📄 regmon.c
字号:
CheckDlgButton( hDlg, IDC_ERROR, FilterDefinition.logerror );
CheckDlgButton( hDlg, IDC_LOGREADS, FilterDefinition.logreads );
CheckDlgButton( hDlg, IDC_LOGWRITES, FilterDefinition.logwrites );
sprintf( history, "%d", MaxLines );
SetDlgItemText( hDlg, IDC_HISTORY, history );
return TRUE;
case WM_COMMAND:
if ( LOWORD( wParam ) == IDOK ) {
// make sure that max lines is legal
GetDlgItemTextA( hDlg, IDC_HISTORY, history, 64 );
if( !sscanf( history, "%d", &newMaxLines )) {
MessageBox( NULL, _T("Invalid History Depth."),
_T("Filter Error"), MB_OK|MB_ICONWARNING );
return TRUE;
}
MaxLines = newMaxLines;
// read the values that were set
GetDlgItemText( hDlg, IDC_PROCFILTER, FilterDefinition.processfilter, MAXFILTERLEN );
GetDlgItemText( hDlg, IDC_PROCEXCLUDE, FilterDefinition.processexclude, MAXFILTERLEN );
GetDlgItemText( hDlg, IDC_PATHFILTER, FilterDefinition.pathfilter, MAXFILTERLEN );
GetDlgItemText( hDlg, IDC_EXCLUDEFILTER, FilterDefinition.excludefilter, MAXFILTERLEN );
FilterDefinition.logsuccess = IsDlgButtonChecked( hDlg, IDC_SUCCESS );
FilterDefinition.logerror = IsDlgButtonChecked( hDlg, IDC_ERROR );
FilterDefinition.logreads = IsDlgButtonChecked( hDlg, IDC_LOGREADS );
FilterDefinition.logwrites = IsDlgButtonChecked( hDlg, IDC_LOGWRITES );
// make an upcase version for the driver
upcaseFilter = FilterDefinition;
_strupr(upcaseFilter.processfilter);
_strupr(upcaseFilter.processexclude);
_strupr(upcaseFilter.pathfilter);
_strupr(upcaseFilter.excludefilter);
// tell the driver the new filter
if ( ! DeviceIoControl( SysHandle, REGMON_setfilter,
&upcaseFilter, sizeof(FILTER), NULL,
0, &nb, NULL ) )
{
Abort( hDlg, _T("Couldn't access device driver") );
return TRUE;
}
EndDialog( hDlg, TRUE );
return TRUE;
} else if( LOWORD( wParam ) == IDCANCEL ) {
EndDialog( hDlg, TRUE );
} else if( LOWORD( wParam ) == IDRESET ) {
// reset filter to default of none
sprintf( FilterDefinition.processfilter, "*" );
sprintf( FilterDefinition.processexclude, "" );
sprintf( FilterDefinition.pathfilter, "*" );
sprintf( FilterDefinition.excludefilter, "");
FilterDefinition.logsuccess = TRUE;
FilterDefinition.logerror = TRUE;
FilterDefinition.logreads = TRUE;
FilterDefinition.logwrites = TRUE;
MaxLines = 0;
// initialize the controls to reflect the current filter
SetDlgItemText( hDlg, IDC_PROCFILTER, FilterDefinition.processfilter );
SetDlgItemText( hDlg, IDC_PROCEXCLUDE, FilterDefinition.processexclude );
SetDlgItemText( hDlg, IDC_PATHFILTER, FilterDefinition.pathfilter );
SetDlgItemText( hDlg, IDC_EXCLUDEFILTER, FilterDefinition.excludefilter );
CheckDlgButton( hDlg, IDC_SUCCESS, FilterDefinition.logsuccess );
CheckDlgButton( hDlg, IDC_ERROR, FilterDefinition.logerror );
CheckDlgButton( hDlg, IDC_LOGREADS, FilterDefinition.logreads );
CheckDlgButton( hDlg, IDC_LOGWRITES, FilterDefinition.logwrites );
SetDlgItemText( hDlg, IDC_HISTORY, "0" );
}
break;
case WM_CLOSE:
EndDialog( hDlg, TRUE );
return TRUE;
}
return FALSE;
}
/****************************************************************************
*
* FUNCTION: About
*
* PURPOSE: Processes messages for "About" dialog box
*
****************************************************************************/
BOOL APIENTRY About( HWND hDlg, UINT message, UINT wParam, LONG lParam )
{
switch ( message ) {
case WM_INITDIALOG:
return TRUE;
case WM_COMMAND:
if ( LOWORD( wParam ) == IDOK ) {
EndDialog( hDlg, TRUE );
return TRUE;
}
break;
case WM_CLOSE:
EndDialog( hDlg, TRUE );
return TRUE;
}
return FALSE;
}
/******************************************************************************
*
* FUNCTION: GetDLLVersion
*
* PURPOSE: Gets the version number of the specified DLL.
*
******************************************************************************/
HRESULT GetDLLVersion( PCHAR DllName, LPDWORD pdwMajor, LPDWORD pdwMinor)
{
HINSTANCE hDll;
HRESULT hr = S_OK;
DLLVERSIONINFO_ dvi;
*pdwMajor = 0;
*pdwMinor = 0;
//Load the DLL.
hDll = LoadLibrary(DllName);
if( hDll ) {
pDllGetVersionProc = (PVOID)GetProcAddress(hDll, _T("DllGetVersion"));
if(pDllGetVersionProc) {
ZeroMemory(&dvi, sizeof(dvi));
dvi.cbSize = sizeof(dvi);
hr = (*pDllGetVersionProc)(&dvi);
if(SUCCEEDED(hr)) {
*pdwMajor = dvi.dwMajorVersion;
*pdwMinor = dvi.dwMinorVersion;
}
} else {
// If GetProcAddress failed, the DLL is a version previous to the one
// shipped with IE 3.x.
*pdwMajor = 4;
*pdwMinor = 0;
}
FreeLibrary(hDll);
return hr;
}
return E_FAIL;
}
/****************************************************************************
*
* FUNCTION: MainWndProc(HWND, unsigned, WORD, LONG)
*
* PURPOSE: Processes messages for the statistics window.
*
****************************************************************************/
LONG APIENTRY MainWndProc( HWND hWnd, UINT message, UINT wParam, LONG lParam)
{
DWORD nb, versionNumber;
DWORD length, type, tag, driverStart;
TCHAR Path[ MAX_PATH ];
HKEY hDriverKey;
static TCHAR group[] = "System Bus Extender";
static TCHAR driverPath[ MAX_PATH ];
TCHAR systemRoot[ MAX_PATH ];
static TCHAR logFile[ MAX_PATH ];
static HWND hWndToolbar;
LPTOOLTIPTEXT lpToolTipText;
static TCHAR szBuf[128];
LPFINDREPLACE findMessageInfo;
DWORD majorver, minorver;
TCHAR *File;
WIN32_FIND_DATA findData;
HANDLE findHandle;
DWORD startTime;
POINT hitPoint;
RECT listRect;
HDC hDC;
PAINTSTRUCT Paint;
MENUITEMINFO bootMenuItem;
switch ( message ) {
case WM_CREATE:
// get hourglass icon ready
hHourGlass = LoadCursor( NULL, IDC_WAIT );
// post hourglass icon
SetCapture(hWnd);
hSaveCursor = SetCursor(hHourGlass);
// Create the toolbar control - use modern style if available.
GetDLLVersion( "comctl32.dll", &majorver, &minorver );
if( majorver > 4 || (majorver == 4 && minorver >= 70) ) {
hWndToolbar = CreateToolbarEx(
hWnd, TOOLBAR_FLAT | WS_CHILD | WS_BORDER | WS_VISIBLE | TBSTYLE_TOOLTIPS,
ID_TOOLBAR, 9, hInst, IDB_TOOLBAR, (LPCTBBUTTON)&tbButtons,
NUMBUTTONS, 16,16,16,15, sizeof(TBBUTTON));
} else {
hWndToolbar = CreateToolbarEx(
hWnd, WS_CHILD | WS_BORDER | WS_VISIBLE | TBSTYLE_TOOLTIPS,
ID_TOOLBAR, 9, hInst, IDB_TOOLBAR, (LPCTBBUTTON)&tbButtonsOld,
NUMBUTTONSOLD, 16,16,16,15, sizeof(TBBUTTON));
}
if (hWndToolbar == NULL )
MessageBox (NULL, _T("Toolbar not created!"), NULL, MB_OK );
// Create the ListBox within the main window
hWndList = CreateList( hWnd );
if ( hWndList == NULL )
MessageBox( NULL, _T("List not created!"), NULL, MB_OK );
// open the handle to the device
if( IsNT ) {
// Add the log boot menu item
bootMenuItem.cbSize = sizeof( bootMenuItem );
bootMenuItem.fMask = MIIM_TYPE;
bootMenuItem.fType = MFT_SEPARATOR;
InsertMenuItem( GetSubMenu( GetMenu(hWnd), 1 ),
GetMenuItemCount( GetSubMenu( GetMenu(hWnd), 1 )),
TRUE, &bootMenuItem );
bootMenuItem.fMask = MIIM_TYPE|MIIM_ID;
bootMenuItem.fType = MFT_STRING;
bootMenuItem.wID = IDM_BOOTLOG;
bootMenuItem.dwTypeData = (PCHAR) "Log &Boot";
InsertMenuItem( GetSubMenu( GetMenu(hWnd), 1 ),
GetMenuItemCount( GetSubMenu( GetMenu(hWnd), 1 )),
TRUE, &bootMenuItem );
GetCurrentDirectory( sizeof Path, Path );
sprintf( Path+lstrlen(Path), _T("\\%s"), SYS_FILE );
findHandle = FindFirstFile( Path, &findData );
if( findHandle == INVALID_HANDLE_VALUE ) {
if( !SearchPath( NULL, SYS_FILE, NULL, sizeof(Path), Path, &File ) ) {
sprintf( msgbuf, _T("%s was not found."), SYS_FILE );
return Abort( hWnd, msgbuf );
}
} else FindClose( findHandle );
// read driver start type to see if boot-logging is enabled
driverStart = SERVICE_DEMAND_START;
if( RegOpenKey( HKEY_LOCAL_MACHINE, DriverRegistryKey, &hDriverKey ) ==
ERROR_SUCCESS ) {
length = sizeof( driverStart );
RegQueryValueEx( hDriverKey, "Start", NULL, &type,
(PBYTE) &driverStart, &length);
RegCloseKey( hDriverKey );
}
BootLog = (driverStart != SERVICE_DEMAND_START);
// check boot logging menu item if boot start
CheckMenuItem( GetMenu(hWnd), IDM_BOOTLOG,
MF_BYCOMMAND|(BootLog?MF_CHECKED:MF_UNCHECKED) );
// copy the driver to <winnt>\system32\drivers so that we can do
// boot-time monitoring with the flip of a bit
// get the system root
if( !GetEnvironmentVariable( "SYSTEMROOT", systemRoot, sizeof(systemRoot))) {
strcpy( msgbuf, _T("Could not resolve SYSTEMROOT environment variable") );
return Abort( hWnd, msgbuf );
}
sprintf( logFile, _T("%s\\REGMON.LOG"), systemRoot );
sprintf( driverPath, _T("%s\\system32\\drivers\\%s"),
systemRoot, SYS_FILE );
if( !CopyFile( Path, driverPath, FALSE )) {
sprintf( msgbuf, _T("Unable to copy %s to %s\n\n")
_T("Make sure that regsys.sys is in the current directory."),
SYS_NAME, driverPath );
return Abort( hWnd, msgbuf );
}
if ( ! LoadDeviceDriver( SYS_NAME, driverPath, &SysHandle ) ) {
sprintf( msgbuf, _T("Opening %s (%s): error %d"), SYS_NAME, Path,
GetLastError( ) );
return Abort( hWnd, msgbuf );
}
// Correct driver version?
if ( ! DeviceIoControl( SysHandle, REGMON_version,
NULL, 0, &versionNumber, sizeof(DWORD), &nb, NULL ) ||
versionNumber != REGMONVERSION )
{
MessageBox( hWnd, _T("Regmon located a driver with the wrong version.\n")
_T("\nIf you just installed a new version you must reboot before you are")
_T("able to use it."), _T("Regmon"), MB_ICONERROR);
return -1;
}
} else {
// Win9x
SysHandle = CreateFile( VXD_FILE, 0, 0, NULL,
0, FILE_FLAG_OVERLAPPED|
FILE_FLAG_DELETE_ON_CLOSE,
NULL );
if ( SysHandle == INVALID_HANDLE_VALUE ) {
wsprintf( msgbuf, "%s is not loaded properly.", VXD_NAME );
Abort( hWnd, msgbuf );
return FALSE;
}
}
// Have driver zero information
if ( ! DeviceIoControl( SysHandle, REGMON_zerostats,
NULL, 0, NULL, 0, &nb, NULL ) )
{
return Abort( hWnd, _T("Couldn't access device driver") );
}
// Give the user to change initial filter
if( strcmp(FilterDefinition.processfilter, "*") ||
strcmp(FilterDefinition.processexclude, "") ||
strcmp(FilterDefinition.pathfilter, "*") ||
strcmp(FilterDefinition.excludefilter, "") ||
!FilterDefinition.logsuccess ||
!FilterDefinition.logerror ||
!FilterDefinition.logreads ||
!FilterDefinition.logwrites ) {
DialogBox( hInst, _T("InitFilter"), hWnd, (DLGPROC) FilterProc );
} else {
// tell the driver the initial filter
if ( ! DeviceIoControl( SysHandle, REGMON_setfilter,
&FilterDefinition, sizeof(FILTER), NULL,
0, &nb, NULL ) )
{
return Abort( hWnd, _T("Couldn't access device driver") );
}
}
// Start up timer to periodically update screen
SetTimer( hWnd, 1, 500/*ms*/, NULL );
// Have driver turn on hooks
if ( ! DeviceIoControl( SysHandle, REGMON_hook,
NULL, 0, NULL, 0, &nb, NULL ) )
{
return Abort( hWnd, _T("Couldn't access device driver") );
}
// Initialization done
SetCursor( hSaveCursor );
ReleaseCapture();
return FALSE;
case WM_NOTIFY:
// Make sure its intended for us
if ( wParam == ID_LIST ) {
NM_LISTVIEW * pNm = (NM_LISTVIEW *)lParam;
switch ( pNm->hdr.code ) {
case LVN_BEGINLABELEDIT:
// Don't allow editing of information
return TRUE;
case NM_DBLCLK:
case NM_RETURN:
// open the specified key in Regedit, if we can
RegeditJump( hWnd );
return TRUE;
}
} else {
switch (((LPNMHDR) lParam)->code)
{
case TTN_NEEDTEXT:
// Display the ToolTip text.
lpToolTipText = (LPTOOLTIPTEXT)lParam;
LoadString (hInst, lpToolTipText->hdr.idFrom, szBuf, sizeof(szBuf));
lpToolTipText->lpszText = szBuf;
break;
default:
return FALSE;
}
}
return FALSE;
case WM_COMMAND:
switch ( LOWORD( wParam ) ) {
// stats related commands to send to driver
case IDM_CLEAR:
// Have driver zero information
if ( ! DeviceIoControl( SysHandle, REGMON_zerostats,
NULL, 0, NULL, 0, &nb, NULL ) )
{
Abort( hWnd, _T("Couldn't access device driver") );
return TRUE;
}
// Update statistics windows
UpdateStatistics( hWnd, hWndList, TRUE );
return FALSE;
case IDM_HELP:
WinHelp(hWnd, _T("regmon.hlp"), HELP_CONTENTS, 0L);
return 0;
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -