archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6 Commits
1 Branch
0 Tags
4.0 GiB
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
windows-xp/Source/XPSP1/NT/admin/pchealth/sr/tools/logdump/logdump.cpp

487 lines
11 KiB
Raw Permalink Normal View History

Add source files
4 years ago
  2. /*++
  4. Copyright (c) 1998-1999 Microsoft Corporation
  6. Module Name:
  8. logdump.c
  10. Abstract:
  12. this file implements functrionality to read and dump the sr logs
  14. Author:
  16. Kanwaljit Marok (kmarok) 01-May-2000
  18. Revision History:
  20. --*/
  22. #include <nt.h>
  23. #include <ntrtl.h>
  24. #include <nturtl.h>
  25. #include <windows.h>
  26. #include <stdio.h>
  28. #include "logfmt.h"
  29. #include "srapi.h"
  32. struct _EVENT_STR_MAP
  33. {
  34. DWORD EventId;
  35. PCHAR pEventStr;
  36. } EventMap[ 13 ] =
  37. {
  38. {SrEventInvalid , "INVALID " },
  39. {SrEventStreamChange, "FILE-MODIFY" },
  40. {SrEventAclChange, "ACL-CHANGE " },
  41. {SrEventAttribChange, "ATTR-CHANGE" },
  42. {SrEventStreamOverwrite,"FILE-MODIFY" },
  43. {SrEventFileDelete, "FILE-DELETE" },
  44. {SrEventFileCreate, "FILE-CREATE" },
  45. {SrEventFileRename, "FILE-RENAME" },
  46. {SrEventDirectoryCreate,"DIR-CREATE " },
  47. {SrEventDirectoryRename,"DIR-RENAME " },
  48. {SrEventDirectoryDelete,"DIR-DELETE " },
  49. {SrEventMountCreate, "MNT-CREATE " },
  50. {SrEventMountDelete, "MNT-DELETE " }
  52. };
  55. BYTE Buffer[4096];
  57. PCHAR
  58. GetEventString(
  59. DWORD EventId
  60. )
  61. {
  62. PCHAR pStr = NULL;
  63. static CHAR EventStringBuffer[8];
  65. for( int i=0; i<sizeof(EventMap)/sizeof(_EVENT_STR_MAP);i++)
  66. {
  67. if ( EventMap[i].EventId == EventId )
  68. {
  69. pStr = EventMap[i].pEventStr;
  70. }
  71. }
  73. if (pStr == NULL)
  74. {
  75. pStr = &EventStringBuffer[0];
  76. wsprintf(pStr, "0x%X", EventId);
  77. }
  79. return pStr;
  80. }
  82. BOOLEAN
  83. ProcessLogEntry(
  84. BOOLEAN bPrintDebug,
  85. LPCSTR pszSerNo,
  86. LPCSTR pszSize,
  87. LPCSTR pszEndSize,
  88. LPCSTR pszSeqNo,
  89. LPCSTR pszFlags,
  90. LPCSTR pszProcess,
  91. LPCSTR pszOperation,
  92. LPCSTR pszAttr,
  93. LPCSTR pszTmpFile,
  94. LPCSTR pszPath1,
  95. LPCSTR pszPath2,
  96. LPCSTR pszAcl,
  97. LPCSTR pszShortName,
  98. LPCSTR pszProcessHandle,
  99. LPCSTR pszThreadHandle)
  100. {
  101. BOOLEAN Status = TRUE;
  103. if( bPrintDebug == FALSE )
  104. {
  105. printf( "%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t",
  106. pszSerNo,
  107. pszSize,
  108. pszSeqNo,
  109. pszOperation,
  110. pszAttr,
  111. pszAcl,
  112. pszPath1,
  113. pszShortName);
  114. }
  115. else
  116. {
  117. printf( "%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t",
  118. pszSerNo,
  119. pszSize,
  120. pszSeqNo,
  121. pszOperation,
  122. pszAttr,
  123. pszProcess,
  124. pszProcessHandle,
  125. pszThreadHandle,
  126. pszAcl,
  127. pszPath1,
  128. pszShortName);
  129. }
  132. if(pszTmpFile)
  133. {
  134. printf( "%s\t", pszTmpFile);
  135. }
  137. if(pszPath2)
  138. {
  139. printf( "%s\t", pszPath2);
  140. }
  142. printf("\n");
  144. return Status;
  145. }
  147. #define SR_MAX_PATH ((1000) + sizeof (CHAR)) // Name will always be at most 1000 characters plus a NULL.
  149. BOOLEAN
  150. ReadLogData(
  151. BOOLEAN bPrintDebugInfo,
  152. LPTSTR pszFileName
  153. )
  154. {
  155. BOOLEAN Status = FALSE;
  156. BOOLEAN bHaveDebugInfo = FALSE;
  158. HANDLE hFile;
  159. DWORD nRead;
  160. DWORD cbSize = 0, dwEntries = 0, dwEntriesAdded = 0;
  161. DWORD dwSizeLow , dwSizeHigh;
  163. CHAR szSerNo [10];
  164. CHAR szSize [10];
  165. CHAR szEndSize[10];
  166. CHAR szSeqNo [20];
  167. CHAR szOperation[50];
  168. CHAR szAttr[50];
  169. CHAR szFlags[10];
  170. PCHAR szPath1 = NULL;
  171. PCHAR szPath2 = NULL;
  172. CHAR szTmpFile[MAX_PATH];
  173. CHAR szAcl[MAX_PATH];
  174. CHAR szShortName[MAX_PATH];
  175. CHAR szProcess[32];
  176. CHAR szProcessHandle[16];
  177. CHAR szThreadHandle[16];
  180. BYTE LogHeader[2048];
  182. PSR_LOG_HEADER pLogHeader = (PSR_LOG_HEADER)LogHeader;
  184. static INT s_dwEntries = -1;
  186. szPath1 = (PCHAR) LocalAlloc( LMEM_FIXED, SR_MAX_PATH );
  187. if (szPath1 == NULL )
  188. {
  189. fprintf( stderr, "Insufficient memory\n" );
  190. }
  192. szPath2 = (PCHAR) LocalAlloc( LMEM_FIXED, SR_MAX_PATH );
  193. if (szPath2 == NULL )
  194. {
  195. fprintf( stderr, "Insufficient memory\n" );
  196. }
  198. hFile = CreateFile(
  199. pszFileName,
  200. GENERIC_READ,
  201. FILE_SHARE_WRITE,
  202. NULL,
  203. OPEN_EXISTING,
  204. FILE_ATTRIBUTE_NORMAL,
  205. NULL );
  207. if ( hFile != INVALID_HANDLE_VALUE )
  208. {
  209. PBYTE pLoc = NULL;
  211. dwSizeLow = GetFileSize( hFile, &dwSizeHigh );
  213. //
  214. // Read the header size
  215. //
  217. ReadFile(
  218. hFile,
  219. &cbSize,
  220. sizeof(DWORD),
  221. &nRead,
  222. NULL );
  224. SetFilePointer( hFile, - (INT)sizeof(DWORD), NULL, FILE_CURRENT );
  226. //
  227. // Read the whole header entry
  228. //
  230. ReadFile(
  231. hFile,
  232. pLogHeader,
  233. cbSize,
  234. &nRead,
  235. NULL );
  237. pLoc = (PBYTE)(&pLogHeader->SubRecords);
  239. fprintf( stderr,
  240. "Header Size: %ld, Version: %ld, Tool Version: %ld\n%S\n",
  241. pLogHeader->Header.RecordSize,
  242. pLogHeader->LogVersion,
  243. SR_LOG_VERSION,
  244. (LPWSTR)(pLoc + sizeof(RECORD_HEADER)) );
  246. if( pLogHeader->LogVersion != SR_LOG_VERSION ||
  247. pLogHeader->MagicNum != SR_LOG_MAGIC_NUMBER )
  248. {
  249. fprintf( stderr, "Invalid version or Corrupt log\n" );
  250. CloseHandle(hFile);
  251. goto End;
  252. }
  254. dwSizeLow -= pLogHeader->Header.RecordSize;
  256. SetFilePointer (hFile,
  257. pLogHeader->Header.RecordSize,
  258. NULL,
  259. FILE_BEGIN);
  261. //
  262. // Start reading the log entries
  263. //
  265. while( dwSizeLow )
  266. {
  267. PSR_LOG_ENTRY pLogEntry = (PSR_LOG_ENTRY)Buffer;
  269. ZeroMemory(pLogEntry, sizeof(Buffer));
  271. //
  272. // Read the size of the entry
  273. //
  275. if ( !ReadFile(
  276. hFile,
  277. &pLogEntry->Header.RecordSize,
  278. sizeof(DWORD),
  279. &nRead,
  280. NULL ) )
  281. {
  282. break;
  283. }
  285. cbSize = pLogEntry->Header.RecordSize;
  287. if (cbSize == 0 )
  288. {
  289. //
  290. // Zero size indicates end of the log
  291. //
  293. break;
  294. }
  296. SetFilePointer( hFile, - (INT)sizeof(DWORD), NULL, FILE_CURRENT );
  298. //
  299. // Read the rest of the entry
  300. //
  302. if ( !ReadFile( hFile,
  303. ((PBYTE)pLogEntry),
  304. cbSize,
  305. &nRead,
  306. NULL ) )
  307. {
  308. break;
  309. }
  311. //
  312. // Check the magic number
  313. //
  315. if( pLogEntry->MagicNum != SR_LOG_MAGIC_NUMBER )
  316. {
  317. fprintf(stderr, "Invalid Entry ( Magic num )\n");
  318. break;
  319. }
  321. //
  322. // Read the entries in to the buffer
  323. //
  325. sprintf( szSerNo , "%05d" , dwEntries + 1);
  327. sprintf( szSize , "%04d" , pLogEntry->Header.RecordSize );
  328. sprintf( szOperation, "%s" , GetEventString(
  329. pLogEntry->EntryType ));
  331. sprintf( szFlags , "%08x" , pLogEntry->EntryFlags );
  332. sprintf( szSeqNo , "%010d" , pLogEntry->SequenceNum);
  333. sprintf( szAttr , "%08x" , pLogEntry->Attributes );
  334. sprintf( szProcess , "%12.12s" , pLogEntry->ProcName );
  336. //
  337. // get the first path
  338. //
  340. PBYTE pLoc = (PBYTE)&pLogEntry->SubRecords;
  341. sprintf( szPath1 , "%S" , pLoc + sizeof(RECORD_HEADER) );
  343. if (pLogEntry->EntryFlags & ENTRYFLAGS_TEMPPATH)
  344. {
  345. pLoc += RECORD_SIZE(pLoc);
  346. sprintf( szTmpFile , "%S" , pLoc + sizeof(RECORD_HEADER) );
  347. }
  348. else
  349. {
  350. sprintf( szTmpFile , "" );
  351. }
  353. if (pLogEntry->EntryFlags & ENTRYFLAGS_SECONDPATH)
  354. {
  355. pLoc += RECORD_SIZE(pLoc);
  356. sprintf( szPath2 , "%S" , pLoc + sizeof(RECORD_HEADER) );
  357. }
  358. else
  359. {
  360. sprintf( szPath2 , "" );
  361. }
  363. if (pLogEntry->EntryFlags & ENTRYFLAGS_ACLINFO)
  364. {
  365. ULONG AclInfoSize;
  367. pLoc += RECORD_SIZE(pLoc);
  369. AclInfoSize = RECORD_SIZE(pLoc);
  370. sprintf( szAcl , "ACL(%04d)%" , AclInfoSize );
  371. }
  372. else
  373. {
  374. sprintf( szAcl , "" );
  375. }
  377. if (pLogEntry->EntryFlags & ENTRYFLAGS_DEBUGINFO)
  378. {
  379. bHaveDebugInfo = TRUE;
  380. pLoc += RECORD_SIZE(pLoc);
  381. sprintf( szProcess , "%12.12s",
  382. ((PSR_LOG_DEBUG_INFO)pLoc)->ProcessName );
  384. sprintf( szProcessHandle,"0x%08X",
  385. ((PSR_LOG_DEBUG_INFO)pLoc)->ProcessId );
  387. sprintf( szThreadHandle,"0x%08X",
  388. ((PSR_LOG_DEBUG_INFO)pLoc)->ThreadId );
  389. }
  390. else
  391. {
  392. bHaveDebugInfo = FALSE;
  393. sprintf( szProcess , "" );
  394. sprintf( szThreadHandle , "" );
  395. sprintf( szProcessHandle , "" );
  396. }
  398. if (pLogEntry->EntryFlags & ENTRYFLAGS_SHORTNAME)
  399. {
  400. pLoc += RECORD_SIZE(pLoc);
  401. sprintf( szShortName , "%S" , pLoc + sizeof(RECORD_HEADER) );
  402. }
  403. else
  404. {
  405. sprintf( szShortName , "" );
  406. }
  408. //
  409. // read the trailing record size
  410. //
  412. sprintf( szEndSize , "%04d", GET_END_SIZE(pLogEntry));
  414. ProcessLogEntry(
  415. bPrintDebugInfo && bHaveDebugInfo,
  416. szSerNo,
  417. szSize,
  418. szEndSize,
  419. szSeqNo,
  420. szFlags,
  421. szProcess,
  422. szOperation,
  423. szAttr,
  424. szTmpFile,
  425. szPath1,
  426. szPath2,
  427. szAcl,
  428. szShortName,
  429. szProcessHandle,
  430. szThreadHandle);
  432. dwEntries++;
  434. dwSizeLow -= cbSize;
  435. cbSize = 0;
  437. }
  439. CloseHandle( hFile );
  440. Status = TRUE;
  441. }
  442. else
  443. {
  444. fprintf( stderr, "Error opening LogFile %s\n", pszFileName );
  445. }
  447. End:
  448. fprintf( stderr, "Number of entries read :%d\n", dwEntries );
  450. if (szPath1 != NULL)
  451. LocalFree( szPath1 );
  453. if (szPath2 != NULL)
  454. LocalFree( szPath2 );
  456. return Status;
  457. }
  459. INT
  460. __cdecl
  461. main(
  462. int argc,
  463. char *argv[] )
  464. {
  465. if( argc < 2 || argc > 3 )
  466. {
  467. fprintf( stderr,
  468. "USAGE: %s [-d] <LogFile> \n\t -d : debug info\n",
  469. argv[0] );
  470. }
  471. else
  472. {
  473. int i = 1;
  475. if ( argc == 3 && !strcmp( argv[i], "-d" ) )
  476. {
  477. i++;
  478. ReadLogData(TRUE, argv[i] );
  479. }
  480. else
  481. {
  482. ReadLogData(FALSE, argv[i] );
  483. }
  484. }
  486. return 0;
  487. }