📄 dirmon.c
字号:
}
pPathLinkItem = pNextPathLinkItem;
pPathLinkItem2 = pNextPathLinkItem2;
}
pPrevFileItem = pFirstFileItem;
pFirstFileItem = pSecondFileItem->pNext;
FreeFileItemForActionRenamed(pPrevFileItem);
}
}
WriteDataToBuffer_Return:
if ( pPrevDirChangeItem )
{
pPrevDirChangeItem->wNextEntryOffset = 0;
*pdwWrittenBytes = dwBufLen - dwSpareBytes;
}
else
*pdwWrittenBytes = 0;
return pFirstFileItem;
}
#pragma optimize("", off)
int _cdecl DirMonHookProc(pIFSFunc pfn, int fn, int Drive, int ResType,
int CodePage, pioreq pir)
{
int nRetCode;
ioreq objOriginalRequest = *pir;
nRetCode = (*g_pPrevIFSHookProc)(pfn, fn, Drive, ResType, CodePage, pir);
if ( nRetCode == ERROR_SUCCESS )
{
PFILEITEM pFileItem;
DWORD dwUpdateDosMillisecond, dwUpdateDosTime = IFSMgr_Get_DOSTime(&dwUpdateDosMillisecond);
switch ( fn )
{
case IFSFN_OPEN:
if ( ((objOriginalRequest.ir_options & (ACTION_CREATENEW | ACTION_REPLACEEXISTING))
|| (objOriginalRequest.ir_flags & (ACCESS_WRITEONLY | ACCESS_READWRITE)))
&& (pFileItem = AllocateFileItem()) )
{
pFileItem->nFileNumber = pir->ir_sfn;
ParsedPath2PathName(pir->ir_ppath, Drive, CodePage, pFileItem->sFilePathName);
if ( IsMonitoredEx(pFileItem) )
{
if ( objOriginalRequest.ir_options & (ACTION_CREATENEW | ACTION_REPLACEEXISTING) )
pFileItem->dwUpdateDosTime = dwUpdateDosTime;
dprintf("Insert file item into hash table (Open): %s\n", pFileItem->sFilePathName);
}
else
{
dprintf("Insert (not monitored) file item into hash table (Open): %s\n", pFileItem->sFilePathName);
}
InsertFileItemIntoHashTable(pFileItem);
}
break;
case IFSFN_CLOSE:
if ( objOriginalRequest.ir_flags == CLOSE_FINAL && (pFileItem = RemoveFileItemFromHashTable(objOriginalRequest.ir_sfn)) )
{
if ( pFileItem->pBasePaths && pFileItem->dwUpdateDosTime )
{
pFileItem->wAction = DIRMON_ACTION_MODIFIED;
AppendUpdatedFileItem(pFileItem);
dprintf("Append updated file item: %s\n", pFileItem->sFilePathName);
}
else
{
dprintf("Remove file item from hash table: %s\n", pFileItem->sFilePathName);
FreeFileItem(pFileItem);
}
}
break;
case IFSFN_WRITE:
if ( (pFileItem = GetFileItemFromHashTable(pir->ir_sfn)) )
{
if ( pFileItem->pBasePaths )
pFileItem->dwUpdateDosTime = dwUpdateDosTime;
}
else if ( (pFileItem = AllocateFileItem()) )
{
if ( SFN2PathName(pir->ir_sfn, Drive, ResType, CodePage, pir, pFileItem->sFilePathName) && IsMonitoredEx(pFileItem) )
{
pFileItem->dwUpdateDosTime = dwUpdateDosTime;
pFileItem->nFileNumber = pir->ir_sfn;
InsertFileItemIntoHashTable(pFileItem);
dprintf("Insert file item into hash table (Write): %s\n", pFileItem->sFilePathName);
}
else
FreeFileItem(pFileItem);
}
else
{
dprintf("Unattended file write...\n");
}
break;
case IFSFN_FILETIMES:
if ( pir->ir_flags == SET_MODIFY_DATETIME )
{
if ( (pFileItem = GetFileItemFromHashTable(pir->ir_sfn)) )
{
if ( pFileItem->pBasePaths )
pFileItem->dwUpdateDosTime = dwUpdateDosTime;
}
else if ( (pFileItem = AllocateFileItem()) )
{
if ( SFN2PathName(pir->ir_sfn, Drive, ResType, CodePage, pir, pFileItem->sFilePathName) && IsMonitoredEx(pFileItem) )
{
pFileItem->dwUpdateDosTime = dwUpdateDosTime;
pFileItem->nFileNumber = pir->ir_sfn;
InsertFileItemIntoHashTable(pFileItem);
dprintf("Insert file item into hash table (Times): %s\n", pFileItem->sFilePathName);
}
else
FreeFileItem(pFileItem);
}
else
{
dprintf("Unattended file SET_MODIFY_DATETIME...\n");
}
}
break;
case IFSFN_FILEATTRIB:
if ( (objOriginalRequest.ir_flags == SET_ATTRIBUTES || objOriginalRequest.ir_flags == SET_ATTRIB_MODIFY_DATETIME) && (pFileItem = AllocateFileItem()) )
{
ParsedPath2PathName(pir->ir_ppath, Drive, CodePage, pFileItem->sFilePathName);
if ( IsMonitoredEx(pFileItem) )
{
pFileItem->wAction = DIRMON_ACTION_MODIFIED;
pFileItem->dwUpdateDosTime = dwUpdateDosTime;
AppendUpdatedFileItem(pFileItem);
dprintf("Append updated file item: %s\n", pFileItem->sFilePathName);
}
else
FreeFileItem(pFileItem);
}
break;
case IFSFN_DELETE:
if ( g_fLogDelete )
{
if ( (pFileItem = RemoveFileItemFromHashTable(pir->ir_sfn)) )
{
if ( pFileItem->pBasePaths )
{
pFileItem->wAction = DIRMON_ACTION_REMOVED;
pFileItem->dwUpdateDosTime = dwUpdateDosTime;
AppendUpdatedFileItem(pFileItem);
dprintf("Append updated file item: %s\n", pFileItem->sFilePathName);
}
else
{
FreeFileItem(pFileItem);
dprintf("Unattended file delete...\n");
}
}
else if ( (pFileItem = AllocateFileItem()) )
{
ParsedPath2PathName(pir->ir_ppath, Drive, CodePage, pFileItem->sFilePathName);
if ( IsMonitoredEx(pFileItem) )
{
pFileItem->wAction = DIRMON_ACTION_REMOVED;
pFileItem->dwUpdateDosTime = dwUpdateDosTime;
AppendUpdatedFileItem(pFileItem);
dprintf("Append updated file item: %s\n", pFileItem->sFilePathName);
}
else
{
FreeFileItem(pFileItem);
dprintf("Unattended file delete...\n");
}
}
else
{
dprintf("Unattended file delete...\n");
}
}
else
{
if ( (pFileItem = RemoveFileItemFromHashTable(pir->ir_sfn)) )
FreeFileItem(pFileItem);
}
break;
case IFSFN_RENAME:
if ( (pFileItem = AllocateFileItemForActionRenamed()) )
{
PFILEITEM pFileItem2 = pFileItem->pNext;
ParsedPath2PathName(pir->ir_ppath, Drive, CodePage, pFileItem->sFilePathName);
ParsedPath2PathName(pir->ir_ppath2, Drive, CodePage, pFileItem2->sFilePathName);
if ( IsMonitoredExForActionRenamed(pFileItem) )
{
pFileItem->wAction = DIRMON_ACTION_RENAMED_OLD_NAME;
pFileItem->dwUpdateDosTime = pFileItem2->dwUpdateDosTime = dwUpdateDosTime;
AppendUpdatedFileItemForActionRenamed(pFileItem);
dprintf("Append updated file item(Rename): %s -> %s\n", pFileItem->sFilePathName, pFileItem2->sFilePathName);
}
else
{
dprintf("Ignore rename: %s -> %s\n", pFileItem->sFilePathName, pFileItem2->sFilePathName);
FreeFileItemForActionRenamed(pFileItem);
}
}
else
{
dprintf("Failed in allocating file items for action renamed!\n");
}
break;
case IFSFN_IOCTL16DRIVE:
break;
case IFSFN_DIR:
if ( (pir->ir_flags == CREATE_DIR || pir->ir_flags == DELETE_DIR) && (pFileItem = AllocateFileItem()) )
{
ParsedPath2PathName(pir->ir_ppath, Drive, CodePage, pFileItem->sFilePathName);
if ( IsMonitoredEx(pFileItem) )
{
pFileItem->wAction = pir->ir_flags == DELETE_DIR ? DIRMON_ACTION_REMOVED : DIRMON_ACTION_ADDED;
pFileItem->dwUpdateDosTime = dwUpdateDosTime;
AppendUpdatedFileItem(pFileItem);
dprintf("Append updated file item: %s\n", pFileItem->sFilePathName);
}
else
FreeFileItem(pFileItem);
}
break;
/*
// case IFSFN_FINDOPEN:
// case IFSFN_FINDNEXT:
// case IFSFN_FINDCLOSE:
case IFSFN_READ:
case IFSFN_FCNNEXT:
case IFSFN_SEEK:
case IFSFN_QUERY:
case IFSFN_GETDISKINFO:
// case IFSFN_ENUMHANDLE:
break;
default:
dprintf("Unattended request: %d\n", fn);
break;
*/
}
}
return nRetCode;
}
#pragma optimize("", on)
BOOL OnSysDynamicDeviceInit()
{
DEBUG_FUNCTION_NAME("OnSysDynamicDeviceInit");
// Clear overlapped structure pointer
InitOverlapped();
// Initialize lists and hash table
InitUpdatedFileItemsList();
InitDirectoryItemsList();
InitFileItemsHashTable();
InitFreeFileItemsList();
InitFreePathLinkItemsList();
// Set Log Delete
g_fLogDelete = FALSE;
// Hook IFS functions
g_pPrevIFSHookProc = IFSMgr_InstallFileSystemApiHook(DirMonHookProc);
return TRUE;
}
BOOL OnSysDynamicDeviceExit()
{
DEBUG_FUNCTION_NAME("OnSysDynamicDeviceExit");
// Unhook IFS functions.
IFSMgr_RemoveFileSystemApiHook(DirMonHookProc);
// Destroy lists and hash table
dprintf("DestroyFreePathLinkItemsList...\n");
DestroyFreePathLinkItemsList();
dprintf("DestroyFreeFileItemList...\n");
DestroyFreeFileItemsList();
dprintf("DestroyFileItemHashTable...\n");
DestroyFileItemsHashTable();
dprintf("DestroyDirectoryItemList...\n");
DestroyDirectoryItemsList();
dprintf("DestroyUpdatedFileItemsList...\n");
DestroyUpdatedFileItemsList();
dprintf("return TRUE...\n");
// Free overlapped structure pointer
DestroyOverlapped();
return TRUE;
}
DWORD OnW32Deviceiocontrol(PIOCTLPARAMS p)
{
PDIRECTORYITEM pDirectorItem;
DEBUG_FUNCTION_NAME("OnW32Deviceiocontrol");
switch ( p->dioc_IOCtlCode )
{
case DIOC_OPEN:
dprintf(" DIOC_OPEN\n");
return 0;
case DIOC_CLOSEHANDLE:
dprintf(" DIOC_CLOSEHANDLE\n");
return 0;
case DIRMON_AddMonitorPath:
dprintf(" DIRMON_AddMonitorPath\n");
if ( !p->dioc_InBuf || !p->dioc_cbInBuf || !p->dioc_OutBuf || p->dioc_cbOutBuf < sizeof(PDIRECTORYITEM) )
return 1;
*(PDIRECTORYITEM*)p->dioc_OutBuf = AllocateAndAppendDirectoryItem(p->dioc_InBuf);
if ( p->dioc_bytesret )
*p->dioc_bytesret = sizeof(PDIRECTORYITEM);
dprintf(" Succeeded: 0x%08X\n", g_pDirectoryItems);
return 0;
case DIRMON_RemoveMonitorPath:
dprintf(" DIRMON_RemoveMonitorPath\n");
if ( !p->dioc_InBuf || p->dioc_cbInBuf < sizeof(PDIRECTORYITEM) )
return 1;
dprintf(" Remove: 0x%08X\n", *(PDIRECTORYITEM*)p->dioc_InBuf);
FreeDirectoryItem(*(PDIRECTORYITEM*)p->dioc_InBuf);
return 0;
case DIRMON_ReadChange:
dprintf(" DIRMON_ReadChange\n");
if ( p->dioc_OutBuf && p->dioc_cbOutBuf )
{
if ( !p->dioc_ovrlp )
{
PFILEITEM pFirstFileItem, pLastFileItem;
dprintf("1. g_pUpdatedFileItems = 0x%08X\n", g_pUpdatedFileItems);
if ( !g_pUpdatedFileItems )
BlockOnID((DWORD)&g_semUpdatedFileItems, BLOCK_SVC_INTS);
GetUpdatedFileItems(&pFirstFileItem, &pLastFileItem);
dprintf("2. g_pUpdatedFileItems = 0x%08X\n", g_pUpdatedFileItems);
if ( (pFirstFileItem = WriteDataToBuffer(pFirstFileItem, pLastFileItem, p->dioc_OutBuf, p->dioc_cbOutBuf, p->dioc_bytesret)) )
ReturnUpdatedFileItems(pFirstFileItem, pLastFileItem);
dprintf("3. g_pUpdatedFileItems = 0x%08X\n", g_pUpdatedFileItems);
return 0;
}
else if ( g_pUpdatedFileItems )
{
PFILEITEM pFirstFileItem, pLastFileItem;
dprintf("1. g_pUpdatedFileItems = 0x%08X\n", g_pUpdatedFileItems);
GetUpdatedFileItems(&pFirstFileItem, &pLastFileItem);
dprintf("2. g_pUpdatedFileItems = 0x%08X\n", g_pUpdatedFileItems);
if ( (pFirstFileItem = WriteDataToBuffer(pFirstFileItem, pLastFileItem, p->dioc_OutBuf, p->dioc_cbOutBuf, &p->dioc_ovrlp->O_InternalHigh)) )
ReturnUpdatedFileItems(pFirstFileItem, pLastFileItem);
dprintf("3. g_pUpdatedFileItems = 0x%08X\n", g_pUpdatedFileItems);
if ( p->dioc_bytesret )
*p->dioc_bytesret = p->dioc_ovrlp->O_InternalHigh;
VWIN32_DIOCCompletionRoutine(p->dioc_ovrlp->O_Internal);
return 0;
}
else
{
SetOverlapped(p);
return -1;
}
}
else
return 0;
case DIRMON_CancelReadChange:
dprintf(" DIRMON_CancelReadChange\n");
CancelOverlapped();
return 0;
case DIRMON_LogDelete:
g_fLogDelete = TRUE;
return 0;
case DIRMON_DoNotLogDelete:
g_fLogDelete = FALSE;
return 0;
case DIRMON_StartLogging:
dprintf(" DIRMON_StartLogging\n");
if ( !p->dioc_InBuf || !p->dioc_cbInBuf || !p->dioc_OutBuf || !p->dioc_cbOutBuf )
return 1;
else
{
int nCount = AllocateAndAppendDirectoryItems(p->dioc_InBuf, p->dioc_OutBuf);
if ( p->dioc_bytesret )
*p->dioc_bytesret = nCount * sizeof(DWORD);
dprintf(" %d directories added\n", nCount);
}
return 0;
case DIRMON_StopLogging:
dprintf(" DIRMON_StopLogging\n");
FreeAllDirectoryItems();
return 0;
case DIRMON_SuspendLogging:
return 0;
default:
dprintf(" default: 0x%08X\n", p->dioc_IOCtlCode);
return 0;
}
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -