The name of the monitoring program sounds strange. It is mainly used to monitor key information changes in the background, such as registry changes and changes caused by file operations on the hard disk.
Some may ask, what is the value of such a program? The files on the hard disk have changed. I just need to click it in the resource manager. Isn't it all clear? The problem is certainly not so simple. Now everyone's hard disks are using G as the unit. In a 4.3g hard disk, A total of tens of thousands of files (I believe that new users will consider ibm10.1g's large hard drive, which makes the number of files even more unimaginable ), what's more, invisible system files and hidden files. With the addition of the registry, the number of items is no less than the files on the hard disk. It is not easy to know whether your machine has changed at any time. The monitoring program can detect these changes at any time to help us understand these situations.
Of course, this is only part of the role of the Monitoring Program, its biggest role is to record the changes of the system before and after a software installation, so as to provide an important basis for uninstall the software. Although Windows comes with an uninstall shield, it does not seem to be able to clean the original software. Every time it is detached, it will leave some annoying residue, resulting in increasing junk information in the system, our hard disk space is always inexplicably used less. Therefore, some specialized uninstall tools that claim to be able to completely uninstall software have emerged. Some of these technologies use monitoring systems, such as uninstaller manager and regmonitor.
Next we will discuss how to program and implement this monitoring function. First, we will introduce several important API functions:
Findfirstchangenotification ();
Findnextchangenotification ();
Waitforsingleobject ();
The lpzpath in findfirstchangenotification (lpzpath, fwatchsubtree, fdwfilter) indicates the path name to be monitored. fwatchsubtree determines whether to check the sub-directory, fdwfilter indicates the event to be monitored, and a handle is returned after the function is executed.
The value and meaning of the fdwfilter parameter are as follows:
File_policy_change_file_name
File_policy_change_dir_name
File_policy_change_size
File_policy_change_attributes
Findnextchangenotification (hchange), hchange is the handle returned by findfirstchangennotification, which is used by the request system
The handle of the change notification will be sent when the next change is detected. After the function is successfully returned, the application can wait for the Change Notification through waitformultipleobjects or waitfforsingleobject. In waitforsingleobject (hchange, dwmilliseconds), hchange is the handle returned by findfirstchangenotification. dwmilliseconds is the waiting time value and specifies the waiting time, in milliseconds. If the value is-1, the time is infinite. It is best to use findclosechangenotification (hchange) to close the handle before you end the monitoring program.
The following is a simple example. Its function is to monitor whether files in the C: \ pwin98 Directory have changed. If a RENAME, creation, or deletion occurs, use the Edit Control to display a prompt.
//
----------------
# Include
# Pragma hdrstop
# Include "unit1.h"
//----------------
# Pragma package (smart_init)
# Pragma resource "*. DFM"
Tform1 * form1;
//-----------------
_ Fastcall tform1: tform1 (tcomponent * owner)
: Tform (owner)
{
}
//-------------------
Void _ fastcall tform1: formcreate (tobject * sender)
{
DWORD dwwaitstatus;
Handle dwchangehandle; // handle of the returned notification
Dwchangehandle = findfirstchangenotification (
"C: \ pwin98", false, file_policy_change_file_name); // you can specify the handle for the returned notification.
If (dwchangehandle = invalid_handle_value)
// Determine whether the setting is successful
Exitprocess (getlasterror ());
While (true) {// sets the loop to monitor whether the loop exists
Dwwaitstatus = waitforsingleobject (dwchangehandle,-1); // return notification
Switch (dwwaitstatus ){
Case 0:
Edit1-> text = "something changed"; // a prompt is displayed.
Findclosechangenotification (dwcchangehandle); // close the handle
Exit (exit_success); // exit the program
Default:
Exitprocess (getlasterror ());
}
}
}
The program passed in C ++ builder4/pwin98. Because the C ++ Builder language is very standard, it is easy to extend it to other programming language environments.
This example shows how to monitor file changes in the hard disk. for the Registry, the regpolicychangekeyvalue () function can implement similar functions.
After reading this article, do you have a deeper understanding of software such as uninstaller manager and Reg monitor. In Windows programming, some API functions play an important role, allowing the program to implement many advanced functions. Because API functions are provided according to the C language syntax, C ++ builder has a unique advantage and provides excellent support for API functions and macros. No, how can I run my questions?
What are you waiting for? Don't you want to compile your own uninstaller manager?