コード例 #1
0
ファイル: mspyLib.c プロジェクト: CenterDevice/MiniFSWatcher
PRECORD_LIST
SpyNewRecord (
    VOID
    )
/*++

Routine Description:

    Allocates a new RECORD_LIST structure if there is enough memory to do so. A
    sequence number is updated for each request for a new record.

    NOTE:  This code must be NON-PAGED because it can be called on the
           paging path or at DPC level.

Arguments:

    None

Return Value:

    Pointer to the RECORD_LIST allocated, or NULL if no memory is available.

--*/
{
    PRECORD_LIST newRecord;
    ULONG initialRecordType;

    //
    //  Allocate the buffer
    //

    newRecord = SpyAllocateBuffer( &initialRecordType );

    if (newRecord == NULL) {

        //
        //  We could not allocate a record, see if the static buffer is
        //  in use.  If not, we will use it
        //

        if (!InterlockedExchange( &MiniFSWatcherData.StaticBufferInUse, TRUE )) {

            newRecord = (PRECORD_LIST)MiniFSWatcherData.OutOfMemoryBuffer;
            initialRecordType |= RECORD_TYPE_FLAG_STATIC;
        }
    }

    //
    //  If we got a record (doesn't matter if it is static or not), init it
    //

    if (newRecord != NULL) {

        //
        // Init the new record
        //

        newRecord->LogRecord.RecordType = initialRecordType;
        newRecord->LogRecord.Length = sizeof(LOG_RECORD);
        newRecord->LogRecord.SequenceNumber = InterlockedIncrement( &MiniFSWatcherData.LogSequenceNumber );
        RtlZeroMemory( &newRecord->LogRecord.Data, sizeof( RECORD_DATA ) );
    }

    return( newRecord );
}
コード例 #2
0
ファイル: fspyhash.c プロジェクト: yzx65/ndas4windows
VOID
SpySetName (
    __inout PRECORD_LIST RecordList,
    __in PDEVICE_OBJECT DeviceObject,
    __in_opt PFILE_OBJECT FileObject,
    __in ULONG LookupFlags,
    __in_opt PVOID Context
)
/*++

Routine Description:

    This routine looks up the FileObject in the hash table.  If the FileObject
    is found in the hash table, copy the associated file name to RecordList.
    Otherwise, calls NLGetFullPathName to try to get the name of the FileObject.
    If successful, copy the file name to the RecordList and insert into hash
    table.

Arguments:

    RecordList - RecordList to copy name to.
    FileObject - the FileObject to look up.
    LookInFileObject - see routine description
    DeviceExtension - contains the volume name (e.g., "c:") and
        the next device object which may be needed.

Return Value:

    None.

--*/
{
    PFILESPY_DEVICE_EXTENSION devExt = DeviceObject->DeviceExtension;
    UINT_PTR hashIndex;
    KIRQL oldIrql;
    PHASH_ENTRY pHash;
    PHASH_ENTRY newHash;
    PLIST_ENTRY listHead;
    PNAME_CONTROL newName = NULL;
    PCHAR buffer = NULL;
    NTSTATUS status;
    BOOLEAN cacheName;

    UNREFERENCED_PARAMETER( Context );

    try {

        if (FileObject == NULL) {

            SpyCopyFileNameToLogRecord( &RecordList->LogRecord, &gEmptyUnicode );
            leave;
        }

        hashIndex = HASH_FUNC(FileObject);

        INC_STATS(TotalContextSearches);

        listHead = &gHashTable[hashIndex];

        //
        //  Don't bother checking the hash if we are in create, we must always
        //  generate a name.
        //

        if (!FlagOn(LookupFlags, NLFL_IN_CREATE)) {

            //
            //  Acquire the hash lock
            //

            KeAcquireSpinLock( &gHashLockTable[hashIndex], &oldIrql );

            pHash = SpyHashBucketLookup( &gHashTable[hashIndex], FileObject );

            if (pHash != NULL) {

                //
                //  Copy the found file name to the LogRecord
                //

                SpyCopyFileNameToLogRecord( &RecordList->LogRecord, &pHash->Name );

                KeReleaseSpinLock( &gHashLockTable[hashIndex], oldIrql );

                INC_STATS( TotalContextFound );

                leave;
            }

            KeReleaseSpinLock( &gHashLockTable[hashIndex], oldIrql );
        }

#if WINVER >= 0x0501
        //
        //  We can not allocate paged pool if this is a paging file.  If it is
        //  a paging file set a default name and return
        //

#if __NDAS_FS__

        NDASFS_ASSERT( FALSE );

#else

        if (FsRtlIsPagingFile( FileObject )) {

            SpyCopyFileNameToLogRecord( &RecordList->LogRecord, &PagingFile );
            leave;
        }

#endif

#endif

        //
        //  We did not find the name in the hash.  Allocate name control buffer
        //  (for getting name) and a buffer for inserting this name into the
        //  hash.
        //

        buffer = SpyAllocateBuffer( &gNamesAllocated, gMaxNamesToAllocate, NULL );

        status = NLAllocateNameControl( &newName, &gFileSpyNameBufferLookasideList );

        if ((buffer != NULL) && NT_SUCCESS(status)) {

            //
            //  Init the new hash entry in case we need to use it
            //

            newHash = (PHASH_ENTRY)buffer;
            RtlInitEmptyUnicodeString( &newHash->Name,
                                       (PWCHAR)(buffer + sizeof(HASH_ENTRY)),
                                       RECORD_SIZE - sizeof(HASH_ENTRY) );

            //
            //  Retrieve the name
            //

            status = NLGetFullPathName( FileObject,
                                        newName,
                                        &devExt->NLExtHeader,
                                        LookupFlags | NLFL_USE_DOS_DEVICE_NAME,
                                        &gFileSpyNameBufferLookasideList,
                                        &cacheName );

            if (NT_SUCCESS( status ) && cacheName) {

                //
                //  We got a name and the name should be cached, save it in the
                //  log record and the hash buffer.
                //

                SpyCopyFileNameToLogRecord( &RecordList->LogRecord, &newName->Name );

                RtlCopyUnicodeString( &newHash->Name, &newName->Name );
                newHash->FileObject = FileObject;

                //
                //  Acquire the hash lock
                //

                KeAcquireSpinLock( &gHashLockTable[hashIndex], &oldIrql );

                //
                //  Search again because it may have been stored in the hash table
                //  since we did our last search and dropped the lock.
                //

                pHash = SpyHashBucketLookup( &gHashTable[hashIndex], FileObject );

                if (pHash != NULL) {

                    //
                    //  We found it in the hash table this time, don't need to
                    //  cache it again.
                    //

                    KeReleaseSpinLock( &gHashLockTable[hashIndex], oldIrql );

                    leave;
                }

                //
                //  It not found in the hash, add the new entry.
                //

                InsertHeadList( listHead, &newHash->List );

                gHashCurrentCounters[hashIndex]++;

                if (gHashCurrentCounters[hashIndex] > gHashMaxCounters[hashIndex]) {

                    gHashMaxCounters[hashIndex] = gHashCurrentCounters[hashIndex];
                }

                //
                //  Since we inserted the new hash entry, mark the buffer as empty
                //  so we won't try and free it
                //

                buffer = NULL;

                KeReleaseSpinLock( &gHashLockTable[hashIndex], oldIrql );

            } else {

                //
                //  Either the name should not be cached or we couldn't get a
                //  name, return whatever name they gave us
                //

                SpyCopyFileNameToLogRecord( &RecordList->LogRecord, &newName->Name );

                INC_STATS( TotalContextTemporary );
            }

        } else {

            //
            //  Set a default string even if there is no buffer.
            //

            SpyCopyFileNameToLogRecord( &RecordList->LogRecord, &OutOfBuffers );
        }

    }
    finally {

        //
        //  Free memory
        //

        if (buffer != NULL) {

            SpyFreeBuffer( buffer, &gNamesAllocated );
        }

        if (newName != NULL) {

            NLFreeNameControl( newName, &gFileSpyNameBufferLookasideList );
        }
    }
}