10月122019
win系统事件消息监控
#RequireAdmin
#PRE_UseX64=n
Global Const $SHCNE_RENAMEITEM = 1
Global Const $SHCNE_CREATE = 2
Global Const $SHCNE_DELETE = 4
Global Const $SHCNE_MKDIR = 8
Global Const $SHCNE_RMDIR = 16
Global Const $SHCNE_MEDIAINSERTED = 32
Global Const $SHCNE_MEDIAREMOVED = 64
Global Const $SHCNE_DRIVEREMOVED = 128
Global Const $SHCNE_DRIVEADD = 256
Global Const $SHCNE_NETSHARE = 512
Global Const $SHCNE_NETUNSHARE = 1024
Global Const $SHCNE_ATTRIBUTES = 2048
Global Const $SHCNE_UPDATEDIR = 4096
Global Const $SHCNE_UPDATEITEM = 8192
Global Const $SHCNE_SERVERDISCONNECT = 16384
Global Const $SHCNE_UPDATEIMAGE = 32768
Global Const $SHCNE_DRIVEADDGUI = 65536
Global Const $SHCNE_RENAMEFOLDER = 131072
Global Const $SHCNE_FREESPACE = 262144
Global Const $SHCNE_ASSOCCHANGED = 134217728
Global Const $SHCNE_DISKEVENTS = 145439
Global Const $SHCNE_GLOBALEVENTS = 201687520
Global Const $SHCNE_ALLEVENTS = 2147483647
Global Const $SHCNE_INTERRUPT = 2147483648
Global Const $SHCNF_IDLIST = 0
Global Const $SHCNF_PATHA = 1
Global Const $SHCNF_PRINTERA = 2
Global Const $SHCNF_DWORD = 3
Global Const $SHCNF_PATHW = 5
Global Const $SHCNF_PRINTERW = 6
Global Const $SHCNF_TYPE = 255
Global Const $SHCNF_FLUSH = 4096
Global Const $SHCNF_FLUSHNOWAIT = 8192
Global Const $SHCNF_PATH = 5
Global Const $SHCNF_PRINTER = 6
Global Const $SHCNE_EXTENDED_EVENT = 67108864
Global Const $SHGFI_PIDL = 8
Global Const $SHGFI_DISPLAYNAME = 512
Global Const $WM_SHNOTIFY = 1025
Global Const $NOERROR = 0
Global Const $CSIDL_DESKTOP = 0
;======================
Global $m_hSHNotify, $m_pidldesktop
Global $main_gui = GUICreate("系统事件消息监控", 800, 600)
Global $EdtInfo = GUICtrlCreateEdit("", 0, 0, 800, 600)
GUISetState(@SW_SHOW)
GUIRegisterMsg($WM_SHNOTIFY, 'WM_SHNOTIFY')
SHNotify_Register(WinGetHandle($main_gui))
Local $MSG
While 1
$MSG = GUIGetMsg()
Switch $MSG
Case -3
Exit SHNotify_Unregister()
EndSwitch
WEnd
Func SHNotify_Unregister()
If $m_hSHNotify Then
If SHChangeNotifyDeregister($m_hSHNotify) Then
CoTaskMemFree($m_pidldesktop)
$m_hSHNotify = 0
$m_pidldesktop = 0
Return True
EndIf
EndIf
Return False
EndFunc ;==>SHNotify_Unregister
Func SHChangeNotifyDeregister($iID)
Local $aRet = DllCall('shell32.dll', 'bool', 'SHChangeNotifyDeregister', 'ulong', $iID)
If @error Then Return SetError(@error, @extended, False)
Return $aRet[0]
EndFunc ;==>SHChangeNotifyDeregister
Func WM_SHNOTIFY($HWND, $MSG, $wParam, $lParam)
Switch $MSG
Case $WM_SHNOTIFY
On_SHNotify($wParam, $lParam)
EndSwitch
EndFunc ;==>WM_SHNOTIFY
Func On_SHNotify($wParam, $lParam)
Local $sDisplayname, $sPath
Local $shns = DllStructCreate('int dwItem1;int dwItem2;', $wParam)
Local $EventStr = SHNotify_GetEventStr($lParam)
If $shns.dwItem1 Then
$sDisplayname = GetDisplayNameFromPIDL($shns.dwItem1)
If $sDisplayname <> "" Then
SHGetPathFromIDList($shns.dwItem1, $sPath)
Else
$sDisplayname = "invalid"
$sPath = ""
EndIf
_GUICtrlEdit_AppendText($EdtInfo, '时间:' & _Now() & '|事件1:' & $EventStr & "|路径:" & $sPath & "|文件名:" & $sDisplayname&@CRLF )
EndIf
If $shns.dwItem2 And $shns.dwItem2 <> $shns.dwItem1 Then
$sDisplayname = GetDisplayNameFromPIDL($shns.dwItem2)
If $sDisplayname <> "" Then
SHGetPathFromIDList($shns.dwItem1, $sPath)
Else
$sDisplayname = "invalid"
$sPath = ""
EndIf
_GUICtrlEdit_AppendText($EdtInfo, '时间:' & _Now() & '|事件2:' & $EventStr & "|路径:" & $sPath & "|文件名:" & $sDisplayname&@CRLF )
EndIf
EndFunc ;==>On_SHNotify
Func _GUICtrlEdit_AppendText($hWnd, $sText)
If Not IsHWnd($hWnd) Then $hWnd = GUICtrlGetHandle($hWnd)
Local $iLength = _SendMessage($hWnd, 0x000E)
_SendMessage($hWnd, 0xB1, $iLength, $iLength)
_SendMessage($hWnd, 0xC2, True, $sText, 0, "wparam", "wstr")
EndFunc ;==>_GUICtrlEdit_AppendText
Func _SendMessage($hWnd, $iMsg, $wParam = 0, $lParam = 0, $iReturn = 0, $wParamType = "wparam", $lParamType = "lparam", $sReturnType = "lresult")
Local $aResult = DllCall("user32.dll", $sReturnType, "SendMessageW", "hwnd", $hWnd, "uint", $iMsg, $wParamType, $wParam, $lParamType, $lParam)
If @error Then Return SetError(@error, @extended, "")
If $iReturn >= 0 And $iReturn <= 4 Then Return $aResult[$iReturn]
Return $aResult
EndFunc ;==>_SendMessage
Func _Now()
Return @YEAR & "/" & @MON & "/" & @MDAY & " " & @HOUR & ":" & @MIN & ":" & @SEC
EndFunc ;==>_Now
Func GetDisplayNameFromPIDL($pidl)
Local $sfib = DllStructCreate('int hIcon;int iIcon;int dwAttributes;wchar szDisplayName[255];byte hIcon[80];')
If SHGetFileInfo($pidl, 0, $sfib, 347, BitOR($SHGFI_PIDL, $SHGFI_DISPLAYNAME)) Then Return $sfib.szDisplayName
EndFunc ;==>GetDisplayNameFromPIDL
Func SHGetFileInfo($sPath, $iAttributes, ByRef $tSHFILEINFO, $Size, $iFlags)
Local $aRet = DllCall('shell32.dll', 'dword_ptr', 'SHGetFileInfoW', 'int', $sPath, 'dword', $iAttributes, 'struct*', $tSHFILEINFO, 'uint', $Size, 'uint', $iFlags)
If @error Then Return SetError(@error, @extended, 0)
Return $aRet[0]
EndFunc ;==>SHGetFileInfo
Func SHGetPathFromIDList($pPIDL, ByRef $sPath)
Local $aRet = DllCall('shell32.dll', 'bool', 'SHGetPathFromIDListW', 'ptr', $pPIDL, 'wstr', '')
If @error Or Not $aRet[0] Then Return SetError(@error, @extended, '')
$sPath = $aRet[2]
Return $aRet[0]
EndFunc ;==>SHGetPathFromIDList
Func SHNotify_GetEventStr($dwEventID)
Local $sEvent
Switch $dwEventID
Case $SHCNE_RENAMEITEM
$sEvent = "重命名文件:"
Case $SHCNE_CREATE
$sEvent = "建立文件:"
Case $SHCNE_DELETE
$sEvent = "删除文件: "
Case $SHCNE_MKDIR
$sEvent = "建立目录:"
Case $SHCNE_RMDIR
$sEvent = "删除目录:"
Case $SHCNE_MEDIAINSERTED
$sEvent = "有可移动存储介质插入:"
Case $SHCNE_MEDIAREMOVED
$sEvent = "有可移动存储介质移去:"
Case $SHCNE_DRIVEREMOVED
$sEvent = "移去驱动器:"
Case $SHCNE_DRIVEADD
$sEvent = "添加驱动器:"
Case $SHCNE_NETSHARE
$sEvent = "网络上共享资源:"
Case $SHCNE_NETUNSHARE
$sEvent = "网络上停止共享资源:"
Case $SHCNE_ATTRIBUTES
$sEvent = "文件属性改变:"
Case $SHCNE_UPDATEDIR
$sEvent = "更新目录: "
Case $SHCNE_UPDATEITEM
$sEvent = "更新文件:"
Case $SHCNE_SERVERDISCONNECT
$sEvent = "断开与服务器的连接:"
Case $SHCNE_UPDATEIMAGE
$sEvent = "更新图标:"
Case $SHCNE_DRIVEADDGUI
$sEvent = "添加并显示驱动器:"
Case $SHCNE_RENAMEFOLDER
$sEvent = "重命名文件夹:"
Case $SHCNE_FREESPACE
$sEvent = "磁盘空间大小改变:"
Case $SHCNE_EXTENDED_EVENT
$sEvent = "未被使用:"
Case $SHCNE_ASSOCCHANGED
$sEvent = "修改文件关联:"
Case $SHCNE_DISKEVENTS
$sEvent = "接收所有磁盘相关事件:"
Case $SHCNE_GLOBALEVENTS
$sEvent = "指定的所有全局事件标识符的组合:"
Case $SHCNE_ALLEVENTS
$sEvent = "已发生的所有事件:"
Case $SHCNE_INTERRUPT
$sEvent = "将事件作为系统中断执行:"
EndSwitch
Return $sEvent
EndFunc ;==>SHNotify_GetEventStr
Func SHNotify_Register($HWND)
Local $ps = DllStructCreate('int pidl;int bWatchSubFolders;')
If $m_hSHNotify = 0 Then
$m_pidldesktop = SHGetSpecialFolderLocation(0, $CSIDL_DESKTOP)
If $m_pidldesktop Then
$ps.pidl = $m_pidldesktop
$ps.bWatchSubFolders = 1
Else
CoTaskMemFree($m_pidldesktop)
EndIf
$m_hSHNotify = SHChangeNotifyRegister($HWND, BitOR($SHCNF_TYPE, $SHCNF_IDLIST), BitOR($SHCNE_ALLEVENTS, $SHCNE_INTERRUPT), $WM_SHNOTIFY, 1, DllStructGetPtr($ps))
EndIf
Return $m_hSHNotify <> 0
EndFunc ;==>SHNotify_Register
Func SHChangeNotifyRegister($HWND, $fSources, $fEvents, $wMsg, $cEntries, $pshcne)
Local $ret = DllCall('shell32.dll', 'int', 'SHChangeNotifyRegister', 'int', $HWND, 'int', $fSources, 'int', $fEvents, 'int', $wMsg, 'int', $cEntries, 'PTR', $pshcne)
If Not @error Then Return $ret[0]
EndFunc ;==>SHChangeNotifyRegister
Func SHGetSpecialFolderLocation($hwndOwner, $nFolder, $pPIDL = 0)
Local $ret = DllCall('shell32.dll', 'long', 'SHGetSpecialFolderLocation', 'hwnd', $hwndOwner, 'int', $nFolder, 'ptr*', $pPIDL)
If Not @error Then Return $ret[0]
EndFunc ;==>SHGetSpecialFolderLocation
Func CoTaskMemFree($PV)
Local $ret = DllCall('ole32.dll', 'NONE', 'CoTaskMemFree', 'ptr', $PV)
EndFunc ;==>CoTaskMemFree
Func GetLastError($iError = @error, $iExtended = @extended)
Local $aResult = DllCall("kernel32.dll", "dword", "GetLastError")
Return SetError($iError, $iExtended, $aResult[0])
EndFunc ;==>GetLastError```
<br />
扫描二维码,在手机上阅读
- 运行时间: 20106 天
- 日志总数: 365 篇
- 评论数量: 500 条
- 微语数量: 6 条
- 附件总量: 388 件
-
逝出的青春
-
打赏"绿色风"
扫码关注本站公众号 可搜本站内容
-
Autoit V3 脚本交流群
-
常驻群1:905774875
常驻群2:40672266
-
链接
-
分类
站点统计
发表评论
木有头像就木JJ啦!还木有头像吗?点这里申请属于你的个性Gravatar头像吧!