Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!sdd.hp.com!hplabs!hpda!hpcuhc!hpcupt3!defaria@hpcupt3.cup.hp.com From: defaria@hpcupt3.cup.hp.com (Andy DeFaria) Newsgroups: comp.lang.pascal Subject: Re: Logging activity on PC via TSR Message-ID: <45670010@hpcupt3.cup.hp.com> Date: 13 Apr 91 01:01:24 GMT References: <26540@adm.brl.mil> Organization: Hewlett Packard, Cupertino Lines: 32 >/ hpcupt3:comp.lang.pascal / JBERTELO%RKC.UFSIA.AC.BE@cunyvm.cuny.edu ( Johan Berteloot) / 6:55 am Apr 11, 1991 / >Hello, > >I have a very specific job to do and I don't know where to start. I have to >write a program that logs every activity into a file, i.e. I want a copy of the >command line every time a new command is given, together with the actual date >and time, and the date and time of the end of execution of the last command. >This program should be started from the CONFIG.SYS as INSTALL=LOGBOOK.EXE and >should write to a LOGBOOK.DAT file which is to be hidden. >I was thinking of writing this in Turbo Pascal 5.5. Any hints or directions are >very much appreciated. >P.S. The program should not slow down the computer significantly. >Thanks in advance, Well you have a couple of things to consider but first off: What exactly do you mean by every activity? You seem to indicate that you want every command recorded. Are these just DOS commands typed into COMMAND.COM? If so write a simple replacement for COMMAND.COM (not really trivial but not to hard. Remember to follow the PATH variable). But what if the user invokes and action *without* COMMAND.COM (i.e. Maybe he'll remove a file using Windows 3.0 and the FileManager). Well a replacement COMMAND.COM won't catch that nor will a TSR. And even without something as sophisticated as Windows 3.0 present, many programs allow things like file manipulation or execution of a DOS command from inside the program itself. You ain't gonna catch these either. And if the program allows a shell out to DOS it ain't gonna let you run your replacement for COMMAND.COM easily. I'm continually amazed by people who assume that there system is safe from people using DOS commands by putting up a stupid front end menu system when a simple "go to Lotus 1-2-3 and do /S" will get them back to DOS.