📄 celognk.h
字号:
// Returns # chars copied, including NULL terminator, or 0 if none.
_inline WORD CELOG_FileInfoFromOE(
openexe_t* pOE, // OE from process or module
DWORD* pdwOID, // Receives file OID, if applicable
LPWSTR pszFullPath // Receives full path to file; must be MAX_PATH chars long
)
{
WORD wLen = 0; // either 0 or length INCLUDING null
*pdwOID = 0;
if (pOE->filetype & FA_DIRECTROM) {
LPWSTR pDest;
LPSTR pSrc;
memcpy(pszFullPath, L"\\Windows\\", 9*sizeof(WCHAR));
wLen = 10; // 9 + null
pDest = &pszFullPath[9];
pSrc = pOE->tocptr->lpszFileName;
while (*pSrc && (wLen < MAX_PATH)) {
*pDest = (WCHAR) *pSrc;
pDest++;
pSrc++;
wLen++;
}
*pDest = 0;
} else if (pOE->bIsOID) {
*pdwOID = (DWORD) pOE->ceOid;
wLen = 0; // Full path is unavailable, can be obtained from OID
} else if (pOE->lpName && pOE->lpName->name) {
wLen = strlenW(pOE->lpName->name) + 1; // +1 for null
if (wLen <= MAX_PATH) {
kstrcpyW(pszFullPath, pOE->lpName->name);
} else {
wLen = 0;
}
}
return wLen;
}
//----------------------------------------------------------
_inline void CELOG_ProcessCreateEx(
PPROCESS pProc
)
{
// Logged for both general and profiling mode
if (IsCeLogEnabled(CELOGSTATUS_ENABLED_GENERAL | CELOGSTATUS_ENABLED_PROFILE,
CELZONE_PROCESS | CELZONE_LOADER | CELZONE_PROFILER)) {
BYTE pTmp[(MAX_PATH*sizeof(WCHAR)) + sizeof(CEL_EXTRA_PROCESS_INFO)];
PCEL_EXTRA_PROCESS_INFO pclExtra = (PCEL_EXTRA_PROCESS_INFO) pTmp;
WORD wLen;
// Log extra process info
pclExtra->hProcess = pProc->hProc;
pclExtra->dwVMLen = pProc->e32.e32_vsize;
wLen = CELOG_FileInfoFromOE(&pProc->oe, &pclExtra->dwOID,
pclExtra->szFullPath);
CELOGDATANK(TRUE, CELID_EXTRA_PROCESS_INFO, (PVOID) pclExtra,
(WORD) (sizeof(CEL_EXTRA_PROCESS_INFO) + (wLen * sizeof(WCHAR))), 0,
CELZONE_PROCESS | CELZONE_LOADER | CELZONE_PROFILER);
}
}
//----------------------------------------------------------
_inline void CELOG_ProcessCloseHandle(HANDLE hProcess)
{
if (IsCeLogZoneEnabled(CELZONE_PROCESS)) {
CEL_PROCESS_CLOSE cl;
cl.hProcess = hProcess;
CELOGDATANK(TRUE, CELID_PROCESS_CLOSE, &cl, sizeof(CEL_PROCESS_CLOSE), 0, CELZONE_PROCESS);
}
}
//----------------------------------------------------------
_inline void CELOG_ProcessTerminate(HANDLE hProcess)
{
// Logged for both general and profiling mode
if (IsCeLogEnabled(CELOGSTATUS_ENABLED_GENERAL | CELOGSTATUS_ENABLED_PROFILE,
CELZONE_PROCESS | CELZONE_MEMTRACKING | CELZONE_PROFILER)) {
CEL_PROCESS_TERMINATE cl;
cl.hProcess = hProcess;
CELOGDATANK(TRUE, CELID_PROCESS_TERMINATE, &cl, sizeof(CEL_PROCESS_TERMINATE), 0, CELZONE_PROCESS | CELZONE_MEMTRACKING | CELZONE_PROFILER);
}
}
//----------------------------------------------------------
_inline void CELOG_ProcessDelete(HANDLE hProcess)
{
if (IsCeLogZoneEnabled(CELZONE_PROCESS)) {
CEL_PROCESS_DELETE cl;
cl.hProcess = hProcess;
