求项目开发的指导啊

唐华春 2011-09-05 09:43:31

最近老师要我做一个项目，说白了就是个取证软件，功能是读取一些痕迹，比如说上网信息，最近打开的文档，开关机信息等，界面类似于这种

请问各位大虾，用VC西直门实现啊，是不是要对注册表操作，还是对windows日志操作，还有注册表，日志方面的编程一般的书上都没有啊，我需要看哪些知识？有什么资料或书吗？小弟先谢过了

...全文

91 4 打赏收藏转发到动态举报

写回复

用AI写文章

4 条回复

切换为时间正序

请发表友善的回复…

发表回复

唐华春 2011-09-06

打赏
举报

[Quote=引用 2 楼 oyljerry 的回复:]

首先是你需要分析这些信息的存储位置，比如注册表什么地方，然后就是读取这些信息了。
[/Quote]
是要学习注册表的相关知识吗？你能告诉我要做什么工作吗？

oyljerry 2011-09-05

打赏
举报

The   following   example   reads   all   the   records   in   the   Application   logfile   and   displays   the   event   identifier,   event   type,   and   event   source   for   each   event   log   entry.   



void   DisplayEntries(   ) 

{ 

        HANDLE   h; 

        EVENTLOGRECORD   *pevlr;   

        BYTE   bBuffer[BUFFER_SIZE];   

        DWORD   dwRead,   dwNeeded,   cRecords,   dwThisRecord   =   0;   

  

        //   Open   the   Application   event   log.   

  

        h   =   OpenEventLog(   NULL,                           //   use   local   computer   

                          "Application ");       //   source   name   

        if   (h   ==   NULL)   

                ErrorExit( "Could   not   open   the   Application   event   log. ");   

  

        pevlr   =   (EVENTLOGRECORD   *)   &bBuffer;   

  

        //   Opening   the   event   log   positions   the   file   pointer   for   this   

        //   handle   at   the   beginning   of   the   log.   Read   the   records   

        //   sequentially   until   there   are   no   more.   

  

        while   (ReadEventLog(h,                                 //   event   log   handle   

                                EVENTLOG_FORWARDS_READ   |     //   reads   forward   

                                EVENTLOG_SEQUENTIAL_READ,   //   sequential   read   

                                0,                         //   ignored   for   sequential   reads   

                                pevlr,                 //   pointer   to   buffer   

                                BUFFER_SIZE,     //   size   of   buffer   

                                &dwRead,             //   number   of   bytes   read   

                                &dwNeeded))       //   bytes   in   next   record   

        { 

                while   (dwRead   >   0)   

                {   

                        //   Print   the   event   identifier,   type,   and   source   name.   

                        //   The   source   name   is   just   past   the   end   of   the   

                        //   formal   structure.   

  

                        printf( "%02d     Event   ID:   0x%08X   ",   

                                dwThisRecord++,   pevlr-> EventID);   

                        printf( "EventType:   %d   Source:   %s\n ",   

                                pevlr-> EventType,   (LPSTR)   ((LPBYTE)   pevlr   +   

                                sizeof(EVENTLOGRECORD)));   

  

                        dwRead   -=   pevlr-> Length;   

                        pevlr   =   (EVENTLOGRECORD   *)   

                                ((LPBYTE)   pevlr   +   pevlr-> Length);   

                }   

  

                pevlr   =   (EVENTLOGRECORD   *)   &bBuffer;   

        }   

  

        CloseEventLog(h);   

}