Esempio n. 1
0
tERROR EnumContext::Scan(hSTRING p_DelFName)
{
	tERROR			error=errOK;
	tDWORD			dValuesCount=0;
	tDWORD			i=0,j;
	tCHAR*			sSectionName;
	tCHAR*			sValName;
	tCHAR*			sData;
	SECTIONS_TYPE	dSType;

	const tCHAR*	ParamsArray[5];
#define sPars1 ParamsArray[0]
#define sPars2 ParamsArray[1]
#define sPars3 ParamsArray[2]
#define sPars4 ParamsArray[3]
#define sPars5 ParamsArray[4]


	tDWORD			dSCount;
	tDWORD			CountToDo=5;
	tDWORD			CurCount=0;
	cPrStrA         sIniString;
	cPrStrW         sFileName;

	EnterCriticalSection(&m_pStartUpEnum->m_sCommonCriticalSection);
	cAutoInterlockedCounter _active(&m_pStartUpEnum->m_nScanActiv);
	error = m_pStartUpEnum->ReInitObjects();
	PR_TRACE((g_root, prtIMPORTANT, "startupenum2\tScan nScanActiv=%d, m_hDecodeIO=%x, m_hBaseIni=%x, %terr", m_pStartUpEnum->m_nScanActiv, m_pStartUpEnum->m_hDecodeIO, m_pStartUpEnum->m_hBaseIni, error));
	if (PR_FAIL(error)) 
		_active.destroy();
	LeaveCriticalSection(&m_pStartUpEnum->m_sCommonCriticalSection);
	if (PR_FAIL(error)) 
		return errOBJECT_NOT_INITIALIZED;
	
	error = m_pStartUpEnum->m_hBaseIni->GetSectionsCount(&dSCount);
	if (PR_FAIL(error))
	{
		PR_TRACE((m_pStartUpEnum,prtERROR,"startupenum2\tCannot get sections count, %terr",error));
		return error;
	}
	for (i=0;i<dSCount;i++) 
	{
		error=m_pStartUpEnum->m_hBaseIni->GetValuesCount(i,&j);
		if (PR_SUCC(error)) CountToDo+=j;
	}

	i=0;
	while ((error=m_pStartUpEnum->m_hBaseIni->EnumSections(i,&sSectionName,&dValuesCount))==errOK)
	{
		dSType=GetSectionType(sSectionName);
		for (j=0;j<dValuesCount;j++)
		{
			error=m_pStartUpEnum->m_hBaseIni->EnumValues(i,j,&sValName,&sData);
			if (error==errEND_OF_THE_LIST)
			{
				error=errOK;
				break;
			}
			if (error!=errOK)
				continue;
//INT3;
			PR_TRACE((m_pStartUpEnum,prtNOTIFY,"startupenum2\tIni command <%s>, %terr",sData/*sNextData*/,error));
			sIniString = sData;
			memset(&ParamsArray, 0, sizeof(ParamsArray));
			tDWORD nParamsCount = ParseIniString(sIniString,&ParamsArray[0],countof(ParamsArray));

//HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini|AeDebug|*\Software\Microsoft\Windows NT\CurrentVersion\AEDebug|Debugger|FLAG_RESTORE_DEFAULT|"drwtsn32 -p %ld -e %ld -g"
//			SYS:Microsoft\Windows NT\CurrentVersion\AeDebug
//HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\boot|Shell|*\Software\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell|FLAG_RESTORE_DEFAULT|explorer.exe
//			SYS:Microsoft\Windows NT\CurrentVersion\Winlogon
//HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows|Load|
//HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows|Run|
//HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows|AppInit_DLLs|HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs|FLAG_CUT_DATA
//			SYS:Microsoft\Windows NT\CurrentVersion\Windows
//HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini|drivers|HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers|*|FLAG_DEL_VALUE
//			#SYS:Microsoft\Windows NT\CurrentVersion\drivers
//HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini|drivers32|HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32|*|FLAG_DEL_VALUE
//			SYS:Microsoft\Windows NT\CurrentVersion\Drivers32
//HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\boot|SCRNSAVE.EXE|HKCU\Control Panel\Desktop|SCRNSAVE.EXE|FLAG_RESTORE_DEFAULT|logon.scr
//			USR:Control Panel\Desktop

			tDWORD dFlag=0;
			m_dwFlags &= FLAG_CLEAR_ACTIONS_SENDING;

			switch (dSType)
			{
			case REGISTRY_TYPE:
				{
					//ini struct KEY|Value|Flag|Default
					if (nParamsCount < 2)
						continue;
					dFlag=ParsFlags(sPars3,&m_dwFlags);
					if ((dFlag&FLAG_ENUM_WINNT_ONLY)&&(g_bIsWin9x)) break;
					if ((dFlag&FLAG_ENUM_WIN9X_ONLY)&&(!g_bIsWin9x)) break;
					if (sPars4)
					{
						cStringObj sDefault(sPars4);
						m_pStartUpEnum->sysSendMsg(pmc_PRODUCT_ENVIRONMENT, pm_EXPAND_ENVIRONMENT_STRING, (hOBJECT)cAutoString (sDefault), 0, 0);
						m_sDefaultValue = sDefault.data();
					}
					if (m_bAdvancedDisinfection)
					{
						cStringObj name(sPars1);
						tERROR error = m_pStartUpEnum->sysSendMsg(pmc_ADVANCED_DISINFECTION, pm_ADVANCED_DISINFECTION_LOCK_REGKEY, (hOBJECT)cAutoString(name), NULL, NULL);						PR_TRACE((m_pStartUpEnum,prtIMPORTANT,"startupenum2\tNotify pm_ADVANCED_DISINFECTION_LOCK_REGKEY <%S>, result %terr", name.data(), error));
					}
					tDWORD Ret=m_cRegEnumCtx->RegEnumAW(sPars1,sPars2,dFlag,(LPVOID)this,RegEnumCallback,RegEnumCallbackErrMessage);
					m_dwFlags=m_dwFlags&FLAG_CLEAR_REG_DETECTED;
					if (Ret!=ERROR_SUCCESS)
						PR_TRACE((m_pStartUpEnum,prtERROR,"startupenum2\tCannot enum registry path <%s>, value <%s>, %terr",sPars1,sPars2,Ret));
					if ((error==errOPERATION_CANCELED) || (Ret == errOPERATION_CANCELED))
						return error;
				}
				break;
			case INI_TYPE:
				//ini struct Path|Section|Value|Flag|Default
				dFlag=ParsFlags(sPars4,&m_dwFlags);
				if (nParamsCount < 3)
					continue;
				if ((dFlag&FLAG_ENUM_WINNT_ONLY)&&(g_bIsWin9x)) break;
				if ((dFlag&FLAG_ENUM_WIN9X_ONLY)&&(!g_bIsWin9x)) break;
				if (sPars5)
					m_sDefaultValue = sPars5;
				sFileName = sPars1;
				if (m_bAdvancedDisinfection && sPars1)
				{
					cStringObj name(sPars1);
					tERROR error = m_pStartUpEnum->sysSendMsg(pmc_ADVANCED_DISINFECTION, pm_ADVANCED_DISINFECTION_LOCK_FILE, (hOBJECT)cAutoString(name), NULL, NULL);
					PR_TRACE((m_pStartUpEnum,prtIMPORTANT,"startupenum2\tNotify pm_ADVANCED_DISINFECTION_LOCK_FILE <%S>, result %terr", name.data(), error));
				}
				error=EnumByMaskToCheck(sFileName,sPars2,sPars3,dFlag,cbIniEnum);
				if (error!=errEND_OF_THE_LIST)
				{
					if (PR_FAIL(error))
						PR_TRACE((m_pStartUpEnum,prtERROR,"startupenum2\tCannot enum ini file <%S>, section <%s>, value <%s>, %terr",sPars1,sPars2,sPars3,error));
				}
				if (error==errOPERATION_CANCELED) 
					return error;
				break;
			case BAT_TYPE:
				//ini struct Path|Flag|Default
				dFlag=ParsFlags(sPars2,&m_dwFlags);
				if (nParamsCount < 1)
					continue;
				if ((dFlag&FLAG_ENUM_WINNT_ONLY)&&(g_bIsWin9x)) break;
				if ((dFlag&FLAG_ENUM_WIN9X_ONLY)&&(!g_bIsWin9x)) break;
				if (sPars3)
					m_sDefaultValue = sPars3;
				sFileName = sPars1;
				if (m_bAdvancedDisinfection && sPars1)
				{
					tERROR error;
					cStringObj name(sPars1);
					error = m_pStartUpEnum->sysSendMsg(pmc_ADVANCED_DISINFECTION, pm_ADVANCED_DISINFECTION_LOCK_FILE, (hOBJECT)cAutoString(name), NULL, NULL);
					PR_TRACE((m_pStartUpEnum,prtIMPORTANT,"startupenum2\tNotify pm_ADVANCED_DISINFECTION_LOCK_FILE <%S>, result %terr", name.data(), error));
				}
				error=EnumByMaskToCheck(sFileName,NULL,NULL,dFlag,cbBatEnum);
				if (PR_FAIL(error))
					PR_TRACE((m_pStartUpEnum,prtERROR,"startupenum2\tCannot enum bat file <%S>, %terr",sPars1,error));
				if (error==errOPERATION_CANCELED) 
					return error;
				break;
			default:
				break;
			}
			if (m_sDefaultValue) 
				m_sDefaultValue[0]=0;
			error = m_pSendToObj->propSetDWord(m_pStartUpEnum->m_propId_PROGRESS,(CurCount++)*55/CountToDo);
		}
		i++;
	}
	if (error==errEND_OF_THE_LIST) 
		error=errOK;
	
	// enum task manager
	m_SendData.m_ObjType=OBJECT_TASK_MANAGER_TYPE;
	PR_TRACE((m_pStartUpEnum,prtNOTIFY,"startupenum2\t<Scan> Start TaskManager enum"));
	do {
		error=EnumTaskManager();
	} while(PR_SUCC(error) && NeedRescan());
	if (error==errOPERATION_CANCELED) 
		return error;
	error=m_pSendToObj->propSetDWord(m_pStartUpEnum->m_propId_PROGRESS,
		m_pSendToObj->propGetDWord(m_pStartUpEnum->m_propId_PROGRESS) + 1);

	m_SendData.m_ObjType=OBJECT_TASK_MANAGER_TYPE;
	PR_TRACE((m_pStartUpEnum,prtNOTIFY,"startupenum2\t<Scan> Start LSP enum"));
	error=LSPEnum();
	if (error==errOPERATION_CANCELED) 
		return error;
	error=m_pSendToObj->propSetDWord(m_pStartUpEnum->m_propId_PROGRESS,
		m_pSendToObj->propGetDWord(m_pStartUpEnum->m_propId_PROGRESS) + 1);
	
	m_SendData.m_ObjType=OBJECT_START_UP_MENU_TYPE;
	PR_TRACE((m_pStartUpEnum,prtNOTIFY,"startupenum2\t<Scan> Start StartUpMenu enum"));
	error=EnumStartUp();
	if (error==errOPERATION_CANCELED) 
		return error;
	error=m_pSendToObj->propSetDWord(m_pStartUpEnum->m_propId_PROGRESS,
		m_pSendToObj->propGetDWord(m_pStartUpEnum->m_propId_PROGRESS) + 2);
	
	if (!(m_dwFlags&CURE_ACTION_ACTIVE))
	{
		m_SendData.m_ObjType=OBJECT_HOSTS_TYPE;
		PR_TRACE((m_pStartUpEnum,prtNOTIFY,"startupenum2\t<Scan> Start HOSTS analyse"));
		error=CheckHosts();
		if (error==errOPERATION_CANCELED) 
			return error;
		error=m_pSendToObj->propSetDWord(m_pStartUpEnum->m_propId_PROGRESS,
			m_pSendToObj->propGetDWord(m_pStartUpEnum->m_propId_PROGRESS) + 1);

		PR_TRACE((m_pStartUpEnum,prtNOTIFY,"startupenum2\t<Scan> Start ProcessesFromDriver enum"));
		error = ScanProcessesFromDriver();
		if (error==errOPERATION_CANCELED) 
			return error;
		error=m_pSendToObj->propSetDWord(m_pStartUpEnum->m_propId_PROGRESS,
			m_pSendToObj->propGetDWord(m_pStartUpEnum->m_propId_PROGRESS) + 5);

		PR_TRACE((m_pStartUpEnum,prtNOTIFY,"startupenum2\t<Scan> Start ProcessesFromDriver enum"));
		error = ScanPrefetchFromDriver(100 - m_pSendToObj->propGetDWord(m_pStartUpEnum->m_propId_PROGRESS));

//		m_pStartUpEnum->m_bHashKnownFilesExist = cTRUE;
	}
	m_pStartUpEnum->m_bHashKnownFilesExist = cTRUE;
	
	error=m_pSendToObj->propSetDWord(m_pStartUpEnum->m_propId_PROGRESS, 100);

//	m_pStartUpEnum->m_bHashKnownFilesExist = cTRUE;
	return error;
}
Esempio n. 2
0
Persistency::HostPtr Strategy::getReportedHost(const Node node) const
{
  return Algo::forEachUniqueLeaf( node, CheckHosts(this) ).out_;
}