CELOGDATANK(TRUE, CELID_PROCESS_DELETE, &cl, sizeof(CEL_PROCESS_DELETE), 0, CELZONE_PROCESS);
}
}
//----------------------------------------------------------
_inline void CELOG_Sleep(DWORD dwTimeout)
{
if (IsCeLogZoneEnabled(CELZONE_SYNCH)) {
CEL_SLEEP cl;
cl.dwTimeout = dwTimeout;
CELOGDATANK(TRUE, CELID_SLEEP, &cl, sizeof(cl), 0, CELZONE_SYNCH);
}
}
//----------------------------------------------------------
_inline void CELOG_EventCreate(HANDLE hEvent, BOOL fManReset, BOOL fInitState, LPCWSTR lpEventName, BOOL fCreate)
{
if (IsCeLogZoneEnabled(CELZONE_SYNCH)) {
BYTE pTmp[(MAX_PATH*sizeof(WCHAR)) + sizeof(CEL_EVENT_CREATE)];
WORD wLen = 0;
PCEL_EVENT_CREATE pcl = (PCEL_EVENT_CREATE) pTmp;
pcl->hEvent = hEvent;
pcl->fManual = fManReset;
pcl->fInitialState = fInitState;
pcl->fCreate = fCreate;
if (lpEventName) {
wLen = strlenW(lpEventName) + 1;
if (wLen <= MAX_PATH) {
kstrcpyW(pcl->szName, lpEventName);
} else {
wLen = 0;
}
}
CELOGDATANK(TRUE, CELID_EVENT_CREATE, (PVOID) pcl, (WORD) (sizeof(CEL_EVENT_CREATE) + (wLen * sizeof(WCHAR))), 0, CELZONE_SYNCH);
}
}
//----------------------------------------------------------
// Event Set, Reset, Pulse
_inline void CELOG_Event(HANDLE hEvent, DWORD type)
{
if (IsCeLogZoneEnabled(CELZONE_SYNCH)) {
switch (type) {
case EVENT_SET: {
CEL_EVENT_SET cl;
cl.hEvent = hEvent;
CELOGDATANK(TRUE, CELID_EVENT_SET, &cl, sizeof(CEL_EVENT_SET), 0, CELZONE_SYNCH);
break;
}
case EVENT_RESET: {
CEL_EVENT_RESET cl;
cl.hEvent = hEvent;
CELOGDATANK(TRUE, CELID_EVENT_RESET, &cl, sizeof(CEL_EVENT_RESET), 0, CELZONE_SYNCH);
break;
}
case EVENT_PULSE: {
CEL_EVENT_PULSE cl;
cl.hEvent = hEvent;
CELOGDATANK(TRUE, CELID_EVENT_PULSE, &cl, sizeof(CEL_EVENT_PULSE), 0, CELZONE_SYNCH);
break;
}
default:
;
}
}
}
//----------------------------------------------------------
_inline void CELOG_EventCloseHandle(HANDLE hEvent)
{
if (IsCeLogZoneEnabled(CELZONE_SYNCH)) {
CEL_EVENT_CLOSE cl;
cl.hEvent = hEvent;
CELOGDATANK(TRUE, CELID_EVENT_CLOSE, &cl, sizeof(CEL_EVENT_CLOSE), 0, CELZONE_SYNCH);
}
}
//----------------------------------------------------------
_inline void CELOG_EventDelete(HANDLE hEvent)
{
if (IsCeLogZoneEnabled(CELZONE_SYNCH)) {
CEL_EVENT_DELETE cl;
cl.hEvent = hEvent;
CELOGDATANK(TRUE, CELID_EVENT_DELETE, &cl, sizeof(CEL_EVENT_DELETE), 0, CELZONE_SYNCH);
}
}
//----------------------------------------------------------
_inline void CELOG_WaitForMultipleObjects(
DWORD dwNumObjects,
CONST HANDLE* lpHandles,
BOOL fWaitAll,
DWORD dwTimeout
)
{
if (IsCeLogZoneEnabled(CELZONE_SYNCH)) {
BYTE pTmp[(MAXIMUM_WAIT_OBJECTS * sizeof(HANDLE)) + sizeof(CEL_WAIT_MULTI)];
PCEL_WAIT_MULTI pcl = (PCEL_WAIT_MULTI) pTmp;
// Impose a limit on the number of handles logged
if (dwNumObjects > MAXIMUM_WAIT_OBJECTS) {
dwNumObjects = MAXIMUM_WAIT_OBJECTS;
}
pcl->fWaitAll = fWaitAll;
pcl->dwTimeout = dwTimeout;
memcpy(pcl->hHandles, lpHandles, dwNumObjects * sizeof(HANDLE));
CELOGDATANK(TRUE, CELID_WAIT_MULTI, (LPVOID) pcl, (WORD) (sizeof(CEL_WAIT_MULTI) + (dwNumObjects * sizeof(HANDLE))), 0, CELZONE_SYNCH);
}
}
//----------------------------------------------------------
_inline void CELOG_MutexCreate(HANDLE hMutex, LPMUTEX lpMutex)
{
if (IsCeLogZoneEnabled(CELZONE_SYNCH)) {
BYTE pTmp[(MAX_PATH*sizeof(WCHAR)) + sizeof(CEL_MUTEX_CREATE)];
PCEL_MUTEX_CREATE pcl = (PCEL_MUTEX_CREATE) pTmp;
WORD wLen = 0;
pcl->hMutex = hMutex;
if (lpMutex && lpMutex->name && lpMutex->name->name) {
wLen = strlenW(lpMutex->name->name) + 1;
if (wLen <= MAX_PATH) {
kstrcpyW(pcl->szName, lpMutex->name->name);
} else {
wLen = 0;
}
}
CELOGDATANK(TRUE, CELID_MUTEX_CREATE, (PVOID) pcl, (WORD) (sizeof(CEL_MUTEX_CREATE) + (wLen * sizeof(WCHAR))), 0, CELZONE_SYNCH);
}
}
//----------------------------------------------------------
_inline void CELOG_MutexRelease(HANDLE hMutex)
{
if (IsCeLogZoneEnabled(CELZONE_SYNCH)) {
CEL_MUTEX_RELEASE cl;
cl.hMutex = hMutex;
CELOGDATANK(TRUE, CELID_MUTEX_RELEASE, &cl, sizeof(CEL_MUTEX_RELEASE), 0, CELZONE_SYNCH);
}
}
//----------------------------------------------------------
_inline void CELOG_MutexCloseHandle(HANDLE hMutex)
{
if (IsCeLogZoneEnabled(CELZONE_SYNCH)) {
CEL_MUTEX_CLOSE cl;
cl.hMutex = hMutex;
CELOGDATANK(TRUE, CELID_MUTEX_CLOSE, &cl, sizeof(CEL_MUTEX_CLOSE), 0, CELZONE_SYNCH);
}
}
//----------------------------------------------------------
_inline void CELOG_MutexDelete(HANDLE hMutex)
{
if (IsCeLogZoneEnabled(CELZONE_SYNCH)) {
CEL_MUTEX_DELETE cl;
cl.hMutex = hMutex;
CELOGDATANK(TRUE, CELID_MUTEX_DELETE, &cl, sizeof(CEL_MUTEX_DELETE), 0, CELZONE_SYNCH);
}
}
//----------------------------------------------------------
_inline void CELOG_SemaphoreCreate(HANDLE hSem, LONG lInitCount, LONG lMaxCount, LPCWSTR szName)
{
if (IsCeLogZoneEnabled(CELZONE_SYNCH)) {
BYTE pTmp[(MAX_PATH*sizeof(WCHAR)) + sizeof(CEL_SEM_CREATE)];
PCEL_SEM_CREATE pcl = (PCEL_SEM_CREATE) pTmp;
WORD wLen = 0;
pcl->hSem = hSem;
pcl->dwInitCount = (DWORD) lInitCount;
pcl->dwMaxCount = (DWORD) lMaxCount;
if (szName) {
wLen = strlenW(szName) + 1;
if (wLen <= MAX_PATH) {
kstrcpyW(pcl->szName, szName);
} else {
wLen = 0;
}
}
CELOGDATANK(TRUE, CELID_SEM_CREATE, (PVOID) pcl, (WORD) (sizeof(CEL_SEM_CREATE) + (wLen * sizeof(WCHAR))), 0, CELZONE_SYNCH);
}
}
//----------------------------------------------------------
_inline void CELOG_SemaphoreRelease(HANDLE hSem, LONG lReleaseCount, LONG lPreviousCount)
{
if (IsCeLogZoneEnabled(CELZONE_SYNCH)) {
CEL_SEM_RELEASE cl;
cl.hSem = hSem;
cl.dwReleaseCount = (DWORD) lReleaseCount;
cl.dwPreviousCount = (DWORD) lPreviousCount;
CELOGDATANK(TRUE, CELID_SEM_RELEASE, &cl, sizeof(CEL_SEM_RELEASE), 0, CELZONE_SYNCH);
}
}
//----------------------------------------------------------
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -