|
|
/*++
Copyright (c) 1998-1999 Microsoft Corporation
Module Name:
globalog.c
Abstract:
The global logger, which is started only by registry settings. Will start at boot.
Author:
Jee Fung Pang (jeepang) 03-Nov-1998
Revision History:
--*/
#ifndef MEMPHIS
#include "ntos.h"
#include <evntrace.h>
#include "wmikmp.h"
#include "tracep.h"
#define MAX_REGKEYS 10
#define MAX_ENABLE_FLAGS 10
#define TRACE_VERSION_MAJOR 1
#define TRACE_VERSION_MINOR 0
#define DOSDEVICES L"\\DosDevices\\"
#define UNCDEVICES L"\\??\\UNC"
#define DEFAULT_GLOBAL_LOGFILE_ROOT L"%SystemRoot%"
#define DEFAULT_GLOBAL_DIRECTORY L"\\System32\\LogFiles\\WMI"
#define DEFAULT_GLOBAL_LOGFILE L"trace.log"
//
// NOTE: Need a trailing NULL entry so that RtlQueryRegistryValues()
// knows when to stop
//
#ifdef ALLOC_PRAGMA
#pragma alloc_text(INIT, WmipStartGlobalLogger)
#pragma alloc_text(PAGE, WmipQueryGLRegistryRoutine)
#pragma alloc_text(PAGE, WmipAddLogHeader)
#pragma alloc_text(PAGE, WmipDelayCreate)
#pragma alloc_text(PAGE, WmipCreateDirectoryFile)
#pragma alloc_text(PAGE, WmipCreateNtFileName)
#endif
extern HANDLE WmipPageLockHandle;//
// NOTE: If we are going to function earlier in boot, we need to see
// if the creation routines and logger routines can run at all while in
// boot path and being pagable
//
VOIDWmipStartGlobalLogger( )/*++
Routine Description:
This routine will check for registry entries to see if the global needs to be started at boot time.
Arguments:
None
Return Value:
--*/{ struct _LOGGER_INFO { WMI_LOGGER_INFORMATION LoggerInfo; ULONG EnableFlags[MAX_ENABLE_FLAGS]; } GLog; RTL_QUERY_REGISTRY_TABLE QueryRegistryTable[MAX_REGKEYS]; NTSTATUS status; ULONG StartRequested = 0; WCHAR NullString = UNICODE_NULL;
WmipPageLockHandle = MmLockPagableCodeSection((PVOID)WmipReserveTraceBuffer); MmUnlockPagableImageSection(WmipPageLockHandle); ExInitializeFastMutex(&WmipTraceFastMutex);
RtlZeroMemory(&GLog, sizeof(GLog));
GLog.LoggerInfo.Wnode.Flags = WNODE_FLAG_TRACED_GUID; GLog.LoggerInfo.MinimumBuffers = (ULONG) KeNumberProcessors + 1; GLog.LoggerInfo.MaximumBuffers = GLog.LoggerInfo.MinimumBuffers + 25; GLog.LoggerInfo.BufferSize = PAGE_SIZE / 1024; GLog.LoggerInfo.Wnode.BufferSize = sizeof(WMI_LOGGER_INFORMATION); GLog.LoggerInfo.Wnode.Guid = GlobalLoggerGuid; GLog.LoggerInfo.LogFileMode = EVENT_TRACE_DELAY_OPEN_FILE_MODE; RtlInitUnicodeString(&GLog.LoggerInfo.LoggerName, L"GlobalLogger");
RtlZeroMemory(QueryRegistryTable, sizeof(RTL_QUERY_REGISTRY_TABLE) * MAX_REGKEYS);
QueryRegistryTable[0].QueryRoutine = WmipQueryGLRegistryRoutine; QueryRegistryTable[0].EntryContext = (PVOID) &StartRequested; QueryRegistryTable[0].Name = L"Start"; QueryRegistryTable[0].DefaultType = REG_DWORD;
QueryRegistryTable[1].QueryRoutine = WmipQueryGLRegistryRoutine; QueryRegistryTable[1].EntryContext = (PVOID) &GLog.LoggerInfo.BufferSize; QueryRegistryTable[1].Name = L"BufferSize"; QueryRegistryTable[1].DefaultType = REG_DWORD;
QueryRegistryTable[2].QueryRoutine = WmipQueryGLRegistryRoutine; QueryRegistryTable[2].EntryContext = (PVOID)&GLog.LoggerInfo.MinimumBuffers; QueryRegistryTable[2].Name = L"MinimumBuffers"; QueryRegistryTable[2].DefaultType = REG_DWORD;
QueryRegistryTable[3].QueryRoutine = WmipQueryGLRegistryRoutine; QueryRegistryTable[3].EntryContext = (PVOID) &GLog.LoggerInfo.FlushTimer; QueryRegistryTable[3].Name = L"FlushTimer"; QueryRegistryTable[3].DefaultType = REG_DWORD;
QueryRegistryTable[4].QueryRoutine = WmipQueryGLRegistryRoutine; QueryRegistryTable[4].EntryContext = (PVOID)&GLog.LoggerInfo.MaximumBuffers; QueryRegistryTable[4].Name = L"MaximumBuffers"; QueryRegistryTable[4].DefaultType = REG_DWORD;
QueryRegistryTable[5].QueryRoutine = WmipQueryGLRegistryRoutine; QueryRegistryTable[5].EntryContext = (PVOID) &GLog.LoggerInfo.LogFileName; QueryRegistryTable[5].Name = L"FileName"; QueryRegistryTable[5].DefaultType = REG_SZ; QueryRegistryTable[5].DefaultData = &NullString;
QueryRegistryTable[6].QueryRoutine = WmipQueryGLRegistryRoutine; QueryRegistryTable[6].EntryContext = (PVOID) &GLog.EnableFlags[0]; QueryRegistryTable[6].Name = L"EnableKernelFlags"; QueryRegistryTable[6].DefaultType = REG_BINARY;
QueryRegistryTable[7].QueryRoutine = WmipQueryGLRegistryRoutine; QueryRegistryTable[7].EntryContext = (PVOID)&GLog.LoggerInfo.Wnode.ClientContext; QueryRegistryTable[7].Name = L"ClockType"; QueryRegistryTable[7].DefaultType = REG_DWORD;
status = RtlQueryRegistryValues( RTL_REGISTRY_CONTROL, L"WMI\\GlobalLogger", QueryRegistryTable, NULL, NULL);
if (NT_SUCCESS(status) && (StartRequested != 0)) { if (GLog.EnableFlags[0] != 0) { SHORT Length; for (Length=MAX_ENABLE_FLAGS-1; Length>=0; Length--) { if (GLog.EnableFlags[Length] != 0) break; } if (Length >= 0) { PTRACE_ENABLE_FLAG_EXTENSION FlagExt; Length++; // Index is 1 less!
FlagExt = (PTRACE_ENABLE_FLAG_EXTENSION) &GLog.LoggerInfo.EnableFlags; GLog.LoggerInfo.EnableFlags = EVENT_TRACE_FLAG_EXTENSION; FlagExt->Length = (UCHAR) Length; FlagExt->Offset = (UCHAR) GLog.LoggerInfo.Wnode.BufferSize; GLog.LoggerInfo.Wnode.BufferSize += (ULONG) (Length * sizeof(ULONG)); } } if (GLog.LoggerInfo.LogFileName.Buffer == NULL) { RtlCreateUnicodeString( &GLog.LoggerInfo.LogFileName, DEFAULT_GLOBAL_LOGFILE_ROOT); // Use ROOT as indicator
if (GLog.LoggerInfo.LogFileName.Buffer == NULL) status = STATUS_NO_MEMORY; else status = STATUS_SUCCESS; } if (NT_SUCCESS(status)) { status = WmipStartLogger(&GLog.LoggerInfo); } } if (GLog.LoggerInfo.LogFileName.Buffer) { RtlFreeUnicodeString(&GLog.LoggerInfo.LogFileName); }}
NTSTATUSWmipQueryGLRegistryRoutine( IN PWSTR ValueName, IN ULONG ValueType, IN PVOID ValueData, IN ULONG ValueLength, IN PVOID Context, IN PVOID EntryContext )/*++
Routine Description:
Registry query values callback routine for reading SDs for guids
Arguments:
ValueName - the name of the value
ValueType - the type of the value
ValueData - the data in the value (unicode string data)
ValueLength - the number of bytes in the value data
Context - Not used
EntryContext - Pointer to PSECURITY_DESCRIPTOR to store a pointer to store the security descriptor read from the registry value
Return Value:
NT Status code
--*/{ NTSTATUS status = STATUS_SUCCESS;
PAGED_CODE(); UNREFERENCED_PARAMETER(ValueName); UNREFERENCED_PARAMETER(Context);
if ( (ValueData != NULL) && (ValueLength > 0) && (EntryContext != NULL) ){ if (ValueType == REG_DWORD) { if ((ValueLength >= sizeof(ULONG)) && (ValueData != NULL)) { *((PULONG)EntryContext) = *((PULONG)ValueData); } } else if (ValueType == REG_SZ) { if (ValueLength > sizeof(UNICODE_NULL)) { status = RtlCreateUnicodeString( (PUNICODE_STRING) EntryContext, (PCWSTR) ValueData); } } else if (ValueType == REG_BINARY) { if ((ValueLength >= sizeof(ULONG)) && (ValueData != NULL)) { RtlMoveMemory(EntryContext, ValueData, ValueLength); } } } return status;}
NTSTATUSWmipAddLogHeader( IN PWMI_LOGGER_CONTEXT LoggerContext, IN OUT PWMI_BUFFER_HEADER Buffer )/*++
Routine Description:
Add a standard logfile header in kernel moder. To make sure the first buffer of the log file contains the file header, we pop a buffer from the free list, write the header, and flush the buffer right away.
Arguments:
LoggerContext - The logger context
Return Value:
NT Status code
--*/{ PTRACE_LOGFILE_HEADER LogfileHeader; USHORT HeaderSize; PSYSTEM_TRACE_HEADER EventTrace; PSINGLE_LIST_ENTRY SingleListEntry; PETHREAD Thread; NTSTATUS Status = STATUS_SUCCESS; ULONG BufferProvided = (Buffer != NULL); ULONG LocalBuffer = FALSE;
if (LoggerContext == NULL) { return STATUS_INVALID_PARAMETER; }
HeaderSize = sizeof(TRACE_LOGFILE_HEADER) + LoggerContext->LoggerName.Length + sizeof(UNICODE_NULL) + LoggerContext->LogFileName.Length + sizeof(UNICODE_NULL); if (LoggerContext->BufferSize < (HeaderSize - sizeof(WMI_BUFFER_HEADER))) { return STATUS_NO_MEMORY; }
//
// Pop a buffer from Free List
//
if (!BufferProvided) { Buffer = WmipGetFreeBuffer(LoggerContext);
if (Buffer == NULL) { Buffer = ExAllocatePoolWithTag(PagedPool, LoggerContext->BufferSize, TRACEPOOLTAG); if (Buffer == NULL) {
//
// No buffer available.
//
return STATUS_NO_MEMORY; } LocalBuffer = TRUE;
Buffer->Flags = 1; Buffer->SavedOffset = 0; Buffer->CurrentOffset = sizeof(WMI_BUFFER_HEADER); Buffer->Wnode.ClientContext = 0; Buffer->LoggerContext = LoggerContext;
Buffer->State.Free = 0; Buffer->State.InUse = 1; KeQuerySystemTime(&Buffer->TimeStamp); } }
//
// Fill in the Header Info.
//
Thread = PsGetCurrentThread(); EventTrace = (PSYSTEM_TRACE_HEADER) (Buffer+1); EventTrace->Packet.Group = (UCHAR) EVENT_TRACE_GROUP_HEADER >> 8; EventTrace->Packet.Type = EVENT_TRACE_TYPE_INFO; EventTrace->Packet.Size = HeaderSize + sizeof(SYSTEM_TRACE_HEADER); EventTrace->Marker = SYSTEM_TRACE_MARKER; EventTrace->ThreadId = HandleToUlong(Thread->Cid.UniqueThread); EventTrace->KernelTime = Thread->Tcb.KernelTime; EventTrace->UserTime = Thread->Tcb.UserTime; EventTrace->SystemTime = LoggerContext->ReferenceTimeStamp;
LogfileHeader = (PTRACE_LOGFILE_HEADER) (EventTrace+1); RtlZeroMemory(LogfileHeader, HeaderSize); LogfileHeader->StartTime = LoggerContext->ReferenceSystemTime;
LogfileHeader->BufferSize = LoggerContext->BufferSize; LogfileHeader->VersionDetail.MajorVersion = (UCHAR) NtMajorVersion; LogfileHeader->VersionDetail.MinorVersion = (UCHAR) NtMinorVersion; LogfileHeader->VersionDetail.SubVersion = TRACE_VERSION_MAJOR; LogfileHeader->VersionDetail.SubMinorVersion = TRACE_VERSION_MINOR; LogfileHeader->ProviderVersion = NtBuildNumber;
LogfileHeader->StartBuffers = 1; LogfileHeader->BootTime = KeBootTime; LogfileHeader->LogFileMode = LoggerContext->LoggerMode & (~(EVENT_TRACE_REAL_TIME_MODE)); LogfileHeader->NumberOfProcessors = KeNumberProcessors; LogfileHeader->MaximumFileSize = LoggerContext->MaximumFileSize; KeQueryPerformanceCounter(&LogfileHeader->PerfFreq);
//
// ReservedFlags to indicate using Perf Clock
//
LogfileHeader->ReservedFlags = LoggerContext->UsePerfClock;
LogfileHeader->TimerResolution = KeMaximumIncrement;
LogfileHeader->LoggerName = (PWCHAR) ( (PUCHAR) LogfileHeader + sizeof(TRACE_LOGFILE_HEADER) ); LogfileHeader->LogFileName = (PWCHAR) ( (PUCHAR)LogfileHeader->LoggerName + LoggerContext->LoggerName.Length + sizeof(UNICODE_NULL));
RtlCopyMemory(LogfileHeader->LoggerName, LoggerContext->LoggerName.Buffer, LoggerContext->LoggerName.Length + sizeof(UNICODE_NULL)); RtlCopyMemory(LogfileHeader->LogFileName, LoggerContext->LogFileName.Buffer, LoggerContext->LogFileName.Length + sizeof(UNICODE_NULL)); RtlQueryTimeZoneInformation(&LogfileHeader->TimeZone); LogfileHeader->PointerSize = sizeof(PVOID);
//
// Adjust the Offset;
//
Buffer->CurrentOffset += ALIGN_TO_POWER2(sizeof(SYSTEM_TRACE_HEADER) + HeaderSize, WmiTraceAlignment);
if (BufferProvided) return Status; //
// The buffer is prepared properly. Flush it so it can be written out to disk.
//
Status = WmipFlushBuffer(LoggerContext, Buffer);
if (LocalBuffer && (Buffer != NULL)) { ExFreePool(Buffer); return Status; }
InterlockedPushEntrySList(&LoggerContext->FreeList, (PSINGLE_LIST_ENTRY) &Buffer->SlistEntry); InterlockedIncrement(&LoggerContext->BuffersAvailable); InterlockedDecrement(&LoggerContext->BuffersInUse); TraceDebug((2, "WmipAddLogHeader: Boot %I64u Current %I64u Difference %I64u\n", KeBootTime, EventTrace->SystemTime, EventTrace->SystemTime.QuadPart - KeBootTime.QuadPart));
return Status;}
NTSTATUSWmipDelayCreate( OUT PHANDLE FileHandle, IN OUT PUNICODE_STRING FileName, IN ULONG Append )/*++
Routine Description:
This is called by the global logger to actually open the logfile when the first buffer needs to flush (instead of when the logger started)
Arguments:
LoggerHandle The handle to the logfile to be returned FileName The logfile name. If the default was chosen, we will returned the actual pathname in %systemroot%
Return Value:
NT Status code
--*/{ PWCHAR Buffer; PWCHAR strBuffer = NULL; ULONG DefaultFile, Length; UNICODE_STRING LogFileName; NTSTATUS Status;
if (FileName == NULL) return STATUS_INVALID_PARAMETER;
RtlInitUnicodeString(&LogFileName, DEFAULT_GLOBAL_LOGFILE_ROOT); DefaultFile = (RtlCompareUnicodeString(FileName, &LogFileName, TRUE) == 0);
if (DefaultFile) { //
// Try creating the file first
//
Length = (ULONG) ( NtSystemRoot.Length + sizeof(WCHAR) * (wcslen(DEFAULT_GLOBAL_DIRECTORY) + wcslen(DEFAULT_GLOBAL_LOGFILE) + 1) + sizeof(UNICODE_NULL)); strBuffer = (PWCHAR) ExAllocatePoolWithTag( PagedPool, Length, TRACEPOOLTAG); if (strBuffer == NULL) return STATUS_NO_MEMORY;
swprintf(strBuffer, L"%ws%ws\\%ws", NtSystemRoot.Buffer, DEFAULT_GLOBAL_DIRECTORY, DEFAULT_GLOBAL_LOGFILE);
Status = WmipCreateNtFileName(strBuffer, & Buffer); if (!NT_SUCCESS(Status)) { ExFreePool(strBuffer); return Status; }
Status = WmipCreateDirectoryFile(Buffer, FALSE, FileHandle, Append); if (!NT_SUCCESS(Status)) { ULONG DirLen; //
// Probably directory does not exist, so try and create it
//
DirLen = (ULONG) (wcslen(Buffer)-wcslen(DEFAULT_GLOBAL_LOGFILE)) - 5; Buffer[DirLen] = UNICODE_NULL; Status = WmipCreateDirectoryFile(Buffer, TRUE, NULL, Append); if (NT_SUCCESS(Status)) { Buffer[DirLen] = L'\\'; DirLen += 4; Buffer[DirLen] = UNICODE_NULL; Status = WmipCreateDirectoryFile(Buffer, TRUE, NULL, Append); Buffer[DirLen] = L'\\'; } if (NT_SUCCESS(Status)) { Status = WmipCreateDirectoryFile(Buffer, FALSE, FileHandle, Append); } } // Make sure that directory is there first
if (NT_SUCCESS(Status)) { if (FileName->Buffer != NULL) { RtlFreeUnicodeString(FileName); } RtlInitUnicodeString(FileName, strBuffer); if (FileName->MaximumLength < Length) FileName->MaximumLength = (USHORT) Length; } } else { Status = WmipCreateNtFileName(FileName->Buffer, & Buffer); if (NT_SUCCESS(Status)) { Status = WmipCreateDirectoryFile(Buffer, FALSE, FileHandle, Append); } }
if (Buffer != NULL) { ExFreePool(Buffer); } return Status;}
NTSTATUSWmipCreateDirectoryFile( IN PWCHAR DirFileName, IN ULONG IsDirectory, OUT PHANDLE FileHandle, IN ULONG Append ){ OBJECT_ATTRIBUTES ObjectAttributes; IO_STATUS_BLOCK IoStatus; UNICODE_STRING LogDirName; HANDLE DirHandle = NULL; NTSTATUS Status; ULONG CreateDisposition;
RtlInitUnicodeString(&LogDirName, DirFileName); InitializeObjectAttributes( &ObjectAttributes, &LogDirName, OBJ_CASE_INSENSITIVE, NULL, NULL);
if (IsDirectory) { CreateDisposition = FILE_OPEN_IF; } else if (Append) { CreateDisposition = FILE_OPEN_IF; } else { CreateDisposition = FILE_OVERWRITE_IF; }
Status = ZwCreateFile( &DirHandle, FILE_GENERIC_READ | SYNCHRONIZE | (IsDirectory ? FILE_GENERIC_WRITE : FILE_WRITE_DATA), &ObjectAttributes, &IoStatus, NULL, FILE_ATTRIBUTE_NORMAL, FILE_SHARE_READ, CreateDisposition, FILE_SYNCHRONOUS_IO_NONALERT | (IsDirectory ? FILE_DIRECTORY_FILE : FILE_NO_INTERMEDIATE_BUFFERING), NULL, 0);
TraceDebug((2, "WmipCreateDirectoryFile: Create %ws Mode: %x status: %x\n", DirFileName, Append, Status));
if (NT_SUCCESS(Status) && IsDirectory && (DirHandle != NULL)) { ZwClose(DirHandle); if (FileHandle) *FileHandle = NULL; } else { if (FileHandle) *FileHandle = DirHandle; }
return Status;}
NTSTATUSWmipCreateNtFileName( IN PWCHAR strFileName, OUT PWCHAR * strNtFileName){ PWCHAR NtFileName; ULONG lenFileName;
if (strFileName == NULL) { * strNtFileName = NULL; return STATUS_INVALID_PARAMETER; }
lenFileName = sizeof(UNICODE_NULL) + (ULONG) (sizeof(WCHAR) * wcslen(strFileName)); if ((strFileName[0] == L'\\') && (strFileName[1] == L'\\')) { lenFileName += (ULONG) (wcslen(UNCDEVICES) * sizeof(WCHAR)); } else { lenFileName += (ULONG) (wcslen(DOSDEVICES) * sizeof(WCHAR)); } NtFileName = (PWCHAR) ExAllocatePoolWithTag( PagedPool, lenFileName, TRACEPOOLTAG); if (NtFileName == NULL) { * strNtFileName = NULL; return STATUS_NO_MEMORY; }
if ((strFileName[0] == L'\\') && (strFileName[1] == L'\\')) { swprintf(NtFileName, L"%ws%ws", UNCDEVICES, & (strFileName[1])); } else { swprintf(NtFileName, L"%ws%ws", DOSDEVICES, strFileName); } * strNtFileName = NtFileName;
return STATUS_SUCCESS;}#endif // !MEMPHIS
|
