article in Tech
windows
WMI, Event Log, WinLogon, SENS, UI Automation, MSAA
If you can't get a handle on your system events, then you aren't really aware of what is going on within a given machine. For many years I have neglected my system event logs, but I'm working on doing a better job of it now....
Windows is a strange beast when it comes to event and audit management...many sources of information and not many good tools to manage it.
Event Log
Getting the most out of Event Viewer - The Code Project - .NET
LogParser DataProvider for ADO.NET
Event Log Viewer Sample - Hooked on LINQ
Description of security events in Windows Vista and in Windows Server 2008
Windows Security Logging and Other Esoterica : Tracking User Logon Activity Using Logon Events
Windows Security Logging and Other Esoterica : The Trouble With Logoff Events
8 bits: Explore copied eventlog with PowerShell - Event Log Repair
Get-Winevent -Oldest -Path .\SysEvent1.Evt | Out-Gridview
ACLs and security
Reading from 'Security' requires the privilege SeSecurityPrivilege in C#.
Windows Security Logging and Other Esoterica : Default ACLs on Windows Event Logs
Using .NET: Making Privileges Reliable, Secure, and Efficient
WindowsController - C# and VB.NET - class to restart, shutdown, sleep, and hibernate the PC using C# or VB. It also includes wrappers to the native privilege methods.
DropMyRights utility in C# - utility to run apps under reduced privileges.
Windows Privileges Issues !! « VC Tips++
EventLog with .NET
The old .NET standby EventLog.GetEventLogs() does not work as it should on Win2008 and Vista.
When you use the EventLog, it will return results, but it will complain that it can't find description for the events. EventLog has been replaced by a whole new system called ETW.
Event Tracing: Improve Debugging And Performance Tuning With ETW
Thottam R. Sriram : Diagnostics: Using ETW tracing in .NET 3.5 (EventProviderTraceListener)
Programming and Peace of Mind : Using EventProviderTraceListener
Who Accessed My File? - All Your Base Are Belong To Us
There are a lot of event log products out there, here are some I've stumbled across.
EventSentry - Real-Time Event Log Monitoring Consolidation Suite
IPSentry Network Monitoring - Event Log Monitoring Add-In
Dorian Software BLOG
Syslog & Event Log Monitoring & Reporting Software :: EventLog Analyzer
WinLogon
WinLogon a way to hook into the logon events within windows. However, this interface has been deprecated in favor of the SENS notifications.
(Note: WinLogon doesn't exist in Vista)
Winlogon Notification Packages Removed: Impact on Windows Vista Planning and Deployment
Custom Login Experiences: Credential Providers in Windows Vista
Programmatic User Login (aka Win32 LogonUser)
WMI
Windows XP comes with "wmic" which is a windows command line app for working with WMI classes.
Windows XP also comes with Windows Management Instrumentation Tester - "wbemtest" which is a windows GUI app for working with WMI.
Download details: WMI Administrative Tools
Download details: WMI Code Creator v1.0
A Quick Introduction to WMI from .NET | O'Reilly Media
System Management: Gathering WMI Data without Writing a Single Line of Code -- TechNet Magazine, September 2006
System Management: Unlocking the Mystery of WMI Events in MOM -- TechNet Magazine, September 2006
SENS: System Event Notification Services and WMI Enable Flexible, Efficient Mobile Network Computing -- MSDN Magazine, August 2002
WMI and .NET: System.Management Lets You Take Advantage of WMI APIs within Managed Code -- MSDN Magazine, May 2002
WMI and .NET: System.Management Lets You Take Advantage of WMI APIs within Managed Code
Glen's Exchange Dev Blog: C# WMI Exchange samples
WMI and .NET: System.Management Lets You Take Advantage of WMI APIs within Managed Code -- MSDN Magazine, May 2002
How To: Receive Management Events Without Waiting (async using EventArrivedEventHandler delegate)
CodeProject: Asynchronous Registry Notification Using Strongly-typed WMI Classes in .NET.
Windows Management Instrumentation: Create WMI Providers to Notify Applications of System Events
Say Goodbye to Quirky APIs: Building a WMI Provider to Expose Your Object Info -- MSDN Magazine, May 2000
Writing coupled WMI providers using WMI.NET Provider Extension 2.0
CodeIdol - Thinking about Active Directory, 3rd Edition - Scripting With WMI - Querying The Event Logs
WMI WQL
WMI Select statement - with date in query.
WQL (SQL for WMI) (Windows)
Introduction to WQL: SQL for WMI - talks about data, event, and schema querys.
SELECT * FROM meta_class WHERE __this ISA "Win32_BaseService", is an example of a schema query...very cool, gives you back all the information about the given class.
Hey Scripting Guy! How Do I Calculate Server Uptime?
ManagementDateTimeConverter.ToDateTime Method (System.Management) - this is a nice little .net class to convert dates from wmi.
Tutorial: How To Fix WMI Corruption | Katy's Homepage - nice read, for some reason, I've seen a lot of evt log corruption.
SENS
SAMPLE: Using ISensNetwork (SensNetDemo.exe)
ISensLogon Interface (Windows)
Catching SENS Events in .NET @ SOA WORLD MAGAZINE
Accessing System Power and Network Status Using SENS
CodeProject: Create a system tray icon and a dialog in the windows service. - implements ISensLogon2 interface...
Enumerating Logon Sessions - The Code Project - System
A PC Audit Application in C# - The Code Project - System Programming
WMI Scripting Primer: Part 1
How's My Driving? Monitoring Performance Using WMI
WMI Helps Those Who Help Themselves
Different Ways to Lock Windows XP
Handle the Windows Lock Desktop event/message? - .NET C#
Using the Local Security Authority to Enumerate User Sessions in .NET - The Code Project - System Programming
Using the Local Security Authority to Enumerate Logon Sessions in .NET | Insight4 Blogs
Enumerating Logon Sessions - The Code Project - System
SystemEvents.SessionEnding Event (Microsoft.Win32) - this event happens when user logs off or shutsdown, cancelable.
UI Automation
Test Run: The Microsoft UI Automation Library
UI Accessibility Checker - Home
WPF Application Quality Guide - WindowsClient.net - this actually provides quite a bit of information in terms of accessibility.
Test Run: The Microsoft UI Automation Library
Test Run: The Microsoft UI Automation Library
Windows Event Tracking with Microsoft Active Accessibility
How to Build Accessible Windows Forms Applications with .NET
WPF Accessibility - Soledad Pano's Blog
Using accessibility to monitoring windows as they come and go - The Old New Thing - Site Home - MSDN Blogs - SetWinEventHook
Microsoft Active Accessibility (MSAA)
CodeProject: Introduction to Microsoft Active Accessibility.
The Old New Thing : How to retrieve text under the cursor (mouse pointer)
Sara Ford's WebLog - active in accessibility.
Windows Event Tracking with Microsoft Active Accessibility
Accessible Event Watcher (AccEvent) is in the Windows SDK.
AccProbe: Accessibility Probe - The Accessibility Probe (AccProbe) is
a standalone, Eclipse Rich-Client Product (RCP) application that provides a view of the Microsoft Active Accessibility (MSAA) or IAccessible2 hierarchy of a currently running application or rendered
document and of the properties of the accessible objects of that
application or document. It can also serve as an event monitor for
tracking the events fired by these accessible objects. It is meant to
combine the functionality of tools like Microsoft's Inspect32, AccExplore,
and AccEvent into one easy-to-use application for accessibility testing
and debugging. AccProbe is an Eclipse RCP application.
aViewer 2013 | The Paciello Group BlogThe Paciello Group Blog - aViewer accessibility API information inspection tool. Exposes MSAA, iAccessible2, ARIA, HTML DOM and UI Automation properties.
Accessibility tools and info
Accessibility Overview for OS X: Testing for Accessibility on OS X - Xcode > Open Developer Tool > Accessibility Inspector
Accessibility Technical Documentation - The Chromium Projects - did you know assistive tech is off by default, unless you've got a screen reader... or use chrome://accessibility/.
Network Awareness on Windows Vista
Firewall/Packet filtering
CodeProject: Packet Filtering in .NET. - .NET class library for using pf* api.
CodeProject: Developing Firewalls for Windows 2000/XP. - Kernel Mode Filter-Hook driver in C++ with GUI.
Visual Studio : Windows Vista Security Series: Programming the Windows Vista Firewall - FirewallSample.exe shows how to programmatically add and remove firewall rules.
Windows Filtering Platform (Windows) - in it, it states "The firewall hook and the filter hook drivers are not available in Windows Server 2008 and Windows Vista; applications that were using these drivers should use WFP instead."
Visual Studio : Windows Filtering Platform Sample - WFP sample a context allows information to be passed from a user mode component, which installs and configures a packet filter, to a kernel mode component that performs the actual filtering. The context information is simple in this case; it specifies a word replacement to be performed on the TCP stream.
Fast user switching
How to write an application that supports fast user switching in Windows XP
Capture session locking/unlocking | Csharp - Development - uses WTSRegisterSessionNotification from .NET.
Process / System monitoring in .NET
Yet Another Process Monitor (YAPM) - application that allows to view and manage your running tasks, processes, threads, modules...etc. and your services on a local or on a remote machine. YAPM offers lots of features to manipulate them, such as privilege management, memory management, a complete history of statistics, a dependency viewer... etc. (Written in vb.net)
GINA and Custom Login Credential Providers
Security Briefs: Customizing GINA, Part 1 -- MSDN Magazine, May 2005
Custom Login Experiences: Credential Providers in Windows Vista - includes why GINA-based authentication was dropped
How to Build Custom Logon UI’s in Windows Vista - Security Tools - Site Home - MSDN Blogs
Sample credential providers are provided as part of the Windows SDK for Windows 7. See the projects and documentation under .\Samples\security\credentialproviders\ of the installed Windows SDK. (Thanks Alan Adams!)
Windows SDK: Download the Windows SDK for Windows 7 and More | MSDN
EIF
Download: Microsoft Enterprise Instrumentation Framework - Microsoft Download Center - Download Details
Exception handling
HANDLING CORRUPTED STATE EXCEPTIONS
All about Corrupted State Exceptions in .NET4
Created: 2007-10-20 12:22:38
Modified: 2013-09-03 12:01:48