-
-
[讨论]FindFirstChangeNotification 函数不起作用(已解决)
-
发表于: 2007-6-30 16:29
-
俺最近想写个监视系统文件,防止被病毒删除和更改的程序,有很多这方面的知识都还学习.
于是先在自己力所能及的前提下写了个测试程序:
运行过程中,程序执行到
处进行等待操作,然后我修改C盘根目录下autorun.inf 文件夹的名称,发现程序没有响应!
调试了下,发现 FindFirstChangeNotification 函数没有起作用:
之前我搜索了很多,有一帖子也是这样的:dcfK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3k6G2M7Y4g2E0i4K6u0W2k6i4k6A6L8r3!0U0N6r3q4D9i4K6u0W2j5$3!0E0i4K6u0r3M7X3g2S2k6q4)9J5k6r3S2@1L8g2)9J5k6s2c8A6k6q4)9J5k6o6t1^5x3U0f1H3i4K6u0V1K9$3g2&6N6$3!0J5k6q4)9J5k6q4)9J5y4f1u0o6i4K6t1#2c8e0m8Q4x3U0g2o6b7g2)9J5y4f1b7K6i4K6t1#2b7@1g2Q4x3U0g2o6y4q4)9J5y4f1u0o6i4K6t1#2c8V1g2Q4x3X3g2Z5N6r3#2D9
弄了半天不思其解,还请知道的达人帮忙看下,先谢谢了~
代码很少,如下:
由于对文件方便操作还在学习中,所以暂时没用很多API, 就大致用system() 搪塞过去了先...
于是先在自己力所能及的前提下写了个测试程序:
运行过程中,程序执行到
DWORD nObjectWait = ::WaitForSingleObject (m_hEvent, INFINITE);
处进行等待操作,然后我修改C盘根目录下autorun.inf 文件夹的名称,发现程序没有响应!
调试了下,发现 FindFirstChangeNotification 函数没有起作用:
// 监视目录名称的改变
m_hEvent = ::FindFirstChangeNotification (strPath,
TRUE, FILE_NOTIFY_CHANGE_DIR_NAME);
之前我搜索了很多,有一帖子也是这样的:dcfK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3k6G2M7Y4g2E0i4K6u0W2k6i4k6A6L8r3!0U0N6r3q4D9i4K6u0W2j5$3!0E0i4K6u0r3M7X3g2S2k6q4)9J5k6r3S2@1L8g2)9J5k6s2c8A6k6q4)9J5k6o6t1^5x3U0f1H3i4K6u0V1K9$3g2&6N6$3!0J5k6q4)9J5k6q4)9J5y4f1u0o6i4K6t1#2c8e0m8Q4x3U0g2o6b7g2)9J5y4f1b7K6i4K6t1#2b7@1g2Q4x3U0g2o6y4q4)9J5y4f1u0o6i4K6t1#2c8V1g2Q4x3X3g2Z5N6r3#2D9
弄了半天不思其解,还请知道的达人帮忙看下,先谢谢了~
代码很少,如下:
#include <iostream.h>
#include <string.h>
#include <afxwin.h>
BOOL g_bCheck = TRUE;
DWORD __stdcall ScoutThread (LPVOID lpParam);
int main ()
{
HANDLE hThread;
DWORD dwThreadId;
hThread = ::CreateThread (NULL, NULL, ScoutThread, NULL, 0, &dwThreadId);
cout << "该线程ID号:" << dwThreadId<<endl;
Sleep (6*1000*1000);
g_bCheck = FALSE;
::WaitForSingleObject (hThread, INFINITE);
::CloseHandle (hThread);
return 0;
}
////////////////////////////////////////////////////////////////////////////////
/// 监视线程
DWORD __stdcall ScoutThread (LPVOID lpParam)
{
cout << "a thread that still watch c:\\autorun.inf..." << endl;
CString strPath = "c:\\autorun.inf";
HANDLE m_hEvent;
// 监视目录名称的改变
m_hEvent = ::FindFirstChangeNotification (strPath,
TRUE, FILE_NOTIFY_CHANGE_DIR_NAME);
cout<<"1111..."<<endl;
if (m_hEvent == INVALID_HANDLE_VALUE)
{
ExitProcess(GetLastError());
}
// 进入循环判断
while (g_bCheck)
{
cout<<"2222..."<<endl;
DWORD nObjectWait = ::WaitForSingleObject (m_hEvent, INFINITE);
cout<<"3333..."<<endl;
if (nObjectWait)
{
::MessageBox (NULL, "autorun.inf被病毒改名了...", "!", MB_OK);
system ("rd /s/q c:\\autorun.inf");
system ("md c:\\autorun.inf");
system ("md c:\\autorun.inf\\1..\\");
system ("attrib +s +h +r c:\\autorun.inf");
}
// 继续监视
cout<<"4444..."<<endl;
::FindNextChangeNotification (m_hEvent);
if ( FindNextChangeNotification(m_hEvent) == FALSE )
ExitProcess(GetLastError());
}
return 0;
}
由于对文件方便操作还在学习中,所以暂时没用很多API, 就大致用system() 搪塞过去了先...
|
|
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
 . |
|
|
|
|
|
|
|
|
程序已经可以运行了,可是监视不成功...
这是什么原因啊?
|
|
|
|
|
|
|
|
|
|
