//////////////////////////////////////////////////////////////////////////////////////////
这样可以选中呀
int nItem = -1;
nItem = m_listApp.GetNextItem(nItem, LVNI_SELECTED);
m_listApp.DeleteItem(nItem);
////////////////////////////////////////////////////////////////////////////////////////////
1。弹出方式菜单
// The code fragment shows how to get the File menu from the
// application window and displays it as a floating popup menu
// when the right mouse button is clicked in view.
// CMyView is a CView-derived class.
void CMyView::OnRButtonDown(UINT nFlags, CPoint point)
{
CView::OnRButtonDown(nFlags, point);
CMenu* menu_bar = AfxGetMainWnd()->GetMenu();
CMenu* file_menu = menu_bar->GetSubMenu(0);
ASSERT(file_menu);
file_menu->TrackPopupMenu(TPM_LEFTALIGN |TPM_RIGHTBUTTON, point.x,
point.y, this);
}
2。图标设置
BOOL CListCtrlDemoDlg::InitImageList()
{
// Create 256 color image lists
HIMAGELIST hList = ImageList_Create(32,32, ILC_COLOR8 |ILC_MASK , 8, 1);
m_cImageListNormal.Attach(hList); hList = ImageList_Create(16, 16, ILC_COLOR8 | ILC_MASK, 8, 1);
m_cImageListSmall.Attach(hList);
// Load the large icons
CBitmap cBmp;
cBmp.LoadBitmap(IDB_IMAGES_NORMAL);
m_cImageListNormal.Add(&cBmp, RGB(255,0, 255));
cBmp.DeleteObject();
// Load the small icons
cBmp.LoadBitmap(IDB_IMAGES_SMALL);
m_cImageListSmall.Add(&cBmp, RGB(255,0, 255));
// Attach them
m_cListCtrl.SetImageList(&m_cImageListNormal, LVSIL_NORMAL);
m_cListCtrl.SetImageList(&m_cImageListSmall, LVSIL_SMALL);
return TRUE;
}
3。插入图标
/////////////////////////////////////////////////////////////////////////////
void CListCtrlDemoDlg::InsertItems()
{
//删除所有的当前条目内容
m_cListCtrl.DeleteAllItems();
//用LV_ITEM结构指向要插入的条目
LVITEM lvi;
CString strItem;
for (int i = 0; i < m_nItems; i++)
{
// Insert the first item
lvi.mask = LVIF_IMAGE | LVIF_TEXT;
strItem.Format(_T("Item %d"), i);
lvi.iItem = i;
lvi.iSubItem = 0;
lvi.pszText = (LPTSTR)(LPCTSTR)(strItem);
lvi.iImage = i%8; // There are 8 images in the image list
m_cListCtrl.InsertItem(&lvi);
// Set subitem 1
strItem.Format(_T("%d"), 10*i);
lvi.iSubItem =1;
lvi.pszText = (LPTSTR)(LPCTSTR)(strItem);
m_cListCtrl.SetItem(&lvi);
// Set subitem 2
strItem.Format(_T("%s"), COleDateTime::GetCurrentTime().Format(_T("Created: %I:%M:%S %p, %m/%d/%Y")));
lvi.iSubItem =4;
lvi.pszText = (LPTSTR)(LPCTSTR)(strItem);
m_cListCtrl.SetItem(&lvi);
}
}
4。删除条目
void CMmDlg::OnDelete()
{
int i,iState;
int nItemSelected=m_mm_host_ListCtrl.GetSelectedCount();//得到所选表项数
int nItemCount=m_mm_host_ListCtrl.GetItemCount();//得到表项总数
if(nItemSelected<1)//如果没有选中行,退出
return;
for(i=nItemCount-1;i>=0;i--)
{
iState=m_mm_host_ListCtrl.GetItemState(i,LVIS_SELECTED);
if(iState!=0)
m_mm_host_ListCtrl.DeleteItem(i);
}
}
5。击活条目
void CMmDlg::OnClickList(NMHDR* pNMHDR, LRESULT* pResult)
{
// TODO: Add your control notification handler code here
int nItem = -1;
LPNMITEMACTIVATE lpNMItemActivate = (LPNMITEMACTIVATE)pNMHDR;
if(lpNMItemActivate != NULL)
{
nItem = lpNMItemActivate->iItem;
}
//CString str;
//str.Format("%d",nItem);
//MessageBox(str);
*pResult = 0;
}
//////////////////////////////////////////////////////////////////////////
//////////////////////////////////////////////////////////////////////////
排序算发
// SortTextItems - Sort the list based on column text// Returns - Returns truefor success// nCol - column that contains the text to be sorted// bAscending - indicate sort order// low - row to start scanning from - default row is 0// high - row to end scan. -1 indicates last row
字符串
///////////////////////////
BOOL CMyListCtrl::SortTextItems( int nCol, BOOL bAscending,
int low
//////////////////////////////////////////////////////////
数值:
bool CMyListCtrl::SortNumericItems( int nCol, BOOL bAscending,int low
//////////////////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////////////////// int i = 0;
CString str;
str.Format("%d",i*10);// 序号for(i=0;i<10;i++)
{
str.Format("%d",i*10);
m_mm_host_ListCtrl.InsertItem(i, str, 0);
m_mm_host_ListCtrl.SetItemText(i, 1, str); m_mm_host_ListCtrl.SetItemText(i, 2, str); m_mm_host_ListCtrl.SetItemText(i, 3, str);}
/////////////////////////////////
void CMmDlg::OnDelete()
{
int i,iState;
int nItemSelected=m_mm_host_ListCtrl.GetSelectedCount();//所选表项数
int nItemCount=m_mm_host_ListCtrl.GetItemCount();//表项总数
if(nItemSelected<1)
return;
for(i=nItemCount-1;i>=0;i--)
{
iState=m_mm_host_ListCtrl.GetItemState(i,LVIS_SELECTED);
if(iState!=0)
m_mm_host_ListCtrl.DeleteItem(i);
}
}
////////////////////////////////////////////////////////////////
CListCtrl使用技巧[转]
/////////////////////////////////////////////////////////////////
1. CListCtrl 风格
LVS_ICON: 为每个item显示大图标
LVS_SMALLICON: 为每个item显示小图标
LVS_LIST: 显示一列带有小图标的item
LVS_REPORT: 显示item详细资料
