标题
bblean - 为 Windows 换个壳[google "替换 Explorer 系统外壳" 发现的]
clq
疱丁解马-木马查杀深度剖析之进程篇
转自
三、木马的查杀之进程
1、进程的查看
进程,我们上面说过了,狭义上讲就是正在执行中的程序。那如何来查看系统中都有哪些程序正在执行呢?(先看下图03-1:)
http://www.zhulinfeng.com/Xuan/071119/image002.jpg
系统自带了一个“任务管理器”可以使我们看到系统中当前的进程,在桌面下方的任务栏按右键,选择“任务管理器”或同时按下“Ctrl Alt Del”三个键、或同时按下“Ctrl Shift ESC”三个键,都可以打开任务管理器程序,看到上面的窗口。
看到上面的图时,会不会有点发昏?20个进程,哪个是好的哪个是坏的呢?上面的信息又都是些什么意思呢?
不要着急,让我来教教你怎么来看这些信息。
首先,显示哪些信息,是可以自由选择的,看到最上面的菜单没?就是“文件、选项、查看、关机、帮助”。依次选择“查看”---à“选择列”并勾选里面的相应项就可以显示相应的信息。
我们关心的是前五个,即:映像名称、PID、CPU、CPU时间、内存使用,下面依次进行介绍。
映像名称:即进程所对应的同名程序名字。其中有两个是例外,“System”代表的是系统,并没有对应的同名程序;“System Idle Process”代表的是空闲进程,同样没有对应的同名程序,它占据了CPU的空闲时间。
我们可以依据此栏,来找到进程对应的程序文件。
PID:英文件缩写,即进程的ID,是一个唯一的数字,唯一的代表一个进程。
我们可以依据此栏来区分进程,尤其是同名的进程,比如:SVCHOST.EXE进程。
CPU:即该进程当前消耗CPU的百分比,如果某个进程正在工作,那么CPU一列的数值就会是非零,工作量越大,其数值越高。例外的是 “System Idle Process”进程,它的数值越高,说明当前的系统越是空闲,所有进程的CPU一栏的数值相加等于100%CPU占用。
我们可以依据此栏来查看,哪些进程正在工作,哪些进程是空闲的。上面我们说过,同一CPU在同一时间只能处理一个工作,所以如果某一进程长时间大量占用 CPU,那么将会导致其它进程得不到或得到很少的CPU时间来处理,使系统反应速度严重迟缓。这种情况的出现,通常是程序出现了问题,我们就要考虑结束掉霸占CPU不放的进程,并尽量查明原因。
CPU时间:自运行以来,该进程占用的全部CPU时间,此数值越大,代表该进程工作时间越长,注意,不是运行时间而是工作时间,如果运行后,进程只是等待,并没有工作,那么此时间也会很小。例外的仍然是“System Idle Process”进程,它占据了CPU全部的空闲时间。
我们可以据此来判断,哪些进程在一直的工作,而这一直工作的进程是不是应该工作的正常进程。比如我们一直在画图,那画图程序mspaint.exe的进程 CPU时间很长,那就是很正常的;而如果我们在听音乐,从来没画过图,但这里却显示画图程序用了大量的CPU时间,那很可能就是某个黑客或木马或其它进程正在偷偷的使用画图程序呢。
内存使用:标明了该进程使用的内存数量,要知道,系统中的内存数量是有限的,当某一个进程大量占用内存时,就会导至系统或其它进程可用内存量减少,而至使系统运行速度减慢。
在某些情况下,可以依此来找出系统变慢的原因,并尽量使用占用内存小的程序来提高系统的性能。虽然现在机器的配置都高了,内存也都大了,但在同等条件下,优先考虑使用占用资源少的程序也是有必要的。
要在这些进程中区分哪些是系统进程,哪些不是,用任务管理器显然很难做到,最好的办法是借助专业工具。(看下图:03-2)
http://www.zhulinfeng.com/Xuan/071119/image004.jpg
上图是用反黑工具狙剑查看进程时的样子,狙剑程序的下载地址: http://www.zhulinfeng.com/Download/SnipeSword.rar 下载后解压缩,运行里面的SnipeSword.exe
启动狙剑,并选择“进程管理”
就可以打开进程管理页面,与任务管理器相比,首先映像文件带了路径,使您可以直接定位到程序文件。
其次,多了父ID一栏,这个标明了该进程是由谁启动的,比如:smss.exe的进程ID是540,父ID是4 那么,我们就可以知道,smss.exe 是由进程ID为4的system进程启动的,而smss.exe又启动了csrss.exe 与 winlogon.exe ,接着由winlogon.exe启动了lsass.exe 与 services.exe 。注意,有的进程并没有看到父进程,比如:Explorer.exe 它的父ID是:1216 但进程中并没有进程ID为1216的进程,这是因为系统在初始化时还有一个程序会自动运行,那就是Userinit.exe这个程序负责用户初始化工作,并负责启动Explorer.exe,而工作完成后,它就退出运行了,所以进程中并没有它。最近有个木马是通过感染Userinit.exe来启动的,由于Userinit.exe启动后就退出了,所以通过查看进程很难发现问题,这问题我们将在“自启动项”一篇中详细讲解。
以上就是系统启动的顺序,从System开始,依次启动了几个进程,正常情况下,上面这几个进程都是系统关键进程,结束它们的运行将导至系统出现问题。
有很多朋友对开机以后系统都做了些什么比较感兴趣,而这对系统不能启动时的故障查明也有帮助,可以通过判断系统停在了哪个环节来断定是哪个部分出了问题,在这里,我就对系统的启动过程进行一下简单的说明:
系统的启动过程:
1、 当你按下开机键时,最早是由主板BIOS蕊片中的BIOS程序来执行硬件检测任务的,如果检查过程中发现关键硬件的故障,就会发出特定的响声通知用户,并停止启动。而BIOS程序是哪里来的呢?这是在主板出厂时固化在芯片中的一段程序。
2、 当硬件没有问题时,BIOS程序就会读入硬盘的主引导记录,将下面的任务交给主引导记录代码去完成。而主引导记录又是哪里来的呢?这是在安装操作系统时对磁盘进行分区格式化操作时,写到硬盘中的。如果找不到主引导记录,会出错停止,告诉你这是非法的系统启动盘。
3、 主引导记录代码的工作是读入磁盘主分区的根目录,在里面读出Ntldr文件,并装入内存,然后将控制权交给它。注意看一下,你的硬盘根目录下是不是有个Ntldr文件?这个文件的属性是隐藏、系统,所以查看时要选择查看所有,且不隐藏被保护的系统文件才可看到。这个文件是哪里来的?呵,当然是安装操作系统时拷贝到硬盘上的,下面提到的文件都是在安装操作系统时拷上去的。如果没能找到Ntldr文件,则会停止启动,显示Ntldr 没找到的错误信息。
4、 Ntldr又做了些什么呢?它会将系统由原来的16位实模式切换到32位保护模式或64位长模式。它的工作是读取根目录下的Boot.ini文件,显然引导菜单,在多操作系统的计算机中,可以看到这个菜单。接着它会清屏,并在Win2000下显示一个黑白的进度条,在XP下显示XP的标志图同时显示下面不断滚动的蓝色进度条,提示你它正在加载一些重要的文件。它在加载什么呢?它首先会加载Ntoskrnl.exe、Hal.dll,如果这两个文件找不到会出错停机,并显示找不到相应文件的信息。接着它读入注册表的SYSTEM键文件,从中找出自动启动的各类驱动程序,这是很关键的,因为有些内核级的木马就是在这时启动的。每加载一个屏幕上的进度条就滚动一下子。中间如果某个驱动出问题,也可能会导至系统蓝屏崩溃。
5、 接下来的工作由Ntoskrnl.exe(或Ntkrnlpa.exe)来进行,这是内核程序,它做的工作实在是太多了,这里就不再细说了。它的最后一步工作就是创建会话管理子系统,也就是我们上面说过的,由System进程创建的Smss.exe进程。
6、 Smss.exe进程负责创建用户模式环境,由用户模式环境向Windows提供可视的窗口界面。
它会运行BootExecute中定义的程序,正常情况下是Autochk,一个检查磁盘的程序。但有些杀毒软件会把自己的程序加到这里,来实现引导时杀毒,如果您的系统安装了江民类的杀毒软件,那么此时就会执行它的引导期杀毒程序,就是进入系统前出现的蓝底蓝字的病毒扫描窗口。
Smss.exe还会执行SessionManager中的文件删除、移动操作,也就是调用API:MoveFileEx并选择重启后移除文件的,就是在这个环节执行了。当前有很多号称可以删除一切文件的安全工具都使用了MoveFileEx来实现文件的删除,但是现在我们可以知道了,它的文件删除是在这个阶段执行的,而这时驱动程序已经加载了,所以用它们来清除驱动级的木马显然是不胜任的。
创建附加的页面文件。
加载Win32k.sys,这个东西又是做什么的呢?这是一个内核模式的系统驱动程序,它负责了窗口的显示、屏幕的输入、鼠标键盘和其它设备的输入及消息的传递等。所以也是由Win32k.sys将显示器的分辩率设置为默认值的,也就是这个时候,咱们的计算机屏幕才真正的细致起来,在此以前都是VGA模式,当然了视频驱动是上面装载驱动程序时就已经加载了的,现在只是起到作用而已。
再然后呢,就是启动我们上面说过的那两个进程了。就是Csrss.exe与Winlogon.exe进程。
启动完这两个进程后,Smss.exe就进入了无限的等待,它在等什么呢?它在等它创建的Csrss.exe与Winlogon.exe ,等着看这两个进程什么时候死掉,一旦他们中有死掉的,Smss.exe马上BaGong,让系统彻底崩溃。(在XP以后Csrss的死亡是由内核使系统崩溃的,而不是Smss.exe),所以千万不要结束系统进程。
Csrss.exe是做什么的呢?它负责的工作是创建或删除进程、线程,控制台与虚拟DOS机的支持等。它到此就开始工作了,不再参于后面的启动过程。但是Winlogon.exe还有很多工作要做呢,我们接下来看看后面的启动过程。
7、 Winlogon.exe是做什么的呢?看它的名字应该看出个大概了吧。是的,它是与登录相关的,但现在还不到显示登录窗口的时候,它还要先启动 Services.exe及Lsass.exe进程,然后读取注册表GinaDLL中标明的DLL,由这个DLL来显示一个登录对话话,也就是我们在进入系统时输入用户名与口令的窗口。
为什么要先启动Lsass.exe呢?因为,这是本地安全认证子系统,负责的就是本机系统的安全,用户名与口令的验证工作是由它来进行的。
还有一个我们上面提到过的进程也是这个时候由Winlogon.exe来启动的,是哪一个呢?就是那个Userinit.exe,这是在用户登录进系统后,Winlogon.exe启动此进程来进行用户初始化。你也可以自己加一个程序与Userinit.exe放在一起,那么,在这个时候 Winlogon.exe会将那一位置的所有程序都启动起来。
当然了,相信你也想到了,这个还有那个GinaDLL也就成了木马启动的一个可选位置。
8、 最后,由Winlogon.exe启动的Services.exe开始加载标明为自启动的各个服务,及标明为手动的却是有必要加载的服务(它所做的工作我们在后面细讲)。
9、 而Userinit.exe呢,它在完成用户初始化后,就启动了Explorer.exe,并功成身退。
10、 最后,Explorer.exe就成了我们的服务员,等待在那里静候我们的指令,听从我们的吩咐,进行相关程序的启动与功能的处理。
clq
实际上启动时打开了"我的文档就是因为" Userinit.exe 先启动了一次Explorer.exe 而 Explorer.exe 第二次启动时就会打开我的文档.
clq
我在百度上看到很多你以前关于隐藏其它程序托盘的代码。
我也用过这个代码。。也存在隐藏时显示空白的情况。我想问你解决这个难题没有?
你说那http://www.codeproject.com/tools ... &select=1216113网址的作者说的好像是说“拦截发送到'Shell_TrayWnd'窗口的wm_copydata消息,从参数lParam中分离出TNOTIFYICONDATAW数据结构,这样就得到托盘图标的所有信息”。
--------------------------------------------------
http://www.codeproject.com/KB/applications/ShellTrayInfo.aspx?df=100&forumid=193290&exp=0&select=1216113
--------------------------------------------------
Click here to Skip to main content
5,992,790 members and growing! (19,117 online)
Email Password Remember me? helpLost your password?
The Code Project
* Home
* Articles
o Latest
o Search
o Most Popular
o Beginner Articles
o Topic List
o Submit an Article
o Update an Article
o Article Competition
* Message Boards
o ASP.NET
o ATL / WTL / STL
o C / C++ / MFC
o Managed C++/CLI
o C#
o COM
o Hardware & Devices
o LINQ and .NET 3.5
o .NET Framework
o System Admin
o Silverlight
o General Database
o Visual Basic
o Web Development
o WPF / WCF / WF
o XML / XSL
o General IT Issues
o Site Bugs / Suggestions
o The Soapbox 2.0
o All Message Boards...
* Job Board
o Latest
o Search
o Post a Job
o FAQ and Pricing
* Catalog
o Latest
o Search
o Post a Catalog Item
o FAQ and Pricing
* Help!
o What is 'The Code Project'?
o General FAQ
o Post a Question
o Site Directory
o About Us
* Lounge
Web Development » Applications & Tools » CodeProject Tools Intermediate
Shell Tray Info - Arrange your system tray icons
By Nishant Sivakumar
A tool with full source code that enumerates tray icons and allows you to reposition them as well as send mouse messages. VC7.1WinXPVS.NET2003, Dev
Posted: 26 Jun 2005
Views: 119,172
Bookmarked: 52 times
Announcements
Comp Java Competition
Comp Smart Client Comp
Comp LAMP drag-bike comp
Comp Monthly Competition
Want a new Job?
* Lead Software Architect for Front-end Interfaces using C++/MFC/Win32 at Real Time Trading Technologies, Llc in United States
* WPF C# experienced developer at D&O sprl in Belgium
* SharePoint Developer at INTEQNA in Canada
* View Latest Jobs...
Chapters
Desktop Development
Button Controls
Clipboard
Combo & List Boxes
Dialogs and Windows
Desktop Gadgets
Document / View
Edit Controls
Files and Folders
Grid & Data Controls
List Controls
Menus
Miscellaneous
Printing
Progress Controls
Selection Controls
Shell and IE programming
Smart Client
Splitter Windows
Static & Panel Controls
Status Bar
Tabs & Property Pages
Toolbars & Docking windows
Tree Controls
Web Development
Ajax and Atlas
Applications & Tools
ASP
ASP.NET
ASP.NET Controls
ATL Server
Caching
Charts, Graphs and Images
Client side scripting
Custom Controls
HTML / CSS
ISAPI
Site & Server Management
Session State
Silverlight
Trace and Logs
User Controls
Validation
View State
WAP / WML
Web Security
Web Services
Enterprise Systems
Content Management Server
Microsoft BizTalk Server
Microsoft Exchange
Office Development
SharePoint Server
Multimedia
Audio and Video
DirectX
GDI
GDI+
General Graphics
OpenGL
Database
Database
SQL Reporting Services
Platforms, Frameworks & Libraries
ATL
MFC
STL
WTL
COM / COM+
.NET Framework
Win32/64 SDK & OS
Vista API
Vista Security
Cross Platform
Game Development
Mobile Development
Windows CardSpace
Windows Communication Foundation
Windows Presentation Foundation
Windows Workflow Foundation
Libraries
Windows Powershell
LINQ
Languages
C / C++ Language
C++ / CLI
C#
MSIL
VBScript
VB.NET
VB6 Interop
Other .NET Languages
XML
Java
General Programming
Algorithms & Recipes
Bugs & Workarounds
Collections
Cryptography & Security
Date and Time
DLLs & Assemblies
Exception Handling
Localisation
Macros and Add-ins
Programming Tips
String handling
Internet / Network
Threads, Processes & IPC
WinHelp / HTMLHelp
Graphics / Design
Expression
Usability
Development Lifecycle
Debug Tips
Design and Architecture
Installation
Work Issues
Testing and QA
Code Generation
General Reading
Book Chapters
Book Reviews
Hardware Reviews
Interviews
Scrapbook
Hardware & System
Third Party Products
Product Showcase
Solution Center
Services
Job Board
Component Catalog
Free Magazines
Feature Zones
Product Showcase
IBM DeveloperWorks
WhitePapers / Webcasts
.NET Bug Tracking
ASP.NET Web Hosting
Search
Advanced Search
Sitemap
printPrint Broken Article?Report add Share
Digg
Del.icio.us
Google
Windows Live
Yahoo! MyWeb
Technorati
Blink
Facebook
Furl
Simpy
Reddit
Newsvine
Stumbleupon
Mr. Wong
Discuss Discuss Recommend Article Email
30 votes for this Article.
Popularity: 6.44 Rating: 4.36 out of 5
2 votes, 6.7%
1
2
3 2 votes, 6.7%
4 26 votes, 86.7%
5
* Download Source (Visual C++ 7.1) - 19.7 Kb
* Download Binary (Static MFC Build) - 148 Kb
Overview
The Tray Icon Info application lets you enumerate your system tray icons and rearrange their positions, so that you can have your more frequently used icons positioned to the left most side (or right most depending on your personal preference). I wrote this as I got used to having the MSN Messenger icon on the left most side of the tray and found it annoying and inconvenient when newly added icons pushed it to the right. I had to exit and restart MSN Messenger to reposition it where I wanted. This application simplifies things for me.
Supported OS
This application only works on Windows XP. It may run on Windows 2003 too, but since I wasn't sure and since I didn't have the option to test it out, I have a version check and the program exits if it's a non-XP OS. If anyone's interested, they can comment out the version check and run it in on 2003 - but I have no idea as to whether it'll work or not.
Notes
* For some tray icons, I am unable to retrieve the icon, so I show a red octagon with a white question mark.
* Using the toolbar or the menu, you can send a left click, right click or a double click message to the tray icon.
* You can use the << and >> icons to move the icons around the tray.
* Copy (Ctrl-C) will copy some textual info to the clipboard (includes both the tool-tip text as well as the owner process path).
* Double clicking an entry in the list view is equivalent to sending a double-click message.
* The tray has hidden icons - mostly put there by Explorer. These icons won't have tool-tips.
* And er, if you are wondering why the toolbar icons look so ghastly, guess who designed them!
Technical notes
The trick used here is to enumerate the buttons of the ToolbarWindow32 window that represents the system tray. The following code is used to locate this window (routine FindWindow/FindWindowEx stuff) :-
Collapse
HWND FindTrayToolbarWindow()
{
HWND hWnd = ::FindWindow(_T("Shell_TrayWnd"), NULL);
if(hWnd)
{
hWnd = ::FindWindowEx(hWnd,NULL,_T("TrayNotifyWnd"), NULL);
if(hWnd)
{
hWnd = ::FindWindowEx(hWnd,NULL,_T("SysPager"), NULL);
if(hWnd)
{
hWnd = ::FindWindowEx(hWnd, NULL,_T("ToolbarWindow32"), NULL);
}
}
}
return hWnd;
}
Now I retrieve the count of tray icons :-
Collapse
int count = (int)::SendMessage(m_hTrayWnd, TB_BUTTONCOUNT, 0, 0);
The number won't match the number of visible icons because of some hidden icons inserted by Explorer + the Hide Inactive Icons setting may be enabled.
BTW to retrieve toolbar info for each button, I use my CProcessData class. [CProcessData is a template class that makes it easy to use data allocated in a different process, and is useful when making inter-process SendMessage/PostMessage calls]
The dwData member of each TBBUTTON structure of the toolbar points to an undocumented structure. The first few bytes of the structure are as follows (on XP anyway) :-
Collapse
struct TRAYDATA
{
HWND hwnd;
UINT uID;
UINT uCallbackMessage;
DWORD Reserved[2];
HICON hIcon;
};
There's more info, but I am not sure what the rest of it means. Reserved[0] has something to do with the visibility state of an icon when the Hide Inactive Icons setting is enabled, but it's behavior was too sporadic for me to give it a proper meaning and since I didn't really want that info, I didn't bother too much. All my Google searches on this undocumented structure resulted in nothing. It's times like this when you wish Windows provided full source code :-(
Anyway here's the code I use to retrieve the rest of the information I require.
Collapse
CProcessData data(dwTrayPid);
TBBUTTON tb = {0};
TRAYDATA tray = {0};
TrayItemInfo tifo = {0};
for(int i=0; i{
::SendMessage(m_hTrayWnd, TB_GETBUTTON, i, (LPARAM)data.GetData());
data.ReadData(&tb);
data.ReadData(&tray,(LPCVOID)tb.dwData);
DWORD dwProcessId = 0;
GetWindowThreadProcessId(tray.hwnd,&dwProcessId);
tifo.sProcessPath = GetFilenameFromPid(dwProcessId);
wchar_t TipChar;
wchar_t sTip[1024] = {0};
wchar_t* pTip = (wchar_t*)tb.iString;
if(!(tb.fsState&TBSTATE_HIDDEN))
{
int x = 0;
do
{
if(x == 1023)
{
wcscpy(sTip,L"[ToolTip was either too long or not set]");
break;
}
data.ReadData(&TipChar, (LPCVOID)pTip++);
}while(sTip[x++] = TipChar);
}
else
wcscpy(sTip,L"[Hidden Icon]");
USES_CONVERSION;
tifo.sTip = W2T(sTip);
tifo.hwnd = tray.hwnd;
tifo.uCallbackMessage = tray.uCallbackMessage;
tifo.uID = tray.uID;
tifo.bVisible = !(tb.fsState & TBSTATE_HIDDEN);
int iconindex = 0;
ICONINFO iinfo;
if(GetIconInfo(tray.hIcon,&iinfo) != 0)
{
iconindex = m_Image16List.Add(tray.hIcon);
}
For the rest of the code, see the included source code zip.
Thanks
* Mike Dunn - for his CP article : Neat Stuff to do in List Controls Using Custom Draw.
* Jambo Johnson ( Mr .NET ) : For testing out the application for me.
History
* June 21, 2005 : Began work on the app.
* June 27, 2005 : Published on The Code Project.
License
This article has no explicit license attached to it but may contain usage terms in the article text or the download files themselves. If in doubt please contact the author via the discussion board below.
A list of licenses authors might use can be found here
About the Author
Nishant Sivakumar
Sitebuilder Nish is a real nice guy living in Atlanta, who has been coding since 1990, when he was 13 years old. Originally from sunny Trivandrum in India, he recently moved to Atlanta from Toronto and is a little sad that he won't be able to play in snow anymore.
Nish has been a Microsoft Visual C++ MVP since October, 2002 - awfully nice of Microsoft, he thinks. He maintains an MVP tips and tricks web site - www.voidnish.com where you can find a consolidated list of his articles, writings and ideas on VC++, MFC, .NET and C++/CLI. Oh, and you might want to check out his blog on C++/CLI, MFC, .NET and a lot of other stuff - blog.voidnish.com
Nish loves reading Science Fiction, P G Wodehouse and Agatha Christie, and also fancies himself to be a decent writer of sorts. He has authored a romantic comedy Summer Love and Some more Cricket as well as a programming book – Extending MFC applications with the .NET Framework.
Nish's latest book C++/CLI in Action published by Manning Publications is now available for purchase. You can read more about the book on his blog.
Despite his wife's attempts to get him into cooking, his best effort so far has been a badly done omelette. Some day, he hopes to be a good cook, and to cook a tasty dinner for his wife.
Location: United States United States
Other popular Applications & Tools articles:
* ToDoList 5.7.2 - A simple but effective way to keep on top of your tasks
A hierarchical task manager with native XML support for custom reporting.
* Visual Leak Detector - Enhanced Memory Leak Detection for Visual C++
A memory leak detector for Visual C++ packaged in an easy to use library!
* KeePass Password Safe
KeePass is a free, open-source, light-weight and easy-to-use password safe.
* VC++7 to VC++6 project converter
This tool automatically converts Visual C++ 7.0 projects back to Visual C++ 6.0 projects.
* Super ImageList and ToolBar generator
A drag & drop ImageList and ToolBar generator . Simplifies creation of large image lists and supports effects .
Article Top
Sign Up to vote for this article
Your reason for this vote:
You must Sign In to use this message board.
FAQ FAQ Noise Tolerance Search Search Messages
Layout Per page
Msgs 1 to 25 of 37 (Total in Forum: 37) (Refresh) FirstPrevNext
Question Why right click menu are sometime sticky? member lerognon 10:26 21 Feb '09
Sometimes when I use the right click button, the menu corresponding to the tray icon appears but also remains sticky even if I click elsewhere. Anyone having an idea why it is so or how to avoid this behavior?
Sign In·View Thread·PermaLink
General Can we hide a particular icon in the system tray? [modified] member Kishore_Vuppala 18:54 4 Feb '09
I need to hide or unhide certain bluetooth applications' icons that are there in system tray based on whether bluetooth is on/off. Can we hide/unhide the system tray icons? It's an urgent requirement!!
modified on Thursday, February 5, 2009 1:12 AM
Sign In·View Thread·PermaLink
News about "GetIconInfo" member oneg661 6:26 5 Jan '09
why D'Oh! the "GetIconInfo" return ZERO in some system's Trayicons that they is exist?
Sign In·View Thread·PermaLink
General notes member jo0ls 2:50 16 Dec '08
Looks like TRAYDATA is NOTIFYICONDATA without the cbsize field.
GETMODULEFILENAMEEX is an easier way to get the normal path from the device path.
Still works in Vista.
I'm doing it with managed code, but the TBBUTTON size varies between x64 and x86 - which is a pain as I can't see a way to lay it out that works with both.
Sign In·View Thread·PermaLink
Question class member gq_the_fallen_angel 7:49 16 Jun '08
Hello,
I'd like to use this code in vb.net but have now idea what to get with it. Unfortunately i have no experience with C++ so if anyone could create a dll from this to be able to use these functions (to get the icons and manipulate them) from vb.net would be really appreciated.
Anyways, just needed to delete the windows version checking and works on Vista, too - i tried it.
Thanks;
GQ
Sign In·View Thread·PermaLink
Question hide a single tray icon from system tray member Jayapal Chandran 1:27 15 Mar '08
hi, i need to hide a particular tray icon from the system tray instead of using the reg key NoTrayItemsDisplay. i am with win32 api C style...
Today's Beautiful Moments are
Tomorrow's Beautiful Memories
Sign In·View Thread·PermaLink 2.67/5 (3 votes)
General Some icons' handle of tray buttions are invalid member gshine610 21:06 12 Aug '07
Some icons' handle of tray buttions are invalid ?
When I ran the binary file(ShellTrayInfo.exe), I found that some tray buttons' icon were incorrect, such as MSN(Windows Live Messenger),Kaspersky Antivirus, etc.
After I debuged those codes, I found that some icons' handle of tray buttions are invalid.
In those cases, we will fail to call the GetIconInfo API and the error code got by GetLastError is 1402.
Is there any difference in those applications?
How can I solve this problem?
Hope to receive your reply soon.
Thanks in advance!
Kevin.
Sign In·View Thread·PermaLink 5.00/5 (1 vote)
General Works on Vista member Thomassen 1:31 16 Jun '07
This app seem to work on Vista. I had to put it in compatibility mode to bypass the version check, but I was able to reposition icons etc.
Maybe make the version check forward compatible? Only disallowing older OS's which is known not to work?
Sign In·View Thread·PermaLink 2.00/5 (1 vote)
Question Anyone know of a similar program that just lists the systray icons? member badbob001 7:36 11 May '07
I'm looking for a commandline utility to just list the icons and tooltips in the system tray and spit it out to a file or stdout so I can parse it. Before I try to tackle modifying this app's code to do what I want, is there already something like what I'm looking for?
Thanks!
Sign In·View Thread·PermaLink
Answer Re: Anyone know of a similar program that just lists the systray icons? member lerognon 10:23 21 Feb '09
Try http://exodusdev.com/products/windows-system-tray-scan-utility[^]
Sign In·View Thread·PermaLink
General Just what I needed! mvp Hans Dietrich 2:14 9 Apr '07
After last month's disastrous HD crash, I wanted to start keeping tabs on the temperatures for both of my HD drives. I use HDD Thermometer, a great free tool that shows the temps (one for each HDD) in the tray. Unfortunately, at startup the temps sometimes do not appear next to each other. Your utility is the perfect answer!
I agree with 5h17h34d - having Shell Tray Info run at startup would be very nice.
Thanks!
Best wishes,
Hans
Sign In·View Thread·PermaLink
General Re: Just what I needed! mvp Nishant Sivakumar 2:54 9 Apr '07
I've been meaning to update the source to VC++ 2005, and I guess when I do that I'll also add an installer that'll add this to the startup. Though I could avoid the installer and add an option within the app that'll allow people to specify if they want it to run on startup - it's always good to avoid installers.
Regards,
Nish
Nish’s thoughts on MFC, C++/CLI and .NET (my blog)
C++/CLI in Action (*E-Book is out, Print version April 6th*)
Fly on your way like an eagle
Fly as high as the sun
On your wings like an eagle
Fly and touch the sun
Sign In·View Thread·PermaLink
General Re: Just what I needed! mvp Hans Dietrich 3:00 9 Apr '07
Nishant Sivakumar wrote:
I could avoid the installer and add an option within the app that'll allow people to specify if they want it to run on startup
I agree - an option within the app would be better.
Sign In·View Thread·PermaLink
General Howto make ShellTrayInfo work automatically at boot? member 5h17h34d 18:19 13 Feb '07
Like this little app except the fact that I must redo it after
every boot.
Perhaps I am missing something obvious?
Thank you for this little gem of a program for a utility
junky like me!
SH
Sign In·View Thread·PermaLink
General Re: Howto make ShellTrayInfo work automatically at boot? member S.H.Bouwhuis 14:14 18 Jun '07
My thoughts exactly!
Actually, a simple 'auto alphabetic sort' every 5 minutes or so would be enough.
Since the source code is supplied, it should be an easy thing.
I'm currently too busy/lazy to do this, but if there are people out there who REALLY want this, I'll consider it (PM me with request).
Sign In·View Thread·PermaLink 4.00/5 (1 vote)
General Compiling Error Help member swarup 1:28 9 Dec '06
hi guys i am getting some errors while Compiling, can anyone help me out,
the errors are
Cerror C2552: 'tifo' : non-aggregates cannot be initialized with initializer list
Cerror C2275: 'TRAYDATA' : illegal use of this type as an expression
error C2275: 'wchar_t' : illegal use of this type as an expression
these 3 can be solved by using atlbase.h but what about the rest
error C2065: 'USES_CONVERSION' : undeclared identifier
error C2065: 'W2T' : undeclared identifier
error C2593: 'operator =' is ambiguous
ya one more thing
GetProcessImageFileName is it in psapi, then which is the correct version and can somepne post the 3 files, psapi.h psapi.lib n psapi.dll
because i m getting the error if i comment all the pervious errors
unresolved external symbol _GetProcessImageFileNameW@12
Thanks a lot
Swarup
Sign In·View Thread·PermaLink 5.00/5 (1 vote)
General how to make Static Executeable/portable executeable member murtazadhari 4:19 11 Nov '06
i want to know how i can make static executable file.
Murtaza Tahir Ali Dhari
Sign In·View Thread·PermaLink
General i want to refer code written by MFC(Visual C++6.0) about "Programmable Calculator" member amatuer_vn03 17:52 15 Sep '06
please help me some code this "program stilmulator Calculator same Windows"
i like design Web
Sign In·View Thread·PermaLink
General Did you ever find out why some icons dont appear? member plehxp 2:20 6 Sep '06
Did you ever find out why some icons (MSN Messenger for example) do not draw properly?
I am having the same problem in a similar project and i dont know why some icons dont return a valid hIcon.
Sign In·View Thread·PermaLink 5.00/5 (2 votes)
Question Non-MFC member spamna 7:21 19 Aug '06
I am attempting to write a function to determine if my tray icon is still present. It irritates me greatly when explorer crashes and drops my icon and I feel it is a poor solution to simply delete and re-add the icon periodically as has been suggested to me. I am implementing this in a non-MFC application, so I am afraid I cannot use the CProcessData class you have used in your example. I was wondering if you could explain how to obtain the specific TRAYDATA object for each icon without using the CProcessData class. Here is my code:
bool IsTrayIconPresent(UINT uid) {
TBBUTTON tb = {0};
TRAYDATA td = {0};
HWND hWnd = ::FindWindow("Shell_TrayWnd", NULL);
if(hWnd) {
hWnd = ::FindWindowEx(hWnd, NULL, "TrayNotifyWnd", NULL);
if(hWnd) {
hWnd = ::FindWindowEx(hWnd, NULL, "SysPager", NULL);
if(hWnd) {
hWnd = ::FindWindowEx(hWnd, NULL, "ToolbarWindow32", NULL);
}
}
}
if(!hWnd) //error could not find Toolbar
return false;
int count = (int)::SendMessage(hWnd, TB_BUTTONCOUNT, 0, 0);
for(int i=0;i
::SendMessage(hWnd, TB_GETBUTTON, i, (LPARAM)(LPTBBUTTON)&tb);
memcpy(&td, (LPCVOID)tb.dwData, sizeof(td)); //does not work
if(td.uID == uid)
return true;
}
return false;
}
This code of course needs to be optimized, but this is just the prototype. Any help would be kindly appreciated.
Thanks,
Nate
Sign In·View Thread·PermaLink
Answer Re: Non-MFC staff Nishant Sivakumar 7:28 19 Aug '06
spamna wrote:
I am implementing this in a non-MFC application, so I am afraid I cannot use the CProcessData class you have used in your example.
CProcessData is not MFC dependent. You can use it for non-MFC projects too.
Regards,
Nish
Nish’s thoughts on MFC, C++/CLI and .NET (my blog)
Currently working on C++/CLI in Action for Manning Publications.
Also visit the Ultimate Toolbox blog (New)
Sign In·View Thread·PermaLink
General Re: Non-MFC member spamna 11:39 19 Aug '06
Thank you for your quick reply. I saw your class name was prefixed with "C" and assumed it was MFC. Here is the resulting code in case anyone else wanted a simple and quick snippet to determine if their tray icon was still in the tray:
//determines if the icon with given uid is present in the tray
bool IsTrayIconPresent(UINT uid) {
register int i;
int count;
TBBUTTON tb = {0};
TRAYDATA td = {0};
DWORD dwTrayPid = 0;
HANDLE hTrayProc = 0;
LPVOID lpData = 0;
HWND hWnd = ::FindWindow("Shell_TrayWnd", NULL);
if(hWnd) {
hWnd = ::FindWindowEx(hWnd, NULL, "TrayNotifyWnd", NULL);
if(hWnd) {
hWnd = ::FindWindowEx(hWnd, NULL, "SysPager", NULL);
if(hWnd) {
hWnd = ::FindWindowEx(hWnd, NULL, "ToolbarWindow32", NULL);
}
}
}
if(!hWnd) //error could not find Toolbar
return false;
//get the pid
if(GetWindowThreadProcessId(hWnd, &dwTrayPid) == NULL)
return false;
//open the corrent process
if((hTrayProc = OpenProcess(PROCESS_ALL_ACCESS, FALSE, dwTrayPid)) == NULL)
return false;
//virtualalloc
if((lpData = VirtualAllocEx(hTrayProc, NULL, sizeof(TBBUTTON), MEM_COMMIT, PAGE_READWRITE)) == NULL)
goto cleanup;
count = (int)::SendMessage(hWnd, TB_BUTTONCOUNT, 0, 0);
for(i=0;i
::SendMessage(hWnd, TB_GETBUTTON, i, (LPARAM)lpData);
//read the tb data
ReadProcessMemory(hTrayProc, lpData, (LPVOID)&tb, sizeof(TBBUTTON), NULL);
//read the td data
ReadProcessMemory(hTrayProc, (LPCVOID)tb.dwData, (LPVOID)&td, sizeof(TRAYDATA), NULL);
if((UINT)td.uID == uid)
return true;
}
VirtualFreeEx(hTrayProc, lpData, NULL, MEM_RELEASE);
cleanup:
CloseHandle(hTrayProc);
return false;
}
Thanks for this excellent article. Now I have to figure out how to manipulate buttons on the taskbar = P
Regards,
Nate
Sign In·View Thread·PermaLink
Answer Re: Non-MFC member Kelesis77 8:04 28 Sep '06
Hello.
You do not need to periodically query the Tray area to know if your icon is still present. There's a better way.
Every time explorer.exe crashes, it destroys and recreates the Taskbar.
As soon as the Taskbar window has been fully rebuilt, the System broadcasts a special message to all the applications that have requested to receive the notification.
The message is:
"TaskbarCreated" (<-- case sensitive)
and you request the notification simply by calling:
UINT iMyMsg = RegisterWindowMessage ("TaskbarCreated");
where iMyMsg is your own variable that receives the Sistem-wide value uniquely identifiyng the "TaskbarCreated" message.
Then, inside your WndProc() you handle this message like any other.
For example:
LRESULT CALLBACK WndProc (HWND hWnd, UINT Msg, WPARAM wParam, LPARAM lParam)
{
if (Msg == iMyMsg)
{
// The Windows Taskbar has just been rebuilt.
// Do your stuff here (like adding a new tray icon).
.
.
.
}
// Other WM_*** messages, as usual.
switch (Msg)
{
case ...
}
return DefWindowProc (hWnd, Msg, wParam, lParam);
}
Being the Taskbar brand new, there's no old tray icon to remove.
Simply add a new one.
A few notes:
You need to request the "TaskbarCreated" message notification only once.
Requesting it multiple times is useless, and always returns the same identifier.
If different apps request the notification, they all get returned the same identifier.
There's no way (and no mean) to unregister the message once your app terminates. So don't worry about it.
Hope it helps.
Regards,
Ciao ciao Smile
[edit:]
I forgot to mention that the "TaskbarCreated" message hasn't changed since Win98. I don't know about Win95.
Ciao ciao Smile
Sign In·View Thread·PermaLink
Question Re: Non-MFC member dfhgesart 13:04 8 Jul '07
Nishant Sivakumar wrote:
CProcessData is not MFC dependent. You can use it for non-MFC projects too.
How so?
Sign In·View Thread·PermaLink
General GetIconInfo(tray.hIcon,&iinfo) -> You have forgotten to delete the bitmaps member michele_cv 2:30 5 Sep '05
Hi,
GetIconInfo creates bitmaps for the hbmMask and hbmColor members of ICONINFO. The calling application must manage these bitmaps and delete them when they are no longer necessary.
//---- old code ---
//
int iconindex = 0;
ICONINFO iinfo;
if(GetIconInfo(tray.hIcon,&iinfo) != 0)
{
iconindex = m_Image16List.Add(tray.hIcon);
}
//--- new code ----
//
int iconindex = 0;
ICONINFO iinfo;
if(GetIconInfo(tray.hIcon,&iinfo) != 0)
{
iconindex = m_Image16List.Add(tray.hIcon);
if (iinfo.hbmMask != NULL)
DeleteObject(iinfo.hbmMask);
if (iinfo.hbmColor != NULL)
DeleteObject(iinfo.hbmColor);
}
Cheers,
michi
Sign In·View Thread·PermaLink 4.00/5 (3 votes)
Last Visit: 0:18 20 Mar '09 Last Update: 0:18 20 Mar '09 1 Next »
General General News News Question Question Answer Answer Joke Joke Rant Rant Admin Admin
PermaLink | Privacy | Terms of Use
Last Updated: 26 Jun 2005
Editor: Nishant Sivakumar
Copyright 2005 by Nishant Sivakumar
Everything else Copyright © CodeProject, 1999-2009
Web19 | Advertise on the Code Project
NEWBT官方QQ群1: 276678893
可求档连环画,漫画;询问文本处理大师等软件使用技巧;求档softhub软件下载及使用技巧.
但不可"开车",严禁国家敏感话题,不可求档涉及版权的文档软件.
验证问题说明申请入群原因即可.
