DWORD STDMETHODCALLTYPE CUnkownReport::Run() { HRESULT hr = S_OK; HANDLE hEvent[ 2 ] = { NULL, NULL }; WaitForSingleObject( g_hThread, INFINITE ); if ( !g_bInitFalg ) { CRunTimeLog::WriteLog(WINMOD_LLVL_ERROR, L"[CUnkownReport] Load Engine Failed" ); goto Exit0; } hr = CScanEngineProxy::Instance().BKEngCreateEngine( __uuidof(Skylark::IBKEngUploader), ( void** )&m_spiUploader ); if ( FAILED( hr ) ) { CRunTimeLog::WriteLog(WINMOD_LLVL_ERROR, L"[CUnkownReport] Upload interface create failed" ); goto Exit0; } hr = m_spiUploader->Initialize(); if ( FAILED( hr ) ) { CRunTimeLog::WriteLog(WINMOD_LLVL_ERROR, L"[CUnkownReport] Upload interface initialize failed" ); goto Exit0; } CBkBackupProxy::Instance().BKBackupCreateObject( __uuidof( Skylark::IBKFileBackupFinder ), ( void** )&m_spiBakFinder ); //if (WAIT_TIMEOUT != ::WaitForSingleObject(m_hNotifyStop, UNKNOWN_REPORT_FIRST_WAIT)) // goto Exit0; hEvent[ 0 ] = m_hNotifyStop; hEvent[ 1 ] = m_hNotifyReport; if ( WAIT_OBJECT_0 == ::WaitForMultipleObjects( 2, hEvent, FALSE, UNKNOWN_REPORT_FIRST_WAIT ) ) { goto Exit0; } //BOOL bAutoReport = FALSE; //CSvcSetting::Instance().GetAutoReport( bAutoReport ); if (!m_spiUploader) goto Exit0; CRunTimeLog::WriteLog(WINMOD_LLVL_INFO, L"report thread start ok" ); while( 1 ) { CReportFile rfile; CAtlList<CReportFile> *pReportList = NULL; if (WAIT_TIMEOUT != ::WaitForSingleObject(m_hNotifyStop, UNKNOWN_REPORT_NEXT_WAIT)) goto Exit0; if ( !GetReportFile( rfile, &pReportList ) ) { continue; } hr = S_OK; if ( ( rfile.m_nTrack & FILE_TRACK_QUARANTINE ) ) { CRunTimeLog::WriteLog(WINMOD_LLVL_DEBUG, L"[CUnkownReport] report quarantine %s", rfile.m_strFilePath ); if ( m_spiBackup == ( Skylark::IBKFileBackup* )NULL ) { hr = CBkBackupProxy::Instance().BKBackupCreateObject( __uuidof(Skylark::IBKFileBackup), ( void** )&m_spiBackup); } if ( SUCCEEDED( hr ) ) { Skylark::BKBAK_BACKUP_ID backupID; Skylark::BKENG_INIT( &backupID ); backupID.uBackupID = _wtoi64(rfile.m_strFilePath); Skylark::BKENG_UPLOAD_PARAM uploadParam; Skylark::BKENG_INIT( &uploadParam ); hr = m_spiBackup->UploadBackupFile( &backupID, m_spiUploader, &uploadParam, static_cast<Skylark::IBKProgress*>(this)); if ( SUCCEEDED( hr ) ) { CRunTimeLog::WriteLog(WINMOD_LLVL_DEBUG, L"[CUnkownReport] succeeded to report quarantine %s", rfile.m_strFilePath ); // 备份文件不需要重扫 // 上传成功,从数据库删除 //m_reportFileDB.RemoveFileInfo(rfile); rfile.m_nReportState = enumFileReported; m_reportFileDB.AddFileInfo( rfile ); } else { CRunTimeLog::WriteLog(WINMOD_LLVL_DEBUG, L"[CUnkownReport] failed to report quarantine %s : 0x%x", rfile.m_strFilePath, hr ); // 上传不成功 if ( AtlHresultFromWin32(ERROR_FILE_NOT_FOUND) == hr ) {// 隔离区中已不存在 m_reportFileDB.RemoveFileInfo( rfile ); } else { // 因为已经入库,所以下次重试 if ( rfile.m_nRetry < REPORT_MAX_RETRY_TIMES ) { rfile.m_nRetry++; pReportList->AddTail( rfile ); } else { rfile.m_nReportState = enumFileRetried; m_reportFileDB.AddFileInfo( rfile ); } } } } else { CRunTimeLog::WriteLog(WINMOD_LLVL_DEBUG, L"[CUnkownReport] failed to create IBKFileBackup : 0x%x", hr ); // 创建隔离组件不成功 // 因为已经入库,所以下次重试 } } else { CRunTimeLog::WriteLog(WINMOD_LLVL_DEBUG, L"[CUnkownReport] report file %s", rfile.m_strFilePath ); BOOL bIsReportFile = (rfile.m_nTrack & FILE_TRACK_REPORT_NONPE); Skylark::BKENG_UPLOAD_PARAM uploadParam; Skylark::BKENG_INIT( &uploadParam ); uploadParam.bUploadNonPEFile = bIsReportFile; hr = m_spiUploader->Upload( rfile.m_strFilePath, static_cast<Skylark::IBKProgress*>(this), &uploadParam); if ( SUCCEEDED( hr ) ) { CRunTimeLog::WriteLog(WINMOD_LLVL_DEBUG, L"[CUnkownReport] succeeded to report file %s", rfile.m_strFilePath ); WIN32_FILE_ATTRIBUTE_DATA fdata; // 上传成功,更新数据库,用于重扫 if ( GetFileAttributesEx( rfile.m_strFilePath, GetFileExInfoStandard, &fdata ) ) { rfile.SetCreateTime( fdata.ftLastWriteTime ); GetSystemTimeAsFileTime( &rfile.m_ReportTime ); rfile.m_nReportState = enumFileReported; m_reportFileDB.AddFileInfo( rfile ); } } else { CRunTimeLog::WriteLog(WINMOD_LLVL_DEBUG, L"[CUnkownReport] failed to report file %s : 0x%x", rfile.m_strFilePath, hr ); // 上传不成功 if ( WinMod::CWinPathApi::IsFileExisting( rfile.m_strFilePath ) ) { // 因为已经入库,所以下次重试 if ( rfile.m_nRetry < REPORT_MAX_RETRY_TIMES ) { rfile.m_nRetry++; pReportList->AddTail( rfile ); } else { rfile.m_nReportState = enumFileRetried; m_reportFileDB.AddFileInfo( rfile ); } } else { m_reportFileDB.RemoveFileInfo( rfile ); } } // 有隐患 if (bIsReportFile) ::DeleteFile(rfile.m_strFilePath); } } Exit0: if ( m_spiUploader ) { m_spiUploader->Uninitialize(); m_spiUploader.Release(); } CRunTimeLog::WriteLog(WINMOD_LLVL_INFO, L"[CUnkownReport] report thread exit" ); return 0; }
inline HRESULT RegisterAppId(bool bService = false) throw() { if (!Uninstall()) return E_FAIL; HRESULT hr = UpdateRegistryAppId(TRUE); if (FAILED(hr)) return hr; CRegKey keyAppID; LONG lRes = keyAppID.Open(HKEY_CLASSES_ROOT, _T("AppID"), KEY_WRITE); if (lRes != ERROR_SUCCESS) return AtlHresultFromWin32(lRes); CRegKey key; lRes = key.Create(keyAppID, GetAppIdT()); if (lRes != ERROR_SUCCESS) return AtlHresultFromWin32(lRes); key.DeleteValue(_T("LocalService")); if (!bService) return S_OK; key.SetStringValue(_T("LocalService"), m_szServiceName); // Create service if (!Install()) return E_FAIL; return S_OK; }
HRESULT DeleteRegistrationCookie() { CRegKey key; LONG res = key.Open(HKEY_CURRENT_USER, SAMPLES_CONFIG_KEY); if (res != ERROR_SUCCESS) return AtlHresultFromWin32(res); res = key.DeleteSubKey(CONSOLE_CONFIG_KEY_NAME); return AtlHresultFromWin32(res); }
HRESULT StoreRegistrationCookie(long cookie) { CRegKey key; LONG res = key.Create(HKEY_CURRENT_USER, CONSOLE_CONFIG_KEY); if (res != ERROR_SUCCESS) return AtlHresultFromWin32(res); res = key.SetDWORDValue(COOKIE_VALUE, cookie); ATLASSERT(res == ERROR_SUCCESS); return AtlHresultFromWin32(res); }
/** * Once registered, this is a simple way to retrieve our * event framework cookie. */ HRESULT RetrieveRegistrationCookie(long* cookie) { ATLASSERT(cookie != NULL); CRegKey key; LONG res = key.Open(HKEY_CURRENT_USER, CONSOLE_CONFIG_KEY, KEY_READ); if (res != ERROR_SUCCESS) return AtlHresultFromWin32(res); res = key.QueryDWORDValue(COOKIE_VALUE, *reinterpret_cast<DWORD*>(cookie)); ATLASSERT(res == ERROR_SUCCESS); return AtlHresultFromWin32(res); }
HRESULT CDolphinVMModule::RegisterAsEventSource() const { static TCHAR* szKeyStem = _T("SYSTEM\\CurrentControlSet\\Services\\EventLog\\Application\\"); HRESULT hr; TCHAR szKey[512]; _tcscpy(szKey, szKeyStem); _tcscat(szKey, _T("Dolphin")); CRegKey rkeyEvSrc; // Register as an event source with message table in this DLL LONG ret = rkeyEvSrc.Create(HKEY_LOCAL_MACHINE, szKey); if (ret == ERROR_SUCCESS) { TCHAR szModule[_MAX_PATH]; ::GetModuleFileName(_AtlBaseModule.GetModuleInstance(), szModule, _MAX_PATH); rkeyEvSrc.SetStringValue(_T("EventMessageFile"), szModule); rkeyEvSrc.SetDWORDValue(_T("TypesSupported"), 7); hr = S_OK; } else hr = AtlHresultFromWin32(ret); return hr; }
inline HRESULT RegisterAppId(bool bService = false) throw() { if (!Uninstall()) return E_FAIL; HRESULT hr = UpdateRegistryAppId(TRUE); if (FAILED(hr)) return hr; CRegKey keyAppID; LONG lRes = keyAppID.Open(HKEY_CLASSES_ROOT, _T("AppID"), KEY_WRITE); if (lRes != ERROR_SUCCESS) return AtlHresultFromWin32(lRes); CRegKey key; lRes = key.Create(keyAppID, GetAppIdT()); if (lRes != ERROR_SUCCESS) return AtlHresultFromWin32(lRes); key.DeleteValue(_T("LocalService")); if (!bService) return S_OK; key.SetStringValue(_T("LocalService"), m_szServiceName); // change LaunchACL and AccessACL,so that no "Administrator" privileges is need. //S-1-5-32-545 is USERS's SID TCHAR szUsersSID[] = _T("S-1-5-32-545"); DWORD error = ChangeAppIDLaunchACL(GetAppIdT(),szUsersSID,true,true,COM_RIGHTS_ACTIVATE_LOCAL); if(error){ DebugOutF(filelog::log_error,"ChangeAppIDLaunchACL failed with %d",error); } error = ChangeAppIDAccessACL(GetAppIdT(),szUsersSID,true,true,COM_RIGHTS_EXECUTE_LOCAL); if(error){ DebugOutF(filelog::log_error,"ChangeAppIDAccessACL failed with %d",error); } // Create service if (!Install()) return E_FAIL; return S_OK; }
HRESULT AWinRunnable::StartRunning() { if (m_hThread && !m_hThread.IsExit()) { return AtlHresultFromWin32(ERROR_ALREADY_INITIALIZED); } m_hThread.Close(); return m_hThread.Create(this); }
HRESULT CWinThread::CreateNoCRT( IWinRunnable* piRunnable ) { assert(!m_h); assert(piRunnable); if (m_h) return AtlHresultFromWin32(ERROR_ALREADY_INITIALIZED); if (!piRunnable) return E_POINTER; m_h = ::CreateThread(NULL, 0, RunThreadFuncNoCRT, piRunnable, CREATE_SUSPENDED, NULL); if (!m_h) return GetLastError() ? AtlHresultFromLastError() : E_FAIL; Resume(); return S_OK; }
HRESULT CWinThread::Create( IWinRunnable* piRunnable ) { assert(!m_h); assert(piRunnable); if (m_h) return AtlHresultFromWin32(ERROR_ALREADY_INITIALIZED); if (!piRunnable) return E_POINTER; // use _beginthreadex for initialization of c runtime lib m_h = (HANDLE)_beginthreadex(NULL, 0, RunThreadFunc, piRunnable, CREATE_SUSPENDED, NULL); if (!m_h) return GetLastError() ? AtlHresultFromLastError() : E_FAIL; Resume(); return S_OK; }