直观的理解:windows资源管理器,“查看”标签下的“大图标,小图标,列表,详细资料”
2. 设置listctrl 风格及扩展风格
LONG lStyle;
lStyle = GetWindowLong(m_list.m_hWnd, GWL_STYLE);//获取当前窗口style
lStyle &= ~LVS_TYPEMASK; //清除显示方式位
lStyle |= LVS_REPORT; //设置style
SetWindowLong(m_list.m_hWnd, GWL_STYLE, lStyle);//设置style
DWORD dwStyle = m_list.GetExtendedStyle();
dwStyle |= LVS_EX_FULLROWSELECT;//选中某行使整行高亮(只适用与report风格的listctrl)
dwStyle |= LVS_EX_GRIDLINES;//网格线(只适用与report风格的listctrl)
dwStyle |= LVS_EX_CHECKBOXES;//item前生成checkbox控件
m_list.SetExtendedStyle(dwStyle); //设置扩展风格
注:listview的style请查阅msdn
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/wceshellui5/html/wce50lrflistviewstyles.asp
3. 插入数据
m_list.InsertColumn( 0, "ID", LVCFMT_LEFT, 40 );//插入列
m_list.InsertColumn( 1, "NAME", LVCFMT_LEFT, 50 );
int nRow = m_list.InsertItem(0, “11”);//插入行
m_list.SetItemText(nRow, 1, “jacky”);//设置数据
4. 一直选中item
选中style中的Show selection always,或者在上面第2点中设置LVS_SHOWSELALWAYS
5. 选中和取消选中一行
int nIndex = 0;
//选中
m_list.SetItemState(nIndex, LVIS_SELECTED|LVIS_FOCUSED, LVIS_SELECTED|LVIS_FOCUSED);
//取消选中
m_list.SetItemState(nIndex, 0, LVIS_SELECTED|LVIS_FOCUSED);
6. 得到listctrl中所有行的checkbox的状态
m_list.SetExtendedStyle(LVS_EX_CHECKBOXES);
CString str;
for(int i=0; i {
if( m_list.GetItemState(i, LVIS_SELECTED) == LVIS_SELECTED || m_list.GetCheck(i))
{
str.Format(_T("第%d行的checkbox为选中状态"), i);
AfxMessageBox(str);
}
}
7. 得到listctrl中所有选中行的序号
方法一:
CString str;
for(int i=0; i {
if( m_list.GetItemState(i, LVIS_SELECTED) == LVIS_SELECTED )
{
str.Format(_T("选中了第%d行"), i);
AfxMessageBox(str);
}
}
方法二:
POSITION pos = m_list.GetFirstSelectedItemPosition();
if (pos == NULL)
TRACE0("No items were selected!\n");
else
{
while (pos)
{
int nItem = m_list.GetNextSelectedItem(pos);
TRACE1("Item %d was selected!\n", nItem);
// you could do your own processing on nItem here
}
}
8. 得到item的信息
TCHAR szBuf[1024];
LVITEM lvi;
lvi.iItem = nItemIndex;
lvi.iSubItem = 0;
lvi.mask = LVIF_TEXT;
lvi.pszText = szBuf;
lvi.cchTextMax = 1024;
m_list.GetItem(&lvi);
关于得到设置item的状态,还可以参考msdn文章
Q173242: Use Masks to Set/Get Item States in CListCtrl
http://support.microsoft.com/kb/173242/en-us
9. 得到listctrl的所有列的header字符串内容
LVCOLUMN lvcol;
char str[256];
int nColNum;
CString strColumnName[4];//假如有4列
nColNum = 0;
lvcol.mask = LVCF_TEXT;
lvcol.pszText = str;
lvcol.cchTextMax = 256;
while(m_list.GetColumn(nColNum, &lvcol))
{
strColumnName[nColNum] = lvcol.pszText;
nColNum++;
}
10. 使listctrl中一项可见,即滚动滚动条
m_list.EnsureVisible(i, FALSE);
11. 得到listctrl列数
int nHeadNum = m_list.GetHeaderCtrl()->GetItemCount();
12. 删除所有列
方法一:
while ( m_list.DeleteColumn (0))
因为你删除了第一列后,后面的列会依次向上移动。
方法二:
int nColumns = 4;
for (int i=nColumns-1; i>=0; i--)
m_list.DeleteColumn (i);
13. 得到单击的listctrl的行列号
添加listctrl控件的NM_CLICK消息相应函数
void CTest6Dlg::OnClickList1(NMHDR* pNMHDR, LRESULT* pResult)
{
// 方法一:
/*
DWORD dwPos = GetMessagePos();
CPoint point( LOWORD(dwPos), HIWORD(dwPos) );
m_list.ScreenToClient(&point);
LVHITTESTINFO lvinfo;
lvinfo.pt = point;
lvinfo.flags = LVHT_ABOVE;
int nItem = m_list.SubItemHitTest(&lvinfo);
if(nItem != -1)
{
CString strtemp;
strtemp.Format("单击的是第%d行第%d列", lvinfo.iItem, lvinfo.iSubItem);
AfxMessageBox(strtemp);
}
*/
// 方法二:
/*
NM_LISTVIEW* pNMListView = (NM_LISTVIEW*)pNMHDR;
if(pNMListView->iItem != -1)
{
CString strtemp;
strtemp.Format("单击的是第%d行第%d列",
pNMListView->iItem, pNMListView->iSubItem);
AfxMessageBox(strtemp);
}
*/
*pResult = 0;
}
14. 判断是否点击在listctrl的checkbox上
添加listctrl控件的NM_CLICK消息相应函数
void CTest6Dlg::OnClickList1(NMHDR* pNMHDR, LRESULT* pResult)
{
DWORD dwPos = GetMessagePos();
CPoint point( LOWORD(dwPos), HIWORD(dwPos) );
m_list.ScreenToClient(&point);
LVHITTESTINFO lvinfo;
lvinfo.pt = point;
lvinfo.flags = LVHT_ABOVE;
UINT nFlag;
int nItem = m_list.HitTest(point, &nFlag);
//判断是否点在checkbox上
if(nFlag == LVHT_ONITEMSTATEICON)
{
AfxMessageBox("点在listctrl的checkbox上");
}
*pResult = 0;
}
15. 右键点击listctrl的item弹出菜单
添加listctrl控件的NM_RCLICK消息相应函数
void CTest6Dlg::OnRclickList1(NMHDR* pNMHDR, LRESULT* pResult)
{
NM_LISTVIEW* pNMListView = (NM_LISTVIEW*)pNMHDR;
if(pNMListView->iItem != -1)
{
DWORD dwPos = GetMessagePos();
CPoint point( LOWORD(dwPos), HIWORD(dwPos) );
CMenu menu;
VERIFY( menu.LoadMenu( IDR_MENU1 ) );
CMenu* popup = menu.GetSubMenu(0);
ASSERT( popup != NULL );
popup->TrackPopupMenu(TPM_LEFTALIGN | TPM_RIGHTBUTTON, point.x, point.y, this );
}
*pResult = 0;
}
16. item切换焦点时(包括用键盘和鼠标切换item时),状态的一些变化顺序
添加listctrl控件的LVN_ITEMCHANGED消息相应函数
void CTest6Dlg::OnItemchangedList1(NMHDR* pNMHDR, LRESULT* pResult)
{
NM_LISTVIEW* pNMListView = (NM_LISTVIEW*)pNMHDR;
// TODO: Add your control notification handler code here
CString sTemp;
if((pNMListView->uOldState & LVIS_FOCUSED) == LVIS_FOCUSED &&
(pNMListView->uNewState & LVIS_FOCUSED) == 0)
{
sTemp.Format("%d losted focus",pNMListView->iItem);
}
else if((pNMListView->uOldState & LVIS_FOCUSED) == 0 &&
(pNMListView->uNewState & LVIS_FOCUSED) == LVIS_FOCUSED)
{
sTemp.Format("%d got focus",pNMListView->iItem);
}
if((pNMListView->uOldState & LVIS_SELECTED) == LVIS_SELECTED &&
(pNMListView->uNewState & LVIS_SELECTED) == 0)
{
sTemp.Format("%d losted selected",pNMListView->iItem);
}
else if((pNMListView->uOldState & LVIS_SELECTED) == 0 &&
(pNMListView->uNewState & LVIS_SELECTED) == LVIS_SELECTED)
{
sTemp.Format("%d got selected",pNMListView->iItem);
}
*pResult = 0;
}
17. 得到另一个进程里的listctrl控件的item内容
http://www.codeproject.com/threads/int64_memsteal.asp
18. 选中listview中的item
Q131284: How To Select a Listview Item Programmatically
http://support.microsoft.com/kb/131284/en-us
19. 如何在CListView中使用CListCtrl的派生类
http://www.codeguru.com/cpp/controls/listview/introduction/article.php/c919/
20. listctrl的subitem添加图标
m_list.SetExtendedStyle(LVS_EX_SUBITEMIMAGES);
m_list.SetItem(..); //具体参数请参考msdn
21. 在CListCtrl显示文件,并根据文件类型来显示图标
网上找到的代码,share
BOOL CTest6Dlg::OnInitDialog()
{
CDialog::OnInitDialog();
HIMAGELIST himlSmall;
HIMAGELIST himlLarge;
SHFILEINFO sfi;
char cSysDir[MAX_PATH];
CString strBuf;
memset(cSysDir, 0, MAX_PATH);
GetWindowsDirectory(cSysDir, MAX_PATH);
strBuf = cSysDir;
sprintf(cSysDir, "%s", strBuf.Left(strBuf.Find("\\")+1));
himlSmall = (HIMAGELIST)SHGetFileInfo ((LPCSTR)cSysDir,
0,
&sfi,
sizeof(SHFILEINFO),
SHGFI_SYSICONINDEX | SHGFI_SMALLICON );
himlLarge = (HIMAGELIST)SHGetFileInfo((LPCSTR)cSysDir,
0,
&sfi,
sizeof(SHFILEINFO),
SHGFI_SYSICONINDEX | SHGFI_LARGEICON);
if (himlSmall && himlLarge)
{
::SendMessage(m_list.m_hWnd, LVM_SETIMAGELIST,
(WPARAM)LVSIL_SMALL, (LPARAM)himlSmall);
::SendMessage(m_list.m_hWnd, LVM_SETIMAGELIST,
(WPARAM)LVSIL_NORMAL, (LPARAM)himlLarge);
}
return TRUE; // return TRUE unless you set the focus to a control
}
void CTest6Dlg::AddFiles(LPCTSTR lpszFileName, BOOL bAddToDocument)
{
int nIcon = GetIconIndex(lpszFileName, FALSE, FALSE);
CString strSize;
CFileFind filefind;
// get file size
if (filefind.FindFile(lpszFileName))
{
filefind.FindNextFile();
strSize.Format("%d", filefind.GetLength());
}
else
strSize = "0";
// split path and filename
CString strFileName = lpszFileName;
CString strPath;
int nPos = strFileName.ReverseFind('\\');
if (nPos != -1)
{
strPath = strFileName.Left(nPos);
strFileName = strFileName.Mid(nPos + 1);
}
// insert to list
int nItem = m_list.GetItemCount();
m_list.InsertItem(nItem, strFileName, nIcon);
m_list.SetItemText(nItem, 1, strSize);
m_list.SetItemText(nItem, 2, strFileName.Right(3));
m_list.SetItemText(nItem, 3, strPath);
}
int CTest6Dlg::GetIconIndex(LPCTSTR lpszPath, BOOL bIsDir, BOOL bSelected)
{
SHFILEINFO sfi;
memset(&sfi, 0, sizeof(sfi));
if (bIsDir)
{
SHGetFileInfo(lpszPath,
FILE_ATTRIBUTE_DIRECTORY,
&sfi,
sizeof(sfi),
SHGFI_SMALLICON | SHGFI_SYSICONINDEX |
SHGFI_USEFILEATTRIBUTES |(bSelected ? SHGFI_OPENICON : 0));
return sfi.iIcon;
}
else
{
SHGetFileInfo (lpszPath,
FILE_ATTRIBUTE_NORMAL,
&sfi,
sizeof(sfi),
SHGFI_SMALLICON | SHGFI_SYSICONINDEX |
SHGFI_USEFILEATTRIBUTES | (bSelected ? SHGFI_OPENICON : 0));
return sfi.iIcon;
}
return -1;
}
22. listctrl内容进行大数据量更新时,避免闪烁
m_list.SetRedraw(FALSE);
//更新内容
m_list.SetRedraw(TRUE);
m_list.Invalidate();
m_list.UpdateWindow();
或者参考
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/vclib/html/_mfc_cwnd.3a3a.setredraw.asp
23. listctrl排序
Q250614:How To Sort Items in a CListCtrl in Report View
http://support.microsoft.com/kb/250614/en-us
24. 在listctrl中选中某个item时动态改变其icon或bitmap
Q141834: How to change the icon or the bitmap of a CListCtrl item in Visual C++
http://support.microsoft.com/kb/141834/en-us
25. 在添加item后,再InsertColumn()后导致整列数据移动的问题
Q151897: CListCtrl::InsertColumn() Causes Column Data to Shift
http://support.microsoft.com/kb/151897/en-us
26. 关于listctrl第一列始终居左的问题
解决办法:把第一列当一个虚列,从第二列开始插入列及数据,最后删除第一列。
具体解释参阅 http://msdn.microsoft.com/library/default.asp?url=/library/en-us/shellcc/platform/commctls/listview/structures/lvcolumn.asp
27. 锁定column header的拖动
http://msdn.microsoft.com/msdnmag/issues/03/06/CQA/
28. 如何隐藏clistctrl的列
把需隐藏的列的宽度设为0,然后检测当该列为隐藏列时,用上面第27点的锁定column 的拖动来实现
29. listctrl进行大数据量操作时,使用virtual list
http://www.codeguru.com/cpp/controls/listview/advanced/article.php/c4151/
http://www.codeproject.com/listctrl/virtuallist.asp
30. 关于item只能显示259个字符的问题
解决办法:需要在item上放一个edit。
31. 响应在listctrl的column header上的鼠标右键单击
Q125694: How To Find Out Which Listview Column Was Right-Clicked
http://support.microsoft.com/kb/125694/en-us
32. 类似于windows资源管理器的listview
Q234310: How to implement a ListView control that is similar to Windows Explorer by using DirLV.exe
http://support.microsoft.com/kb/234310/en-us
33. 在ListCtrl中OnTimer只响应两次的问题
Q200054:
PRB: OnTimer() Is Not Called Repeatedly for a List Control
http://support.microsoft.com/kb/200054/en-us
34. 以下为一些为实现各种自定义功能的listctrl派生类
(1) 拖放
http://www.codeproject.com/listctrl/dragtest.asp
在CListCtrl和CTreeCtrl间拖放
http://support.microsoft.com/kb/148738/en-us
(2) 多功能listctrl
支持subitem可编辑,图标,radiobutton,checkbox,字符串改变颜色的类
http://www.codeproject.com/listctrl/quicklist.asp
支持排序,subitem可编辑,subitem图标,subitem改变颜色的类
http://www.codeproject.com/listctrl/ReportControl.asp
(3) subitem中显示超链接
http://www.codeproject.com/listctrl/CListCtrlLink.asp
(4) subitem的tooltip提示
http://www.codeproject.com/listctrl/ctooltiplistctrl.asp
(5) subitem中显示进度条
http://www.codeproject.com/listctrl/ProgressListControl.asp
http://www.codeproject.com/listctrl/napster.asp
http://www.codeguru.com/Cpp/controls/listview/article.php/c4187/
(6) 动态改变subitem的颜色和背景色
http://www.codeproject.com/listctrl/highlightlistctrl.asp
http://www.codeguru.com/Cpp/controls/listbox/colorlistboxes/article.php/c4757/
(7) 类vb属性对话框
http://www.codeproject.com/listctrl/propertylistctrl.asp
http://www.codeguru.com/Cpp/controls/listview/propertylists/article.php/c995/
http://www.codeguru.com/Cpp/controls/listview/propertylists/article.php/c1041/
(8) 选中subitem(只高亮选中的item)
http://www.codeproject.com/listctrl/SubItemSel.asp
http://www.codeproject.com/listctrl/ListSubItSel.asp
(9) 改变行高
http://www.codeproject.com/listctrl/changerowheight.asp
(10) 改变行颜色
http://www.codeproject.com/listctrl/coloredlistctrl.asp
(11) 可编辑subitem的listctrl
http://www.codeproject.com/listctrl/nirs2000.asp
http://www.codeproject.com/listctrl/editing_subitems_in_listcontrol.asp
(12) subitem可编辑,插入combobox,改变行颜色,subitem的tooltip提示
http://www.codeproject.com/listctrl/reusablelistcontrol.asp
(13) header 中允许多行字符串
http://www.codeproject.com/listctrl/headerctrlex.asp
(14) 插入combobox
http://www.codeguru.com/Cpp/controls/listview/editingitemsandsubitem/article.php/c979/
(15) 添加背景图片
http://www.codeguru.com/Cpp/controls/listview/backgroundcolorandimage/article.php/c4173/
http://www.codeguru.com/Cpp/controls/listview/backgroundcolorandimage/article.php/c983/
http://www.vchelp.net/vchelp/archive.asp?type_id=9&class_id=1&cata_id=1&article_id=1088&search_term=
(16) 自适应宽度的listctrl
http://www.codeproject.com/useritems/AutosizeListCtrl.asp
(17) 改变ListCtrl高亮时的颜色(默认为蓝色)
处理 NM_CUSTOMDRAW
http://www.codeproject.com/listctrl/lvcustomdraw.asp
/////////////////////////////////////////////////////////////////
/////////////////////////////////////////////////////////////////
m_mm_host_ListCtrl.DeleteAllItems()
m_mm_host_ListCtrl.ModifyStyle(0,LVS_REPORT);
////////////
LONG lStyle = m_mm_host_ListCtrl.SendMessage(
LVM_GETEXTENDEDLISTVIEWSTYLE);
lStyle |= LVS_EX_FULLROWSELECT | LVS_EX_GRIDLINES |
LVS_EX_HEADERDRAGDROP;
m_mm_host_ListCtrl.SendMessage(LVM_SETEXTENDEDLISTVIEWSTYLE, 0,
(LPARAM)lStyle);
////////////
或者:
LONG lStyle;
lStyle = GetWindowLong(m_mm_host_ListCtrl.m_hWnd, GWL_STYLE);//获取当前窗口style
lStyle &= ~LVS_TYPEMASK; //清除显示方式位
lStyle |= LVS_REPORT; //设置style
SetWindowLong(m_mm_host_ListCtrl.m_hWnd, GWL_STYLE, lStyle);//设置style
DWORD dwStyle = m_mm_host_ListCtrl.GetExtendedStyle();
dwStyle |= LVS_EX_FULLROWSELECT;//选中某行使整行高亮(只适用与report风格的listctrl)
dwStyle |= LVS_EX_GRIDLINES;//网格线(只适用与report风格的listctrl)
dwStyle |= LVS_EX_CHECKBOXES;//item前生成checkbox控件
m_mm_host_ListCtrl.SetExtendedStyle(dwStyle); //设置扩展风格
/////////////
m_mm_host_ListCtrl.InsertColumn(0,"日志序号",LVCFMT_CENTER,60,0);
m_mm_host_ListCtrl.InsertColumn(1,"来源",LVCFMT_CENTER,80,1);
m_mm_host_ListCtrl.InsertColumn(2,"日期",LVCFMT_CENTER,80,2);
m_mm_host_ListCtrl.InsertColumn(3,"时间",LVCFMT_CENTER,80,3);
m_mm_host_ListCtrl.InsertColumn(4,"分类",LVCFMT_CENTER,80,4);
m_mm_host_ListCtrl.InsertColumn(5,"ID",LVCFMT_CENTER,50,5);
m_mm_host_ListCtrl.InsertColumn(6,"用户",LVCFMT_CENTER,120,6);
m_mm_host_ListCtrl.InsertColumn(7,"计算机",LVCFMT_CENTER,120,7);
/////////////////////////////////////////////////////////////////////////
#include <stdio.h>
//#include <unistd.h>
#include <string.h>
#include <time.h>
#include <windows.h>
#define BUFFER_SIZE 1024*64
//#define DEFAULT_FILE "C:\\ossec-extracted-evt.log"
FILE *fp;
int event_record=0;
/* Event logging local structure */
typedef struct _os_el
{
int time_of_last;
char *event_name;
EVENTLOGRECORD *er;
HANDLE h;
DWORD record;
}os_el;
os_el el[3];
int el_last = 0;
/** int startEL(char *app, os_el *el)
* Starts the event logging for each el
*/
int startEL(char *app, os_el *el)
{
/* Opening the event log */
el->h = OpenEventLog(NULL, app);
if(!el->h)
{
return(0);
}
el->event_name = app;
GetOldestEventLogRecord(el->h, &el->record);
return(1);
}
/** char *el_GetCategory(int category_id)
* Returns a string related to the category id of the log.
*/
//得到一个事件的类型,,输入是一个事件类型id输出是汉字串
char *el_GetCategory(int category_id)
{
char *cat;
switch(category_id)
{
case EVENTLOG_ERROR_TYPE:
cat = "错误";
break;
case EVENTLOG_WARNING_TYPE:
cat = "警告";
break;
case EVENTLOG_INFORMATION_TYPE:
cat = "信息";
break;
case EVENTLOG_AUDIT_SUCCESS:
cat = "审核成功";
break;
case EVENTLOG_AUDIT_FAILURE:
cat = "审核失败";
break;
default:
cat = "Unknown";
break;
}
return(cat);
}
/** int el_getEventDLL(char *evt_name, char *event_sourcename, char *event)
* Returns the event.
*/
int el_getEventDLL(char *evt_name, char *event_sourcename, char *event)
{
HKEY key;
DWORD ret;
char keyname[256];
keyname[255] = '\0';
_snprintf(keyname, 254,
"System\\CurrentControlSet\\Services\\EventLog\\%s\\%s",
evt_name,
event_sourcename);
/* Opening registry */
if(RegOpenKeyEx(HKEY_LOCAL_MACHINE, keyname, 0, KEY_ALL_ACCESS, &key)
!= ERROR_SUCCESS)
{
return(0);
}
ret = MAX_PATH -1;
if (RegQueryValueEx(key, "EventMessageFile", NULL,
NULL, (LPBYTE)event, &ret) != ERROR_SUCCESS)
{
event[0] = '\0';
return(0);
}
RegCloseKey(key);
return(1);
}
/** char *el_Getmessage()
* Returns a descriptive message of the event.
*/
//输出是时间描述信息
char *el_GetMessage(EVENTLOGRECORD *er, char *event_name,
char * event_sourcename, LPTSTR *el_sstring)
{
DWORD fm_flags = 0;
char tmp_str[257];
char event[MAX_PATH +1];
char *curr_str;
char *next_str;
LPSTR message = NULL;
HMODULE hevt;
/* Initializing variables */
event[MAX_PATH] = '\0';
tmp_str[256] = '\0';
/* Flags for format event */
fm_flags |= FORMAT_MESSAGE_FROM_HMODULE;
fm_flags |= FORMAT_MESSAGE_ALLOCATE_BUFFER;
fm_flags |= FORMAT_MESSAGE_ARGUMENT_ARRAY;
/* Get the file name from the registry (stored on event) */
if(!el_getEventDLL(event_name, event_sourcename, event))
{
return(NULL);
}
curr_str = event;
/* If our event has multiple libraries, try each one of them */
while((next_str = strchr(curr_str, ';')))
{
*next_str = '\0';
next_str++;
ExpandEnvironmentStrings(curr_str, tmp_str, 255);
hevt = LoadLibraryEx(tmp_str, NULL, DONT_RESOLVE_DLL_REFERENCES);
if(hevt)
{
if(!FormatMessage(fm_flags, hevt, er->EventID,
0,
(LPTSTR) &message, 0, el_sstring))
{
message = NULL;
}
FreeLibrary(hevt);
/* If we have a message, we can return it */
if(message)
return(message);
}
curr_str = next_str;
}
ExpandEnvironmentStrings(curr_str, tmp_str, 255);
hevt = LoadLibraryEx(tmp_str, NULL, DONT_RESOLVE_DLL_REFERENCES);
if(hevt)
{
int hr;
if(!(hr = FormatMessage(fm_flags, hevt, er->EventID,
0,
(LPTSTR) &message, 0, el_sstring)))
{
message = NULL;
}
FreeLibrary(hevt);
/* If we have a message, we can return it */
if(message)
return(message);
}
return(NULL);
}
/** void Read_event(os_el *el)
* Reads the event log.
*/
void Read_event(os_el *el, int printit)
{
DWORD nstr;
DWORD user_size;
DWORD domain_size;
DWORD read, needed;
int size_left;
int str_size;
char *mbuffer[BUFFER_SIZE];
LPSTR sstr = NULL;
char *tmp_str = NULL;
char *event_category; //事件类型
char *event_sourcename; //事件来源
char *event_computername; //事件计算机名
char *event_descriptive_msg; //事件描述
char event_el_user[257]; //事件用户
char event_el_domain[257]; //事件域
char el_string[1025];
char final_out_msg[1024]; //最后输出的信息
LPSTR el_sstring[57];
/* Er must point to the mbuffer */
el->er = (EVENTLOGRECORD *) &mbuffer;
/* Zeroing the last values */
el_string[1024] = '\0';
event_el_user[256] = '\0';
event_el_domain[256] = '\0';
final_out_msg[1023] = '\0';
el_sstring[56] = NULL;
/* Reading the event log */
while(ReadEventLog(el->h,
EVENTLOG_FORWARDS_READ | EVENTLOG_SEQUENTIAL_READ,
0,
el->er, BUFFER_SIZE -1, &read, &needed))
{
while(read > 0)
{
/* We need to initialize every variable before the loop */
//得到事件的类型
event_category = el_GetCategory(el->er->EventType);
//得到事件来源
event_sourcename = (LPSTR) ((LPBYTE) el->er + sizeof(EVENTLOGRECORD));
//得到计算机名
event_computername = event_sourcename + strlen(event_sourcename) + 1;
//给描述信息初始化
event_descriptive_msg = NULL;
/* 初始化domain/user尺寸 */
user_size = 255; domain_size = 255;
event_el_domain[0] = '\0';
event_el_user[0] = '\0';
/* 设置时间的一些描述 some description */
if(el->er->NumStrings)
{
size_left = 1020;
sstr = (LPSTR)((LPBYTE)el->er + el->er->StringOffset);
el_string[0] = '\0';
for (nstr = 0;nstr < el->er->NumStrings;nstr++)
{
str_size = strlen(sstr);
strncat(el_string, sstr, size_left);
tmp_str= strchr(el_string, '\0');
if(tmp_str)
{
*tmp_str = ' ';
tmp_str++; *tmp_str = '\0';
}
size_left-=str_size + 1;
if(nstr <= 54)
el_sstring[nstr] = (LPSTR)sstr;
sstr = strchr( (LPSTR)sstr, '\0');
sstr++;
}
/* Get a more descriptive message (if available) */
event_descriptive_msg = el_GetMessage(el->er, el->event_name, event_sourcename, el_sstring);
if(event_descriptive_msg != NULL)
{
/* Remove any \n or \r */
tmp_str = event_descriptive_msg;
while((tmp_str = strchr(tmp_str, '\n')))
{
*tmp_str = ' ';
tmp_str++;
}
tmp_str = event_descriptive_msg;
while((tmp_str = strchr(tmp_str, '\r')))
{
*tmp_str = ' ';
tmp_str++;
//strchr(tmp_str, '\n');
}
}
}
else
{
strncpy(el_string, "(no message)", 1020);
}
/* 得到username */
if (el->er->UserSidLength)
{
SID_NAME_USE account_type;
if(!LookupAccountSid(NULL, (SID *)((LPSTR)el->er + el->er->UserSidOffset),
event_el_user, &user_size, event_el_domain, &domain_size, &account_type))
{
strncpy(event_el_user, "(no user)", 255);
strncpy(event_el_domain, "no domain", 255);
}
}
else
{
strncpy(event_el_user, "A", 255);
strncpy(event_el_domain, "N", 255);
}
if(printit)
{
tm *event_time = localtime((const long *)&el->er->TimeWritten);
_snprintf(final_out_msg, 1022,
"事件记录序号:%d\n事件:%s\n日期:%.4hd-%.2hd-%.2hd\n时间: %.2hd:%.2hd:%.2hd\n事件类型:%s\n事件来源:%s\n事件ID:(%u)\n用户:%s/%s\n计算机:%s\n描述:\n%s\n\n\n",
event_record,
el->event_name,
event_time->tm_year + 1900,
event_time->tm_mon + 1,
event_time->tm_mday,
event_time->tm_hour,
event_time->tm_min,
event_time->tm_sec,
event_category,
event_sourcename,
(WORD)el->er->EventID,
event_el_domain,
event_el_user,
event_computername,
event_descriptive_msg != NULL?event_descriptive_msg:el_string);
fprintf(fp, "%s\n", final_out_msg);
}
if(event_descriptive_msg != NULL)
LocalFree(event_descriptive_msg);
/* Changing the point to the er */
read -= el->er->Length;
el->er = (EVENTLOGRECORD *)((LPBYTE) el->er + el->er->Length);
event_record++;
}
/* Setting er to the beginning of the buffer */
el->er = (EVENTLOGRECORD *)&mbuffer;
}
}
/** void win_startel()
* Starts the event logging for windows
*/
void win_startel(char *eventlog)
{
event_record=1;
startEL(eventlog, &el[el_last]);
Read_event(&el[el_last],1);
el_last++;
}
////////////////////////////////////////////////////////
////main////////////////////////////////////////////////
////////////////////////////////////////////////////////
int main()
{
fp = fopen("C:\\Documents and Settings\\Administrator\\桌面\\Read_log.txt","w");
if(!fp)
{
printf("Unable to open file\n");
exit(1);
}
else
{
printf("open file\n");
}
fprintf(fp, "\n\n***********安全日志***********\n\n\n");
win_startel("Security");
printf("安全日志打开\n");
fprintf(fp, "\n\n***********应用日志***********\n\n\n");
win_startel("Application");
printf("应用日志打开\n");
fprintf(fp, "\n\n***********系统日志***********\n\n\n");
win_startel("System");
printf("系统日志打开\n");
fclose(fp);
if(fclose(fp))
{
printf("关闭了\n");
}
else
{
printf("还开着呢了,,抓紧关它吧\n");
}
return(0);
}
摘要: 第一章 文件相关的API函数
Api函数名 函数说明 适用范围W16 W95 WNTmmioWrite 写文件 否 是 是WriteFile 写文件 否 是 是ExtractAssociatedIcon 从文件或相关EXE中获取图标句柄 否 是 是ExtractIcon 从可执行文件中返回图标句柄 否 是 是LZRead 从压缩文件中读入数据 是 是 是GetPrivateProfileStr...
阅读全文
如何实现繁简体互换?
// j2f.cpp : 简体(gb)==>繁体==>big5的过程
// 反向转换是类似的.
// 注意直接从简体-->big5不能做到一一对应.会有很多?出现,
// 故此需要先转成繁体.再转成big5.
// 我感觉这种方法应当和winnt或office里提供的繁简或字符集互转是一致的.
#include "stdafx.h"
#include
#include
#include
#include
#include
using namespace std;
void j2f(const string &s)
{
int n=s.length ();
int r=LCMapString(
MAKELCID(MAKELANGID(LANG_CHINESE,SUBLANG_CHINESE_SIMPLIFIED),SORT_CHINESE_PRC),
LCMAP_TRADITIONAL_CHINESE,
s.c_str (),s.length (),NULL,0);
if (!r) cout <<"error :"<
char *ft=new char[r+1];
r=LCMapString(
MAKELCID(MAKELANGID(LANG_CHINESE,SUBLANG_CHINESE_SIMPLIFIED),SORT_CHINESE_PRC),
LCMAP_TRADITIONAL_CHINESE,
s.c_str (),s.length (),ft,r+1);//这个api搞掂简体转繁体,下面会打印繁体出来
if (r) {
ft[r]=0;
cout<
wchar_t *pws=new wchar_t[r+1];
int r1=MultiByteToWideChar(936,0,ft,r,pws,r+1);
BOOL f=FALSE;
r1=WideCharToMultiByte(950,0,pws,r1,ft,r+1,"?",&f);//代码页切换搞掂gb->big5
ft[r1]=0;
cout<<<"(";
for (int i=0;i cout<<"";
printf("0x%02x ",(BYTE)ft[i]);
}
cout<<")"<
delete [] pws;
}
delete []ft;
}
//从标准输入简体国标-->big5繁体标准输出,输入两个空行退出
int main(int argc, char* argv[])
{
for(;;){
char line[1024];
cin.getline (line,sizeof(line));
string s(line);
if (!cin ||s.length ()==0) break;
j2f(s);
}
_getch();
return 0;
}
/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
1.首先请参阅其他技术专栏中用VB6.0访问注册表,创建
HKEY_LOCAL_MACHINE,\SYSTEM\CurrentControlSet\Services\Eventlog\Eventlog2\Eventlog2键,并且写入EventMessageFile,value为C:\WINNT\Microsoft.NET\Framework\v1.1.4322\EventLogMessages.dll
2.在C#.net使用以下代码写日志
//输出日志的CLASS
using System;
using System.Diagnostics;
using System.Text;
namespace CorePlus.Framework.Utility
{
/// <summary>
/// 写日志的CLASS
/// </summary>
public class LogUtility
{
public enum EVENT
{
/// <summary>重大错误</summary>
EVENT_ERROR,
/// <summary>操作失败</summary>
EVENT_FAILUREAUDIT,
/// <summary>一般信息</summary>
EVENT_INFORMATION,
/// <summary>有效的,成功的操作</summary>
EVENT_SUCCESSAUDIT,
/// <summary>警告</summary>
EVENT_WARNING,
}
private static TextWriterTraceListener listner = null;
/// <summary>
/// 构造函数
/// </summary>
public LogUtility () {}
/// <param name="loginID">登录ID</param>
/// <param name="screenID">画面ID</param>
/// <param name="level">警告级别</param>
/// <param name="message">日志信息</param>
public static void Logging (
string loginID,
string screenID,
EVENT level,
string message )
{
// 变量定义
StringBuilder outputMessage = null; // 输出的信息
string targetLevelString = null;
EventLogEntryType Eventtype = new EventLogEntryType();
switch (level)
{
case EVENT.EVENT_ERROR:
Eventtype = EventLogEntryType.Error;
break;
case EVENT.EVENT_FAILUREAUDIT:
Eventtype = EventLogEntryType.FailureAudit;
break;
case EVENT.EVENT_INFORMATION:
Eventtype = EventLogEntryType.Information;
break;
case EVENT.EVENT_SUCCESSAUDIT:
Eventtype = EventLogEntryType.SuccessAudit;
break;
case EVENT.EVENT_WARNING:
Eventtype = EventLogEntryType.Warning;
break;
}
// 日志信息的拼合
outputMessage = MakeMessage( loginID, screenID, targetLevelString, message );
// 写日志
Logging( Eventtype, outputMessage.ToString() );
}
/// <summary>
/// 向日志管理器写日志
/// </summary>
/// <param name="level">错误级别</param>
/// <param name="message">输出的信息</param>
private static void Logging ( EventLogEntryType level, string message )
{
// 变量定义
string logName = null; // 日志名
string machineName = null; // 机器名
string sourceName = null; // SourceName
EventLog eventLog = null; // EventLog
logName = "Eventlog2"; // 日志名
machineName = "."; // 机器名
sourceName = "Eventlog2"; // SourceName
eventLog = new EventLog( logName, machineName, sourceName );
eventLog.WriteEntry( message,level );
eventLog = null;
}
/// <summary>
/// 日志最终拼合
/// </summary>
/// <param name="loginID">登录ID</param>
/// <param name="screenID">画面ID</param>
/// <param name="levelString">错误级别</param>
/// <param name="message">日志信息</param>
/// <returns>输出的日志信息</returns>
private static StringBuilder MakeMessage (
string loginID,
string screenID,
string levelString,
string message )
{
// 变量定义
StringBuilder retMessage = new StringBuilder();
retMessage.Append( "【登录ID】" );
retMessage.Append( loginID );
retMessage.Append( "\n【画面ID】" );
retMessage.Append( screenID );
retMessage.Append( "\n【错误级别】" );
retMessage.Append( levelString );
retMessage.Append( "\n【错误信息】\n" );
retMessage.Append( message );
return retMessage;
}
}
}
// 在FORM中输出日志
private void button1_Click(object sender, System.EventArgs e)
{
LogUtility.Logging( "bbbbbb","22222222",LogUtility.EVENT.EVENT_ERROR,"3333333" );
}
运行完程序后打开日志管理器看看~~~~~~~~~怎么样?不错吧,呵呵.
////////////////////////////////////////////////////////////////////////////
1.窗口信息
MS为我们提供了打开特定桌面和枚举桌面窗口的函数。
hDesk=OpenDesktop(lpszDesktop,0,FALSE,DESKTOP_ENUMERATE);
//打开我们默认的Default桌面;
EnumDesktopWindows(hDesk,(WNDENUMPROC)EnumWindowProc,0);
//枚举打开桌面上的所有窗口,由回调函数实现。
BOOL __stdcall EnumWindowProc(HWND, LPARAM);
//在回调函数中,我们可以获得窗口的标题和相关进程,线程信息;
GetWindowText(hWnd,szWindowText,dwMaxCount);
GetWindowThreadProcessId(hWnd,&dwPID);
2.设备驱动器信息(服务和设备驱动器差不多,在此不做重复)
设备驱动信息有服务控制管理器(SCM)来管理的,我要打开服务控制管理器,并枚举所有的设备驱动器。
OpenSCManager(NULL,NULL,SC_MANAGER_ALL_ACCESS);
//以所有权限打开服务控制管理器;
EnumServicesStatus(schManager,dwDeviceType,dwDeviceState,
EnumStatus,dwBufSize,&dwBytesNeeded,
&dwDevicesReturned,&dwResumeHandle))
//枚举所有设备的当前状态;
CloseServiceHandle(schManager);
//记住,在结束访问后要关闭服务句柄;
OpenService(schManager,szDeviceName,SERVICE_ALL_ACCESS);
//打开特定的设备驱动器;
QueryServiceConfig(schDevice,lpDeviceConfig,
1024*8,&dwBytesNeeded);
//查询驱动器的服务配置信息;
QueryServiceStatus(schDevice,&DeviceStatus);
//查询设备驱动器的当前状态;
QueryServiceConfig2(schDevice,SERVICE_CONFIG_DESCRIPTION,
(LPBYTE)lpDeviceDescription,8*1024,&dwBytesNeeded)
//查询设备的描述信息;
StartService(schDevice,0,NULL);
//启动设备;
ControlService(schDevice,SERVICE_CONTROL_STOP,&DeviceStatus);
//停止设备;
DeleteService(schDevice);
//删除设备;
3.磁盘信息
我们希望获得系统所有磁盘的信息,包括软盘,硬盘,光盘等等;
GetLogicalDriveStrings(dwBufferLength,lpBuffer);
//获得逻辑设备的信息;
GetVolumeInformation(lpRootPathName,lpVolumeNameBuffer,
dwVolumeNameSize,&dwVolumeSerialNumber,
&dwMaximumComponentLength,&dwFileSystemFlags,
lpFileSystemNameBuffer,dwFileSystemNameSize);
//获得磁盘卷信息,包括卷名称和格式类型;
GetDiskFreeSpaceEx(lpRootPathName,&FreeBytesAvailable,
&TotalNumberOfBytes,&TotalNumberOfFreeBytes);
//探测磁盘的空间使用情况;
4.环境变量
我们可以从注册表中获得环境块的信息:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment,当然要使用注册表的函数。
RegOpenKeyEx(HKEY_LOCAL_MACHINE,RegKey,0,KEY_QUERY_VALUE,&hKey);
//打开注册表的键;
RegEnumValue(hKey,dwIndex,EnvironVariable,
&dwVariableLength,NULL,NULL,NULL,NULL);
//查询我们需要的信息值;
GetEnvironmentVariable(EnvironVariable,EnvironString,1024);
//获得环境变量的字符串信息;
5.事件记录信息
OpenEventLog(NULL,szLog);
//打开时间日志记录;
GetOldestEventLogRecord(hEvent,&dwThisRecord);
//获得最新的日志信息,以便继续查找;
ReadEventLog(hEvent,EVENTLOG_FORWARDS_READ │ EVENTLOG_SEQUENTIAL_READ,
0,pEventLogRecord,1024*32,&dwRead,&dwNeeded)
//读去日志信息;
LookupAccountSid(NULL,pSid,szName,&dwName,szDomain,&dwDomain,&SNU);
//获取账户的SID,以便获得账户的用户名称;
GetNumberOfEventLogRecords(hEvent,&dwTotal);
//获得事件日志的总数;
CloseEventLog(hEvent);
//不要忘记关闭事件句柄;
6.网络共享
我们使用第二等级的网络共享搜索;
NetShareEnum(NULL,dwLevel,(PBYTE *)&pBuf,MAX_PREFERRED_LENGTH,&entriesread,&totalentries,&resume);
//列举所有的共享目录及相关信息;
NetApiBufferFree(pBuf);
//释放缓冲区;
NetShareDel(NULL,(char *)lpShareNameW,0);
//删除网络共享目录;
7.网络适配器信息
我们要探测NIC的信息和网络流量;
GetAdaptersInfo(&AdapterInfo,&OutBufLen);
//获取适配器信息;
8.系统性能
获取系统的存储器使用情况;
GetPerformanceInfo(&PerfInfo,sizeof(PERFORMACE_INFORMATION))
//获取系统性能信息;
9.进程/线程/模块信息
在此我们使用工具帮助函数(ToolHelp32)和系统
OpenProcessToken(GetCurrentProcess(),TOKEN_QUERY │ TOKEN_ADJUST_PRIVILEGES,&hToken);
//打开进程的令牌,提升权限;
AdjustTokenPrivileges(hToken,FALSE,&TokenPrivileges,sizeof(TOKEN_PRIVILEGES),NULL,NULL);
//将进程的权限提升到支持调试(Debug);
CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
//创建进程的快照;
Process32First(hProcessSnap,&ProcessEntry32);
Process32First(hProcessSnap,&ProcessEntry32);
//枚举所有进程;
OpenProcess(PROCESS_QUERY_INFORMATION,FALSE,ProcessEntry32.th32ProcessID);
//打开特定进程,以查询进程相关信息;
GetProcessTimes(hProcess,&CreateTime,&ExitTime,&KernelTime,&UserTime);
//获取进程的时间信息;
GetProcessMemoryInfo(hProcess,&PMCounter,sizeof(PMCounter));
//获取进程的存储区信息;
GetPriorityClass(hProcess);
//获取进程的优先权;
GetProcessIoCounters(hProcess,&IoCounters);
//获取进程的IO使用情况;
CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, dwProcessID);
//创建模块快照;
Module32First(hModuleSnap, &ModuleEntry32);
Module32Next(hModuleSnap, &ModuleEntry32);
//枚举进程模块信息;
CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, 0);
//创建线程快照;
Thread32First(hThreadSnap, &ThreadEntry32);
Thread32Next(hThreadSnap, &ThreadEntry32);
//枚举线程信息;
OpenThread(THREAD_ALL_ACCESS,FALSE,ThreadEntry32.th32ThreadID);
//打开线程,须自己获得此函数地址;
TerminateProcess(hProcess,0);
//终止进程;
SuspendThread(hThread);
//悬挂线程;
ResumeThread(hThread);
//激活线程;
10.关机
AdjustTokenPrivileges(hToken,FALSE,&TokenPrivileges,sizeof(TOKEN_PRIVILEGES),NULL,NULL);
//调整进程令牌,使其支持关机;
ExitWindowsEx(EWX_LOGOFF,0);
//注销系统;
LockWorkStation();
//锁定系统;
InitiateSystemShutdown(NULL,szMessage,dwTimeout,FALSE,bSig);
//支持到记时和消息显示的关机/重启;
SetSystemPowerState(bSig,FALSE);
//系统休眠/冬眠;
11.用户信息
NetUserEnum(NULL,dwLevel,FILTER_NORMAL_ACCOUNT,(LPBYTE*)&pBuf, dwPrefMaxLen,&dwEntriesRead,&dwTotalEntries,&dwResumeHandle);
//枚举系统用户信息;
NetUserDel(NULL,lpUserNameW);
//删除指定用户;
12.系统版本信息
GetVersionEx((LPOSVERSIONINFO)&osviex);
//获取操作系统的版本信息;
我们也可以通过注册表(HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion)获取相关信息:
GetTickCount();
//获取开机时间;
GetComputerName(szInfo,&dwInfo);
//获取计算机名称;
GetUserName(szInfo,&dwInfo);
//获取计算机用户名;
GetWindowsDirectory(szInfo,MAX_PATH+1);
//获取Windows目录;
GetSystemDirectory(szInfo,MAX_PATH+1);
//获取系统目录;
/////////////////////////////////////////////////////////////////////////////////
///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
事件记录信息
OpenEventLog(NULL,szLog);
//打开时间日志记录;
GetOldestEventLogRecord(hEvent,&dwThisRecord);
//获得最新的日志信息,以便继续查找;
ReadEventLog(hEvent,EVENTLOG_FORWARDS_READ │ EVENTLOG_SEQUENTIAL_READ,
0,pEventLogRecord,1024*32,&dwRead,&dwNeeded)
//读去日志信息;
LookupAccountSid(NULL,pSid,szName,&dwName,szDomain,&dwDomain,&SNU);
//获取账户的SID,以便获得账户的用户名称;
GetNumberOfEventLogRecords(hEvent,&dwTotal);
//获得事件日志的总数;
CloseEventLog(hEvent);
//不要忘记关闭事件句柄;