請問如何同時監視多個機碼的變化 ? |
缺席
|
pcboy
版主 發表:177 回覆:1838 積分:1463 註冊:2004-01-13 發送簡訊給我 |
|
pcboy
版主 發表:177 回覆:1838 積分:1463 註冊:2004-01-13 發送簡訊給我 |
小弟找到的範例 ( 只能監控一個機碼)
<textarea class="delphi" rows="10" cols="60" name="code"> unit Unit1; interface uses Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms, Dialogs, StdCtrls, RegMonitorThread; type TForm1 = class(TForm) Memo1: TMemo; Label1: TLabel; procedure FormCreate(Sender: TObject); procedure FormDestroy(Sender: TObject); private procedure WMREGCHANGE(var Msg : TMessage); message WM_REGCHANGE; public { Public declarations } end; var Form1: TForm1; RegMonitorThread : TRegMonitorThread; implementation {$R *.dfm} procedure TForm1.FormCreate(Sender: TObject); begin RegMonitorThread := TRegMonitorThread.Create; with RegMonitorThread do begin FreeOnTerminate:=True; Wnd := Form1.Handle; Key := 'Software\Microsoft'; RootKey := HKEY_LOCAL_MACHINE; WatchSub := True; Resume; end; end; procedure TForm1.FormDestroy(Sender: TObject); begin RegMonitorThread.Terminate; end; procedure TForm1.WMREGCHANGE(var Msg: TMessage); begin Memo1.Lines.Add('-------------------------------------------'); Memo1.Lines.Add('Registry change at ' DateTimeToStr(Now)); Memo1.Lines.Add(IntToStr(RegMonitorThread.ChangeData.RootKey) ' - ' RegMonitorThread.ChangeData.Key); end; end.</textarea> *************************************************************************** <textarea class="delphi" rows="10" cols="60" name="code"> unit RegMonitorThread; interface uses Classes, Windows, Messages, Registry, SysUtils; const WM_REGCHANGE = WM_USER 1973; //Need to redeclare the API function - instead of BOOL is uses DWORD. function RegNotifyChangeKeyValue(hKey: HKEY; bWatchSubtree: DWORD; dwNotifyFilter: DWORD; hEvent: THandle; fAsynchronus: DWORD): Longint; stdcall; external 'advapi32.dll' name 'RegNotifyChangeKeyValue'; type TChangeData = record Key : string; RootKey : HKey; end; TRegMonitorThread = class(TThread) private FReg: TRegistry; FEvent: Integer; fChangeData : TChangeData; fKey: string; fRootKey: HKey; fWatchSub: boolean; fFilter: integer; fWnd: THandle; procedure InitThread; procedure SetFilter(const Value: integer); function GetFilter: integer; function GetChangeData: TChangeData; public constructor Create; destructor Destroy; override; property Key: string read fKey write fKey; property RootKey: HKey read fRootKey write fRootKey; property WatchSub: boolean read fWatchSub write fWatchSub; property Filter: integer read GetFilter write SetFilter; property Wnd: THandle read fWnd write fWnd; property ChangeData : TChangeData read GetChangeData; protected procedure Execute; override; end; implementation { TRegMonitorThread } constructor TRegMonitorThread.Create; begin // Execute won be called until after Resume is called. inherited Create(True); FReg := TRegistry.Create; end; destructor TRegMonitorThread.Destroy; begin FReg.Free; inherited; end; procedure TRegMonitorThread.InitThread; begin FReg.RootKey := RootKey; if not FReg.OpenKeyReadOnly(Key) then begin raise Exception.Create('Unable to open registry key ' Key); end; FEvent := CreateEvent(nil, True, False, 