📄 testskmondlg.cpp
字号:
}
CDialog::OnTimer(nIDEvent);
}
#define MIN_REG_PACKETNUM 1000
void CTestSkMonDlg::OnSetMaxLogNum()
{
// TODO: Add your control notification handler code here
CString strValue;
DWORD dwData,dwRetValue;
GetDlgItemText( IDC_EDT_INPUT, strValue);
dwData = atoi( strValue);
if( hSnakeMonHandle != INVALID_HANDLE_VALUE){
if( dwData <= MIN_REG_PACKETNUM) dwData = MIN_REG_PACKETNUM;
DeviceIoControl( hSnakeMonHandle,
IOCTL_SKMON_REG_SET_MAX_LOG_NUMBER,
&dwData,
sizeof(DWORD),
NULL,
0,
&dwRetValue,
NULL);
}
}
int iCheckList[]={IDC_LOG_LIST,IDC_ADD_LOG_LIST,IDC_DEL_FROM_LOG_LIST};
void CTestSkMonDlg::OnCheckProcessInList()
{
// TODO: Add your control notification handler code here
CWnd *pWnd;
int i, iMaxi;
BOOL bEnable;
CButton *pBtn;
char ch;
DWORD dwRetValue;
pBtn = (CButton *)GetDlgItem(IDC_CHECK_PROCESS_IN_LIST);
bEnable = ( pBtn->GetCheck() == 1)?TRUE:FALSE;
iMaxi = sizeof( iCheckList)/sizeof(int);
for( i=0; i<iMaxi; i++){
pWnd = GetDlgItem(iCheckList[i]);
pWnd->EnableWindow(bEnable);
}
if( hSnakeMonHandle != INVALID_HANDLE_VALUE){
ch = bEnable?1:0;
DeviceIoControl( hSnakeMonHandle,
IOCTL_SKMON_REG_SET_LOG_PROCESS_ONLY,
&ch,
sizeof(ch),
NULL,
0,
&dwRetValue,
NULL);
}
}
void CTestSkMonDlg::OnAddLogList()
{
// TODO: Add your control notification handler code here
CSelectProgDlg selectProg;
char szTemp[100];
int iItem;
DWORD dwData, dwRetSize;
if( selectProg.DoModal() == IDOK){
switch(selectProg.iItemType){
case CSelectProgDlg::TYPE_PROGRAM_ID:
wsprintf( szTemp,"ID:%d [%s]", selectProg.iSelectID, selectProg.strIDName);
iItem = m_lstLog.AddString( szTemp);
m_lstLog.SetItemData( iItem, selectProg.iSelectID);
dwData = selectProg.iSelectID;
DeviceIoControl( hSnakeMonHandle,
IOCTL_SKMON_REG_ADD_LOG_PROCESS_ID,
&dwData,
sizeof(dwData),
NULL,
0,
&dwRetSize,
NULL);
break;
case CSelectProgDlg::TYPE_PROGRAM_FILENAME:
strcpy( szTemp,selectProg.strProgName);
iItem = m_lstLog.AddString( szTemp);
m_lstLog.SetItemData( iItem, 0);
DeviceIoControl( hSnakeMonHandle,
IOCTL_SKMON_REG_ADD_LOG_PROCESS_STR,
(void*)((LPCTSTR)selectProg.strProgName),
selectProg.strProgName.GetLength()+1,
NULL,
0,
&dwRetSize,
NULL);
break;
default:
MessageBox("输入错误,不能增加");
break;
}
}
}
void CTestSkMonDlg::OnDelFromLogList()
{
// TODO: Add your control notification handler code here
int iSel;
CString str;
iSel = m_lstLog.GetCurSel( );
if( iSel != LB_ERR){
DWORD dwData, dwRetSize;
m_lstLog.GetText( iSel, str);
dwData = m_lstLog.GetItemData( iSel);
if( dwData == 0){ //is string.
DeviceIoControl( hSnakeMonHandle,
IOCTL_SKMON_REG_DEL_LOG_PROCESS_STR,
(void*)((LPCTSTR)str),
str.GetLength()+1,
NULL,
0,
&dwRetSize,
NULL);
}
else{
DeviceIoControl( hSnakeMonHandle,
IOCTL_SKMON_REG_DEL_LOG_PROCESS_ID,
&dwData,
sizeof(dwData),
NULL,
0,
&dwRetSize,
NULL);
}
m_lstLog.DeleteString( iSel);
}
}
void CTestSkMonDlg::OnClearDriverBuffer()
{
// TODO: Add your control notification handler code here
DWORD dwRetSize;
if( hSnakeMonHandle != INVALID_HANDLE_VALUE){
DeviceIoControl( hSnakeMonHandle,
IOCTL_SKMON_CLEAR_REG_ALL_BUFFER,
NULL,
0,
NULL,
0,
&dwRetSize,
NULL);
}
}
#include "..\\SkMontor\\SkDrv_RegComm.h"
LPCTSTR ErrorString( DWORD retval );
LPCTSTR GetRegActionName( DWORD dwAction);
void CTestSkMonDlg::AddPacketBufferToList(void *pBuffer, DWORD dwSize)
{
REG_LOGUNIT *pRegLogUnit;
char szTemp[100], szKeyName[1024];
int iIndex;
pRegLogUnit = (REG_LOGUNIT*)pBuffer;
//ID, 进程名称 , 动作, 禁止, 操作键名, 附加信息,
itoa( pRegLogUnit->dwProcessID, szTemp, 10);
iIndex = m_lstCtrlRegResult.GetItemCount();
iIndex = m_lstCtrlRegResult.InsertItem( iIndex, szTemp);
m_lstCtrlRegResult.SetItemText( iIndex, 1, pRegLogUnit->processName); //process name.
m_lstCtrlRegResult.SetItemText( iIndex, 2, GetRegActionName(pRegLogUnit->dwAction));
m_lstCtrlRegResult.SetItemText( iIndex, 3, pRegLogUnit->chEnable?"":"禁止");
ReplaceRegistryKeyName( pRegLogUnit->strOtherInfo, szKeyName,sizeof(szKeyName));
m_lstCtrlRegResult.SetItemText( iIndex, 4, szKeyName);
m_lstCtrlRegResult.SetItemText( iIndex, 5, ErrorString(pRegLogUnit->status));
m_lstCtrlRegResult.SetItemText( iIndex, 6, pRegLogUnit->strOtherInfo+pRegLogUnit->uStrKeySize+1);
}
#define REGISTRY_NAME_TABLE_NUM 3
struct RegistryNameSimpleTable{
char szOld[100];
char szNew[50];
}stRegistryNameSimpleTable[REGISTRY_NAME_TABLE_NUM]=
{
{"\\\\REGISTRY\\MACHINE\\", "\\HKEY_LOCAL_MACHINE\\"},
{"\\\\REGISTRY\\MACHINE\\SOFTWARE\\CLASS\\", "\\HKEY_CLASSES_ROOT\\"},
{"\\\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\HARDWARE PROFILE\\CURRENT\\", "\\HKEY_CURRENT_CONFIG\\"}
};
void ReplaceRegistryKeyName(LPCTSTR strInput, char *strOut, int iMaxSize)
{
int iTestLen,i;
for( i=0; i<REGISTRY_NAME_TABLE_NUM; i++){
iTestLen = strlen( stRegistryNameSimpleTable[i].szOld);
if( memcmp( strInput, stRegistryNameSimpleTable[i].szOld, iTestLen) == 0){
strcpy( strOut, stRegistryNameSimpleTable[i].szNew);
strcat( strOut, strInput+iTestLen);
break;
}
}
if( i==REGISTRY_NAME_TABLE_NUM)
strcpy( strOut, strInput);
}
LPCTSTR GetRegActionName( DWORD dwAction)
{
LPCTSTR lpszReturn;
switch( dwAction){
case REG_ACTION_OPEN:
lpszReturn = "打开键";
break;
case REG_ACTION_QUERY:
lpszReturn = "查询键";
break;
case REG_ACTION_QUERY_VALUE:
lpszReturn = "查询值";
break;
case REG_ACTION_ENUMERATE_VALUE:
lpszReturn = "枚举值";
break;
case REG_ACTION_SET_VALUE:
lpszReturn = "设置值";
break;
case REG_ACTION_CREATE:
lpszReturn = "创建新键";
break;
case REG_ACTION_DELETE_VALUE:
lpszReturn = "删除值";
break;
case REG_ACTION_CLOSE:
lpszReturn = "关闭键";
break;
case REG_ACTION_DELETE:
lpszReturn = "删除键";
break;
case REG_ACTION_FLUSH:
lpszReturn = "确认";
break;
case REG_ACTION_LOAD:
lpszReturn = "载入";
break;
case REG_ACTION_UNLOAD:
lpszReturn = "卸载";
break;
case REG_ACTION_ENUMERATE:
lpszReturn = "枚举键";
break;
default:
lpszReturn = "未知动作";
break;
}
return lpszReturn;
}
char errstring[50];
LPCTSTR ErrorString( DWORD retval )
{
// Passed filter, so log it
switch( retval ) {
case 0xC0000023L://STATUS_BUFFER_TOO_SMALL:
return "缓冲太小";
case 0://STATUS_SUCCESS:
return "成功";
case 0xC000017CL://STATUS_KEY_DELETED:
return "键值已经删除";
case 0xC000014DL://STATUS_REGISTRY_IO_FAILED:
return "IO失败";
case 0xC000014CL://STATUS_REGISTRY_CORRUPT:
return "不正确";
case 0xC0000017L://STATUS_NO_MEMORY:
return "内存不足";
case 0xC0000022L://STATUS_ACCESS_DENIED:
return "禁止";
case 0x8000001AL://STATUS_NO_MORE_ENTRIES:
return "没有更多";
case 0xC0000034L://STATUS_OBJECT_NAME_NOT_FOUND:
return "没有发现";
case 0x80000005L://STATUS_BUFFER_OVERFLOW:
return "缓冲溢出";
case 0xC000003BL://STATUS_OBJECT_PATH_SYNTAX_BAD:
return "路径错误";
default:
sprintf(errstring, "未知错误:%x", retval );
return errstring;
}
return "未知";
}
void CTestSkMonDlg::OnSize(UINT nType, int cx, int cy)
{
CDialog::OnSize(nType, cx, cy);
// TODO: Add your message handler code here
CRect RegCtrlRect, DlgRect, infoRect;
CWnd *pWnd;
if( !IsWindowVisible()) return;
GetWindowRect( &DlgRect);
m_lstCtrlRegResult.GetWindowRect( &RegCtrlRect);
ScreenToClient( &RegCtrlRect);
RegCtrlRect.right = cx-10;
RegCtrlRect.bottom = cy - 10;
m_lstCtrlRegResult.MoveWindow( &RegCtrlRect);
//set info text.
pWnd = GetDlgItem(IDC_DETAIL_TEXT);
pWnd->GetWindowRect( &infoRect);
ScreenToClient( &infoRect);
infoRect.right = cx - 10;
pWnd->MoveWindow( &infoRect);
}
void CTestSkMonDlg::OnClickLstRegResult(NMHDR* pNMHDR, LRESULT* pResult)
{
// TODO: Add your control notification handler code here
OnItemchangedLstRegResult( pNMHDR, pResult);
*pResult = 0;
}
void CTestSkMonDlg::OnItemchangedLstRegResult(NMHDR* pNMHDR, LRESULT* pResult)
{
NM_LISTVIEW* pNMListView = (NM_LISTVIEW*)pNMHDR;
// TODO: Add your control notification handler code here
int iSel;
CString strText;
iSel = m_lstCtrlRegResult.GetSelectionMark();
if( iSel != LB_ERR){
strText = m_lstCtrlRegResult.GetItemText( iSel, 4);
}
else
strText = "";
SetDlgItemText(IDC_DETAIL_TEXT, strText);
if( pResult)
*pResult = 0;
}
#include "dlgabout.h"
void CTestSkMonDlg::OnAbout()
{
// TODO: Add your command handler code here
CDlgAbout aboutDlg;
aboutDlg.DoModal();
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -