Session, Station, Desktop, Hooking
- From: "news.midco.net" <infro_infro@xxxxxxxxxxxxxxxxxx>
- Date: Fri, 6 Mar 2009 18:41:01 -0600
Hello,
I am trying to create monitoring software for XP+ OS's.
I'm looking for feedback to tell me if I missed something, or am doing
something the wrong way.
Is there a way to monitor Desktop Creation/Switching?
Is the best method for having desktop being hooked
What I'm currently trying to do is:
Have a service with HandlerEx detect session changes
For each user that logs on, use CreateProcess to create a process that:
(CreateProcess for a process as LocalSystem, for global hook functionality)
Loads SQL Connection string (Created with Everyone has Read
Properties, in HKEY_LOCALMACHINE\...)
Create Table/Whatnot
CreateFileMapping and CreateEvent with NULL DACL, and names based
upon the LUID
?Hook Winstation/Desktop Creation? ( Is there a way to monitor their
creation/destruction without making an API hook? )
?Hook Switch Desktop?
For each Winstation (I've read that terminal services, and
everything only use WinSta0 for user input, is this right?)
SetProcessWinstation
For each Desktop that is not winlogon/lock
SetThreadDesktop(GetInputDesktop)
Install WH_SHELL hook
Hook mapsview and opens event, notifying process of
changes (synchronized via atomicly modified shared variable)
Loop that monitor's Logoff, and WH_SHELL changes
Shutdown/logoff, send message to child process(es)
PS. Ctrl+Enter = arg!
.
- Follow-Ups:
- Re: Session, Station, Desktop, Hooking
- From: Infro
- Re: Session, Station, Desktop, Hooking
- Prev by Date: Session, Windows Stations, Desktops, and Hooking question(s)
- Next by Date: Re: Session, Station, Desktop, Hooking
- Previous by thread: Session, Windows Stations, Desktops, and Hooking question(s)
- Next by thread: Re: Session, Station, Desktop, Hooking
- Index(es):
Relevant Pages
|
