监视由子进程写入继承句柄的所有数据（过滤器驱动程序？Minifilter？） [英] Monitor All Data Written to Inherited Handle by Child Process (Filter Driver? Minifilter?)

问题描述

您好！



我有一个启动子进程的父进程，然后写入其继承的stdout句柄。



或许可以将父进程视为cygwin shell，将子进程视为nano或其他东西。我想监控nano的输入/输出。 Cygwin不一定会看到nano的输出，因为它可以写入其继承的stdout句柄，直接写入控制台。





解决方案1：不要让子进程继承其stdout句柄



父进程创建一个匿名管道，设置子进程的输出处理管道的输入句柄并启动一个从管道读取并写入stdout的线程，一次一个字符。



我认为这会有问题用于控制字符和诸如使用控制台位置的命令行文本编辑器之类的东西。所有这些东西都会被削弱。



例如，所有这些控制台功能都不起作用：http：//msdn.microsoft.com/en-us/library /windows/desktop/ms685032(v=vs.85).aspx



如果我错了请纠正我。



解决方案2：通过某种过滤器驱动程序监视子进程的stdout句柄



文件中有一些很棒的教程系统筛选驱动程序我的理解是这些只会捕获实际存档的东西。



那么，有没有办法捕获所有给定句柄的写入？



其中一个文件系统过滤器驱动程序有几个调整？



Minifilter驱动程序？



我应该看一些其他的驱动程序堆栈吗？



谢谢！



任何建议或意见表示赞赏。任何事情！

Hello!

I have a parent process that starts a child process, who then writes to its inherited stdout handle.

Perhaps think of the parent process as a cygwin shell and the child process as nano or something. I want to monitor the input / output of nano. Cygwin doesn't necessarily see the output of nano, as it could just write to its inherited stdout handle, writing to a console directly.


Solution 1: Don't let the child process inherit its stdout handle

Parent process creates an anonymous pipe, sets child process's output handle to the input handle of the pipe and starts a thread that reads from the pipe and writes to stdout, one character at a time.

I think this would be problematic for control characters and things like command line text editors that use console position. All that stuff would get nerfed.

For example, all these console functions wouldn't work: http://msdn.microsoft.com/en-us/library/windows/desktop/ms685032(v=vs.85).aspx

Please correct me if I'm wrong.

Solution 2: Monitor child process's stdout handle via some sort of filter driver

There are some great tutorials on File System filter drivers. My understanding is these will only catch stuff that actually goes to file.

So, is there some way to catch all writes to given handle?

One of those File System Filter Drivers with a couple tweaks?

Minifilter driver?

Is there some other driver stack I should be looking at?

Thanks!

Any suggestions or comments are appreciated. Anything at all!

推荐答案

只要子进程不直接操作控制台API，解决方案1就可以工作。

Solution 1 works as long as the child process doesn't manipulate the console API directly.

好吧，并非总是如此。如果进程要写入控制台，则进程的行为会有所不同。 ftp.exe，例如，如果它不能WriteConsole，则不会写任何东西（错误除外）。

Well, not always. Processes behave differently if they intend to write to console. ftp.exe, for example will just not write anything (except errors) if it can't WriteConsole.

这篇关于监视由子进程写入继承句柄的所有数据（过滤器驱动程序？Minifilter？）的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！