📄 fspylog.c
字号:
Buffer,
"%02d:%02d:%02d:%03d",
SystemTime->wHour,
SystemTime->wMinute,
SystemTime->wSecond,
SystemTime->wMilliseconds);
return returnLength;
}
/*++
Routine Name:
IrpFileDump
Routine Description:
Prints a Irp log record to the specified file. The output is in a tab
delimited format with the fields in the following order:
SequenceNumber, OriginatingTime, CompletionTime, IrpMajor, IrpMinor,
IrpFlags, NoCache, Paging I/O, Synchronous, Synchronous paging, FileName,
ReturnStatus, FileName
Arguments:
SequenceNumber - the sequence number for this log record
Name - the name of the file that this Irp relates to
RecordIrp - the Irp record to print
File - the file to print to
Return Value:
None.
--*/
VOID
IrpFileDump(
ULONG SequenceNumber,
WCHAR *Name,
PRECORD_IRP RecordIrp,
FILE *File
)
{
FILETIME localTime;
SYSTEMTIME systemTime;
CHAR time[TIME_BUFFER_LENGTH];
fprintf(File, "I\t%08X", SequenceNumber);
// Convert originating time
FileTimeToLocalFileTime(
(FILETIME *)&(RecordIrp->OriginatingTime),
&localTime);
FileTimeToSystemTime(
&localTime,
&systemTime);
if (FormatSystemTime(&systemTime, time, TIME_BUFFER_LENGTH)) {
fprintf(File, "\t%-12s", time);
} else {
fprintf(File, "\t%-12s", TIME_ERROR);
}
// Convert completion time
FileTimeToLocalFileTime(
(FILETIME *)&(RecordIrp->CompletionTime),
&localTime);
FileTimeToSystemTime(
&localTime,
&systemTime);
if (FormatSystemTime(&systemTime, time, TIME_BUFFER_LENGTH)) {
fprintf(File, "\t%-12s", time);
} else {
fprintf(File, "\t%-12s", TIME_ERROR);
}
fprintf(File, "\t%8x.%-4x ", RecordIrp->ProcessId, RecordIrp->ThreadId);
PrintIrpCode(RecordIrp->IrpMajor, RecordIrp->IrpMinor, File, TRUE);
// Interpret set flags
fprintf(File, "\t%08lx ", RecordIrp->IrpFlags);
fprintf(File,
"%s",
(RecordIrp->IrpFlags & IRP_NOCACHE) ? "N":"-");
fprintf(File,
"%s",
(RecordIrp->IrpFlags & IRP_PAGING_IO) ? "P":"-");
fprintf(File,
"%s",
(RecordIrp->IrpFlags & IRP_SYNCHRONOUS_API) ? "S":"-");
fprintf(File,
"%s",
(RecordIrp->IrpFlags & IRP_SYNCHRONOUS_PAGING_IO) ? "Y":"-");
fprintf(File, "\t%08p", RecordIrp->FileObject);
fprintf(File, "\t%08lx:%08lx",
RecordIrp->ReturnStatus,
RecordIrp->ReturnInformation);
fprintf(File, "\t%S", Name);
fprintf(File, "\n");
}
/*++
Routine Name:
IrpScreenDump
Routine Description:
Prints a Irp log record to the screen in the following order:
SequenceNumber, OriginatingTime, CompletionTime, IrpMajor, IrpMinor,
IrpFlags, NoCache, Paging I/O, Synchronous, Synchronous paging,
FileName, ReturnStatus, FileName
Arguments:
SequenceNumber - the sequence number for this log record
Name - the file name to which this Irp relates
RecordIrp - the Irp record to print
Return Value:
None.
--*/
VOID
IrpScreenDump(
ULONG SequenceNumber,
WCHAR *Name,
PRECORD_IRP RecordIrp
)
{
FILETIME localTime;
SYSTEMTIME systemTime;
CHAR time[TIME_BUFFER_LENGTH];
printf("I %08X ", SequenceNumber);
// Convert originating time
FileTimeToLocalFileTime(
(FILETIME *)&(RecordIrp->OriginatingTime),
&localTime);
FileTimeToSystemTime(
&localTime,
&systemTime);
if (FormatSystemTime(&systemTime, time, TIME_BUFFER_LENGTH)) {
printf("%-12s ", time);
} else {
printf("%-12s ", TIME_ERROR);
}
// Convert completion time
FileTimeToLocalFileTime(
(FILETIME *)&(RecordIrp->CompletionTime),
&localTime);
FileTimeToSystemTime(
&localTime,
&systemTime);
if (FormatSystemTime(&systemTime, time, TIME_BUFFER_LENGTH)) {
printf("%-12s ", time);
} else {
printf("%-12s ", TIME_ERROR);
}
printf("%8x.%-4x ", RecordIrp->ProcessId, RecordIrp->ThreadId);
PrintIrpCode(RecordIrp->IrpMajor, RecordIrp->IrpMinor, NULL, TRUE);
// Interpret set flags
printf("%08lx ", RecordIrp->IrpFlags);
printf(
"%s",
(RecordIrp->IrpFlags & IRP_NOCACHE) ? "N":"-");
printf(
"%s",
(RecordIrp->IrpFlags & IRP_PAGING_IO) ? "P":"-");
printf(
"%s",
(RecordIrp->IrpFlags & IRP_SYNCHRONOUS_API) ? "S":"-");
printf(
"%s ",
(RecordIrp->IrpFlags & IRP_SYNCHRONOUS_PAGING_IO) ? "Y":"-");
printf("%08p ", RecordIrp->FileObject);
printf("%08lx:%08lx ",
RecordIrp->ReturnStatus,
RecordIrp->ReturnInformation);
printf("%S", Name);
printf("\n");
PrintIrpCode(RecordIrp->IrpMajor, RecordIrp->IrpMinor, NULL, FALSE);
}
/*++
Routine Name:
FastIoFileDump
Routine Description:
Prints a FastIo log record to the specified file. The output is in a tab
delimited format with the fields in the following order:
SequenceNumber, StartTime, CompletionTime, Fast I/O Type, FileName,
Length, Wait, ReturnStatus, FileName
Arguments:
SequenceNumber - the sequence number for this log record
Name - the name of the file referenced by this Fast I/O operation
RecordFastIo - the FastIo record to print
File - the file to print to
Return Value:
None.
--*/
VOID
FastIoFileDump(
ULONG SequenceNumber,
WCHAR *Name,
PRECORD_FASTIO RecordFastIo,
FILE *File
)
{
SYSTEMTIME systemTime;
FILETIME localTime;
CHAR time[TIME_BUFFER_LENGTH];
fprintf(File, "F\t%08X", SequenceNumber);
// Convert start time
FileTimeToLocalFileTime(
(FILETIME *)&(RecordFastIo->StartTime),
&localTime);
FileTimeToSystemTime(
&localTime,
&systemTime);
if (FormatSystemTime(&systemTime, time, TIME_BUFFER_LENGTH)) {
fprintf(File, "\t%-12s", time);
} else {
fprintf(File, "\t%-12s", TIME_ERROR);
}
// Convert completion time
FileTimeToLocalFileTime(
(FILETIME *)&(RecordFastIo->CompletionTime),
&localTime);
FileTimeToSystemTime(
&localTime,
&systemTime);
if (FormatSystemTime(&systemTime, time, TIME_BUFFER_LENGTH)) {
fprintf(File, "\t%-12s", time);
} else {
fprintf(File, "\t%-12s", TIME_ERROR);
}
fprintf(File, "\t%8x.%-4x ", RecordFastIo->ProcessId, RecordFastIo->ThreadId);
fprintf(File, "\t");
PrintFastIoType(RecordFastIo->Type, File);
fprintf(File, "\t%s", (RecordFastIo->Wait)?"T":"F");
fprintf(File, "\t%08x", RecordFastIo->Length);
fprintf(File, "\t%016I64x ", RecordFastIo->FileOffset);
fprintf(File, "\t%08p", RecordFastIo->FileObject);
fprintf(File, "\t%08x", RecordFastIo->ReturnStatus);
fprintf(File, "\t%S", Name);
fprintf(File, "\n");
}
/*++
Routine Name:
FastIoScreenDump
Routine Description:
Prints a FastIo log record to the screen in the following order:
SequenceNumber, StartTime, CompletionTime, Fast I/O Type, FileName,
Length, Wait, ReturnStatus, FileName
Arguments:
SequenceNumber - the sequence number for this log record
Name - the name of the file referenced by this Fast I/O operation
RecordIrp - the Irp record to print
Return Value:
None.
--*/
VOID
FastIoScreenDump(
ULONG SequenceNumber,
WCHAR *Name,
PRECORD_FASTIO RecordFastIo
)
{
SYSTEMTIME systemTime;
FILETIME localTime;
CHAR time[TIME_BUFFER_LENGTH];
printf("F %08X ", SequenceNumber);
// Convert start time
FileTimeToLocalFileTime(
(FILETIME *)&(RecordFastIo->StartTime),
&localTime);
FileTimeToSystemTime(
&localTime,
&systemTime);
if (FormatSystemTime(&systemTime, time, TIME_BUFFER_LENGTH)) {
printf("%-12s ", time);
} else {
printf("%-12s ", TIME_ERROR);
}
// Convert completion time
FileTimeToLocalFileTime(
(FILETIME *)&(RecordFastIo->CompletionTime),
&localTime);
FileTimeToSystemTime(
&localTime,
&systemTime);
if (FormatSystemTime(&systemTime, time, TIME_BUFFER_LENGTH)) {
printf("%-12s ", time);
} else {
printf("%-12s ", TIME_ERROR);
}
printf("%8x.%-4x ", RecordFastIo->ProcessId, RecordFastIo->ThreadId);
PrintFastIoType(RecordFastIo->Type, NULL);
printf("%s ", (RecordFastIo->Wait)?"T":"F");
printf("%08x ", RecordFastIo->Length);
printf("%016I64x ", RecordFastIo->FileOffset);
printf("%08p ", RecordFastIo->FileObject);
printf("%08x ", RecordFastIo->ReturnStatus);
printf("%S", Name);
printf("\n");
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -