mirror of https://github.com/tongzx/nt5src
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
87 lines
2.5 KiB
87 lines
2.5 KiB
#define UNICODE
|
|
#define _UNICODE
|
|
#include <stdlib.h>
|
|
#include <stdio.h>
|
|
#include <nt.h>
|
|
#include <ntrtl.h>
|
|
#include <nturtl.h>
|
|
#include <windows.h>
|
|
|
|
|
|
#define MAX_SNAPSHOT_SIZE 2048
|
|
typedef BOOL (*SNAPSHOTFUNC)(DWORD Flags, LPCTSTR *lpStrings, PLONG MaxBuffSize, LPTSTR SnapShotBuff);
|
|
|
|
_cdecl main()
|
|
{
|
|
HANDLE hEventLog;
|
|
PSID pUserSid = NULL;
|
|
PTOKEN_USER pTokenUser = NULL;
|
|
DWORD dwSidSize = sizeof(SID), dwEventID;
|
|
WCHAR szProcessName[MAX_PATH + 1], szReason[128];
|
|
WCHAR szComputerName[MAX_COMPUTERNAME_LENGTH + 1];
|
|
LPWSTR lpStrings[7];
|
|
WORD wEventType, wStringCnt;
|
|
WCHAR szShutdownType[32], szMinorReason[32];
|
|
BOOL bRet = FALSE;
|
|
HMODULE hSnapShot;
|
|
SNAPSHOTFUNC pSnapShotProc;
|
|
struct {
|
|
DWORD Reason ;
|
|
WCHAR SnapShotBuf[MAX_SNAPSHOT_SIZE];
|
|
} SnapShot ;
|
|
LONG SnapShotSize = MAX_SNAPSHOT_SIZE ;
|
|
WCHAR wszDll[MAX_PATH];
|
|
INT sTicks, eTicks;
|
|
|
|
wStringCnt = 6;
|
|
lpStrings[0] = L"TestProcess";
|
|
lpStrings[1] = L"TestComputer";
|
|
lpStrings[2] = L"4";
|
|
lpStrings[3] = L"2";
|
|
lpStrings[4] = L"Reboot";
|
|
lpStrings[5] = L"This is a test comment";
|
|
|
|
|
|
//take a snapshot if shutdown is unplanned.
|
|
|
|
|
|
//GetWindowsDirectoryW(wszDll, sizeof(wszDll) / sizeof(WCHAR));
|
|
//wcsncat(wszDll, L"\\system32\\snapshot.dll",MAX_PATH - wcslen(wszDll));
|
|
wsprintf(wszDll,L"snapshot.dll");
|
|
|
|
hSnapShot = LoadLibrary(wszDll);
|
|
if (! hSnapShot) {
|
|
printf("Load %S failed!\n",wszDll);
|
|
} else {
|
|
pSnapShotProc = (SNAPSHOTFUNC)GetProcAddress(hSnapShot, "LogSystemSnapshot");
|
|
if (!pSnapShotProc) {
|
|
printf("GetProcAddress for LogSystemSnapshot on snapshot.dll failed!\n");
|
|
} else {
|
|
SnapShotSize = MAX_SNAPSHOT_SIZE ;
|
|
__try { // Assume the worst about the snapshot DLL!
|
|
|
|
printf("Calling the snapshot DLL\n");
|
|
|
|
sTicks = GetTickCount();
|
|
(*pSnapShotProc)(0,lpStrings,&SnapShotSize,&SnapShot.SnapShotBuf[0]);
|
|
eTicks = GetTickCount();
|
|
|
|
} __except(EXCEPTION_EXECUTE_HANDLER) {
|
|
|
|
printf("Exception Occurred!\n");
|
|
wsprintf(SnapShot.SnapShotBuf, L"State Snapshot took an exception\n");
|
|
eTicks = sTicks = 0 ;
|
|
|
|
}
|
|
SnapShotSize = wcslen(SnapShot.SnapShotBuf) ;
|
|
}
|
|
FreeLibrary(hSnapShot);
|
|
|
|
if (SnapShotSize > 0) {
|
|
printf("Snapshot buffer is %d bytes\n%S\n",SnapShotSize,SnapShot.SnapShotBuf);
|
|
printf("Time Taken %dms\n",eTicks-sTicks);
|
|
}
|
|
|
|
}
|
|
}
|
|
|