📄 filemon.c
字号:
//
// Lock the output buffer.
//
Wait_Semaphore( LogMutex, BLOCK_SVC_INTS );
//
// Vsprintf to determine length of the buffer
//
_asm cld;
va_start( arg_ptr, format );
len = vsprintf( text, format, arg_ptr );
va_end( arg_ptr );
//
// Only log it if the text passes the filters
//
if( ApplyFilters( text )) {
//
// If the current output buffer is near capacity, move to a new
// output buffer
//
if( (ULONG) (Log->Len + len + sizeof(ENTRY) +1) >= LOGBUFSIZE ) {
if( !FilemonNewLog() ) {
//
// Just return if a thread is in the process
// of allocating a buffer.
//
Signal_Semaphore( LogMutex );
return;
}
}
//
// Extract the sequence number and Log it
//
Entry = (void *)(Log->Data+Log->Len);
Entry->seq = Sequence++;
Entry->perftime.u.LowPart = time;
Entry->perftime.u.HighPart = 0;
Entry->datetime.u.HighPart = datetimehi;
Entry->datetime.u.LowPart = datetimelo;
_asm cld;
memcpy( Entry->text, text, len + 1 );
//
// Log the length of the string, plus 1 for the terminating
// NULL
//
Log->Len += (Entry->text - (PCHAR) Entry) + len + 1;
}
//
// Release the output buffer lock
//
Signal_Semaphore( LogMutex );
}
//----------------------------------------------------------------------
// H A S H T A B L E M A N A G E M E N T
//----------------------------------------------------------------------
//----------------------------------------------------------------------
//
// FilemonHashCleanup
//
// Called when we are unloading to free any memory that we have
// in our possession.
//
//----------------------------------------------------------------------
VOID
FilemonHashCleanup(
VOID
)
{
PHASH_ENTRY hashEntry, nextEntry;
ULONG i;
//
// Free the hash table entries
//
for( i = 0; i < NUMHASH; i++ ) {
hashEntry = HashTable[i];
while( hashEntry ) {
nextEntry = hashEntry->Next;
HeapFree( hashEntry, 0 );
hashEntry = nextEntry;
}
}
}
//----------------------------------------------------------------------
//
// FilemonLogHash
//
// Logs the key and associated fullpath in the hash table.
//
//----------------------------------------------------------------------
VOID
FilemonLogHash(
int Drive,
fh_t Filenumber,
PCHAR Fullname
)
{
PHASH_ENTRY newEntry;
//
// Allocate a new entry
//
newEntry = HeapAllocate( sizeof(HASH_ENTRY) + strlen(Fullname)+1, 0 );
if( !newEntry ) return;
//
// Initialize the new entry.
//
newEntry->filenumber = Filenumber;
newEntry->drive = Drive & 0xFF;
strcpy( newEntry->FullName, Fullname );
//
// Lock the hash table and insert the new entry.
//
Wait_Semaphore( HashMutex, BLOCK_SVC_INTS );
newEntry->Next = HashTable[ HASHOBJECT(Filenumber) ];
HashTable[ HASHOBJECT(Filenumber) ] = newEntry;
Signal_Semaphore( HashMutex );
}
//----------------------------------------------------------------------
//
// FilemonFreeHashEntry
//
// When we see a file close, we can free the string we had associated
// with the fileobject being closed since we know it won't be used
// again.
//
//----------------------------------------------------------------------
VOID
FilemonFreeHashEntry(
int Drive,
fh_t Filenumber
)
{
PHASH_ENTRY hashEntry, prevEntry;
Wait_Semaphore( HashMutex, BLOCK_SVC_INTS );
//
// Look-up the entry.
//
hashEntry = HashTable[ HASHOBJECT( Filenumber ) ];
prevEntry = NULL;
while( hashEntry &&
hashEntry->filenumber != Filenumber &&
hashEntry->drive != (Drive & 0xFF)) {
prevEntry = hashEntry;
hashEntry = hashEntry->Next;
}
//
// If we fall of the hash list without finding what we're looking
// for, just return.
//
if( !hashEntry ) {
Signal_Semaphore( HashMutex );
return;
}
//
// Got it! Remove it from the list
//
if( prevEntry ) {
prevEntry->Next = hashEntry->Next;
} else {
HashTable[ HASHOBJECT( Filenumber )] = hashEntry->Next;
}
//
// Free the memory associated with the name of the free entry.
//
HeapFree( hashEntry, 0 );
Signal_Semaphore( HashMutex );
}
//----------------------------------------------------------------------
// F I L T E R A N D P R O C E S S N A M E R O U T I N E S
//----------------------------------------------------------------------
//----------------------------------------------------------------------
//
// ErrorString
//
// Returns the string form of an error code.
//
//----------------------------------------------------------------------
PCHAR
ErrorString(
DWORD retval
)
{
switch( retval ) {
case ERROR_INVALID_FUNCTION:
return "INVALIDFUNC";
case ERROR_SUCCESS:
return "SUCCESS";
case ERROR_OUTOFMEMORY:
return "OUTOFMEM";
case ERROR_ACCESS_DENIED:
return "ACCDENIED";
case ERROR_PATH_NOT_FOUND:
return "NOTFOUND";
case ERROR_TOO_MANY_OPEN_FILES:
return "TOOMANYOPEN";
case ERROR_FILE_NOT_FOUND:
return "NOTFOUND";
case ERROR_NO_MORE_ITEMS:
return "NOMORE";
case ERROR_GEN_FAILURE:
return "GENFAILURE";
case ERROR_MORE_DATA:
return "MOREDATA";
case ERROR_INVALID_DRIVE:
return "INVALIDDRIVE";
case ERROR_NOT_SAME_DEVICE:
return "DIFFERENTDEVICE";
case ERROR_WRITE_PROTECT:
return "WRITEPROTECTED";
case ERROR_SHARING_VIOLATION:
return "SHARING";
case ERROR_BAD_UNIT:
return "BADUNIT";
case ERROR_NOT_READY:
return "NOTREADY";
case ERROR_NO_MORE_FILES:
return "NOMORE";
case ERROR_BAD_COMMAND:
return "BADCOMMAND";
case ERROR_INVALID_HANDLE:
return "INVALIDHANDLE";
case ERROR_DEV_NOT_EXIST:
return "DEVDOESNOTEXIST";
default:
sprintf(errstring, "0x%x", retval );
return errstring;
}
}
//----------------------------------------------------------------------
//
// FilemonFreeFilters
//
// Fress storage we allocated for filter strings.
//
//----------------------------------------------------------------------
VOID
FilemonFreeFilters(
VOID
)
{
ULONG i;
for( i = 0; i < NumIncludeFilters; i++ ) {
HeapFree( IncludeFilters[i], 0 );
}
for( i = 0; i < NumExcludeFilters; i++ ) {
HeapFree( ExcludeFilters[i], 0 );
}
NumIncludeFilters = 0;
NumExcludeFilters = 0;
}
//----------------------------------------------------------------------
//
// MakeFilterArray
//
// Takes a filter string and splits into components (a component
// is seperated with a ';')
//
//----------------------------------------------------------------------
VOID
MakeFilterArray(
PCHAR FilterString,
PCHAR FilterArray[],
PULONG NumFilters
)
{
PCHAR filterStart;
ULONG filterLength;
CHAR saveChar;
//
// Scan through the process filters
//
filterStart = FilterString;
while( *filterStart ) {
filterLength = 0;
while( filterStart[filterLength] &&
filterStart[filterLength] != ';' ) {
filterLength++;
}
//
// Ignore zero-length components
//
if( filterLength ) {
//
// Conservatively allocate so that we can prepend and append
// wildcards
//
FilterArray[ *NumFilters ] =
HeapAllocate( filterLength + 1 + 2* sizeof('*'), 0 );
if( FilterArray[ *NumFilters ]) {
saveChar = *(filterStart + filterLength );
*(filterStart + filterLength) = 0;
sprintf( FilterArray[ *NumFilters ], "%s%s%s",
*filterStart == '*' ? "" : "*",
filterStart,
*(filterStart + filterLength - 1 ) == '*' ? "" : "*" );
*(filterStart + filterLength) = saveChar;
(*NumFilters)++;
}
}
//
// Are we done?
//
if( !filterStart[filterLength] ) break;
//
// Move to the next component (skip over ';')
//
filterStart += filterLength + 1;
}
}
//----------------------------------------------------------------------
//
// FilemonUpdateFilters
//
// Takes a new filter specification and updates the filter
// arrays with them.
//
//----------------------------------------------------------------------
VOID
FilemonUpdateFilters(
VOID
)
{
//
// Free old filters (if any)
//
Wait_Semaphore( FilterMutex, BLOCK_SVC_INTS );
FilemonFreeFilters();
//
// Create new filter arrays
//
MakeFilterArray( FilterDef.includefilter,
IncludeFilters, &NumIncludeFilters );
MakeFilterArray( FilterDef.excludefilter,
ExcludeFilters, &NumExcludeFilters );
Signal_Semaphore( FilterMutex );
}
//----------------------------------------------------------------------
//
// wstrlen
//
// Determine the length of a wide-character string.
//
//----------------------------------------------------------------------
int
wstrlen(
unsigned short *unistring
)
{
int i = 0;
int len = 0;
while( unistring[i++] != 0 ) len+=2;
return len;
}
//----------------------------------------------------------------------
//
// FilmonGetProcess
//
// Retrieves the process name.
//
//----------------------------------------------------------------------
PCHAR
FilemonGetProcess(
PCHAR ProcessName
)
{
PVOID CurProc;
PVOID ring3proc;
char *name;
ULONG i;
//
// Get the ring0 process pointer.
//
CurProc = VWIN32_GetCurrentProcessHandle();
//
// Now, map the ring3 PCB
//
ring3proc = (PVOID) SelectorMapFlat( Get_Sys_VM_Handle(),
(DWORD) (*(PDWORD) ((char *) CurProc + 0x38)) | 0x7, 0 );
if( ring3proc == (PVOID) -1 ) {
strcpy( ProcessName, "???");
} else {
//
// copy out the process name (max 8 characters)
//
name = ((char *)ring3proc) + 0xF2;
if( name[0] >= 'A' && name[0] < 'z' ) {
strcpy( ProcessName, name );
ProcessName[8] = 0;
} else {
strcpy( ProcessName, "???" );
}
}
return ProcessName;
}
//----------------------------------------------------------------------
//
// ApplyFilters
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -