mirror of https://github.com/tongzx/nt5src
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
891 lines
21 KiB
891 lines
21 KiB
//+-------------------------------------------------------------------------
|
|
//
|
|
// Microsoft Windows
|
|
//
|
|
// Copyright (C) Microsoft Corporation, 1999 - 2000
|
|
//
|
|
// File: filedata.cpp
|
|
//
|
|
//--------------------------------------------------------------------------
|
|
|
|
// FileData.cpp: implementation of the CFileData class.
|
|
//
|
|
//////////////////////////////////////////////////////////////////////
|
|
|
|
|
|
#ifndef NO_STRICT
|
|
#ifndef STRICT
|
|
#define STRICT 1
|
|
#endif
|
|
#endif /* NO_STRICT */
|
|
|
|
#include <WINDOWS.H>
|
|
#include <string.h>
|
|
#include <stdlib.h>
|
|
#include <stdio.h>
|
|
#include <wtypes.h>
|
|
#include <winnt.h>
|
|
|
|
#include <time.h>
|
|
#include "FileData.h"
|
|
#include "Globals.h"
|
|
#include "Version.h"
|
|
#include "Processes.h"
|
|
#include "ProcessInfo.h"
|
|
#include "Modules.h"
|
|
#include "UtilityFunctions.h"
|
|
|
|
//////////////////////////////////////////////////////////////////////
|
|
// Construction/Destruction
|
|
//////////////////////////////////////////////////////////////////////
|
|
|
|
CFileData::CFileData()
|
|
{
|
|
m_dwGetLastError = 0;
|
|
m_hFileHandle = INVALID_HANDLE_VALUE;
|
|
m_tszFilePath = NULL;
|
|
m_szLINEBUFFER[0] = 0;
|
|
m_hFileMappingObject = NULL;
|
|
m_lpBaseAddress = NULL;
|
|
m_lpCurrentFilePointer = NULL;
|
|
m_lpCurrentLocationInLINEBUFFER = NULL;
|
|
}
|
|
|
|
CFileData::~CFileData()
|
|
{
|
|
if (m_tszFilePath)
|
|
delete [] m_tszFilePath;
|
|
|
|
if (m_lpBaseAddress)
|
|
UnmapViewOfFile(m_lpBaseAddress);
|
|
|
|
if (m_hFileMappingObject)
|
|
CloseHandle(m_hFileMappingObject);
|
|
}
|
|
|
|
bool CFileData::SetFilePath(LPTSTR tszFilePath)
|
|
{
|
|
// Did we get a proper string?
|
|
if (!tszFilePath)
|
|
return false;
|
|
|
|
if (m_tszFilePath)
|
|
delete [] m_tszFilePath;
|
|
|
|
m_tszFilePath = new TCHAR[(_tcsclen(tszFilePath)+1)];
|
|
|
|
if (!m_tszFilePath)
|
|
return false;
|
|
|
|
_tcscpy(m_tszFilePath, tszFilePath);
|
|
return true;
|
|
}
|
|
|
|
LPTSTR CFileData::GetFilePath()
|
|
{
|
|
return m_tszFilePath;
|
|
}
|
|
|
|
bool CFileData::VerifyFileDirectory()
|
|
{
|
|
if (!m_tszFilePath)
|
|
return false;
|
|
|
|
TCHAR tszDrive[_MAX_DRIVE];
|
|
TCHAR tszDirectory[_MAX_DIR];
|
|
|
|
TCHAR tszDirectoryPath[_MAX_PATH];
|
|
|
|
// Get just the directory...
|
|
_tsplitpath(m_tszFilePath, tszDrive, tszDirectory, NULL, NULL);
|
|
|
|
// Now, recompose this into a directory path...
|
|
_tcscpy(tszDirectoryPath, tszDrive);
|
|
_tcscat(tszDirectoryPath, tszDirectory);
|
|
_tcscat(tszDirectoryPath, TEXT("*.*"));
|
|
|
|
WIN32_FIND_DATA FindFileData;
|
|
|
|
HANDLE hDirectoryHandle = FindFirstFile(tszDirectoryPath, &FindFileData);
|
|
|
|
if (hDirectoryHandle == INVALID_HANDLE_VALUE)
|
|
{
|
|
// Failure to find the directory...
|
|
SetLastError();
|
|
return false;
|
|
}
|
|
|
|
// Close this now that we're done...
|
|
FindClose(hDirectoryHandle);
|
|
return true;
|
|
}
|
|
|
|
/*
|
|
DWORD CFileData::GetLastError()
|
|
{
|
|
return m_dwGetLastError;
|
|
}
|
|
*/
|
|
bool CFileData::OpenFile(DWORD dwCreateOption, bool fReadOnlyMode)
|
|
{
|
|
if (!m_tszFilePath)
|
|
{
|
|
return false;
|
|
}
|
|
|
|
// Open the file for read/write
|
|
m_hFileHandle = CreateFile(m_tszFilePath,
|
|
fReadOnlyMode ? ( GENERIC_READ )
|
|
: ( GENERIC_READ | GENERIC_WRITE ),
|
|
0, // Not shareable
|
|
NULL, // Default security descriptor
|
|
dwCreateOption,
|
|
FILE_ATTRIBUTE_NORMAL,
|
|
NULL);
|
|
|
|
if (m_hFileHandle == INVALID_HANDLE_VALUE)
|
|
{
|
|
SetLastError();
|
|
return false;
|
|
}
|
|
|
|
return true;
|
|
}
|
|
|
|
bool CFileData::CloseFile()
|
|
{
|
|
if (m_hFileHandle == INVALID_HANDLE_VALUE)
|
|
{
|
|
return false;
|
|
}
|
|
|
|
if (!CloseHandle(m_hFileHandle))
|
|
{
|
|
SetLastError();
|
|
return false;
|
|
}
|
|
|
|
m_hFileHandle = INVALID_HANDLE_VALUE;
|
|
return true;
|
|
}
|
|
|
|
bool CFileData::WriteString(LPTSTR tszString, bool fHandleQuotes /* = false */)
|
|
{
|
|
DWORD dwByteCount = 0;
|
|
DWORD dwBytesWritten;
|
|
LPSTR szStringBuffer = NULL; // Pointer to the ANSI string (after conversion if necessary)
|
|
bool fReturn = false;
|
|
|
|
if (m_hFileHandle == INVALID_HANDLE_VALUE)
|
|
{
|
|
goto cleanup;
|
|
}
|
|
|
|
// We'll first convert the string if we need to...
|
|
|
|
szStringBuffer = CUtilityFunctions::CopyTSTRStringToAnsi(tszString);
|
|
|
|
if (!szStringBuffer)
|
|
goto cleanup;
|
|
|
|
dwByteCount = _tcsclen(tszString); // This is the number of characters (not bytes!)
|
|
|
|
// See if we were asked to handle quotes, and if there exists a comma or quote in the string
|
|
if ( fHandleQuotes == true && ((strchr(szStringBuffer, ',') || strchr(szStringBuffer, '"' ))) )
|
|
{
|
|
unsigned int iQuotedStringIndex = 0;
|
|
unsigned int iStringBufferIndex = 0;
|
|
|
|
// Special processing is required... this doesn't happen often, so this
|
|
// allocation which I'm about to make won't be done regularly...
|
|
LPSTR szQuotedStringBuffer = new char[1024];
|
|
|
|
// Did we successfully allocate storage?
|
|
if (!szQuotedStringBuffer)
|
|
goto cleanup;
|
|
|
|
// Keep going until we're at the end of the string...
|
|
|
|
// We start by adding a quote (since we know that we have a comma or quote somewhere...
|
|
|
|
szQuotedStringBuffer[iQuotedStringIndex++] = '\"';
|
|
|
|
// Keep going until the end of the string...
|
|
while (szStringBuffer[iStringBufferIndex] != '\0')
|
|
{
|
|
// We found a quote
|
|
if (szStringBuffer[iStringBufferIndex] == '"')
|
|
{
|
|
// We found a quote... I'll copy another quote in, and the quote already here
|
|
// will ensure we have two quotes together "" which in a CSV file represents a
|
|
// single quote...
|
|
szQuotedStringBuffer[iQuotedStringIndex++] = '\"';
|
|
}
|
|
|
|
// Copy the source char to the dest...
|
|
szQuotedStringBuffer[iQuotedStringIndex++] = szStringBuffer[iStringBufferIndex++];
|
|
}
|
|
|
|
// Append the final quote (and \0)...
|
|
szQuotedStringBuffer[iQuotedStringIndex++] = '\"';
|
|
szQuotedStringBuffer[iQuotedStringIndex++] = '\0';
|
|
|
|
// Just write out the data the nice, fast way...
|
|
if (!WriteFile(m_hFileHandle, szQuotedStringBuffer, strlen(szQuotedStringBuffer), &dwBytesWritten, NULL))
|
|
{
|
|
delete [] szQuotedStringBuffer;
|
|
goto cleanup;
|
|
}
|
|
|
|
delete [] szQuotedStringBuffer;
|
|
} else
|
|
{
|
|
// Just write out the data the nice, fast way...
|
|
if (!WriteFile(m_hFileHandle, szStringBuffer, dwByteCount, &dwBytesWritten, NULL))
|
|
{
|
|
goto cleanup;
|
|
}
|
|
}
|
|
|
|
fReturn = true;
|
|
|
|
cleanup:
|
|
|
|
if (szStringBuffer)
|
|
delete [] szStringBuffer;
|
|
|
|
return fReturn;
|
|
}
|
|
|
|
bool CFileData::WriteDWORD(DWORD dwNumber)
|
|
{
|
|
TCHAR tszBuffer[10+1]; // 0xFFFFFFFF == 4294967295 (10 characters) + 1 for the \0
|
|
|
|
_stprintf(tszBuffer, TEXT("%u"), dwNumber);
|
|
|
|
if (!WriteString(tszBuffer))
|
|
return false;
|
|
|
|
return true;
|
|
}
|
|
|
|
bool CFileData::WriteTimeDateString(time_t Time)
|
|
{
|
|
enum {BUFFERSIZE = 128};
|
|
|
|
TCHAR tszBuffer[BUFFERSIZE];
|
|
struct tm * localTime = localtime(&Time);
|
|
|
|
if (localTime)
|
|
{
|
|
// This top version seems to be better Y2K friendly as I spit out the full year...
|
|
_tcsftime(tszBuffer, BUFFERSIZE, TEXT("%B %d, %Y %H:%M:%S"), localTime);
|
|
//_tcsftime(tszBuffer, BUFFERSIZE, TEXT("%c"), localtime(&Time));
|
|
|
|
if (!WriteString(tszBuffer, true))
|
|
return false;
|
|
} else
|
|
{ // A bad TimeDate stamp was provided
|
|
if (!WriteString(TEXT("<INVALID DATE>"), true))
|
|
return false;
|
|
}
|
|
|
|
return true;
|
|
}
|
|
|
|
bool CFileData::WriteFileHeader()
|
|
{
|
|
enum {BUFFERSIZE = 128};
|
|
TCHAR tszBuffer[BUFFERSIZE];
|
|
DWORD dwNum = BUFFERSIZE;
|
|
|
|
// Write the Checksym version info...
|
|
_stprintf(tszBuffer, TEXT("CHECKSYM, (%d.%d:%d.%d)\r\n"), VERSION_FILEVERSION);
|
|
|
|
if (!WriteString(tszBuffer))
|
|
return false;
|
|
|
|
// Write the current date/time info...
|
|
|
|
if (!WriteString(TEXT("Created:,")))
|
|
return false;
|
|
|
|
time_t Time;
|
|
time(&Time);
|
|
|
|
if (!WriteTimeDateString(Time))
|
|
return false;
|
|
|
|
// Write the carriage-return line-feed combo...
|
|
if (!WriteString(TEXT("\r\n")))
|
|
return false;
|
|
|
|
// Spit out the computername
|
|
if (!GetComputerName(tszBuffer, &dwNum))
|
|
return false;
|
|
|
|
if (!WriteString(TEXT("Computer:,")))
|
|
return false;
|
|
|
|
if (!WriteString(tszBuffer))
|
|
return false;
|
|
|
|
// Write the carriage-return line-feed combo... (a couple of times)...
|
|
if (!WriteString(TEXT("\r\n")))
|
|
return false;
|
|
|
|
|
|
return true;
|
|
}
|
|
|
|
void CFileData::PrintLastError()
|
|
{
|
|
CUtilityFunctions::PrintMessageString(GetLastError());
|
|
}
|
|
|
|
bool CFileData::CreateFileMapping()
|
|
{
|
|
m_hFileMappingObject = ::CreateFileMapping(m_hFileHandle,
|
|
NULL,
|
|
PAGE_READONLY | SEC_COMMIT,
|
|
0,
|
|
0,
|
|
NULL);
|
|
|
|
if (m_hFileMappingObject == NULL)
|
|
{
|
|
SetLastError();
|
|
return false;
|
|
}
|
|
|
|
// Okay, we'll map the view as well...
|
|
m_lpBaseAddress = MapViewOfFile(m_hFileMappingObject,
|
|
FILE_MAP_READ,
|
|
0,
|
|
0,
|
|
0);
|
|
|
|
if (m_lpBaseAddress == NULL)
|
|
{
|
|
SetLastError();
|
|
return false;
|
|
}
|
|
|
|
m_lpCurrentFilePointer = (LPSTR) m_lpBaseAddress;
|
|
|
|
return true;
|
|
}
|
|
|
|
bool CFileData::ReadFileHeader()
|
|
{
|
|
// For starters, let's read a line...
|
|
if (!ReadFileLine())
|
|
return false;
|
|
|
|
enum { BUFFER_SIZE = 128};
|
|
char szTemporaryBuffer[BUFFER_SIZE];
|
|
DWORD cbBytesRead;
|
|
|
|
cbBytesRead = ReadString(szTemporaryBuffer, BUFFER_SIZE);
|
|
|
|
// We gotta read something?
|
|
if (0 == cbBytesRead)
|
|
return false;
|
|
|
|
// Look for our "Magic" Value
|
|
if (_stricmp(szTemporaryBuffer, "CHECKSYM"))
|
|
{
|
|
_tprintf(TEXT("Error: Input file has invalid header. Missing CHECKSYM keyword!\n"));
|
|
return false;
|
|
}
|
|
|
|
// Read version number
|
|
// We'll do this later if needed...
|
|
|
|
// Read Created Time
|
|
if (!ReadFileLine())
|
|
return false;
|
|
|
|
// Read Computer this was created on
|
|
if (!ReadFileLine())
|
|
return false;
|
|
|
|
return true;
|
|
}
|
|
|
|
bool CFileData::ReadFileLine()
|
|
{
|
|
// We're ansi oriented (since this is a CSV file -- in case you were wondering)
|
|
size_t pos;
|
|
|
|
// Find the first \r or \n character (if we're point to \0, we'll figure that out)
|
|
pos = strcspn(m_lpCurrentFilePointer, "\r\n");
|
|
|
|
// Hmm... we don't read a line that starts on \r\n very well...
|
|
if (pos == 0)
|
|
{
|
|
m_szLINEBUFFER[0] = '\0';
|
|
ResetBufferPointerToStart();
|
|
return false;
|
|
}
|
|
|
|
// Read the line into our buffer
|
|
strncpy(m_szLINEBUFFER, m_lpCurrentFilePointer, pos);
|
|
|
|
// Null terminate for ease of use...
|
|
m_szLINEBUFFER[pos] = '\0';
|
|
|
|
ResetBufferPointerToStart();
|
|
|
|
// Advance the current file pointer to just beyond the last character we read...
|
|
// This should advance to the \r\n or \0
|
|
m_lpCurrentFilePointer += pos;
|
|
|
|
// We want this file pointer to advance beyond any \r \n chars we may have found...
|
|
while (*m_lpCurrentFilePointer)
|
|
{
|
|
// Advance pointer to non- \r or \n
|
|
if ( (*m_lpCurrentFilePointer == '\r') ||
|
|
(*m_lpCurrentFilePointer == '\n') )
|
|
{
|
|
m_lpCurrentFilePointer++;
|
|
}
|
|
else
|
|
{
|
|
break; // Found either the \0 or something else...
|
|
}
|
|
}
|
|
|
|
return true;
|
|
}
|
|
|
|
DWORD CFileData::ReadString(LPSTR szStringBuffer, DWORD iStringBufferSize)
|
|
{
|
|
// If we give a buffer size, we have to give a buffer...
|
|
if ( szStringBuffer == NULL && iStringBufferSize )
|
|
return 0;
|
|
|
|
// The ReadFileLine() call puts us at the start of a line (after
|
|
// the \r \n combinations... It's possible that we're at the
|
|
// end...
|
|
|
|
// If we're pointing to the end of the file, let's bail...
|
|
if (*m_lpCurrentLocationInLINEBUFFER == '\0')
|
|
return 0;
|
|
|
|
DWORD iBytesCopied = 0;
|
|
bool fFinished = false;
|
|
bool fFoundSeparatorChars = false; // These might be '\r', '\n', or ','
|
|
bool fQuoteMode = false;
|
|
|
|
while (!fFinished)
|
|
{
|
|
switch (*m_lpCurrentLocationInLINEBUFFER)
|
|
{
|
|
case '"':
|
|
// Okay, we found a quote... that's cool.. but are we quoting a quote,
|
|
// or... are we in quote mode?
|
|
|
|
// Probe ahead... is the next char a '"' also?
|
|
if ( *(m_lpCurrentLocationInLINEBUFFER+1) == '"')
|
|
{
|
|
// Yes it is... so go ahead and copy the quote
|
|
CopyCharIfRoom(iStringBufferSize, szStringBuffer, &iBytesCopied, &fFinished);
|
|
if (!fFinished)
|
|
*(m_lpCurrentLocationInLINEBUFFER++); // Skip the quote
|
|
}
|
|
else
|
|
{
|
|
*(m_lpCurrentLocationInLINEBUFFER++);
|
|
fQuoteMode = !fQuoteMode; // Toggle the quote mode...
|
|
continue;
|
|
}
|
|
|
|
case '\0':
|
|
fFinished = true;
|
|
break;
|
|
|
|
case ',':
|
|
if (!fQuoteMode)
|
|
{ // If we're not in quote mode, then this marks the end of a field...
|
|
fFinished = true;
|
|
fFoundSeparatorChars = true;
|
|
*(m_lpCurrentLocationInLINEBUFFER++);
|
|
}
|
|
else
|
|
{
|
|
// Okay, this marks a new character that happens to be a comma...
|
|
CopyCharIfRoom(iStringBufferSize, szStringBuffer, &iBytesCopied, &fFinished);
|
|
}
|
|
break;
|
|
|
|
case '\r':
|
|
case '\n':
|
|
// We note that we found these, and simply advance the pointer...
|
|
fFoundSeparatorChars = true;
|
|
*(m_lpCurrentLocationInLINEBUFFER++);
|
|
break;
|
|
|
|
default:
|
|
|
|
if (fFoundSeparatorChars)
|
|
{
|
|
// We were scanning... found a separator after some data... so we bail
|
|
fFinished = true;
|
|
break;
|
|
}
|
|
|
|
CopyCharIfRoom(iStringBufferSize, szStringBuffer, &iBytesCopied, &fFinished);
|
|
}
|
|
}
|
|
|
|
if (iStringBufferSize) // We only NULL terminate a buffer if one was provided...
|
|
szStringBuffer[iBytesCopied] = '\0'; // Null terminate this puppy...
|
|
|
|
return iBytesCopied;
|
|
}
|
|
|
|
//
|
|
// This function is responsible for reading through the CSV file and creating any necessary
|
|
// objects and populating them with data...
|
|
//
|
|
bool CFileData::DispatchCollectionObject(CProcesses ** lplpProcesses, CProcessInfo ** lplpProcess, CModules ** lplpModules, CModules ** lplpKernelModeDrivers, CModuleInfoCache * lpModuleInfoCache, CFileData * lpOutputFile)
|
|
{
|
|
enum { BUFFER_SIZE = 128};
|
|
char szTemporaryBuffer[BUFFER_SIZE];
|
|
TCHAR tszTemporaryBuffer[BUFFER_SIZE];
|
|
DWORD cbBytesRead;
|
|
bool fContinueReading = true;
|
|
|
|
// Read the Output Type
|
|
if (!ReadFileLine())
|
|
return false;
|
|
|
|
while (fContinueReading)
|
|
{
|
|
// If this is the second iteration (or more) we may not be at the
|
|
// start of our buffer (causing the read of the output type to fail)
|
|
ResetBufferPointerToStart();
|
|
|
|
// Read the Output Type line...
|
|
cbBytesRead = ReadString(szTemporaryBuffer, BUFFER_SIZE);
|
|
|
|
// We gotta read something?
|
|
if (0 == cbBytesRead)
|
|
return true;
|
|
|
|
// I hate to do this... but we read this stuff as ASCII... may need to
|
|
// convert to a TCHAR format to be neutral...
|
|
CUtilityFunctions::CopyAnsiStringToTSTR(szTemporaryBuffer, tszTemporaryBuffer, cbBytesRead+1);
|
|
|
|
// Printout the section we're attempting to read...
|
|
if (!g_lpProgramOptions->GetMode(CProgramOptions::QuietMode))
|
|
_tprintf(TEXT(" Reading %s data...\n"), tszTemporaryBuffer);
|
|
|
|
if ( _tcsicmp(g_tszCollectionArray[Processes].tszCSVLabel, tszTemporaryBuffer) == 0 )
|
|
{
|
|
/*
|
|
[PROCESSES]
|
|
*/
|
|
|
|
// Read to the end of the line
|
|
if (!ReadFileLine())
|
|
return false;
|
|
|
|
// Yup, it is... let's create a Processes Object
|
|
if (*lplpProcesses == NULL)
|
|
{
|
|
// Allocate a structure for our Processes Object.
|
|
*lplpProcesses = new CProcesses();
|
|
|
|
if (!*lplpProcesses)
|
|
{
|
|
_tprintf(TEXT("Unable to allocate memory for the processes object!\n"));
|
|
goto cleanup;
|
|
}
|
|
|
|
// The Processes Object will init differently depending on what
|
|
// Command-Line arguments have been provided...
|
|
if (!(*lplpProcesses)->Initialize(lpModuleInfoCache, this, lpOutputFile))
|
|
{
|
|
_tprintf(TEXT("Unable to initialize Processes Object!\n"));
|
|
goto cleanup;
|
|
}
|
|
}
|
|
|
|
// Okay, go get the Process Data...
|
|
(*lplpProcesses)->GetProcessesData();
|
|
|
|
} else
|
|
if ( _tcsicmp(g_tszCollectionArray[Process].tszCSVLabel, tszTemporaryBuffer) == 0 )
|
|
{
|
|
/*
|
|
[PROCESS]
|
|
*/
|
|
// Read to the end of the line
|
|
if (!ReadFileLine())
|
|
return false;
|
|
|
|
// Yup, it is... let's create a ProcessInfo Object
|
|
if (*lplpProcess== NULL)
|
|
{
|
|
// Allocate a structure for our ProcessInfo Object.
|
|
*lplpProcess = new CProcessInfo();
|
|
|
|
if (!*lplpProcess)
|
|
{
|
|
_tprintf(TEXT("Unable to allocate memory for the processinfo object!\n"));
|
|
goto cleanup;
|
|
}
|
|
|
|
// The Modules Object will init differently depending on what
|
|
// Command-Line arguments have been provided...
|
|
if (!(*lplpProcess)->Initialize(lpModuleInfoCache, this, lpOutputFile, NULL))
|
|
{
|
|
_tprintf(TEXT("Unable to initialize Modules Object!\n"));
|
|
goto cleanup;
|
|
}
|
|
}
|
|
|
|
// Okay, go get the Process Data
|
|
(*lplpProcess)->GetProcessData();
|
|
} else
|
|
if ( _tcsicmp(g_tszCollectionArray[Modules].tszCSVLabel, tszTemporaryBuffer) == 0 )
|
|
{
|
|
/*
|
|
[MODULES]
|
|
*/
|
|
// Read to the end of the line
|
|
if (!ReadFileLine())
|
|
return false;
|
|
|
|
// Yup, it is... let's create a Modules Object
|
|
if (*lplpModules == NULL)
|
|
{
|
|
// Allocate a structure for our Modules Object.
|
|
*lplpModules = new CModules();
|
|
|
|
if (!*lplpModules)
|
|
{
|
|
_tprintf(TEXT("Unable to allocate memory for the modules object!\n"));
|
|
goto cleanup;
|
|
}
|
|
|
|
// The Modules Object will init differently depending on what
|
|
// Command-Line arguments have been provided...
|
|
if (!(*lplpModules)->Initialize(lpModuleInfoCache, this, lpOutputFile, NULL))
|
|
{
|
|
_tprintf(TEXT("Unable to initialize Modules Object!\n"));
|
|
goto cleanup;
|
|
}
|
|
}
|
|
|
|
// Okay, go get the Modules Data (collected from the filesystem)
|
|
(*lplpModules)->GetModulesData(CProgramOptions::InputModulesDataFromFileSystemMode, true);
|
|
} else
|
|
if ( _tcsicmp(g_tszCollectionArray[KernelModeDrivers].tszCSVLabel, tszTemporaryBuffer) == 0 )
|
|
{
|
|
/*
|
|
[KERNEL-MODE DRIVERS]
|
|
*/
|
|
// Read to the end of the line
|
|
if (!ReadFileLine())
|
|
return false;
|
|
|
|
// Yup, it is... let's create a Modules Object
|
|
if (*lplpKernelModeDrivers == NULL)
|
|
{
|
|
// Allocate a structure for our Modules Object.
|
|
*lplpKernelModeDrivers = new CModules();
|
|
|
|
if (!*lplpKernelModeDrivers)
|
|
{
|
|
_tprintf(TEXT("Unable to allocate memory for the modules object!\n"));
|
|
goto cleanup;
|
|
}
|
|
|
|
// The Modules Object will init differently depending on what
|
|
// Command-Line arguments have been provided...
|
|
if (!(*lplpKernelModeDrivers)->Initialize(lpModuleInfoCache, this, lpOutputFile, NULL))
|
|
{
|
|
_tprintf(TEXT("Unable to initialize Modules Object!\n"));
|
|
goto cleanup;
|
|
}
|
|
}
|
|
|
|
// Okay, go get the Modules Data (collected from the filesystem)
|
|
(*lplpKernelModeDrivers)->GetModulesData(CProgramOptions::InputDriversFromLiveSystemMode, true);
|
|
} else
|
|
{
|
|
_tprintf(TEXT("Unrecognized section %s found!\n"), tszTemporaryBuffer);
|
|
return false;
|
|
}
|
|
}
|
|
|
|
cleanup:
|
|
return false;
|
|
}
|
|
|
|
bool CFileData::ReadDWORD(LPDWORD lpDWORD)
|
|
{
|
|
char szTempBuffer[10+1]; // 0xFFFFFFFF == 4294967295 (10 characters) + 1 for the \0
|
|
|
|
if (!ReadString(szTempBuffer, 10+1))
|
|
return false;
|
|
|
|
// Convert it... baby...
|
|
*lpDWORD = atoi(szTempBuffer);
|
|
|
|
return true;
|
|
}
|
|
|
|
bool CFileData::CopyCharIfRoom(DWORD iStringBufferSize, LPSTR szStringBuffer, LPDWORD piBytesCopied, bool *pfFinished)
|
|
{
|
|
if (iStringBufferSize)
|
|
{
|
|
// If we have room to copy the data... let's do it...
|
|
if (*piBytesCopied < iStringBufferSize)
|
|
{
|
|
szStringBuffer[(*piBytesCopied)++] = *(m_lpCurrentLocationInLINEBUFFER++);
|
|
} else
|
|
{
|
|
// No room... we're done.
|
|
*pfFinished = true;
|
|
}
|
|
} else
|
|
{
|
|
// Just advance the pointer... we have no buffer to copy to...
|
|
*(m_lpCurrentLocationInLINEBUFFER++);
|
|
}
|
|
|
|
return true;
|
|
}
|
|
|
|
bool CFileData::ResetBufferPointerToStart()
|
|
{
|
|
// Reset the Pointer with our line buffer to the start of this buffer
|
|
m_lpCurrentLocationInLINEBUFFER = m_szLINEBUFFER;
|
|
|
|
return true;
|
|
}
|
|
|
|
bool CFileData::EndOfFile()
|
|
{
|
|
//return (*m_lpCurrentFilePointer == '\0');
|
|
return (*m_lpCurrentLocationInLINEBUFFER == '\0');
|
|
}
|
|
|
|
bool CFileData::WriteFileTimeString(FILETIME ftFileTime)
|
|
{
|
|
enum {BUFFERSIZE = 128};
|
|
|
|
TCHAR tszBuffer[BUFFERSIZE];
|
|
FILETIME ftLocalFileTime;
|
|
SYSTEMTIME lpSystemTime;
|
|
int cch = 0;
|
|
|
|
// Let's convert this to a local file time first...
|
|
if (!FileTimeToLocalFileTime(&ftFileTime, &ftLocalFileTime))
|
|
return false;
|
|
|
|
FileTimeToSystemTime( &ftLocalFileTime, &lpSystemTime );
|
|
|
|
|
|
cch = GetDateFormat( LOCALE_USER_DEFAULT,
|
|
0,
|
|
&lpSystemTime,
|
|
TEXT("MMMM d',' yyyy"),
|
|
tszBuffer,
|
|
BUFFERSIZE );
|
|
|
|
if (!cch)
|
|
return false;
|
|
|
|
tszBuffer[cch-1] = TEXT(' ');
|
|
|
|
//
|
|
// Get time and format to characters
|
|
//
|
|
|
|
GetTimeFormat( LOCALE_USER_DEFAULT,
|
|
0,
|
|
&lpSystemTime, // use current time
|
|
NULL, // use default format
|
|
tszBuffer + cch,
|
|
BUFFERSIZE - cch );
|
|
|
|
|
|
// <Full Month Name> <day>, <Year with Century> <Hour>:<Minute>:<Second>
|
|
//_tcsftime(tszBuffer, BUFFERSIZE, TEXT("%B %d, %Y %H:%M:%S"), localtime(&Time));
|
|
//_tcsftime(tszBuffer, BUFFERSIZE, TEXT("%c"), localtime(&Time));
|
|
|
|
if (!WriteString(tszBuffer, true))
|
|
return false;
|
|
|
|
return true;
|
|
}
|
|
|
|
// Exception Monitor prefers a MM/DD/YYYY HH:MM:SS format...
|
|
bool CFileData::WriteTimeDateString2(time_t Time)
|
|
{
|
|
enum {BUFFERSIZE = 128};
|
|
|
|
TCHAR tszBuffer[BUFFERSIZE];
|
|
|
|
// This top version seems to be better Y2K friendly as I spit out the full year...
|
|
_tcsftime(tszBuffer, BUFFERSIZE, TEXT("%m/%d/%Y %H:%M:%S"), localtime(&Time));
|
|
//_tcsftime(tszBuffer, BUFFERSIZE, TEXT("%c"), localtime(&Time));
|
|
|
|
if (!WriteString(tszBuffer, true))
|
|
return false;
|
|
|
|
return true;
|
|
}
|
|
|
|
// Exception Monitor prefers a MM/DD/YYYY HH:MM:SS format...
|
|
bool CFileData::WriteFileTimeString2(FILETIME ftFileTime)
|
|
{
|
|
enum {BUFFERSIZE = 128};
|
|
|
|
TCHAR tszBuffer[BUFFERSIZE];
|
|
FILETIME ftLocalFileTime;
|
|
SYSTEMTIME lpSystemTime;
|
|
int cch = 0;
|
|
|
|
// Let's convert this to a local file time first...
|
|
if (!FileTimeToLocalFileTime(&ftFileTime, &ftLocalFileTime))
|
|
return false;
|
|
|
|
FileTimeToSystemTime( &ftLocalFileTime, &lpSystemTime );
|
|
|
|
|
|
cch = GetDateFormat( LOCALE_USER_DEFAULT,
|
|
0,
|
|
&lpSystemTime,
|
|
TEXT("MM/dd/yyyy"),
|
|
tszBuffer,
|
|
BUFFERSIZE );
|
|
|
|
if (!cch)
|
|
return false;
|
|
|
|
tszBuffer[cch-1] = TEXT(' ');
|
|
|
|
//
|
|
// Get time and format to characters
|
|
//
|
|
|
|
GetTimeFormat( LOCALE_USER_DEFAULT,
|
|
0,
|
|
&lpSystemTime, // use current time
|
|
TEXT("HH:mm:ss"), // use default format
|
|
tszBuffer + cch,
|
|
BUFFERSIZE - cch );
|
|
|
|
if (!WriteString(tszBuffer, true))
|
|
return false;
|
|
|
|
return true;
|
|
}
|
|
|
|
//#endif
|