fspyuser.c

文件过滤驱动

/*++

Copyright (c) 1989-1999  Microsoft Corporation

Module Name:

    fspyUser.c

Abstract:

    This file contains the implementation for the main function of the 
    user application piece of FileSpy.  This function is responsible for
    controlling the command mode available to the user to control the 
    kernel mode driver.
    
Author:

    George Jenkins (GeorgeJe)                       

Environment:

    User mode


Revision History:

    Molly Brown (MollyBro) 21-Apr-1999
        Broke out the logging code and added command mode functionality.
        
--*/

#include <windows.h>                
#include <stdlib.h>
#include <stdio.h>
#include <winioctl.h>
#include <string.h>
#include <crtdbg.h>
#include "filespy.h"
#include "fspyLog.h"
#include "fspyServ.h"

#define SUCCESS              0
#define USAGE_ERROR          1
#define EXIT_INTERPRETER     2
#define EXIT_PROGRAM         4

#define INTERPRETER_EXIT_COMMAND1 "go"
#define INTERPRETER_EXIT_COMMAND2 "g"
#define PROGRAM_EXIT_COMMAND      "exit"

DWORD
InterpretCommand(
    int argc,
    char *argv[],
    PLOG_CONTEXT Context
);

BOOL
ListDevices(
    PLOG_CONTEXT Context
);

BOOL
ListHashStats(
    PLOG_CONTEXT Context
);

VOID
DisplayError (
   DWORD Code
   );

int _cdecl main(int argc, char *argv[])
{
    SC_HANDLE               hSCManager = NULL;
    SC_HANDLE               hService = NULL;
    SERVICE_STATUS_PROCESS  serviceInfo;
    DWORD                   bytesNeeded;
    HANDLE                  hDevice = NULL;
    BOOL                    bResult;
    DWORD                   result;
    ULONG                   threadId;
    HANDLE                  thread = NULL;
    LOG_CONTEXT             context;
    INT                     inputChar;


    //
    // Initialize handle in case of error
    //

    context.ShutDown = NULL;

    //
    // Start the kernel mode driver through the service manager
    //
    
    hSCManager = OpenSCManager (NULL, NULL, SC_MANAGER_ALL_ACCESS) ;
    hService = OpenService( hSCManager,
                            FILESPY_SERVICE_NAME,
                            FILESPY_SERVICE_ACCESS);
    if (!QueryServiceStatusEx( hService,
                               SC_STATUS_PROCESS_INFO,
                               (UCHAR *)&serviceInfo,
                               sizeof(serviceInfo),
                               &bytesNeeded)) {
        result = GetLastError();
        DisplayError( result );
        goto Main_Exit;
    }

    if(serviceInfo.dwCurrentState != SERVICE_RUNNING) {
        //
        // Service hasn't been started yet, so try to start service
        //
        if (!StartService(hService, 0, NULL)) {
            result = GetLastError();
            printf("ERROR starting FileSpy...\n");
            DisplayError( result );
            goto Main_Exit;
        }
    }
   

    printf("Hit [Enter] to begin command mode...\n");

    //
    //  Open the device that is used to talk to FileSpy.
    //
    printf("FileSpy:  Opening device...\n");
    
    hDevice = CreateFile( FILESPY_W32_DEVICE_NAME,
                          GENERIC_READ | GENERIC_WRITE,
                          0,
                          NULL,
                          OPEN_EXISTING,
                          FILE_ATTRIBUTE_NORMAL,
                          NULL);
    if (hDevice == INVALID_HANDLE_VALUE) {
        result = GetLastError();
        printf("ERROR opening device...\n");
        DisplayError( result );
        goto Main_Exit;
    }
    
    //
    //  Initialize the fields of the LOG_CONTEXT.
    //
    context.Device = hDevice;
    context.ShutDown = CreateSemaphore(
        NULL, 
        0, 
        1, 
        (LPCTSTR)"FileSpy shutdown");
    context.CleaningUp = FALSE;
    context.LogToScreen = context.NextLogToScreen = TRUE;
    context.LogToFile = FALSE;
    context.OutputFile = NULL;

    //
    // Check the valid parameters for startup
    //
    if (argc > 1) {
        if (InterpretCommand(argc - 1, &(argv[1]), &context) == USAGE_ERROR) {
            goto Main_Exit;
        }
    }

    //
    // Propogate the /s switch to the variable that the logging
    // thread checks.
    //
    context.LogToScreen = context.NextLogToScreen;

    //
    // Check to see what devices we are attached to from
    // previous runs of this program.
    //
    bResult = ListDevices(&context);
    if (!bResult) {
        result = GetLastError();
        printf("ERROR listing devices...\n");
        DisplayError( result );
    }

    //
    // Create the thread to read the log records that are gathered
    // by filespy.sys.
    //
    printf("FileSpy:  Creating logging thread...\n");
    thread = CreateThread(
        NULL,
        0,
        RetrieveLogRecords,
        (LPVOID)&context,
        0,
        &threadId);
    if (!thread) {
        result = GetLastError();
        printf("ERROR creating logging thread...\n");
        DisplayError( result );
        goto Main_Exit;
    }

    while (inputChar = getchar()) {
        CHAR    commandLine[81];
        INT     parmCount, count, ch;
        CHAR  **parms;
        BOOLEAN newParm;
        DWORD   returnValue = SUCCESS;

        if (inputChar == '\n') {
            //
            // Start command interpreter.  First we must turn off logging
            // to screen if we are.  Also, remember the state of logging
            // to the screen, so that we can reinstate that when command
            // interpreter is finished.
            //
            context.NextLogToScreen = context.LogToScreen;
            context.LogToScreen = FALSE;

            while (returnValue != EXIT_INTERPRETER) {
                //
                // Print prompt
                //
                printf(">");

                //
                // Read in next line, keeping track of the number of parameters 
                // as you go
                //
                parmCount = 1;
                for (count = 0; 
                     (count < 80) && ((ch = getchar())!= '\n'); 
                     count++) {
                    commandLine[count] = (CHAR)ch;
                    if (ch == ' ') {
                        parmCount ++;
                    }
                }
                commandLine[count] = '\0';
    
                parms = (CHAR **)malloc(parmCount * sizeof(CHAR *));
    
                parmCount = 0;
                newParm = TRUE;
                for (count = 0; commandLine[count] != '\0'; count++) {
                    if (newParm) {
                        parms[parmCount] = &(commandLine[count]);
                        parmCount ++;
                    }
                    if (commandLine[count] == ' ' ) {
                        newParm = TRUE;
                    } else {
                        newParm = FALSE;
                    }
                }
    
                //
                // We've got our parameter count and parameter list, so
                // send it off to be interpreted.
                //
                returnValue = InterpretCommand(parmCount, parms, &context);
                free(parms);
                if (returnValue == EXIT_PROGRAM) {
                    // Time to stop the program
                    goto Main_Cleanup;
                }
            }

            // Set LogToScreen appropriately based on any commands seen
            context.LogToScreen = context.NextLogToScreen;

            if (context.LogToScreen) {
                printf("Should be logging to screen...\n");
            }
        }
    }

Main_Cleanup:
    //
    // Clean up the threads, then fall through to Main_Exit
    //

    printf("FileSpy:  Cleaning up...\n");
    // 
    // Set the Cleaning up flag to TRUE to notify other threads
    // that we are cleaning up
    //
    context.CleaningUp = TRUE;

    // 
    // Wait for everyone to shut down
    //
    WaitForSingleObject(context.ShutDown, INFINITE);
    if (context.LogToFile) {
        fclose(context.OutputFile);
    }

Main_Exit:
    // 
    // Clean up the data that is alway around and exit
    //
    if(context.ShutDown) {
        CloseHandle(context.ShutDown);
    }
    if (thread) {
        CloseHandle(thread);
    }

    if(hSCManager) {
        CloseServiceHandle(hSCManager);
    }
    if(hService) {
        CloseServiceHandle(hService);
    }
    if (hDevice) {
        CloseHandle(hDevice);
    }
    
    printf("FileSpy:  All done\n");
    return 0;  

}


DWORD
InterpretCommand(
    int argc,
    char *argv[],
    PLOG_CONTEXT Context
)
{
    int         parmIndex;
    CHAR       *parm;      
    BOOL        bResult;
    DWORD       result;
    DWORD       returnValue = SUCCESS;
    CHAR        buffer[BUFFER_SIZE];
    DWORD       bufferLength;
    DWORD       bytesReturned;

    //
    // Interprete the command line parameters
    //
    for (parmIndex = 0; parmIndex < argc; parmIndex++) {
        parm = argv[parmIndex];
        if (parm[0] == '/') {
            //
            // Have the beginning of a switch
            //
            switch (parm[1]) {