www.pudn.com > Ó²Å̵ļà¿Ø.rar > fspyUser.c
/*++
Copyright (c) 1989-1999 Microsoft Corporation
Module Name:
fspyUser.c
Abstract:
This file contains the implementation for the main function of the
user application piece of FileSpy. This function is responsible for
controlling the command mode available to the user to control the
kernel mode driver.
Author:
George Jenkins (GeorgeJe)
Environment:
User mode
Revision History:
Molly Brown (MollyBro) 21-Apr-1999
Broke out the logging code and added command mode functionality.
--*/
#include
#include
#include
#include
#include
#include
#include "filespy.h"
#include "fspyLog.h"
#include "fspyServ.h"
#define SUCCESS 0
#define USAGE_ERROR 1
#define EXIT_INTERPRETER 2
#define EXIT_PROGRAM 4
#define INTERPRETER_EXIT_COMMAND1 "go"
#define INTERPRETER_EXIT_COMMAND2 "g"
#define PROGRAM_EXIT_COMMAND "exit"
DWORD
InterpretCommand(
int argc,
char *argv[],
PLOG_CONTEXT Context
);
BOOL
ListDevices(
PLOG_CONTEXT Context
);
BOOL
ListHashStats(
PLOG_CONTEXT Context
);
VOID
DisplayError (
DWORD Code
);
int _cdecl main(int argc, char *argv[])
{
SC_HANDLE hSCManager = NULL;
SC_HANDLE hService = NULL;
SERVICE_STATUS_PROCESS serviceInfo;
DWORD bytesNeeded;
HANDLE hDevice = NULL;
BOOL bResult;
DWORD result;
ULONG threadId;
HANDLE thread = NULL;
LOG_CONTEXT context;
INT inputChar;
//
// Initialize handle in case of error
//
context.ShutDown = NULL;
//
// Start the kernel mode driver through the service manager
//
hSCManager = OpenSCManager (NULL, NULL, SC_MANAGER_ALL_ACCESS) ;
hService = OpenService( hSCManager,
FILESPY_SERVICE_NAME,
FILESPY_SERVICE_ACCESS);
if (!QueryServiceStatusEx( hService,
SC_STATUS_PROCESS_INFO,
(UCHAR *)&serviceInfo,
sizeof(serviceInfo),
&bytesNeeded)) {
result = GetLastError();
DisplayError( result );
goto Main_Exit;
}
if(serviceInfo.dwCurrentState != SERVICE_RUNNING) {
//
// Service hasn't been started yet, so try to start service
//
if (!StartService(hService, 0, NULL)) {
result = GetLastError();
printf("ERROR starting FileSpy...\n");
DisplayError( result );
goto Main_Exit;
}
}
printf("Hit [Enter] to begin command mode...\n");
//
// Open the device that is used to talk to FileSpy.
//
printf("FileSpy: Opening device...\n");
hDevice = CreateFile( FILESPY_W32_DEVICE_NAME,
GENERIC_READ | GENERIC_WRITE,
0,
NULL,
OPEN_EXISTING,
FILE_ATTRIBUTE_NORMAL,
NULL);
if (hDevice == INVALID_HANDLE_VALUE) {
result = GetLastError();
printf("ERROR opening device...\n");
DisplayError( result );
goto Main_Exit;
}
//
// Initialize the fields of the LOG_CONTEXT.
//
context.Device = hDevice;
context.ShutDown = CreateSemaphore(
NULL,
0,
1,
(LPCTSTR)"FileSpy shutdown");
context.CleaningUp = FALSE;
context.LogToScreen = context.NextLogToScreen = TRUE;
context.LogToFile = FALSE;
context.OutputFile = NULL;
//
// Check the valid parameters for startup
//
if (argc > 1) {
if (InterpretCommand(argc - 1, &(argv[1]), &context) == USAGE_ERROR) {
goto Main_Exit;
}
}
//
// Propogate the /s switch to the variable that the logging
// thread checks.
//
context.LogToScreen = context.NextLogToScreen;
//
// Check to see what devices we are attached to from
// previous runs of this program.
//
bResult = ListDevices(&context);
if (!bResult) {
result = GetLastError();
printf("ERROR listing devices...\n");
DisplayError( result );
}
//
// Create the thread to read the log records that are gathered
// by filespy.sys.
//
printf("FileSpy: Creating logging thread...\n");
thread = CreateThread(
NULL,
0,
RetrieveLogRecords,
(LPVOID)&context,
0,
&threadId);
if (!thread) {
result = GetLastError();
printf("ERROR creating logging thread...\n");
DisplayError( result );
goto Main_Exit;
}
while (inputChar = getchar()) {
CHAR commandLine[81];
INT parmCount, count, ch;
CHAR **parms;
BOOLEAN newParm;
DWORD returnValue = SUCCESS;
if (inputChar == '\n') {
//
// Start command interpreter. First we must turn off logging
// to screen if we are. Also, remember the state of logging
// to the screen, so that we can reinstate that when command
// interpreter is finished.
//
context.NextLogToScreen = context.LogToScreen;
context.LogToScreen = FALSE;
while (returnValue != EXIT_INTERPRETER) {
//
// Print prompt
//
printf(">");
//
// Read in next line, keeping track of the number of parameters
// as you go
//
parmCount = 1;
for (count = 0;
(count < 80) && ((ch = getchar())!= '\n');
count++) {
commandLine[count] = (CHAR)ch;
if (ch == ' ') {
parmCount ++;
}
}
commandLine[count] = '\0';
parms = (CHAR **)malloc(parmCount * sizeof(CHAR *));
parmCount = 0;
newParm = TRUE;
for (count = 0; commandLine[count] != '\0'; count++) {
if (newParm) {
parms[parmCount] = &(commandLine[count]);
parmCount ++;
}
if (commandLine[count] == ' ' ) {
newParm = TRUE;
} else {
newParm = FALSE;
}
}
//
// We've got our parameter count and parameter list, so
// send it off to be interpreted.
//
returnValue = InterpretCommand(parmCount, parms, &context);
free(parms);
if (returnValue == EXIT_PROGRAM) {
// Time to stop the program
goto Main_Cleanup;
}
}
// Set LogToScreen appropriately based on any commands seen
context.LogToScreen = context.NextLogToScreen;
if (context.LogToScreen) {
printf("Should be logging to screen...\n");
}
}
}
Main_Cleanup:
//
// Clean up the threads, then fall through to Main_Exit
//
printf("FileSpy: Cleaning up...\n");
//
// Set the Cleaning up flag to TRUE to notify other threads
// that we are cleaning up
//
context.CleaningUp = TRUE;
//
// Wait for everyone to shut down
//
WaitForSingleObject(context.ShutDown, INFINITE);
if (context.LogToFile) {
fclose(context.OutputFile);
}
Main_Exit:
//
// Clean up the data that is alway around and exit
//
if(context.ShutDown) {
CloseHandle(context.ShutDown);
}
if (thread) {
CloseHandle(thread);
}
if(hSCManager) {
CloseServiceHandle(hSCManager);
}
if(hService) {
CloseServiceHandle(hService);
}
if (hDevice) {
CloseHandle(hDevice);
}
printf("FileSpy: All done\n");
return 0;
}
DWORD
InterpretCommand(
int argc,
char *argv[],
PLOG_CONTEXT Context
)
{
int parmIndex;
CHAR *parm;
BOOL bResult;
DWORD result;
DWORD returnValue = SUCCESS;
CHAR buffer[BUFFER_SIZE];
DWORD bufferLength;
DWORD bytesReturned;
//
// Interprete the command line parameters
//
for (parmIndex = 0; parmIndex < argc; parmIndex++) {
parm = argv[parmIndex];
if (parm[0] == '/') {
//
// Have the beginning of a switch
//
switch (parm[1]) {
case 'a':
case 'A':
//
// Attach to the specified drive letter
//
parmIndex++;
if (parmIndex >= argc) {
//
// Not enough parameters
//
goto InterpretCommand_Usage;
}
parm = argv[parmIndex];
printf("\tAttaching to %s\n", parm);
bufferLength = MultiByteToWideChar(
CP_ACP,
MB_ERR_INVALID_CHARS,
parm,
-1,
(LPWSTR)buffer,
BUFFER_SIZE/sizeof(WCHAR));
bResult = DeviceIoControl(
Context->Device,
FILESPY_Attach,
buffer,
bufferLength * sizeof(WCHAR),
NULL,
0,
&bytesReturned,
NULL);
if (!bResult) {
result = GetLastError();
printf("ERROR attaching to device...\n");
DisplayError( result );
}
break;
case 'd':
case 'D':
//
// Detach to the specified drive letter
//
parmIndex++;
if (parmIndex >= argc) {
//
// Not enough parameters
//
goto InterpretCommand_Usage;
}
parm = argv[parmIndex];
printf("\tDetaching from %s\n", parm);
bufferLength = MultiByteToWideChar(
CP_ACP,
MB_ERR_INVALID_CHARS,
parm,
-1,
(LPWSTR)buffer,
BUFFER_SIZE/sizeof(WCHAR));
bResult = DeviceIoControl(
Context->Device,
FILESPY_Detach,
buffer,
bufferLength * sizeof(WCHAR),
NULL,
0,
&bytesReturned,
NULL);
if (!bResult) {
result = GetLastError();
printf("ERROR detaching to device...\n");
DisplayError( result );
}
break;
case 'h':
case 'H':
ListHashStats(Context);
break;
case 'l':
case 'L':
//
// List all devices that are currently being monitored
//
bResult = ListDevices(Context);
if (!bResult) {
result = GetLastError();
printf("ERROR listing devices...\n");
DisplayError( result );
}
break;
case 's':
case 'S':
//
// Output logging results to screen, save new value to
// instate when command interpreter is exited.
//
if (Context->NextLogToScreen) {
printf("\tTurning off logging to screen\n");
} else {
printf("\tTurning on logging to screen\n");
}
Context->NextLogToScreen = !Context->NextLogToScreen;
break;
case 'f':
case 'F':
//
// Output logging results to file
//
if (Context->LogToFile) {
printf("\tStop logging to file \n");
Context->LogToFile = FALSE;
_ASSERT(Context->OutputFile);
fclose(Context->OutputFile);
Context->OutputFile = NULL;
} else {
parmIndex++;
if (parmIndex >= argc) {
// Not enough parameters
goto InterpretCommand_Usage;
}
parm = argv[parmIndex];
printf("\tLog to file %s\n", parm);
Context->OutputFile = fopen(parm, "w");
_ASSERT(Context->OutputFile);
Context->LogToFile = TRUE;
}
break;
default:
//
// Invalid switch, goto usage
//
goto InterpretCommand_Usage;
}
} else {
//
// Look for "go" or "g" to see if we should exit interpreter
//
if (!_strnicmp(
parm,
INTERPRETER_EXIT_COMMAND1,
sizeof(INTERPRETER_EXIT_COMMAND1))) {
returnValue = EXIT_INTERPRETER;
goto InterpretCommand_Exit;
}
if (!_strnicmp(
parm,
INTERPRETER_EXIT_COMMAND2,
sizeof(INTERPRETER_EXIT_COMMAND2))) {
returnValue = EXIT_INTERPRETER;
goto InterpretCommand_Exit;
}
//
// Look for "exit" to see if we should exit program
//
if (!_strnicmp(
parm,
PROGRAM_EXIT_COMMAND,
sizeof(PROGRAM_EXIT_COMMAND))) {
returnValue = EXIT_PROGRAM;
goto InterpretCommand_Exit;
}
//
// Invalid parameter
//
goto InterpretCommand_Usage;
}
}
InterpretCommand_Exit:
return returnValue;
InterpretCommand_Usage:
printf("Valid switches: [/a ] [/d ] [/h] [/l] [/s] [/f []]\n"
"\t[/a ] attaches monitor to \n"
"\t[/d ] detaches monitor from \n"
"\t[/h] print filename hash statistics\n"
"\t[/l] lists all the drives the monitor is currently attached to\n"
"\t[/s] turns on and off showing logging output on the screen\n"
"\t[/f []] turns on and off logging to the specified file\n"
"If you are in command mode,\n"
"\t[go|g] will exit command mode\n"
"\t[exit] will terminate this program\n"
);
returnValue = USAGE_ERROR;
goto InterpretCommand_Exit;
}
BOOL
ListHashStats(
PLOG_CONTEXT Context
)
{
ULONG bytesReturned;
BOOL returnValue;
HASH_STATISTICS hashStats;
returnValue = DeviceIoControl(
Context->Device,
FILESPY_GetStats,
NULL,
0,
(CHAR *) &hashStats,
BUFFER_SIZE,
&bytesReturned,
NULL);
if (returnValue) {
printf("HASH STATISTICS\n");
printf("---------------------------------\n");
printf("%-22s %8d\n",
"Name lookups",
hashStats.Lookups);
printf("%-22s %8d\n",
"Name lookup hits",
hashStats.LookupHits);
if (hashStats.Lookups) {
printf(
"%-22s %8.2f%%\n",
"Hit ratio",
((FLOAT) hashStats.LookupHits / (FLOAT) hashStats.Lookups) * 100.);
}
printf("%-22s %8d\n",
"Delete lookups",
hashStats.DeleteLookups);
printf("%-22s %8d\n",
"Delete lookup hits",
hashStats.DeleteLookupHits);
if (hashStats.DeleteLookups) {
printf(
"%-22s %8.2f%%\n",
"Hit ratio",
((FLOAT) hashStats.DeleteLookupHits / (FLOAT) hashStats.DeleteLookups) * 100.);
}
}
return returnValue;
}
BOOL
ListDevices(
PLOG_CONTEXT Context
)
{
CHAR buffer[BUFFER_SIZE];
ULONG bytesReturned;
BOOL returnValue;
returnValue = DeviceIoControl(
Context->Device,
FILESPY_ListDevices,
NULL,
0,
buffer,
BUFFER_SIZE,
&bytesReturned,
NULL);
if (returnValue) {
PATTACHED_DEVICE device = (PATTACHED_DEVICE) buffer;
printf("DEVICE NAME | STATUS\n");
printf("------------------------------------------\n");
if (bytesReturned == 0) {
printf("No devices attached\n");
} else {
while ((BYTE *)device < buffer + bytesReturned) {
printf(
"%-30S| %s\n",
device->DeviceName,
(device->LogState)?"ATTACHED":"DETACHED");
device ++;
}
}
}
return returnValue;
}
VOID
DisplayError (
DWORD Code
)
/*++
Routine Description:
This routine will display an error message based off of the Win32 error
code that is passed in. This allows the user to see an understandable
error message instead of just the code.
Arguments:
Code - The error code to be translated.
Return Value:
None.
--*/
{
WCHAR buffer[80] ;
DWORD count ;
//
// Translate the Win32 error code into a useful message.
//
count = FormatMessage (FORMAT_MESSAGE_FROM_SYSTEM,
NULL,
Code,
0,
buffer,
sizeof (buffer),
NULL) ;
//
// Make sure that the message could be translated.
//
if (count == 0) {
printf("\nError could not be translated.\n Code: %d\n", Code) ;
return;
}
else {
//
// Display the translated error.
//
printf("%S\n", buffer) ;
return;
}
}