📄 fspylog.h
字号:
/*++
Copyright (c) 1989-1999 Microsoft Corporation
Module Name:
log.h
Abstract:
This module contains the structures and prototypes used by the user
program to retrieve and see the log records recorded by filespy.sys.
Author:
Molly Brown (MollyBro) 21-Apr-1999
Environment:
User mode
Revision History:
--*/
#ifndef __FSPYLOG_H__
#define __FSPYLOG_H__
#include <stdio.h>
#include "filespy.h"
#define BUFFER_SIZE 4096
typedef struct _LOG_CONTEXT{
HANDLE Device;
BOOLEAN LogToScreen;
BOOLEAN LogToFile;
FILE *OutputFile;
BOOLEAN NextLogToScreen;
// For synchronizing shutting down of both threads
BOOLEAN CleaningUp;
HANDLE ShutDown;
}LOG_CONTEXT, *PLOG_CONTEXT;
DWORD WINAPI
RetrieveLogRecords(
LPVOID lpParameter
);
VOID
IrpFileDump(
ULONG SequenceNumber,
WCHAR *Name,
PRECORD_IRP RecordIrp,
FILE *File
);
VOID
IrpScreenDump(
ULONG SequenceNumber,
WCHAR *Name,
PRECORD_IRP RecordIrp
);
VOID
FastIoFileDump(
ULONG SequenceNumber,
WCHAR *Name,
PRECORD_FASTIO RecordFastIo,
FILE *File
);
VOID
FastIoScreenDump(
ULONG SequenceNumber,
WCHAR *Name,
PRECORD_FASTIO RecordFastIo
);
//
// Strings for the Irp major and minor codes
//
#define IRP_MJ_CREATE_STRING "IRP_MJ_CREATE"
#define IRP_MJ_CREATE_NAMED_PIPE_STRING "IRP_MJ_CREATE_NAMED_PIPE"
#define IRP_MJ_CLOSE_STRING "IRP_MJ_CLOSE"
#define IRP_MJ_READ_STRING "IRP_MJ_READ"
#define IRP_MJ_WRITE_STRING "IRP_MJ_WRITE"
#define IRP_MJ_QUERY_INFORMATION_STRING "IRP_MJ_QUERY_INFORMATION"
#define IRP_MJ_SET_INFORMATION_STRING "IRP_MJ_SET_INFORMATION"
#define IRP_MJ_QUERY_EA_STRING "IRP_MJ_QUERY_EA"
#define IRP_MJ_SET_EA_STRING "IRP_MJ_SET_EA"
#define IRP_MJ_FLUSH_BUFFERS_STRING "IRP_MJ_FLUSH_BUFFERS"
#define IRP_MJ_QUERY_VOLUME_INFORMATION_STRING "IRP_MJ_QUERY_VOLUME_INFORMATION"
#define IRP_MJ_SET_VOLUME_INFORMATION_STRING "IRP_MJ_SET_VOLUME_INFORMATION"
#define IRP_MJ_DIRECTORY_CONTROL_STRING "IRP_MJ_DIRECTORY_CONTROL"
#define IRP_MJ_FILE_SYSTEM_CONTROL_STRING "IRP_MJ_FILE_SYSTEM_CONTROL"
#define IRP_MJ_DEVICE_CONTROL_STRING "IRP_MJ_DEVICE_CONTROL"
#define IRP_MJ_INTERNAL_DEVICE_CONTROL_STRING "IRP_MJ_INTERNAL_DEVICE_CONTROL"
#define IRP_MJ_SHUTDOWN_STRING "IRP_MJ_SHUTDOWN"
#define IRP_MJ_LOCK_CONTROL_STRING "IRP_MJ_LOCK_CONTROL"
#define IRP_MJ_CLEANUP_STRING "IRP_MJ_CLEANUP"
#define IRP_MJ_CREATE_MAILSLOT_STRING "IRP_MJ_CREATE_MAILSLOT"
#define IRP_MJ_QUERY_SECURITY_STRING "IRP_MJ_QUERY_SECURITY"
#define IRP_MJ_SET_SECURITY_STRING "IRP_MJ_SET_SECURITY"
#define IRP_MJ_POWER_STRING "IRP_MJ_POWER"
#define IRP_MJ_SYSTEM_CONTROL_STRING "IRP_MJ_SYSTEM_CONTROL"
#define IRP_MJ_DEVICE_CHANGE_STRING "IRP_MJ_DEVICE_CHANGE"
#define IRP_MJ_QUERY_QUOTA_STRING "IRP_MJ_QUERY_QUOTA"
#define IRP_MJ_SET_QUOTA_STRING "IRP_MJ_SET_QUOTA"
#define IRP_MJ_PNP_STRING "IRP_MJ_PNP"
#define IRP_MJ_MAXIMUM_FUNCTION_STRING "IRP_MJ_MAXIMUM_FUNCTION"
//
// Strings for the Irp minor codes
//
#define IRP_MN_QUERY_DIRECTORY_STRING "IRP_MN_QUERY_DIRECTORY"
#define IRP_MN_NOTIFY_CHANGE_DIRECTORY_STRING "IRP_MN_NOTIFY_CHANGE_DIRECTORY"
#define IRP_MN_USER_FS_REQUEST_STRING "IRP_MN_USER_FS_REQUEST"
#define IRP_MN_MOUNT_VOLUME_STRING "IRP_MN_MOUNT_VOLUME"
#define IRP_MN_VERIFY_VOLUME_STRING "IRP_MN_VERIFY_VOLUME"
#define IRP_MN_LOAD_FILE_SYSTEM_STRING "IRP_MN_LOAD_FILE_SYSTEM"
#define IRP_MN_TRACK_LINK_STRING "IRP_MN_TRACK_LINK"
#define IRP_MN_LOCK_STRING "IRP_MN_LOCK"
#define IRP_MN_UNLOCK_SINGLE_STRING "IRP_MN_UNLOCK_SINGLE"
#define IRP_MN_UNLOCK_ALL_STRING "IRP_MN_UNLOCK_ALL"
#define IRP_MN_UNLOCK_ALL_BY_KEY_STRING "IRP_MN_UNLOCK_ALL_BY_KEY"
#define IRP_MN_NORMAL_STRING "IRP_MN_NORMAL"
#define IRP_MN_DPC_STRING "IRP_MN_DPC"
#define IRP_MN_MDL_STRING "IRP_MN_MDL"
#define IRP_MN_COMPLETE_STRING "IRP_MN_COMPLETE"
#define IRP_MN_COMPRESSED_STRING "IRP_MN_COMPRESSED"
#define IRP_MN_MDL_DPC_STRING "IRP_MN_MDL_DPC"
#define IRP_MN_COMPLETE_MDL_STRING "IRP_MN_COMPLETE_MDL"
#define IRP_MN_COMPLETE_MDL_DPC_STRING "IRP_MN_COMPLETE_MDL_DPC"
#define IRP_MN_SCSI_CLASS_STRING "IRP_MN_SCSI_CLASS"
#define IRP_MN_START_DEVICE_STRING "IRP_MN_START_DEVICE"
#define IRP_MN_QUERY_REMOVE_DEVICE_STRING "IRP_MN_QUERY_REMOVE_DEVICE"
#define IRP_MN_REMOVE_DEVICE_STRING "IRP_MN_REMOVE_DEVICE"
#define IRP_MN_CANCEL_REMOVE_DEVICE_STRING "IRP_MN_CANCEL_REMOVE_DEVICE"
#define IRP_MN_STOP_DEVICE_STRING "IRP_MN_STOP_DEVICE"
#define IRP_MN_QUERY_STOP_DEVICE_STRING "IRP_MN_QUERY_STOP_DEVICE"
#define IRP_MN_CANCEL_STOP_DEVICE_STRING "IRP_MN_CANCEL_STOP_DEVICE"
#define IRP_MN_QUERY_DEVICE_RELATIONS_STRING "IRP_MN_QUERY_DEVICE_RELATIONS"
#define IRP_MN_QUERY_INTERFACE_STRING "IRP_MN_QUERY_INTERFACE"
#define IRP_MN_QUERY_CAPABILITIES_STRING "IRP_MN_QUERY_CAPABILITIES"
#define IRP_MN_QUERY_RESOURCES_STRING "IRP_MN_QUERY_RESOURCES"
#define IRP_MN_QUERY_RESOURCE_REQUIREMENTS_STRING "IRP_MN_QUERY_RESOURCE_REQUIREMENTS"
#define IRP_MN_QUERY_DEVICE_TEXT_STRING "IRP_MN_QUERY_DEVICE_TEXT"
#define IRP_MN_FILTER_RESOURCE_REQUIREMENTS_STRING "IRP_MN_FILTER_RESOURCE_REQUIREMENTS"
#define IRP_MN_READ_CONFIG_STRING "IRP_MN_READ_CONFIG"
#define IRP_MN_WRITE_CONFIG_STRING "IRP_MN_WRITE_CONFIG"
#define IRP_MN_EJECT_STRING "IRP_MN_EJECT"
#define IRP_MN_SET_LOCK_STRING "IRP_MN_SET_LOCK"
#define IRP_MN_QUERY_ID_STRING "IRP_MN_QUERY_ID"
#define IRP_MN_QUERY_PNP_DEVICE_STATE_STRING "IRP_MN_QUERY_PNP_DEVICE_STATE"
#define IRP_MN_QUERY_BUS_INFORMATION_STRING "IRP_MN_QUERY_BUS_INFORMATION"
#define IRP_MN_DEVICE_USAGE_NOTIFICATION_STRING "IRP_MN_DEVICE_USAGE_NOTIFICATION"
#define IRP_MN_SURPRISE_REMOVAL_STRING "IRP_MN_SURPRISE_REMOVAL"
#define IRP_MN_QUERY_LEGACY_BUS_INFORMATION_STRING "IRP_MN_QUERY_LEGACY_BUS_INFORMATION"
#define IRP_MN_WAIT_WAKE_STRING "IRP_MN_WAIT_WAKE"
#define IRP_MN_POWER_SEQUENCE_STRING "IRP_MN_POWER_SEQUENCE"
#define IRP_MN_SET_POWER_STRING "IRP_MN_SET_POWER"
#define IRP_MN_QUERY_POWER_STRING "IRP_MN_QUERY_POWER"
#define IRP_MN_QUERY_ALL_DATA_STRING "IRP_MN_QUERY_ALL_DATA"
#define IRP_MN_QUERY_SINGLE_INSTANCE_STRING "IRP_MN_QUERY_SINGLE_INSTANCE"
#define IRP_MN_CHANGE_SINGLE_INSTANCE_STRING "IRP_MN_CHANGE_SINGLE_INSTANCE"
#define IRP_MN_CHANGE_SINGLE_ITEM_STRING "IRP_MN_CHANGE_SINGLE_ITEM"
#define IRP_MN_ENABLE_EVENTS_STRING "IRP_MN_ENABLE_EVENTS"
#define IRP_MN_DISABLE_EVENTS_STRING "IRP_MN_DISABLE_EVENTS"
#define IRP_MN_ENABLE_COLLECTION_STRING "IRP_MN_ENABLE_COLLECTION"
#define IRP_MN_DISABLE_COLLECTION_STRING "IRP_MN_DISABLE_COLLECTION"
#define IRP_MN_REGINFO_STRING "IRP_MN_REGINFO"
#define IRP_MN_EXECUTE_METHOD_STRING "IRP_MN_EXECUTE_METHOD"
//
// Strings for the Fast I/O types
//
#define CHECK_IF_POSSIBLE_STRING "CHECK IF POSSIBLE"
#define READ_STRING "READ"
#define WRITE_STRING "WRITE"
#define QUERY_BASIC_INFO_STRING "QUERY BASIC INFO"
#define QUERY_STANDARD_INFO_STRING "QUERY STANDARD INFO"
#define LOCK_STRING "LOCK"
#define UNLOCK_SINGLE_STRING "UNLOCK SINGLE"
#define UNLOCK_ALL_STRING "UNLOCK ALL"
#define UNLOCK_ALL_BY_KEY_STRING "UNLOCK ALL BY KEY"
#define DEVICE_CONTROL_STRING "DEVICE CONTROL"
#define ACQUIRE_FILE_STRING "ACQUIRE FILE"
#define RELEASE_FILE_STRING "RELEASE FILE"
#define DETACH_DEVICE_STRING "DETACH DEVICE"
#define QUERY_NETWORK_OPEN_INFO_STRING "QUERY NETWORK OPEN INFO"
#define ACQUIRE_FOR_MOD_WRITE_STRING "ACQUIRE FOR MOD WRITE"
#define MDL_READ_STRING "MLD READ"
#define MDL_READ_COMPLETE_STRING "MDL READ COMPLETE"
#define MDL_WRITE_STRING "MDL WRITE"
#define MDL_WRITE_COMPLETE_STRING "MDL WRITE COMPLETE"
#define READ_COMPRESSED_STRING "READ COMPRESSED"
#define WRITE_COMPRESSED_STRING "WRITE COMPRESSED"
#define MDL_READ_COMPLETE_COMPRESSED_STRING "MDL READ COMPLETE COMPRESSED"
#define PREPARE_MDL_WRITE_STRING "PREPARE MDL WRITE"
#define MDL_WRITE_COMPLETE_COMPRESSED_STRING "MDL WRITE COMPLETE COMPRESSED"
#define QUERY_OPEN_STRING "QUERY OPEN"
#define RELEASE_FOR_MOD_WRITE_STRING "RELEASE FOR MOD WRITE"
#define ACQUIRE_FOR_CC_FLUSH_STRING "ACQUIRE FOR CC FLUSH"
#define RELEASE_FOR_CC_FLUSH_STRING "RELEASE FOR CC FLUSH"
#define IRP_MJ_CREATE 0x00
#define IRP_MJ_CREATE_NAMED_PIPE 0x01
#define IRP_MJ_CLOSE 0x02
#define IRP_MJ_READ 0x03
#define IRP_MJ_WRITE 0x04
#define IRP_MJ_QUERY_INFORMATION 0x05
#define IRP_MJ_SET_INFORMATION 0x06
#define IRP_MJ_QUERY_EA 0x07
#define IRP_MJ_SET_EA 0x08
#define IRP_MJ_FLUSH_BUFFERS 0x09
#define IRP_MJ_QUERY_VOLUME_INFORMATION 0x0a
#define IRP_MJ_SET_VOLUME_INFORMATION 0x0b
#define IRP_MJ_DIRECTORY_CONTROL 0x0c
#define IRP_MJ_FILE_SYSTEM_CONTROL 0x0d
#define IRP_MJ_DEVICE_CONTROL 0x0e
#define IRP_MJ_INTERNAL_DEVICE_CONTROL 0x0f
#define IRP_MJ_SHUTDOWN 0x10
#define IRP_MJ_LOCK_CONTROL 0x11
#define IRP_MJ_CLEANUP 0x12
#define IRP_MJ_CREATE_MAILSLOT 0x13
#define IRP_MJ_QUERY_SECURITY 0x14
#define IRP_MJ_SET_SECURITY 0x15
#define IRP_MJ_POWER 0x16
#define IRP_MJ_SYSTEM_CONTROL 0x17
#define IRP_MJ_DEVICE_CHANGE 0x18
#define IRP_MJ_QUERY_QUOTA 0x19
#define IRP_MJ_SET_QUOTA 0x1a
#define IRP_MJ_PNP 0x1b
#define IRP_MJ_MAXIMUM_FUNCTION 0x1b
#define IRP_MN_QUERY_DIRECTORY 0x01
#define IRP_MN_NOTIFY_CHANGE_DIRECTORY 0x02
#define IRP_MN_USER_FS_REQUEST 0x00
#define IRP_MN_MOUNT_VOLUME 0x01
#define IRP_MN_VERIFY_VOLUME 0x02
#define IRP_MN_LOAD_FILE_SYSTEM 0x03
#define IRP_MN_TRACK_LINK 0x04
#define IRP_MN_LOCK 0x01
#define IRP_MN_UNLOCK_SINGLE 0x02
#define IRP_MN_UNLOCK_ALL 0x03
#define IRP_MN_UNLOCK_ALL_BY_KEY 0x04
#define IRP_MN_NORMAL 0x00
#define IRP_MN_DPC 0x01
#define IRP_MN_MDL 0x02
#define IRP_MN_COMPLETE 0x04
#define IRP_MN_COMPRESSED 0x08
#define IRP_MN_MDL_DPC (IRP_MN_MDL | IRP_MN_DPC)
#define IRP_MN_COMPLETE_MDL (IRP_MN_COMPLETE | IRP_MN_MDL)
#define IRP_MN_COMPLETE_MDL_DPC (IRP_MN_COMPLETE_MDL | IRP_MN_DPC)
#define IRP_MN_SCSI_CLASS 0x01
#define IRP_MN_START_DEVICE 0x00
#define IRP_MN_QUERY_REMOVE_DEVICE 0x01
#define IRP_MN_REMOVE_DEVICE 0x02
#define IRP_MN_CANCEL_REMOVE_DEVICE 0x03
#define IRP_MN_STOP_DEVICE 0x04
#define IRP_MN_QUERY_STOP_DEVICE 0x05
#define IRP_MN_CANCEL_STOP_DEVICE 0x06
#define IRP_MN_QUERY_DEVICE_RELATIONS 0x07
#define IRP_MN_QUERY_INTERFACE 0x08
#define IRP_MN_QUERY_CAPABILITIES 0x09
#define IRP_MN_QUERY_RESOURCES 0x0A
#define IRP_MN_QUERY_RESOURCE_REQUIREMENTS 0x0B
#define IRP_MN_QUERY_DEVICE_TEXT 0x0C
#define IRP_MN_FILTER_RESOURCE_REQUIREMENTS 0x0D
#define IRP_MN_READ_CONFIG 0x0F
#define IRP_MN_WRITE_CONFIG 0x10
#define IRP_MN_EJECT 0x11
#define IRP_MN_SET_LOCK 0x12
#define IRP_MN_QUERY_ID 0x13
#define IRP_MN_QUERY_PNP_DEVICE_STATE 0x14
#define IRP_MN_QUERY_BUS_INFORMATION 0x15
#define IRP_MN_DEVICE_USAGE_NOTIFICATION 0x16
#define IRP_MN_SURPRISE_REMOVAL 0x17
#define IRP_MN_QUERY_LEGACY_BUS_INFORMATION 0x18
#define IRP_MN_WAIT_WAKE 0x00
#define IRP_MN_POWER_SEQUENCE 0x01
#define IRP_MN_SET_POWER 0x02
#define IRP_MN_QUERY_POWER 0x03
#define IRP_MN_QUERY_ALL_DATA 0x00
#define IRP_MN_QUERY_SINGLE_INSTANCE 0x01
#define IRP_MN_CHANGE_SINGLE_INSTANCE 0x02
#define IRP_MN_CHANGE_SINGLE_ITEM 0x03
#define IRP_MN_ENABLE_EVENTS 0x04
#define IRP_MN_DISABLE_EVENTS 0x05
#define IRP_MN_ENABLE_COLLECTION 0x06
#define IRP_MN_DISABLE_COLLECTION 0x07
#define IRP_MN_REGINFO 0x08
#define IRP_MN_EXECUTE_METHOD 0x09
#define IRP_NOCACHE 0x00000001
#define IRP_PAGING_IO 0x00000002
#define IRP_SYNCHRONOUS_API 0x00000004
#define IRP_SYNCHRONOUS_PAGING_IO 0x00000040
#endif __LOG_H__
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -