📄 fspyuser.c
字号:
case 'a': case 'A': // // Attach to the specified drive letter // parmIndex++; if (parmIndex >= argc) { // // Not enough parameters // goto InterpretCommand_Usage; } parm = argv[parmIndex]; printf("\tAttaching to %s\n", parm); bufferLength = MultiByteToWideChar( CP_ACP, MB_ERR_INVALID_CHARS, parm, -1, (LPWSTR)buffer, BUFFER_SIZE/sizeof(WCHAR)); bResult = DeviceIoControl( Context->Device, FILESPY_Attach, buffer, bufferLength * sizeof(WCHAR), NULL, 0, &bytesReturned, NULL); if (!bResult) { result = GetLastError(); printf("ERROR attaching to device...\n"); DisplayError( result ); } break; case 'd': case 'D': // // Detach to the specified drive letter // parmIndex++; if (parmIndex >= argc) { // // Not enough parameters // goto InterpretCommand_Usage; } parm = argv[parmIndex]; printf("\tDetaching from %s\n", parm); bufferLength = MultiByteToWideChar( CP_ACP, MB_ERR_INVALID_CHARS, parm, -1, (LPWSTR)buffer, BUFFER_SIZE/sizeof(WCHAR)); bResult = DeviceIoControl( Context->Device, FILESPY_Detach, buffer, bufferLength * sizeof(WCHAR), NULL, 0, &bytesReturned, NULL); if (!bResult) { result = GetLastError(); printf("ERROR detaching to device...\n"); DisplayError( result ); } break; case 'h': case 'H': ListHashStats(Context); break; case 'l': case 'L': // // List all devices that are currently being monitored // bResult = ListDevices(Context); if (!bResult) { result = GetLastError(); printf("ERROR listing devices...\n"); DisplayError( result ); } break; case 's': case 'S': // // Output logging results to screen, save new value to // instate when command interpreter is exited. // if (Context->NextLogToScreen) { printf("\tTurning off logging to screen\n"); } else { printf("\tTurning on logging to screen\n"); } Context->NextLogToScreen = !Context->NextLogToScreen; break; case 'f': case 'F': // // Output logging results to file // if (Context->LogToFile) { printf("\tStop logging to file \n"); Context->LogToFile = FALSE; _ASSERT(Context->OutputFile); fclose(Context->OutputFile); Context->OutputFile = NULL; } else { parmIndex++; if (parmIndex >= argc) { // Not enough parameters goto InterpretCommand_Usage; } parm = argv[parmIndex]; printf("\tLog to file %s\n", parm); Context->OutputFile = fopen(parm, "w"); _ASSERT(Context->OutputFile); Context->LogToFile = TRUE; } break; default: // // Invalid switch, goto usage // goto InterpretCommand_Usage; } } else { // // Look for "go" or "g" to see if we should exit interpreter // if (!_strnicmp( parm, INTERPRETER_EXIT_COMMAND1, sizeof(INTERPRETER_EXIT_COMMAND1))) { returnValue = EXIT_INTERPRETER; goto InterpretCommand_Exit; } if (!_strnicmp( parm, INTERPRETER_EXIT_COMMAND2, sizeof(INTERPRETER_EXIT_COMMAND2))) { returnValue = EXIT_INTERPRETER; goto InterpretCommand_Exit; } // // Look for "exit" to see if we should exit program // if (!_strnicmp( parm, PROGRAM_EXIT_COMMAND, sizeof(PROGRAM_EXIT_COMMAND))) { returnValue = EXIT_PROGRAM; goto InterpretCommand_Exit; } // // Invalid parameter // goto InterpretCommand_Usage; } }InterpretCommand_Exit: return returnValue;InterpretCommand_Usage: printf("Valid switches: [/a <drive>] [/d <drive>] [/h] [/l] [/s] [/f [<file name>]]\n" "\t[/a <drive>] attaches monitor to <drive>\n" "\t[/d <drive>] detaches monitor from <drive>\n" "\t[/h] print filename hash statistics\n" "\t[/l] lists all the drives the monitor is currently attached to\n" "\t[/s] turns on and off showing logging output on the screen\n" "\t[/f [<file name>]] turns on and off logging to the specified file\n" "If you are in command mode,\n" "\t[go|g] will exit command mode\n" "\t[exit] will terminate this program\n" ); returnValue = USAGE_ERROR; goto InterpretCommand_Exit;}BOOL
ListHashStats( PLOG_CONTEXT Context){ ULONG bytesReturned; BOOL returnValue;
HASH_STATISTICS hashStats; returnValue = DeviceIoControl( Context->Device, FILESPY_GetStats, NULL, 0, (CHAR *) &hashStats, BUFFER_SIZE, &bytesReturned, NULL); if (returnValue) { printf("HASH STATISTICS\n"); printf("---------------------------------\n"); printf("%-22s %8d\n", "Name lookups", hashStats.Lookups); printf("%-22s %8d\n", "Name lookup hits", hashStats.LookupHits); if (hashStats.Lookups) { printf( "%-22s %8.2f%%\n", "Hit ratio", ((FLOAT) hashStats.LookupHits / (FLOAT) hashStats.Lookups) * 100.); } printf("%-22s %8d\n", "Delete lookups", hashStats.DeleteLookups); printf("%-22s %8d\n", "Delete lookup hits", hashStats.DeleteLookupHits); if (hashStats.DeleteLookups) { printf( "%-22s %8.2f%%\n", "Hit ratio", ((FLOAT) hashStats.DeleteLookupHits / (FLOAT) hashStats.DeleteLookups) * 100.); } } return returnValue;}BOOL
ListDevices( PLOG_CONTEXT Context){ CHAR buffer[BUFFER_SIZE]; ULONG bytesReturned; BOOL returnValue;
returnValue = DeviceIoControl( Context->Device, FILESPY_ListDevices, NULL, 0, buffer, BUFFER_SIZE, &bytesReturned, NULL); if (returnValue) { PATTACHED_DEVICE device = (PATTACHED_DEVICE) buffer; printf("DEVICE NAME | STATUS\n"); printf("------------------------------------------\n"); if (bytesReturned == 0) { printf("No devices attached\n"); } else { while ((BYTE *)device < buffer + bytesReturned) { printf( "%-30S| %s\n", device->DeviceName, (device->LogState)?"ATTACHED":"DETACHED"); device ++; } } } return returnValue;}VOIDDisplayError ( DWORD Code )/*++Routine Description: This routine will display an error message based off of the Win32 error code that is passed in. This allows the user to see an understandable error message instead of just the code.Arguments: Code - The error code to be translated.Return Value: None.--*/{ WCHAR buffer[80] ; DWORD count ; // // Translate the Win32 error code into a useful message. // count = FormatMessage (FORMAT_MESSAGE_FROM_SYSTEM, NULL, Code, 0, buffer, sizeof (buffer), NULL) ; // // Make sure that the message could be translated. // if (count == 0) { printf("\nError could not be translated.\n Code: %d\n", Code) ; return; } else { // // Display the translated error. // printf("%S\n", buffer) ; return; }}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -