filemon.c

Socket异步通信示程序代码下载.非常直观

/******************************************************************************
*
*	FUNCTION:	PopFindDialog:
*
*	PURPOSE:	Calls the find message dialog box.
*
*****************************************************************************/
void PopFindDialog(HWND hWnd)
{
	wcscpy( FindString, PrevMatchString );
    FindTextInfo.lStructSize = sizeof( FindTextInfo );
    FindTextInfo.hwndOwner = hWnd;
    FindTextInfo.hInstance = (HANDLE)hInst;
    FindTextInfo.lpstrFindWhat = FindString;
    FindTextInfo.lpstrReplaceWith = NULL;
    FindTextInfo.wFindWhatLen = sizeof(FindString);
    FindTextInfo.wReplaceWithLen = 0;
    FindTextInfo.lCustData = 0;
    FindTextInfo.Flags =  FindFlags;
    FindTextInfo.lpfnHook = (LPFRHOOKPROC)(FARPROC)NULL;
    FindTextInfo.lpTemplateName = NULL;

    if ((hWndFind = FindText(&FindTextInfo)) == NULL)
		MessageBox( hWnd, _T("Unable to create Find dialog"), APPNAME, MB_OK|MB_ICONERROR );      
}

/****************************************************************************
*
*	FUNCTION:	FilterProc
*
*	PURPOSE:	Processes messages for "Filter" dialog box
*
****************************************************************************/
BOOL APIENTRY FilterProc( HWND hDlg, UINT message, UINT wParam, LONG lParam )
{
	int				nb;
	DWORD			newMaxLines;
	FILTER			upcaseFilter;
	char			history[64];

	switch ( message )  {
	case WM_INITDIALOG:

		// initialize the controls to reflect the current filter
		SetDlgItemTextA( hDlg, IDC_PROCFILTER, FilterDefinition.processfilter );
		SetDlgItemTextA( hDlg, IDC_PROCEXCLUDE, FilterDefinition.excludeprocess );
		SetDlgItemTextA( hDlg, IDC_PATHFILTER, FilterDefinition.pathfilter );
		SetDlgItemTextA( hDlg, IDC_EXCLUDEFILTER, FilterDefinition.excludefilter );
		CheckDlgButton( hDlg, IDC_FILTERREADS, FilterDefinition.logreads );
		CheckDlgButton( hDlg, IDC_FILTERWRITES,FilterDefinition.logwrites );
		sprintf( history, "%d", MaxLines );
		SetDlgItemTextA( hDlg, IDC_HISTORY, history );
		return TRUE;

	case WM_COMMAND:              
		if ( LOWORD( wParam ) == IDOK )	 {

			// make sure that max lines is legal
			GetDlgItemTextA( hDlg, IDC_HISTORY, history, 64 );
			if( !sscanf( history, "%d", &newMaxLines )) {

				MessageBox(	NULL, _T("Invalid History Depth."),
						_T("Filter Error"), MB_OK|MB_ICONWARNING );
				return TRUE;
			} 
			MaxLines = newMaxLines;

			// read the values that were set
			GetDlgItemTextA( hDlg, IDC_PROCFILTER, FilterDefinition.processfilter, MAXFILTERLEN );
			GetDlgItemTextA( hDlg, IDC_PROCEXCLUDE, FilterDefinition.excludeprocess, MAXFILTERLEN );
			GetDlgItemTextA( hDlg, IDC_PATHFILTER, FilterDefinition.pathfilter, MAXFILTERLEN );
			GetDlgItemTextA( hDlg, IDC_EXCLUDEFILTER, FilterDefinition.excludefilter, MAXFILTERLEN );
			FilterDefinition.logreads  = IsDlgButtonChecked( hDlg, IDC_FILTERREADS );
			FilterDefinition.logwrites = IsDlgButtonChecked( hDlg, IDC_FILTERWRITES );

			// make an upcase version for the driver
			upcaseFilter = FilterDefinition;
			_strupr(upcaseFilter.processfilter);
			_strupr(upcaseFilter.excludeprocess);
			_strupr(upcaseFilter.pathfilter);
			_strupr(upcaseFilter.excludefilter);
 
			// tell the driver the new filter
			if ( ! DeviceIoControl(	sys_handle, FILEMON_setfilter,
									&upcaseFilter, sizeof(FILTER), NULL, 
									0, &nb, NULL ) )
			{
				Abort( hDlg, _T("Couldn't access device driver") );
				return TRUE;
			}

			EndDialog( hDlg, TRUE );
			return TRUE;

		} else if( LOWORD( wParam ) == IDCANCEL ) {

			EndDialog( hDlg, TRUE );
		} else if( LOWORD( wParam ) == IDRESET ) {

			// reset filter to default of none
			sprintf( FilterDefinition.processfilter, "*" );
			sprintf( FilterDefinition.excludeprocess, "" );
			sprintf( FilterDefinition.pathfilter, "*" );
			sprintf( FilterDefinition.excludefilter, "");
			FilterDefinition.logreads = TRUE;
			FilterDefinition.logwrites = TRUE;
			MaxLines = 0;

			// initialize the controls to reflect the current filter
			SetDlgItemTextA( hDlg, IDC_PROCFILTER, FilterDefinition.processfilter );
			SetDlgItemTextA( hDlg, IDC_PROCEXCLUDE, FilterDefinition.excludeprocess );
			SetDlgItemTextA( hDlg, IDC_PATHFILTER, FilterDefinition.pathfilter );
			SetDlgItemTextA( hDlg, IDC_EXCLUDEFILTER, FilterDefinition.excludefilter );
			CheckDlgButton( hDlg, IDC_FILTERREADS, FilterDefinition.logreads );
			CheckDlgButton( hDlg, IDC_FILTERWRITES, FilterDefinition.logwrites );
			SetDlgItemTextA( hDlg, IDC_HISTORY, "0" );
		}
		break;

	case WM_CLOSE:
		EndDialog( hDlg, TRUE );
		return TRUE;
	}
	return FALSE;   
}

/******************************************************************************
*
*	FUNCTION:	Get_Position_Settings
*
*	PURPOSE:	Reads the Registry to get the last-set window position.
*
******************************************************************************/
VOID Get_Position_Settings()
{
	HKEY	hKey;
	DWORD	ParamSize;
	POSITION_SETTINGS	regPositionInfo;

	// Fist, set the default settings
	PositionInfo.top	= CW_USEDEFAULT;
	PositionInfo.left	= CW_USEDEFAULT;
	PositionInfo.width	= CW_USEDEFAULT;
	PositionInfo.height	= CW_USEDEFAULT;
	PositionInfo.maximized = FALSE;

	// set the default listview widths
	PositionInfo.column[0] = 35;  // seq 
	PositionInfo.column[1] = 90;  // time
	PositionInfo.column[2] = 90;  // process
	PositionInfo.column[3] = 130; // irp
	PositionInfo.column[4] = 200; // path
	PositionInfo.column[5] = 70;  // result
	PositionInfo.column[6] = 150; // other

	// intialize the hooked drives
	PositionInfo.curdriveset = (DWORD) -1;

	// duration is default
	PositionInfo.timeduration = FALSE;

	// initialize history depth
	PositionInfo.historydepth = 0;

	// initialize filter
	strcpy( PositionInfo.filter.processfilter, "*" );
	strcpy( PositionInfo.filter.excludeprocess, "" );
	strcpy( PositionInfo.filter.pathfilter, "*" );
	strcpy( PositionInfo.filter.excludefilter, "" );
	PositionInfo.filter.logreads = TRUE;
	PositionInfo.filter.logwrites = TRUE;

	// first, get the last-entered params from the registry
	RegCreateKey(HKEY_CURRENT_USER, 
			_T("Software\\Systems Internals\\NTFilemon"),
			&hKey );

	// get the params and ignore errors
	ParamSize = sizeof( PositionInfo );
	RegQueryValueEx( hKey,_T("Settings"), NULL, NULL, (LPBYTE) &regPositionInfo,
				&ParamSize );
	RegCloseKey( hKey );

	// only use the registry settings if the version matches
	if( regPositionInfo.posversion == POSVERSION ) PositionInfo = regPositionInfo;

	// extract global settings from the value returned from the Registry (or the default)
	CurDriveSet			= PositionInfo.curdriveset;
	MaxLines			= PositionInfo.historydepth;
	TimeIsDuration		= PositionInfo.timeduration;
	FilterDefinition    = PositionInfo.filter;
}


/******************************************************************************
*
*	FUNCTION:	Save_Position_Settings
*
*	PURPOSE:	Saves the current window settings to the Registry.
*
******************************************************************************/
VOID Save_Position_Settings( HWND hWnd )
{
	RECT		rc;
	int			i;
	HKEY		hKey;

	// set version #
	PositionInfo.posversion = POSVERSION;

	// get the position of the main window
	GetWindowRect( hWnd, &rc );
	if( !IsIconic( hWnd )) {

		PositionInfo.left = rc.left;
		PositionInfo.top = rc.top;
		PositionInfo.width = rc.right - rc.left;
		PositionInfo.height = rc.bottom - rc.top;
	} 
	PositionInfo.maximized = IsZoomed( hWnd );

	// get the history depth
	PositionInfo.historydepth = MaxLines;

	// get time format
	PositionInfo.timeduration = TimeIsDuration;

	// get the widths of the listview columns
#if GETPROCESS
	for( i = 0; i < NUMCOLUMNS; i++ ) {
#else
	for( i = 0; i < NUMCOLUMNS-1; i++ ) {
#endif
		PositionInfo.column[i] = ListView_GetColumnWidth( hWndList, i );
	}

	// save filters
	PositionInfo.filter = FilterDefinition;

	// get the current drive set
	PositionInfo.curdriveset = CurDriveSet;

	// save connection info to registry
	RegOpenKey(HKEY_CURRENT_USER, 
			_T("Software\\Systems Internals\\NTFilemon"),
			&hKey );
	RegSetValueEx( hKey, _T("Settings"), 0, REG_BINARY, (LPBYTE) &PositionInfo,
			sizeof( PositionInfo ) );
	RegCloseKey( hKey );
}


/******************************************************************************
*
*	FUNCTION:	Hook_Drives
*
*	PURPOSE:	Hook the currently selected drives, updating menu checks
*
******************************************************************************/
DWORD Hook_Drives( HMENU DriveMenu, DWORD MaxDriveSet, DWORD CurDriveSet ) 
{
	DWORD nb;
	DWORD drive;

	// Tell device driver which drives to monitor
	if ( ! DeviceIoControl(	sys_handle, FILEMON_setdrives,
							&CurDriveSet, sizeof CurDriveSet,
							&CurDriveSet, sizeof CurDriveSet,
							&nb, NULL ) )
		return 0;

	// Update menu items
	for ( drive = 0; drive < 32; ++drive )
		if ( MaxDriveSet & (1<<drive) )  {
			if ( CurDriveSet & (1<<drive) )
				CheckMenuItem( DriveMenu, IDC_DRIVE+drive, MF_BYCOMMAND|MF_CHECKED );
			else
				CheckMenuItem( DriveMenu, IDC_DRIVE+drive, MF_BYCOMMAND|MF_UNCHECKED );
		}
	return CurDriveSet;
}


/******************************************************************************
*
*	FUNCTION:	Split
*
*	PURPOSE:	Split a delimited line into components
*
******************************************************************************/
int Split( char * line, char delimiter, char * items[] )
{
	int		cnt = 0;

	for (;;)  {
		// Add prefix to list of components		
		items[cnt++] = line;

		// Check for more components
		line = strchr( line, delimiter );
		if ( line == NULL )
			return cnt;

		// Terminate previous component and move to next
		*line++ = '\0';
	}		
}


/******************************************************************************
*
*	FUNCTION:	ListAppend
*
*	PURPOSE:	Add a new line to List window
*
******************************************************************************/
BOOL List_Append( HWND hWndList, DWORD seq, LONGLONG time, char * line )
{
	LV_ITEM		lvI;	// list view item structure
	int			row;
	char	*	items[20];
	int			itemcnt = 0;
	FILETIME	localTime;
	SYSTEMTIME	systemTime;

	// Split line into columns
	itemcnt = Split( line, '\t', items );
	if ( itemcnt == 0 )
		return TRUE;

	// Determine row number for request
	if ( *items[0] )  {
		// Its a new request.  Put at end.
		row = 0x7FFFFFFF;
	} else {
		// Its a status.  Locate its associated request.
		lvI.mask = LVIF_PARAM;
		lvI.iSubItem = 0;
		for ( row = ListView_GetItemCount(hWndList) - 1; row >= 0; --row )  {
			lvI.iItem = row;
			if ( ListView_GetItem( hWndList, &lvI )  &&  (DWORD)lvI.lParam == seq )
				break;
		}
		if ( row == -1 )
			// No request associated with status.
			return TRUE;
	}

	// Sequence number if a new item
	if ( *items[0] )  {
		wsprintf( msgbuf, _T("%d"), seq );
		lvI.mask		= LVIF_TEXT | LVIF_PARAM;
		lvI.iItem		= row;
		lvI.iSubItem	= 0;
		lvI.pszText		= msgbuf;
		lvI.cchTextMax	= lstrlen( lvI.pszText ) + 1;
		lvI.lParam		= seq;
		row = ListView_InsertItem( hWndList, &lvI );
		if ( row == -1 )  {
			wsprintf( msgbuf, _T("Error adding item %d to list view"), seq );
			MessageBox( hWndList, msgbuf, APPNAME, MB_OK|MB_ICONERROR );
			return FALSE;
		}
        LastRow = row;
	}

	// Time - note: in order to save space in the log records
	// I convert all times read to date/times and, based on whether
	// the year is reasonable, chose to interpret the time as 
	// a timestamp or a duration.
	FileTimeToLocalFileTime( (PFILETIME) &time, &localTime );
	FileTimeToSystemTime( &localTime, &systemTime );

	if( systemTime.wYear < 1998 || systemTime.wYear > 2100 ) {

		swprintf( msgbuf, _T("%10.8f"), (((float) time) /
								  ((float) PerfFrequency.QuadPart)) );
	} else {

		GetTimeFormat( LOCALE_USER_DEFAULT, 0,
						&systemTime, NULL, msgbuf, 64 );
	}
	ListView_SetItemText( hWndList, row, 1, msgbuf );

#if GETPROCESS
	// Process name
	if ( itemcnt>0 && *items[0] ) {
		OemToChar( items[0], msgbuf );
		ListView_SetItemText( hWndList, row, 2, msgbuf );
	}
#endif

	// Request type
	if ( itemcnt>1 && *items[1] )  {
		OemToChar( items[1], msgbuf );
		ListView_SetItemText( hWndList, row, 2+GETPROCESS, msgbuf );
	}

	// Path
	if ( itemcnt>2 && *items[2] )  {
		OemToChar( items[2], msgbuf );
		ListView_SetItemText( hWndList, row, 3+GETPROCESS, msgbuf );
	}

	// Result
	if ( itemcnt>4 && *items[4] )  {
		OemToChar( items[4], msgbuf );
		ListView_SetItemText( hWndList, row, 4+GETPROCESS, msgbuf );
	}

	// Additional
	if ( itemcnt>3 && *items[3] )  {
		OemToChar( items[3], msgbuf );
		ListView_SetItemText( hWndList, row, 5+GETPROCESS, msgbuf );
	}

	return TRUE;
}


/******************************************************************************
*
*	FUNCTION:	UpdateStatistics
*
*	PURPOSE:	Clear the statistics window and refill it with the current 
*				contents of the statistics buffer.  Does not refresh the 
*				buffer from the device driver.
*
******************************************************************************/
void UpdateStatistics( HWND hWnd, HWND hWndList, BOOL Clear )
{
	PENTRY	ptr;

	// Just return if nothing to do
	if ( !Clear  &&  StatsLen < sizeof(int)+2 )
		return;

	// Start with empty list
	if ( Clear ) {
		ListView_DeleteAllItems( hWndList );
		LastRow = 0;