archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6 Commits
1 Branch
0 Tags
2.0 GiB
Tree: daad8a087a
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'daad8a087a'
${ noResults }
windows-xp/Source/XPSP1/NT/printscan/wia/drivers/util/rwspy/rwspy.c

480 lines
14 KiB
Raw Normal View History

Add source files
4 years ago
  1. #ifndef WIN32_LEAN_AND_MEAN
  2. #define WIN32_LEAN_AND_MEAN
  3. #endif
  5. #ifndef STRICT
  6. #define STRICT
  7. #endif
  9. #ifndef _WIN32_WINNT
  10. #define _WIN32_WINNT 0x0500
  11. #endif
  13. #include <windows.h>
  14. #include <stdlib.h>
  15. #include <stdio.h>
  16. #include <stdarg.h>
  17. #include "detours.h"
  19. //
  20. // Registry information used by RWSpy
  21. //
  22. WCHAR RWSpyKey[] = L"Software\\Microsoft\\RWSpy";
  24. WCHAR DeviceValueName[] = L"FileToSpyOn";
  25. WCHAR DeviceNameToSpyOn[MAX_PATH] = L"";
  27. WCHAR LogFileValueName[] = L"Log File";
  28. WCHAR DefaultLogFileName[] = L"%SystemRoot%\\rwspy.log";
  29. WCHAR LogFileName[MAX_PATH] = L"\0";
  31. //
  32. // Globals
  33. //
  34. HANDLE g_hDeviceToSpyOn = INVALID_HANDLE_VALUE;
  35. HANDLE g_hLogFile = INVALID_HANDLE_VALUE;
  37. //
  38. // Detours trampolines
  39. //
  40. DETOUR_TRAMPOLINE(HANDLE WINAPI Real_CreateFileW(LPCWSTR a0, DWORD a1, DWORD a2,
  41. LPSECURITY_ATTRIBUTES a3, DWORD a4, DWORD a5, HANDLE a6), CreateFileW);
  43. DETOUR_TRAMPOLINE(BOOL WINAPI Real_WriteFile(HANDLE hFile, LPCVOID lpBuffer,
  44. DWORD nNumberOfBytesToWrite, LPDWORD lpNumberOfBytesWritten, LPOVERLAPPED lpOverlapped), WriteFile);
  46. DETOUR_TRAMPOLINE(BOOL WINAPI Real_WriteFileEx(HANDLE hFile, LPCVOID lpBuffer, DWORD dwNumberOfBytesToWrite,
  47. LPOVERLAPPED lpOverlapped, LPOVERLAPPED_COMPLETION_ROUTINE lpCompletion), WriteFileEx);
  49. DETOUR_TRAMPOLINE(BOOL WINAPI Real_ReadFile(HANDLE hFile, LPCVOID lpBuffer, DWORD nNumberOfBytesToRead,
  50. LPDWORD lpNumberOfBytesRead, LPOVERLAPPED lpOverlapped), ReadFile);
  52. DETOUR_TRAMPOLINE(BOOL WINAPI Real_ReadFileEx(HANDLE hFile, LPCVOID lpBuffer, DWORD dwNumberOfBytesToRead,
  53. LPOVERLAPPED lpOverlapped, LPOVERLAPPED_COMPLETION_ROUTINE lpCompletion), ReadFileEx);
  55. DETOUR_TRAMPOLINE(BOOL WINAPI Real_DeviceIoControl(HANDLE hFile, DWORD code, LPVOID inBuffer, DWORD cbIn,
  56. LPVOID outBuffer, DWORD cbOutSize, LPDWORD cbOutActual, LPOVERLAPPED lpOverlapped), DeviceIoControl);
  58. DETOUR_TRAMPOLINE(BOOL WINAPI Real_CloseHandle(HANDLE hObject), CloseHandle);
  61. // closes log and makes further writing impossible until log reopened
  62. void CloseLog(void)
  63. {
  64. if(g_hLogFile != INVALID_HANDLE_VALUE) {
  65. Real_CloseHandle(g_hLogFile);
  66. g_hLogFile = INVALID_HANDLE_VALUE;
  67. }
  68. }
  70. // Attempts to open log file. Assumes that LogFileName[] is already set
  71. // elsewhere.
  72. BOOL OpenLog(void)
  73. {
  74. BOOL success = FALSE;
  76. CloseLog();
  78. g_hLogFile = Real_CreateFileW(LogFileName, GENERIC_WRITE, FILE_SHARE_READ, NULL,
  79. CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
  81. if(g_hLogFile != INVALID_HANDLE_VALUE) {
  82. success = TRUE;
  83. }
  85. return success;
  86. }
  88. // Writes specified number of characters to the log file
  89. BOOL WriteToLog(CHAR *bytes, DWORD len)
  90. {
  91. BOOL success = FALSE;
  93. if(g_hLogFile != INVALID_HANDLE_VALUE && len && bytes) {
  94. DWORD cbWritten;
  95. if(Real_WriteFile(g_hLogFile, bytes, len, &cbWritten, NULL) && len == cbWritten) {
  96. success = TRUE;
  97. } else {
  98. CloseLog();
  99. }
  100. }
  101. return success;
  102. }
  104. // writes printf-style string to the log file
  105. void Log(LPCSTR fmt, ...)
  106. {
  107. va_list marker;
  108. CHAR buffer[1024];
  109. DWORD cbToWrite;
  111. if(g_hLogFile == INVALID_HANDLE_VALUE || fmt == NULL)
  112. return;
  114. va_start(marker, fmt);
  115. _vsnprintf(buffer, sizeof(buffer), fmt, marker);
  116. cbToWrite = lstrlenA(buffer);
  118. WriteToLog(buffer, cbToWrite);
  119. }
  121. // writes db-style bytes to the log file
  122. void LogBytes(BYTE *pBytes, DWORD dwBytes)
  123. {
  124. DWORD nBytes = min(dwBytes, 8192L);
  125. const static CHAR hex[] = "0123456789ABCDEF";
  126. CHAR buffer[80];
  127. DWORD cbToWrite = 75;
  128. DWORD byte = 0;
  129. int pos;
  131. if(g_hLogFile == INVALID_HANDLE_VALUE || pBytes == NULL || nBytes == 0)
  132. return;
  134. while(byte < nBytes) {
  136. if((byte % 16) == 0) {
  138. if(byte != 0) {
  139. // write previous line into file
  140. if(!WriteToLog(buffer, cbToWrite))
  141. break;
  142. }
  144. memset(buffer, ' ', cbToWrite - 1);
  145. buffer[cbToWrite - 1] = '\n';
  147. buffer[0] = hex[(byte >> 12) & 0xF];
  148. buffer[1] = hex[(byte >> 8) & 0xF];
  149. buffer[2] = hex[(byte >> 4) & 0xF];
  150. buffer[3] = hex[byte & 0xF];
  151. }
  153. pos = (byte % 16 < 8 ? 5 : 6)+ (byte % 16) * 3;
  155. buffer[pos] = hex[(pBytes[byte] >> 4) & 0xF];
  156. buffer[pos + 1] = hex[pBytes[byte] & 0xF];
  158. pos = 5 + 16 * 3 + 2 + (byte % 16);
  159. buffer[pos] = pBytes[byte] >= ' ' && pBytes[byte] <= 127 ? pBytes[byte] : '.';
  161. byte++;
  162. }
  164. // write one final line
  165. WriteToLog(buffer, cbToWrite);
  166. }
  169. HANDLE WINAPI
  170. My_CreateFileW(LPCWSTR a0,
  171. DWORD a1,
  172. DWORD a2,
  173. LPSECURITY_ATTRIBUTES a3,
  174. DWORD a4,
  175. DWORD a5,
  176. HANDLE a6)
  177. {
  178. HANDLE hResult;
  180. __try {
  181. hResult = Real_CreateFileW(a0, a1, a2, a3, a4, a5, a6);
  182. }
  184. __finally {
  185. // if we have a file to spy on
  186. if(DeviceNameToSpyOn[0]) {
  187. WCHAR *pw = DeviceNameToSpyOn;
  188. LPCWSTR p = a0;
  190. while(*p && *pw) {
  191. WCHAR w = *p;
  192. if(w != *pw)
  193. break;
  194. p++;
  195. pw++;
  196. }
  198. if(*p == L'\0' && *pw == L'\0') {
  199. // we got our file
  200. if(hResult == INVALID_HANDLE_VALUE) {
  201. Log("Tried creating '%S', LastError() = : %d\n", a0 ? a0 : L"NULL", GetLastError());
  202. } else {
  203. Log("Created '%S', handle: %x\n", a0 ? a0 : L"NULL", hResult);
  204. }
  206. if(hResult != INVALID_HANDLE_VALUE) {
  207. // successsfully created
  208. if(g_hDeviceToSpyOn != INVALID_HANDLE_VALUE && hResult != g_hDeviceToSpyOn) {
  209. // hmm... it was already open. Let user know
  210. // this happened:
  211. Log("Note: we were already spying on this device with handle %x. Changing to %x\n",
  212. g_hDeviceToSpyOn, hResult);
  213. }
  214. g_hDeviceToSpyOn = hResult;
  215. }
  216. }
  218. } else {
  219. // simply record the file name into output file
  220. Log("Creating file: '%S', result: %x\n", a0 ? a0 : L"NULL", hResult);
  221. }
  222. }
  224. return hResult;
  225. }
  228. BOOL WINAPI
  229. My_WriteFile(HANDLE hFile,
  230. LPCVOID lpBuffer,
  231. DWORD nNumberOfBytesToWrite,
  232. LPDWORD lpNumberOfBytesWritten,
  233. LPOVERLAPPED lpOverlapped)
  234. {
  235. BOOL bresult;
  236. DWORD bytesWritten;
  238. __try {
  239. bresult = Real_WriteFile(hFile, lpBuffer, nNumberOfBytesToWrite, lpNumberOfBytesWritten, lpOverlapped);
  240. }
  242. __finally {
  243. if(g_hDeviceToSpyOn != INVALID_HANDLE_VALUE && hFile == g_hDeviceToSpyOn) {
  244. bytesWritten = lpNumberOfBytesWritten ? *lpNumberOfBytesWritten :
  245. nNumberOfBytesToWrite;
  246. if(bresult) {
  247. Log("Wrote %d bytes:\n", bytesWritten);
  248. } else {
  249. Log("Failure writing %d bytes, LastError() = %d:\n",
  250. nNumberOfBytesToWrite, GetLastError());
  251. }
  252. LogBytes((BYTE *)lpBuffer, bytesWritten);
  253. }
  254. }
  256. return bresult;
  257. }
  260. BOOL WINAPI
  261. My_WriteFileEx(HANDLE hFile,
  262. LPCVOID lpBuffer,
  263. DWORD nNumberOfBytesToWrite,
  264. LPOVERLAPPED lpOverlapped,
  265. LPOVERLAPPED_COMPLETION_ROUTINE lpOverlappedCompletion)
  266. {
  267. BOOL bresult;
  269. __try {
  270. bresult = Real_WriteFileEx(hFile, lpBuffer, nNumberOfBytesToWrite, lpOverlapped, lpOverlappedCompletion);
  271. }
  273. __finally {
  274. if(g_hDeviceToSpyOn != INVALID_HANDLE_VALUE && hFile == g_hDeviceToSpyOn) {
  275. if(bresult) {
  276. Log("Submitted %d bytes to WriteEx:\n", nNumberOfBytesToWrite);
  277. } else {
  278. Log("Failed to submit %d bytes to WriteEx, LastError() = %d:\n",
  279. nNumberOfBytesToWrite, GetLastError());
  280. }
  281. LogBytes((BYTE *)lpBuffer, nNumberOfBytesToWrite);
  282. }
  283. }
  285. return bresult;
  286. }
  290. BOOL WINAPI
  291. My_ReadFile(HANDLE hFile,
  292. LPCVOID lpBuffer,
  293. DWORD nNumberOfBytesToRead,
  294. LPDWORD lpNumberOfBytesRead,
  295. LPOVERLAPPED lpOverlapped)
  296. {
  297. BOOL bresult;
  298. DWORD bytesRead;
  300. __try {
  301. bresult = Real_ReadFile(hFile, lpBuffer, nNumberOfBytesToRead, lpNumberOfBytesRead, lpOverlapped);
  302. }
  304. __finally {
  305. if(g_hDeviceToSpyOn != INVALID_HANDLE_VALUE && hFile == g_hDeviceToSpyOn) {
  306. bytesRead = lpNumberOfBytesRead ? *lpNumberOfBytesRead :
  307. nNumberOfBytesToRead;
  308. if(bresult) {
  309. Log("Read %d bytes:\n", bytesRead);
  310. LogBytes((BYTE *)lpBuffer, bytesRead);
  311. } else {
  312. Log("Failure to read %d bytes, LastError() = %d:\n",
  313. nNumberOfBytesToRead, GetLastError());
  314. }
  315. }
  316. }
  318. return bresult;
  319. }
  321. //
  322. // Please, note that to see ReadEx bytes one needs to detour
  323. // the completion routine (we don't do it here).
  324. //
  325. BOOL WINAPI
  326. My_ReadFileEx(HANDLE hFile,
  327. LPCVOID lpBuffer,
  328. DWORD nNumberOfBytesToRead,
  329. LPOVERLAPPED lpOverlapped,
  330. LPOVERLAPPED_COMPLETION_ROUTINE lpOverlappedCompletion)
  331. {
  332. BOOL bresult;
  334. __try {
  335. bresult = Real_ReadFileEx(hFile, lpBuffer, nNumberOfBytesToRead, lpOverlapped, lpOverlappedCompletion);
  336. }
  338. __finally {
  339. if(g_hDeviceToSpyOn != INVALID_HANDLE_VALUE && hFile == g_hDeviceToSpyOn) {
  340. if(bresult) {
  341. Log("Submitted ReadEx for %d bytes:\n", nNumberOfBytesToRead);
  342. } else {
  343. Log("Failed to sumbit ReadEx for %d bytes, LastError() = %d:\n",
  344. nNumberOfBytesToRead, GetLastError());
  345. }
  346. }
  347. }
  349. return bresult;
  350. }
  354. BOOL WINAPI
  355. My_DeviceIoControl(HANDLE hFile, DWORD code, LPVOID inBuffer, DWORD cbIn,
  356. LPVOID outBuffer, DWORD cbOutSize, LPDWORD pcbOutActual, LPOVERLAPPED lpOverlapped)
  357. {
  358. BOOL result;
  359. DWORD outBytes;
  360. DWORD Function;
  361. __try {
  362. result = Real_DeviceIoControl(hFile, code, inBuffer, cbIn, outBuffer, cbOutSize, pcbOutActual, lpOverlapped);
  363. }
  364. __finally {
  365. if(g_hDeviceToSpyOn != INVALID_HANDLE_VALUE && hFile == g_hDeviceToSpyOn) {
  366. outBytes = pcbOutActual ? *pcbOutActual : cbOutSize;
  368. Function = (code >> 2) & 0xFFF;
  370. Log("DeviceIoControl code = %x, Function = %x, %d bytes in:\n",
  371. code, Function, cbIn);
  372. LogBytes((BYTE *)inBuffer, cbIn);
  373. if(outBytes) {
  374. Log(" %d bytes out:\n", outBytes);
  375. LogBytes((BYTE *)outBuffer, outBytes);
  376. }
  377. }
  378. }
  380. return result;
  381. }
  384. BOOL WINAPI
  385. My_CloseHandle(HANDLE hObject)
  386. {
  387. BOOL bresult;
  389. __try {
  390. bresult = Real_CloseHandle(hObject);
  391. }
  393. __finally {
  394. if(g_hDeviceToSpyOn != INVALID_HANDLE_VALUE && hObject == g_hDeviceToSpyOn) {
  395. Log("Closed handle %x\n", hObject);
  396. g_hDeviceToSpyOn = INVALID_HANDLE_VALUE;
  397. }
  398. }
  400. return bresult;
  401. }
  404. void PrepareLogger()
  405. {
  406. HKEY hKey;
  407. WCHAR buffer[MAX_PATH];
  409. // retrieve our configuration from the registry
  410. if(ERROR_SUCCESS == RegCreateKeyExW(HKEY_LOCAL_MACHINE, RWSpyKey,
  411. 0, NULL, 0, KEY_ALL_ACCESS, NULL, &hKey, NULL))
  412. {
  413. DWORD dwType, cbData = sizeof(buffer);
  415. cbData = sizeof(buffer);
  416. if(ERROR_SUCCESS == RegQueryValueExW(hKey, LogFileValueName, 0, &dwType, (BYTE *) buffer, &cbData) &&
  417. cbData)
  418. {
  419. ExpandEnvironmentStringsW(buffer, LogFileName, MAX_PATH);
  420. } else {
  421. // no log file name value found, create it so that users
  422. // would know what its name is
  423. cbData = lstrlenW(DefaultLogFileName) * sizeof(DefaultLogFileName[0]);
  424. RegSetValueExW(hKey, LogFileValueName, 0, REG_EXPAND_SZ, (BYTE *) DefaultLogFileName, cbData);
  425. }
  427. DeviceNameToSpyOn[0] = L'\0';
  428. cbData = sizeof(DeviceNameToSpyOn);
  429. if(ERROR_SUCCESS != RegQueryValueExW(hKey, DeviceValueName, NULL, &dwType, (LPBYTE) DeviceNameToSpyOn, &cbData)
  430. || !DeviceNameToSpyOn[0])
  431. {
  432. // no "FileToSpyOn" value found, create it so that users
  433. // would know what the value name is
  434. RegSetValueExW(hKey, DeviceValueName, 0, REG_SZ, (BYTE *)DeviceNameToSpyOn, sizeof(WCHAR));
  435. }
  436. RegCloseKey(hKey);
  437. }
  439. // if we still don't have file name, use the default one
  440. if(!LogFileName[0]) {
  441. ExpandEnvironmentStringsW(DefaultLogFileName, LogFileName, MAX_PATH);
  442. }
  444. OpenLog();
  446. DetourFunctionWithTrampoline((PBYTE) Real_CreateFileW, (PBYTE) My_CreateFileW);
  447. DetourFunctionWithTrampoline((PBYTE) Real_WriteFile, (PBYTE) My_WriteFile);
  448. DetourFunctionWithTrampoline((PBYTE) Real_WriteFileEx, (PBYTE) My_WriteFileEx);
  449. DetourFunctionWithTrampoline((PBYTE) Real_ReadFile, (PBYTE) My_ReadFile);
  450. DetourFunctionWithTrampoline((PBYTE) Real_ReadFileEx, (PBYTE) My_ReadFileEx);
  451. DetourFunctionWithTrampoline((PBYTE) Real_DeviceIoControl, (PBYTE) My_DeviceIoControl);
  452. DetourFunctionWithTrampoline((PBYTE) Real_CloseHandle, (PBYTE) My_CloseHandle);
  453. }
  457. BOOL APIENTRY DllMain(HINSTANCE hModule, DWORD dwReason, PVOID lpReserved)
  458. {
  459. switch (dwReason) {
  460. case DLL_PROCESS_ATTACH:
  461. PrepareLogger();
  462. break;
  463. case DLL_PROCESS_DETACH:
  464. CloseLog();
  465. break;
  466. case DLL_THREAD_ATTACH:
  467. case DLL_THREAD_DETACH:
  468. break;
  469. }
  470. return TRUE;
  471. }
  474. // This is necessary for detours static injection code (see detours
  475. // code if you need to understand why)
  476. void NullExport()
  477. {
  478. }