// // возвращает размер зан¤той списком файлов пам¤ти в байтах // BOOLEAN GetFileListSizeByBytes(PULONG pdwSize) { BOOLEAN bRes = FALSE; KDLinkedListItem* pNode; PFILEINFO pFileInfo; if ( KeGetCurrentIrql() == PASSIVE_LEVEL && _MmIsAddressValid(pdwSize) && _MmIsAddressValid(pSaveList) ) { *pdwSize = 0; MUTEX_WAIT(LockMutexToFileSaveList); pNode = pSaveList->GetHead(); while (_MmIsAddressValid(pNode)) { pFileInfo = (PFILEINFO)pNode->GetObject(); if (_MmIsAddressValid(pFileInfo)) { *pdwSize += pFileInfo->dwSizeAllNamesArea + SIZEOF_FILEINFO_REAL; } pNode = pNode->GetNext(); } MUTEX_RELEASE(LockMutexToFileSaveList); bRes = TRUE; } return bRes; }
void Timer::removeEvent(uint event_id) { if( (event_id!=0) && ((timers_used & (1<<event_id)) != 0) ) { MUTEX_GET(events_mutex); { timers_used&= ~(1<<event_id); Debug("[SCHEDULER] Event removed: %s\n", events[event_id].func_name.c_str()); } MUTEX_RELEASE(events_mutex); } }
BOOLEAN GetFileSaveList(PFILEINFOSET pFileInfoSet) { BOOLEAN bRes = FALSE; KDLinkedListItem* pNode; PFILEINFO pFileInfo, pFileInfoDest; ULONG dwSize; if ( KeGetCurrentIrql() == PASSIVE_LEVEL && _MmIsAddressValid(pSaveList) && _MmIsAddressValid(pFileInfoSet) && pFileInfoSet->dwSize >= SIZEOF_FILEINFOSET ) { dwSize = pFileInfoSet->dwSize; memset(pFileInfoSet, 0, dwSize); dwSize -= sizeof(ULONG); pFileInfoDest = &pFileInfoSet->FileInfo[0]; MUTEX_WAIT(LockMutexToFileSaveList); pNode = pSaveList->GetHead(); while (_MmIsAddressValid(pNode)) { pFileInfo = (PFILEINFO)pNode->GetObject(); if (_MmIsAddressValid(pFileInfo)) { if (dwSize >= (pFileInfo->dwSizeAllNamesArea + SIZEOF_FILEINFO_REAL)) { memcpy(pFileInfoDest, pFileInfo, (pFileInfo->dwSizeAllNamesArea + SIZEOF_FILEINFO_REAL)); // if (dwSize >= (pFileInfo->dwSizeAllNamesArea + SIZEOF_FILEINFO_REAL)) dwSize -= (pFileInfo->dwSizeAllNamesArea + SIZEOF_FILEINFO_REAL); // else // dwSize = 0; pFileInfoDest = (PFILEINFO)((CHAR*)pFileInfoDest + (pFileInfo->dwSizeAllNamesArea + SIZEOF_FILEINFO_REAL)); pFileInfoSet->dwSize += (pFileInfo->dwSizeAllNamesArea + SIZEOF_FILEINFO_REAL); } } pNode = pNode->GetNext(); } MUTEX_RELEASE(LockMutexToFileSaveList); if (pFileInfoSet->dwSize != 0) pFileInfoSet->dwSize += sizeof(ULONG); bRes = TRUE; } return bRes; }
//******************************************************************// //********************* List destroy functions *********************// //******************************************************************// void ClearSaveFileList(void) { PFILEINFO lpFileInfo; KDLinkedListItem* lpNode; __try { MUTEX_WAIT(LockMutexToFileSaveList); if (_MmIsAddressValid(pDirTree)) delete pDirTree; pDirTree = NULL; if (_MmIsAddressValid(pSaveList)) { lpNode = pSaveList->GetHead(); while (_MmIsAddressValid(lpNode)) { lpFileInfo = (PFILEINFO)pSaveList->RemoveHead(); if (_MmIsAddressValid(lpFileInfo)) { FreePoolToKHeap(hKHeapSOFileList, lpFileInfo); } lpNode = pSaveList->GetHead(); } delete pSaveList; pSaveList = NULL; } MUTEX_RELEASE(LockMutexToFileSaveList); } __except(EXCEPTION_EXECUTE_HANDLER) { MUTEX_RELEASE(LockMutexToFileSaveList); DbgPrintSO(("He4HookInv: ClearSaveFileList: EXCEPTION\n")); } }
uint Timer::addEvent(Script *p, const string &func, uint seconds, const vector<string> &vParams) { bool add= true; TimedEvent ev(p, func, seconds); uint newid; // find a free index for(newid= 1; newid< MAX_TIMER_COUNT; newid++) { if( !isIDValid(newid) ) break; } if( newid < MAX_TIMER_COUNT ) { /* // look in the existing events to see if it is not already registered for(uint i= 1; i< MAX_TIMER_COUNT; i++) { TimedEvent &e= events[i]; // event already registered, return if( isIDValid(i) && (p == e.plugin) && (func == e.func_name) && (seconds == e.delay_sec) ) { add= false; break; } } */ if( add ) { MUTEX_GET(events_mutex); { ev.next= time(NULL) + ev.delay_sec; ev.vCallbackParams= vParams; events[newid]= ev; } MUTEX_RELEASE(events_mutex); Debug("[SCHEDULER] Event added by \"%s\": %s (delay: %ds) \n", p->getName(), func.c_str(), seconds); timers_used|= (1<<newid); return newid; } } return 0; }
void Timer::user_func() { //Debug("[SCHEDULER] Started.\n"); for(int i= 0; i< 20; i++) { usleep(250000); cancel_point(); } while(1) { usleep(250000); cancel_point(); MUTEX_GET(events_mutex); { for(uint i= 1; i< MAX_TIMER_COUNT; i++) { if( (timers_used & (1<<i)) != 0 ) { TimedEvent &ev= events[i]; time_t timestamp= time(NULL); cancel_point(); if( ev.next <= timestamp ) { ev.plugin->callFunctionEx(ev.func_name.c_str(), "iw", i, &ev.vCallbackParams); ev.next= timestamp + ev.delay_sec; Debug("[SCHEDULER] Executing event %s::%s\n", ev.plugin->getName(), ev.func_name.c_str()); } } } } MUTEX_RELEASE(events_mutex); } //Debug("[SCHEDULER] Exited.\n"); }
/* * mutex_vector_exit: * * Support routine for mutex_exit() that handles all cases. */ void mutex_vector_exit(kmutex_t *mtx) { turnstile_t *ts; uintptr_t curthread; if (MUTEX_SPIN_P(mtx)) { #ifdef FULL if (__predict_false(!MUTEX_SPINBIT_LOCKED_P(mtx))) { if (panicstr != NULL) return; MUTEX_ABORT(mtx, "exiting unheld spin mutex"); } MUTEX_UNLOCKED(mtx); MUTEX_SPINBIT_LOCK_UNLOCK(mtx); #endif MUTEX_SPIN_SPLRESTORE(mtx); return; } if (__predict_false((uintptr_t)panicstr | cold)) { MUTEX_UNLOCKED(mtx); MUTEX_RELEASE(mtx); return; } curthread = (uintptr_t)curlwp; MUTEX_DASSERT(mtx, curthread != 0); MUTEX_ASSERT(mtx, MUTEX_OWNER(mtx->mtx_owner) == curthread); MUTEX_UNLOCKED(mtx); #if !defined(LOCKDEBUG) __USE(curthread); #endif #ifdef LOCKDEBUG /* * Avoid having to take the turnstile chain lock every time * around. Raise the priority level to splhigh() in order * to disable preemption and so make the following atomic. */ { int s = splhigh(); if (!MUTEX_HAS_WAITERS(mtx)) { MUTEX_RELEASE(mtx); splx(s); return; } splx(s); } #endif /* * Get this lock's turnstile. This gets the interlock on * the sleep queue. Once we have that, we can clear the * lock. If there was no turnstile for the lock, there * were no waiters remaining. */ ts = turnstile_lookup(mtx); if (ts == NULL) { MUTEX_RELEASE(mtx); turnstile_exit(mtx); } else { MUTEX_RELEASE(mtx); turnstile_wakeup(ts, TS_WRITER_Q, TS_WAITERS(ts, TS_WRITER_Q), NULL); } }
BOOLEAN DelFileSaveList(PFILEINFOSET lpFileInfoSet) { ULONG dwSize, dwSizeOfItem; CHAR *lpszStr; KDLinkedListItem* lpNode; PFILEINFO lpFileInfo, lpFileInfoIn; if (!_MmIsAddressValid(pSaveList)) return FALSE; if (!_MmIsAddressValid(pDirTree)) return FALSE; if (!_MmIsAddressValid(lpFileInfoSet)) return FALSE; if (lpFileInfoSet->dwSize < SIZEOF_FILEINFOSET) return FALSE; MUTEX_WAIT(LockMutexToFileSaveList); dwSize = lpFileInfoSet->dwSize - (SIZEOF_FILEINFOSET - SIZEOF_FILEINFO); lpFileInfoIn = &lpFileInfoSet->FileInfo[0]; while (dwSize > SIZEOF_FILEINFO) { if (!CheckFileInfo(lpFileInfoIn)) break; dwSizeOfItem = ((SIZEOF_FILEINFO-sizeof(CHAR)) + lpFileInfoIn->dwSizeAllNamesArea); if (lpFileInfoIn->dwSizeAnsiName > sizeof(CHAR)) { lpNode = pSaveList->GetHead(); while (_MmIsAddressValid(lpNode)) { lpFileInfo = (PFILEINFO)lpNode->GetObject(); if (!_MmIsAddressValid(lpFileInfo)) { lpNode = lpNode->GetNext(); continue; } lpszStr = lpFileInfoIn->szNames+lpFileInfoIn->dwOffsetToAnsiName; if (!CompareString(lpFileInfo->szNames+lpFileInfo->dwOffsetToAnsiName, lpszStr, TRUE)) { DbgPrintSO(("He4HookInv: DelFileSaveList: Start delete - %s\n", lpszStr)); pDirTree->Remove((PWSTR)(lpFileInfo->szNames+lpFileInfo->dwOffsetToUniName), NULL); pSaveList->Remove(lpNode); lpNode = pSaveList->GetHead(); DbgPrintSO(("He4HookInv: DelFileSaveList: End delete - %s\n", lpszStr)); FreePoolToKHeap(hKHeapSOFileList, lpFileInfo); continue; } lpNode = lpNode->GetNext(); } } dwSize -= dwSizeOfItem; lpFileInfoIn = (PFILEINFO)((PCHAR)lpFileInfoIn + dwSizeOfItem); } MUTEX_RELEASE(LockMutexToFileSaveList); return TRUE; }
BOOLEAN AddFileSaveList(PFILEINFOSET lpFileInfoSet) { PFILEINFO lpFileInfo, lpFileInfoIn; ULONG dwSize, dwSizeOfItem, dwSizeOfItemNew; PWSTR pwszNtFileName; ULONG dwSizeOfNtFileName; ANSI_STRING FileNameAnsi; UNICODE_STRING FileNameUni; if (!_MmIsAddressValid(lpFileInfoSet)) return FALSE; if (lpFileInfoSet->dwSize < SIZEOF_FILEINFOSET) return FALSE; MUTEX_WAIT(LockMutexToFileSaveList); DbgPrintSO(("He4HookInv: AddFileSaveList: Start!!!\n")); if (!_MmIsAddressValid(pSaveList)) { pSaveList = new KDLinkedList(NULL); if (pSaveList == NULL) { DbgPrintSO(("He4HookInv: AddFileSaveList: File list create ERROR!!!\n")); MUTEX_RELEASE(LockMutexToFileSaveList); return FALSE; } } if (!_MmIsAddressValid(pDirTree)) { pDirTree = new KShieldDirectoryTree(); if (pDirTree == NULL) { DbgPrintSO(("He4HookInv: AddFileSaveList: KShieldDirectoryTree create ERROR!!!\n")); MUTEX_RELEASE(LockMutexToFileSaveList); return FALSE; } } DbgPrintSO(("He4HookInv: AddFileSaveList: List created OK!!!\n")); dwSize = lpFileInfoSet->dwSize - (SIZEOF_FILEINFOSET - SIZEOF_FILEINFO); lpFileInfoIn = &lpFileInfoSet->FileInfo[0]; while(dwSize > SIZEOF_FILEINFO) { if (!CheckFileInfo(lpFileInfoIn)) break; dwSizeOfItem = ((SIZEOF_FILEINFO-sizeof(CHAR)) + lpFileInfoIn->dwSizeAllNamesArea); if (lpFileInfoIn->dwSizeAnsiName > sizeof(CHAR)) { pwszNtFileName = (PWSTR)_AllocatePoolFromKHeap(hKHeapSOFileList, sizeof(WCHAR)*lpFileInfoIn->dwSizeAnsiName+2048); if (pwszNtFileName) { RtlInitAnsiString(&FileNameAnsi, lpFileInfoIn->szNames+lpFileInfoIn->dwOffsetToAnsiName); RtlAnsiStringToUnicodeString(&FileNameUni, &FileNameAnsi, TRUE); dwSizeOfNtFileName = DosPathNameToNtPathName(FileNameUni.Buffer, pwszNtFileName, sizeof(WCHAR)*lpFileInfoIn->dwSizeAnsiName+2048, 255, NULL); RtlFreeUnicodeString(&FileNameUni); if (dwSizeOfNtFileName) { dwSizeOfNtFileName += sizeof(WCHAR); dwSizeOfItemNew = (SIZEOF_FILEINFO-sizeof(CHAR)) + lpFileInfoIn->dwSizeAnsiName + dwSizeOfNtFileName; #define ADD_NT_PATH L"\\??\\" //L"\\DosDevices\\" //L"\\??\\" if (lpFileInfoIn->dwAccessType & FILE_ACC_TYPE_EXCHANGE) { if (lpFileInfoIn->dwSizeAnsiChangedName > sizeof(CHAR)) { dwSizeOfItemNew += sizeof(WCHAR)*lpFileInfoIn->dwSizeAnsiChangedName + sizeof(ADD_NT_PATH)-sizeof(WCHAR); } else { if (lpFileInfoIn->dwSizeUniChangedName > sizeof(WCHAR)) dwSizeOfItemNew += lpFileInfoIn->dwSizeUniChangedName; } } lpFileInfo = (PFILEINFO)_AllocatePoolFromKHeap(hKHeapSOFileList, dwSizeOfItemNew+sizeof(WCHAR)); if (lpFileInfo) { memset(lpFileInfo, 0, dwSizeOfItemNew+sizeof(WCHAR)); lpFileInfo->dwAccessType = lpFileInfoIn->dwAccessType; lpFileInfo->dwSizeAllNamesArea = dwSizeOfItemNew - (SIZEOF_FILEINFO-sizeof(CHAR)); lpFileInfo->dwOffsetToAnsiName = 0; lpFileInfo->dwSizeAnsiName = lpFileInfoIn->dwSizeAnsiName; RtlCopyMemory(lpFileInfo->szNames+lpFileInfo->dwOffsetToAnsiName, lpFileInfoIn->szNames+lpFileInfoIn->dwOffsetToAnsiName, lpFileInfo->dwSizeAnsiName); lpFileInfo->dwOffsetToUniName = lpFileInfo->dwOffsetToAnsiName + lpFileInfo->dwSizeAnsiName; lpFileInfo->dwSizeUniName = dwSizeOfNtFileName; RtlCopyMemory(lpFileInfo->szNames+lpFileInfo->dwOffsetToUniName, pwszNtFileName, dwSizeOfNtFileName); if (lpFileInfoIn->dwAccessType & FILE_ACC_TYPE_EXCHANGE) { if (lpFileInfoIn->dwSizeAnsiChangedName > sizeof(CHAR)) { lpFileInfo->dwOffsetToUniChangedName = lpFileInfo->dwOffsetToUniName + lpFileInfo->dwSizeUniName; lpFileInfo->dwSizeUniChangedName = sizeof(WCHAR)*lpFileInfoIn->dwSizeAnsiChangedName+sizeof(ADD_NT_PATH)-sizeof(WCHAR); RtlInitAnsiString(&FileNameAnsi, lpFileInfoIn->szNames+lpFileInfoIn->dwOffsetToAnsiChangedName); RtlAnsiStringToUnicodeString(&FileNameUni, &FileNameAnsi, TRUE); RtlCopyMemory(lpFileInfo->szNames+lpFileInfo->dwOffsetToUniChangedName, ADD_NT_PATH, sizeof(ADD_NT_PATH)); RtlCopyMemory((lpFileInfo->szNames+lpFileInfo->dwOffsetToUniChangedName+sizeof(ADD_NT_PATH)-sizeof(WCHAR)), FileNameUni.Buffer, (sizeof(WCHAR)*lpFileInfoIn->dwSizeAnsiChangedName) < (FileNameUni.Length+sizeof(WCHAR)) ? (sizeof(WCHAR)*lpFileInfoIn->dwSizeAnsiChangedName) : (FileNameUni.Length+sizeof(WCHAR))); RtlFreeUnicodeString(&FileNameUni); } else { if (lpFileInfoIn->dwSizeUniChangedName > sizeof(WCHAR)) { lpFileInfo->dwOffsetToUniChangedName = lpFileInfo->dwOffsetToUniName + lpFileInfo->dwSizeUniName; lpFileInfo->dwSizeUniChangedName = lpFileInfoIn->dwSizeUniChangedName; RtlCopyMemory( lpFileInfo->szNames+lpFileInfo->dwOffsetToUniChangedName, lpFileInfoIn->szNames+lpFileInfoIn->dwOffsetToUniChangedName, lpFileInfo->dwSizeUniChangedName ); } else { lpFileInfo->dwAccessType &= ~FILE_ACC_TYPE_EXCHANGE; } } } PVOID pContext; if (pDirTree->Find((PWSTR)(lpFileInfo->szNames+lpFileInfo->dwOffsetToUniName), &pContext) == NULL) { DbgPrintSO(("He4HookInv: AddFileSaveList: %s, type = %x\n", lpFileInfo->szNames+lpFileInfo->dwOffsetToAnsiName, lpFileInfo->dwAccessType)); if (pDirTree->Add((PWSTR)(lpFileInfo->szNames+lpFileInfo->dwOffsetToUniName), (PVOID)lpFileInfo) == TRUE) { if (pSaveList->AddTailObject(lpFileInfo) == FALSE) { pDirTree->Remove((PWSTR)(lpFileInfo->szNames+lpFileInfo->dwOffsetToUniName), NULL); FreePoolToKHeap(hKHeapSOFileList, lpFileInfo); } } else { FreePoolToKHeap(hKHeapSOFileList, lpFileInfo); } } else { FreePoolToKHeap(hKHeapSOFileList, lpFileInfo); } } } FreePoolToKHeap(hKHeapSOFileList, pwszNtFileName); } } dwSize -= dwSizeOfItem; lpFileInfoIn = (PFILEINFO)((PCHAR)lpFileInfoIn + dwSizeOfItem); } MUTEX_RELEASE(LockMutexToFileSaveList); return TRUE; }