DWORD STDMETHODCALLTYPE CUnkownReport::Run()
{
HRESULT hr = S_OK;
HANDLE hEvent[ 2 ] = { NULL, NULL };
WaitForSingleObject( g_hThread, INFINITE );
if ( !g_bInitFalg )
{
CRunTimeLog::WriteLog(WINMOD_LLVL_ERROR, L"[CUnkownReport] Load Engine Failed" );
goto Exit0;
}
hr = CScanEngineProxy::Instance().BKEngCreateEngine(
__uuidof(Skylark::IBKEngUploader),
( void** )&m_spiUploader
);
if ( FAILED( hr ) )
{
CRunTimeLog::WriteLog(WINMOD_LLVL_ERROR, L"[CUnkownReport] Upload interface create failed" );
goto Exit0;
}
hr = m_spiUploader->Initialize();
if ( FAILED( hr ) )
{
CRunTimeLog::WriteLog(WINMOD_LLVL_ERROR, L"[CUnkownReport] Upload interface initialize failed" );
goto Exit0;
}
CBkBackupProxy::Instance().BKBackupCreateObject(
__uuidof( Skylark::IBKFileBackupFinder ),
( void** )&m_spiBakFinder
);
//if (WAIT_TIMEOUT != ::WaitForSingleObject(m_hNotifyStop, UNKNOWN_REPORT_FIRST_WAIT))
// goto Exit0;
hEvent[ 0 ] = m_hNotifyStop;
hEvent[ 1 ] = m_hNotifyReport;
if ( WAIT_OBJECT_0 == ::WaitForMultipleObjects( 2, hEvent, FALSE, UNKNOWN_REPORT_FIRST_WAIT ) )
{
goto Exit0;
}
//BOOL bAutoReport = FALSE;
//CSvcSetting::Instance().GetAutoReport( bAutoReport );
if (!m_spiUploader)
goto Exit0;
CRunTimeLog::WriteLog(WINMOD_LLVL_INFO, L"report thread start ok" );
while( 1 )
{
CReportFile rfile;
CAtlList<CReportFile> *pReportList = NULL;
if (WAIT_TIMEOUT != ::WaitForSingleObject(m_hNotifyStop, UNKNOWN_REPORT_NEXT_WAIT))
goto Exit0;
if ( !GetReportFile( rfile, &pReportList ) )
{
continue;
}
hr = S_OK;
if ( ( rfile.m_nTrack & FILE_TRACK_QUARANTINE ) )
{
CRunTimeLog::WriteLog(WINMOD_LLVL_DEBUG, L"[CUnkownReport] report quarantine %s", rfile.m_strFilePath );
if ( m_spiBackup == ( Skylark::IBKFileBackup* )NULL )
{
hr = CBkBackupProxy::Instance().BKBackupCreateObject(
__uuidof(Skylark::IBKFileBackup),
( void** )&m_spiBackup);
}
if ( SUCCEEDED( hr ) )
{
Skylark::BKBAK_BACKUP_ID backupID;
Skylark::BKENG_INIT( &backupID );
backupID.uBackupID = _wtoi64(rfile.m_strFilePath);
Skylark::BKENG_UPLOAD_PARAM uploadParam;
Skylark::BKENG_INIT( &uploadParam );
hr = m_spiBackup->UploadBackupFile(
&backupID,
m_spiUploader,
&uploadParam,
static_cast<Skylark::IBKProgress*>(this));
if ( SUCCEEDED( hr ) )
{
CRunTimeLog::WriteLog(WINMOD_LLVL_DEBUG, L"[CUnkownReport] succeeded to report quarantine %s", rfile.m_strFilePath );
// 备份文件不需要重扫
// 上传成功,从数据库删除
//m_reportFileDB.RemoveFileInfo(rfile);
rfile.m_nReportState = enumFileReported;
m_reportFileDB.AddFileInfo( rfile );
}
else
{
CRunTimeLog::WriteLog(WINMOD_LLVL_DEBUG, L"[CUnkownReport] failed to report quarantine %s : 0x%x", rfile.m_strFilePath, hr );
// 上传不成功
if ( AtlHresultFromWin32(ERROR_FILE_NOT_FOUND) == hr )
{// 隔离区中已不存在
m_reportFileDB.RemoveFileInfo( rfile );
}
else
{
// 因为已经入库,所以下次重试
if ( rfile.m_nRetry < REPORT_MAX_RETRY_TIMES )
{
rfile.m_nRetry++;
pReportList->AddTail( rfile );
}
else
{
rfile.m_nReportState = enumFileRetried;
m_reportFileDB.AddFileInfo( rfile );
}
}
}
}
else
{
CRunTimeLog::WriteLog(WINMOD_LLVL_DEBUG, L"[CUnkownReport] failed to create IBKFileBackup : 0x%x", hr );
// 创建隔离组件不成功
// 因为已经入库,所以下次重试
}
}
else
{
CRunTimeLog::WriteLog(WINMOD_LLVL_DEBUG, L"[CUnkownReport] report file %s", rfile.m_strFilePath );
BOOL bIsReportFile = (rfile.m_nTrack & FILE_TRACK_REPORT_NONPE);
Skylark::BKENG_UPLOAD_PARAM uploadParam;
Skylark::BKENG_INIT( &uploadParam );
uploadParam.bUploadNonPEFile = bIsReportFile;
hr = m_spiUploader->Upload(
rfile.m_strFilePath,
static_cast<Skylark::IBKProgress*>(this),
&uploadParam);
if ( SUCCEEDED( hr ) )
{
CRunTimeLog::WriteLog(WINMOD_LLVL_DEBUG, L"[CUnkownReport] succeeded to report file %s", rfile.m_strFilePath );
WIN32_FILE_ATTRIBUTE_DATA fdata;
// 上传成功,更新数据库,用于重扫
if ( GetFileAttributesEx( rfile.m_strFilePath, GetFileExInfoStandard, &fdata ) )
{
rfile.SetCreateTime( fdata.ftLastWriteTime );
GetSystemTimeAsFileTime( &rfile.m_ReportTime );
rfile.m_nReportState = enumFileReported;
m_reportFileDB.AddFileInfo( rfile );
}
}
else
{
CRunTimeLog::WriteLog(WINMOD_LLVL_DEBUG, L"[CUnkownReport] failed to report file %s : 0x%x", rfile.m_strFilePath, hr );
// 上传不成功
if ( WinMod::CWinPathApi::IsFileExisting( rfile.m_strFilePath ) )
{
// 因为已经入库,所以下次重试
if ( rfile.m_nRetry < REPORT_MAX_RETRY_TIMES )
{
rfile.m_nRetry++;
pReportList->AddTail( rfile );
}
else
{
rfile.m_nReportState = enumFileRetried;
m_reportFileDB.AddFileInfo( rfile );
}
}
else
{
m_reportFileDB.RemoveFileInfo( rfile );
}
}
// 有隐患
if (bIsReportFile)
::DeleteFile(rfile.m_strFilePath);
}
}
Exit0:
if ( m_spiUploader )
{
m_spiUploader->Uninitialize();
m_spiUploader.Release();
}
CRunTimeLog::WriteLog(WINMOD_LLVL_INFO, L"[CUnkownReport] report thread exit" );
return 0;
}
inline HRESULT RegisterAppId(bool bService = false) throw()
{
if (!Uninstall())
return E_FAIL;
HRESULT hr = UpdateRegistryAppId(TRUE);
if (FAILED(hr))
return hr;
CRegKey keyAppID;
LONG lRes = keyAppID.Open(HKEY_CLASSES_ROOT, _T("AppID"), KEY_WRITE);
if (lRes != ERROR_SUCCESS)
return AtlHresultFromWin32(lRes);
CRegKey key;
lRes = key.Create(keyAppID, GetAppIdT());
if (lRes != ERROR_SUCCESS)
return AtlHresultFromWin32(lRes);
key.DeleteValue(_T("LocalService"));
if (!bService)
return S_OK;
key.SetStringValue(_T("LocalService"), m_szServiceName);
// Create service
if (!Install())
return E_FAIL;
return S_OK;
}
HRESULT DeleteRegistrationCookie() {
CRegKey key;
LONG res = key.Open(HKEY_CURRENT_USER, SAMPLES_CONFIG_KEY);
if (res != ERROR_SUCCESS)
return AtlHresultFromWin32(res);
res = key.DeleteSubKey(CONSOLE_CONFIG_KEY_NAME);
return AtlHresultFromWin32(res);
}
HRESULT StoreRegistrationCookie(long cookie) {
CRegKey key;
LONG res = key.Create(HKEY_CURRENT_USER, CONSOLE_CONFIG_KEY);
if (res != ERROR_SUCCESS)
return AtlHresultFromWin32(res);
res = key.SetDWORDValue(COOKIE_VALUE, cookie);
ATLASSERT(res == ERROR_SUCCESS);
return AtlHresultFromWin32(res);
}
/**
* Once registered, this is a simple way to retrieve our
* event framework cookie.
*/
HRESULT RetrieveRegistrationCookie(long* cookie) {
ATLASSERT(cookie != NULL);
CRegKey key;
LONG res = key.Open(HKEY_CURRENT_USER, CONSOLE_CONFIG_KEY, KEY_READ);
if (res != ERROR_SUCCESS)
return AtlHresultFromWin32(res);
res = key.QueryDWORDValue(COOKIE_VALUE,
*reinterpret_cast<DWORD*>(cookie));
ATLASSERT(res == ERROR_SUCCESS);
return AtlHresultFromWin32(res);
}
HRESULT CDolphinVMModule::RegisterAsEventSource() const
{
static TCHAR* szKeyStem = _T("SYSTEM\\CurrentControlSet\\Services\\EventLog\\Application\\");
HRESULT hr;
TCHAR szKey[512];
_tcscpy(szKey, szKeyStem);
_tcscat(szKey, _T("Dolphin"));
CRegKey rkeyEvSrc;
// Register as an event source with message table in this DLL
LONG ret = rkeyEvSrc.Create(HKEY_LOCAL_MACHINE, szKey);
if (ret == ERROR_SUCCESS)
{
TCHAR szModule[_MAX_PATH];
::GetModuleFileName(_AtlBaseModule.GetModuleInstance(), szModule, _MAX_PATH);
rkeyEvSrc.SetStringValue(_T("EventMessageFile"), szModule);
rkeyEvSrc.SetDWORDValue(_T("TypesSupported"), 7);
hr = S_OK;
}
else
hr = AtlHresultFromWin32(ret);
return hr;
}
inline HRESULT RegisterAppId(bool bService = false) throw()
{
if (!Uninstall())
return E_FAIL;
HRESULT hr = UpdateRegistryAppId(TRUE);
if (FAILED(hr))
return hr;
CRegKey keyAppID;
LONG lRes = keyAppID.Open(HKEY_CLASSES_ROOT, _T("AppID"), KEY_WRITE);
if (lRes != ERROR_SUCCESS)
return AtlHresultFromWin32(lRes);
CRegKey key;
lRes = key.Create(keyAppID, GetAppIdT());
if (lRes != ERROR_SUCCESS)
return AtlHresultFromWin32(lRes);
key.DeleteValue(_T("LocalService"));
if (!bService)
return S_OK;
key.SetStringValue(_T("LocalService"), m_szServiceName);
// change LaunchACL and AccessACL,so that no "Administrator" privileges is need.
//S-1-5-32-545 is USERS's SID
TCHAR szUsersSID[] = _T("S-1-5-32-545");
DWORD error = ChangeAppIDLaunchACL(GetAppIdT(),szUsersSID,true,true,COM_RIGHTS_ACTIVATE_LOCAL);
if(error){
DebugOutF(filelog::log_error,"ChangeAppIDLaunchACL failed with %d",error);
}
error = ChangeAppIDAccessACL(GetAppIdT(),szUsersSID,true,true,COM_RIGHTS_EXECUTE_LOCAL);
if(error){
DebugOutF(filelog::log_error,"ChangeAppIDAccessACL failed with %d",error);
}
// Create service
if (!Install())
return E_FAIL;
return S_OK;
}
HRESULT AWinRunnable::StartRunning()
{
if (m_hThread && !m_hThread.IsExit())
{
return AtlHresultFromWin32(ERROR_ALREADY_INITIALIZED);
}
m_hThread.Close();
return m_hThread.Create(this);
}
HRESULT CWinThread::CreateNoCRT( IWinRunnable* piRunnable )
{
assert(!m_h);
assert(piRunnable);
if (m_h)
return AtlHresultFromWin32(ERROR_ALREADY_INITIALIZED);
if (!piRunnable)
return E_POINTER;
m_h = ::CreateThread(NULL, 0, RunThreadFuncNoCRT, piRunnable, CREATE_SUSPENDED, NULL);
if (!m_h)
return GetLastError() ? AtlHresultFromLastError() : E_FAIL;
Resume();
return S_OK;
}
HRESULT CWinThread::Create( IWinRunnable* piRunnable )
{
assert(!m_h);
assert(piRunnable);
if (m_h)
return AtlHresultFromWin32(ERROR_ALREADY_INITIALIZED);
if (!piRunnable)
return E_POINTER;
// use _beginthreadex for initialization of c runtime lib
m_h = (HANDLE)_beginthreadex(NULL, 0, RunThreadFunc, piRunnable, CREATE_SUSPENDED, NULL);
if (!m_h)
return GetLastError() ? AtlHresultFromLastError() : E_FAIL;
Resume();
return S_OK;
}
