WINDOWS未公开函数揭密
这次介绍的是如何利用Windows未公开函数实现系统文件操作监视功能。利用该功能可以对Windows下的任何文件操作,包括建立文件、文件夹;删除文件;改变文件大小等操作都可以纪录在案。 首先来介绍实现上面操作的两个未公开函数:SHChangeNotifyRegister和SHChangeNotifyDeregister,SHChangeNotifyRegister函数的定义如下: Declare Function SHChangeNotifyRegister Lib “shell32" Alias “#2" _ (ByVal hWnd As Long, _ ByVal uFlags As SHCN_ItemFlags, _ ByVal dwEventID As SHCN_EventIDs, ByVal uMsg As Long, _ ByVal cItems As Long, _ lpps As PIDLSTRUCT) As Long 其中参数hWnd指定接受系统通告的窗口句柄,参数uMsg指定消息值,如果函数调用成功,系统就会将hWnd指定的窗口加入到系统通告链中,并且返回系统通告句柄。当有建立文件等系统操作发生时,系统会向hWnd指定的窗口发送uMsg消息,关于其它参数,会在下面的程序中说明。函数SHChangeNotifyDeregister的定义如下: Declare Function SHChange Notify Deregister Lib“shell32" Alias “#4" _ (ByVal hNotify As Long) As Boolean 其中参数hNotify指定系统通告的句柄。 下面是操作的具体的VB范例: 首先建立一个新的工程,在Form1中加入一个TextBox控件。在Form1的代码窗口之中加入以下代码: Option Explicit Private Sub Form_Load() If SubClass(hWnd) Then ''''改变Form1的消息处理函数 If IsIDE Then Text1.Text = vbCrLf & _ “一个 Windows的文件目录操作即时监视程序," & vbCrLf & “可以监视在Explore中的重命名、新建、删除文" & _ vbCrLf & “件或目录;改变文件关联;插入、取出CD和添加“& vbCrLf & "删除网络共享都可以被该程序记录下来。" End If Call SHNotify_Register(hWnd) Else Text1 =“系统不支持操作监视程序 :-)" End If Move Screen.Width - Width, Screen.Height - Height End Sub Private Function IsIDE() As Boolean On Error GoTo Out Debug.Print 1 / 0 Out: IsIDE = Err End Function Private Sub Form_Unload(Cancel As Integer) Call SHNotify_Unregister Call UnSubClass(hWnd) End Sub Public Sub NotificationReceipt(wParam As Long, lParam As Long) Dim sOut As String Dim shns As SHNOTIFYSTRUCT Dim sDisplayname1 As String Dim sDisplayname2 As String MoveMemory shns, ByVal wParam, Len(shns) If shns.dwItem1 Then sDisplayname1 = GetDisplayNameFromPIDL(shns.dwItem1) End If If shns.dwItem2 Then sDisplayname2 = GetDisplayNameFromPIDL(shns.dwItem2) End If sOut = SHNotify_ GetEvent Str(sDisplayname1, sDisplayname2, lParam) & vbCrLf Text1 = Text1 & sOut & vbCrLf Text1.SelStart = Len(Text1) End Sub 然后在工程中加入三个模块(Bas)文件,将三个文件分别保存为mDef.Bas、mShell.Bas、mSub.Bas。在mDef.Bas中加入以下代码: ''''mDef.Bas包含Shell操作的函数和数据类型的定义 Option Explicit Declare Sub MoveMemory Lib “kernel32" Alias“RtlMoveMemory" (pDest As Any, _ pSource As Any, ByVal dwLength As Long) Declare Sub CoTaskMemFree Lib “ole32.dll" (ByVal pv As Long) Public Const MAX_PATH = 260 Public Const NOERROR = 0 ''''SHGetSpecialFolderLocation获得某一个特殊的目录的位置,如果函数调用成功返回NOERROR ''''或者一个OLE错误 Declare Function SHGetSpecialFolderLocation Lib “shell32.dll" _ (ByVal hwndOwner As Long, _ ByVal nFolder As SHSpecialFolderIDs, _ pidl As Long) As Long Public Enum SHSpecialFolderIDs ''''列出所有Windows下特殊文件夹的ID CSIDL_DESKTOP = &H0 CSIDL_INTERNET = &H1 CSIDL_PROGRAMS = &H2 CSIDL_CONTROLS = &H3 CSIDL_PRINTERS = &H4 CSIDL_PERSONAL = &H5 CSIDL_FAVORITES = &H6 CSIDL_STARTUP = &H7 CSIDL_RECENT = &H8 CSIDL_SENDTO = &H9 CSIDL_BITBUCKET = &HA CSIDL_STARTMENU = &HB CSIDL_DESKTOPDIRECTORY = &H10 CSIDL_DRIVES = &H11 CSIDL_NETWORK = &H12 CSIDL_NETHOOD = &H13 CSIDL_FONTS = &H14 CSIDL_TEMPLATES = &H15 CSIDL_COMMON_STARTMENU = &H16 CSIDL_COMMON_PROGRAMS = &H17 CSIDL_COMMON_STARTUP = &H18 CSIDL_COMMON_DESKTOPDIRECTORY = &H19 CSIDL_APPDATA = &H1A CSIDL_PRINTHOOD = &H1B CSIDL_ALTSTARTUP = &H1D CSIDL_COMMON_ALTSTARTUP = &H1E CSIDL_COMMON_FAVORITES = &H1F CSIDL_INTERNET_CACHE = &H20 CSIDL_COOKIES = &H21 CSIDL_HISTORY = &H22 End Enum ''''SHGetPathFromIDList函数将一个Item转换为文件路径 Declare Function SHGetPathFromIDList Lib“shell32.dll" Alias “SHGetPathFromIDListA" _ (ByVal pidl As Long, _ ByVal pszPath As String) As Long ''''SHGetFileInfoPidl函数获得某个文件对象的信息。 Declare Function SHGetFileInfoPidl Lib “shell32" Alias“SHGetFileInfoA" (ByVal pidl As Long, _ ByVal dwFileAttributes As Long, _ psfib As SHFILEINFOBYTE, _ ByVal cbFileInfo As Long, _ ByVal uFlags As SHGFI_flags) As Long Public Type SHFILEINFOBYTE hIcon As Long iIcon As Long dwAttributes As Long szDisplayName(1 To MAX_PATH) As Byte szTypeName(1 To 80) As Byte End Type Declare Function SHGetFileInfo Lib “shell32" Alias “SHGetFileInfoA" _ (ByVal pszPath As String, _ ByVal dwFileAttributes As Long, _ psfi As SHFILEINFO, _ ByVal cbFileInfo As Long, _ ByVal uFlags As SHGFI_flags) As Long Public Type SHFILEINFO hIcon As Long iIcon As Long dwAttributes As Long szDisplayName As String * MAX_PATH szTypeName As String * 80 End Type Enum SHGFI_flags SHGFI_LARGEICON = &H0 SHGFI_SMALLICON = &H1 SHGFI_OPENICON = &H2 SHGFI_SHELLICONSIZE = &H4 SHGFI_PIDL = &H8 SHGFI_USEFILEATTRIBUTES = &H10 SHGFI_ICON = &H100 SHGFI_DISPLAYNAME = &H200 SHGFI_TYPENAME = &H400 SHGFI_ATTRIBUTES = &H800 SHGFI_ICONLOCATION = &H1000 SHGFI_EXETYPE = &H2000 SHGFI_SYSICONINDEX = &H4000 SHGFI_LINKOVERLAY = &H8000 SHGFI_SELECTED = &H10000 End Enum
没有相关教程
|