Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

185 lines
4.5 KiB

  1. #include <assert.h>
  2. #include <stdlib.h>
  3. #include <string.h>
  4. #include <memory.h>
  5. #include <nt.h>
  6. #include <ntrtl.h>
  7. #include <nturtl.h>
  8. #include <ctype.h>
  9. #include <stdio.h>
  10. #include <windows.h>
  11. #include "view.h"
  12. #include "thread.h"
  13. #include "dump.h"
  14. #include "memory.h"
  15. #include "cap.h"
  16. BOOL
  17. AddToCap(PCAPFILTER pCapFilter,
  18. DWORD dwAddress)
  19. {
  20. DWORD dwIndexCounter;
  21. DWORD dwCounter;
  22. PDWORD pdwArray;
  23. DWORD dwEndRun;
  24. DWORD dwRunLength = 0;
  25. DWORD dwRun1Start;
  26. DWORD dwRun2Start;
  27. DWORD dwRepeatIndex = 0;
  28. DWORD dwBeginIndex;
  29. //
  30. // Take a pointer to the array
  31. //
  32. pdwArray = pCapFilter->dwArray;
  33. //
  34. // Increment cursor
  35. //
  36. if (0 == pCapFilter->dwCursor) {
  37. pdwArray[pCapFilter->dwCursor] = dwAddress;
  38. pCapFilter->dwCursor++;
  39. return TRUE;
  40. }
  41. if (pCapFilter->dwCursor >= CAP_BUFFER_SIZE) {
  42. //
  43. // Ran out of room in the buffer, slide everyone down
  44. //
  45. MoveMemory((PVOID)pdwArray, (PVOID)(pdwArray + 1), (CAP_BUFFER_SIZE - 1) * sizeof(DWORD));
  46. pCapFilter->dwCursor = CAP_BUFFER_SIZE - 1;
  47. }
  48. //
  49. // Add address to array
  50. //
  51. pdwArray[pCapFilter->dwCursor] = dwAddress;
  52. //
  53. // If we're at the initial level, scan for a repeat
  54. //
  55. if (0 == pCapFilter->dwIterationLevel) {
  56. //
  57. // Do a reverse search looking for patterns up to MAX_CAP_LEVEL
  58. //
  59. dwEndRun = pCapFilter->dwCursor - 1;
  60. if (dwEndRun < MAX_CAP_LEVEL) {
  61. dwBeginIndex = 0;
  62. }
  63. else {
  64. dwBeginIndex = (MAX_CAP_LEVEL - 1);
  65. }
  66. for (dwIndexCounter = dwEndRun; dwIndexCounter >= dwBeginIndex; dwIndexCounter--) {
  67. //
  68. // Check for overflow
  69. //
  70. if (dwIndexCounter > CAP_BUFFER_SIZE) {
  71. break;
  72. }
  73. if (pdwArray[dwIndexCounter] == dwAddress) {
  74. //
  75. // Verify the run exists
  76. //
  77. dwRun1Start = pCapFilter->dwCursor;
  78. dwRun2Start = dwIndexCounter;
  79. //
  80. // Find the distance for the start of this potential run
  81. //
  82. dwRunLength = pCapFilter->dwCursor - dwIndexCounter;
  83. //
  84. // If run length falls off the beginning of the array we can stop there
  85. //
  86. if ((dwRun2Start - dwRunLength + 1) > CAP_BUFFER_SIZE) {
  87. //
  88. // We overflowed which means we're done
  89. //
  90. dwRunLength = 0;
  91. break;
  92. }
  93. if (dwRunLength >= 1) {
  94. //
  95. // Compare it
  96. //
  97. for (dwCounter = dwRunLength; dwCounter > 0; dwCounter--) {
  98. if (pdwArray[dwRun1Start-dwCounter+1] != pdwArray[dwRun2Start-dwCounter+1]) {
  99. dwRunLength = 0;
  100. break;
  101. }
  102. }
  103. //
  104. // Set the run length
  105. //
  106. if (0 != dwRunLength) {
  107. pCapFilter->dwRunLength = dwRunLength;
  108. }
  109. }
  110. }
  111. }
  112. dwRunLength = pCapFilter->dwRunLength;
  113. //
  114. // Set the run length if we found one, and shift the entire run to the beginning of the buffer
  115. //
  116. if (dwRunLength != 0) {
  117. //
  118. // Raise the iteration level
  119. //
  120. pCapFilter->dwIterationLevel++;
  121. //
  122. // Set the lock level
  123. //
  124. pCapFilter->dwIterationLock = 1 + ((pCapFilter->dwIterationLevel - 1) / pCapFilter->dwRunLength);
  125. }
  126. }
  127. else {
  128. //
  129. // Look for repeats and increment the iteration level
  130. //
  131. dwRunLength = pCapFilter->dwRunLength;
  132. dwRun1Start = pCapFilter->dwCursor;
  133. dwRun2Start = dwRun1Start - dwRunLength;
  134. //
  135. // Compare it
  136. //
  137. for (dwCounter = dwRunLength; dwCounter > 0; dwCounter--) {
  138. if (pdwArray[dwRun1Start-dwCounter+1] != pdwArray[dwRun2Start-dwCounter+1]) {
  139. dwRunLength = 0;
  140. break;
  141. }
  142. }
  143. if (dwRunLength != 0) {
  144. //
  145. // Raise the iteration level
  146. //
  147. pCapFilter->dwIterationLevel++;
  148. pCapFilter->dwIterationLock = 1 + ((pCapFilter->dwIterationLevel - 1) / pCapFilter->dwRunLength);
  149. }
  150. else {
  151. pCapFilter->dwIterationLock = 0;
  152. pCapFilter->dwIterationLevel = 0;
  153. pCapFilter->dwRunLength = 0;
  154. }
  155. }
  156. //
  157. // Move the cursor to the next position
  158. //
  159. pCapFilter->dwCursor++;
  160. return TRUE;
  161. }