mirror of https://github.com/tongzx/nt5src
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
686 lines
19 KiB
686 lines
19 KiB
//+-------------------------------------------------------------------------
|
|
//
|
|
// Microsoft Windows
|
|
//
|
|
// Copyright (C) Microsoft Corporation, 1999 - 2000
|
|
//
|
|
// File: modules.cpp
|
|
//
|
|
//--------------------------------------------------------------------------
|
|
|
|
// Modules.cpp: implementation of the CModules class.
|
|
//
|
|
//////////////////////////////////////////////////////////////////////
|
|
|
|
#ifndef NO_STRICT
|
|
#ifndef STRICT
|
|
#define STRICT 1
|
|
#endif
|
|
#endif /* NO_STRICT */
|
|
|
|
#include <WINDOWS.H>
|
|
#include <STDIO.H>
|
|
#include <TCHAR.H>
|
|
|
|
#include "Globals.h"
|
|
#include "Modules.h"
|
|
#include "ProgramOptions.h"
|
|
#include "UtilityFunctions.h"
|
|
#include "ModuleInfo.h"
|
|
#include "ModuleInfoNode.h"
|
|
#include "ModuleInfoCache.h"
|
|
#include "FileData.h"
|
|
|
|
//////////////////////////////////////////////////////////////////////
|
|
// Construction/Destruction
|
|
//////////////////////////////////////////////////////////////////////
|
|
|
|
CModules::CModules()
|
|
{
|
|
m_lpModuleInfoHead = NULL;
|
|
m_hModuleInfoHeadMutex = NULL;
|
|
m_lpDmpFile = NULL;
|
|
|
|
m_fInitialized = false;
|
|
m_iNumberOfModules = 0;
|
|
}
|
|
|
|
CModules::~CModules()
|
|
{
|
|
WaitForSingleObject(m_hModuleInfoHeadMutex, INFINITE);
|
|
|
|
// If we have Module Info Objects... nuke them now...
|
|
if (m_lpModuleInfoHead)
|
|
{
|
|
|
|
CModuleInfoNode * lpModuleInfoNodePointer = m_lpModuleInfoHead;
|
|
CModuleInfoNode * lpModuleInfoNodePointerToDelete = m_lpModuleInfoHead;
|
|
|
|
// Traverse the linked list to the end..
|
|
while (lpModuleInfoNodePointer)
|
|
{ // Keep looking for the end...
|
|
// Advance our pointer to the next node...
|
|
lpModuleInfoNodePointer = lpModuleInfoNodePointer->m_lpNextModuleInfoNode;
|
|
|
|
// Delete the one behind us...
|
|
delete lpModuleInfoNodePointerToDelete;
|
|
|
|
// Set the node to delete to the current...
|
|
lpModuleInfoNodePointerToDelete = lpModuleInfoNodePointer;
|
|
}
|
|
|
|
// Now, clear out the Head pointer...
|
|
m_lpModuleInfoHead = NULL;
|
|
}
|
|
|
|
// Be a good citizen and release the Mutex
|
|
ReleaseMutex(m_hModuleInfoHeadMutex);
|
|
|
|
// Now, close the Mutex
|
|
if (m_hModuleInfoHeadMutex)
|
|
{
|
|
CloseHandle(m_hModuleInfoHeadMutex);
|
|
m_hModuleInfoHeadMutex = NULL;
|
|
}
|
|
}
|
|
|
|
bool CModules::Initialize(CModuleInfoCache *lpModuleInfoCache, CFileData * lpInputFile, CFileData * lpOutputFile, CDmpFile * lpDmpFile)
|
|
{
|
|
// We need the following objects to do business...
|
|
if ( lpModuleInfoCache == NULL)
|
|
return false;
|
|
|
|
m_lpModuleInfoCache = lpModuleInfoCache;
|
|
m_lpInputFile = lpInputFile;
|
|
m_lpOutputFile = lpOutputFile;
|
|
m_lpDmpFile = lpDmpFile;
|
|
|
|
m_hModuleInfoHeadMutex = CreateMutex(NULL, FALSE, NULL);
|
|
|
|
if (m_hModuleInfoHeadMutex == NULL)
|
|
return false;
|
|
|
|
m_fInitialized = true;
|
|
return true;
|
|
}
|
|
|
|
bool CModules::GetModulesData(CProgramOptions::ProgramModes enumProgramModes, bool fGetDataFromCSVFile)
|
|
{
|
|
switch (enumProgramModes)
|
|
{
|
|
case CProgramOptions::InputModulesDataFromFileSystemMode:
|
|
|
|
if (fGetDataFromCSVFile)
|
|
{
|
|
GetModulesDataFromFile();
|
|
} else
|
|
{
|
|
GetModulesDataFromFileSystem();
|
|
}
|
|
break;
|
|
|
|
case CProgramOptions::InputDriversFromLiveSystemMode:
|
|
|
|
if (fGetDataFromCSVFile)
|
|
{
|
|
GetModulesDataFromFile(); // ISSUE-2000/07/24-GREGWI: I think we can use the same method as above ????
|
|
} else
|
|
{
|
|
GetModulesDataFromDeviceDrivers();
|
|
}
|
|
break;
|
|
|
|
default:
|
|
break;
|
|
}
|
|
|
|
return true;
|
|
}
|
|
|
|
bool CModules::GetModulesDataFromFileSystem()
|
|
{
|
|
bool fProcessPath = true;
|
|
|
|
// Okay... here we go...
|
|
//#ifdef _DEBUG
|
|
// _tprintf(TEXT("Processing the path [%s]\n"), m_lpProgramOptions->GetInputModulesDataFromFileSystemPath());
|
|
//#endif
|
|
|
|
LPTSTR tszExpandedSymbolPath= NULL, tszSymbolPathStart, tszSymbolPathEnd;
|
|
|
|
// Mark the start of the path to process
|
|
tszSymbolPathStart = g_lpProgramOptions->GetInputModulesDataFromFileSystemPath();
|
|
|
|
// Find the end of the path
|
|
tszSymbolPathEnd = _tcschr( tszSymbolPathStart, ';' );
|
|
|
|
// If tszSymbolPathEnd is non-zero, then there is another path following...
|
|
if (tszSymbolPathEnd)
|
|
*tszSymbolPathEnd = '\0'; // Change the ';' to a Null temporarily...
|
|
|
|
while (fProcessPath)
|
|
{
|
|
//#ifdef _DEBUG
|
|
// _tprintf(TEXT("\n\nProcessing Path [%s]\n"), tszSymbolPathStart);
|
|
//#endif
|
|
|
|
// Begin the "madness"... ;)
|
|
ScavengeForFiles(tszSymbolPathStart, 1);
|
|
|
|
// Post processing... replace the null if necessary, and advance to next string
|
|
if (tszSymbolPathEnd)
|
|
{
|
|
*tszSymbolPathEnd = ';';
|
|
tszSymbolPathStart = tszSymbolPathEnd + 1;
|
|
|
|
tszSymbolPathEnd = _tcschr( tszSymbolPathStart, ';' );
|
|
|
|
if (tszSymbolPathEnd) {
|
|
*tszSymbolPathEnd = '\0';
|
|
}
|
|
} else
|
|
fProcessPath = false;
|
|
}
|
|
|
|
if (tszExpandedSymbolPath)
|
|
{
|
|
delete [] tszExpandedSymbolPath;
|
|
}
|
|
return true;
|
|
}
|
|
|
|
bool CModules::ScavengeForFiles(LPCTSTR tszSymbolPathStart, int iRecurseDepth)
|
|
{
|
|
// Bale if we're in too deep...
|
|
if (iRecurseDepth > MAX_RECURSE_DEPTH)
|
|
return true;
|
|
|
|
TCHAR tszFileBuffer[MAX_PATH+1];
|
|
TCHAR drive[_MAX_DRIVE];
|
|
TCHAR dir[_MAX_DIR];
|
|
TCHAR fname[_MAX_FNAME];
|
|
TCHAR ext[_MAX_EXT];
|
|
bool fNew;
|
|
CModuleInfo * lpModuleInfo;
|
|
|
|
_tsplitpath(tszSymbolPathStart, drive, dir, fname, ext);
|
|
|
|
WIN32_FIND_DATA lpFindFileData;
|
|
|
|
HANDLE hFileOrDirectoryHandle = FindFirstFile(tszSymbolPathStart, &lpFindFileData);
|
|
|
|
while ( INVALID_HANDLE_VALUE != hFileOrDirectoryHandle )
|
|
{
|
|
// Compose the path to the file or directory...
|
|
_tmakepath(tszFileBuffer, drive, dir, NULL, NULL);
|
|
_tcscat(tszFileBuffer, lpFindFileData.cFileName);
|
|
|
|
if (lpFindFileData.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY)
|
|
{
|
|
// Check to see if we've got the . or .. directories!
|
|
if ( ( 0 == _tcscmp(lpFindFileData.cFileName, TEXT(".")) ) ||
|
|
( 0 == _tcscmp(lpFindFileData.cFileName, TEXT("..")) )
|
|
)
|
|
{
|
|
// Skip this one...
|
|
if (!FindNextFile(hFileOrDirectoryHandle, &lpFindFileData))
|
|
break;
|
|
|
|
// Go up for more fun...
|
|
continue;
|
|
}
|
|
|
|
//#ifdef _DEBUG
|
|
// _tprintf(TEXT("DIRECTORY FOUND: [%s]\n"), tszFileBuffer);
|
|
//#endif
|
|
// If this is a directory, and no wild card was provided.. then use *.*
|
|
if ( CUtilityFunctions::ContainsWildCardCharacter(tszSymbolPathStart) )
|
|
{
|
|
// We need to preserve the Wild Char stuff...
|
|
_tcscat(tszFileBuffer,TEXT("\\"));
|
|
_tcscat(tszFileBuffer,fname);
|
|
_tcscat(tszFileBuffer, ext);
|
|
} else
|
|
{
|
|
// Append the *.*
|
|
_tcscat(tszFileBuffer, TEXT("\\*.*"));
|
|
}
|
|
|
|
ScavengeForFiles(tszFileBuffer, iRecurseDepth+1);
|
|
|
|
} else
|
|
{
|
|
//#ifdef _DEBUG
|
|
// _tprintf(TEXT("FILE FOUND: [%s]\n"), tszFileBuffer);
|
|
//#endif
|
|
fNew = false;
|
|
|
|
TCHAR tszFullFileBuffer[_MAX_PATH+1];
|
|
LPTSTR tszFileNamePointer;
|
|
DWORD cbBytesCopied = GetFullPathName(tszFileBuffer , _MAX_PATH+1, tszFullFileBuffer, &tszFileNamePointer);
|
|
|
|
if (cbBytesCopied)
|
|
{
|
|
// If "-MATCH" was specified, look to see if this filename meets our criteria
|
|
// before we save this away in our module cache...
|
|
if (!g_lpProgramOptions->fDoesModuleMatchOurSearch(tszFileBuffer))
|
|
goto getnextmodule;
|
|
|
|
// Okay, let's go ahead and get a ModuleInfo Object from our cache...
|
|
// If pfNew returns TRUE, then this object is new and we'll need
|
|
// to populate it with data...
|
|
lpModuleInfo = m_lpModuleInfoCache->AddNewModuleInfoObject(tszFullFileBuffer, &fNew);
|
|
|
|
if (false == fNew)
|
|
{
|
|
// We may have the object in the cache... now we need to
|
|
// save a pointer to this object in our Process Info list
|
|
AddNewModuleInfoObject(lpModuleInfo); // Just do our best...
|
|
|
|
// We save having to get the module info again for this module...
|
|
goto getnextmodule;
|
|
}
|
|
|
|
// Not in the cache... so we need to init it, and get the module info...
|
|
|
|
// Okay, let's create a ModuleInfo object and pass this down
|
|
// routines that will populate it full of data...
|
|
if (lpModuleInfo->Initialize(NULL, m_lpOutputFile, NULL))
|
|
{
|
|
|
|
// Let's do it!! Populate the ModuleInfo object with data!!!!
|
|
if (lpModuleInfo->GetModuleInfo(tszFileBuffer))
|
|
{
|
|
// Start obtaining information about the modules...
|
|
/*
|
|
#ifdef _DEBUG
|
|
_tprintf(TEXT("Module[%3d] = [%s]\n"), i+1, szFileName);
|
|
#endif
|
|
*/
|
|
// We may have the object in the cache... now we need to
|
|
// save a pointer to this object in our Process Info list
|
|
if (AddNewModuleInfoObject(lpModuleInfo))
|
|
{
|
|
}
|
|
}
|
|
}
|
|
|
|
}
|
|
}
|
|
|
|
getnextmodule:
|
|
|
|
if (!FindNextFile(hFileOrDirectoryHandle, &lpFindFileData))
|
|
break;
|
|
}
|
|
|
|
if ( INVALID_HANDLE_VALUE != hFileOrDirectoryHandle )
|
|
FindClose(hFileOrDirectoryHandle);
|
|
|
|
return true;
|
|
}
|
|
|
|
bool CModules::AddNewModuleInfoObject(CModuleInfo *lpModuleInfo)
|
|
{
|
|
if (!m_fInitialized)
|
|
return false;
|
|
|
|
// First, create a ModuleInfoNode object and then attach it to the bottom of the
|
|
// linked list of nodes...
|
|
CModuleInfoNode * lpModuleInfoNode = new CModuleInfoNode(lpModuleInfo);
|
|
|
|
//#ifdef _DEBUG
|
|
// _tprintf(TEXT("Adding Module Info Object for [%s]\n"), lpModuleInfo->GetModulePath());
|
|
//#endif
|
|
|
|
if (lpModuleInfoNode == NULL)
|
|
return false; // Couldn't allocate memory..
|
|
|
|
// Acquire Mutex object to protect the linked-list...
|
|
WaitForSingleObject(m_hModuleInfoHeadMutex, INFINITE);
|
|
|
|
CModuleInfoNode * lpModuleInfoNodePointer = m_lpModuleInfoHead;
|
|
|
|
if (lpModuleInfoNodePointer) {
|
|
|
|
// Traverse the linked list to the end..
|
|
while (lpModuleInfoNodePointer->m_lpNextModuleInfoNode)
|
|
{ // Keep looking for the end...
|
|
lpModuleInfoNodePointer = lpModuleInfoNodePointer->m_lpNextModuleInfoNode;
|
|
}
|
|
|
|
lpModuleInfoNodePointer->m_lpNextModuleInfoNode = lpModuleInfoNode;
|
|
|
|
}
|
|
else
|
|
{ // First time through, the Process Info Head pointer is null...
|
|
m_lpModuleInfoHead = lpModuleInfoNode;
|
|
}
|
|
|
|
// Be a good citizen and release the Mutex
|
|
ReleaseMutex(m_hModuleInfoHeadMutex);
|
|
|
|
InterlockedIncrement(&m_iNumberOfModules);
|
|
|
|
return true;
|
|
}
|
|
|
|
//bool CModules::OutputModulesData(LPCTSTR tszOutputContext)
|
|
bool CModules::OutputModulesData(CollectionTypes enumCollectionType, bool fCSVFileContext)
|
|
{
|
|
// Are we in quiet mode?
|
|
if ( !g_lpProgramOptions->GetMode(CProgramOptions::QuietMode) )
|
|
{
|
|
// Output to Stdout?
|
|
if (!OutputModulesDataToStdout(enumCollectionType, fCSVFileContext))
|
|
return false;
|
|
}
|
|
|
|
// Output to file?
|
|
if (g_lpProgramOptions->GetMode(CProgramOptions::OutputCSVFileMode))
|
|
{
|
|
// Try and output to file...
|
|
if (!OutputModulesDataToFile(enumCollectionType))
|
|
return false;
|
|
}
|
|
|
|
if (m_lpModuleInfoHead) {
|
|
CModuleInfoNode * lpCurrentModuleInfoNode = m_lpModuleInfoHead;
|
|
|
|
DWORD dwModuleNumber = 1;
|
|
|
|
while (lpCurrentModuleInfoNode)
|
|
{
|
|
// We have a node... print out Module Info for it, then the Modules Data...
|
|
if (lpCurrentModuleInfoNode->m_lpModuleInfo)
|
|
{
|
|
lpCurrentModuleInfoNode->m_lpModuleInfo->OutputData(NULL, 0, dwModuleNumber);
|
|
dwModuleNumber++;
|
|
}
|
|
|
|
lpCurrentModuleInfoNode = lpCurrentModuleInfoNode->m_lpNextModuleInfoNode;
|
|
}
|
|
|
|
}
|
|
return true;
|
|
|
|
}
|
|
|
|
bool CModules::OutputModulesDataToStdout(CollectionTypes enumCollectionType, bool fCSVFileContext)
|
|
{
|
|
_tprintf(TEXT("\n"));
|
|
CUtilityFunctions::OutputLineOfStars();
|
|
|
|
// Output to stdout...
|
|
if (m_iNumberOfModules)
|
|
{
|
|
_tprintf(TEXT("%s - Printing Module Information for %d Modules.\n"), g_tszCollectionArray[enumCollectionType].tszCSVLabel, m_iNumberOfModules);
|
|
_tprintf(TEXT("%s - Context: %s\n"), g_tszCollectionArray[enumCollectionType].tszCSVLabel, fCSVFileContext ? g_tszCollectionArray[enumCollectionType].tszCSVContext : g_tszCollectionArray[enumCollectionType].tszLocalContext);
|
|
|
|
} else
|
|
{
|
|
_tprintf(TEXT("\n%s - No modules were found!\n\n"), g_tszCollectionArray[enumCollectionType].tszCSVLabel);
|
|
}
|
|
|
|
CUtilityFunctions::OutputLineOfStars();
|
|
_tprintf(TEXT("\n"));
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
bool CModules::OutputModulesDataToFile(CollectionTypes enumCollectionType)
|
|
{
|
|
// Don't write anything if there are no processes to report...
|
|
if (0 == m_iNumberOfModules)
|
|
return true;
|
|
|
|
// Write out the Modules tag so I can detect this output format...
|
|
if (!m_lpOutputFile->WriteString(TEXT("\r\n")) ||
|
|
!m_lpOutputFile->WriteString(g_tszCollectionArray[enumCollectionType].tszCSVLabel) ||
|
|
!m_lpOutputFile->WriteString(TEXT("\r\n"))
|
|
)
|
|
{
|
|
_tprintf(TEXT("Failure writing CSV header to file [%s]!"), m_lpOutputFile->GetFilePath());
|
|
m_lpOutputFile->PrintLastError();
|
|
return false;
|
|
}
|
|
|
|
// Write out the [Modules] header...
|
|
if (!m_lpOutputFile->WriteString(g_tszCollectionArray[enumCollectionType].tszCSVColumnHeaders))
|
|
{
|
|
_tprintf(TEXT("Failure writing CSV header to file [%s]!"), m_lpOutputFile->GetFilePath());
|
|
m_lpOutputFile->PrintLastError();
|
|
return false;
|
|
}
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
bool CModules::GetModulesDataFromFile()
|
|
{
|
|
CModuleInfo * lpModuleInfo;
|
|
|
|
// Read the Modules Header Line
|
|
if (!m_lpInputFile->ReadFileLine())
|
|
return false;
|
|
|
|
// I need these near the end when I probe to see if the next module
|
|
// is for this process...
|
|
enum { BUFFER_SIZE = 128};
|
|
|
|
// Unfortunately, when reading from the CSV file, the data is MBCS... so I need
|
|
// to convert...
|
|
|
|
// Read the first field (should be blank, unless this is a new collection type
|
|
if (m_lpInputFile->ReadString())
|
|
return true;
|
|
|
|
// Read the second field (should be blank)
|
|
if (m_lpInputFile->ReadString())
|
|
return true;
|
|
|
|
// Read the second field (should be blank)
|
|
if (m_lpInputFile->ReadString())
|
|
return true;
|
|
|
|
// Local buffer for reading data...
|
|
char szModulePath[_MAX_PATH+1];
|
|
TCHAR tszModulePath[_MAX_PATH+1];
|
|
bool fDone = false;
|
|
bool fNew = false;
|
|
|
|
while (!fDone)
|
|
{
|
|
// Read in the Module Path
|
|
if (!m_lpInputFile->ReadString(szModulePath, _MAX_PATH+1))
|
|
return true;
|
|
|
|
CUtilityFunctions::CopyAnsiStringToTSTR(szModulePath, tszModulePath, _MAX_PATH+1);
|
|
|
|
// If "-MATCH" was specified, look to see if this filename meets our criteria
|
|
// before we save this away in our module cache...
|
|
if (!g_lpProgramOptions->fDoesModuleMatchOurSearch(tszModulePath))
|
|
{
|
|
// Okay... read to the start of the next line...
|
|
if (!m_lpInputFile->ReadFileLine())
|
|
goto cleanup;
|
|
|
|
goto probe_line; // We save having to get the module info again for this module...
|
|
}
|
|
|
|
// Okay, let's go ahead and get a ModuleInfo Object from our cache...
|
|
// If pfNew returns TRUE, then this object is new and we'll need
|
|
// to populate it with data...
|
|
lpModuleInfo = m_lpModuleInfoCache->AddNewModuleInfoObject(tszModulePath, &fNew);
|
|
|
|
if (false == fNew)
|
|
{
|
|
// We may have the object in the cache... now we need to
|
|
// save a pointer to this object in our Process Info list
|
|
AddNewModuleInfoObject(lpModuleInfo); // Just do our best...
|
|
|
|
// Okay... read to the start of the next line...
|
|
if ( !m_lpInputFile->ReadFileLine() )
|
|
goto cleanup;
|
|
|
|
goto probe_line; // We save having to get the module info again for this module...
|
|
}
|
|
|
|
// Not in the cache... so we need to init it, and get the module info...
|
|
if (!lpModuleInfo->Initialize(m_lpInputFile, m_lpOutputFile, NULL))
|
|
{
|
|
return false; // Hmmm... memory error?
|
|
}
|
|
|
|
// Let's do it!! Populate the ModuleInfo object with data!!!!
|
|
if (!lpModuleInfo->GetModuleInfo(tszModulePath, false, 0, true))
|
|
{
|
|
// Well, we tried and failed...
|
|
return false;
|
|
}
|
|
|
|
// Start obtaining information about the modules...
|
|
if (!AddNewModuleInfoObject(lpModuleInfo))
|
|
{ // Failure adding the node.... This is pretty serious...
|
|
return false;
|
|
}
|
|
|
|
// Okay, let's go ahead and probe to see what's coming...
|
|
|
|
probe_line:
|
|
if ( m_lpInputFile->EndOfFile() )
|
|
goto cleanup;
|
|
|
|
// Read the first field (should be blank, unless this is a new collection type
|
|
if (m_lpInputFile->ReadString())
|
|
goto cleanup;
|
|
|
|
// Read the second field (should be blank)
|
|
if (m_lpInputFile->ReadString())
|
|
return true;
|
|
|
|
// Read the second field (should be blank)
|
|
if (m_lpInputFile->ReadString())
|
|
return true;
|
|
}
|
|
|
|
cleanup:
|
|
// We need to reset out pointer so the functions above us can re-read
|
|
// them (they expect to)...
|
|
m_lpInputFile->ResetBufferPointerToStart();
|
|
return true;
|
|
}
|
|
|
|
// We need to enumerate device drivers on this system
|
|
bool CModules::GetModulesDataFromDeviceDrivers()
|
|
{
|
|
LPVOID * lpImageBaseArray = NULL;
|
|
DWORD dwImageBaseArraySizeUsed, dwImageBaseArraySize, dwNumberOfDeviceDrivers, dwIndex;
|
|
TCHAR tszModulePath[_MAX_PATH];
|
|
CModuleInfo * lpModuleInfo = NULL;
|
|
bool fReturn = false, fNew = false;
|
|
|
|
// NOTE: In the documentation, the third parameter of
|
|
// EnumProcesses is named cbNeeded, which implies that you
|
|
// can call the function once to find out how much space to
|
|
// allocate for a buffer and again to fill the buffer.
|
|
// This is not the case. The cbNeeded parameter returns
|
|
// the number of PIDs returned, so if your buffer size is
|
|
// zero cbNeeded returns zero.
|
|
|
|
dwImageBaseArraySize = 256 * sizeof( LPVOID ) ;
|
|
|
|
do
|
|
{
|
|
if( lpImageBaseArray )
|
|
{ // Hmm.. we've been through this loop already, double the HeapSize and try again.
|
|
|
|
delete [] lpImageBaseArray;
|
|
dwImageBaseArraySize *= 2 ;
|
|
}
|
|
|
|
lpImageBaseArray = (LPVOID *) new DWORD[dwImageBaseArraySize];
|
|
|
|
if( lpImageBaseArray == NULL )
|
|
{
|
|
goto error_cleanup;
|
|
}
|
|
|
|
// Query the system for the total number of processes
|
|
if( !g_lpDelayLoad->EnumDeviceDrivers(lpImageBaseArray, dwImageBaseArraySize, &dwImageBaseArraySizeUsed ) )
|
|
{
|
|
// It's bad if we can't enum device drivers... no place to go but to bail out...
|
|
goto error_cleanup;
|
|
}
|
|
} while( dwImageBaseArraySizeUsed == dwImageBaseArraySize );
|
|
|
|
// How many DeviceDrivers did we get?
|
|
dwNumberOfDeviceDrivers = dwImageBaseArraySizeUsed / sizeof( LPVOID ) ;
|
|
|
|
// Loop through each Device Drivers
|
|
for(dwIndex = 0 ; dwIndex < dwNumberOfDeviceDrivers; dwIndex++ )
|
|
{
|
|
// Spin until we get a device driver filename!
|
|
if (!g_lpDelayLoad->GetDeviceDriverFileName(lpImageBaseArray[dwIndex], tszModulePath, _MAX_PATH))
|
|
continue;
|
|
|
|
CUtilityFunctions::UnMungePathIfNecessary(tszModulePath);
|
|
|
|
// For some reason, even though GetDeviceDriverFileName() is supposed to return the fullpath to the device
|
|
// driver... it don't always... sometimes it returns only the base file name...
|
|
CUtilityFunctions::FixupDeviceDriverPathIfNecessary(tszModulePath, _MAX_PATH);
|
|
|
|
if (!g_lpProgramOptions->fDoesModuleMatchOurSearch(tszModulePath))
|
|
continue;
|
|
|
|
// Okay, let's go ahead and get a ModuleInfo Object from our cache...
|
|
// If pfNew returns TRUE, then this object is new and we'll need
|
|
// to populate it with data...
|
|
lpModuleInfo = m_lpModuleInfoCache->AddNewModuleInfoObject(tszModulePath, &fNew);
|
|
|
|
if (false == fNew)
|
|
{
|
|
// We may have the object in the cache... now we need to
|
|
// save a pointer to this object in our Process Info list
|
|
AddNewModuleInfoObject(lpModuleInfo); // Just do our best...
|
|
continue; // We save having to get the module info again for this module...
|
|
}
|
|
|
|
// Not in the cache... so we need to init it, and get the module info...
|
|
if (!lpModuleInfo->Initialize(m_lpInputFile, m_lpOutputFile, NULL))
|
|
{
|
|
continue;
|
|
}
|
|
|
|
// Let's do it!! Populate the ModuleInfo object with data!!!!
|
|
if (!lpModuleInfo->GetModuleInfo(tszModulePath, false, 0, false))
|
|
{
|
|
// Well, we tried and failed...
|
|
continue;
|
|
}
|
|
|
|
// We may have the object in the cache... now we need to
|
|
// save a pointer to this object in our Process Info list
|
|
if (!AddNewModuleInfoObject(lpModuleInfo))
|
|
{ // Failure adding the node.... This is pretty serious...
|
|
continue;
|
|
}
|
|
}
|
|
|
|
fReturn = true;
|
|
goto cleanup;
|
|
|
|
error_cleanup:
|
|
|
|
|
|
cleanup:
|
|
|
|
if (lpImageBaseArray)
|
|
{
|
|
delete [] lpImageBaseArray;
|
|
}
|
|
|
|
return fReturn;
|
|
}
|