'RegMonitorChange'); RegNotifyChangeKeyValue(FReg.CurrentKey, 1, Filter, FEvent, 1); end; procedure TRegMonitorThread.Execute; begin InitThread; while not Terminated do begin if WaitForSingleObject(FEvent, INFINITE) = WAIT_OBJECT_0 then begin fChangeData.RootKey := RootKey; fChangeData.Key := Key; SendMessage(Wnd, WM_REGCHANGE, RootKey, LongInt(PChar(Key))); ResetEvent(FEvent); RegNotifyChangeKeyValue(FReg.CurrentKey, 1, Filter, FEvent, 1); end; end; end; procedure TRegMonitorThread.SetFilter(const Value: integer); begin if fFilter <> Value then begin fFilter := Value; end; end; function TRegMonitorThread.GetFilter: integer; begin if fFilter = 0 then begin fFilter:= REG_NOTIFY_CHANGE_NAME or REG_NOTIFY_CHANGE_ATTRIBUTES or REG_NOTIFY_CHANGE_LAST_SET or REG_NOTIFY_CHANGE_SECURITY; end; Result := fFilter; end; function TRegMonitorThread.GetChangeData: TChangeData; begin Result := fChangeData; end; end. </textarea><br />
------
能力不足,求助於人;有能力時,幫幫別人;如果您滿意答覆,請適時結案! 子曰:問有三種,不懂則問,雖懂有疑則問,雖懂而想知更多則問! |
pcboy
版主 發表:177 回覆:1838 積分:1463 註冊:2004-01-13 發送簡訊給我 |
測試1:
小弟嘗試多宣告一個 RegMonitorThread2 改成下面, 但是無論Software\Microsoft 或 Software\JavaSoft 被改, 都是顯示 Software\Microsoft 被改 procedure TForm1.FormCreate(Sender: TObject); begin RegMonitorThread := TRegMonitorThread.Create; with RegMonitorThread do begin FreeOnTerminate:=True; Wnd := Form1.Handle; Key := 'Software\Microsoft'; RootKey := HKEY_LOCAL_MACHINE; WatchSub := True; Resume; end; RegMonitorThread2 := TRegMonitorThread.Create; with RegMonitorThread2 do begin FreeOnTerminate:=True; Wnd := Form1.Handle; Key := 'Software\JavaSoft'; RootKey := HKEY_LOCAL_MACHINE; WatchSub := True; Resume; end; end; 測試 2: 若修改 TForm1.WMREGCHANGE 成下面, 又會變成不論哪個機碼被改, 都會顯示兩個都被改了 procedure TForm1.WMREGCHANGE(var Msg: TMessage); begin Memo1.Lines.Add('-------------------------------------------'); Memo1.Lines.Add('Registry change at ' DateTimeToStr(Now)); Memo1.Lines.Add(IntToStr(RegMonitorThread.ChangeData.RootKey) ' - ' RegMonitorThread.ChangeData.Key); Memo1.Lines.Add(IntToStr(RegMonitorThread2.ChangeData.RootKey) ' - ' RegMonitorThread2.ChangeData.Key); end; 測試三 private procedure WMREGCHANGE(var Msg : TMessage); message WM_REGCHANGE; 改為 private procedure WMREGCHANGE(var Msg : TMessage; var RootKey: HKEY; var Key:String); message WM_REGCHANGE; 出現 Invalid message parameter list 錯誤
------
能力不足,求助於人;有能力時,幫幫別人;如果您滿意答覆,請適時結案! 子曰:問有三種,不懂則問,雖懂有疑則問,雖懂而想知更多則問! |
bugmans
高階會員 發表:95 回覆:322 積分:188 註冊:2003-04-12 發送簡訊給我 |
|
bugmans
高階會員 發表:95 回覆:322 積分:188 註冊:2003-04-12 發送簡訊給我 |
|
pcboy
版主 發表:177 回覆:1838 積分:1463 註冊:2004-01-13 發送簡訊給我 |
|
pcboy
版主 發表:177 回覆:1838 積分:1463 註冊:2004-01-13 發送簡訊給我 |
http://www.microsoft.com/technet/sysinternals/utilities/regmon.mspx
Content Removed ===================引 用 bugmans 文 章=================== http://www.microsoft.com/technet/sysinternals/utilities/regmon.mspx 其中一段有提到要用VxD service hooking的技術,這東西我也不懂, 記得RegMon以前的版本好像有原始碼你自己再找看看
------
能力不足,求助於人;有能力時,幫幫別人;如果您滿意答覆,請適時結案! 子曰:問有三種,不懂則問,雖懂有疑則問,雖懂而想知更多則問! |
本站聲明 |
1. 本論壇為無營利行為之開放平台,所有文章都是由網友自行張貼,如牽涉到法律糾紛一切與本站無關。 2. 假如網友發表之內容涉及侵權,而損及您的利益,請立即通知版主刪除。 3. 請勿批評中華民國元首及政府或批評各政黨,是藍是綠本站無權干涉,但這裡不是政治性論壇! |