小贝子编程

对来自SYSTEM onwed进程的登录用户使用SetWinEventHook



我正在开发一个应用程序,该应用程序使用SYSTEM级别的权限运行,由SYSTEM用户创建。我需要跟踪当前登录用户的前台活动。我正在使用SetWinEventHook进行相同操作。当我从当前用户运行应用程序时,它运行良好。但是,如果我使用SYSTEM用户启动应用程序,它就无法接收事件。是否有任何变通方法可以通过用户上下文触发此问题?

编辑:g_hook=SetWinEventHook(EVENT_SYSTEM_FOREGROUND、EVENT_SSYSTEM_FOREGROUND,NULL,focusChangeCallbackHandle,0,0,WINEVENT_OUTOFCONTEXT(;focusChangeCallbackHandle是与调用方函数在同一命名空间中的

编辑2:

在此处添加我的样板代码:我正在使用pstools与SYSTEM用户一起运行二进制文件。也不知道为什么,但在运行ThreadDesktop和WindowStation的任何getter/setter后,我的应用程序停止在控制台上打印。

void ForegroundCheck() {
printf("In thread n");
HWINSTA orgWS = GetProcessWindowStation();
printf("Done GetProcessWindowStation n");
if (orgWS) {
printf("In GetProcessWindowStation n");
HWINSTA itrWS = OpenWindowStation(TEXT("WinSta0"), true, GENERIC_ALL);
if (itrWS) {
printf("In OpenWindowStation n");
if (SetProcessWindowStation(itrWS)) {
printf("In SetProcessWindowStation n");
HDESK iD = OpenInputDesktop(DF_ALLOWOTHERACCOUNTHOOK, true, GENERIC_ALL);
if (iD) {
if (!SetThreadDesktop(iD)) {
printf("SetThreadDesktop failed: %lu n", GetLastError());
} else {
printf("setting hoook");
// SetWinEventHook sets the hook for the mentioned event. 
// In current case EVENT_SYSTEM_FOREGROUND. When ever EVENT_SYSTEM_FOREGROUND is triggerd HandleWinEvent will be called
g_hook = SetWinEventHook(
EVENT_SYSTEM_FOREGROUND, EVENT_SYSTEM_FOREGROUND,  // Range of events (4 to 5).
NULL,                                          // Handle to DLL.
HandleWinEvent,                                // The callback.
0, 0,              // Process and thread IDs of interest (0 = all)
WINEVENT_OUTOFCONTEXT);
MSG msg;
//GetMessage(&msg, NULL, 0, 0);
while (WaitMessage() && set) {
PeekMessage(&msg, NULL, 0, 0, PM_REMOVE);
}
}
} else {
printf("OpenInputDesktop failed: %lu n", GetLastError());
}
SetProcessWindowStation(orgWS);
} else {
printf("SetProcessWindowStation failed: %lu n", GetLastError());
}
CloseWindowStation(itrWS);
} else {
printf("OpenWindowStation failed: %lu n", GetLastError());
}
} else {
printf("GetProcessWindowStation failed: %lu n", GetLastError());
}


}

int main() {
bool retVal = false;

printf("In Main n");

CoInitialize(NULL);

std::thread t(ForegroundCheck);
printf("In thread started n");
std::cin.get();
// Deinit
UnhookWinEvent(g_hook);
set = false;
t.join();
CoUninitialize();
return 0;
}

感谢

每个登录的用户都有单独的桌面。所以,如果您想跟踪前台活动,您的流程需要作为用户组运行。您可以使用CreateProcessAsUser以用户身份创建另一个进程。

相关内容

  • 没有找到相关文章

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium