Notebook

 I was trying to get Network Adapter Information from the Windows platform. So I have used an old API GetAdaptersInfo API . I was not sure whether it will work for Windows 10 but I have written a small sample to run on my Windows 10 PC and to my surprise, it still works. Though Microsoft recommended using  GetAdaptersAddresses API over GetAdaptersInfo API. It's a very small piece of code but the order headers are very important. If we do not follow the proper order the program won't compile. <Code> #include <iostream> #include <winsock2.h> #include <iphlpapi.h> #include <cassert> #pragma comment(lib, "iphlpapi.lib") void PrintMACAddress()  { DWORD _macAddress = 0; IP_ADAPTER_INFO _adapterInfo[16]; DWORD dwBufLen = sizeof(_adapterInfo); DWORD dwStatus = GetAdaptersInfo(_adapterInfo, &dwBufLen); assert(dwStatus == ERROR_SUCCESS); PIP_ADAPTER_INFO _pAdapterInfo = _adapterInfo; char string[32]; do { sprintf_s(string, ...

In this post, I tried to enumerate files within recycle bin using a small Win32 program. As we know that recycle bin is a special folder on Windows File System. The location of this directory is not in the registry; it is marked with hidden and system attributes to prevent the user from moving or deleting it. The steps to list out the contents of Recycle bin are as below: 1. It's a special folder denoted by CSIDL_BITBUCKET, which we need to pass to the function SHGetFolderLocation() method. 2. Source code snippet, I've avoided checks as much as possible to make the code simple and clean: int _tmain(int argc, _TCHAR* argv[]) {     LPITEMIDLIST pidlWinRecycleFiles    = NULL;     LPITEMIDLIST pidlItems                = NULL;     IShellFolder *psfWinRecycleFiles    = NULL;     IShellFolder *psfDeskTop       ...

In this, I've tried to lock a physical disk using a small Windows C++ program. The steps to follow to achieve this are: 1. Get the Physical Drive and volume mapping. Say, the computer is attached with three physical drives, and we're interested to lock the Physical Drive 1 ("\\\\.\\PhysicalDrive1"). Then we need to figure out how many volumes are there on that physical disk. 2. Then Lock that volume one by one using control code FSCTL_LOCK_VOLUME . 3. Do the stuff we'd like to perform on the disk and then unlock each volume using control code  FSCTL_UNLOCK_VOLUME . 4. Close disk and volume handle(s). Few things to remember here. As per Microsoft documentation, a. The NTFS file system treats a locked volume as a dismounted volume. b. Lock volume call will fail with Access Code 5 (Access Denied) if the volume is in use. If we're not sure who's using the volume, just unmount it once. c. The FSCTL_DISMOUNT_VOLUME control code functions similarl...

In this article, I've tried to show how we can detect antivirus product installed on a Windows system. The code is written is specifically for Windows 7. The basic idea here is to use WMI from C++. Here are the steps: 1. To Setup WMI consumer, set up COM by calling CoInitializeEx . 2. Initialized COM process security by calling CoInitializeSecurity . 3. Obtained the initial locator to WMI by calling CoCreateInstance. 4. Obtained a pointer to IWbemServices for the root\cimv2 namespace on the local computer by calling IWbemLocator::ConnectServer . 5. Set IWbemServices proxy security so the WMI service can impersonate the client by calling CoSetProxyBlanket . 6.Used the IWbemServices pointer to make requests of WMI. This executes a WQL query for the antivirus product installed by calling IWbemServices::ExecQuery . The following WQL query is one of the method arguments. SELECT * FROM AntiVirusProduct The result of this query is stored in an IEnumWbemClassO...