📄 filter.c
字号:
pRule->pNext = pRule->pNext->pNext ; FiltRule_Clear (pRuleToDelete) ; FREE (pRuleToDelete) ; return TRUE ; } // iterate list pRule = pRule->pNext ; } // for each rule (end) return FALSE ;}/******************************************************************//* Exported function *//******************************************************************/BOOL Filter_Concat (HFILTER hFilter, HFILTER hFilterToAdd) { FILTER * p1 = (FILTER*) hFilter ; FILTER * p2 = (FILTER*) hFilterToAdd ; int i ; TRACE ; // assert paged memory is accessible PAGED_CODE() ; // verify params ASSERT (hFilter!=NULL) ; ASSERT (hFilterToAdd!=NULL) ; for( i=0 ; i<_FILTREASON_COUNT ; i++ ) if( p2->aRules[i] ) { TRACE ; Filter_AddRules (hFilter, p2->aRules[i]) ; ASSERT (p1->aRules[i]!=NULL) ; ASSERT (p1->aRules[i]==p2->aRules[i]) ; p2->aRules[i] = NULL ; } Filter_Destroy (hFilterToAdd) ; return TRUE ;}/******************************************************************//* Exported function *//******************************************************************/BOOL Filter_Test (HFILTER hFilter, PFILTCOND pCond, DWORD *pwReaction, DWORD *pwVerbosity, DWORD * pwOptions) { FILTER * p = hFilter ; FILTRULE * pRule ; TRACE ; // assert paged memory is accessible PAGED_CODE() ; // verify params ASSERT (hFilter!=NULL) ; ASSERT (pCond!=NULL) ; ASSERT (pCond->nReason<_FILTREASON_COUNT) ; pRule = p->aRules[pCond->nReason] ; while( pRule ) { if( FiltCond_Check (&pRule->condition, pCond) ) { if( pwReaction ) *pwReaction = pRule->nReaction ; if( pwVerbosity ) *pwVerbosity = pRule->nVerbosity ; if( pwOptions ) *pwOptions = pRule->nOptions ; return TRUE ; } pRule = pRule->pNext ; } return FALSE ;}/******************************************************************//* Exported function *//******************************************************************/BOOL Filter_MoveRuleUp (HFILTER hFilter, FILTRULE *pRuleToMove) { FILTER *p = hFilter ; FILTRULE *pCurRule, *pPrevRule ; TRACE ; // assert paged memory is accessible PAGED_CODE() ; // verify params ASSERT (hFilter!=NULL) ; ASSERT (pRuleToMove!=NULL) ; pPrevRule = NULL ; pCurRule = p->aRules[pRuleToMove->condition.nReason] ; // is it the first rule ? if( pCurRule==pRuleToMove ) return TRUE ; // for each rule (begin) while( pCurRule ) { // is it the next rule ? if( pCurRule->pNext == pRuleToMove ) { pCurRule->pNext = pRuleToMove->pNext ; pRuleToMove->pNext = pCurRule ; if( pPrevRule ) pPrevRule->pNext = pRuleToMove ; else p->aRules[pRuleToMove->condition.nReason] = pRuleToMove ; return TRUE ; } // iterate list pPrevRule = pCurRule ; pCurRule = pCurRule->pNext ; } // for each rule (end) return FALSE ;}/******************************************************************//* Exported function *//******************************************************************/BOOL Filter_CanMoveUpRule (HFILTER hFilter, FILTRULE *pRule) { FILTER *p = hFilter ; TRACE ; // assert paged memory is accessible PAGED_CODE() ; // verify params ASSERT (hFilter!=NULL) ; ASSERT (pRule!=NULL) ; ASSERT (pRule->condition.nReason<_FILTREASON_COUNT) ; return p->aRules[pRule->condition.nReason] != pRule ;}/******************************************************************//* Exported function *//******************************************************************/BOOL Filter_MoveRuleDown (HFILTER hFilter, FILTRULE *pRuleToMove) { FILTER *p = hFilter ; FILTRULE *pCurRule, *pPrevRule ; DWORD nReason ; TRACE ; // assert paged memory is accessible PAGED_CODE() ; // verify params ASSERT (hFilter!=NULL) ; ASSERT (pRuleToMove!=NULL) ; // is it the last rule ? if( ! pRuleToMove->pNext ) return TRUE ; nReason = pRuleToMove->condition.nReason ; pCurRule = p->aRules[nReason] ; // is it the first rule ? if( pCurRule==pRuleToMove ) { p->aRules[nReason] = pRuleToMove->pNext ; pRuleToMove->pNext = p->aRules[nReason]->pNext ; p->aRules[nReason]->pNext = pRuleToMove ; return TRUE ; } // for each rule (begin) while( pCurRule ) { // is it this rule ? if( pCurRule == pRuleToMove ) { pPrevRule->pNext = pRuleToMove->pNext ; pRuleToMove->pNext = pRuleToMove->pNext->pNext ; pPrevRule->pNext->pNext = pRuleToMove ; return TRUE ; } // iterate list pPrevRule = pCurRule ; pCurRule = pCurRule->pNext ; } // for each rule (end) return FALSE ;}/******************************************************************//* Exported function *//******************************************************************/BOOL Filter_CanMoveDownRule (HFILTER hFilter, FILTRULE *pRule) { TRACE ; // assert paged memory is accessible PAGED_CODE() ; // verify params ASSERT (hFilter!=NULL) ; ASSERT (pRule!=NULL) ; ASSERT (pRule->condition.nReason<_FILTREASON_COUNT) ; return pRule->pNext!=NULL ;}/******************************************************************//* Exported function *//******************************************************************/BOOL Filter_IsHookEnabled (HFILTER hFilter) { FILTER *p = hFilter ; TRACE ; // assert paged memory is accessible PAGED_CODE() ; // verify params ASSERT (hFilter!=NULL) ; return p->bHookEnabled ;}/******************************************************************//* Exported function *//******************************************************************/VOID Filter_EnableHook (HFILTER hFilter, BOOL bEnable) { FILTER *p = hFilter ; TRACE ; // assert paged memory is accessible PAGED_CODE() ; // verify params ASSERT (hFilter!=NULL) ; p->bHookEnabled = bEnable ;}/******************************************************************//* Exported function *//******************************************************************/UINT Filter_Serialize (HFILTER hFilter, PVOID pBuffer, UINT nMaxSize){ PSERIALBUFFER pSerial = pBuffer ; FILTER *pFilter = hFilter ; BYTE * pWritePtr ; UINT nProgPathSize ; UINT nTotalSize ; UINT nRules ; UINT iReason ; UINT nRuleSize ; TRACE ; // assert paged memory is accessible PAGED_CODE() ; ASSERT (hFilter!=NULL) ; ASSERT (pBuffer!=NULL) ; ASSERT (nMaxSize>0) ; nTotalSize = sizeof(SERIALHEADER) ; pWritePtr = pSerial->data ; if( nTotalSize>nMaxSize ) { TRACE_ERROR (TEXT("Buffer too small to store header.\n")) ; return 0 ; } nProgPathSize = ( wcslen(pFilter->szProgram) + 1 ) * sizeof(WCHAR) ; nTotalSize += nProgPathSize ; if( nTotalSize>nMaxSize ) { TRACE_ERROR (TEXT("Buffer too small to store program path.\n")) ; return 0 ; } memcpy (pWritePtr, pFilter->szProgram, nProgPathSize) ; pWritePtr += nProgPathSize ; nRules = 0 ; for( iReason=0 ; iReason<_FILTREASON_COUNT ; iReason++ ) { PCFILTRULE pCurRule ; for( pCurRule=pFilter->aRules[iReason] ; pCurRule ; pCurRule=pCurRule->pNext ) { nRules++ ; nRuleSize = FiltRule_Serialize (pCurRule, pWritePtr, nMaxSize-nTotalSize) ; if( ! nRuleSize ) { TRACE_ERROR (TEXT("FiltRule_Serialize failed\n")) ; return 0 ; } nTotalSize += nRuleSize ; pWritePtr += nRuleSize ; ASSERT (nTotalSize<=nMaxSize) ; } } // fill header pSerial->header.nSize = nTotalSize ; pSerial->header.nProgPathSize = nProgPathSize ; pSerial->header.nRules = nRules ; pSerial->header.bHookEnabled = pFilter->bHookEnabled ; pSerial->header.bProtected = pFilter->bProtected ; TRACE_INFO (TEXT("Filter size = %u\n"), nTotalSize) ; ASSERT (nTotalSize>0) ; return nTotalSize ;}/******************************************************************//* Exported function *//******************************************************************/UINT Filter_Unserialize (HFILTER hFilter, PCVOID pBuffer, UINT nMaxSize){ PCSERIALBUFFER pSerial = pBuffer ; FILTER *pFilter = hFilter ; const BYTE *pReadPtr ; UINT nTotalSize ; INT nRemainSize ; INT nRemainRules ; TRACE ; // assert paged memory is accessible PAGED_CODE() ; ASSERT (hFilter!=NULL) ; ASSERT (pBuffer!=NULL) ; ASSERT (nMaxSize>0) ; // is buffer big enough ? if( nMaxSize < sizeof(SERIALHEADER) ) { TRACE_ERROR (TEXT("Buffer smaller than header.\n")) ; return 0 ; } TRACE_INFO (TEXT("Filter size = %u\n"), pSerial->header.nSize) ; // is buffer big enough ? if( nMaxSize < pSerial->header.nSize ) { TRACE_ERROR (TEXT("Buffer is too small (size=%d,needed=%d)\n"), nMaxSize, pSerial->header.nSize) ; return 0 ; } // is prog path size correct ? if( pSerial->header.nProgPathSize/2 >= MAX_PATH ) { TRACE_ERROR (TEXT("Program path too long\n")) ; return 0 ; } // read header nTotalSize = pSerial->header.nSize ; nRemainSize = nTotalSize - sizeof(SERIALHEADER) ; nRemainRules = pSerial->header.nRules ; pFilter->bHookEnabled = pSerial->header.bHookEnabled ; pFilter->bProtected = pSerial->header.bProtected ; pReadPtr = pSerial->data ; // verify remaining size if( nRemainSize < pSerial->header.nProgPathSize ) { TRACE_ERROR (TEXT("Buffer too small to contain program path\n")) ; return 0 ; } // read prog path memcpy (pFilter->szProgram, pReadPtr, pSerial->header.nProgPathSize) ; pFilter->szProgram[MAX_PATH-1] = 0 ; pReadPtr += pSerial->header.nProgPathSize ; nRemainSize -= pSerial->header.nProgPathSize ; // clear rules list //memset (pFilter->aRules, 0, sizeof(PFILTRULE)*_FILTREASON_COUNT) ; // ---------------- for each rule (begin) ---------------- while( nRemainRules ) { UINT nRuleSize ; PFILTRULE pRule = MALLOC(sizeof(FILTRULE)) ; if( pRule == NULL ) { TRACE_ERROR (TEXT("Failed to allocate FILTRULE structure (%u bytes)\n"), sizeof(FILTRULE)) ; return 0 ; } nRuleSize = FiltRule_Unserialize (pRule, pReadPtr, nRemainSize) ; if( ! nRuleSize ) { TRACE_ERROR (TEXT("FiltRule_Unserialize failed\n")) ; return 0 ; } pReadPtr += nRuleSize ; nRemainSize -= nRuleSize ; Filter_AddRule (hFilter, pRule) ; nRemainRules-- ; ASSERT (nRemainSize>=0) ; } // ---------------- for each rule (end) ---------------- if( nRemainSize!=0 ) TRACE_WARNING (TEXT("Extra bytes ignored (size=%d)\n"), nRemainSize) ; if( pFilter->aRules[FILTREASON_UNDEFINED]!=NULL ) TRACE_WARNING(TEXT("Filter has rules with undefined reason\n")) ; return nTotalSize ;}/******************************************************************//* Exported function *//******************************************************************/BOOL Filter_Match (HFILTER hFilter, LPCWSTR szPath) { LPCWSTR szProgram ; // verify params ASSERT (hFilter!=NULL) ; ASSERT (szPath!=NULL) ; szProgram = Filter_GetProgram(hFilter) ; ASSERT (szProgram!=NULL) ; return Wildcards_CompleteStringCmp (szProgram, szPath) ;}⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -