kjkim
/
BSOne.SFC
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
BSOne.SFC/Tocsg.Module/Bs1Flt/bs1fltctrl/report.cpp

550 lines
12 KiB
C++
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

#include "pch.h"
#include "shlobj.h"
#include <thread>
#define MAX_REPORT_SIZE sizeof(REPORT_DESC) * 100
CReporter::CReporter(LPCWSTR path, fpCallBack cb)
{
report_event_ = INVALID_HANDLE_VALUE;
reports_ = NULL;
reports_size_ = 0;
completion_ = NULL;
log_type_ = 0;
threadStop_ = FALSE;
cb_ = cb;
memset(log_path_, 0, sizeof(log_path_));
StringCbPrintfW(log_path_, sizeof(log_path_), L"%s\\logs", path);
}
CReporter::~CReporter()
{
Cleanup();
if(reports_ != NULL)
{
VirtualFree(reports_, 0, MEM_RELEASE);
reports_ = NULL;
}
if(report_event_ != INVALID_HANDLE_VALUE)
{
CloseHandle(report_event_);
report_event_ = NULL;
}
}
BOOL RecursiveCreateDirectory(LPCTSTR lpPathName, LPSECURITY_ATTRIBUTES lpsa/* = NULL*/)
{
return (ERROR_SUCCESS == SHCreateDirectoryEx(NULL, lpPathName, lpsa));
}
BOOL CReporter::Init()
{
WCHAR name[MAX_PATH] = {0,};
CNullSA sa;
StringCbPrintfW(name, sizeof(name), L"Global\\%s", LOG_SHARE_EVENT);
report_event_ = CreateEventW(sa, TRUE, FALSE, name);
if(report_event_ == INVALID_HANDLE_VALUE)
{
BSONE_DEBUG(L"reportnotiy CreateEvent ge(%d)\n", GetLastError());
return FALSE;
}
threadStop_ = TRUE;
thread t1(Run, this);
t1.detach();
//thread_ = new Thread(this);
//thread_->start("KDCM_LogReporter");
return TRUE;
}
void CReporter::Cleanup()
{
threadStop_ = FALSE;
}
wstring CReporter::GetStateString(ULONG type)
{
switch(type)
{
case ENABLE:
return L"ENABLE";
case DISABLE:
return L"DISABLE";
case READONLY:
return L"READONLY";
}
// switch(type)
// {
// case ENABLE:
// return KESM_ACTION_CODE_ENABLE;
// case DISABLE:
// return KESM_ACTION_CODE_BLOCK;
// case READONLY:
// return KESM_ACTION_CODE_READONLY;
// case _CREATE:
// return KESM_ACTION_CODE_CREATE;
// case _RENAME:
// return KESM_ACTION_CODE_RENAME;
// case _DELETE:
// return KESM_ACTION_CODE_DELETE;
// case _UPDATE:
// return KESM_ACTION_CODE_UPDATE;
// }
return L"UNKNWON";
}
wstring CReporter::GetCodeString(ULONG code)
{
switch(code)
{
case LOG_CONNECT:
return L"CONNECT";
case LOG_DISCONNECT:
return L"DISCONNECT";
case LOG_POLICY:
return L"POLICY";
case LOG_PROCESS:
return L"LOG_PROCESS";
case LOG_PROCESS_PROTECT:
return L"LOG_PROCESS_PROTECT";
case LOG_PROCESS_MONITOR:
return L"LOG_PROCESS_MONITOR";
case LOG_PROCESS_BLOCK:
return L"LOG_PROCESS_BLOCK";
}
return L"UNKNWON";
}
wstring CReporter::GetDevicePolicyString(ULONG type)
{
switch (type)
{
case BDC_UNKNOWN_DEV: return L"BDC_UNKNOWN_DEV";
case BDC_CDROM: return L"BDC_CDROM";
case BDC_FLOOPY: return L"BDC_FLOOPY";
case BDC_USB_DISK: return L"BDC_USB_DISK";
case BDC_LOCAL_DISK: return L"BDC_LOCAL_DISK";
case BDC_NETWORKDRIVEOUT: return L"BDC_NETWORKDRIVEOUT";
case BDC_EXTERNALHDD: return L"BDC_EXTERNALHDD";
case BDC_NETWORKDRIVEIN: return L"BDC_NETWORKDRIVEIN";
case BDC_NETWORKSHAREOUT: return L"BDC_NETWORKSHAREOUT";
case BDC_USB: return L"BDC_USB";
case BDC_USB_NET: return L"BDC_USB_NET";
case BDC_USB_HID: return L"BDC_USB_HID";
case BDC_1394: return L"BDC_1394";
case BDC_SERIAL: return L"BDC_SERIAL";
case BDC_PARALLEL: return L"BDC_PARALLEL";
case BDC_PCMCIA: return L"BDC_PCMCIA";
case BDC_PCMCIA_NET: return L"BDC_PCMCIA_NET";
case BDC_IRDA: return L"BDC_IRDA";
case BDC_MODEM: return L"BDC_MODEM";
case BDC_BLUETOOTH: return L"BDC_BLUETOOTH";
case BDC_BLUETOOTH_FILE: return L"BDC_BLUETOOTH_FILE";
case BDC_WIBRO: return L"BDC_WIBRO";
case BDC_TLOGIN: return L"BDC_TLOGIN";
case BDC_ACTIVE_SYNC: return L"BDC_ACTIVE_SYNC";
case BDC_WIRELESS: return L"BDC_WIRELESS";
case BDC_LGMODEM: return L"BDC_LGMODEM";
case BDC_TETHERING: return L"BDC_TETHERING";
case BDC_SDCARD: return L"BDC_SDCARD";
case BDC_PORTABLE_STORAGE: return L"BDC_PORTABLE_STORAGE";
case BDC_WEBCAM: return L"BDC_WEBCAM";
case BDC_MTP: return L"BDC_MTP";
case BDC_MAX_DEVICE_TYPE: return L"BDC_MAX_DEVICE_TYPE";
default:
break;
}
return L"BDC_UNKNOWN_DEV";
}
ULONG CReporter::ReadParam(PREPORT_DESC desc)
{
WCHAR path[1024] = {0,};
WCHAR renamepath[1024] = {0,};
WCHAR *prenamepath = NULL;
SYSTEMTIME st;
WCHAR time[MAX_PATH] = {0,};
LARGE_INTEGER l = {0};
FILETIME local;
WCHAR szhash[100] = {0,};
WCHAR wszTempPath[MAX_PATH] = {0,};
WCHAR wszDirTempPath[MAX_PATH] = {0,};
WCHAR log[2048] = { 0, };
wstring wpath;
//if(log_type_ == LOG_NONE)
// return 0;
if (desc->code == LOG_CONNECT)
{
l.QuadPart = desc->time;
FileTimeToLocalFileTime((PFILETIME)&l, (PFILETIME)&local);
FileTimeToSystemTime((PFILETIME)&local, &st);
StringCbPrintfW(time, sizeof(time), L"%d-%d-%d : %d:%d:%d", st.wYear, st.wMonth, st.wDay, st.wHour, st.wMinute, st.wSecond);
wpath = desc->path;
ReplaceAll(wpath, L"\\", L"\\\\");
StringCbPrintfW(log, sizeof(log), L"%s, %s(%d),%d, %d, %s, %d, %s, %s", \
time, \
GetCodeString(desc->code).c_str(), \
desc->code, \
desc->a0, \
desc->a1, \
desc->ProcessName, \
desc->pid, \
desc->renamepath, \
wpath.c_str());
if (cb_)
{
cb_((PVOID)log);
}
}
else if (desc->code == LOG_PROCESS_MONITOR || desc->code == LOG_PROCESS_BLOCK)
{
l.QuadPart = desc->time;
FileTimeToLocalFileTime((PFILETIME)&l, (PFILETIME)&local);
FileTimeToSystemTime((PFILETIME)&local, &st);
StringCbPrintfW(time, sizeof(time), L"%d-%d-%d : %d:%d:%d", st.wYear, st.wMonth, st.wDay, st.wHour, st.wMinute, st.wSecond);
StringCbPrintfW(log, sizeof(log), L"%s, %s(%d),%d, %d, %d, %s, %s, %s", \
time, \
GetCodeString(desc->code).c_str(), \
desc->code, \
desc->a0, \
desc->a1, \
desc->pid, \
desc->ProcessName, \
desc->path, \
desc->renamepath \
);
if (cb_)
{
cb_((PVOID)log);
}
}
else
{
BSONE_DEBUG(L"path(%s)", desc->path);
if (!NtNameToDosNameW(path, sizeof(path), desc->path))
{
//StringCbCopyW(path, sizeof(path), desc->path);
wpath = desc->path;
wpath = GetNetworkFilePath(wpath);
if(wpath.empty())
wpath = desc->path;
}
else
{
wpath = path;
}
//StringCbCopyW(path, sizeof(path),wszTempPath);
prenamepath = wcsrchr(desc->renamepath, L'\\');
if (prenamepath)
{
StringCbCopyW(renamepath, sizeof(renamepath), ++prenamepath);
StringCbPrintfW(path, sizeof(path), L"%s(%s)", path, renamepath);
}
l.QuadPart = desc->time;
FileTimeToLocalFileTime((PFILETIME)&l, (PFILETIME)&local);
FileTimeToSystemTime((PFILETIME)&local, &st);
StringCbPrintfW(time, sizeof(time), L"%d-%d-%d : %d:%d:%d", st.wYear, st.wMonth, st.wDay, st.wHour, st.wMinute, st.wSecond);
if (desc->code == LOG_POLICY)
{
StringCbPrintfW(log, sizeof(log), L"%s,%s(%d),%s(%d),%s(%d),%s(%d),%s", \
time, \
GetCodeString(desc->code).c_str(), \
desc->code, \
GetDevicePolicyString(desc->a0).c_str(), \
desc->a0, \
GetStateString(desc->a1).c_str(), \
desc->a1, \
desc->ProcessName, \
desc->pid, \
wpath.c_str());
}
else
{
StringCbPrintfW(log, sizeof(log), L"%s,%s,%d,%d,%s(%d),%s", \
time, \
GetCodeString(desc->code).c_str(), \
desc->a0, \
desc->a1, \
desc->ProcessName, \
desc->pid, \
wpath.c_str()
);
}
BSONE_DEBUG(L"==== %s", log);
if (cb_)
{
cb_((PVOID)log);
}
}
// CDROM <20><><EFBFBD><EFBFBD> <20>α<EFBFBD><CEB1>϶<EFBFBD> <20><><EFBFBD><EFBFBD> Directory <20><><EFBFBD><EFBFBD> Ȯ<><C8AE>
//if(desc->a1 == READONLY || desc->a1 == DISABLE)
//{
// WCHAR parameter[MAX_PATH] = {0,};
// if(desc->a0 == DEVICE_CDROM)
// {
// int iRet = _waccess_s(wszTempPath,FALSE);
// PB_DEBUGW(L"SendMessage, _waccess_s Check [%s]",wszTempPath);
// if(iRet != 0)
// {
// <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20>ʾ<EFBFBD> PASS
// PB_DEBUGW(L"Not access File PASS!!!!");
// return 0;
// }
// StringCbPrintfW(parameter,sizeof(parameter), L"%s", GetDevicePolicyString(desc->a0));
// RunProcess(g_msgexe_path, parameter, SW_HIDE, SEE_MASK_FLAG_NO_UI | SEE_MASK_NOCLOSEPROCESS, FALSE);
// }
// else
// {
// StringCbPrintfW(parameter,sizeof(parameter), L"%s", GetDevicePolicyString(desc->a0));
// RunProcess(g_msgexe_path, parameter, SW_HIDE, SEE_MASK_FLAG_NO_UI | SEE_MASK_NOCLOSEPROCESS, FALSE);
// }
// if(desc->a2 == FALSE) // <20>α<EFBFBD> <20><>å <20><><EFBFBD><EFBFBD>
// {
// PB_DEBUGW(L"Not LOG POLICY!!!!");
// return 0;
// }
//}
//GetFileHash(path, szhash);
return 0;
}
VOID CReporter::SetLogType(DWORD logtype)
{
log_type_ = logtype;
}
ULONG CReporter::GetLog()
{
HRESULT result = 0;
DWORD ret = 0;
/// <20>α<EFBFBD> <20><><EFBFBD><EFBFBD>
result = interface_->GetLog(reports_, reports_size_, &ret);
if(IS_ERROR( result ))
{
/// <20>α<EFBFBD> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD> <20>ִ<EFBFBD> MAX_LOG_SIZE
reports_size_ = 0x1000 + ret + MAX_REPORT_SIZE;
if(reports_ != NULL)
{
VirtualFree(reports_, 0, MEM_RELEASE);
reports_ = NULL;
}
reports_ = (PVOID)VirtualAlloc(NULL, reports_size_, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE);
if(!reports_)
{
BSONE_DEBUG(L"ReadLog alloc buffer fail\n");
reports_size_ = 0;
return FALSE;
}
memset((PUCHAR)reports_, 0, reports_size_);
result = interface_->GetLog(reports_, reports_size_, &ret);
if(IS_ERROR( result ))
{
return FALSE;
}
}
/// <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20>ִ<EFBFBD> <20>α<EFBFBD> <20><><EFBFBD><EFBFBD> <20><>ŭ <20><>ȯ <20><><EFBFBD><EFBFBD>
PLOG_NOTIFICATION notiy = (PLOG_NOTIFICATION)reports_;
//BSONE_DEBUG(L"count(%d)\n", notiy->count);
for(DWORD i = 0; i<notiy->count; ++i)
{
PREPORT_DESC pLog = (PREPORT_DESC)&notiy->desc;
__try
{
ReadParam(&pLog[i]);
}
__except(1)
{
}
}
return 1;
}
VOID CReporter::Runner()
{
DWORD status = 0;
while (threadStop_)
{
GetLog();
status = WaitForSingleObject(report_event_, INFINITE);
if (status == WAIT_OBJECT_0)
{
ResetEvent(report_event_);
}
else
{
BSONE_DEBUG(_T("CReporter::run() Terminate(%x)\n"), status);
break;
}
}
BSONE_DEBUG(L"ReplayThread end\n");
}
static void Run(void * p)
{
CReporter* reporter = (CReporter*)p;
reporter->Runner();
}
//VOID CReporter::GetNetworkFilePath(PWCHAR pOrgFilePath, PWCHAR pOutFilePath)
//{
// if(_wcsnicmp(pOrgFilePath, L"\\Device\\LanmanRedirector", 24) == 0)
// {
// WCHAR wszTempPath[MAX_PATH] = {0,};
// PWCHAR pwszTemp = NULL;
//
// StringCchPrintfW(wszTempPath, MAX_PATH, L"%s", pOrgFilePath + 25);
//
// pwszTemp = wcsstr(wszTempPath, L"\\");
//
// StringCchPrintfW(pOutFilePath, MAX_PATH, L"\\\\%s", pwszTemp + 1);
//
// }
// else if(_wcsnicmp(pOrgFilePath, L"\\Device\\Mup\\;LanmanRedirector", 29) == 0)
// {
// WCHAR wszTempPath[MAX_PATH] = {0,};
// PWCHAR pwszTemp = NULL;
//
// StringCchPrintfW(wszTempPath, MAX_PATH, L"%s", (pOrgFilePath + 30));
//
// pwszTemp = wcsstr(wszTempPath, L"\\");
//
// StringCchPrintfW(pOutFilePath, MAX_PATH, L"\\\\%s", pwszTemp + 1);
//
// }
// else if(_wcsnicmp(pOrgFilePath, L"\\??\\unc\\", 8) == 0)
// {
// StringCchPrintfW(pOutFilePath, MAX_PATH, L"\\\\%s", pOrgFilePath + 9);
// }
// else if(_wcsnicmp(pOrgFilePath, L"\\??\\", 4) == 0)
// {
// StringCchPrintfW(pOutFilePath, MAX_PATH, L"%s", pOrgFilePath + 5);
// }
// else if(_wcsnicmp(pOrgFilePath, L"\\Device\\Mup", 11) == 0)
// {
// StringCchPrintfW(pOutFilePath, MAX_PATH, L"\\\\%s", pOrgFilePath + 12);
// }
// else
// {
// StringCchPrintfW(pOutFilePath, MAX_PATH, L"%s", pOrgFilePath);
// }
//
// //BSONE_DEBUG(L"pOrgFilePath[%s],pOutFilePath[%s]", pOrgFilePath,pOutFilePath);
//
//}
wstring CReporter::GetNetworkFilePath(const wstring& orgFilePath)
{
// <20>Է°<D4B7> <20><>ȿ<EFBFBD><C8BF> <20>˻<EFBFBD>
if (orgFilePath.empty()) return L"";
struct {
const wchar_t* prefix;
int prefixLen;
int skipLen;
bool addUNC;
} patterns[] = {
{ L"\\Device\\LanmanRedirector", 24, 25, true },
{ L"\\Device\\Mup\\;LanmanRedirector", 29, 30, true },
{ L"\\??\\unc\\", 8, 9, true },
{ L"\\??\\", 4, 5, false },
{ L"\\Device\\Mup", 11, 12, true },
{ L"\\Device\\Mup\\;RdpDr\\;:1", 21, 22, false }
};
for (const auto& pat : patterns)
{
if (_wcsnicmp(orgFilePath.c_str(), pat.prefix, pat.prefixLen) == 0)
{
if (pat.prefixLen >= 24)
{
wstring tempPath = orgFilePath.substr(pat.skipLen);
size_t pos = tempPath.find(L'\\');
if (pos != wstring::npos && pos + 1 < tempPath.length())
{
if (pat.addUNC)
return L"\\\\" + tempPath.substr(pos + 1);
else
return tempPath.substr(pos + 1);
}
else
{
return L"";
}
}
else
{
if (pat.addUNC)
return L"\\\\" + orgFilePath.substr(pat.skipLen);
else
return orgFilePath.substr(pat.skipLen);
}
}
}
// <20><>Ī<EFBFBD>Ǵ<EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> <20>״<EFBFBD><D7B4><EFBFBD> <20><>ȯ
return orgFilePath;
}
Reference in New Issue View Git Blame Copy Permalink