char * next_token_sep(char *start, SIZE_T *len, char sep) { char *curtok = start; char seps[16]; _snprintf(seps, 16, "%c\r\n", sep); DO_ASSERT(start != NULL); DO_ASSERT(len != NULL); *len = 0; if (start == NULL) return NULL; /* special case: '=' followed by a newline */ if (start[0] == sep && (start[1] == '\r' || start[1] == '\n')) { curtok += 1; return curtok; } /* determine the next token */ while (curtok[0] != '\0' && *len == 0) { *len = strcspn(curtok, seps); if (*len == 0) curtok = curtok + strspn(curtok, seps); } return curtok; }
/* assumes that start points directly after the start_delimeter * returns the size of the message block, or -1 on error */ char * get_message_block_size(char *start, WCHAR *end_delimiter_w, SIZE_T *size) { char *endptr; char end_delimiter[MAX_PATH]; DO_ASSERT(start != NULL); DO_ASSERT(end_delimiter_w != NULL); DO_ASSERT(size != NULL); _snprintf(end_delimiter, MAX_PATH, "%S", end_delimiter_w); endptr = strstr(start, end_delimiter); if (endptr == NULL) { DO_DEBUG(DL_WARN, printf("No %s end delimiter!\n", end_delimiter););
/* For a MSG_SEC_FORENSICS eventlog record, returns the filename of the forensics file * generated. */ const WCHAR * get_forensics_filename(EVENTLOGRECORD *pevlr) { DO_ASSERT(pevlr != NULL && pevlr->EventID == MSG_SEC_FORENSICS); /* forensics file pathname will be third string */ return next_message_string(next_message_string(get_message_strings(pevlr))); }
int main() { set_debuglevel(DL_INFO); set_abortlevel(DL_WARN); /* FIXME: wrapper testing (but may not be necessary...) */ DO_ASSERT(get_eventlog_monitor_thread_handle() == NULL); CHECKED_OPERATION(clear_policy()); DO_ASSERT(!is_any_process_pending_restart()); printf("All Test Passed\n"); return 0; }
void CCBuffer::writeData(const char* p_data, unsigned int u_len) { DO_ASSERT(LQ(p_data, LD(u_len,0)), "LQ(p_data, LD(u_len,0))"); _reallocBufferSizeInChanged(u_len); memcpy(CA(_p_buffer, _u_write_pos), p_data, u_len); AA(_u_write_pos, u_len); MAXA(_u_content_size, _u_write_pos); }
UINT get_event_pid(EVENTLOGRECORD *pevlr) { DO_ASSERT(pevlr != NULL); /* PID is always the second msg string */ return (UINT) _wtoi(next_message_string(get_message_strings(pevlr))); }
std::string CCBuffer::readString(unsigned int u_len) { DO_ASSERT(LD(u_len, 0), "LD(u_len, 0)"); std::string str; DO_ASSIGN(char* p_data, (char*)malloc(CA(u_len, 1))); readData(p_data, u_len); DO_ASSIGN(p_data[u_len], 0); str.assign(p_data); CC_SAFE_FREE(p_data); return str; }
const WCHAR * get_event_threatid(EVENTLOGRECORD *pevlr) { DO_ASSERT(pevlr != NULL); /* The Threat ID, if available, is always the 3rd parameter. */ if (is_violation_event(pevlr->EventID)) { return next_message_string(next_message_string(get_message_strings(pevlr))); } else { return NULL; } }
CCBuffer::CCBuffer(const char* p_data, unsigned int u_len) : _p_buffer(NULL) , _u_read_pos(0) , _u_mark_pos(0) { DO_ASSERT(p_data && LD(u_len, 0), "p_data && u_len > 0"); DO_ASSIGN(_u_buffer_size, u_len); DO_ASSIGN(_u_write_pos, u_len); DO_ASSIGN(_u_content_size, u_len); DO_ASSIGN(_p_buffer, (char*) malloc(u_len)); memcpy(_p_buffer, p_data, u_len); }
void CCBuffer::moveLeft(unsigned int u_len) { BEGIN_IF(LE(_u_content_size, 0)) DO_RETURN; END_IF DO_ASSERT(LNE(u_len, 0), "LNE(u_len, 0)"); BEGIN_IF(LDE(u_len, _u_content_size)) clear(); BEGIN_ELSE BEGIN_FOR(DO_ASSIGN(unsigned int i, u_len), LX(i, _u_content_size), AAI(i)) DO_ASSIGN(QV(CA(_p_buffer, CS(i, u_len))), QV(CA(_p_buffer, i))); DO_ASSIGN(QV(CA(_p_buffer, i)), 0); END_FOR DO_ASSIGN(_u_write_pos, TO_UINT(MAX(0, CS(TO_INT(_u_write_pos), TO_INT(u_len))))); DO_ASSIGN(_u_read_pos, TO_UINT(MAX(0, CS(TO_INT(_u_read_pos), TO_INT(u_len))))); DO_ASSIGN(_u_mark_pos, TO_UINT(MAX(0, CS(TO_INT(_u_mark_pos), TO_INT(u_len))))); DO_ASSIGN(_u_content_size, CS(_u_content_size, u_len)); END_IF }
DWORD read_hotp_status(const HANDLE hproc, const void *table_ptr, hotp_policy_status_table_t **hotp_status) { UINT crc_and_size[2]; UINT crc, size; DWORD len; DO_ASSERT(table_ptr != NULL); /* first, read the size and crc */ if (!ReadProcessMemory(hproc, table_ptr, &crc_and_size, sizeof(crc_and_size), &len) || len != sizeof(crc_and_size)) { return GetLastError(); } /* see drmarker.h: crc is 1st uint, size is 2nd */ DO_ASSERT(0 == offsetof(hotp_policy_status_table_t, crc)); DO_ASSERT(sizeof(UINT) == offsetof(hotp_policy_status_table_t, size)); crc = crc_and_size[0]; size = crc_and_size[1]; /* allocate *hotp_status */ *hotp_status = (hotp_policy_status_table_t *) malloc(size); /* read size bytes into *hotp_status */ if (!ReadProcessMemory(hproc, table_ptr, *hotp_status, size, &len) || len != size) { free(*hotp_status); *hotp_status = NULL; return GetLastError(); } #if 0 /* FIXME: crc32 is not defined where share/ can get at it, * and we may be changing it anyway (case 5346) -- so just * don't do a check for now. */ /* verify crc: crc starts at size elt, see globals_shared.h */ if ((*hotp_status)->crc != crc32((char *)*hotp_status + sizeof(UINT), size - sizeof(UINT))) { free(*hotp_status); *hotp_status = NULL; return ERROR_DRMARKER_ERROR; } #endif /* need to fixup internal pointer to our address space! */ (*hotp_status)->policy_status_array = (hotp_policy_status_t *) ((char *) &((*hotp_status)->policy_status_array) + sizeof(void *)); DO_DEBUG(DL_VERB, printf("np = %d\n", (*hotp_status)->num_policies); { UINT i; for (i = 0; i < (*hotp_status)->num_policies; i++) printf(" patch %s, status=%d\n", (*hotp_status)->policy_status_array[i].policy_id, (*hotp_status)->policy_status_array[i].inject_status); } );
void CCBuffer::writeLengthAndString(const char* p_data) { DO_ASSERT(LQ(p_data, LD(strlen(p_data), 0)), "p_data, LD(strlen(p_data), 0)"); writeInt(strlen(p_data)); writeString(p_data); }
void CCBuffer::writeString(const char* p_data) { DO_ASSERT(LQ(p_data, LD(strlen(p_data), 0)), "p_data, LD(strlen(p_data), 0)"); writeData(p_data, strlen(p_data)); }
void CCBuffer::setWriterIndex(unsigned int u_pos) { DO_ASSERT(LXE(u_pos, _u_content_size), "LXE(u_pos, _u_content_size)"); DO_ASSIGN(_u_write_pos, u_pos); }
void Buffer::setReaderIndex(unsigned int u_pos) { DO_ASSERT(LXE(u_pos, _u_content_size), "LXE(u_pos, _u_content_size)"); DO_ASSIGN(_u_read_pos, u_pos); }