filter.c

一文件过滤与加密,系统监视以及控制的东东,自己看

/******************************************************************/
/*                                                                */
/*  Winpooch : Windows Watchdog                                   */
/*  Copyright (C) 2004-2006  Benoit Blanchon                      */
/*                                                                */
/*  This program is free software; you can redistribute it        */
/*  and/or modify it under the terms of the GNU General Public    */
/*  License as published by the Free Software Foundation; either  */
/*  version 2 of the License, or (at your option) any later       */
/*  version.                                                      */
/*                                                                */
/*  This program is distributed in the hope that it will be       */
/*  useful, but WITHOUT ANY WARRANTY; without even the implied    */
/*  warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR       */
/*  PURPOSE.  See the GNU General Public License for more         */
/*  details.                                                      */
/*                                                                */
/*  You should have received a copy of the GNU General Public     */
/*  License along with this program; if not, write to the Free    */
/*  Software Foundation, Inc.,                                    */
/*  675 Mass Ave, Cambridge, MA 02139, USA.                       */
/*                                                                */
/******************************************************************/


/******************************************************************/
/* Build configuration                                            */
/******************************************************************/

#define TRACE_LEVEL	2	// warning level


/******************************************************************/
/* Includes                                                       */
/******************************************************************/

// module's interface
#include "Filter.h"

// project's headers
#include "Assert.h"
#include "FiltReason.h"
#include "FiltRule.h"
#include "strlcpy.h"
#include "Trace.h"
#include "Wildcards.h"
#include "Malloc.h"

// standard headers
#include <tchar.h>


/******************************************************************/
/* Internal constants                                             */
/******************************************************************/

// ... empty ...


/******************************************************************/
/* Internal data types                                            */
/******************************************************************/

typedef struct
{
  WCHAR		szProgram[MAX_PATH] ;
  FILTRULE	*aRules[_FILTREASON_COUNT] ;
  BOOL		bHookEnabled ;
  BOOL		bProtected ;
} FILTER ;

typedef struct {
  UINT		nSize ;
  UINT		nProgPathSize ;
  UINT		nRules ;
  BOOL		bHookEnabled ;
  BOOL		bProtected ;
} SERIALHEADER ;

typedef struct {
  SERIALHEADER	header ;
  BYTE		data[1] ;
} SERIALBUFFER ;

typedef SERIALBUFFER*		PSERIALBUFFER ;
typedef const SERIALBUFFER*	PCSERIALBUFFER ;


/******************************************************************/
/* Internal macros                                                */
/******************************************************************/

#ifndef PAGED_CODE
#define PAGED_CODE()	((void)0)
#endif


/******************************************************************/
/* Code sections pragmas                                          */
/******************************************************************/

#ifdef ALLOC_PRAGMA
#pragma alloc_text (PAGE, Filter_Create)
#pragma alloc_text (PAGE, Filter_Clear)
#pragma alloc_text (PAGE, Filter_Destroy)
#pragma alloc_text (PAGE, Filter_GetProgram)
#pragma alloc_text (PAGE, Filter_SetProgram)
#pragma alloc_text (PAGE, Filter_GetProtected)
#pragma alloc_text (PAGE, Filter_SetProtected)
#pragma alloc_text (PAGE, Filter_ResetRules)
#pragma alloc_text (PAGE, Filter_AddRule)
#pragma alloc_text (PAGE, Filter_AddRules)
#pragma alloc_text (PAGE, Filter_AddNewRule)
#pragma alloc_text (PAGE, Filter_DeleteRule)
#pragma alloc_text (PAGE, Filter_Concat)
#pragma alloc_text (PAGE, Filter_IsHookEnabled)
#pragma alloc_text (PAGE, Filter_EnableHook)
#pragma alloc_text (PAGE, Filter_Test)
#pragma alloc_text (PAGE, Filter_EnumRules)
#pragma alloc_text (PAGE, Filter_MoveRuleUp)
#pragma alloc_text (PAGE, Filter_MoveRuleDown)
#pragma alloc_text (PAGE, Filter_CanMoveUpRule)
#pragma alloc_text (PAGE, Filter_CanMoveDownRule)
#pragma alloc_text (PAGE, Filter_Serialize)
#pragma alloc_text (PAGE, Filter_Unserialize)
#endif


/******************************************************************/
/* Exported function                                              */
/******************************************************************/

HFILTER Filter_Create (LPCWSTR szProgram) 
{
  FILTER * p ;

  TRACE ;
  
  // assert paged memory is accessible
  PAGED_CODE() ;

  // alloc structrure
  p = MALLOC (sizeof(FILTER)) ;

  if( p==NULL )
    {
      TRACE_ERROR (TEXT("Failed to allocate FILTER structure (%u bytes)\n"), sizeof(FILTER)) ;
      return NULL ;
    }

  memset (p, 0, sizeof(FILTER)) ;

  if( szProgram )
    wcslcpy (p->szProgram, szProgram, MAX_PATH) ;
  else
    p->szProgram[0] = 0 ;
  p->bHookEnabled = TRUE ;
  p->bProtected = FALSE ;
		      
  return p ;
}


/******************************************************************/
/* Exported function                                              */
/******************************************************************/

VOID Filter_Destroy (HFILTER hFilter) 
{
  TRACE ;

  // assert paged memory is accessible
  PAGED_CODE() ;

  if( hFilter )
    {
      Filter_Clear (hFilter) ;
      
      FREE (hFilter) ;
    }
}


/******************************************************************/
/* Exported function                                              */
/******************************************************************/

VOID	Filter_Clear (HFILTER hFilter) 
{
  FILTER * p = hFilter ;
  UINT iReason ;
 
  TRACE ;

  // assert paged memory is accessible
  PAGED_CODE() ;

  ASSERT (hFilter!=NULL) ;
  
  for( iReason=1 ; iReason<_FILTREASON_COUNT ; iReason++ )
    Filter_ResetRules (p, iReason) ;
}


/******************************************************************/
/* Exported function                                              */
/******************************************************************/

BOOL Filter_EnumRules (HFILTER hFilter, ENUMRULESCALLBACK pfnCallback, LPVOID pContext) 
{
  FILTER * p = hFilter ;
  UINT iReason ;

  TRACE ;

  // assert paged memory is accessible
  PAGED_CODE() ;

  // verify params
  ASSERT (hFilter!=NULL) ;
  ASSERT (pfnCallback!=NULL) ;
  
  for( iReason=0 ; iReason<_FILTREASON_COUNT ; iReason++ )
    {
      FILTRULE * pRule = p->aRules[iReason] ;

      while( pRule )
	{
	  pfnCallback (pContext, pRule) ;
	  pRule = pRule->pNext ;
	}
    }

  return TRUE ;
}


/******************************************************************/
/* Exported function                                              */
/******************************************************************/

LPCWSTR Filter_GetProgram (HFILTER hFilter) 
{
  FILTER * p = hFilter ;

  TRACE ;

  // assert paged memory is accessible
  PAGED_CODE() ;

  return p ? p->szProgram : NULL ;
}


/******************************************************************/
/* Exported function                                              */
/******************************************************************/

VOID Filter_SetProgram (HFILTER hFilter, LPCWSTR szProgram) 
{
  FILTER * p = hFilter ;

  TRACE ;

  // assert paged memory is accessible
  PAGED_CODE() ;

  // verify params
  ASSERT (hFilter!=NULL) ;
  ASSERT (szProgram!=NULL) ;

  // set process name
  wcslcpy (p->szProgram, szProgram, MAX_PATH) ;
}

/******************************************************************/
/* Exported function                                              */
/******************************************************************/

VOID Filter_SetProtected (HFILTER hFilter, BOOL bProtected) 
{
  FILTER * p = hFilter ;

  TRACE ;

  // assert paged memory is accessible
  PAGED_CODE() ;

  // verify params
  ASSERT (hFilter!=NULL) ;

  // set "protected" flag
  p->bProtected = bProtected ;
}


/******************************************************************/
/* Exported function                                              */
/******************************************************************/

BOOL Filter_GetProtected (HFILTER hFilter) 
{
  FILTER * p = hFilter ;

  TRACE ;

  // assert paged memory is accessible
  PAGED_CODE() ;

  // verify params
  ASSERT (hFilter!=NULL) ;

  // get "protected" flag
  return p->bProtected ;
}


/******************************************************************/
/* Exported function                                              */
/******************************************************************/

BOOL Filter_ResetRules (HFILTER hFilter, UINT nReason) 
{
  FILTER * p = hFilter ;
  FILTRULE * pRule ;

  TRACE_INFO ("nReason = %d\n", nReason) ;

  // assert paged memory is accessible
  PAGED_CODE() ;

  // verify params
  ASSERT (hFilter!=NULL) ;
  ASSERT (p->aRules!=NULL) ;
  ASSERT (nReason<_FILTREASON_COUNT) ;

  while( (pRule=p->aRules[nReason])!=NULL )
    {
      ASSERT (pRule!=NULL) ;
      
      p->aRules[nReason] = pRule->pNext ;

      FiltRule_Clear (pRule) ;

      FREE (pRule) ; 
    }

  return TRUE ;
}


/******************************************************************/
/* Exported function                                              */
/******************************************************************/

BOOL Filter_AddRules (HFILTER hFilter, FILTRULE * pNewRules) 
{
  FILTER	*p = hFilter ;
  FILTRULE	*pCurRule ;
  BOOL		bReasonValid ;

  TRACE ;

  // assert paged memory is accessible
  PAGED_CODE() ;

  // verify params
  ASSERT (hFilter!=NULL) ;
  ASSERT (pNewRules!=NULL) ;

  bReasonValid = pNewRules->condition.nReason>=0 && pNewRules->condition.nReason<_FILTREASON_COUNT ;
  if( ! bReasonValid ) return FALSE ;
  
  pCurRule = p->aRules[pNewRules->condition.nReason] ;
  
  if( ! pCurRule ) {
    p->aRules[pNewRules->condition.nReason] = pNewRules ;
    return TRUE ;
  }
  
  while( pCurRule->pNext ) pCurRule = pCurRule->pNext ;

  ASSERT (pCurRule!=NULL) ;
  ASSERT (pCurRule->pNext==NULL) ;
  pCurRule->pNext = pNewRules ;

  return TRUE ;
}


/******************************************************************/
/* Exported function                                              */
/******************************************************************/

BOOL Filter_AddRule (HFILTER hFilter, FILTRULE * pNewRule) 
{
  TRACE ;

  // assert paged memory is accessible
  PAGED_CODE() ;

  // verify params
  ASSERT (hFilter!=NULL) ;
  ASSERT (pNewRule!=NULL) ;
  
  pNewRule->pNext = NULL ;
  
  return Filter_AddRules (hFilter, pNewRule) ;
}


/******************************************************************/
/* Exported function                                              */
/******************************************************************/

BOOL Filter_AddNewRule (HFILTER hFilter, 
			DWORD nReaction, DWORD nVerbosity, DWORD nOptions, 
			FILTREASON nReason, LPCTSTR szFormat, ...) 
{
  FILTRULE	*pNewRule ;
  va_list	va ;

  TRACE ;

  // assert paged memory is accessible
  PAGED_CODE() ;

  // verify params
  ASSERT (hFilter!=NULL) ;

  pNewRule = MALLOC (sizeof(FILTRULE)) ;

  if( ! pNewRule ) 
    {
      TRACE_ERROR (TEXT("Failed to allocate FILTRULE structure (%u bytes)\n"), sizeof(FILTRULE)) ;
      return FALSE ;
    }

  pNewRule->nReaction	= nReaction ;
  pNewRule->nVerbosity	= nVerbosity ;
  pNewRule->nOptions	= nOptions ;
  pNewRule->pNext	= NULL ;

  va_start (va, szFormat) ;
  FiltCond_SetFV (&pNewRule->condition, nReason, szFormat, va) ;
  va_end (va) ;		  
  
  return Filter_AddRules (hFilter, pNewRule) ;
}


/******************************************************************/
/* Exported function                                              */
/******************************************************************/

BOOL	Filter_DeleteRule (HFILTER hFilter, FILTRULE *pRuleToDelete) 
{
  FILTER	*p = hFilter ;
  FILTRULE		*pRule ;

  TRACE ;

  // assert paged memory is accessible
  PAGED_CODE() ;

  // verify params
  ASSERT (hFilter!=NULL) ;
  ASSERT (pRuleToDelete!=NULL) ;
 
  pRule = p->aRules[pRuleToDelete->condition.nReason] ;

  // is it the first rule ?
  if( pRule==pRuleToDelete )
    {
      p->aRules[pRuleToDelete->condition.nReason] = pRule->pNext ;
      FiltRule_Clear (pRuleToDelete) ;
      FREE (pRuleToDelete) ;
      return TRUE ;
    }

  // for each rule (begin)
  while( pRule )
    {
      // is it the next rule ?
      if( pRule->pNext == pRuleToDelete )
	{