DISPATCH ON_SYS_VM_INIT(OnSysVMInit);
ON_SYS_DYNAMIC_DEVICE_INIT(OnSysDynamicDeviceInit);
ON_SYS_DYNAMIC_DEVICE_EXIT(OnSysDynamicDeviceExit); END_CONTROL_DISPATCH return TRUE;
} int _cdecl MyIfsHook(pIFSFunc pfn, int fn, int Drive, int ResType,
int CodePage, pioreq pir)
{
int retvar,i;
char fullpathname[260];
_Monitored_Files *FileEntry;
switch(fn){
case IFSFN_OPEN:{
retvar=(*PrevHook)(pfn, fn, Drive, ResType, CodePage, pir);
ConvertPath( Drive, pir->ir_ppath, fullpathname );
FileEntry=IsFileOpened(pir->ir_sfn);
if (FileEntry){
FileEntry->open_count++;
}else{
FileEntry=&Monitored_Files;
while(1){
if (FileEntry->pNext_Monitored_Files){
FileEntry=FileEntry->pNext_Monitored_Files;
}
else{
break;
}
}
FileEntry->pNext_Monitored_Files=
HeapAllocate( sizeof(_Monitored_Files),HEAPZEROINIT);
FileEntry->pNext_Monitored_Files->pPre_Monitored_Files=FileEntry;
FileEntry=FileEntry->pNext_Monitored_Files;
FileEntry->sfn=pir->ir_sfn;
FileEntry->open_count=1;
memcpy(FileEntry->path,fullpathname,260);
}
return retvar;
} case IFSFN_READ:{
//Do something here,
//eg. Decrypt the file.
char *str;
int j;
str=pir->ir_data;
j=pir->ir_length;
retvar=(*PrevHook)(pfn, fn, Drive, ResType, CodePage, pir);
FileEntry=IsFileOpened(pir->ir_sfn);
if (!stricmp("c:\test.txt",FileEntry->path)){
for (i=0;i str[i]--;
}
}
return retvar;
} case IFSFN_WRITE:{
//Do something here
//eg. Encrypt the file
FileEntry=IsFileOpened(pir->ir_sfn);
if (FileEntry){
if (!stricmp("c:\test.txt",FileEntry->path)){
for (i=0;iir_length;i++){
(((char*)pir->ir_data)[i])++;
}
}
}
return (*PrevHook)(pfn, fn, Drive, ResType, CodePage, pir);
} case IFSFN_CLOSE:{
FileEntry=IsFileOpened(pir->ir_sfn);
if (FileEntry){
FileEntry->open_count--;
if (!FileEntry->open_count){
FileEntry->pPre_Monitored_Files->pNext_Monitored_Files=
FileEntry->pNext_Monitored_Files;
FileEntry->pNext_Monitored_Files->pPre_Monitored_Files=
FileEntry->pPre_Monitored_Files;
HeapFree(FileEntry,0);
}
}
return (*PrevHook)(pfn, fn, Drive, ResType, CodePage, pir);
} } return (*PrevHook)(pfn, fn, Drive, ResType, CodePage, pir);
} BOOL OnSysVMInit(VMHANDLE hVM){
return OnSysDynamicDeviceInit();
} BOOL OnSysDynamicDeviceInit()
{
PrevHook = IFSMgr_InstallFileSystemApiHook(MyIfsHook);
Monitored_Files.pNext_Monitored_Files=0;
Monitored_Files.pPre_Monitored_Files=0;
Monitored_Files.sfn=-1;
Monitored_Files.open_count=0;
Monitored_Files.path[0]=0; return TRUE;
} BOOL OnSysDynamicDeviceExit()
{
IFSMgr_RemoveFileSystemApiHook(MyIfsHook);
return TRUE;
} void OnSysVMTerminate(VMHANDLE hVM){
return OnSysDynamicDeviceExit();
}
但是我想知道 WDM是否也有相同的服务?
因为我需要跨不同的Windows平台
我也不熟!
好像Nicrosoft是金山毒霸组的!
帮帮忙亚 救人一命胜造七级浮屠……
explorer.exe删除文件。
驱动开发网上有相应的资料。
我试过这个函数 但是没有截获到 好像不是调用这个的说 :(
lpps:PIDLSTRUCT):integer;stdcall;external 'Shell32.dll' index 2; 其中参数hWnd定义了监视系统操作的窗口得句柄,参数uFlags dwEventID定义监视操作参数,参数uMsg定义操作消息,参数cItems定义附加参数,参数lpps指定一个PIDLSTRUCT结构,该结构指定监视的目录。 当函数调用成功之后,函数会返回一个监视操作句柄,同时系统就会将hWnd指定的窗口加入到操作监视链中,当有文件操作发生时,系统会向hWnd发送uMsg指定的消息,我们只要在程序中加入该消息的处理函数就可以实现对系统操作的监视了。 如果要退出程序监视,就要调用另外一个未公开得函数SHChangeNotifyDeregister来取消程序监视。 下面是使用Delphi编写的具体程序实现范例,首先建立一个新的工程文件,然后在Form1中加入一个Button控件和一个Memo控件, 程序的代码如下: unit Unit1;
interface
uses
Windows, Messages, SysUtils, Classes, Graphics, Controls, Forms, Dialogs,
StdCtrls,shlobj,Activex;
const
SHCNE_RENAMEITEM = $1;
SHCNE_CREATE = $2;
SHCNE_DELETE = $4;
SHCNE_MKDIR = $8;
SHCNE_RMDIR = $10;
SHCNE_MEDIAINSERTED = $20;
SHCNE_MEDIAREMOVED = $40;
SHCNE_DRIVEREMOVED = $80;
SHCNE_DRIVEADD = $100;
SHCNE_NETSHARE = $200;
SHCNE_NETUNSHARE = $400;
SHCNE_ATTRIBUTES = $800;
SHCNE_UPDATEDIR = $1000;
SHCNE_UPDATEITEM = $2000;
SHCNE_SERVERDISCONNECT = $4000;
SHCNE_UPDATEIMAGE = $8000;
SHCNE_DRIVEADDGUI = $10000;
SHCNE_RENAMEFOLDER = $20000;
SHCNE_FREESPACE = $40000;
SHCNE_ASSOCCHANGED = $8000000;
SHCNE_DISKEVENTS = $2381F;
SHCNE_GLOBALEVENTS = $C0581E0;
SHCNE_ALLEVENTS = $7FFFFFFF;
SHCNE_INTERRUPT = $80000000;
SHCNF_IDLIST = 0;
// LPITEMIDLIST
SHCNF_PATHA = $1;
// path name
SHCNF_PRINTERA = $2;
// printer friendly name
SHCNF_DWORD = $3;
// DWORD
SHCNF_PATHW = $5;
// path name
SHCNF_PRINTERW = $6;
// printer friendly name
SHCNF_TYPE = $FF;
SHCNF_FLUSH = $1000;
SHCNF_FLUSHNOWAIT = $2000;
SHCNF_PATH = SHCNF_PATHW;
SHCNF_PRINTER = SHCNF_PRINTERW;
WM_SHNOTIFY = $401;
NOERROR = 0;
type
TForm1 = class(TForm)
Button1: TButton;
Memo1: TMemo;
procedure FormClose(Sender: TObject; var Action: TCloseAction);
procedure Button1Click(Sender: TObject);
procedure FormCreate(Sender: TObject);
private
{ Private declarations }
procedure WMShellReg(var Message:TMessage);message WM_SHNOTIFY;
public
{ Public declarations }
end;
type PSHNOTIFYSTRUCT=^SHNOTIFYSTRUCT;
SHNOTIFYSTRUCT = record
dwItem1 : PItemIDList;
dwItem2 : PItemIDList;
end;
Type PSHFileInfoByte=^SHFileInfoByte;
_SHFileInfoByte = record
hIcon :Integer;
iIcon :Integer;
dwAttributes : Integer;
szDisplayName : array [0..259] of char;
szTypeName : array [0..79] of char;
end;
SHFileInfoByte=_SHFileInfoByte;
Type PIDLSTRUCT = ^IDLSTRUCT;
_IDLSTRUCT = record
pidl : PItemIDList;
bWatchSubFolders : Integer;
end;
IDLSTRUCT =_IDLSTRUCT;
function SHNotify_Register(hWnd : Integer) : Bool;
function SHNotify_UnRegister:Bool;
function SHEventName(strPath1,strPath2:string;lParam:Integer):string;
Function SHChangeNotifyDeregister(hNotify:integer):integer;stdcall;
external 'Shell32.dll' index 4;
Function SHChangeNotifyRegister(hWnd,uFlags,dwEventID,uMSG,cItems:LongWord;
lpps:PIDLSTRUCT):integer;stdcall;external 'Shell32.dll' index 2;
Function SHGetFileInfoPidl(pidl : PItemIDList;
dwFileAttributes : Integer;
psfib : PSHFILEINFOBYTE;
cbFileInfo : Integer;
uFlags : Integer):Integer;stdcall;
external 'Shell32.dll' name 'SHGetFileInfoA';
var
Form1: TForm1;
m_hSHNotify:Integer;
m_pidlDesktop : PItemIDList;
implementation
{$R *.DFM}
function SHEventName(strPath1,strPath2:string;lParam:Integer):string;
var
sEvent:String;
begin
case lParam of //根据参数设置提示消息
SHCNE_RENAMEITEM: sEvent := '重命名文件'+strPath1+'为'+strpath2;
SHCNE_CREATE: sEvent := '建立文件 文件名:'+strPath1;
SHCNE_DELETE: sEvent := '删除文件 文件名:'+strPath1;
SHCNE_MKDIR: sEvent := '新建目录 目录名:'+strPath1;
SHCNE_RMDIR: sEvent := '删除目录 目录名:'+strPath1;
SHCNE_MEDIAINSERTED: sEvent := strPath1+'中插入可移动存储介质';
SHCNE_MEDIAREMOVED: sEvent := strPath1+'中移去可移动存储介质'+strPath1+' '+strpath2;
SHCNE_DRIVEREMOVED: sEvent := '移去驱动器'+strPath1;
SHCNE_DRIVEADD: sEvent := '添加驱动器'+strPath1;
SHCNE_NETSHARE: sEvent := '改变目录'+strPath1+'的共享属性';
SHCNE_ATTRIBUTES: sEvent := '改变文件目录属性 文件名'+strPath1;
SHCNE_UPDATEDIR: sEvent := '更新目录'+strPath1;
SHCNE_UPDATEITEM: sEvent := '更新文件 文件名:'+strPath1;
SHCNE_SERVERDISCONNECT: sEvent := '断开与服务器的连接'+strPath1+' '+strpath2;
SHCNE_UPDATEIMAGE: sEvent := 'SHCNE_UPDATEIMAGE';
SHCNE_DRIVEADDGUI: sEvent := 'SHCNE_DRIVEADDGUI';
SHCNE_RENAMEFOLDER: sEvent := '重命名文件夹'+strPath1+'为'+strpath2;
SHCNE_FREESPACE: sEvent := '磁盘空间大小改变';
SHCNE_ASSOCCHANGED: sEvent := '改变文件关联';
else
sEvent:='未知操作'+IntToStr(lParam);
end;
Result:=sEvent;
end;
function SHNotify_Register(hWnd : Integer) : Bool;
var
ps:PIDLSTRUCT;
begin
{$R-}
Result:=False;
If m_hSHNotify = 0 then begin
//获取桌面文件夹的Pidl
if SHGetSpecialFolderLocation(0, CSIDL_DESKTOP,
m_pidlDesktop)<> NOERROR then
Form1.close;
if Boolean(m_pidlDesktop) then begin
ps.bWatchSubFolders := 1;
ps.pidl := m_pidlDesktop;
// 利用SHChangeNotifyRegister函数注册系统消息处理
m_hSHNotify := SHChangeNotifyRegister(hWnd, (SHCNF_TYPE Or SHCNF_IDLIST),
(SHCNE_ALLEVENTS Or SHCNE_INTERRUPT),
WM_SHNOTIFY, 1, ps);
Result := Boolean(m_hSHNotify);
end
Else
// 如果出现错误就使用 CoTaskMemFree函数来释放句柄
CoTaskMemFree(m_pidlDesktop);
End;
{$R+}
end;
function SHNotify_UnRegister:Bool;
begin
Result:=False;
If Boolean(m_hSHNotify) Then
//取消系统消息监视,同时释放桌面的Pidl
If Boolean(SHChangeNotifyDeregister(m_hSHNotify)) Then begin
{$R-}
m_hSHNotify := 0;
CoTaskMemFree(m_pidlDesktop);
Result := True;
{$R-}
End;
end;
procedure TForm1.WMShellReg(var Message:TMessage); //系统消息处理函数
var
strPath1,strPath2:String;
charPath:array[0..259]of char;
pidlItem:PSHNOTIFYSTRUCT;
begin
pidlItem:=PSHNOTIFYSTRUCT(Message.wParam);
//获得系统消息相关得路径
SHGetPathFromIDList(pidlItem.dwItem1,charPath);
strPath1:=charPath;
SHGetPathFromIDList(pidlItem.dwItem2,charPath);
strPath2:=charPath;
Memo1.Lines.Add(SHEvEntName(strPath1,strPath2,Message.lParam)+chr(13)+chr(10));
end;
procedure TForm1.FormClose(Sender: TObject; var Action: TCloseAction);
begin
//在程序退出的同时删除监视
if Boolean(m_pidlDesktop) then
SHNotify_Unregister;
end;
procedure TForm1.Button1Click(Sender: TObject); //Button1的Click消息
begin
m_hSHNotify:=0;
if SHNotify_Register(Form1.Handle) then begin //注册Shell监视
ShowMessage('Shell监视程序成功注册');
Button1.Enabled := False;
end
else
ShowMessage('Shell监视程序注册失败');
end;
procedure TForm1.FormCreate(Sender: TObject);
begin
Button1.Caption := '打开监视';
真是救民于水火之中啊 万分感谢!