📄 testskmondlg.cpp
字号:
// TestSkMonDlg.cpp : implementation file
//
#include "stdafx.h"
#include "TestSkMon.h"
#include "TestSkMonDlg.h"
#include <winioctl.h>
#include "..\\SkMontor\\SkMon_ioctl.h"
#include "psapi.h"
#ifdef _DEBUG
#define new DEBUG_NEW
#undef THIS_FILE
static char THIS_FILE[] = __FILE__;
#endif
#define SNAKEMON_DRIVER_NAME "SNAKEMON"
//function declare.
BOOL UnloadDeviceDriver(LPCTSTR lpszDriverName);
BOOL InitializeMyDriver( LPCTSTR lpszDriverName, LPCTSTR lpszDriverFileName);
HANDLE CreateDriverFileHandle(IN LPCTSTR lpszDriverName);
void ReplaceRegistryKeyName(LPCTSTR strInput, char *strOut, int iMaxSize);
/////////////////////////////////////////////////////////////////////////////
// CTestSkMonDlg dialog
CTestSkMonDlg::CTestSkMonDlg(CWnd* pParent /*=NULL*/)
: CDialog(CTestSkMonDlg::IDD, pParent)
{
//{{AFX_DATA_INIT(CTestSkMonDlg)
//}}AFX_DATA_INIT
m_hIcon = AfxGetApp()->LoadIcon(IDR_MAINFRAME);
hSnakeMonHandle = INVALID_HANDLE_VALUE;
uMyTimer = 0;
}
void CTestSkMonDlg::DoDataExchange(CDataExchange* pDX)
{
CDialog::DoDataExchange(pDX);
//{{AFX_DATA_MAP(CTestSkMonDlg)
DDX_Control(pDX, IDC_LST_REG_RESULT, m_lstCtrlRegResult);
DDX_Control(pDX, IDC_LOG_LIST, m_lstLog);
DDX_Control(pDX, IDC_DISABLE_PROCESS, m_lstDisableList);
//}}AFX_DATA_MAP
}
BEGIN_MESSAGE_MAP(CTestSkMonDlg, CDialog)
//{{AFX_MSG_MAP(CTestSkMonDlg)
ON_WM_PAINT()
ON_WM_QUERYDRAGICON()
ON_BN_CLICKED(IDC_ENABLE_HOOK, OnEnableHook)
ON_BN_CLICKED(IDC_DEL, OnDel)
ON_BN_CLICKED(IDC_ADD_PROGNAME, OnAddPrognameToForbidList)
ON_COMMAND(IDC_CLEAR_RESULT, OnClearResult)
ON_WM_TIMER()
ON_BN_CLICKED(IDC_CHECK_PROCESS_IN_LIST, OnCheckProcessInList)
ON_BN_CLICKED(IDC_ADD_LOG_LIST, OnAddLogList)
ON_BN_CLICKED(IDC_DEL_FROM_LOG_LIST, OnDelFromLogList)
ON_BN_CLICKED(IDC_CLEAR_DRIVER_BUFFER, OnClearDriverBuffer)
ON_WM_SIZE()
ON_BN_CLICKED(IDC_SET_MAX_LOG_NUM, OnSetMaxLogNum)
ON_NOTIFY(NM_CLICK, IDC_LST_REG_RESULT, OnClickLstRegResult)
ON_NOTIFY(LVN_ITEMCHANGED, IDC_LST_REG_RESULT, OnItemchangedLstRegResult)
ON_COMMAND(ID_ABOUT, OnAbout)
//}}AFX_MSG_MAP
END_MESSAGE_MAP()
/////////////////////////////////////////////////////////////////////////////
// CTestSkMonDlg message handlers
char szBrand[]=
#ifdef _WIN98
"注册表实时监察系统 for Win98 v1.0"
#else
"注册表实时监察系统 for WinNT4 v1.0"
#endif
;
BOOL CTestSkMonDlg::OnInitDialog()
{
CDialog::OnInitDialog();
SetIcon(m_hIcon, TRUE); // Set big icon
SetIcon(m_hIcon, FALSE); // Set small icon
// TODO: Add extra initialization here
SetWindowText( szBrand);
if( InitializeMyDriver( SNAKEMON_DRIVER_NAME,"SnakeMon.sys")){
hSnakeMonHandle = CreateDriverFileHandle( SNAKEMON_DRIVER_NAME);
if( hSnakeMonHandle == INVALID_HANDLE_VALUE){
MessageBox("打开SNAKEmon设备错误");
}
}
else{
MessageBox("不能加载驱动程序Snakemon.sys");
}
m_lstCtrlRegResult.InsertColumn(0,"ID",LVCFMT_LEFT,30);
m_lstCtrlRegResult.InsertColumn(1,"进程名称",LVCFMT_LEFT, 90);
m_lstCtrlRegResult.InsertColumn(2,"动作",LVCFMT_LEFT, 80);
m_lstCtrlRegResult.InsertColumn(3,"禁止",LVCFMT_LEFT, 40);
m_lstCtrlRegResult.InsertColumn(4,"操作键名",LVCFMT_LEFT, 320);
m_lstCtrlRegResult.InsertColumn(5,"状态",LVCFMT_LEFT, 80);
m_lstCtrlRegResult.InsertColumn(6,"附加信息",LVCFMT_LEFT, 280);
uMyTimer = SetTimer( ID_MYTIMER, 500, NULL);
ShowWindow(SW_MAXIMIZE);
OnCheckProcessInList(); //set the add/del buttom enable/disable!
return TRUE; // return TRUE unless you set the focus to a control
}
// If you add a minimize button to your dialog, you will need the code below
// to draw the icon. For MFC applications using the document/view model,
// this is automatically done for you by the framework.
void CTestSkMonDlg::OnPaint()
{
if (IsIconic())
{
CPaintDC dc(this); // device context for painting
SendMessage(WM_ICONERASEBKGND, (WPARAM) dc.GetSafeHdc(), 0);
// Center icon in client rectangle
int cxIcon = GetSystemMetrics(SM_CXICON);
int cyIcon = GetSystemMetrics(SM_CYICON);
CRect rect;
GetClientRect(&rect);
int x = (rect.Width() - cxIcon + 1) / 2;
int y = (rect.Height() - cyIcon + 1) / 2;
// Draw the icon
dc.DrawIcon(x, y, m_hIcon);
}
else
{
CDialog::OnPaint();
}
}
HCURSOR CTestSkMonDlg::OnQueryDragIcon()
{
return (HCURSOR) m_hIcon;
}
BOOL CTestSkMonDlg::DestroyWindow()
{
// TODO: Add your specialized code here and/or call the base class
if( uMyTimer){
KillTimer( uMyTimer);
}
if( hSnakeMonHandle != INVALID_HANDLE_VALUE){
CloseHandle( hSnakeMonHandle);
hSnakeMonHandle = INVALID_HANDLE_VALUE;
}
UnloadDeviceDriver("SnakeMon");
return CDialog::DestroyWindow();
}
void CTestSkMonDlg::OnEnableHook()
{
// TODO: Add your control notification handler code here
CButton *pButton = (CButton*)GetDlgItem(IDC_ENABLE_HOOK);
BOOL bSelect;
DWORD dwData, dwReturnSize;
bSelect = (pButton->GetCheck())?TRUE:FALSE;
if( hSnakeMonHandle != INVALID_HANDLE_VALUE){
DeviceIoControl(
hSnakeMonHandle,
bSelect?IOCTL_SKMON_REG_HOOK:IOCTL_SKMON_REG_UNHOOK,
&dwData,
sizeof(DWORD),
NULL,
0,
&dwReturnSize,
NULL);
}
}
void CTestSkMonDlg::OnOK()
{
// TODO: Add extra validation here
char inBuffer[2000];
DWORD dwReturnSize, i;
if( hSnakeMonHandle != INVALID_HANDLE_VALUE){
i = 0;
while(i++ < 1000){
if( DeviceIoControl( hSnakeMonHandle,
IOCTL_SKMON_REG_COPY_LOG,
NULL,
0,
inBuffer,
sizeof( inBuffer),
&dwReturnSize,
NULL) == FALSE)
break;
if( dwReturnSize == 0)
break;
else{
inBuffer[dwReturnSize] = 0;
AddPacketBufferToList(inBuffer, dwReturnSize);
}
}
}
}
void CTestSkMonDlg::OnClearResult()
{
// TODO: Add your control notification handler code here
m_lstCtrlRegResult.DeleteAllItems();
}
void CTestSkMonDlg::OnDel()
{
// TODO: Add your control notification handler code here
int iSel;
CString str;
iSel = m_lstDisableList.GetCurSel( );
if( iSel != LB_ERR){
DWORD dwData, dwRetSize;
m_lstDisableList.GetText( iSel, str);
dwData = m_lstDisableList.GetItemData( iSel);
if( dwData == 0){ //is string.
