Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

380 lines
9.9 KiB

/*++
Copyright (c) 1998 Microsoft Corporation
Module Name:
snapshot.c
Abstract:
Implements a memdb-based snapshot of all files, directories, registry keys and
registry values.
Author:
Jim Schmidt (jimschm) 13-Mar-1998
Revision History:
<alias> <date> <comments>
--*/
#include "pch.h"
#define S_SNAPSHOT_A "Snapshot"
BOOL
pGetFullKeyA (
IN OUT PSTR Object
)
{
MEMDB_ENUMA e;
CHAR Pattern[MEMDB_MAX];
PSTR p;
wsprintfA (Pattern, "%s*", Object);
if (MemDbEnumFirstValue (&e, Pattern, MEMDB_THIS_LEVEL_ONLY, MEMDB_ENDPOINTS_ONLY)) {
p = _mbsrchr (Object, TEXT('\\'));
if (p) {
p = _mbsinc (p);
} else {
p = Object;
}
StringCopyA (p, e.szName);
return TRUE;
} else {
return FALSE;
}
}
VOID
pSnapDirsA (
IN PCSTR Drive,
IN BOOL DiffMode,
IN HANDLE DiffHandle OPTIONAL
)
{
TREE_ENUMA FileEnum;
CHAR Node[MEMDB_MAX];
DWORD Value;
//
// Enumerate the file system
//
if (EnumFirstFileInTreeA (&FileEnum, Drive, NULL, TRUE)) {
do {
wsprintfA (
Node,
"%s\\%s\\%u\\%u%u",
S_SNAPSHOT_A,
FileEnum.FullPath,
FileEnum.FindData->nFileSizeLow,
FileEnum.FindData->ftLastWriteTime.dwHighDateTime,
FileEnum.FindData->ftLastWriteTime.dwLowDateTime
);
if (!DiffMode) {
MemDbSetValueA (Node, SNAP_RESULT_DELETED);
} else {
Value = SNAP_RESULT_UNCHANGED;
if (!MemDbGetValueA (Node, NULL)) {
if (DiffHandle) {
WriteFileStringA (DiffHandle, FileEnum.FullPath);
WriteFileStringA (DiffHandle, "\r\n");
}
wsprintfA (Node, "%s\\%s,", S_SNAPSHOT_A, FileEnum.FullPath);
Value = SNAP_RESULT_CHANGED;
if (!pGetFullKeyA (Node)) {
wsprintfA (
Node,
"%s\\%s\\%u\\%u%u",
S_SNAPSHOT_A,
FileEnum.FullPath,
FileEnum.FindData->nFileSizeLow,
FileEnum.FindData->ftLastWriteTime.dwHighDateTime,
FileEnum.FindData->ftLastWriteTime.dwLowDateTime
);
Value = SNAP_RESULT_ADDED;
}
}
MemDbSetValueA (Node, Value);
}
} while (EnumNextFileInTreeA (&FileEnum));
}
}
VOID
pSnapAllDrivesA (
IN BOOL DiffMode,
IN HANDLE DiffHandle OPTIONAL
)
{
CHAR Drives[256];
MULTISZ_ENUMA e;
if (GetLogicalDriveStringsA (256, Drives)) {
if (EnumFirstMultiSzA (&e, Drives)) {
do {
if (DRIVE_FIXED == GetDriveTypeA (e.CurrentString)) {
pSnapDirsA (e.CurrentString, DiffMode, DiffHandle);
break;
}
} while (EnumNextMultiSzA (&e));
}
}
}
VOID
pSnapRegistryHiveA (
IN PCSTR Hive,
IN BOOL DiffMode,
IN HANDLE DiffHandle OPTIONAL
)
{
REGTREE_ENUMA RegEnum;
REGVALUE_ENUMA RegValue;
CHAR Node[MEMDB_MAX];
PBYTE Data;
DWORD Checksum;
PBYTE p;
UINT Count;
DWORD Value;
if (EnumFirstRegKeyInTreeA (&RegEnum, Hive)) {
do {
wsprintfA (
Node,
"%s\\%s",
S_SNAPSHOT_A,
RegEnum.FullKeyName
);
if (!DiffMode) {
MemDbSetValueA (Node, SNAP_RESULT_DELETED);
} else {
if (!MemDbGetValueA (Node, NULL)) {
if (DiffHandle) {
WriteFileStringA (DiffHandle, RegEnum.FullKeyName);
WriteFileStringA (DiffHandle, "\r\n");
}
} else {
MemDbSetValueA (Node, SNAP_RESULT_UNCHANGED);
}
}
if (EnumFirstRegValueA (&RegValue, RegEnum.CurrentKey->KeyHandle)) {
do {
Data = GetRegValueData (RegValue.KeyHandle, RegValue.ValueName);
if (!Data) {
continue;
}
Checksum = RegValue.Type;
p = Data;
for (Count = 0 ; Count < RegValue.DataSize ; Count++) {
Checksum = (Checksum << 1) | (Checksum >> 31) | *p;
p++;
}
MemFree (g_hHeap, 0, Data);
wsprintfA (
Node,
"%s\\%s\\[%s],%u",
S_SNAPSHOT_A,
RegEnum.FullKeyName,
RegValue.ValueName,
Checksum
);
if (!DiffMode) {
MemDbSetValueA (Node, SNAP_RESULT_DELETED);
} else {
Value = SNAP_RESULT_UNCHANGED;
if (!MemDbGetValueA (Node, NULL)) {
WriteFileStringA (DiffHandle, RegEnum.FullKeyName);
WriteFileStringA (DiffHandle, " [");
WriteFileStringA (DiffHandle, RegValue.ValueName);
WriteFileStringA (DiffHandle, "]\r\n");
wsprintfA (
Node,
"%s\\%s\\[%s],",
S_SNAPSHOT_A,
RegEnum.FullKeyName,
RegValue.ValueName
);
Value = SNAP_RESULT_CHANGED;
if (!pGetFullKeyA (Node)) {
wsprintfA (
Node,
"%s\\%s\\[%s],%u",
S_SNAPSHOT_A,
RegEnum.FullKeyName,
RegValue.ValueName,
Checksum
);
Value = SNAP_RESULT_ADDED;
}
}
MemDbSetValueA (Node, Value);
}
} while (EnumNextRegValueA (&RegValue));
}
} while (EnumNextRegKeyInTreeA (&RegEnum));
}
}
VOID
pSnapRegistryA (
IN BOOL DiffMode,
IN HANDLE DiffHandle OPTIONAL
)
{
pSnapRegistryHiveA (TEXT("HKLM"), DiffMode, DiffHandle);
pSnapRegistryHiveA (TEXT("HKU"), DiffMode, DiffHandle);
}
VOID
TakeSnapShotEx (
IN DWORD SnapFlags
)
{
MemDbCreateTemporaryKeyA (S_SNAPSHOT_A);
if (SnapFlags & SNAP_FILES) {
pSnapAllDrivesA (FALSE, NULL);
}
if (SnapFlags & SNAP_REGISTRY) {
pSnapRegistryA (FALSE, NULL);
}
}
BOOL
GenerateDiffOutputExA (
IN PCSTR FileName,
IN PCSTR Comment, OPTIONAL
IN BOOL Append,
IN DWORD SnapFlags
)
{
HANDLE File = NULL;
MEMDB_ENUMA e;
if (FileName) {
File = CreateFileA (
FileName,
GENERIC_WRITE,
0,
NULL,
Append ? OPEN_ALWAYS : CREATE_ALWAYS,
FILE_ATTRIBUTE_NORMAL,
NULL
);
if (File == INVALID_HANDLE_VALUE) {
DEBUGMSG ((DBG_ERROR, "Can't open %s for output", FileName));
return FALSE;
}
if (Append) {
SetFilePointer (File, 0, NULL, FILE_END);
}
if (Comment) {
WriteFileStringA (File, Comment);
WriteFileStringA (File, "\r\n");
}
WriteFileStringA (File, "Changes:\r\n");
}
if (SnapFlags & SNAP_FILES) {
pSnapAllDrivesA (TRUE, File);
}
if (SnapFlags & SNAP_REGISTRY) {
pSnapRegistryA (TRUE, File);
}
if (File) {
WriteFileStringA (File, "\r\nDeleted Settings:\r\n");
if (MemDbGetValueExA (&e, S_SNAPSHOT_A, NULL, NULL)) {
do {
if (e.dwValue == SNAP_RESULT_DELETED) {
WriteFileStringA (File, e.szName);
WriteFileStringA (File, "\r\n");
}
} while (MemDbEnumNextValue (&e));
}
WriteFileStringA (File, "\r\nEnd.\r\n\r\n");
CloseHandle (File);
}
return TRUE;
}
BOOL
EnumFirstSnapFileA (
IN OUT PSNAP_FILE_ENUMA e,
IN PCSTR FilePattern, OPTIONAL
IN DWORD SnapStatus
)
{
CHAR node[MEMDB_MAX];
e->FilePattern = FilePattern;
e->SnapStatus = SnapStatus;
e->FirstCall = TRUE;
MemDbBuildKeyA (node, S_SNAPSHOT_A, "*", NULL, NULL);
if (!MemDbEnumFirstValue (&(e->mEnum), node, MEMDB_ALL_SUBLEVELS, MEMDB_ENDPOINTS_ONLY)) {
return FALSE;
}
return EnumNextSnapFileA (e);
}
BOOL
EnumNextSnapFileA (
IN OUT PSNAP_FILE_ENUMA e
)
{
PSTR lastWack;
while (e->FirstCall?(e->FirstCall = FALSE, TRUE):MemDbEnumNextValue (&(e->mEnum))) {
StringCopyA (e->FileName, e->mEnum.szName);
lastWack = _mbsrchr (e->FileName, '\\');
if (lastWack) {
*lastWack = 0;
lastWack = _mbsrchr (e->FileName, '\\');
if (lastWack) {
*lastWack = 0;
}
}
if (e->FilePattern && (!IsPatternMatch (e->FilePattern, e->FileName))) {
continue;
}
if ((e->SnapStatus & e->mEnum.dwValue) == 0) {
continue;
}
return TRUE;
}
return FALSE;
}