Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

891 lines
21 KiB

//+-------------------------------------------------------------------------
//
// Microsoft Windows
//
// Copyright (C) Microsoft Corporation, 1999 - 2000
//
// File: filedata.cpp
//
//--------------------------------------------------------------------------
// FileData.cpp: implementation of the CFileData class.
//
//////////////////////////////////////////////////////////////////////
#ifndef NO_STRICT
#ifndef STRICT
#define STRICT 1
#endif
#endif /* NO_STRICT */
#include <WINDOWS.H>
#include <string.h>
#include <stdlib.h>
#include <stdio.h>
#include <wtypes.h>
#include <winnt.h>
#include <time.h>
#include "FileData.h"
#include "Globals.h"
#include "Version.h"
#include "Processes.h"
#include "ProcessInfo.h"
#include "Modules.h"
#include "UtilityFunctions.h"
//////////////////////////////////////////////////////////////////////
// Construction/Destruction
//////////////////////////////////////////////////////////////////////
CFileData::CFileData()
{
m_dwGetLastError = 0;
m_hFileHandle = INVALID_HANDLE_VALUE;
m_tszFilePath = NULL;
m_szLINEBUFFER[0] = 0;
m_hFileMappingObject = NULL;
m_lpBaseAddress = NULL;
m_lpCurrentFilePointer = NULL;
m_lpCurrentLocationInLINEBUFFER = NULL;
}
CFileData::~CFileData()
{
if (m_tszFilePath)
delete [] m_tszFilePath;
if (m_lpBaseAddress)
UnmapViewOfFile(m_lpBaseAddress);
if (m_hFileMappingObject)
CloseHandle(m_hFileMappingObject);
}
bool CFileData::SetFilePath(LPTSTR tszFilePath)
{
// Did we get a proper string?
if (!tszFilePath)
return false;
if (m_tszFilePath)
delete [] m_tszFilePath;
m_tszFilePath = new TCHAR[(_tcsclen(tszFilePath)+1)];
if (!m_tszFilePath)
return false;
_tcscpy(m_tszFilePath, tszFilePath);
return true;
}
LPTSTR CFileData::GetFilePath()
{
return m_tszFilePath;
}
bool CFileData::VerifyFileDirectory()
{
if (!m_tszFilePath)
return false;
TCHAR tszDrive[_MAX_DRIVE];
TCHAR tszDirectory[_MAX_DIR];
TCHAR tszDirectoryPath[_MAX_PATH];
// Get just the directory...
_tsplitpath(m_tszFilePath, tszDrive, tszDirectory, NULL, NULL);
// Now, recompose this into a directory path...
_tcscpy(tszDirectoryPath, tszDrive);
_tcscat(tszDirectoryPath, tszDirectory);
_tcscat(tszDirectoryPath, TEXT("*.*"));
WIN32_FIND_DATA FindFileData;
HANDLE hDirectoryHandle = FindFirstFile(tszDirectoryPath, &FindFileData);
if (hDirectoryHandle == INVALID_HANDLE_VALUE)
{
// Failure to find the directory...
SetLastError();
return false;
}
// Close this now that we're done...
FindClose(hDirectoryHandle);
return true;
}
/*
DWORD CFileData::GetLastError()
{
return m_dwGetLastError;
}
*/
bool CFileData::OpenFile(DWORD dwCreateOption, bool fReadOnlyMode)
{
if (!m_tszFilePath)
{
return false;
}
// Open the file for read/write
m_hFileHandle = CreateFile(m_tszFilePath,
fReadOnlyMode ? ( GENERIC_READ )
: ( GENERIC_READ | GENERIC_WRITE ),
0, // Not shareable
NULL, // Default security descriptor
dwCreateOption,
FILE_ATTRIBUTE_NORMAL,
NULL);
if (m_hFileHandle == INVALID_HANDLE_VALUE)
{
SetLastError();
return false;
}
return true;
}
bool CFileData::CloseFile()
{
if (m_hFileHandle == INVALID_HANDLE_VALUE)
{
return false;
}
if (!CloseHandle(m_hFileHandle))
{
SetLastError();
return false;
}
m_hFileHandle = INVALID_HANDLE_VALUE;
return true;
}
bool CFileData::WriteString(LPTSTR tszString, bool fHandleQuotes /* = false */)
{
DWORD dwByteCount = 0;
DWORD dwBytesWritten;
LPSTR szStringBuffer = NULL; // Pointer to the ANSI string (after conversion if necessary)
bool fReturn = false;
if (m_hFileHandle == INVALID_HANDLE_VALUE)
{
goto cleanup;
}
// We'll first convert the string if we need to...
szStringBuffer = CUtilityFunctions::CopyTSTRStringToAnsi(tszString);
if (!szStringBuffer)
goto cleanup;
dwByteCount = _tcsclen(tszString); // This is the number of characters (not bytes!)
// See if we were asked to handle quotes, and if there exists a comma or quote in the string
if ( fHandleQuotes == true && ((strchr(szStringBuffer, ',') || strchr(szStringBuffer, '"' ))) )
{
unsigned int iQuotedStringIndex = 0;
unsigned int iStringBufferIndex = 0;
// Special processing is required... this doesn't happen often, so this
// allocation which I'm about to make won't be done regularly...
LPSTR szQuotedStringBuffer = new char[1024];
// Did we successfully allocate storage?
if (!szQuotedStringBuffer)
goto cleanup;
// Keep going until we're at the end of the string...
// We start by adding a quote (since we know that we have a comma or quote somewhere...
szQuotedStringBuffer[iQuotedStringIndex++] = '\"';
// Keep going until the end of the string...
while (szStringBuffer[iStringBufferIndex] != '\0')
{
// We found a quote
if (szStringBuffer[iStringBufferIndex] == '"')
{
// We found a quote... I'll copy another quote in, and the quote already here
// will ensure we have two quotes together "" which in a CSV file represents a
// single quote...
szQuotedStringBuffer[iQuotedStringIndex++] = '\"';
}
// Copy the source char to the dest...
szQuotedStringBuffer[iQuotedStringIndex++] = szStringBuffer[iStringBufferIndex++];
}
// Append the final quote (and \0)...
szQuotedStringBuffer[iQuotedStringIndex++] = '\"';
szQuotedStringBuffer[iQuotedStringIndex++] = '\0';
// Just write out the data the nice, fast way...
if (!WriteFile(m_hFileHandle, szQuotedStringBuffer, strlen(szQuotedStringBuffer), &dwBytesWritten, NULL))
{
delete [] szQuotedStringBuffer;
goto cleanup;
}
delete [] szQuotedStringBuffer;
} else
{
// Just write out the data the nice, fast way...
if (!WriteFile(m_hFileHandle, szStringBuffer, dwByteCount, &dwBytesWritten, NULL))
{
goto cleanup;
}
}
fReturn = true;
cleanup:
if (szStringBuffer)
delete [] szStringBuffer;
return fReturn;
}
bool CFileData::WriteDWORD(DWORD dwNumber)
{
TCHAR tszBuffer[10+1]; // 0xFFFFFFFF == 4294967295 (10 characters) + 1 for the \0
_stprintf(tszBuffer, TEXT("%u"), dwNumber);
if (!WriteString(tszBuffer))
return false;
return true;
}
bool CFileData::WriteTimeDateString(time_t Time)
{
enum {BUFFERSIZE = 128};
TCHAR tszBuffer[BUFFERSIZE];
struct tm * localTime = localtime(&Time);
if (localTime)
{
// This top version seems to be better Y2K friendly as I spit out the full year...
_tcsftime(tszBuffer, BUFFERSIZE, TEXT("%B %d, %Y %H:%M:%S"), localTime);
//_tcsftime(tszBuffer, BUFFERSIZE, TEXT("%c"), localtime(&Time));
if (!WriteString(tszBuffer, true))
return false;
} else
{ // A bad TimeDate stamp was provided
if (!WriteString(TEXT("<INVALID DATE>"), true))
return false;
}
return true;
}
bool CFileData::WriteFileHeader()
{
enum {BUFFERSIZE = 128};
TCHAR tszBuffer[BUFFERSIZE];
DWORD dwNum = BUFFERSIZE;
// Write the Checksym version info...
_stprintf(tszBuffer, TEXT("CHECKSYM, (%d.%d:%d.%d)\r\n"), VERSION_FILEVERSION);
if (!WriteString(tszBuffer))
return false;
// Write the current date/time info...
if (!WriteString(TEXT("Created:,")))
return false;
time_t Time;
time(&Time);
if (!WriteTimeDateString(Time))
return false;
// Write the carriage-return line-feed combo...
if (!WriteString(TEXT("\r\n")))
return false;
// Spit out the computername
if (!GetComputerName(tszBuffer, &dwNum))
return false;
if (!WriteString(TEXT("Computer:,")))
return false;
if (!WriteString(tszBuffer))
return false;
// Write the carriage-return line-feed combo... (a couple of times)...
if (!WriteString(TEXT("\r\n")))
return false;
return true;
}
void CFileData::PrintLastError()
{
CUtilityFunctions::PrintMessageString(GetLastError());
}
bool CFileData::CreateFileMapping()
{
m_hFileMappingObject = ::CreateFileMapping(m_hFileHandle,
NULL,
PAGE_READONLY | SEC_COMMIT,
0,
0,
NULL);
if (m_hFileMappingObject == NULL)
{
SetLastError();
return false;
}
// Okay, we'll map the view as well...
m_lpBaseAddress = MapViewOfFile(m_hFileMappingObject,
FILE_MAP_READ,
0,
0,
0);
if (m_lpBaseAddress == NULL)
{
SetLastError();
return false;
}
m_lpCurrentFilePointer = (LPSTR) m_lpBaseAddress;
return true;
}
bool CFileData::ReadFileHeader()
{
// For starters, let's read a line...
if (!ReadFileLine())
return false;
enum { BUFFER_SIZE = 128};
char szTemporaryBuffer[BUFFER_SIZE];
DWORD cbBytesRead;
cbBytesRead = ReadString(szTemporaryBuffer, BUFFER_SIZE);
// We gotta read something?
if (0 == cbBytesRead)
return false;
// Look for our "Magic" Value
if (_stricmp(szTemporaryBuffer, "CHECKSYM"))
{
_tprintf(TEXT("Error: Input file has invalid header. Missing CHECKSYM keyword!\n"));
return false;
}
// Read version number
// We'll do this later if needed...
// Read Created Time
if (!ReadFileLine())
return false;
// Read Computer this was created on
if (!ReadFileLine())
return false;
return true;
}
bool CFileData::ReadFileLine()
{
// We're ansi oriented (since this is a CSV file -- in case you were wondering)
size_t pos;
// Find the first \r or \n character (if we're point to \0, we'll figure that out)
pos = strcspn(m_lpCurrentFilePointer, "\r\n");
// Hmm... we don't read a line that starts on \r\n very well...
if (pos == 0)
{
m_szLINEBUFFER[0] = '\0';
ResetBufferPointerToStart();
return false;
}
// Read the line into our buffer
strncpy(m_szLINEBUFFER, m_lpCurrentFilePointer, pos);
// Null terminate for ease of use...
m_szLINEBUFFER[pos] = '\0';
ResetBufferPointerToStart();
// Advance the current file pointer to just beyond the last character we read...
// This should advance to the \r\n or \0
m_lpCurrentFilePointer += pos;
// We want this file pointer to advance beyond any \r \n chars we may have found...
while (*m_lpCurrentFilePointer)
{
// Advance pointer to non- \r or \n
if ( (*m_lpCurrentFilePointer == '\r') ||
(*m_lpCurrentFilePointer == '\n') )
{
m_lpCurrentFilePointer++;
}
else
{
break; // Found either the \0 or something else...
}
}
return true;
}
DWORD CFileData::ReadString(LPSTR szStringBuffer, DWORD iStringBufferSize)
{
// If we give a buffer size, we have to give a buffer...
if ( szStringBuffer == NULL && iStringBufferSize )
return 0;
// The ReadFileLine() call puts us at the start of a line (after
// the \r \n combinations... It's possible that we're at the
// end...
// If we're pointing to the end of the file, let's bail...
if (*m_lpCurrentLocationInLINEBUFFER == '\0')
return 0;
DWORD iBytesCopied = 0;
bool fFinished = false;
bool fFoundSeparatorChars = false; // These might be '\r', '\n', or ','
bool fQuoteMode = false;
while (!fFinished)
{
switch (*m_lpCurrentLocationInLINEBUFFER)
{
case '"':
// Okay, we found a quote... that's cool.. but are we quoting a quote,
// or... are we in quote mode?
// Probe ahead... is the next char a '"' also?
if ( *(m_lpCurrentLocationInLINEBUFFER+1) == '"')
{
// Yes it is... so go ahead and copy the quote
CopyCharIfRoom(iStringBufferSize, szStringBuffer, &iBytesCopied, &fFinished);
if (!fFinished)
*(m_lpCurrentLocationInLINEBUFFER++); // Skip the quote
}
else
{
*(m_lpCurrentLocationInLINEBUFFER++);
fQuoteMode = !fQuoteMode; // Toggle the quote mode...
continue;
}
case '\0':
fFinished = true;
break;
case ',':
if (!fQuoteMode)
{ // If we're not in quote mode, then this marks the end of a field...
fFinished = true;
fFoundSeparatorChars = true;
*(m_lpCurrentLocationInLINEBUFFER++);
}
else
{
// Okay, this marks a new character that happens to be a comma...
CopyCharIfRoom(iStringBufferSize, szStringBuffer, &iBytesCopied, &fFinished);
}
break;
case '\r':
case '\n':
// We note that we found these, and simply advance the pointer...
fFoundSeparatorChars = true;
*(m_lpCurrentLocationInLINEBUFFER++);
break;
default:
if (fFoundSeparatorChars)
{
// We were scanning... found a separator after some data... so we bail
fFinished = true;
break;
}
CopyCharIfRoom(iStringBufferSize, szStringBuffer, &iBytesCopied, &fFinished);
}
}
if (iStringBufferSize) // We only NULL terminate a buffer if one was provided...
szStringBuffer[iBytesCopied] = '\0'; // Null terminate this puppy...
return iBytesCopied;
}
//
// This function is responsible for reading through the CSV file and creating any necessary
// objects and populating them with data...
//
bool CFileData::DispatchCollectionObject(CProcesses ** lplpProcesses, CProcessInfo ** lplpProcess, CModules ** lplpModules, CModules ** lplpKernelModeDrivers, CModuleInfoCache * lpModuleInfoCache, CFileData * lpOutputFile)
{
enum { BUFFER_SIZE = 128};
char szTemporaryBuffer[BUFFER_SIZE];
TCHAR tszTemporaryBuffer[BUFFER_SIZE];
DWORD cbBytesRead;
bool fContinueReading = true;
// Read the Output Type
if (!ReadFileLine())
return false;
while (fContinueReading)
{
// If this is the second iteration (or more) we may not be at the
// start of our buffer (causing the read of the output type to fail)
ResetBufferPointerToStart();
// Read the Output Type line...
cbBytesRead = ReadString(szTemporaryBuffer, BUFFER_SIZE);
// We gotta read something?
if (0 == cbBytesRead)
return true;
// I hate to do this... but we read this stuff as ASCII... may need to
// convert to a TCHAR format to be neutral...
CUtilityFunctions::CopyAnsiStringToTSTR(szTemporaryBuffer, tszTemporaryBuffer, cbBytesRead+1);
// Printout the section we're attempting to read...
if (!g_lpProgramOptions->GetMode(CProgramOptions::QuietMode))
_tprintf(TEXT(" Reading %s data...\n"), tszTemporaryBuffer);
if ( _tcsicmp(g_tszCollectionArray[Processes].tszCSVLabel, tszTemporaryBuffer) == 0 )
{
/*
[PROCESSES]
*/
// Read to the end of the line
if (!ReadFileLine())
return false;
// Yup, it is... let's create a Processes Object
if (*lplpProcesses == NULL)
{
// Allocate a structure for our Processes Object.
*lplpProcesses = new CProcesses();
if (!*lplpProcesses)
{
_tprintf(TEXT("Unable to allocate memory for the processes object!\n"));
goto cleanup;
}
// The Processes Object will init differently depending on what
// Command-Line arguments have been provided...
if (!(*lplpProcesses)->Initialize(lpModuleInfoCache, this, lpOutputFile))
{
_tprintf(TEXT("Unable to initialize Processes Object!\n"));
goto cleanup;
}
}
// Okay, go get the Process Data...
(*lplpProcesses)->GetProcessesData();
} else
if ( _tcsicmp(g_tszCollectionArray[Process].tszCSVLabel, tszTemporaryBuffer) == 0 )
{
/*
[PROCESS]
*/
// Read to the end of the line
if (!ReadFileLine())
return false;
// Yup, it is... let's create a ProcessInfo Object
if (*lplpProcess== NULL)
{
// Allocate a structure for our ProcessInfo Object.
*lplpProcess = new CProcessInfo();
if (!*lplpProcess)
{
_tprintf(TEXT("Unable to allocate memory for the processinfo object!\n"));
goto cleanup;
}
// The Modules Object will init differently depending on what
// Command-Line arguments have been provided...
if (!(*lplpProcess)->Initialize(lpModuleInfoCache, this, lpOutputFile, NULL))
{
_tprintf(TEXT("Unable to initialize Modules Object!\n"));
goto cleanup;
}
}
// Okay, go get the Process Data
(*lplpProcess)->GetProcessData();
} else
if ( _tcsicmp(g_tszCollectionArray[Modules].tszCSVLabel, tszTemporaryBuffer) == 0 )
{
/*
[MODULES]
*/
// Read to the end of the line
if (!ReadFileLine())
return false;
// Yup, it is... let's create a Modules Object
if (*lplpModules == NULL)
{
// Allocate a structure for our Modules Object.
*lplpModules = new CModules();
if (!*lplpModules)
{
_tprintf(TEXT("Unable to allocate memory for the modules object!\n"));
goto cleanup;
}
// The Modules Object will init differently depending on what
// Command-Line arguments have been provided...
if (!(*lplpModules)->Initialize(lpModuleInfoCache, this, lpOutputFile, NULL))
{
_tprintf(TEXT("Unable to initialize Modules Object!\n"));
goto cleanup;
}
}
// Okay, go get the Modules Data (collected from the filesystem)
(*lplpModules)->GetModulesData(CProgramOptions::InputModulesDataFromFileSystemMode, true);
} else
if ( _tcsicmp(g_tszCollectionArray[KernelModeDrivers].tszCSVLabel, tszTemporaryBuffer) == 0 )
{
/*
[KERNEL-MODE DRIVERS]
*/
// Read to the end of the line
if (!ReadFileLine())
return false;
// Yup, it is... let's create a Modules Object
if (*lplpKernelModeDrivers == NULL)
{
// Allocate a structure for our Modules Object.
*lplpKernelModeDrivers = new CModules();
if (!*lplpKernelModeDrivers)
{
_tprintf(TEXT("Unable to allocate memory for the modules object!\n"));
goto cleanup;
}
// The Modules Object will init differently depending on what
// Command-Line arguments have been provided...
if (!(*lplpKernelModeDrivers)->Initialize(lpModuleInfoCache, this, lpOutputFile, NULL))
{
_tprintf(TEXT("Unable to initialize Modules Object!\n"));
goto cleanup;
}
}
// Okay, go get the Modules Data (collected from the filesystem)
(*lplpKernelModeDrivers)->GetModulesData(CProgramOptions::InputDriversFromLiveSystemMode, true);
} else
{
_tprintf(TEXT("Unrecognized section %s found!\n"), tszTemporaryBuffer);
return false;
}
}
cleanup:
return false;
}
bool CFileData::ReadDWORD(LPDWORD lpDWORD)
{
char szTempBuffer[10+1]; // 0xFFFFFFFF == 4294967295 (10 characters) + 1 for the \0
if (!ReadString(szTempBuffer, 10+1))
return false;
// Convert it... baby...
*lpDWORD = atoi(szTempBuffer);
return true;
}
bool CFileData::CopyCharIfRoom(DWORD iStringBufferSize, LPSTR szStringBuffer, LPDWORD piBytesCopied, bool *pfFinished)
{
if (iStringBufferSize)
{
// If we have room to copy the data... let's do it...
if (*piBytesCopied < iStringBufferSize)
{
szStringBuffer[(*piBytesCopied)++] = *(m_lpCurrentLocationInLINEBUFFER++);
} else
{
// No room... we're done.
*pfFinished = true;
}
} else
{
// Just advance the pointer... we have no buffer to copy to...
*(m_lpCurrentLocationInLINEBUFFER++);
}
return true;
}
bool CFileData::ResetBufferPointerToStart()
{
// Reset the Pointer with our line buffer to the start of this buffer
m_lpCurrentLocationInLINEBUFFER = m_szLINEBUFFER;
return true;
}
bool CFileData::EndOfFile()
{
//return (*m_lpCurrentFilePointer == '\0');
return (*m_lpCurrentLocationInLINEBUFFER == '\0');
}
bool CFileData::WriteFileTimeString(FILETIME ftFileTime)
{
enum {BUFFERSIZE = 128};
TCHAR tszBuffer[BUFFERSIZE];
FILETIME ftLocalFileTime;
SYSTEMTIME lpSystemTime;
int cch = 0;
// Let's convert this to a local file time first...
if (!FileTimeToLocalFileTime(&ftFileTime, &ftLocalFileTime))
return false;
FileTimeToSystemTime( &ftLocalFileTime, &lpSystemTime );
cch = GetDateFormat( LOCALE_USER_DEFAULT,
0,
&lpSystemTime,
TEXT("MMMM d',' yyyy"),
tszBuffer,
BUFFERSIZE );
if (!cch)
return false;
tszBuffer[cch-1] = TEXT(' ');
//
// Get time and format to characters
//
GetTimeFormat( LOCALE_USER_DEFAULT,
0,
&lpSystemTime, // use current time
NULL, // use default format
tszBuffer + cch,
BUFFERSIZE - cch );
// <Full Month Name> <day>, <Year with Century> <Hour>:<Minute>:<Second>
//_tcsftime(tszBuffer, BUFFERSIZE, TEXT("%B %d, %Y %H:%M:%S"), localtime(&Time));
//_tcsftime(tszBuffer, BUFFERSIZE, TEXT("%c"), localtime(&Time));
if (!WriteString(tszBuffer, true))
return false;
return true;
}
// Exception Monitor prefers a MM/DD/YYYY HH:MM:SS format...
bool CFileData::WriteTimeDateString2(time_t Time)
{
enum {BUFFERSIZE = 128};
TCHAR tszBuffer[BUFFERSIZE];
// This top version seems to be better Y2K friendly as I spit out the full year...
_tcsftime(tszBuffer, BUFFERSIZE, TEXT("%m/%d/%Y %H:%M:%S"), localtime(&Time));
//_tcsftime(tszBuffer, BUFFERSIZE, TEXT("%c"), localtime(&Time));
if (!WriteString(tszBuffer, true))
return false;
return true;
}
// Exception Monitor prefers a MM/DD/YYYY HH:MM:SS format...
bool CFileData::WriteFileTimeString2(FILETIME ftFileTime)
{
enum {BUFFERSIZE = 128};
TCHAR tszBuffer[BUFFERSIZE];
FILETIME ftLocalFileTime;
SYSTEMTIME lpSystemTime;
int cch = 0;
// Let's convert this to a local file time first...
if (!FileTimeToLocalFileTime(&ftFileTime, &ftLocalFileTime))
return false;
FileTimeToSystemTime( &ftLocalFileTime, &lpSystemTime );
cch = GetDateFormat( LOCALE_USER_DEFAULT,
0,
&lpSystemTime,
TEXT("MM/dd/yyyy"),
tszBuffer,
BUFFERSIZE );
if (!cch)
return false;
tszBuffer[cch-1] = TEXT(' ');
//
// Get time and format to characters
//
GetTimeFormat( LOCALE_USER_DEFAULT,
0,
&lpSystemTime, // use current time
TEXT("HH:mm:ss"), // use default format
tszBuffer + cch,
BUFFERSIZE - cch );
if (!WriteString(tszBuffer, true))
return false;
return true;
}
//#endif