archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
9 Commits
1 Branch
0 Tags
2.0 GiB
Tree: 75c48ba87f
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '75c48ba87f'
${ noResults }
windows-xp/Source/XPSP1/NT/windows/appcompat/shims/verifier/logfilechanges.h

131 lines
2.9 KiB
Raw Normal View History

Add source files
4 years ago
  1. /*++
  3. Copyright (c) 2001 Microsoft Corporation
  5. Module Name:
  7. LogFileChanges.h
  9. Abstract:
  11. This AppVerifier shim hooks all the native file I/O APIs
  12. that change the state of the system and logs their
  13. associated data to a text file.
  15. Notes:
  17. This is a general purpose shim.
  19. History:
  21. 08/17/2001 rparsons Created
  23. --*/
  24. #ifndef __APPVERIFIER_LOGFILECHANGES_H_
  25. #define __APPVERIFIER_LOGFILECHANGES_H_
  27. #include "precomp.h"
  29. //
  30. // Length (in characters) of the largest element.
  31. //
  32. #define MAX_ELEMENT_SIZE 1024 * 10
  34. //
  35. // Length (in characters) of the longest operation type.
  36. //
  37. #define MAX_OPERATION_LENGTH 32
  39. //
  40. // Flags that indicate what state the file is in.
  41. //
  42. #define LFC_EXISTING 0x00000001
  43. #define LFC_DELETED 0x00000002
  44. #define LFC_MODIFIED 0x00000004
  45. #define LFC_UNAPPRVFW 0x00000008
  47. //
  48. // Maximum number of handles we can track for a single file.
  49. //
  50. #define MAX_NUM_HANDLES 64
  52. //
  53. // We maintain a doubly linked list of file handles so we know what file is being modified
  54. // during a file operation.
  55. //
  56. typedef struct _LOG_HANDLE {
  57. LIST_ENTRY Entry;
  58. HANDLE hFile[MAX_NUM_HANDLES]; // array of file handles
  59. DWORD dwFlags; // flags that relate to the state of the file
  60. LPWSTR pwszFilePath; // full path to the file
  61. UINT cHandles; // number of handles open for this file
  62. } LOG_HANDLE, *PLOG_HANDLE;
  64. //
  65. // Flags that define different settings in effect.
  66. //
  67. #define LFC_OPTION_ATTRIBUTES 0x00000001
  68. #define LFC_OPTION_UFW_WINDOWS 0x00000002
  69. #define LFC_OPTION_UFW_PROGFILES 0x00000004
  71. //
  72. // Enumeration for different operations.
  73. //
  74. typedef enum {
  75. eCreatedFile = 0,
  76. eOpenedFile,
  77. eDeletedFile,
  78. eModifiedFile,
  79. eRenamedFile
  80. } OperationType;
  82. #ifdef ARRAYSIZE
  83. #undef ARRAYSIZE
  84. #endif
  85. #define ARRAYSIZE(a) (sizeof(a)/sizeof(*a))
  87. //
  88. // Macros for memory allocation/deallocation.
  89. //
  90. #define MemAlloc(s) RtlAllocateHeap(RtlProcessHeap(), HEAP_ZERO_MEMORY, (s))
  91. #define MemFree(b) RtlFreeHeap(RtlProcessHeap(), 0, (b))
  93. //
  94. // Keep us safe while we're playing with linked lists and shared resources.
  95. //
  96. static BOOL g_bInitialized = FALSE;
  98. CRITICAL_SECTION g_csLogging;
  100. class CLock
  101. {
  102. public:
  103. CLock()
  104. {
  105. if (!g_bInitialized)
  106. {
  107. InitializeCriticalSection(&g_csLogging);
  108. g_bInitialized = TRUE;
  109. }
  111. EnterCriticalSection(&g_csLogging);
  112. }
  113. ~CLock()
  114. {
  115. LeaveCriticalSection(&g_csLogging);
  116. }
  117. };
  119. APIHOOK_ENUM_BEGIN
  121. APIHOOK_ENUM_ENTRY(NtDeleteFile)
  122. APIHOOK_ENUM_ENTRY(NtClose)
  123. APIHOOK_ENUM_ENTRY(NtCreateFile)
  124. APIHOOK_ENUM_ENTRY(NtOpenFile)
  125. APIHOOK_ENUM_ENTRY(NtWriteFile)
  126. APIHOOK_ENUM_ENTRY(NtWriteFileGather)
  127. APIHOOK_ENUM_ENTRY(NtSetInformationFile)
  129. APIHOOK_ENUM_END
  131. #endif // __APPVERIFIER_LOGFILECHANGES_H_