Hi Group,
for a software license management application, I need to write a utility that detects in real-time which application gets launched by the OS, either from the GUI or from the CMD-shell (or any other shell for that matter). It's not just a matter of knowing which application is installed on a workstation, actual usage needs to be logged.
Since there are currently many applications in the portfolio, writing a simple logging wrapper for each exe is way too much work. Rather I was hoping to use the Win32 API somehow and have the OS tell me what is happening when.
How could I solve this challenge?
Thanks for any hints you may come up with !
Real-time check/logging on which application gets launched
-
dell_jockey
- Enthusiast
- Posts: 767
- Joined: Sat Jan 24, 2004 6:56 pm
Re: Real-time check/logging on which application gets launch
> writing a simple logging wrapper for each exe is way too much work
I once tried making a wrapper from a VB example without much success.
Basically, you have to change the (Default) Registry value found here...
HKEY_CLASSES_ROOT\exefile\shell\open\command
...to point to your own exe instead, by giving it this value:
Chr(34)+MyExeDir$+"MyExe.exe"+Chr(34)+" "+Chr(34)+"%1"+Chr(34)+" %*"
For your reference, the (Default) value, if you need to change it back, is:
Chr(34)+"%1"+Chr(34)+" %*"
I only met with limited success with this, although the VB example is
supposed to work. I got busy with other projects and never got back
to this, so perhaps you can get it working. What is does is launch your
own exe whenever any exe is run, so then it's up to your exe to parse
the commandline and launch the other exe that the commandline gave.
Naturally you can do any logging first, before launching the other exe...
I once tried making a wrapper from a VB example without much success.
Basically, you have to change the (Default) Registry value found here...
HKEY_CLASSES_ROOT\exefile\shell\open\command
...to point to your own exe instead, by giving it this value:
Chr(34)+MyExeDir$+"MyExe.exe"+Chr(34)+" "+Chr(34)+"%1"+Chr(34)+" %*"
For your reference, the (Default) value, if you need to change it back, is:
Chr(34)+"%1"+Chr(34)+" %*"
I only met with limited success with this, although the VB example is
supposed to work. I got busy with other projects and never got back
to this, so perhaps you can get it working. What is does is launch your
own exe whenever any exe is run, so then it's up to your exe to parse
the commandline and launch the other exe that the commandline gave.
Naturally you can do any logging first, before launching the other exe...
-
dell_jockey
- Enthusiast
- Posts: 767
- Joined: Sat Jan 24, 2004 6:56 pm
Hi PB,
thanks for that idea. It's still something of a wrapper type of solution, but the advantage would be that I'd need to write only a single one. Also I have to test and see if applications that get launched from the cmd-shell are captured with this method as well.
My original question was focussed on finding an API function, that tells me what is going on. If such an API function indeed exists, I could write a callback that the OS calls every time this API function gets activated. I'd still like to find such a function, because in that case I'd have a way of having everything run as a local service.
Thanks again!
thanks for that idea. It's still something of a wrapper type of solution, but the advantage would be that I'd need to write only a single one. Also I have to test and see if applications that get launched from the cmd-shell are captured with this method as well.
My original question was focussed on finding an API function, that tells me what is going on. If such an API function indeed exists, I could write a callback that the OS calls every time this API function gets activated. I'd still like to find such a function, because in that case I'd have a way of having everything run as a local service.
Thanks again!
If you were looking for NT-only, you could take a look at this, but the function provided for detecting processes launching requires some of the code to run as a driver apparently:
http://www.codeguru.com/system/ProcMon.html
Another option might be to search out the process enumeration code I posted on here a while ago (works on 9x and NT -- search for Process32First), in which case you could possibly compare the list of processes 'before and after', every 'x' milliseconds...
http://www.codeguru.com/system/ProcMon.html
Another option might be to search out the process enumeration code I posted on here a while ago (works on 9x and NT -- search for Process32First), in which case you could possibly compare the list of processes 'before and after', every 'x' milliseconds...
-
dell_jockey
- Enthusiast
- Posts: 767
- Joined: Sat Jan 24, 2004 6:56 pm