ccsCOMPL_STAT wsf2ex1APPLICATION::Run() { wsf2libLOG_TRACE(); ErrReset(); ccsCOMPL_STAT stat = SUCCESS; eccsLOG_1(("wsf2ex1 - Entering the main loop.")); while(IsRunning() == ccsTRUE) { // I can return on request, such as with EXIT command // (stat == SUCCESS) or because of an error (stat == FAILURE) stat = evhHandler->MainLoop(); // In case of error, I try to recover before exiting if (stat == FAILURE) { eccsLOG_1(("A fatal error occurred, try to recover!")); #if 0 wsf2libASSERTPTR(mEventMgr); if (mEventMgr->Init() == FAILURE) stat = FAILURE; wsf2libASSERTPTR(mActionMgr); if (mActionMgr->Init() == FAILURE) stat = FAILURE; wsf2libASSERTPTR(mFsm); if (mFsm->Init() == FAILURE) stat = FAILURE; #endif errAdd(wsf2ex1MOD, wsf2ex1ERR_FATAL, __FILE_LINE__, GetProcName()); errCloseStack(); if (stat == FAILURE) { eccsLOG_1(("Cannot recover. Application aborted!")); errAdd(wsf2ex1MOD, wsf2ex1ERR_FATAL, __FILE_LINE__, GetProcName()); errCloseStack(); logData(wsf2ex1MOD, "%s - Application aborted!", GetProcName()); Quit(); } } else { eccsLOG_1(("wsf2ex1 - Exiting from the main loop. Application quits.")); logData(wsf2ex1MOD, "%s - Application quits.", GetProcName()); Quit(); break; } } return stat; }
ccsCOMPL_STAT wsf2ex1APPLICATION::Init(int argCount, char *arg[]) { wsf2libLOG_TRACE(); ErrReset(); // Turn off logging of warning on EXIT command evhTASK::LogExitWarning(FALSE); // Parses the command line arguments // and extract the configuration parameters // for ENV NAME, DB POINT and PROC NAME from the // command line or from the enviroment variables if (EvaluateArgs(argCount, arg, wsf2ex1DB_ROOT_POINT) == FAILURE) { errAdd(wsf2ex1MOD, wsf2ex1ERR_INIT, __FILE_LINE__, "wrong argument(s)"); return FAILURE; } // Initialize CCS and connect to database if(InitCCS() == FAILURE) { errAdd(wsf2ex1MOD, wsf2ex1ERR_INIT, __FILE_LINE__, "cannot init CCS"); return FAILURE; } // Logs current startup configuration eccsLOG_1(("%s - Application started (proc name: %s, DB root point: %s)", GetProcName(), GetProcName(), GetDbRoot())); logData(wsf2ex1MOD,"%s - Application started (proc name: %s, DB root point: %s)", GetProcName(), GetProcName(), GetDbRoot()); /* * Create factory for ACTIONS, DATA, CONFIG and CONTROL */ wsf2libASSERT(mActionMgr == NULL); mActionMgr = new wsf2ex1ACTION_MGR(GetDbRoot(), argCount, arg, GetEventMgr()); if (mActionMgr == NULL) { errAdd(wsf2ex1MOD, wsf2ex1ERR_FATAL, __FILE_LINE__, "no memory for allocating wsf2ex1ACTION_MGR"); return FAILURE; } if (wsf2libHELPER::ObjectOk(mActionMgr, "ACTION_MGR") == ccsFALSE) { errAdd(wsf2ex1MOD, wsf2ex1ERR_CREATE, __FILE_LINE__, "wsf2ex1ACTION_MGR"); return FAILURE; } /* * Set FSM context * TBD: rename method */ SetControl(mActionMgr->GetControl()); /* * Instantiate events and actions */ if (CreateEvents(wsf2ex1EVENTS_FILENAME) == FAILURE) { errAdd(wsf2ex1MOD, wsf2ex1ERR_CREATE, __FILE_LINE__, "Events"); return FAILURE; } if (mActionMgr->CreateActions() == FAILURE) { errAdd(wsf2ex1MOD, wsf2ex1ERR_CREATE, __FILE_LINE__, "Actions"); return FAILURE; } /* * Load SCXML Model */ if (LoadModel(wsf2ex1MODEL_FILENAME, mActionMgr->SCXMLGetActions(), mActionMgr->SCXMLGetActivities()) == FAILURE) { errAdd(wsf2ex1MOD, wsf2ex1ERR_FATAL, __FILE_LINE__, "cannot load SCXML model"); return FAILURE; } /* * Initialize all events and actions and data structures */ if (mActionMgr->Init() == FAILURE) { errAdd(wsf2ex1MOD, wsf2ex1ERR_FATAL, __FILE_LINE__, "initializing actions and data structures"); return FAILURE; } /* * Start the execution of SCXML model */ if (StartModel() == FAILURE) { errAdd(wsf2ex1MOD, wsf2ex1ERR_FATAL, __FILE_LINE__, "cannot start SCXML model execution"); return FAILURE; } return SUCCESS; }
BOOL InjectDll(DWORD dwPID, LPCTSTR szDllPath) { HANDLE hProcess = NULL; HANDLE hThread = NULL; LPVOID pRemoteBuf = NULL; DWORD dwBufSize = (DWORD)(_tcslen(szDllPath) + 1) * sizeof(TCHAR); LPTHREAD_START_ROUTINE pThreadProc = NULL; BOOL bRet = FALSE; HMODULE hMod = NULL; DWORD dwDesiredAccess = 0; TCHAR szProcName[MAX_PATH] = { 0, }; dwDesiredAccess = PROCESS_ALL_ACCESS; //dwDesiredAccess = MAXIMUM_ALLOWED; if (!(hProcess = OpenProcess(dwDesiredAccess, FALSE, dwPID))) { wsprintf(buf, L"InjectDll() : OpenProcess(%d) failed!!! [%d]\n", dwPID, GetLastError()); MessageBox(NULL, buf, L"error", MB_OK); goto INJECTDLL_EXIT; } pRemoteBuf = VirtualAllocEx(hProcess, NULL, dwBufSize, MEM_COMMIT, PAGE_READWRITE); if (pRemoteBuf == NULL) { wsprintf(buf, L"InjectDll() : VirtualAllocEx() failed!!! [%d]\n", GetLastError()); MessageBox(NULL, buf, L"error", MB_OK); goto INJECTDLL_EXIT; } if (!WriteProcessMemory(hProcess, pRemoteBuf, (LPVOID)szDllPath, dwBufSize, NULL)) { wsprintf(buf, L"InjectDll() : WriteProcessMemory() failed!!! [%d]\n", GetLastError()); MessageBox(NULL, buf, L"error", MB_OK); goto INJECTDLL_EXIT; } hMod = GetModuleHandle(L"kernel32.dll"); if (hMod == NULL) { wsprintf(buf, L"InjectDll() : GetModuleHandle(\"kernel32.dll\") failed!!! [%d]\n", GetLastError()); MessageBox(NULL, buf, L"error", MB_OK); goto INJECTDLL_EXIT; } pThreadProc = (LPTHREAD_START_ROUTINE)GetProcAddress(hMod, "LoadLibraryW"); if (pThreadProc == NULL) { wsprintf(buf, L"InjectDll() : GetProcAddress(\"LoadLibraryW\") failed!!! [%d]\n", GetLastError()); MessageBox(NULL, buf, L"error", MB_OK); goto INJECTDLL_EXIT; } if (!MyCreateRemoteThread(hProcess, pThreadProc, pRemoteBuf)) { wsprintf(buf, L"InjectDll() : MyCreateRemoteThread() failed!!!\n"); MessageBox(NULL, buf, L"error", MB_OK); goto INJECTDLL_EXIT; } bRet = TRUE; // bRet = CheckDllInProcess(dwPID, szDllPath); INJECTDLL_EXIT: wsprintf(szProcName, L"%s", GetProcName(dwPID)); if (szProcName[0] == '\0') _tcscpy_s(szProcName, L"(no_process)"); wsprintf(buf, L"%s(%d) %s!!!\n", szProcName, dwPID); OutputDebugStringW(buf); if (pRemoteBuf) VirtualFreeEx(hProcess, pRemoteBuf, 0, MEM_RELEASE); if (hThread) CloseHandle(hThread); if (hProcess) CloseHandle(hProcess); return bRet; }
BOOL EjectDll(DWORD dwPID, LPCTSTR szDllPath) { BOOL bMore = FALSE, bFound = FALSE, bRet = FALSE; HANDLE hSnapshot = INVALID_HANDLE_VALUE; HANDLE hProcess = NULL; HANDLE hThread = NULL; MODULEENTRY32 me = { sizeof(me), }; LPTHREAD_START_ROUTINE pThreadProc = NULL; HMODULE hMod = NULL; DWORD dwDesiredAccess = 0; TCHAR szProcName[MAX_PATH] = { 0, }; if (INVALID_HANDLE_VALUE == (hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, dwPID))) { wsprintf(buf, L"EjectDll() : CreateToolhelp32Snapshot(%d) failed!!! [%d]\n", dwPID, GetLastError()); goto EJECTDLL_EXIT; } bMore = Module32First(hSnapshot, &me); for (; bMore; bMore = Module32Next(hSnapshot, &me)) { if (!_tcsicmp(me.szModule, szDllPath) || !_tcsicmp(me.szExePath, szDllPath)) { bFound = TRUE; break; } } if (!bFound) { wsprintf(buf, L"EjectDll() : There is not %s module in process(%d) memory!!!\n", szDllPath, dwPID); MessageBox(NULL, buf, L"error", MB_OK); goto EJECTDLL_EXIT; } dwDesiredAccess = PROCESS_ALL_ACCESS; if (!(hProcess = OpenProcess(dwDesiredAccess, FALSE, dwPID))) { wsprintf(buf, L"EjectDll() : OpenProcess(%d) failed!!! [%d]\n", dwPID, GetLastError()); MessageBox(NULL, buf, L"error", MB_OK); goto EJECTDLL_EXIT; } hMod = GetModuleHandle(L"kernel32.dll"); if (hMod == NULL) { wsprintf(buf, L"EjectDll() : GetModuleHandle(\"kernel32.dll\") failed!!! [%d]\n", GetLastError()); MessageBox(NULL, buf, L"error", MB_OK); goto EJECTDLL_EXIT; } pThreadProc = (LPTHREAD_START_ROUTINE)GetProcAddress(hMod, "FreeLibrary"); if (pThreadProc == NULL) { wsprintf(buf, L"EjectDll() : GetProcAddress(\"FreeLibrary\") failed!!! [%d]\n", GetLastError()); MessageBox(NULL, buf, L"error", MB_OK); goto EJECTDLL_EXIT; } if (!MyCreateRemoteThread(hProcess, pThreadProc, me.modBaseAddr)) { wsprintf(buf, L"EjectDll() : MyCreateRemoteThread() failed!!!\n"); MessageBox(NULL, buf, L"error", MB_OK); goto EJECTDLL_EXIT; } bRet = TRUE; EJECTDLL_EXIT: _tcscpy_s(szProcName, GetProcName(dwPID)); wsprintf(buf, L"%s(%d) %s!!! [%d]\n", szProcName, dwPID, bRet ? L"SUCCESS" : L"-->> FAILURE", GetLastError()); OutputDebugStringW(buf); if (hThread) CloseHandle(hThread); if (hProcess) CloseHandle(hProcess); if (hSnapshot != INVALID_HANDLE_VALUE) CloseHandle(hSnapshot); return bRet; }
int main (int argc, char* argv[]) { if (geteuid() != 0) { fprintf(stderr,"Opening /dev/fsevents requires root permissions\n"); exit (1); } // Open the device int fsed = 0; fsed = open ("/dev/fsevents", O_RDONLY); if (fsed < 0) { perror ("open"); exit(2); } int8_t events[FSE_MAX_EVENTS]; for (int i = 0; i < FSE_MAX_EVENTS; i++) { events[i] = FSE_REPORT; } fsevent_clone_args clone_args; memset(&clone_args, '\0', sizeof(clone_args)); int cloned_fsed; clone_args.fd = &cloned_fsed; clone_args.event_queue_depth = 10; clone_args.event_list = events; clone_args.num_events = FSE_MAX_EVENTS; // Do it. int rc = ioctl (fsed, FSEVENTS_CLONE, &clone_args); if (rc < 0) { perror ("ioctl"); exit(3); } close (fsed); //unsigned short *arg_type; char buf[BUFSIZE]; while ((rc = read (cloned_fsed, buf, BUFSIZE)) || 1) { if (rc <= 0) { printf("***Warning: haven't read data, continue\n"); continue; } // rc returns the count of bytes for one or more events: int offInBuf = 0; while (offInBuf < rc) { struct kfs_event_a *fse = (struct kfs_event_a *)(buf + offInBuf); struct kfs_event_arg *fse_arg = NULL; if (offInBuf) { printf ("Next event: %d\n", offInBuf); }; printf ("%s (PID:%d) %s ", GetProcName(fse->pid), fse->pid , EvenTypeToString(fse->type) ); offInBuf += sizeof(struct kfs_event_a); fse_arg = (struct kfs_event_arg *) &buf[offInBuf]; printf ("%s\n", fse_arg->data); offInBuf += sizeof(kfs_event_arg) + fse_arg->pathlen; int arg_len = doArg(buf + offInBuf); offInBuf += arg_len; while (arg_len > 2) { arg_len = doArg(buf + offInBuf); offInBuf += arg_len; } } // end while (offInBuf < rc) if (rc > offInBuf) { printf ("***Warning: Some events may be lost\n"); } } return 0; }