DeviceIoControl( hSnakeMonHandle,
IOCTL_SKMON_REG_DEL_FILTER_STR,
(void*)((LPCTSTR)str),
str.GetLength()+1,
NULL,
0,
&dwRetSize,
NULL);
}
else{
DeviceIoControl( hSnakeMonHandle,
IOCTL_SKMON_REG_DEL_FILTER_ID,
&dwData,
sizeof(dwData),
NULL,
0,
&dwRetSize,
NULL);
}
m_lstDisableList.DeleteString( iSel);
}
}
#include "selectProgDlg.h"
void CTestSkMonDlg::OnAddPrognameToForbidList()
{
// TODO: Add your control notification handler code here
CSelectProgDlg selectProg;
char szTemp[100];
int iItem;
DWORD dwData, dwRetSize;
if( selectProg.DoModal() == IDOK){
switch(selectProg.iItemType){
case CSelectProgDlg::TYPE_PROGRAM_ID:
wsprintf( szTemp,"ID:%d [%s]", selectProg.iSelectID, selectProg.strIDName);
iItem = m_lstDisableList.AddString( szTemp);
m_lstDisableList.SetItemData( iItem, selectProg.iSelectID);
dwData = selectProg.iSelectID;
DeviceIoControl( hSnakeMonHandle,
IOCTL_SKMON_REG_ADD_FILTER_ID,
&dwData,
sizeof(dwData),
NULL,
0,
&dwRetSize,
NULL);
break;
case CSelectProgDlg::TYPE_PROGRAM_FILENAME:
strcpy( szTemp,selectProg.strProgName);
iItem = m_lstDisableList.AddString( szTemp);
m_lstDisableList.SetItemData( iItem, 0);
DeviceIoControl( hSnakeMonHandle,
IOCTL_SKMON_REG_ADD_FILTER_STR,
(void*)((LPCTSTR)selectProg.strProgName),
selectProg.strProgName.GetLength()+1,
NULL,
0,
&dwRetSize,
NULL);
break;
default:
MessageBox("输入错误,不能增加");
break;
}
}
}
int CTestSkMonDlg::SearchForbidListItem(LPCTSTR progName)
{
int iTotItemNum,i;
CString strName;
iTotItemNum = m_lstDisableList.GetCount();
for( i=0; i< iTotItemNum; i++){
m_lstDisableList.GetText(i, strName);
if( strName.CompareNoCase( progName) == 0)
return i;
}
return LB_ERR;
}
int CTestSkMonDlg::SearchForbidListItem(int progID)
{
int iTotItemNum, i;
iTotItemNum = m_lstDisableList.GetCount();
for( i=0; i<iTotItemNum; i++){
i = m_lstDisableList.GetItemData(i);
if( i == progID)
return i;
}
return LB_ERR;
}
void CTestSkMonDlg::OnTimer(UINT nIDEvent)
{
// TODO: Add your message handler code here and/or call default
DWORD dwSize, dwNum,dwRetValue;
char szTemp[100];
static BOOL bDirection=FALSE;
if( hSnakeMonHandle != INVALID_HANDLE_VALUE){
dwNum = dwSize = 0;
DeviceIoControl( hSnakeMonHandle,
IOCTL_SKMON_REG_GET_LOG_NUMBER,
NULL,
0,
&dwNum,
sizeof(DWORD),
&dwRetValue,
NULL);
DeviceIoControl( hSnakeMonHandle,
IOCTL_SKMON_REG_GET_LOG_BUFFER,
NULL,
0,
&dwSize,
sizeof(DWORD),
&dwRetValue,
NULL);
wsprintf( szTemp,"%c 缓冲纪录个数:%d 大小:%d", bDirection?'\\':'/', dwNum, dwSize);
SetDlgItemText(IDC_DRIVER_BUFFER_STATUS, szTemp);
bDirection = !bDirection;
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -