archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
4.9 GiB
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
windows-server-2003/base/wow64/wow64log/wow64log.c

1291 lines
32 KiB
Raw Permalink Normal View History

commiting as it is
4 years ago
  1. /*++
  3. Copyright (c) 1999 Microsoft Corporation
  5. Module Name:
  7. wow64log.c
  9. Abstract:
  11. Main entrypoints for wow64log.dll. To add a data type handler :
  12. 1- Define a LOGDATATYPE for the data to log in w64logp.h
  13. 2- Implement the data type handler using the standard interface
  14. NTSTATUS
  15. LogDataType(IN OUT PLOGINFO LogInfo,
  16. IN ULONG_PTR Data,
  17. IN PSZ FieldName,
  18. IN BOOLEAN ServiceReturn);
  19. 3- Insert the handler into LogDataType[] below.
  22. Author:
  24. 03-Oct-1999 SamerA
  26. Revision History:
  28. --*/
  30. #include "w64logp.h"
  31. #include <cathelper.h>
  33. extern API_CATEGORY Wow64ApiCategories[];
  34. extern API_CATEGORY_MAPPING Wow64ApiCategoryMappings[];
  36. extern
  37. ULONG
  38. GetApiCategoryTableSize(
  39. void );
  41. extern
  42. PAPI_CATEGORY_MAPPING
  43. FindApiInMappingTable(
  44. IN PTHUNK_DEBUG_INFO DebugInfoEntry,
  45. IN ULONG TableNumber);
  50. /// Public
  52. //
  53. // Control logging flags
  54. //
  55. UINT_PTR Wow64LogFlags;
  56. HANDLE Wow64LogFileHandle;
  60. /// Private
  62. //
  63. // Hold an array of pointers to each system service DebugThunkInfo
  64. //
  65. PULONG_PTR *LogNtBase;
  66. PULONG_PTR *LogWin32;
  67. PULONG_PTR *LogConsole;
  68. PULONG_PTR *LogBase;
  70. //
  71. // Hold an array of pointers to each system service api/category info
  72. //
  73. PULONG_PTR *ApiInfoNtBase;
  74. PULONG_PTR *ApiInfoWin32;
  75. PULONG_PTR *ApiInfoConsole;
  76. PULONG_PTR *ApiInfoBase;
  78. //
  79. // NOTE : The order entries in this table should match the LOGTYPE enum in
  80. // w64logp.h.
  81. //
  82. LOGDATATYPE LogDataType[] =
  83. {
  84. {LogTypeValue}, // TypeHex
  85. {LogTypePULongInOut}, // TypePULongPtrInOut
  86. {LogTypePULongOut}, // TypePULONGOut
  87. {LogTypePULongOut}, // TypePHandleOut
  88. {LogTypeUnicodeString}, // TypeUnicodeStringIn
  89. {LogTypeObjectAttrbiutes}, // TypeObjectAttributesIn
  90. {LogTypeIoStatusBlock}, // TypeIoStatusBlockOut
  91. {LogTypePWStr}, // TypePwstrIn
  92. {LogTypePRectIn}, // TypePRectIn
  93. {LogTypePLargeIntegerIn}, // TypePLargeIntegerIn
  94. };
  101. WOW64LOGAPI
  102. NTSTATUS
  103. Wow64LogInitialize(
  104. VOID)
  105. /*++
  107. Routine Description:
  109. This function is called by wow64.dll to initialize wow64 logging
  110. subsystem.
  112. Arguments:
  114. None
  116. Return Value:
  118. NTSTATUS
  119. --*/
  120. {
  121. ULONG NtBaseTableSize, Win32TableSize, ConsoleTableSize, BaseTableSize;
  122. PULONG_PTR *Win32ThunkDebugInfo;
  123. PULONG_PTR *ConsoleThunkDebugInfo;
  124. UNICODE_STRING Log2Name;
  125. PVOID Log2Handle = NULL;
  126. NTSTATUS st;
  128. //
  129. // Initialize the logging file handle
  130. //
  131. Wow64LogFileHandle = INVALID_HANDLE_VALUE;
  133. //
  134. // Initialize the logging flags
  135. //
  136. LogInitializeFlags(&Wow64LogFlags);
  137. WOW64LOGOUTPUT((LF_TRACE, "Wow64LogInitialize - Wow64LogFlags = %I64x\n", Wow64LogFlags));
  139. //
  140. // Load the Win32 logging DLL if available.
  141. //
  142. RtlInitUnicodeString(&Log2Name, L"wow64lg2.dll");
  143. st = LdrLoadDll(NULL, NULL, &Log2Name, &Log2Handle);
  144. if (NT_SUCCESS(st)) {
  145. ANSI_STRING ExportName;
  147. RtlInitAnsiString(&ExportName, "Win32ThunkDebugInfo");
  148. st = LdrGetProcedureAddress(Log2Handle, &ExportName, 0, &(PVOID)Win32ThunkDebugInfo);
  149. if (NT_SUCCESS(st)) {
  150. RtlInitAnsiString(&ExportName, "ConsoleThunkDebugInfo");
  151. st = LdrGetProcedureAddress(Log2Handle, &ExportName, 0, &(PVOID)ConsoleThunkDebugInfo);
  152. }
  153. }
  154. if (!NT_SUCCESS(st)) {
  155. Log2Handle = NULL;
  156. Win32ThunkDebugInfo = NULL;
  157. ConsoleThunkDebugInfo = NULL;
  158. }
  160. //
  161. // Build pointers to the debug thunk info for each
  162. // system service
  163. //
  165. NtBaseTableSize = GetThunkDebugTableSize(
  166. (PTHUNK_DEBUG_INFO)NtThunkDebugInfo);
  167. BaseTableSize = GetThunkDebugTableSize(
  168. (PTHUNK_DEBUG_INFO)BaseThunkDebugInfo);
  169. if (Log2Handle != NULL) {
  170. Win32TableSize = GetThunkDebugTableSize(
  171. (PTHUNK_DEBUG_INFO)Win32ThunkDebugInfo);
  172. ConsoleTableSize = GetThunkDebugTableSize(
  173. (PTHUNK_DEBUG_INFO)ConsoleThunkDebugInfo);
  174. } else {
  175. Win32TableSize = 0;
  176. ConsoleTableSize = 0;
  177. }
  179. LogNtBase = (PULONG_PTR *)Wow64AllocateHeap((NtBaseTableSize + Win32TableSize + ConsoleTableSize + BaseTableSize) *
  180. sizeof(PULONG_PTR) * 2 );
  182. if (!LogNtBase)
  183. {
  184. WOW64LOGOUTPUT((LF_ERROR, "Wow64LogInitialize - Wow64AllocateHeap failed\n"));
  185. return STATUS_UNSUCCESSFUL;
  186. }
  188. LogWin32 = LogNtBase + NtBaseTableSize;
  189. LogConsole = LogWin32 + Win32TableSize;
  190. LogBase = LogConsole + ConsoleTableSize;
  192. ApiInfoNtBase = LogBase + BaseTableSize;
  193. ApiInfoWin32 = ApiInfoNtBase + NtBaseTableSize;
  194. ApiInfoConsole = ApiInfoWin32 + Win32TableSize;
  195. ApiInfoBase = ApiInfoConsole + ConsoleTableSize;
  197. BuildDebugThunkInfo(WHNT32_INDEX,(PTHUNK_DEBUG_INFO)NtThunkDebugInfo,LogNtBase,ApiInfoNtBase);
  198. BuildDebugThunkInfo(WHBASE_INDEX,(PTHUNK_DEBUG_INFO)BaseThunkDebugInfo,LogBase,ApiInfoBase);
  199. if (Log2Handle) {
  200. BuildDebugThunkInfo(WHWIN32_INDEX,(PTHUNK_DEBUG_INFO)Win32ThunkDebugInfo,LogWin32,ApiInfoWin32);
  201. BuildDebugThunkInfo(WHCON_INDEX,(PTHUNK_DEBUG_INFO)ConsoleThunkDebugInfo,LogConsole,ApiInfoConsole);
  202. } else
  203. {
  204. LogConsole = NULL;
  205. LogWin32 = NULL;
  206. }
  208. return STATUS_SUCCESS;
  209. }
  213. WOW64LOGAPI
  214. NTSTATUS
  215. Wow64LogTerminate(
  216. VOID)
  217. /*++
  219. Routine Description:
  221. This function is called by wow64.dll when the process is exiting.
  223. Arguments:
  225. None
  227. Return Value:
  229. NTSTATUS
  230. --*/
  231. {
  232. IO_STATUS_BLOCK IoStatusBlock;
  234. if (Wow64LogFileHandle != INVALID_HANDLE_VALUE)
  235. {
  236. NtFlushBuffersFile(Wow64LogFileHandle, &IoStatusBlock);
  237. NtClose(Wow64LogFileHandle);
  238. }
  240. return STATUS_SUCCESS;
  241. }
  245. NTSTATUS
  246. LogInitializeFlags(
  247. IN OUT PUINT_PTR Flags)
  248. /*++
  250. Routine Description:
  252. Reads the logging flags from the registry
  254. Arguments:
  256. Flags - Pointer to receive logging flags
  258. Return Value:
  260. NTSTATUS
  261. --*/
  262. {
  263. HANDLE Key;
  264. UNICODE_STRING KeyName, ValueName, ResultValue;
  265. OBJECT_ATTRIBUTES ObjectAttributes;
  266. WCHAR KeyValueBuffer[ 128 ];
  267. PKEY_VALUE_PARTIAL_INFORMATION KeyValueInformation;
  268. ULONG ResultLength, RegFlags;
  269. NTSTATUS NtStatus;
  272. //
  273. // Punch in the default
  274. //
  275. *Flags = LF_DEFAULT;
  277. KeyValueInformation = (PKEY_VALUE_PARTIAL_INFORMATION)KeyValueBuffer;
  279. RtlInitUnicodeString(&KeyName,
  280. L"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Session Manager");
  282. InitializeObjectAttributes(&ObjectAttributes,
  283. &KeyName,
  284. OBJ_CASE_INSENSITIVE,
  285. NULL,
  286. NULL);
  288. NtStatus = NtOpenKey(&Key, KEY_READ, &ObjectAttributes);
  290. if (NT_SUCCESS(NtStatus))
  291. {
  292. RtlInitUnicodeString(&ValueName, L"WOW64LOGFLAGS");
  293. NtStatus = NtQueryValueKey(Key,
  294. &ValueName,
  295. KeyValuePartialInformation,
  296. KeyValueInformation,
  297. sizeof(KeyValueBuffer),
  298. &ResultLength);
  300. if (NT_SUCCESS(NtStatus))
  301. {
  302. if ((KeyValueInformation->Type == REG_DWORD) &&
  303. (KeyValueInformation->DataLength == sizeof(DWORD)))
  304. {
  305. *Flags = *((PULONG)KeyValueInformation->Data);
  306. }
  307. }
  308. }
  310. return NtStatus;
  311. }
  314. ULONG
  315. GetThunkDebugTableSize(
  316. IN PTHUNK_DEBUG_INFO DebugInfoTable)
  317. /*++
  319. Routine Description:
  321. This routine retreives the number of DebugThunkInfo entries
  322. in the passed table.
  324. Arguments:
  326. DebugInfoTable - Pointer to services debug info
  328. Return Value:
  330. Number of entries
  331. --*/
  332. {
  333. BOOLEAN InvalidArgumentPresent;
  334. ULONG ArgIndex;
  335. ULONG Count = 0;
  337. while (DebugInfoTable && DebugInfoTable->ApiName)
  338. {
  339. //
  340. // Walk the argument list to make sure there aren't any NULLs in them, which would
  341. // terminate the table.
  342. //
  344. ArgIndex = 0;
  345. InvalidArgumentPresent = FALSE;
  346. while (ArgIndex < DebugInfoTable->NumberOfArg)
  347. {
  348. if (!ARGUMENT_PRESENT (DebugInfoTable->Arg[ArgIndex++].Name))
  349. {
  350. InvalidArgumentPresent = TRUE;
  351. break;
  352. }
  353. }
  355. if (InvalidArgumentPresent == TRUE)
  356. {
  357. break;
  358. }
  360. Count++;
  361. DebugInfoTable = (PTHUNK_DEBUG_INFO)
  362. &DebugInfoTable->Arg[DebugInfoTable->NumberOfArg];
  363. }
  365. return Count;
  366. }
  370. NTSTATUS
  371. BuildDebugThunkInfo(
  372. IN ULONG TableNumber,
  373. IN PTHUNK_DEBUG_INFO DebugInfoTable,
  374. OUT PULONG_PTR *LogTable,
  375. OUT PULONG_PTR *ApiInfoTable)
  376. /*++
  378. Routine Description:
  380. This routine fills a service-table-indexed with pointers
  381. to the corresponding DebugThunkInfo
  383. Arguments:
  385. DebugInfoTable - Services debug info
  386. LogTable - Table of pointers to fill
  387. ApiInfoTable - Table of pointers to fill
  390. Return Value:
  392. NTSTATUS
  393. --*/
  394. {
  395. BOOLEAN InvalidArgumentPresent;
  396. ULONG ArgIndex;
  397. ULONG i=0;
  399. while (DebugInfoTable && DebugInfoTable->ApiName)
  400. {
  402. LogTable[i] = (PULONG_PTR) DebugInfoTable;
  404. ApiInfoTable[i++] = (PULONG_PTR) FindApiInMappingTable(DebugInfoTable,TableNumber);
  407. //
  408. // Walk the argument list to make sure there aren't any NULLs in them, which would
  409. // terminate the table.
  410. //
  412. ArgIndex = 0;
  413. InvalidArgumentPresent = FALSE;
  414. while (ArgIndex < DebugInfoTable->NumberOfArg)
  415. {
  416. if (!ARGUMENT_PRESENT (DebugInfoTable->Arg[ArgIndex++].Name))
  417. {
  418. InvalidArgumentPresent = TRUE;
  419. break;
  420. }
  421. }
  423. if (InvalidArgumentPresent == TRUE)
  424. {
  425. break;
  426. }
  428. DebugInfoTable = (PTHUNK_DEBUG_INFO)
  429. &DebugInfoTable->Arg[DebugInfoTable->NumberOfArg];
  430. }
  432. return STATUS_SUCCESS;
  433. }
  438. NTSTATUS
  439. LogApiHeader(
  440. PTHUNK_DEBUG_INFO ThunkDebugInfo,
  441. PLOGINFO LogInfo,
  442. BOOLEAN ServiceReturn,
  443. ULONG_PTR ReturnResult,
  444. ULONG_PTR ReturnAddress)
  445. /*++
  447. Routine Description:
  449. Log the Thunked API header
  451. Arguments:
  453. ThunkDebugInfo - Pointer to service log info
  454. LogInfo - Logging Info
  455. ServiceReturn - TRUE if called after the thunk API has executed
  456. ReturnResult - Result code returned from the API
  457. ReturnAddress - Return address of for this thunked call
  459. Return Value:
  461. NTSTATUS
  462. --*/
  463. {
  464. if (ServiceReturn)
  465. {
  466. return LogFormat(LogInfo,
  467. "wh%s: Ret=%lx-%lx: ",
  468. ThunkDebugInfo->ApiName,
  469. ReturnResult,
  470. ReturnAddress);
  471. }
  473. return LogFormat(LogInfo,
  474. "%8.8X-wh%s: ",
  475. PtrToUlong(NtCurrentTeb()->ClientId.UniqueThread),
  476. ThunkDebugInfo->ApiName);
  477. }
  481. NTSTATUS
  482. LogApiParameters(
  483. IN OUT PLOGINFO LogInfo,
  484. IN PULONG Stack32,
  485. IN PTHUNK_DEBUG_INFO ThunkDebugInfo,
  486. IN BOOLEAN ServiceReturn)
  487. /*++
  489. Routine Description:
  491. Log the Thunked API Parameters
  493. Arguments:
  495. LogInfo - Output log buffer
  496. Stack32 - Pointer to 32-bit arg stack
  497. ThunkDebugInfo - Pointer to service log info for the API
  498. ServiceReturn - TRUE if called after the Thunk API has executed
  500. Return Value:
  502. NTSTATUS
  503. --*/
  504. {
  505. UINT_PTR i=0;
  507. //
  508. // Loops thru the parameters
  509. //
  510. while (i < ThunkDebugInfo->NumberOfArg)
  511. {
  512. _try
  513. {
  514. LogDataType[ThunkDebugInfo->Arg[i].Type].Handler(
  515. LogInfo,
  516. Stack32[i],
  517. ThunkDebugInfo->Arg[i].Name,
  518. ServiceReturn);
  519. }
  520. _except(EXCEPTION_EXECUTE_HANDLER)
  521. {
  522. //
  523. // Log the bad parameters
  524. //
  525. LogFormat(LogInfo,
  526. "%s=%lx-%ws ",
  527. ThunkDebugInfo->Arg[i].Name,
  528. Stack32[i],
  529. L"(BAD)");
  530. }
  531. i++;
  532. }
  534. return STATUS_SUCCESS;
  535. }
  540. NTSTATUS
  541. LogThunkApi(
  542. IN PTHUNK_LOG_CONTEXT ThunkLogContext,
  543. IN PTHUNK_DEBUG_INFO ThunkDebugInfo,
  544. IN UINT_PTR LogFullInfo)
  545. /*++
  547. Routine Description:
  549. Log the Thunked API
  551. Arguments:
  553. ThunkLogContext - Thunk API log context
  554. ThunkDebugInfo - Pointer to service log info for the API
  555. LogFullInfo - Flag whther to log all the API info or just the name
  557. Return Value:
  559. NTSTATUS
  560. --*/
  561. {
  562. NTSTATUS NtStatus;
  563. CHAR szBuf[ MAX_LOG_BUFFER ];
  564. LOGINFO LogInfo;
  565. PULONG Stack32 = ThunkLogContext->Stack32;
  566. BOOLEAN ServiceReturn = ThunkLogContext->ServiceReturn;
  568. //
  569. // Initialize the log buffer
  570. //
  571. LogInfo.OutputBuffer = szBuf;
  572. LogInfo.BufferSize = MAX_LOG_BUFFER - 1;
  574. //
  575. // Log API header
  576. //
  577. NtStatus = LogApiHeader(ThunkDebugInfo,
  578. &LogInfo,
  579. ServiceReturn,
  580. ThunkLogContext->ReturnResult,
  581. *(Stack32-1));
  583. if (!NT_SUCCESS(NtStatus))
  584. {
  585. return NtStatus;
  586. }
  588. // Log Parameters
  589. if (LogFullInfo)
  590. {
  591. NtStatus = LogApiParameters(&LogInfo,
  592. Stack32,
  593. ThunkDebugInfo,
  594. ServiceReturn);
  595. if (!NT_SUCCESS(NtStatus))
  596. {
  597. return NtStatus;
  598. }
  599. }
  601. //
  602. // Do actual output
  603. //
  604. LogInfo.OutputBuffer[0] = '\0';
  605. LogOut(szBuf, Wow64LogFlags);
  606. LogOut("\r\n", Wow64LogFlags);
  608. return NtStatus;
  609. }
  614. WOW64LOGAPI
  615. NTSTATUS
  616. Wow64LogSystemService(
  617. IN PTHUNK_LOG_CONTEXT ThunkLogContext)
  618. /*++
  620. Routine Description:
  622. Logs information for the specified system service.
  624. Arguments:
  626. LogContext - Thunk API log context
  628. Return Value:
  630. NTSTATUS
  631. --*/
  632. {
  633. NTSTATUS NtStatus;
  634. PTHUNK_DEBUG_INFO ThunkDebugInfo;
  635. ULONG_PTR TableNumber = ThunkLogContext->TableNumber;
  636. ULONG_PTR ServiceNumber = ThunkLogContext->ServiceNumber;
  637. UINT_PTR LogFullInfo;
  638. PAPI_CATEGORY_MAPPING ApiCategoryMapping;
  640. //
  641. // Use try except !!
  642. //
  644. _try
  645. {
  646. switch(TableNumber)
  647. {
  648. case WHNT32_INDEX:
  649. if (!LF_NTBASE_ENABLED(Wow64LogFlags))
  650. {
  651. return STATUS_SUCCESS;
  652. }
  653. LogFullInfo = (Wow64LogFlags & LF_NTBASE_FULL);
  654. ThunkDebugInfo = (PTHUNK_DEBUG_INFO)LogNtBase[ServiceNumber];
  655. ApiCategoryMapping = (PAPI_CATEGORY_MAPPING)(ApiInfoNtBase[ServiceNumber]);
  657. if( LF_CATLOG_ENABLED(Wow64LogFlags) )
  658. {
  659. if(NULL == ApiCategoryMapping)
  660. {
  661. return STATUS_SUCCESS;
  662. } else
  663. {
  664. // api enabled check
  665. if( 0 == (ApiCategoryMapping->ApiFlags & APIFLAG_ENABLED) )
  666. {
  667. return STATUS_SUCCESS;
  668. }
  670. // category enabled check
  671. if( 0 == (Wow64ApiCategories[ApiCategoryMapping->ApiCategoryIndex].CategoryFlags & CATFLAG_ENABLED) )
  672. {
  673. return STATUS_SUCCESS;
  674. }
  676. // log on fail check
  677. if( APIFLAG_LOGONFAIL == (ApiCategoryMapping->ApiFlags & APIFLAG_LOGONFAIL) )
  678. {
  679. if( FALSE == ThunkLogContext->ServiceReturn )
  680. {
  681. return STATUS_SUCCESS;
  682. }
  684. if( NT_SUCCESS(ThunkLogContext->ReturnResult) )
  685. {
  686. return STATUS_SUCCESS;
  687. }
  688. }
  689. }
  690. }
  691. break;
  693. case WHCON_INDEX:
  694. if (!LF_NTCON_ENABLED(Wow64LogFlags) || LogConsole == NULL)
  695. {
  696. return STATUS_SUCCESS;
  697. }
  698. LogFullInfo = (Wow64LogFlags & LF_NTCON_FULL);
  699. ThunkDebugInfo = (PTHUNK_DEBUG_INFO)LogConsole[ServiceNumber];
  700. ApiCategoryMapping = (PAPI_CATEGORY_MAPPING)(ApiInfoConsole[ServiceNumber]);
  702. if( LF_CATLOG_ENABLED(Wow64LogFlags) )
  703. {
  704. if(NULL == ApiCategoryMapping)
  705. {
  706. return STATUS_SUCCESS;
  707. } else
  708. {
  709. // api enabled check
  710. if( 0 == (ApiCategoryMapping->ApiFlags & APIFLAG_ENABLED) )
  711. {
  712. return STATUS_SUCCESS;
  713. }
  715. // category enabled check
  716. if( 0 == (Wow64ApiCategories[ApiCategoryMapping->ApiCategoryIndex].CategoryFlags & CATFLAG_ENABLED) )
  717. {
  718. return STATUS_SUCCESS;
  719. }
  721. // log on fail check
  722. if( APIFLAG_LOGONFAIL == (ApiCategoryMapping->ApiFlags & APIFLAG_LOGONFAIL) )
  723. {
  724. if( FALSE == ThunkLogContext->ServiceReturn )
  725. {
  726. return STATUS_SUCCESS;
  727. }
  729. if( NT_SUCCESS(ThunkLogContext->ReturnResult) )
  730. {
  731. return STATUS_SUCCESS;
  732. }
  733. }
  734. }
  735. }
  736. break;
  738. case WHWIN32_INDEX:
  739. if (!LF_WIN32_ENABLED(Wow64LogFlags) || LogWin32 == NULL)
  740. {
  741. return STATUS_SUCCESS;
  742. }
  743. LogFullInfo = (Wow64LogFlags & LF_WIN32_FULL);
  744. ThunkDebugInfo = (PTHUNK_DEBUG_INFO)LogWin32[ServiceNumber];
  745. ApiCategoryMapping = (PAPI_CATEGORY_MAPPING)(ApiInfoWin32[ServiceNumber]);
  747. if( LF_CATLOG_ENABLED(Wow64LogFlags) )
  748. {
  749. if(NULL == ApiCategoryMapping)
  750. {
  751. return STATUS_SUCCESS;
  752. } else
  753. {
  754. // api enabled check
  755. if( 0 == (ApiCategoryMapping->ApiFlags & APIFLAG_ENABLED) )
  756. {
  757. return STATUS_SUCCESS;
  758. }
  760. // category enabled check
  761. if( 0 == (Wow64ApiCategories[ApiCategoryMapping->ApiCategoryIndex].CategoryFlags & CATFLAG_ENABLED) )
  762. {
  763. return STATUS_SUCCESS;
  764. }
  766. // log on fail check
  767. if( APIFLAG_LOGONFAIL == (ApiCategoryMapping->ApiFlags & APIFLAG_LOGONFAIL) )
  768. {
  769. if( FALSE == ThunkLogContext->ServiceReturn )
  770. {
  771. return STATUS_SUCCESS;
  772. }
  774. if( NT_SUCCESS(ThunkLogContext->ReturnResult) )
  775. {
  776. return STATUS_SUCCESS;
  777. }
  778. }
  779. }
  780. }
  781. break;
  783. case WHBASE_INDEX:
  784. if (!LF_BASE_ENABLED(Wow64LogFlags))
  785. {
  786. return STATUS_SUCCESS;
  787. }
  788. LogFullInfo = (Wow64LogFlags & LF_BASE_FULL);
  789. ThunkDebugInfo = (PTHUNK_DEBUG_INFO)LogBase[ServiceNumber];
  790. ApiCategoryMapping = (PAPI_CATEGORY_MAPPING)(ApiInfoBase[ServiceNumber]);
  792. if( LF_CATLOG_ENABLED(Wow64LogFlags) )
  793. {
  794. if(NULL == ApiCategoryMapping)
  795. {
  796. return STATUS_SUCCESS;
  797. } else
  798. {
  799. // api enabled check
  800. if( 0 == (ApiCategoryMapping->ApiFlags & APIFLAG_ENABLED) )
  801. {
  802. return STATUS_SUCCESS;
  803. }
  805. // category enabled check
  806. if( 0 == (Wow64ApiCategories[ApiCategoryMapping->ApiCategoryIndex].CategoryFlags & CATFLAG_ENABLED) )
  807. {
  808. return STATUS_SUCCESS;
  809. }
  811. // log on fail check
  812. if( APIFLAG_LOGONFAIL == (ApiCategoryMapping->ApiFlags & APIFLAG_LOGONFAIL) )
  813. {
  814. if( FALSE == ThunkLogContext->ServiceReturn )
  815. {
  816. return STATUS_SUCCESS;
  817. }
  819. if( NT_SUCCESS(ThunkLogContext->ReturnResult) )
  820. {
  821. return STATUS_SUCCESS;
  822. }
  823. }
  824. }
  825. }
  826. break;
  828. default: // invalid service table
  829. WOW64LOGOUTPUT((LF_ERROR, "Wow64LogSystemService: Not supported table number - %lx\n", TableNumber));
  830. return STATUS_UNSUCCESSFUL;
  831. break;
  832. }
  834. NtStatus = LogThunkApi(ThunkLogContext,
  835. ThunkDebugInfo,
  836. LogFullInfo);
  837. }
  838. _except(EXCEPTION_EXECUTE_HANDLER)
  839. {
  840. WOW64LOGOUTPUT((LF_EXCEPTION, "Wow64LogSystemService : Invalid Service ServiceTable = %lx, ServiceNumber = %lx. Status=%lx\n",
  841. TableNumber, ServiceNumber, GetExceptionCode()));
  842. NtStatus = GetExceptionCode();
  843. }
  845. return NtStatus;
  846. }
  851. //////////////////////////////////////////////////////////////////////////
  852. //
  853. // DATA TYPE LOGGING ROUTINES
  854. //
  855. ///////////////////////////////////////////////////////////////////////////
  857. NTSTATUS
  858. LogTypeValue(
  859. IN OUT PLOGINFO LogInfo,
  860. IN ULONG_PTR Data,
  861. IN PSZ FieldName,
  862. IN BOOLEAN ServiceReturn)
  863. /*++
  865. Routine Description:
  867. Log Data as ULONG
  869. Arguments:
  872. LogInfo - Output log buffer
  873. Data - Value to log
  874. FieldName - Descriptive name of value to log
  875. ServiceReturn - TRUE if called after the thunk API has executed
  877. Return Value:
  879. NTSTATUS
  880. --*/
  881. {
  882. if (ServiceReturn)
  883. {
  884. return STATUS_SUCCESS;
  885. }
  887. return LogFormat(LogInfo,
  888. "%s=%lx ",
  889. FieldName,
  890. (ULONG)Data);
  891. }
  895. NTSTATUS
  896. LogTypeUnicodeString(
  897. IN OUT PLOGINFO LogInfo,
  898. IN ULONG_PTR Data,
  899. IN PSZ FieldName,
  900. IN BOOLEAN ServiceReturn)
  901. /*++
  903. Routine Description:
  905. Log Data as UNICODE_STRING32
  907. Arguments:
  910. LogInfo - Output log buffer
  911. Data - Value to log
  912. FieldName - Descriptive name of value to log
  913. ServiceReturn - TRUE if called after the thunk API has executed
  915. Return Value:
  917. NTSTATUS
  918. --*/
  919. {
  920. UNICODE_STRING32 *Name32;
  921. PWCHAR Buffer = L" ";
  923. if (ServiceReturn)
  924. {
  925. return STATUS_SUCCESS;
  926. }
  928. Name32 = (UNICODE_STRING32 *)Data;
  929. if (Data > 0xffff)
  930. {
  931. if (Name32->Buffer)
  932. {
  933. Buffer = (PWCHAR)Name32->Buffer;
  934. }
  935. if (Name32->Length && Name32->Buffer > 0xffff) {
  936. return LogFormat(LogInfo,
  937. "%s=%ws ",
  938. FieldName,
  939. Buffer);
  940. } else {
  941. return LogFormat(LogInfo,
  942. "%s={L=%x,M=%x,B=%x}",
  943. FieldName,
  944. Name32->Length,
  945. Name32->MaximumLength,
  946. Name32->Buffer);
  947. }
  948. }
  950. return LogFormat(LogInfo,
  951. "%s=%x",
  952. FieldName,
  953. Name32);
  954. }
  957. NTSTATUS
  958. LogTypePULongInOut(
  959. IN OUT PLOGINFO LogInfo,
  960. IN ULONG_PTR Data,
  961. IN PSZ FieldName,
  962. IN BOOLEAN ServiceReturn)
  963. /*++
  965. Routine Description:
  967. Log Data as PULONG
  969. Arguments:
  972. LogInfo - Output log buffer
  973. Data - Value to log
  974. FieldName - Descriptive name of value to log
  975. ServiceReturn - TRUE if called after the thunk API has executed
  977. Return Value:
  979. NTSTATUS
  980. --*/
  981. {
  982. return LogFormat(LogInfo,
  983. "[%s-%lx]=%lx ",
  984. FieldName,
  985. (ULONG)Data,
  986. ((PULONG)Data ? *((PULONG)Data) : 0));
  987. }
  991. NTSTATUS
  992. LogTypePULongOut(
  993. IN OUT PLOGINFO LogInfo,
  994. IN ULONG_PTR Data,
  995. IN PSZ FieldName,
  996. IN BOOLEAN ServiceReturn)
  997. /*++
  999. Routine Description:
  1001. Log Data as PULONG (Out field)
  1003. Arguments:
  1006. LogInfo - Output log buffer
  1007. Data - Value to log
  1008. FieldName - Descriptive name of value to log
  1009. ServiceReturn - TRUE if called after the thunk API has executed
  1011. Return Value:
  1013. NTSTATUS
  1014. --*/
  1015. {
  1016. if (ServiceReturn)
  1017. {
  1018. return LogFormat(LogInfo,
  1019. "[%s-%lx]=%lx ",
  1020. FieldName,
  1021. (PULONG)Data,
  1022. ((PULONG)Data ? *(PULONG)Data : 0));
  1023. }
  1025. return LogFormat(LogInfo,
  1026. "%s=%lx ",
  1027. FieldName,
  1028. (PULONG)Data);
  1029. }
  1032. NTSTATUS
  1033. LogTypeObjectAttrbiutes(
  1034. IN OUT PLOGINFO LogInfo,
  1035. IN ULONG_PTR Data,
  1036. IN PSZ FieldName,
  1037. IN BOOLEAN ServiceReturn)
  1038. /*++
  1040. Routine Description:
  1042. Log Data as POBJECT_ATTRIBUTES
  1044. Arguments:
  1047. LogInfo - Output log buffer
  1048. Data - Value to log
  1049. FieldName - Descriptive name of value to log
  1050. ServiceReturn - TRUE if called after the thunk API has executed
  1052. Return Value:
  1054. NTSTATUS
  1055. --*/
  1056. {
  1057. NT32OBJECT_ATTRIBUTES *ObjA32;
  1058. UNICODE_STRING32 *ObjectName = NULL;
  1059. PWCHAR Buffer = L"";
  1061. if (ServiceReturn)
  1062. {
  1063. return STATUS_SUCCESS;
  1064. }
  1066. ObjA32 = (NT32OBJECT_ATTRIBUTES *)Data;
  1067. if (ObjA32)
  1068. {
  1069. ObjectName = (UNICODE_STRING32 *)ObjA32->ObjectName;
  1070. if (ObjectName)
  1071. {
  1072. if (ObjectName->Buffer)
  1073. {
  1074. Buffer = (PWCHAR)ObjectName->Buffer;
  1075. }
  1076. }
  1077. }
  1080. return LogFormat(LogInfo,
  1081. "%s=%lx {N=%ws,A=%lx} ",
  1082. FieldName,
  1083. (PULONG)Data,
  1084. Buffer,
  1085. (ObjA32 ? ObjA32->Attributes : 0));
  1086. }
  1089. NTSTATUS
  1090. LogTypeIoStatusBlock(
  1091. IN OUT PLOGINFO LogInfo,
  1092. IN ULONG_PTR Data,
  1093. IN PSZ FieldName,
  1094. IN BOOLEAN ServiceReturn)
  1095. /*++
  1097. Routine Description:
  1099. Log Data as IO_STATUS_BLOCK
  1101. Arguments:
  1104. LogInfo - Output log buffer
  1105. Data - Value to log
  1106. FieldName - Descriptive name of value to log
  1107. ServiceReturn - TRUE if called after the thunk API has executed
  1109. Return Value:
  1111. NTSTATUS
  1112. --*/
  1113. {
  1114. if (ServiceReturn)
  1115. {
  1116. PIO_STATUS_BLOCK32 StatusBlock32 = (PIO_STATUS_BLOCK32)Data;
  1118. return LogFormat(LogInfo,
  1119. "%s={S=%lx,I=%lx} ",
  1120. FieldName,
  1121. (PULONG)Data,
  1122. (StatusBlock32 ? StatusBlock32->Status : 0),
  1123. (StatusBlock32 ? StatusBlock32->Information : 0));
  1124. }
  1126. return LogFormat(LogInfo,
  1127. "%s=%lx ",
  1128. FieldName,
  1129. (PULONG)Data);
  1130. }
  1132. NTSTATUS
  1133. LogTypePWStr(
  1134. IN OUT PLOGINFO LogInfo,
  1135. IN ULONG_PTR Data,
  1136. IN PSZ FieldName,
  1137. IN BOOLEAN ServiceReturn)
  1138. /*++
  1140. Routine Description:
  1142. Log Data as PWSTR
  1144. Arguments:
  1147. LogInfo - Output log buffer
  1148. Data - Value to log
  1149. FieldName - Descriptive name of value to log
  1150. ServiceReturn - TRUE if called after the thunk API has executed
  1152. Return Value:
  1154. NTSTATUS
  1155. --*/
  1156. {
  1157. ULONG_PTR i;
  1158. WCHAR Buffer[ 14 ];
  1159. PWSTR String = (PWSTR) Data;
  1161. if (ServiceReturn)
  1162. {
  1163. return STATUS_SUCCESS;
  1164. }
  1166. //
  1167. // Sometime this type is treated as a pointer
  1168. // to WCHARs without NULL terminating it, like
  1169. // how it's used in NtGdiExtTextOutW, so let's dump
  1170. // a minimal string
  1171. //
  1172. if (Data)
  1173. {
  1174. i = 0;
  1175. while((i < ((sizeof(Buffer) / sizeof(WCHAR)) - 4)) && (String[i]))
  1176. {
  1177. Buffer[i] = String[i];
  1178. i++;
  1179. }
  1181. if (i == ((sizeof(Buffer) / sizeof(WCHAR)) - 4))
  1182. {
  1183. Buffer[i++] = L'.';
  1184. Buffer[i++] = L'.';
  1185. Buffer[i++] = L'.';
  1186. }
  1187. Buffer[i++] = UNICODE_NULL;
  1188. }
  1191. return LogFormat(LogInfo,
  1192. "%s=%ws ",
  1193. FieldName,
  1194. (Data > 0xffff) ? Buffer : L"");
  1195. }
  1199. NTSTATUS
  1200. LogTypePRectIn(
  1201. IN OUT PLOGINFO LogInfo,
  1202. IN ULONG_PTR Data,
  1203. IN PSZ FieldName,
  1204. IN BOOLEAN ServiceReturn)
  1205. /*++
  1207. Routine Description:
  1209. Log Data as PWSTR
  1211. Arguments:
  1214. LogInfo - Output log buffer
  1215. Data - Value to log
  1216. FieldName - Descriptive name of value to log
  1217. ServiceReturn - TRUE if called after the thunk API has executed
  1219. Return Value:
  1221. NTSTATUS
  1222. --*/
  1223. {
  1224. if (ServiceReturn)
  1225. {
  1226. return STATUS_SUCCESS;
  1227. }
  1229. if (Data)
  1230. {
  1231. PRECT Rect = (PRECT)Data;
  1232. return LogFormat(LogInfo,
  1233. "%s={%lx,%lx,%lx,%lx} ",
  1234. FieldName,
  1235. Rect->left, Rect->top, Rect->right, Rect->bottom);
  1237. }
  1239. return LogTypeValue(LogInfo,
  1240. Data,
  1241. FieldName,
  1242. ServiceReturn);
  1243. }
  1247. NTSTATUS
  1248. LogTypePLargeIntegerIn(
  1249. IN OUT PLOGINFO LogInfo,
  1250. IN ULONG_PTR Data,
  1251. IN PSZ FieldName,
  1252. IN BOOLEAN ServiceReturn)
  1253. /*++
  1255. Routine Description:
  1257. Log Data as PLARGE_INTEGER
  1259. Arguments:
  1262. LogInfo - Output log buffer
  1263. Data - Value to log
  1264. FieldName - Descriptive name of value to log
  1265. ServiceReturn - TRUE if called after the thunk API has executed
  1267. Return Value:
  1269. NTSTATUS
  1270. --*/
  1271. {
  1272. if (ServiceReturn)
  1273. {
  1274. return STATUS_SUCCESS;
  1275. }
  1277. if (Data)
  1278. {
  1279. NT32ULARGE_INTEGER *ULargeInt = (NT32ULARGE_INTEGER *)Data;
  1280. return LogFormat(LogInfo,
  1281. "%s={H=%lx,L=%lx} ",
  1282. FieldName,
  1283. ULargeInt->HighPart, ULargeInt->LowPart);
  1285. }
  1287. return LogTypeValue(LogInfo,
  1288. Data,
  1289. FieldName,
  1290. ServiceReturn);
  1291. }