Real Software Forums

The forum for Real Studio and other Real Software products.
[ REAL Software Website | Board Index ]
It is currently Thu Nov 14, 2019 7:17 pm
xojo

All times are UTC - 5 hours




Post new topic Reply to topic  [ 4 posts ] 
Author Message
 Post subject: Listen to a program's system calls?
PostPosted: Sat Sep 17, 2011 3:56 pm 
Offline

Joined: Sat Jul 16, 2011 2:45 pm
Posts: 76
Hi all,

I'm trying to write an application that will listen into another program's system calls; specifically the command line arguments used to launch a program. The reason for this is to restore the program after a crash using the correct parameters. This is a 3rd party program not made by me so is not something I can change in the "main app"

While searching through window's API there doesn't seem to be any clear /easy method applicable to Real Studio. I've been able to find 3 potential methods but I'm not too sure if they can be implemented through RS...

  • ETW: enable logging of kernel events and then processing the log. Not very simple and would log entire system events
  • WMI: Can get a trace for a specific application, though requires use of Active X or C++ API which all seem to suggest not being able to use RS alone... I know RS does have ActiveX elements but activeX is not something i've used before to not help the issue ^^
  • Hooking: Requires you make your own DLL and RS doesn't create DLLs? :(

Don't know if anyone knows of any windows API that would allow me to do this? or would know which one out of the above 3 is the best route to go down?

The only other route I can think of going is to swap the exe's with mine and then using mine ot launch the real application but im not sure how that would affect the program with it's structure directories and set naming conventions...

I'm also looking at the 'process' features and looks like you can point it to a running process and grab the command line it was given directly but im not too sure :/

Any push in the right direction would greatly help

Thanks in advance :3


Top
 Profile  
Reply with quote  
 Post subject: Re: Listen to a program's system calls?
PostPosted: Sat Sep 17, 2011 6:55 pm 
Offline
User avatar

Joined: Mon Apr 02, 2007 2:08 am
Posts: 1225
Location: San Francisco, CA, USA
I was able to spy on other processes command lines using WMI through MonkeyBread's Win plugin:


Function getCmdLine(procName As String) As String
If WMIobj = Nil Then WMIobj = New WindowsWMIMBS
if WMIobj.ConnectServer("root\cimv2") then
if WMIobj.query("WQL","select CommandLine from Win32_Process where Name='" + procName + "'") then
if WMIobj.NextItem then
Return WMIobj.GetPropertyString("CommandLine") // string
else
Return ""
end if
else
Return ""
end if
else
Return ""
end if

End Function

_________________
Boredom Software


Top
 Profile  
Reply with quote  
 Post subject: Re: Listen to a program's system calls?
PostPosted: Sat Sep 17, 2011 6:59 pm 
Offline
User avatar

Joined: Mon Apr 02, 2007 2:08 am
Posts: 1225
Location: San Francisco, CA, USA
You can also use WMIC and a Shell Object:
Dim sh As New Shell
sh.Execute("WMIC PROCESS WHERE Name="Explorer.exe" get Commandline")

_________________
Boredom Software


Top
 Profile  
Reply with quote  
 Post subject: Re: Listen to a program's system calls?
PostPosted: Sun Sep 18, 2011 6:13 pm 
Offline

Joined: Sat Jul 16, 2011 2:45 pm
Posts: 76
Hi charonn0,

Thanks for the reply, I'll have a look into those! many thanks.


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 4 posts ] 

All times are UTC - 5 hours


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  
cron
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group