char *
next_token_sep(char *start, SIZE_T *len, char sep)
{
char *curtok = start;
char seps[16];
_snprintf(seps, 16, "%c\r\n", sep);
DO_ASSERT(start != NULL);
DO_ASSERT(len != NULL);
*len = 0;
if (start == NULL)
return NULL;
/* special case: '=' followed by a newline */
if (start[0] == sep && (start[1] == '\r' || start[1] == '\n')) {
curtok += 1;
return curtok;
}
/* determine the next token */
while (curtok[0] != '\0' && *len == 0) {
*len = strcspn(curtok, seps);
if (*len == 0)
curtok = curtok + strspn(curtok, seps);
}
return curtok;
}
/* assumes that start points directly after the start_delimeter
* returns the size of the message block, or -1 on error */
char *
get_message_block_size(char *start, WCHAR *end_delimiter_w, SIZE_T *size)
{
char *endptr;
char end_delimiter[MAX_PATH];
DO_ASSERT(start != NULL);
DO_ASSERT(end_delimiter_w != NULL);
DO_ASSERT(size != NULL);
_snprintf(end_delimiter, MAX_PATH, "%S", end_delimiter_w);
endptr = strstr(start, end_delimiter);
if (endptr == NULL) {
DO_DEBUG(DL_WARN, printf("No %s end delimiter!\n", end_delimiter););
/* For a MSG_SEC_FORENSICS eventlog record, returns the filename of the forensics file
* generated. */
const WCHAR *
get_forensics_filename(EVENTLOGRECORD *pevlr)
{
DO_ASSERT(pevlr != NULL && pevlr->EventID == MSG_SEC_FORENSICS);
/* forensics file pathname will be third string */
return next_message_string(next_message_string(get_message_strings(pevlr)));
}
int
main()
{
set_debuglevel(DL_INFO);
set_abortlevel(DL_WARN);
/* FIXME: wrapper testing (but may not be necessary...) */
DO_ASSERT(get_eventlog_monitor_thread_handle() == NULL);
CHECKED_OPERATION(clear_policy());
DO_ASSERT(!is_any_process_pending_restart());
printf("All Test Passed\n");
return 0;
}
void CCBuffer::writeData(const char* p_data, unsigned int u_len)
{
DO_ASSERT(LQ(p_data, LD(u_len,0)), "LQ(p_data, LD(u_len,0))");
_reallocBufferSizeInChanged(u_len);
memcpy(CA(_p_buffer, _u_write_pos), p_data, u_len);
AA(_u_write_pos, u_len);
MAXA(_u_content_size, _u_write_pos);
}
UINT
get_event_pid(EVENTLOGRECORD *pevlr)
{
DO_ASSERT(pevlr != NULL);
/* PID is always the second msg string */
return (UINT) _wtoi(next_message_string(get_message_strings(pevlr)));
}
std::string CCBuffer::readString(unsigned int u_len)
{
DO_ASSERT(LD(u_len, 0), "LD(u_len, 0)");
std::string str;
DO_ASSIGN(char* p_data, (char*)malloc(CA(u_len, 1)));
readData(p_data, u_len);
DO_ASSIGN(p_data[u_len], 0);
str.assign(p_data);
CC_SAFE_FREE(p_data);
return str;
}
const WCHAR *
get_event_threatid(EVENTLOGRECORD *pevlr)
{
DO_ASSERT(pevlr != NULL);
/* The Threat ID, if available, is always the 3rd parameter. */
if (is_violation_event(pevlr->EventID)) {
return next_message_string(next_message_string(get_message_strings(pevlr)));
}
else {
return NULL;
}
}
CCBuffer::CCBuffer(const char* p_data, unsigned int u_len)
: _p_buffer(NULL)
, _u_read_pos(0)
, _u_mark_pos(0)
{
DO_ASSERT(p_data && LD(u_len, 0), "p_data && u_len > 0");
DO_ASSIGN(_u_buffer_size, u_len);
DO_ASSIGN(_u_write_pos, u_len);
DO_ASSIGN(_u_content_size, u_len);
DO_ASSIGN(_p_buffer, (char*) malloc(u_len));
memcpy(_p_buffer, p_data, u_len);
}
void CCBuffer::moveLeft(unsigned int u_len)
{
BEGIN_IF(LE(_u_content_size, 0))
DO_RETURN;
END_IF
DO_ASSERT(LNE(u_len, 0), "LNE(u_len, 0)");
BEGIN_IF(LDE(u_len, _u_content_size)) clear();
BEGIN_ELSE
BEGIN_FOR(DO_ASSIGN(unsigned int i, u_len), LX(i, _u_content_size), AAI(i))
DO_ASSIGN(QV(CA(_p_buffer, CS(i, u_len))), QV(CA(_p_buffer, i)));
DO_ASSIGN(QV(CA(_p_buffer, i)), 0);
END_FOR
DO_ASSIGN(_u_write_pos, TO_UINT(MAX(0, CS(TO_INT(_u_write_pos), TO_INT(u_len)))));
DO_ASSIGN(_u_read_pos, TO_UINT(MAX(0, CS(TO_INT(_u_read_pos), TO_INT(u_len)))));
DO_ASSIGN(_u_mark_pos, TO_UINT(MAX(0, CS(TO_INT(_u_mark_pos), TO_INT(u_len)))));
DO_ASSIGN(_u_content_size, CS(_u_content_size, u_len));
END_IF
}
DWORD
read_hotp_status(const HANDLE hproc, const void *table_ptr,
hotp_policy_status_table_t **hotp_status)
{
UINT crc_and_size[2];
UINT crc, size;
DWORD len;
DO_ASSERT(table_ptr != NULL);
/* first, read the size and crc */
if (!ReadProcessMemory(hproc, table_ptr, &crc_and_size,
sizeof(crc_and_size), &len) ||
len != sizeof(crc_and_size)) {
return GetLastError();
}
/* see drmarker.h: crc is 1st uint, size is 2nd */
DO_ASSERT(0 == offsetof(hotp_policy_status_table_t, crc));
DO_ASSERT(sizeof(UINT) == offsetof(hotp_policy_status_table_t, size));
crc = crc_and_size[0];
size = crc_and_size[1];
/* allocate *hotp_status */
*hotp_status = (hotp_policy_status_table_t *) malloc(size);
/* read size bytes into *hotp_status */
if (!ReadProcessMemory(hproc, table_ptr, *hotp_status, size, &len) ||
len != size) {
free(*hotp_status);
*hotp_status = NULL;
return GetLastError();
}
#if 0
/* FIXME: crc32 is not defined where share/ can get at it,
* and we may be changing it anyway (case 5346) -- so just
* don't do a check for now. */
/* verify crc: crc starts at size elt, see globals_shared.h */
if ((*hotp_status)->crc !=
crc32((char *)*hotp_status + sizeof(UINT), size - sizeof(UINT))) {
free(*hotp_status);
*hotp_status = NULL;
return ERROR_DRMARKER_ERROR;
}
#endif
/* need to fixup internal pointer to our address space! */
(*hotp_status)->policy_status_array = (hotp_policy_status_t *)
((char *) &((*hotp_status)->policy_status_array) + sizeof(void *));
DO_DEBUG(DL_VERB,
printf("np = %d\n", (*hotp_status)->num_policies);
{
UINT i;
for (i = 0; i < (*hotp_status)->num_policies; i++)
printf(" patch %s, status=%d\n",
(*hotp_status)->policy_status_array[i].policy_id,
(*hotp_status)->policy_status_array[i].inject_status);
}
);
void CCBuffer::writeLengthAndString(const char* p_data)
{
DO_ASSERT(LQ(p_data, LD(strlen(p_data), 0)), "p_data, LD(strlen(p_data), 0)");
writeInt(strlen(p_data));
writeString(p_data);
}
void CCBuffer::writeString(const char* p_data)
{
DO_ASSERT(LQ(p_data, LD(strlen(p_data), 0)), "p_data, LD(strlen(p_data), 0)");
writeData(p_data, strlen(p_data));
}
void CCBuffer::setWriterIndex(unsigned int u_pos)
{
DO_ASSERT(LXE(u_pos, _u_content_size), "LXE(u_pos, _u_content_size)");
DO_ASSIGN(_u_write_pos, u_pos);
}
void Buffer::setReaderIndex(unsigned int u_pos)
{
DO_ASSERT(LXE(u_pos, _u_content_size), "LXE(u_pos, _u_content_size)");
DO_ASSIGN(_u_read_pos, u_pos);
}
