Databases
StackOverflow2013
Postsdbo
POHelp needed with windows hooks
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POHelp needed with windows hooks
    primarykey
    data
    text
    <p>I am working on building a system that can monitor how users react to security alerts on their systems (software updates, warnings etc.). It also needs to monitor the web traffic and the processes running on the system and I am looking to the community to help me design this system. We intend to provide users with test laptops and monitor their behavior over a period of time to see how they react to security alerts thrown by various applications and the OS(windows in this case).</p> <p>Following are my questions</p> <ul> <li><p>Can I use windows hooks to solve the first problem i.e finding how users reacted to the alerts thrown by various applications. Specifically, can global hooks be used to solve this? (How this information should be collected (XML?) and relayed back to a server(how frequently?) is another problem)</p> <ul> <li><p>Can I do this in C# or it has to be done only in c++ or VB?</p></li> <li><p>Do you know any alternate approach to solve the problem? Is there any software that has these capabilities.</p></li> </ul></li> </ul> <p>I have many more questions but getting these answered would be a good first step. Really hoping for some good insights from the knowledgeable people on this community </p> <p>Thank you in advance</p> <p><strong>Edit:</strong> Example scenario is when adobe prompts you to update the flash player or the antivirus prompts you to update definitions or any application displays a notification(security related having keywords like update, warning, install etc.) needing the user to take some action. Windows system updates is another example. I want to know how the user reacted to these alerts/notifications/updates (which are typically a pop-up window). So i was wondering if i placed a global hook that can monitor the content of the windows displayed on screen and notify me(server) when certain words like update, alert, warning etc. appear in the content/title of the windows and what the user did with the message(dismissed it, Oked it etc). Unfortunately, i do not have any more specifications than this. I can use anything I want to achieve this and I am not clear on what my choices are. </p> <p><strong>Edit 2:</strong> </p> <p>After having reviewed my requirements and having read about hooks, I feel like I could achieve this by a combination of hooks and the following textGrab SDK, <a href="http://www.renovation-software.com/en/text-grab-sdk/textgrab-sdk.html" rel="nofollow">http://www.renovation-software.com/en/text-grab-sdk/textgrab-sdk.html</a>. I want some guidance to know if I am on the right track. I am thinking if I can install hooks then it gives me handles to all possible windows on the screen and I can use the textGRAB SDK to look for certain keywords in those windows. Although this may capture some interesting text, I am still not sure how I will know what action the user had taken on the window. Anybody having any experience with either hooks or textGRAB, please let me know if this looks like a reasonable thing to do. If the community has some other Ideas on how I could possibly monitor security related messages thrown by any application in the system, please suggest. I am looking forward to some useful advice for completing a challenging project.</p>
    singulars
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. PTQuestion
    1. USSid
    1. USSid
    plurals
    1. PL
      singulars
      1. LTLinked
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. PO
      singulars
      1. PTAnswer
    2. PO
      singulars
      1. PTAnswer
    1. VO
      singulars
      1. POHelp needed with windows hooks
      1. This table or related slice is empty.
      1. VTUpMod
    1. COAny attempt at gathering useful data from these applications will be a hack. You are basically talking about intercepting every windows message and trying to re-build the actions that they took. The problem with this is that each application can be written different and you will not find a single way to do what you're looking for. Even if you did manage to make this work, your applications could change at any given time(updates?) and your code would no longer work as you expected.
      singulars
      1. POHelp needed with windows hooks
      1. USsyllogism
    2. COIf you happened to have control of the applications that you wanted to monitor, it would be one thing. If this is merely a learning exercise for a small group of people, might I suggest emulating the types of messages you expect them to respond to? Example: Write an application that displays errors, alerts, warnings, questions, whatever you'd like - and simply record their actions in your favorite format(xml?).
      singulars
      1. POHelp needed with windows hooks
      1. USsyllogism
    3. CO@syllogism: I have been trying to find out more about hooks and reviewed my requirements. I will need to monitor any application that runs to see if they throw any alerts, warnings or prompt for updates. I am convinced that monitoring is possible through hooks. I hope to install a hook and the filter function that is called will log when some "interesting event" occurs. However, I am still unclear on which exact hook I will need. WH_CBT seems promising but so does WH_SYSMSGFILTER and WH_CALLWNDPROC. I am not sure which hook or combination of hooks is needed for monitoring events from all apps.
      singulars
      1. POHelp needed with windows hooks
      1. USSid
 

Querying!

 
Guidance
A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload