void KUrlMonService::ClearDumpStateAndStartUp() { if (!m_pProxy && m_pProcessMgr) { m_pProxy = new KTdiDriverProxy; m_pProxy->DoCheckForceDisableTDI(); m_pProxy->ClearDumpState(); if (FAILED(m_pProxy->Init(m_pProcessMgr, m_pModuleMgr, m_pUrlMgr->GetCfg()))) { kws_log(TEXT("KUrlMonService::ClearDumpStateAndStartUp failed to init KTdiDriverProxy")); delete m_pProxy; m_pProxy = NULL; } } if (!m_pFluxMgr && m_pProxy && m_pProcessMgr && m_pModuleMgr) { m_pFluxMgr = new KNetFluxMgr; if (FAILED(m_pFluxMgr->Init(m_pProxy->GetDriverProxy(), m_pProcessMgr, m_pModuleMgr, m_pUrlMgr->GetCfg()))) { kws_log(TEXT("KUrlMonService::ClearDumpStateAndStartUp failed to init fluxmgr")); delete m_pFluxMgr; m_pFluxMgr = NULL; } } }
BOOL KTdiDriverProxy::InstallDriverSvr(DWORD dwEnable, DWORD dwRequest) { ULONG status = E_FAIL; IFwInstaller *FwInstaller = NULL; if( LoadInterface(__uuidof(IFwInstaller), (VOID**)&FwInstaller) ) { // 安装前先卸载 status = FwInstaller->UnInstall(); if (status != S_OK) { kws_log(TEXT("KTdiDriverProxy::InstallDriverSvr uninstall driver failed")); } status = FwInstaller->Install(); if( status == S_OK ) { FwInstaller->SetConfig( dwEnable, dwRequest ); } else { kws_log(TEXT("KTdiDriverProxy::InstallDriverSvr install failed:%08x"), status); } } else { kws_log(TEXT("KTdiDriverProxy::InstallDriverSvr 无法获取安装接口")); } kws_log(TEXT("%s:%08X"), status == S_OK ? "安装成功" : "安装失败", status ); if( FwInstaller != NULL ) FwInstaller->Release(); return status == S_OK; }
void KProcessInfo::AddImageToList(KProcImage* pImage, ULONGLONG nLoadTime) { // 按照时间顺序插入列表中 if (nLoadTime >= m_nLastImageLoadTime) { m_ModuleList.push_back(pImage); m_nLastImageLoadTime = nLoadTime; } else { BOOL bFind = FALSE; vector<KProcImage*>::iterator it = m_ModuleList.begin(); while (it != m_ModuleList.end()) { KProcImage* pImage1 = *it; if (pImage1->IsLaterThan(pImage)) { m_ModuleList.insert(it, pImage); bFind = TRUE; break; } it++; } if (!bFind) { kws_log(TEXT("KProcessInfo::AddImageToList find a image load time error")); m_ModuleList.push_back(pImage); } } }
HRESULT KProcessPerfMgr::Init() { if (!m_pNameMgr) { m_pNameMgr = new KPerfNameMgr; if (!m_pNameMgr) return E_FAIL; } if (!m_PerfData) { m_nPerfDataSize = TOTALBYTES; m_PerfData = (PPERF_DATA_BLOCK) new BYTE[m_nPerfDataSize]; if (!m_PerfData) return E_FAIL; } if (!m_pCacheMgr) { WCHAR bufPath[MAX_PATH] = {0}; ::GetModuleFileName(NULL, bufPath, MAX_PATH); ::PathRemoveFileSpecW(bufPath); ::PathAppend(bufPath, TEXT("procperf.dat")); m_pCacheMgr = new KProcessPerfCacheMgr; if (FAILED(m_pCacheMgr->Init(bufPath, PROC_PERF_MON_MAPDATA_NAME))) { delete m_pCacheMgr; m_pCacheMgr = NULL; kws_log(TEXT("KProcessPerfMgr::Init init KProcessPerfCacheMgr Failed")); return E_FAIL; } } return S_OK; }
DWORD KUrlMonService::DoUpdateCfg() { kws_log(TEXT("KNetFluxMgr::DoUpdateCfg start")); m_bUpdateThreadWorking = TRUE; try { while (1) { DWORD nWaitRes = ::WaitForSingleObject(m_hThreadExit, 1000 * 60 * 10); switch (nWaitRes) { case WAIT_TIMEOUT: UpdateCfg(); break; case WAIT_OBJECT_0: goto exit0; break; default: goto exit0; break; } } } catch (...) { } exit0: m_bUpdateThreadWorking = FALSE; return 0; }
BOOL KStasticFluxCacheMgr::VerifyFluxListData(KStasticFluxProcessList* pData) { if (pData->m_nSize != sizeof(KStasticFluxProcessList)) { kws_log(TEXT("flux data size is not equal")); return FALSE; } return TRUE; }
BOOL KProcessPerfCacheMgr::VerifyPerfListData(KPocessPerfList* pData) { if (pData->m_nSize != sizeof(KPocessPerfList)) { kws_log(TEXT("flux data size is not equal")); return FALSE; } return TRUE; }
BOOL KStasticFluxCacheMgr::VerifyCacheFile(BYTE* pData, DWORD nFileSize) { if (nFileSize < GetDataSize()) { kws_log(TEXT("file size smaller than data size")); return FALSE; } if (IsBadReadPtr(pData, nFileSize)) { kws_log(TEXT("map data can not read filesize:%d"), nFileSize); return FALSE; } NetFluxStasticCacheFileHeader* pFileHeader = (NetFluxStasticCacheFileHeader*)pData; if (pFileHeader->m_nMagic != NET_FLEX_STASTIC_FILE_MAGIC) { kws_log(TEXT("file magic is not equal")); return FALSE; } if (pFileHeader->m_nFileVersion != NET_FLEX_STASTIC_FILE_FILE) { kws_log(TEXT("file version error")); return FALSE; } if (nFileSize < sizeof(NetFluxStasticCacheFileHeader)) return FALSE; if (pFileHeader->m_nDataDirs > 20) { kws_log(TEXT("data dir too many")); return FALSE; } if (pFileHeader->m_nDataDirs >= 1) { if (!VerifyFluxListData((KStasticFluxProcessList*)(pData + pFileHeader->m_nDataOffset[0]))) return FALSE; } return TRUE; }
BOOL KProcessPerfCacheMgr::VerifyCacheFile(BYTE* pData, DWORD nFileSize) { if (nFileSize < GetDataSize()) { kws_log(TEXT("file size smaller than data size")); return FALSE; } if (IsBadReadPtr(pData, nFileSize)) { kws_log(TEXT("map data can not read filesize:%d"), nFileSize); return FALSE; } ProcPerfMonCacheFileHeader* pFileHeader = (ProcPerfMonCacheFileHeader*)pData; if (pFileHeader->m_nMagic != PROC_PERF_MON_FILE_MAGIC) { kws_log(TEXT("file magic is not equal")); return FALSE; } if (pFileHeader->m_nFileVersion != PROC_PERF_MON_FILE_FILE) { kws_log(TEXT("file version error")); return FALSE; } if (nFileSize < sizeof(ProcPerfMonCacheFileHeader)) return FALSE; if (pFileHeader->m_nDataDirs > 20) { kws_log(TEXT("data dir too many")); return FALSE; } if (pFileHeader->m_nDataDirs >= 1) { if (!VerifyPerfListData((KPocessPerfList*)(pData + pFileHeader->m_nDataOffset[0]))) return FALSE; } return TRUE; }
HRESULT KStasticProgramFlux::Init(KFluxStasticProcItem* pItem) { m_strProgramPath = pItem->m_strProcPath; if (m_strProgramPath.GetLength() == 0) return E_FAIL; m_nTotalRecv = pItem->m_nTotalRecv; m_nTotalSend = pItem->m_nTotalSend; kws_log(TEXT("KStasticProgramFlux init: recv: %*I64d, send:%*I64d, %s"), 20, m_nTotalRecv, 20, m_nTotalSend, (LPCWSTR)m_strProgramPath); return S_OK; }
HRESULT KProcessPerfCacheMgr::Init(LPCWSTR strCacheFile, LPCWSTR urlMapName) { m_strCacheFile = strCacheFile; m_strUrlMapName = urlMapName; if (!OpenCacheFile()) { if (!CreateCacheFile()) { kws_log(TEXT("KProcessPerfCacheMgr::Init try create cache file")); return E_FAIL; } if (!OpenCacheFile()) { kws_log(TEXT("KProcessPerfCacheMgr::Init try open cache file 2 failed")); return E_FAIL; } } kws_log(TEXT("KProcessPerfCacheMgr::Init sucess")); return S_OK; }
HRESULT KFluxStastic::UpdateFlux(KProcessFluxList* pFluxList, __int64 nDisableTime) { ATL::CTime nTimeNow; nTimeNow = ATL::CTime::GetCurrentTime(); if (nTimeNow.GetTime() >= m_nTimeTodayLastTime || nTimeNow.GetTime() < m_nTimeTodayStartTime ) ResetToday(nTimeNow.GetTime()); pFluxList->m_lock.LockRead(); if (pFluxList->m_SysFlux.nRecvSpeed > pFluxList->m_SysFlux.nRecvSpeedLocal) { m_nFluxRecv += pFluxList->m_SysFlux.nRecvSpeed - pFluxList->m_SysFlux.nRecvSpeedLocal; if (m_nFluxRecv > ((ULONGLONG)1 << 40)) { LARGE_INTEGER i; i.QuadPart = m_nFluxRecv; kws_log(TEXT("find data not ok at KFluxStastic::UpdateFlux: %u:%u"), i.HighPart, i.LowPart); } } if (pFluxList->m_SysFlux.nSendSpeed > pFluxList->m_SysFlux.nSendSpeedLocal) { m_nFluxSend += pFluxList->m_SysFlux.nSendSpeed - pFluxList->m_SysFlux.nSendSpeedLocal; if (m_nFluxSend > ((ULONGLONG)1 << 40)) { LARGE_INTEGER i; i.QuadPart = m_nFluxSend; kws_log(TEXT("find data not ok at KFluxStastic::UpdateFlux: %u:%u"), i.HighPart, i.LowPart); } } for (DWORD i = 0; i < pFluxList->m_nCurrentCnt; i++) { KStasticProgramFlux* pFlux = GetStasticFlux(&(pFluxList->m_Items[i])); if (pFlux) pFlux->UpdateData(&(pFluxList->m_Items[i])); } pFluxList->m_lock.UnLockRead(); RefreshToCache(nTimeNow.GetTime(), nDisableTime); return S_OK; }
BOOL KProcessPerfCacheMgr::VerifyCacheFile(HANDLE hFile) { BOOL bRes = FALSE; HANDLE hFileMap = NULL; hFileMap = ::CreateFileMapping(hFile, NULL, PAGE_READWRITE | SEC_COMMIT, 0, ::GetFileSize(hFile, NULL), NULL); if (NULL == hFileMap) { kws_log(TEXT("CreateFileMapping failed: %d"), ::GetLastError()); goto exit0; } DWORD nFileSize = ::GetFileSize(hFile, NULL); BYTE* pMapBuf = (BYTE*)::MapViewOfFile(hFileMap, FILE_MAP_READ | FILE_MAP_WRITE, 0, 0, 0); if (!VerifyCacheFile(pMapBuf, nFileSize)) { kws_log(TEXT("VerifyCacheFile failed")); goto exit0; } bRes = InitMapData(pMapBuf, nFileSize); exit0: if (pMapBuf) { UnmapViewOfFile(pMapBuf); pMapBuf = NULL; } if (hFileMap) { ::CloseHandle(hFileMap); hFileMap = NULL; } return bRes; }
HRESULT KStasticFluxCacheMgr::UnInit() { kws_log(TEXT("KStasticFluxCacheMgr::UnInit")); FlushToDisk(); if (m_pData && m_hFileMap) { ::UnmapViewOfFile(m_pData); m_pData = NULL; } if (m_hFileMap) { ::CloseHandle(m_hFileMap); m_hFileMap = NULL; } if (m_hFile) { ::CloseHandle(m_hFile); m_hFile = NULL; } return S_OK; }
BOOL KProcessPerfCacheMgr::OpenCacheFile() { BOOL bRes = FALSE; HANDLE hFile = NULL; kws_log(TEXT("KProcessPerfCacheMgr::OpenCacheFile begin")); DWORD nWriteSize = 0; HANDLE hFileMap = NULL; BYTE* pMapBuf = NULL; KSecurityDesAcessByAnyone secByAny; hFile = ::CreateFile(m_strCacheFile, GENERIC_READ | GENERIC_WRITE, 0, //FILE_SHARE_READ|FILE_SHARE_WRITE, secByAny, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL); if (hFile == INVALID_HANDLE_VALUE) { kws_log(TEXT("create file error :%d: %s"), ::GetLastError(), (LPCWSTR)m_strCacheFile); goto exit0; } if (!VerifyCacheFile(hFile)) { kws_log(TEXT("VerifyCacheFile failed:")); goto exit0; } hFileMap = ::CreateFileMapping(hFile, secByAny, PAGE_READWRITE | SEC_COMMIT, 0, ::GetFileSize(hFile, NULL), m_strUrlMapName); if (NULL == hFileMap) { kws_log(TEXT("CreateFileMapping failed: %d"), ::GetLastError()); goto exit0; } pMapBuf = (BYTE*)::MapViewOfFile(hFileMap, FILE_MAP_READ | FILE_MAP_WRITE, 0, 0, 0); m_hFile = hFile; m_hFileMap = hFileMap; m_pData = pMapBuf; SetObjectToLowIntegrity(m_hFile); SetObjectToLowIntegrity(m_hFileMap); kws_log(TEXT("KProcessPerfCacheMgr::OpenCacheFile end sucess")); return TRUE; exit0: if (pMapBuf) { UnmapViewOfFile(pMapBuf); pMapBuf = NULL; } if (hFileMap) { ::CloseHandle(hFileMap); hFileMap = NULL; } if (hFile) { ::CloseHandle(hFile); hFile = NULL; } return FALSE; }
HRESULT KUrlMonService::_Initialize() { kws_log(TEXT("KUrlMonService::Initialize begin")); if (!m_pUrlMgr) { m_pUrlMgr = new KUrlCacheMgr; if (FAILED(m_pUrlMgr->Init())) { kws_log(TEXT("KUrlMonService::Initialize failed to init KUrlCacheMgr")); delete m_pUrlMgr; m_pUrlMgr = NULL; } if (!m_pUrlMgr->GetCfg()) { kws_log(TEXT("KUrlMonService::Initialize failed to get cfg")); m_pUrlMgr->UnInit(); delete m_pUrlMgr; m_pUrlMgr = NULL; } } if (!m_pModuleMgr && m_pUrlMgr) { m_pModuleMgr = new KModuleMgr; if (m_pModuleMgr && FAILED(m_pModuleMgr->Init(m_pUrlMgr->GetCfg()))) { kws_log(TEXT("KUrlMonService::Initialize failed to init KModuleMgr")); delete m_pModuleMgr; m_pModuleMgr = NULL; } } if (!m_pProcessMgr && m_pModuleMgr && m_pUrlMgr) { m_pProcessMgr = new KProcessInfoMgr; if (m_pProcessMgr&& FAILED(m_pProcessMgr->Init(m_pModuleMgr, m_pUrlMgr))) { kws_log(TEXT("KUrlMonService::Initialize failed to init KProcessInfoMgr")); delete m_pProcessMgr; m_pProcessMgr = NULL; } } if (!m_pProxy && m_pProcessMgr) { m_pProxy = new KTdiDriverProxy; if (m_pProxy && FAILED(m_pProxy->Init(m_pProcessMgr, m_pModuleMgr, m_pUrlMgr->GetCfg()))) { kws_log(TEXT("KUrlMonService::Initialize failed to init KTdiDriverProxy")); delete m_pProxy; m_pProxy = NULL; } } if (!m_pFluxMgr && m_pProxy && m_pProcessMgr && m_pModuleMgr) { m_pFluxMgr = new KNetFluxMgr; if (m_pFluxMgr && FAILED(m_pFluxMgr->Init(m_pProxy->GetDriverProxy(), m_pProcessMgr, m_pModuleMgr, m_pUrlMgr->GetCfg()))) { kws_log(TEXT("KUrlMonService::Initialize failed to init fluxmgr")); delete m_pFluxMgr; m_pFluxMgr = NULL; } } if (!m_pIpcServer) { m_pIpcServer = new IPCServer; m_pIpcServer->AddCall(IPC_PROC_URLMON, KUrlMonService::OnUrlMonIpc); m_pIpcServer->Start(); } s_UrlMonService = this; kws_log(TEXT("KUrlMonService::Initialize end")); return S_OK; }
HRESULT KFluxStastic::Init() { if (!m_pCacheMgr) { WCHAR bufPath[MAX_PATH] = {0}; ::GetModuleFileName(NULL, bufPath, MAX_PATH); ::PathRemoveFileSpecW(bufPath); ::PathAppend(bufPath, TEXT("fluxstastic.dat")); m_pCacheMgr = new KStasticFluxCacheMgr; if (FAILED(m_pCacheMgr->Init(bufPath, NET_FLUX_STASTIC_MAPDATA_NAME))) { delete m_pCacheMgr; m_pCacheMgr = NULL; kws_log(TEXT("KFluxStastic::Init init KStasticFluxCacheMgr Failed")); return E_FAIL; } } __int64 nTimeNow = ATL::CTime::GetCurrentTime().GetTime(); KStasticFluxProcessList* pList = m_pCacheMgr->GetStasticFluxList(); if (!pList) return E_FAIL; if (nTimeNow >= pList->m_nTimeTodayLastTime || nTimeNow < pList->m_nTimeTodayStart) ResetToday(nTimeNow); else { // 从当天的缓存中读取 m_nTimeStartWatch = nTimeNow; m_nTimeLastWatch = pList->m_nTimeWatch; if (m_nTimeLastWatch < 0) m_nTimeLastWatch = 0; m_nTimeTodayStartTime = pList->m_nTimeTodayStart; m_nTimeTodayLastTime = pList->m_nTimeTodayLastTime; ULONGLONG nTotalTodayRecv = 0; ULONGLONG nTotalTodaySend = 0; for (DWORD i = 0; i < pList->m_nCurrentCnt; i++) { KStasticProgramFlux* pFlux = new KStasticProgramFlux; if (SUCCEEDED(pFlux->Init(&(pList->m_Items[i])))) { BOOL bFind = FALSE; for (size_t nIndex = 0 ; nIndex < m_todayPrograms.size(); nIndex++) { if (m_todayPrograms[nIndex]->IsMatch(pFlux)) { bFind = TRUE; break; } } if (!bFind) { kws_log(TEXT("KFluxStastic init add program: %s"), pFlux->GetProgramePath()); nTotalTodayRecv += pFlux->m_nTotalRecv; nTotalTodaySend += pFlux->m_nTotalSend; m_todayPrograms.push_back(pFlux); } } else { delete pFlux; pFlux = NULL; } } m_nFluxRecv = nTotalTodayRecv; m_nFluxSend = nTotalTodaySend; /* m_nFluxRecv = pList->m_nTotalRecv; if (m_nFluxRecv > ((ULONGLONG)1 << 40)) { LARGE_INTEGER i; i.QuadPart = m_nFluxRecv; kws_log(TEXT("find data not ok at KFluxStastic::init: %d:%d"), i.HighPart, i.LowPart); m_nFluxRecv = nTotalTodayRecv; } if (m_nFluxRecv < nTotalTodayRecv) m_nFluxRecv = nTotalTodayRecv; m_nFluxSend = pList->m_nTotalSend; if (m_nFluxSend > ((ULONGLONG)1 << 40)) { LARGE_INTEGER i; i.QuadPart = m_nFluxSend; kws_log(TEXT("find data not ok at KFluxStastic::init: %d:%d"), i.HighPart, i.LowPart); m_nFluxSend = nTotalTodaySend; } if (m_nFluxSend < nTotalTodaySend) m_nFluxSend = nTotalTodaySend;*/ } return S_OK; }
HRESULT KTdiDriverProxy::Init(KProcessInfoMgr* pProcessMgr, KModuleMgr* pModuleMgr, KUrlMonCfg* pUrlCfgMon) { kws_log(TEXT("KTdiDriverProxy::Init begin")); m_pProcessMgr = pProcessMgr; m_pModuleMgr = pModuleMgr; m_pUrlCfgMon = pUrlCfgMon; // 启动驱动,如果发现没有安装,那么自动安装驱动,并且启动驱动 if ( !LoadInterface(CLSID_IFwProxyImp, (VOID**)&m_pFwProxy) ) { kws_log(TEXT("KTdiDriverProxy::Init LoadInterface failed")); return E_FAIL; } CheckMustUnLoadDriver(); CheckDumpFile(); if ( m_pFwProxy->Initialize( this ) != S_OK ) { kws_log(TEXT("KTdiDriverProxy::Init Initialize driver failed 1")); if (!m_pFwProxy->TestCanLoad()) { kws_log(TEXT("KTdiDriverProxy::Init find driver cannot load")); return E_FAIL; } if ( !StartDriverSvr(TDI_FILTER_DRIVER) ) { kws_log(TEXT("KTdiDriverProxy::Init start driver failed prepare to install driver ")); // 如果发现驱动不存子尝试安装驱动 if (!InstallDriverSvr(ENABLE_TCP | ENABLE_UDP | ENABLE_PROCESS_TRAFFIC, REQUEST_DOWNLOAD_PE)) return E_FAIL; // 尝试再启动驱动 CheckMustUnLoadDriver(); if (!m_pFwProxy->TestCanLoad()) { kws_log(TEXT("KTdiDriverProxy::Init find driver cannot load")); return E_FAIL; } if ( !StartDriverSvr(TDI_FILTER_DRIVER) ) { kws_log(TEXT("KTdiDriverProxy::Init start driver failed 2")); return E_FAIL; } } CheckMustUnLoadDriver(); if (FAILED(m_pFwProxy->Initialize(this))) { kws_log(TEXT("KTdiDriverProxy::Init Initialize driver failed 2")); return E_FAIL; } } m_pFwProxy->EnableFirewall(); m_pFwProxy->SetRequestFlag(REQUEST_TRUST_URL | REQUEST_DOWNLOAD_PE | REQUEST_LOOP_BACK_IP | ENABLE_TRAFFIC_CONTRL); m_hEventInit = ::CreateEvent(NULL, TRUE, TRUE, NULL); kws_log(TEXT("KTdiDriverProxy::Init end success")); return S_OK; }