void PlayerData::BuildBasicData(Store db)
{
BuildBasePropData (db);
BuildScenePropsData (db);
BuildCardData (db);
BuildCardRosterData (db);
BuildEquipPkgData (db);
BuildOfficerData (db);
BuildPersonalMailData (db);
BuildArenaTable (db);
BuildCashPropsData (db);
BuildManorPropsData (db);
BuildEventData (db);
BuildQuestData (db);
BuildWorshipData (db);
BuildWorldBossData (db);
BuildDialData (db);
BuildVipTable (db);
BuildDataType (db, PlayerDataType_End);
DBLOG;
}
RPSTATUS
EventCheck(
IN PUNICODE_STRING pusCriminal,
IN PUNICODE_STRING pusVictim,
IN PEPROCESS pCriminalEproc,
IN PEPROCESS pVictimEproc,
IN ULONG ulCrimeType,
IN ULONG_PTR ulpExtraInfo
)
/*++
Routine Description:
处理检测到的违规操作
Arguments:
pusCriminal - 违规者名字
pusVictim - 受害者名字
pCriminalEproc - 违规者进程
pVictimEproc - 受害者进程
ulCrimeType - 违规类型
ulpExtraInfo - 额外信息,根据违规类型的不同而不同
Return Value:
允许放行返回 RP_STATUS_OK,拒绝该操作返回 RP_STATUS_ERR
Author:
Fypher
--*/
{
PEVENTDATA pEvtData;
ULONG ulJudgment;
RPSTATUS RpStatus = RP_STATUS_NOT_CLEAR;
PAGED_CODE();
if (!g_pProtected) // no ring3
return RP_STATUS_OK;
if (!IsMajorProtected(ulCrimeType)) // protect off
return RP_STATUS_OK;
if (IsInWhiteBlackHashTable(pusCriminal, CRIME_MAJOR_ALL, NODE_TYPE_WHITE)) // Super White List
return RP_STATUS_OK;
if (IsInWhiteBlackHashTable(pusCriminal, ulCrimeType, NODE_TYPE_WHITE)) // white list
RpStatus = RP_STATUS_OK;
else if (IsInWhiteBlackHashTable(pusCriminal, ulCrimeType, NODE_TYPE_BLACK)) // black list
RpStatus = RP_STATUS_ERR;
if (pCriminalEproc && pCriminalEproc == pVictimEproc) // Self xx
return RP_STATUS_OK;
if (g_ulEventDataCount > MAX_EVENT_IN_LIST) { // too many
KdPrintEx((DPFLTR_DEFAULT_ID, DPFLTR_ERROR_LEVEL, "EventCheck! g_ulEventDataCount: %d\r\n", g_ulEventDataCount));
return RP_STATUS_ERR;
}
switch (ulCrimeType & CRIME_MAJOR_MASK) {
//
// CRIME_MAJOR_FILE
//
case CRIME_MAJOR_FILE:
if (!IsInWhiteBlackHashTable(pusVictim, CRIME_MAJOR_FILE, NODE_TYPE_BLACK))
return RP_STATUS_OK;
break;
//
// CRIME_MAJOR_PROC
//
case CRIME_MAJOR_PROC:
if (pVictimEproc == g_pProtected) // self protect
return RP_STATUS_ERR;
// only for self protect
if (ulCrimeType == CRIME_MINOR_NtOpenProcess ||
ulCrimeType == CRIME_MINOR_NtOpenThread ||
ulCrimeType == CRIME_MINOR_NtAssignProcessToJobObject)
{
return RP_STATUS_OK;
}
break;
//
// CRIME_MAJOR_REG
//
case CRIME_MAJOR_REG:
break;
//
// CRIME_MAJOR_SYS
//
case CRIME_MAJOR_SYS:
if (ulCrimeType == CRIME_MINOR_NtDuplicateObject)
{
if (g_pProtected == (PEPROCESS)ulpExtraInfo) { // selfprotect
return RP_STATUS_ERR;
}
}
else if (ulCrimeType == CRIME_MINOR_NtOpenSection)
{
if (/*g_pPhysicalMemoryObj && */g_pPhysicalMemoryObj != (PVOID)ulpExtraInfo)
return RP_STATUS_OK;
}
break;
default:
KdPrintEx(( DPFLTR_DEFAULT_ID, DPFLTR_ERROR_LEVEL,
"EventCheck! How did I get here! %x\r\n", ulCrimeType
));
break;
}
if (RpStatus != RP_STATUS_NOT_CLEAR)
return RpStatus;
pEvtData = BuildEventData(pusCriminal, pusVictim, pCriminalEproc, pVictimEproc, ulCrimeType, ulpExtraInfo);
if (!pEvtData)
return RP_STATUS_ERR;
PushEvent(pEvtData);
KeWaitForSingleObject(&pEvtData->evt, Executive, KernelMode, FALSE, NULL);
ulJudgment = pEvtData->ulJudgment;
DestroyEventData(pEvtData);
if (ulJudgment & JUDGMENT_ACCEPT) {
if (ulJudgment & JUDGMENT_ALWAYS) {
AddToWhiteBlackHashTable(pusCriminal, ulCrimeType, NODE_TYPE_WHITE);
}
return RP_STATUS_OK;
} else if (ulJudgment & JUDGMENT_REFUSE) {
if (ulJudgment & JUDGMENT_ALWAYS) {
AddToWhiteBlackHashTable(pusCriminal, ulCrimeType, NODE_TYPE_BLACK);
}
return RP_STATUS_ERR;
}
// never reaches here
return RP_STATUS_ERR;
}