{*******************************************************} { } { ThdWebOpenCheck } { } { Copyright (C) 2024 kku } { } {*******************************************************} unit ThdWebOpenCheck; interface uses Tocsg.Thread, System.SysUtils, System.Classes, Winapi.Windows, System.Generics.Collections, ManagerModel; const WEB_AB_DELAY_EXT = 'PDF|PPT|PPTX|DOC|DOCX|XLS|XLSX|CSV|TXT|HWP|JPG|JPEG|GIF|PNG|JFIF|SVG'; type TWebOpenEnt = record dwTick: DWORD; bPrevent, bLog, bPopup, bCollectTxt, bCollectFile: Boolean; sMsg: String; nMinMB, nLimitMB: Integer; LogInfo: TLogInfo; end; PWebOpenEnt = ^TWebOpenEnt; TThdWebOpenCheck = class(TTgThread) protected ExtList_: TStringList; EntList_: TList; procedure Execute; override; procedure OnEntNotify(Sender: TObject; const Item: PWebOpenEnt; Action: TCollectionNotification); public Constructor Create; Destructor Destroy; override; function AddEnt(pLog: PLogInfo; bPrevent, bLog, bPopup, bCollectTxt, bCollectFile: Boolean; nMinMB, nLimitMB: Integer; sMsg: String): Boolean; end; implementation uses Tocsg.Strings, Tocsg.Path, Tocsg.Exception, Tocsg.Process, ManagerService, Tocsg.Files, GlobalDefine; { TThdWebOpenCheck } Constructor TThdWebOpenCheck.Create; begin Inherited Create; ExtList_ := TStringList.Create; ExtList_.CaseSensitive := false; SplitString(WEB_AB_DELAY_EXT, '|', ExtList_); EntList_ := TList.Create; EntList_.OnNotify := OnEntNotify; end; Destructor TThdWebOpenCheck.Destroy; begin Inherited; FreeAndNil(EntList_); FreeAndNil(ExtList_); end; procedure TThdWebOpenCheck.OnEntNotify(Sender: TObject; const Item: PWebOpenEnt; Action: TCollectionNotification); begin if Action = cnRemoved then Dispose(Item); end; function TThdWebOpenCheck.AddEnt(pLog: PLogInfo; bPrevent, bLog, bPopup, bCollectTxt, bCollectFile: Boolean; nMinMB, nLimitMB: Integer; sMsg: String): Boolean; var pEnt: PWebOpenEnt; begin Result := false; try if ExtList_.IndexOf(GetFileExt(pLog.sPath)) = -1 then exit; New(pEnt); ZeroMemory(pEnt, SizeOf(TWebOpenEnt)); pEnt.dwTick := GetTickCount; pEnt.bPrevent := bPrevent; pEnt.bLog := bLog; pEnt.bPopup := bPopup; pEnt.bCollectTxt := bCollectTxt; pEnt.bCollectFile := bCollectFile; pEnt.nMinMB := nMinMB; pEnt.nLimitMB := nLimitMB; pEnt.sMsg := sMsg; pEnt.LogInfo := pLog^; Lock; try EntList_.Add(pEnt); finally Unlock; end; Result := true; except on E: Exception do ETgException.TraceException(Self, E, 'Fail .. AddEnt()'); end; end; procedure TThdWebOpenCheck.Execute; var pEnt: PWebOpenEnt; sPName: String; llSize: LONGLONG; begin while not Terminated and not GetWorkStop do begin try Lock; try if EntList_.Count > 0 then pEnt := EntList_[0] else pEnt := nil; finally Unlock; end; if pEnt <> nil then begin sPName := GetProcessNameFromWndHandle(GetForegroundWindow); if CompareText(sPName, pEnt.LogInfo.sAppName) <> 0 then begin // 포커스 바뀐거면 로그 무시 24_0828 14:19:26 kku EntList_.Delete(0); end else if (GetTickCount - pEnt.dwTick) >= 1500 then begin if pEnt.bCollectTxt then pEnt.LogInfo.sBody := ExtrTextFromFile(pEnt.LogInfo.sPath); if pEnt.bCollectFile then begin llSize := GetFileSize_path(pEnt.LogInfo.sPath); if (llSize >= (LONGLONG(pEnt.nMinMB) * 1048576)) and (llSize <= (LONGLONG(pEnt.nLimitMB) * 1048576)) then begin pEnt.LogInfo.sFileCompId := gMgSvc.MakeComponentId(pEnt.LogInfo.sPath); gMgSvc.SendFile(pEnt.LogInfo, 'quarantineLogCollect.do', pEnt.LogInfo.sPath, pEnt.nMinMB, pEnt.nLimitMB); end; end; if pEnt.bLog then gMgSvc.SendEventLogEx(@pEnt.LogInfo, pEnt.bPrevent); if pEnt.bPopup then gMgSvc.PopupMessage(TYPE_MSG_PREVENT_ATTACHFILE, pEnt.sMsg); EntList_.Delete(0); end; end; except on E: Exception do ETgException.TraceException(Self, E, 'Fail .. Execute()'); end; Sleep(300); end; end; end.