void KUrlMonService::ClearDumpStateAndStartUp()
{
if (!m_pProxy && m_pProcessMgr)
{
m_pProxy = new KTdiDriverProxy;
m_pProxy->DoCheckForceDisableTDI();
m_pProxy->ClearDumpState();
if (FAILED(m_pProxy->Init(m_pProcessMgr, m_pModuleMgr, m_pUrlMgr->GetCfg())))
{
kws_log(TEXT("KUrlMonService::ClearDumpStateAndStartUp failed to init KTdiDriverProxy"));
delete m_pProxy;
m_pProxy = NULL;
}
}
if (!m_pFluxMgr && m_pProxy && m_pProcessMgr && m_pModuleMgr)
{
m_pFluxMgr = new KNetFluxMgr;
if (FAILED(m_pFluxMgr->Init(m_pProxy->GetDriverProxy(), m_pProcessMgr, m_pModuleMgr, m_pUrlMgr->GetCfg())))
{
kws_log(TEXT("KUrlMonService::ClearDumpStateAndStartUp failed to init fluxmgr"));
delete m_pFluxMgr;
m_pFluxMgr = NULL;
}
}
}
BOOL KTdiDriverProxy::InstallDriverSvr(DWORD dwEnable, DWORD dwRequest)
{
ULONG status = E_FAIL;
IFwInstaller *FwInstaller = NULL;
if( LoadInterface(__uuidof(IFwInstaller), (VOID**)&FwInstaller) )
{
// 安装前先卸载
status = FwInstaller->UnInstall();
if (status != S_OK)
{
kws_log(TEXT("KTdiDriverProxy::InstallDriverSvr uninstall driver failed"));
}
status = FwInstaller->Install();
if( status == S_OK )
{
FwInstaller->SetConfig( dwEnable, dwRequest );
}
else
{
kws_log(TEXT("KTdiDriverProxy::InstallDriverSvr install failed:%08x"), status);
}
}
else
{
kws_log(TEXT("KTdiDriverProxy::InstallDriverSvr 无法获取安装接口"));
}
kws_log(TEXT("%s:%08X"), status == S_OK ? "安装成功" : "安装失败", status );
if( FwInstaller != NULL )
FwInstaller->Release();
return status == S_OK;
}
void KProcessInfo::AddImageToList(KProcImage* pImage, ULONGLONG nLoadTime)
{
// 按照时间顺序插入列表中
if (nLoadTime >= m_nLastImageLoadTime)
{
m_ModuleList.push_back(pImage);
m_nLastImageLoadTime = nLoadTime;
}
else
{
BOOL bFind = FALSE;
vector<KProcImage*>::iterator it = m_ModuleList.begin();
while (it != m_ModuleList.end())
{
KProcImage* pImage1 = *it;
if (pImage1->IsLaterThan(pImage))
{
m_ModuleList.insert(it, pImage);
bFind = TRUE;
break;
}
it++;
}
if (!bFind)
{
kws_log(TEXT("KProcessInfo::AddImageToList find a image load time error"));
m_ModuleList.push_back(pImage);
}
}
}
HRESULT KProcessPerfMgr::Init()
{
if (!m_pNameMgr)
{
m_pNameMgr = new KPerfNameMgr;
if (!m_pNameMgr) return E_FAIL;
}
if (!m_PerfData)
{
m_nPerfDataSize = TOTALBYTES;
m_PerfData = (PPERF_DATA_BLOCK) new BYTE[m_nPerfDataSize];
if (!m_PerfData) return E_FAIL;
}
if (!m_pCacheMgr)
{
WCHAR bufPath[MAX_PATH] = {0};
::GetModuleFileName(NULL, bufPath, MAX_PATH);
::PathRemoveFileSpecW(bufPath);
::PathAppend(bufPath, TEXT("procperf.dat"));
m_pCacheMgr = new KProcessPerfCacheMgr;
if (FAILED(m_pCacheMgr->Init(bufPath, PROC_PERF_MON_MAPDATA_NAME)))
{
delete m_pCacheMgr;
m_pCacheMgr = NULL;
kws_log(TEXT("KProcessPerfMgr::Init init KProcessPerfCacheMgr Failed"));
return E_FAIL;
}
}
return S_OK;
}
DWORD KUrlMonService::DoUpdateCfg()
{
kws_log(TEXT("KNetFluxMgr::DoUpdateCfg start"));
m_bUpdateThreadWorking = TRUE;
try
{
while (1)
{
DWORD nWaitRes = ::WaitForSingleObject(m_hThreadExit, 1000 * 60 * 10);
switch (nWaitRes)
{
case WAIT_TIMEOUT:
UpdateCfg();
break;
case WAIT_OBJECT_0:
goto exit0;
break;
default:
goto exit0;
break;
}
}
}
catch (...)
{
}
exit0:
m_bUpdateThreadWorking = FALSE;
return 0;
}
BOOL KStasticFluxCacheMgr::VerifyFluxListData(KStasticFluxProcessList* pData)
{
if (pData->m_nSize != sizeof(KStasticFluxProcessList))
{
kws_log(TEXT("flux data size is not equal"));
return FALSE;
}
return TRUE;
}
BOOL KProcessPerfCacheMgr::VerifyPerfListData(KPocessPerfList* pData)
{
if (pData->m_nSize != sizeof(KPocessPerfList))
{
kws_log(TEXT("flux data size is not equal"));
return FALSE;
}
return TRUE;
}
BOOL KStasticFluxCacheMgr::VerifyCacheFile(BYTE* pData, DWORD nFileSize)
{
if (nFileSize < GetDataSize())
{
kws_log(TEXT("file size smaller than data size"));
return FALSE;
}
if (IsBadReadPtr(pData, nFileSize))
{
kws_log(TEXT("map data can not read filesize:%d"), nFileSize);
return FALSE;
}
NetFluxStasticCacheFileHeader* pFileHeader = (NetFluxStasticCacheFileHeader*)pData;
if (pFileHeader->m_nMagic != NET_FLEX_STASTIC_FILE_MAGIC)
{
kws_log(TEXT("file magic is not equal"));
return FALSE;
}
if (pFileHeader->m_nFileVersion != NET_FLEX_STASTIC_FILE_FILE)
{
kws_log(TEXT("file version error"));
return FALSE;
}
if (nFileSize < sizeof(NetFluxStasticCacheFileHeader))
return FALSE;
if (pFileHeader->m_nDataDirs > 20)
{
kws_log(TEXT("data dir too many"));
return FALSE;
}
if (pFileHeader->m_nDataDirs >= 1)
{
if (!VerifyFluxListData((KStasticFluxProcessList*)(pData + pFileHeader->m_nDataOffset[0])))
return FALSE;
}
return TRUE;
}
BOOL KProcessPerfCacheMgr::VerifyCacheFile(BYTE* pData, DWORD nFileSize)
{
if (nFileSize < GetDataSize())
{
kws_log(TEXT("file size smaller than data size"));
return FALSE;
}
if (IsBadReadPtr(pData, nFileSize))
{
kws_log(TEXT("map data can not read filesize:%d"), nFileSize);
return FALSE;
}
ProcPerfMonCacheFileHeader* pFileHeader = (ProcPerfMonCacheFileHeader*)pData;
if (pFileHeader->m_nMagic != PROC_PERF_MON_FILE_MAGIC)
{
kws_log(TEXT("file magic is not equal"));
return FALSE;
}
if (pFileHeader->m_nFileVersion != PROC_PERF_MON_FILE_FILE)
{
kws_log(TEXT("file version error"));
return FALSE;
}
if (nFileSize < sizeof(ProcPerfMonCacheFileHeader))
return FALSE;
if (pFileHeader->m_nDataDirs > 20)
{
kws_log(TEXT("data dir too many"));
return FALSE;
}
if (pFileHeader->m_nDataDirs >= 1)
{
if (!VerifyPerfListData((KPocessPerfList*)(pData + pFileHeader->m_nDataOffset[0])))
return FALSE;
}
return TRUE;
}
HRESULT KStasticProgramFlux::Init(KFluxStasticProcItem* pItem)
{
m_strProgramPath = pItem->m_strProcPath;
if (m_strProgramPath.GetLength() == 0)
return E_FAIL;
m_nTotalRecv = pItem->m_nTotalRecv;
m_nTotalSend = pItem->m_nTotalSend;
kws_log(TEXT("KStasticProgramFlux init: recv: %*I64d, send:%*I64d, %s"), 20,
m_nTotalRecv, 20, m_nTotalSend, (LPCWSTR)m_strProgramPath);
return S_OK;
}
HRESULT KProcessPerfCacheMgr::Init(LPCWSTR strCacheFile, LPCWSTR urlMapName)
{
m_strCacheFile = strCacheFile;
m_strUrlMapName = urlMapName;
if (!OpenCacheFile())
{
if (!CreateCacheFile())
{
kws_log(TEXT("KProcessPerfCacheMgr::Init try create cache file"));
return E_FAIL;
}
if (!OpenCacheFile())
{
kws_log(TEXT("KProcessPerfCacheMgr::Init try open cache file 2 failed"));
return E_FAIL;
}
}
kws_log(TEXT("KProcessPerfCacheMgr::Init sucess"));
return S_OK;
}
HRESULT KFluxStastic::UpdateFlux(KProcessFluxList* pFluxList, __int64 nDisableTime)
{
ATL::CTime nTimeNow;
nTimeNow = ATL::CTime::GetCurrentTime();
if (nTimeNow.GetTime() >= m_nTimeTodayLastTime ||
nTimeNow.GetTime() < m_nTimeTodayStartTime )
ResetToday(nTimeNow.GetTime());
pFluxList->m_lock.LockRead();
if (pFluxList->m_SysFlux.nRecvSpeed > pFluxList->m_SysFlux.nRecvSpeedLocal)
{
m_nFluxRecv += pFluxList->m_SysFlux.nRecvSpeed - pFluxList->m_SysFlux.nRecvSpeedLocal;
if (m_nFluxRecv > ((ULONGLONG)1 << 40))
{
LARGE_INTEGER i;
i.QuadPart = m_nFluxRecv;
kws_log(TEXT("find data not ok at KFluxStastic::UpdateFlux: %u:%u"), i.HighPart, i.LowPart);
}
}
if (pFluxList->m_SysFlux.nSendSpeed > pFluxList->m_SysFlux.nSendSpeedLocal)
{
m_nFluxSend += pFluxList->m_SysFlux.nSendSpeed - pFluxList->m_SysFlux.nSendSpeedLocal;
if (m_nFluxSend > ((ULONGLONG)1 << 40))
{
LARGE_INTEGER i;
i.QuadPart = m_nFluxSend;
kws_log(TEXT("find data not ok at KFluxStastic::UpdateFlux: %u:%u"), i.HighPart, i.LowPart);
}
}
for (DWORD i = 0; i < pFluxList->m_nCurrentCnt; i++)
{
KStasticProgramFlux* pFlux = GetStasticFlux(&(pFluxList->m_Items[i]));
if (pFlux) pFlux->UpdateData(&(pFluxList->m_Items[i]));
}
pFluxList->m_lock.UnLockRead();
RefreshToCache(nTimeNow.GetTime(), nDisableTime);
return S_OK;
}
BOOL KProcessPerfCacheMgr::VerifyCacheFile(HANDLE hFile)
{
BOOL bRes = FALSE;
HANDLE hFileMap = NULL;
hFileMap = ::CreateFileMapping(hFile, NULL, PAGE_READWRITE | SEC_COMMIT, 0, ::GetFileSize(hFile, NULL), NULL);
if (NULL == hFileMap)
{
kws_log(TEXT("CreateFileMapping failed: %d"), ::GetLastError());
goto exit0;
}
DWORD nFileSize = ::GetFileSize(hFile, NULL);
BYTE* pMapBuf = (BYTE*)::MapViewOfFile(hFileMap, FILE_MAP_READ | FILE_MAP_WRITE, 0, 0, 0);
if (!VerifyCacheFile(pMapBuf, nFileSize))
{
kws_log(TEXT("VerifyCacheFile failed"));
goto exit0;
}
bRes = InitMapData(pMapBuf, nFileSize);
exit0:
if (pMapBuf)
{
UnmapViewOfFile(pMapBuf);
pMapBuf = NULL;
}
if (hFileMap)
{
::CloseHandle(hFileMap);
hFileMap = NULL;
}
return bRes;
}
HRESULT KStasticFluxCacheMgr::UnInit()
{
kws_log(TEXT("KStasticFluxCacheMgr::UnInit"));
FlushToDisk();
if (m_pData && m_hFileMap)
{
::UnmapViewOfFile(m_pData);
m_pData = NULL;
}
if (m_hFileMap)
{
::CloseHandle(m_hFileMap);
m_hFileMap = NULL;
}
if (m_hFile)
{
::CloseHandle(m_hFile);
m_hFile = NULL;
}
return S_OK;
}
BOOL KProcessPerfCacheMgr::OpenCacheFile()
{
BOOL bRes = FALSE;
HANDLE hFile = NULL;
kws_log(TEXT("KProcessPerfCacheMgr::OpenCacheFile begin"));
DWORD nWriteSize = 0;
HANDLE hFileMap = NULL;
BYTE* pMapBuf = NULL;
KSecurityDesAcessByAnyone secByAny;
hFile = ::CreateFile(m_strCacheFile,
GENERIC_READ | GENERIC_WRITE,
0, //FILE_SHARE_READ|FILE_SHARE_WRITE,
secByAny,
OPEN_EXISTING,
FILE_ATTRIBUTE_NORMAL,
NULL);
if (hFile == INVALID_HANDLE_VALUE)
{
kws_log(TEXT("create file error :%d: %s"), ::GetLastError(), (LPCWSTR)m_strCacheFile);
goto exit0;
}
if (!VerifyCacheFile(hFile))
{
kws_log(TEXT("VerifyCacheFile failed:"));
goto exit0;
}
hFileMap = ::CreateFileMapping(hFile, secByAny, PAGE_READWRITE | SEC_COMMIT,
0, ::GetFileSize(hFile, NULL), m_strUrlMapName);
if (NULL == hFileMap)
{
kws_log(TEXT("CreateFileMapping failed: %d"), ::GetLastError());
goto exit0;
}
pMapBuf = (BYTE*)::MapViewOfFile(hFileMap, FILE_MAP_READ | FILE_MAP_WRITE, 0, 0, 0);
m_hFile = hFile;
m_hFileMap = hFileMap;
m_pData = pMapBuf;
SetObjectToLowIntegrity(m_hFile);
SetObjectToLowIntegrity(m_hFileMap);
kws_log(TEXT("KProcessPerfCacheMgr::OpenCacheFile end sucess"));
return TRUE;
exit0:
if (pMapBuf)
{
UnmapViewOfFile(pMapBuf);
pMapBuf = NULL;
}
if (hFileMap)
{
::CloseHandle(hFileMap);
hFileMap = NULL;
}
if (hFile)
{
::CloseHandle(hFile);
hFile = NULL;
}
return FALSE;
}
HRESULT KUrlMonService::_Initialize()
{
kws_log(TEXT("KUrlMonService::Initialize begin"));
if (!m_pUrlMgr)
{
m_pUrlMgr = new KUrlCacheMgr;
if (FAILED(m_pUrlMgr->Init()))
{
kws_log(TEXT("KUrlMonService::Initialize failed to init KUrlCacheMgr"));
delete m_pUrlMgr;
m_pUrlMgr = NULL;
}
if (!m_pUrlMgr->GetCfg())
{
kws_log(TEXT("KUrlMonService::Initialize failed to get cfg"));
m_pUrlMgr->UnInit();
delete m_pUrlMgr;
m_pUrlMgr = NULL;
}
}
if (!m_pModuleMgr && m_pUrlMgr)
{
m_pModuleMgr = new KModuleMgr;
if (m_pModuleMgr && FAILED(m_pModuleMgr->Init(m_pUrlMgr->GetCfg())))
{
kws_log(TEXT("KUrlMonService::Initialize failed to init KModuleMgr"));
delete m_pModuleMgr;
m_pModuleMgr = NULL;
}
}
if (!m_pProcessMgr && m_pModuleMgr && m_pUrlMgr)
{
m_pProcessMgr = new KProcessInfoMgr;
if (m_pProcessMgr&& FAILED(m_pProcessMgr->Init(m_pModuleMgr, m_pUrlMgr)))
{
kws_log(TEXT("KUrlMonService::Initialize failed to init KProcessInfoMgr"));
delete m_pProcessMgr;
m_pProcessMgr = NULL;
}
}
if (!m_pProxy && m_pProcessMgr)
{
m_pProxy = new KTdiDriverProxy;
if (m_pProxy && FAILED(m_pProxy->Init(m_pProcessMgr, m_pModuleMgr, m_pUrlMgr->GetCfg())))
{
kws_log(TEXT("KUrlMonService::Initialize failed to init KTdiDriverProxy"));
delete m_pProxy;
m_pProxy = NULL;
}
}
if (!m_pFluxMgr && m_pProxy && m_pProcessMgr && m_pModuleMgr)
{
m_pFluxMgr = new KNetFluxMgr;
if (m_pFluxMgr && FAILED(m_pFluxMgr->Init(m_pProxy->GetDriverProxy(), m_pProcessMgr, m_pModuleMgr, m_pUrlMgr->GetCfg())))
{
kws_log(TEXT("KUrlMonService::Initialize failed to init fluxmgr"));
delete m_pFluxMgr;
m_pFluxMgr = NULL;
}
}
if (!m_pIpcServer)
{
m_pIpcServer = new IPCServer;
m_pIpcServer->AddCall(IPC_PROC_URLMON, KUrlMonService::OnUrlMonIpc);
m_pIpcServer->Start();
}
s_UrlMonService = this;
kws_log(TEXT("KUrlMonService::Initialize end"));
return S_OK;
}
HRESULT KFluxStastic::Init()
{
if (!m_pCacheMgr)
{
WCHAR bufPath[MAX_PATH] = {0};
::GetModuleFileName(NULL, bufPath, MAX_PATH);
::PathRemoveFileSpecW(bufPath);
::PathAppend(bufPath, TEXT("fluxstastic.dat"));
m_pCacheMgr = new KStasticFluxCacheMgr;
if (FAILED(m_pCacheMgr->Init(bufPath, NET_FLUX_STASTIC_MAPDATA_NAME)))
{
delete m_pCacheMgr;
m_pCacheMgr = NULL;
kws_log(TEXT("KFluxStastic::Init init KStasticFluxCacheMgr Failed"));
return E_FAIL;
}
}
__int64 nTimeNow = ATL::CTime::GetCurrentTime().GetTime();
KStasticFluxProcessList* pList = m_pCacheMgr->GetStasticFluxList();
if (!pList) return E_FAIL;
if (nTimeNow >= pList->m_nTimeTodayLastTime || nTimeNow < pList->m_nTimeTodayStart)
ResetToday(nTimeNow);
else
{
// 从当天的缓存中读取
m_nTimeStartWatch = nTimeNow;
m_nTimeLastWatch = pList->m_nTimeWatch;
if (m_nTimeLastWatch < 0)
m_nTimeLastWatch = 0;
m_nTimeTodayStartTime = pList->m_nTimeTodayStart;
m_nTimeTodayLastTime = pList->m_nTimeTodayLastTime;
ULONGLONG nTotalTodayRecv = 0;
ULONGLONG nTotalTodaySend = 0;
for (DWORD i = 0; i < pList->m_nCurrentCnt; i++)
{
KStasticProgramFlux* pFlux = new KStasticProgramFlux;
if (SUCCEEDED(pFlux->Init(&(pList->m_Items[i]))))
{
BOOL bFind = FALSE;
for (size_t nIndex = 0 ; nIndex < m_todayPrograms.size(); nIndex++)
{
if (m_todayPrograms[nIndex]->IsMatch(pFlux))
{
bFind = TRUE;
break;
}
}
if (!bFind)
{
kws_log(TEXT("KFluxStastic init add program: %s"), pFlux->GetProgramePath());
nTotalTodayRecv += pFlux->m_nTotalRecv;
nTotalTodaySend += pFlux->m_nTotalSend;
m_todayPrograms.push_back(pFlux);
}
}
else
{
delete pFlux;
pFlux = NULL;
}
}
m_nFluxRecv = nTotalTodayRecv;
m_nFluxSend = nTotalTodaySend;
/*
m_nFluxRecv = pList->m_nTotalRecv;
if (m_nFluxRecv > ((ULONGLONG)1 << 40))
{
LARGE_INTEGER i;
i.QuadPart = m_nFluxRecv;
kws_log(TEXT("find data not ok at KFluxStastic::init: %d:%d"), i.HighPart, i.LowPart);
m_nFluxRecv = nTotalTodayRecv;
}
if (m_nFluxRecv < nTotalTodayRecv)
m_nFluxRecv = nTotalTodayRecv;
m_nFluxSend = pList->m_nTotalSend;
if (m_nFluxSend > ((ULONGLONG)1 << 40))
{
LARGE_INTEGER i;
i.QuadPart = m_nFluxSend;
kws_log(TEXT("find data not ok at KFluxStastic::init: %d:%d"), i.HighPart, i.LowPart);
m_nFluxSend = nTotalTodaySend;
}
if (m_nFluxSend < nTotalTodaySend)
m_nFluxSend = nTotalTodaySend;*/
}
return S_OK;
}
HRESULT KTdiDriverProxy::Init(KProcessInfoMgr* pProcessMgr, KModuleMgr* pModuleMgr, KUrlMonCfg* pUrlCfgMon)
{
kws_log(TEXT("KTdiDriverProxy::Init begin"));
m_pProcessMgr = pProcessMgr;
m_pModuleMgr = pModuleMgr;
m_pUrlCfgMon = pUrlCfgMon;
// 启动驱动,如果发现没有安装,那么自动安装驱动,并且启动驱动
if ( !LoadInterface(CLSID_IFwProxyImp, (VOID**)&m_pFwProxy) )
{
kws_log(TEXT("KTdiDriverProxy::Init LoadInterface failed"));
return E_FAIL;
}
CheckMustUnLoadDriver();
CheckDumpFile();
if ( m_pFwProxy->Initialize( this ) != S_OK )
{
kws_log(TEXT("KTdiDriverProxy::Init Initialize driver failed 1"));
if (!m_pFwProxy->TestCanLoad())
{
kws_log(TEXT("KTdiDriverProxy::Init find driver cannot load"));
return E_FAIL;
}
if ( !StartDriverSvr(TDI_FILTER_DRIVER) )
{
kws_log(TEXT("KTdiDriverProxy::Init start driver failed prepare to install driver "));
// 如果发现驱动不存子尝试安装驱动
if (!InstallDriverSvr(ENABLE_TCP | ENABLE_UDP | ENABLE_PROCESS_TRAFFIC,
REQUEST_DOWNLOAD_PE))
return E_FAIL;
// 尝试再启动驱动
CheckMustUnLoadDriver();
if (!m_pFwProxy->TestCanLoad())
{
kws_log(TEXT("KTdiDriverProxy::Init find driver cannot load"));
return E_FAIL;
}
if ( !StartDriverSvr(TDI_FILTER_DRIVER) )
{
kws_log(TEXT("KTdiDriverProxy::Init start driver failed 2"));
return E_FAIL;
}
}
CheckMustUnLoadDriver();
if (FAILED(m_pFwProxy->Initialize(this)))
{
kws_log(TEXT("KTdiDriverProxy::Init Initialize driver failed 2"));
return E_FAIL;
}
}
m_pFwProxy->EnableFirewall();
m_pFwProxy->SetRequestFlag(REQUEST_TRUST_URL | REQUEST_DOWNLOAD_PE | REQUEST_LOOP_BACK_IP | ENABLE_TRAFFIC_CONTRL);
m_hEventInit = ::CreateEvent(NULL, TRUE, TRUE, NULL);
kws_log(TEXT("KTdiDriverProxy::Init end success"));
return S_OK;
}
