archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
3 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 827363a95b
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '827363a95b'
${ noResults }
windows-server-2003/base/ntsetup/tools/dllanalyze4/loggedregintercept.h

298 lines
9.1 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. // LoggedRegIntercept.h: interface for the CLoggedRegIntercept class.
  2. //
  3. //////////////////////////////////////////////////////////////////////
  5. #if !defined(AFX_LOGGEDREGINTERCEPT_H__856F5C97_794D_40B4_B18A_DEB3C96B086F__INCLUDED_)
  6. #define AFX_LOGGEDREGINTERCEPT_H__856F5C97_794D_40B4_B18A_DEB3C96B086F__INCLUDED_
  8. #if _MSC_VER > 1000
  9. #pragma once
  10. #endif // _MSC_VER > 1000
  12. #include "RegIntercept.h"
  13. #include <stdio.h>
  14. #include <tchar.h>
  16. class CLoggedRegIntercept : public CRegIntercept
  17. {
  18. public:
  19. void GetLocation(POBJECT_ATTRIBUTES ObjectAttributes, bool bAppendBackslash = true);
  22. void LogError(LPCTSTR msg);
  23. void SetCurrentDll(LPCTSTR DllName);
  24. CLoggedRegIntercept(TCHAR* FileName);
  25. virtual ~CLoggedRegIntercept();
  27. //intercepted registry functions
  29. virtual void NtOpenKey( PHANDLE KeyHandle,
  30. ACCESS_MASK DesiredAccess,
  31. POBJECT_ATTRIBUTES ObjectAttributes);
  33. virtual void NtCreateKey(PHANDLE KeyHandle,
  34. ACCESS_MASK DesiredAccess,
  35. POBJECT_ATTRIBUTES ObjectAttributes,
  36. ULONG TitleIndex,
  37. PUNICODE_STRING Class,
  38. ULONG CreateOptions,
  39. PULONG Disposition);
  41. virtual void NtDeleteKey(HANDLE KeyHandle);
  43. virtual void NtDeleteValueKey(HANDLE KeyHandle, PUNICODE_STRING ValueName);
  46. virtual void NtEnumerateKey(HANDLE KeyHandle, ULONG Index, KEY_INFORMATION_CLASS KeyInformationClass, PVOID KeyInformation, ULONG Length, PULONG ResultLength);
  47. virtual void NtEnumerateValueKey(HANDLE KeyHandle, ULONG Index, KEY_VALUE_INFORMATION_CLASS KeyValueInformationClass, PVOID KeyValueInformation, ULONG Length, PULONG ResultLength) ;
  48. virtual void NtQueryKey(HANDLE KeyHandle, KEY_INFORMATION_CLASS KeyInformationClass, PVOID KeyInformation, ULONG Length, PULONG ResultLength);
  49. virtual void NtQueryValueKey(HANDLE KeyHandle, PUNICODE_STRING ValueName, KEY_VALUE_INFORMATION_CLASS KeyValueInformationClass, PVOID KeyValueInformation, ULONG Length, PULONG ResultLength);
  50. virtual void NtQueryMultipleValueKey(HANDLE KeyHandle, PKEY_VALUE_ENTRY ValueEntries, ULONG EntryCount, PVOID ValueBuffer, PULONG BufferLength, PULONG RequiredBufferLength);
  51. virtual void NtSetValueKey(HANDLE KeyHandle, PUNICODE_STRING ValueName, ULONG TitleIndex, ULONG Type, PVOID Data, ULONG DataSize);
  54. //intercepted File System functions
  55. virtual void NtDeleteFile(POBJECT_ATTRIBUTES ObjectAttributes);
  56. virtual void NtQueryAttributesFile(POBJECT_ATTRIBUTES ObjectAttributes, PFILE_BASIC_INFORMATION FileInformation);
  57. virtual void NtQueryFullAttributesFile(POBJECT_ATTRIBUTES ObjectAttributes, PFILE_NETWORK_OPEN_INFORMATION FileInformation);
  58. virtual void NtCreateFile(
  59. PHANDLE FileHandle,
  60. ACCESS_MASK DesiredAccess,
  61. POBJECT_ATTRIBUTES ObjectAttributes,
  62. PIO_STATUS_BLOCK IoStatusBlock,
  63. PLARGE_INTEGER AllocationSize,
  64. ULONG FileAttributes,
  65. ULONG ShareAccess,
  66. ULONG CreateDisposition,
  67. ULONG CreateOptions,
  68. PVOID EaBuffer,
  69. ULONG EaLength);
  71. virtual void NtOpenFile(
  72. PHANDLE FileHandle,
  73. ACCESS_MASK DesiredAccess,
  74. POBJECT_ATTRIBUTES ObjectAttributes,
  75. PIO_STATUS_BLOCK IoStatusBlock,
  76. ULONG ShareAccess,
  77. ULONG OpenOptions);
  79. //intercepted Driver functions
  80. virtual void NtLoadDriver(PUNICODE_STRING DriverServiceName);
  82. /* virtual void NtDeviceIoControlFile(
  83. HANDLE FileHandle,
  84. HANDLE Event,
  85. PIO_APC_ROUTINE ApcRoutine,
  86. PVOID ApcContext,
  87. PIO_STATUS_BLOCK IoStatusBlock,
  88. ULONG IoControlCode,
  89. PVOID InputBuffer,
  90. ULONG InputBufferLength,
  91. PVOID OutputBuffer,
  92. ULONG OutputBufferLength);
  94. virtual void NtFsControlFile(
  95. HANDLE FileHandle,
  96. HANDLE Event,
  97. PIO_APC_ROUTINE ApcRoutine,
  98. PVOID ApcContext,
  99. PIO_STATUS_BLOCK IoStatusBlock,
  100. ULONG FsControlCode,
  101. PVOID InputBuffer,
  102. ULONG InputBufferLength,
  103. PVOID OutputBuffer,
  104. ULONG OutputBufferLength);
  105. */
  108. virtual void NtPlugPlayControl(
  109. IN PLUGPLAY_CONTROL_CLASS PnPControlClass,
  110. IN OUT PVOID PnPControlData,
  111. IN ULONG PnPControlDataLength);
  113. virtual void NtCreateSymbolicLinkObject(
  114. OUT PHANDLE LinkHandle,
  115. IN ACCESS_MASK DesiredAccess,
  116. IN POBJECT_ATTRIBUTES ObjectAttributes,
  117. IN PUNICODE_STRING LinkTarget);
  119. virtual void NtOpenSymbolicLinkObject(
  120. OUT PHANDLE LinkHandle,
  121. IN ACCESS_MASK DesiredAccess,
  122. IN POBJECT_ATTRIBUTES ObjectAttributes);
  124. virtual void NtCreateDirectoryObject(
  125. OUT PHANDLE DirectoryHandle,
  126. IN ACCESS_MASK DesiredAccess,
  127. IN POBJECT_ATTRIBUTES ObjectAttributes);
  129. virtual void NtOpenDirectoryObject(
  130. OUT PHANDLE DirectoryHandle,
  131. IN ACCESS_MASK DesiredAccess,
  132. IN POBJECT_ATTRIBUTES ObjectAttributes);
  134. virtual void NtSignalAndWaitForSingleObject(
  135. IN HANDLE SignalHandle,
  136. IN HANDLE WaitHandle,
  137. IN BOOLEAN Alertable,
  138. IN PLARGE_INTEGER Timeout);
  140. virtual void NtWaitForSingleObject(
  141. IN HANDLE Handle,
  142. IN BOOLEAN Alertable,
  143. IN PLARGE_INTEGER Timeout);
  146. virtual void NtWaitForMultipleObjects(
  147. IN ULONG Count,
  148. IN HANDLE* Handles,
  149. IN WAIT_TYPE WaitType,
  150. IN BOOLEAN Alertable,
  151. IN PLARGE_INTEGER Timeout);
  153. virtual void NtCreatePort(
  154. OUT PHANDLE PortHandle,
  155. IN POBJECT_ATTRIBUTES ObjectAttributes,
  156. IN ULONG MaxConnectionInfoLength,
  157. IN ULONG MaxMessageLength,
  158. IN ULONG MaxPoolUsage);
  160. virtual void NtCreateWaitablePort(
  161. OUT PHANDLE PortHandle,
  162. IN POBJECT_ATTRIBUTES ObjectAttributes,
  163. IN ULONG MaxConnectionInfoLength,
  164. IN ULONG MaxMessageLength,
  165. IN ULONG MaxPoolUsage);
  167. virtual void NtCreateThread(
  168. OUT PHANDLE ThreadHandle,
  169. IN ACCESS_MASK DesiredAccess,
  170. IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
  171. IN HANDLE ProcessHandle,
  172. OUT PCLIENT_ID ClientId,
  173. IN PCONTEXT ThreadContext,
  174. IN PINITIAL_TEB InitialTeb,
  175. IN BOOLEAN CreateSuspended);
  178. virtual void NtOpenThread(
  179. OUT PHANDLE ThreadHandle,
  180. IN ACCESS_MASK DesiredAccess,
  181. IN POBJECT_ATTRIBUTES ObjectAttributes,
  182. IN PCLIENT_ID ClientId);
  184. virtual void NtCreateProcess(
  185. OUT PHANDLE ProcessHandle,
  186. IN ACCESS_MASK DesiredAccess,
  187. IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
  188. IN HANDLE ParentProcess,
  189. IN BOOLEAN InheritObjectTable,
  190. IN HANDLE SectionHandle OPTIONAL,
  191. IN HANDLE DebugPort OPTIONAL,
  192. IN HANDLE ExceptionPort OPTIONAL);
  195. virtual void NtCreateProcessEx(
  196. OUT PHANDLE ProcessHandle,
  197. IN ACCESS_MASK DesiredAccess,
  198. IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
  199. IN HANDLE ParentProcess,
  200. IN ULONG Flags,
  201. IN HANDLE SectionHandle OPTIONAL,
  202. IN HANDLE DebugPort OPTIONAL,
  203. IN HANDLE ExceptionPort OPTIONAL,
  204. IN ULONG JobMemberLevel);
  206. virtual void NtOpenProcess(
  207. OUT PHANDLE ProcessHandle,
  208. IN ACCESS_MASK DesiredAccess,
  209. IN POBJECT_ATTRIBUTES ObjectAttributes,
  210. IN PCLIENT_ID ClientId OPTIONAL);
  212. virtual void NtQueryDefaultLocale(
  213. IN BOOLEAN UserProfile,
  214. OUT PLCID DefaultLocaleId);
  216. virtual void NtSetDefaultLocale(
  217. IN BOOLEAN UserProfile,
  218. IN LCID DefaultLocaleId);
  221. virtual void NtQuerySystemEnvironmentValue(
  222. IN PUNICODE_STRING VariableName,
  223. OUT PWSTR VariableValue,
  224. IN USHORT ValueLength,
  225. OUT PUSHORT ReturnLength OPTIONAL);
  227. virtual void NtSetSystemEnvironmentValue(
  228. IN PUNICODE_STRING VariableName,
  229. IN PUNICODE_STRING VariableValue);
  232. virtual void NtQuerySystemEnvironmentValueEx(
  233. IN PUNICODE_STRING VariableName,
  234. IN LPGUID VendorGuid,
  235. OUT PVOID Value,
  236. IN OUT PULONG ValueLength,
  237. OUT PULONG Attributes OPTIONAL);
  240. virtual void NtSetSystemEnvironmentValueEx(
  241. IN PUNICODE_STRING VariableName,
  242. IN LPGUID VendorGuid,
  243. IN PVOID Value,
  244. IN ULONG ValueLength,
  245. IN ULONG Attributes);
  247. virtual void NtEnumerateSystemEnvironmentValuesEx(
  248. IN ULONG InformationClass,
  249. OUT PVOID Buffer,
  250. IN OUT PULONG BufferLength);
  252. virtual void NtQuerySystemTime(
  253. OUT PLARGE_INTEGER SystemTime);
  255. virtual void NtSetSystemTime(
  256. IN PLARGE_INTEGER SystemTime,
  257. OUT PLARGE_INTEGER PreviousTime OPTIONAL);
  259. virtual void NtQuerySystemInformation(
  260. IN SYSTEM_INFORMATION_CLASS SystemInformationClass,
  261. OUT PVOID SystemInformation,
  262. IN ULONG SystemInformationLength,
  263. OUT PULONG ReturnLength OPTIONAL);
  265. virtual void NtSetSystemInformation(
  266. IN SYSTEM_INFORMATION_CLASS SystemInformationClass,
  267. IN PVOID SystemInformation,
  268. IN ULONG SystemInformationLength);
  271. virtual void NtQueryInformationFile(
  272. IN HANDLE FileHandle,
  273. OUT PIO_STATUS_BLOCK IoStatusBlock,
  274. OUT PVOID FileInformation,
  275. IN ULONG Length,
  276. IN FILE_INFORMATION_CLASS FileInformationClass);
  278. virtual void NtSetInformationFile(
  279. IN HANDLE FileHandle,
  280. OUT PIO_STATUS_BLOCK IoStatusBlock,
  281. IN PVOID FileInformation,
  282. IN ULONG Length,
  283. IN FILE_INFORMATION_CLASS FileInformationClass);
  286. protected:
  287. // bool GetTempKeyName(HANDLE key);
  288. FILE* m_LogFile;
  289. LPCTSTR m_pDllName;
  290. TCHAR m_TempKeyName[2048];
  292. void LOGSTR(LPCTSTR ValueName, LPCTSTR Value);
  296. };
  298. #endif // !defined(AFX_LOGGEDREGINTERCEPT_H__856F5C97_794D_40B4_B18A_DEB3C96B086F__INCLUDED_)