📄 fspyuser.c
字号:
//
goto InterpretCommand_Usage;
}
parm = argv[parmIndex];
printf("\tAttaching to %s\n", parm);
bufferLength = MultiByteToWideChar( CP_ACP,
MB_ERR_INVALID_CHARS,
parm,
-1,
(LPWSTR)buffer,
BUFFER_SIZE/sizeof(WCHAR) );
bResult = DeviceIoControl( Context->Device,
FILESPY_StartLoggingDevice,
buffer,
bufferLength * sizeof(WCHAR),
NULL,
0,
&bytesReturned,
NULL );
if (!bResult) {
result = GetLastError();
printf( "ERROR attaching to device...\n" );
DisplayError( result );
}
break;
case 'd':
case 'D':
//
// Detach to the specified drive letter.
//
parmIndex++;
if (parmIndex >= argc) {
//
// Not enough parameters.
//
goto InterpretCommand_Usage;
}
parm = argv[parmIndex];
printf( "\tDetaching from %s\n", parm );
bufferLength = MultiByteToWideChar( CP_ACP,
MB_ERR_INVALID_CHARS,
parm,
-1,
(LPWSTR)buffer,
BUFFER_SIZE/sizeof(WCHAR) );
bResult = DeviceIoControl( Context->Device,
FILESPY_StopLoggingDevice,
buffer,
bufferLength * sizeof(WCHAR),
NULL,
0,
&bytesReturned,
NULL );
if (!bResult) {
result = GetLastError();
printf( "ERROR detaching from device...\n" );
DisplayError( result );
}
break;
case 'h':
case 'H':
ListHashStats( Context );
break;
case 'l':
case 'L':
//
// List all devices that are currently being monitored.
//
bResult = ListDevices( Context );
if (!bResult) {
result = GetLastError();
printf( "ERROR listing devices...\n" );
DisplayError( result );
}
break;
case 's':
case 'S':
//
// Output logging results to screen, save new value to
// instate when command interpreter is exited.
//
if (Context->NextLogToScreen) {
printf( "\tTurning off logging to screen\n" );
} else {
printf( "\tTurning on logging to screen\n" );
}
Context->NextLogToScreen = !Context->NextLogToScreen;
break;
case 'f':
case 'F':
//
// Output logging results to file.
//
if (Context->LogToFile) {
printf( "\tStop logging to file \n" );
Context->LogToFile = FALSE;
_ASSERT(Context->OutputFile);
fclose( Context->OutputFile );
Context->OutputFile = NULL;
} else {
parmIndex++;
if (parmIndex >= argc) {
//
// Not enough parameters.
//
goto InterpretCommand_Usage;
}
parm = argv[parmIndex];
Context->OutputFile = fopen( parm, "w" );
if (Context->OutputFile == NULL) {
result = GetLastError();
printf( "\nERROR opening \"%s\"...\n",parm );
DisplayError( result );
returnValue = USAGE_ERROR;
goto InterpretCommand_Exit;
}
Context->LogToFile = TRUE;
printf( "\tLog to file %s\n", parm );
}
break;
case 'v':
case 'V':
//
// Toggle the specified verbosity flag.
//
parmIndex++;
if (parmIndex >= argc) {
//
// Not enough parameters
//
goto InterpretCommand_Usage;
}
parm = argv[parmIndex];
switch(parm[0]) {
case 'p':
case 'P':
ToggleFlag( Context->VerbosityFlags,
FS_VF_DUMP_PARAMETERS );
break;
default:
//
// Invalid switch, goto usage.
//
goto InterpretCommand_Usage;
}
break;
default:
//
// Invalid switch, goto usage.
//
goto InterpretCommand_Usage;
}
} else {
//
// Look for "go" or "g" to see if we should exit interpreter.
//
if (!_strnicmp( parm,
INTERPRETER_EXIT_COMMAND1,
sizeof(INTERPRETER_EXIT_COMMAND1))) {
returnValue = EXIT_INTERPRETER;
goto InterpretCommand_Exit;
}
if (!_strnicmp( parm,
INTERPRETER_EXIT_COMMAND2,
sizeof(INTERPRETER_EXIT_COMMAND2))) {
returnValue = EXIT_INTERPRETER;
goto InterpretCommand_Exit;
}
//
// Look for "exit" to see if we should exit program.
//
if (!_strnicmp( parm,
PROGRAM_EXIT_COMMAND,
sizeof(PROGRAM_EXIT_COMMAND))) {
returnValue = EXIT_PROGRAM;
goto InterpretCommand_Exit;
}
//
// Invalid parameter.
//
goto InterpretCommand_Usage;
}
}
InterpretCommand_Exit:
return returnValue;
InterpretCommand_Usage:
printf( "Valid switches: [/a <drive>] [/d <drive>] [/h] [/l] [/s] [/f [<file name>] [/v <flag>]]\n"
"\t[/a <drive>] attaches monitor to <drive>\n"
"\t[/d <drive>] detaches monitor from <drive>\n"
"\t[/h] print filename hash statistics\n"
"\t[/l] lists all the drives the monitor is currently attached to\n"
"\t[/s] turns on and off showing logging output on the screen\n"
"\t[/f [<file name>]] turns on and off logging to the specified file\n"
"\t[/v <flag>] toggles a verbosity flag. Valid verbosity flags are:\n"
"\t\tp (dump irp parameters)\n"
"If you are in command mode,\n"
"\t[go|g] will exit command mode\n"
"\t[exit] will terminate this program\n" );
returnValue = USAGE_ERROR;
goto InterpretCommand_Exit;
}
BOOL
ListHashStats (
PLOG_CONTEXT Context
)
{
ULONG bytesReturned;
BOOL returnValue;
FILESPY_STATISTICS stats;
returnValue = DeviceIoControl( Context->Device,
FILESPY_GetStats,
NULL,
0,
(CHAR *) &stats,
sizeof(FILESPY_STATISTICS),
&bytesReturned,
NULL );
if (returnValue) {
printf( " STATISTICS\n");
printf( "---------------------------------\n");
printf( "%-40s %8d\n", "Name lookups", stats.TotalContextSearches );
printf( "%-40s %8d\n", "Name lookup hits", stats.TotalContextFound );
if (stats.TotalContextSearches) {
printf( "%-40s %8.2f%%\n",
"Hit ratio",
((FLOAT) stats.TotalContextFound /
(FLOAT) stats.TotalContextSearches) * 100. );
}
printf( "%-40s %8d\n", "Names created", stats.TotalContextCreated );
printf( "%-40s %8d\n",
"Temporary Names created",
stats.TotalContextTemporary );
printf( "%-40s %8d\n",
"Duplicate names created",
stats.TotalContextDuplicateFrees );
printf( "%-40s %8d\n",
"Context callback frees",
stats.TotalContextCtxCallbackFrees );
printf( "%-40s %8d\n",
"NonDeferred context frees",
stats.TotalContextNonDeferredFrees );
printf( "%-40s %8d\n",
"Deferred context frees",
stats.TotalContextDeferredFrees );
printf( "%-40s %8d\n",
"Delete all contexts",
stats.TotalContextDeleteAlls );
printf( "%-40s %8d\n",
"Contexts not supported",
stats.TotalContextsNotSupported );
printf( "%-40s %8d\n",
"Contexts not found attached to stream",
stats.TotalContextsNotFoundInStreamList );
}
return returnValue;
}
BOOL
ListDevices (
PLOG_CONTEXT Context
)
{
CHAR buffer[BUFFER_SIZE];
ULONG bytesReturned;
BOOL returnValue;
returnValue = DeviceIoControl( Context->Device,
FILESPY_ListDevices,
NULL,
0,
buffer,
BUFFER_SIZE,
&bytesReturned,
NULL );
if (returnValue) {
PATTACHED_DEVICE device = (PATTACHED_DEVICE) buffer;
printf( "DEVICE NAME | LOGGING STATUS\n" );
printf( "------------------------------------------------------\n" );
if (bytesReturned == 0) {
printf( "No devices attached\n" );
} else {
while ((BYTE *)device < buffer + bytesReturned) {
printf( "%-38S| %s\n",
device->DeviceNames,
(device->LoggingOn)?"ON":"OFF" );
device ++;
}
}
}
return returnValue;
}
VOID
DisplayError (
DWORD Code
)
/*++
Routine Description:
This routine will display an error message based off of the Win32 error
code that is passed in. This allows the user to see an understandable
error message instead of just the code.
Arguments:
Code - The error code to be translated.
Return Value:
None.
--*/
{
WCHAR buffer[80];
DWORD count;
//
// Translate the Win32 error code into a useful message.
//
count = FormatMessage( FORMAT_MESSAGE_FROM_SYSTEM,
NULL,
Code,
0,
buffer,
sizeof( buffer )/sizeof( WCHAR ),
NULL );
//
// Make sure that the message could be translated.
//
if (count == 0) {
printf( "\nError could not be translated.\n Code: %d\n", Code );
return;
} else {
//
// Display the translated error.
//
printf( "%S\n", buffer );
return;
}
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -