tERROR EnumContext::Scan(hSTRING p_DelFName) { tERROR error=errOK; tDWORD dValuesCount=0; tDWORD i=0,j; tCHAR* sSectionName; tCHAR* sValName; tCHAR* sData; SECTIONS_TYPE dSType; const tCHAR* ParamsArray[5]; #define sPars1 ParamsArray[0] #define sPars2 ParamsArray[1] #define sPars3 ParamsArray[2] #define sPars4 ParamsArray[3] #define sPars5 ParamsArray[4] tDWORD dSCount; tDWORD CountToDo=5; tDWORD CurCount=0; cPrStrA sIniString; cPrStrW sFileName; EnterCriticalSection(&m_pStartUpEnum->m_sCommonCriticalSection); cAutoInterlockedCounter _active(&m_pStartUpEnum->m_nScanActiv); error = m_pStartUpEnum->ReInitObjects(); PR_TRACE((g_root, prtIMPORTANT, "startupenum2\tScan nScanActiv=%d, m_hDecodeIO=%x, m_hBaseIni=%x, %terr", m_pStartUpEnum->m_nScanActiv, m_pStartUpEnum->m_hDecodeIO, m_pStartUpEnum->m_hBaseIni, error)); if (PR_FAIL(error)) _active.destroy(); LeaveCriticalSection(&m_pStartUpEnum->m_sCommonCriticalSection); if (PR_FAIL(error)) return errOBJECT_NOT_INITIALIZED; error = m_pStartUpEnum->m_hBaseIni->GetSectionsCount(&dSCount); if (PR_FAIL(error)) { PR_TRACE((m_pStartUpEnum,prtERROR,"startupenum2\tCannot get sections count, %terr",error)); return error; } for (i=0;i<dSCount;i++) { error=m_pStartUpEnum->m_hBaseIni->GetValuesCount(i,&j); if (PR_SUCC(error)) CountToDo+=j; } i=0; while ((error=m_pStartUpEnum->m_hBaseIni->EnumSections(i,&sSectionName,&dValuesCount))==errOK) { dSType=GetSectionType(sSectionName); for (j=0;j<dValuesCount;j++) { error=m_pStartUpEnum->m_hBaseIni->EnumValues(i,j,&sValName,&sData); if (error==errEND_OF_THE_LIST) { error=errOK; break; } if (error!=errOK) continue; //INT3; PR_TRACE((m_pStartUpEnum,prtNOTIFY,"startupenum2\tIni command <%s>, %terr",sData/*sNextData*/,error)); sIniString = sData; memset(&ParamsArray, 0, sizeof(ParamsArray)); tDWORD nParamsCount = ParseIniString(sIniString,&ParamsArray[0],countof(ParamsArray)); //HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini|AeDebug|*\Software\Microsoft\Windows NT\CurrentVersion\AEDebug|Debugger|FLAG_RESTORE_DEFAULT|"drwtsn32 -p %ld -e %ld -g" // SYS:Microsoft\Windows NT\CurrentVersion\AeDebug //HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\boot|Shell|*\Software\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell|FLAG_RESTORE_DEFAULT|explorer.exe // SYS:Microsoft\Windows NT\CurrentVersion\Winlogon //HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows|Load| //HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows|Run| //HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows|AppInit_DLLs|HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs|FLAG_CUT_DATA // SYS:Microsoft\Windows NT\CurrentVersion\Windows //HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini|drivers|HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers|*|FLAG_DEL_VALUE // #SYS:Microsoft\Windows NT\CurrentVersion\drivers //HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini|drivers32|HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32|*|FLAG_DEL_VALUE // SYS:Microsoft\Windows NT\CurrentVersion\Drivers32 //HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\boot|SCRNSAVE.EXE|HKCU\Control Panel\Desktop|SCRNSAVE.EXE|FLAG_RESTORE_DEFAULT|logon.scr // USR:Control Panel\Desktop tDWORD dFlag=0; m_dwFlags &= FLAG_CLEAR_ACTIONS_SENDING; switch (dSType) { case REGISTRY_TYPE: { //ini struct KEY|Value|Flag|Default if (nParamsCount < 2) continue; dFlag=ParsFlags(sPars3,&m_dwFlags); if ((dFlag&FLAG_ENUM_WINNT_ONLY)&&(g_bIsWin9x)) break; if ((dFlag&FLAG_ENUM_WIN9X_ONLY)&&(!g_bIsWin9x)) break; if (sPars4) { cStringObj sDefault(sPars4); m_pStartUpEnum->sysSendMsg(pmc_PRODUCT_ENVIRONMENT, pm_EXPAND_ENVIRONMENT_STRING, (hOBJECT)cAutoString (sDefault), 0, 0); m_sDefaultValue = sDefault.data(); } if (m_bAdvancedDisinfection) { cStringObj name(sPars1); tERROR error = m_pStartUpEnum->sysSendMsg(pmc_ADVANCED_DISINFECTION, pm_ADVANCED_DISINFECTION_LOCK_REGKEY, (hOBJECT)cAutoString(name), NULL, NULL); PR_TRACE((m_pStartUpEnum,prtIMPORTANT,"startupenum2\tNotify pm_ADVANCED_DISINFECTION_LOCK_REGKEY <%S>, result %terr", name.data(), error)); } tDWORD Ret=m_cRegEnumCtx->RegEnumAW(sPars1,sPars2,dFlag,(LPVOID)this,RegEnumCallback,RegEnumCallbackErrMessage); m_dwFlags=m_dwFlags&FLAG_CLEAR_REG_DETECTED; if (Ret!=ERROR_SUCCESS) PR_TRACE((m_pStartUpEnum,prtERROR,"startupenum2\tCannot enum registry path <%s>, value <%s>, %terr",sPars1,sPars2,Ret)); if ((error==errOPERATION_CANCELED) || (Ret == errOPERATION_CANCELED)) return error; } break; case INI_TYPE: //ini struct Path|Section|Value|Flag|Default dFlag=ParsFlags(sPars4,&m_dwFlags); if (nParamsCount < 3) continue; if ((dFlag&FLAG_ENUM_WINNT_ONLY)&&(g_bIsWin9x)) break; if ((dFlag&FLAG_ENUM_WIN9X_ONLY)&&(!g_bIsWin9x)) break; if (sPars5) m_sDefaultValue = sPars5; sFileName = sPars1; if (m_bAdvancedDisinfection && sPars1) { cStringObj name(sPars1); tERROR error = m_pStartUpEnum->sysSendMsg(pmc_ADVANCED_DISINFECTION, pm_ADVANCED_DISINFECTION_LOCK_FILE, (hOBJECT)cAutoString(name), NULL, NULL); PR_TRACE((m_pStartUpEnum,prtIMPORTANT,"startupenum2\tNotify pm_ADVANCED_DISINFECTION_LOCK_FILE <%S>, result %terr", name.data(), error)); } error=EnumByMaskToCheck(sFileName,sPars2,sPars3,dFlag,cbIniEnum); if (error!=errEND_OF_THE_LIST) { if (PR_FAIL(error)) PR_TRACE((m_pStartUpEnum,prtERROR,"startupenum2\tCannot enum ini file <%S>, section <%s>, value <%s>, %terr",sPars1,sPars2,sPars3,error)); } if (error==errOPERATION_CANCELED) return error; break; case BAT_TYPE: //ini struct Path|Flag|Default dFlag=ParsFlags(sPars2,&m_dwFlags); if (nParamsCount < 1) continue; if ((dFlag&FLAG_ENUM_WINNT_ONLY)&&(g_bIsWin9x)) break; if ((dFlag&FLAG_ENUM_WIN9X_ONLY)&&(!g_bIsWin9x)) break; if (sPars3) m_sDefaultValue = sPars3; sFileName = sPars1; if (m_bAdvancedDisinfection && sPars1) { tERROR error; cStringObj name(sPars1); error = m_pStartUpEnum->sysSendMsg(pmc_ADVANCED_DISINFECTION, pm_ADVANCED_DISINFECTION_LOCK_FILE, (hOBJECT)cAutoString(name), NULL, NULL); PR_TRACE((m_pStartUpEnum,prtIMPORTANT,"startupenum2\tNotify pm_ADVANCED_DISINFECTION_LOCK_FILE <%S>, result %terr", name.data(), error)); } error=EnumByMaskToCheck(sFileName,NULL,NULL,dFlag,cbBatEnum); if (PR_FAIL(error)) PR_TRACE((m_pStartUpEnum,prtERROR,"startupenum2\tCannot enum bat file <%S>, %terr",sPars1,error)); if (error==errOPERATION_CANCELED) return error; break; default: break; } if (m_sDefaultValue) m_sDefaultValue[0]=0; error = m_pSendToObj->propSetDWord(m_pStartUpEnum->m_propId_PROGRESS,(CurCount++)*55/CountToDo); } i++; } if (error==errEND_OF_THE_LIST) error=errOK; // enum task manager m_SendData.m_ObjType=OBJECT_TASK_MANAGER_TYPE; PR_TRACE((m_pStartUpEnum,prtNOTIFY,"startupenum2\t<Scan> Start TaskManager enum")); do { error=EnumTaskManager(); } while(PR_SUCC(error) && NeedRescan()); if (error==errOPERATION_CANCELED) return error; error=m_pSendToObj->propSetDWord(m_pStartUpEnum->m_propId_PROGRESS, m_pSendToObj->propGetDWord(m_pStartUpEnum->m_propId_PROGRESS) + 1); m_SendData.m_ObjType=OBJECT_TASK_MANAGER_TYPE; PR_TRACE((m_pStartUpEnum,prtNOTIFY,"startupenum2\t<Scan> Start LSP enum")); error=LSPEnum(); if (error==errOPERATION_CANCELED) return error; error=m_pSendToObj->propSetDWord(m_pStartUpEnum->m_propId_PROGRESS, m_pSendToObj->propGetDWord(m_pStartUpEnum->m_propId_PROGRESS) + 1); m_SendData.m_ObjType=OBJECT_START_UP_MENU_TYPE; PR_TRACE((m_pStartUpEnum,prtNOTIFY,"startupenum2\t<Scan> Start StartUpMenu enum")); error=EnumStartUp(); if (error==errOPERATION_CANCELED) return error; error=m_pSendToObj->propSetDWord(m_pStartUpEnum->m_propId_PROGRESS, m_pSendToObj->propGetDWord(m_pStartUpEnum->m_propId_PROGRESS) + 2); if (!(m_dwFlags&CURE_ACTION_ACTIVE)) { m_SendData.m_ObjType=OBJECT_HOSTS_TYPE; PR_TRACE((m_pStartUpEnum,prtNOTIFY,"startupenum2\t<Scan> Start HOSTS analyse")); error=CheckHosts(); if (error==errOPERATION_CANCELED) return error; error=m_pSendToObj->propSetDWord(m_pStartUpEnum->m_propId_PROGRESS, m_pSendToObj->propGetDWord(m_pStartUpEnum->m_propId_PROGRESS) + 1); PR_TRACE((m_pStartUpEnum,prtNOTIFY,"startupenum2\t<Scan> Start ProcessesFromDriver enum")); error = ScanProcessesFromDriver(); if (error==errOPERATION_CANCELED) return error; error=m_pSendToObj->propSetDWord(m_pStartUpEnum->m_propId_PROGRESS, m_pSendToObj->propGetDWord(m_pStartUpEnum->m_propId_PROGRESS) + 5); PR_TRACE((m_pStartUpEnum,prtNOTIFY,"startupenum2\t<Scan> Start ProcessesFromDriver enum")); error = ScanPrefetchFromDriver(100 - m_pSendToObj->propGetDWord(m_pStartUpEnum->m_propId_PROGRESS)); // m_pStartUpEnum->m_bHashKnownFilesExist = cTRUE; } m_pStartUpEnum->m_bHashKnownFilesExist = cTRUE; error=m_pSendToObj->propSetDWord(m_pStartUpEnum->m_propId_PROGRESS, 100); // m_pStartUpEnum->m_bHashKnownFilesExist = cTRUE; return error; }
Persistency::HostPtr Strategy::getReportedHost(const Node node) const { return Algo::forEachUniqueLeaf( node, CheckHosts(this) ).out_; }