?? filemon.c
字號:
/******************************************************************************
*
* FileMon - File System Monitor for Windows NT
*
* Copyright (c) 1996-1998 Mark Russinovich and Bryce Cogswell
*
* See readme.txt for tersma and conditions.
*
* PROGRAM: FileMon.c
*
* PURPOSE: Communicates with the FileMon driver to display
* file system activity information.
*
******************************************************************************/
#include <windows.h> // includes basic windows functionality
#include <windowsx.h>
#include <tchar.h>
#include <commctrl.h> // includes the common control header
#include <stdio.h>
#include <string.h>
#include <winioctl.h>
#include "resource.h"
#include "ioctlcmd.h"
#include "instdrv.h"
// this typedef, present in newer system include files,
// supports the building filemon on older systems
typedef struct
{
DWORD cbSize;
DWORD dwMajorVersion;
DWORD dwMinorVersion;
DWORD dwBuildNumber;
DWORD dwPlatformID;
} DLLVERSIONINFO_, *PDLLVERSIONINFO_;
HRESULT (CALLBACK *pDllGetVersionProc)( PDLLVERSIONINFO_ pdvi );
// Set this to 0 for a non-processor specific version that does not get
// process names from the device driver
#define GETPROCESS 1
//
// Application name for message boxes
//
#define APPNAME _T("Filemon")
// toolbar height plus the borders
#define TOOLBARHEIGHT 28
// Number of columns in the listview
#define NUMCOLUMNS 7
// Variables/definitions for the driver that performs the actual monitoring.
#define SYS_FILE _T("FILEMON.SYS")
#define SYS_NAME _T("FILEMON")
static HANDLE sys_handle = INVALID_HANDLE_VALUE;
// Drive type names
#define DRVUNKNOWN 0
#define DRVFIXED 1
#define DRVREMOTE 2
#define DRVRAM 3
#define DRVCD 4
#define DRVREMOVE 5
TCHAR DrvNames[][32] = {
_T("UNKNOWN"),
_T("FIXED"),
_T("REMOTE"),
_T("RAM"),
_T("CD"),
_T("REMOVEABLE"),
};
#define POSVERSION 360
// Position settings data structure
typedef struct {
int posversion;
int left;
int top;
int width;
int height;
DWORD column[NUMCOLUMNS];
DWORD curdriveset;
DWORD historydepth;
BOOLEAN maximized;
BOOLEAN timeduration;
FILTER filter;
} POSITION_SETTINGS;
// typedef for balloon popup
typedef struct {
WCHAR itemText[1024];
POINT itemPosition;
} ITEM_CLICK, *PITEM_CLICK;
// drives that are hooked
DWORD CurDriveSet;
// The variable that holds the position settings
POSITION_SETTINGS PositionInfo;
// toolbar constants
#define ID_TOOLBAR 1
// defined for comtl32.dll version 4.7
#define TOOLBAR_FLAT 0x800
// button definitions
// for installations that support flat style
TBBUTTON tbButtons[] = {
{ 0, 0, TBSTATE_ENABLED, TBSTYLE_SEP, 0L, 0},
{ 0, IDM_SAVE, TBSTATE_ENABLED, TBSTYLE_BUTTON, 0L, 0},
{ 8, 0, 0, TBSTYLE_BUTTON, 0L, 0},
{ 2, IDM_CAPTURE, TBSTATE_ENABLED, TBSTYLE_BUTTON, 0L, 0},
{ 4, IDM_AUTOSCROLL, TBSTATE_ENABLED, TBSTYLE_BUTTON, 0L, 0},
{ 6, IDM_CLEAR, TBSTATE_ENABLED, TBSTYLE_BUTTON, 0L, 0},
{ 0, 0, TBSTATE_ENABLED, TBSTYLE_SEP, 0L, 0},
{ 9, IDM_TIME, TBSTATE_ENABLED, TBSTYLE_BUTTON, 0L, 0 },
{ 8, 0, 0, TBSTYLE_BUTTON, 0L, 0},
{ 5, IDM_FILTER, TBSTATE_ENABLED, TBSTYLE_BUTTON, 0L, 0},
{ 8, 0, 0, TBSTYLE_BUTTON, 0L, 0},
{ 7, IDM_FIND, TBSTATE_ENABLED, TBSTYLE_BUTTON, 0L, 0},
{ 8, 0, 0, TBSTYLE_BUTTON, 0L, 0},
};
#define NUMBUTTONS 13
// for older installations
TBBUTTON tbButtonsOld[] = {
{ 0, 0, TBSTATE_ENABLED, TBSTYLE_SEP, 0L, 0},
{ 0, IDM_SAVE, TBSTATE_ENABLED, TBSTYLE_BUTTON, 0L, 0},
{ 0, 0, TBSTATE_ENABLED, TBSTYLE_SEP, 0L, 0},
{ 2, IDM_CAPTURE, TBSTATE_ENABLED, TBSTYLE_BUTTON, 0L, 0},
{ 4, IDM_AUTOSCROLL, TBSTATE_ENABLED, TBSTYLE_BUTTON, 0L, 0},
{ 6, IDM_CLEAR, TBSTATE_ENABLED, TBSTYLE_BUTTON, 0L, 0},
{ 0, 0, TBSTATE_ENABLED, TBSTYLE_SEP, 0L, 0},
{ 9, IDM_TIME, TBSTATE_ENABLED, TBSTYLE_BUTTON, 0L, 0 },
{ 0, 0, TBSTATE_ENABLED, TBSTYLE_SEP, 0L, 0},
{ 5, IDM_FILTER, TBSTATE_ENABLED, TBSTYLE_BUTTON, 0L, 0},
{ 0, 0, TBSTATE_ENABLED, TBSTYLE_SEP, 0L, 0},
{ 7, IDM_FIND, TBSTATE_ENABLED, TBSTYLE_BUTTON, 0L, 0},
};
#define NUMBUTTONSOLD 12
// Buffer into which driver can copy statistics
char Stats[ MAX_STORE ];
// Current fraction of buffer filled
DWORD StatsLen;
// Search string
TCHAR FindString[256];
FINDREPLACE FindTextInfo;
DWORD FindFlags = FR_DOWN;
BOOLEAN PrevMatch;
TCHAR PrevMatchString[256];
// Application instance handle
HINSTANCE hInst;
// Misc globals
HWND hWndFind = NULL;
UINT findMessageID;
HWND hWndList;
HWND hBalloon = NULL;
BOOLEAN Capture = TRUE;
BOOLEAN Autoscroll = TRUE;
// listview size limiting
DWORD MaxLines = 0;
DWORD LastRow = 0;
// is time absolute or duration?
BOOLEAN TimeIsDuration;
// Filter-related
FILTER FilterDefinition;
// For info saving
TCHAR szFileName[256];
BOOLEAN FileChosen = FALSE;
// General buffer for storing temporary strings
static TCHAR msgbuf[ 257 ];
// General cursor manipulation
HCURSOR hSaveCursor;
HCURSOR hHourGlass;
// performance counter frequency
LARGE_INTEGER PerfFrequency;
//functions
BOOL InitApplication( HANDLE );
HWND InitInstance( HANDLE, int );
DWORD Hook_Drives( HMENU DriveMenu, DWORD MaxDriveSet, DWORD CurDriveSet );
HWND CreateList( HWND );
void UpdateStatistics( HWND hWnd, HWND hWndList, BOOL Clear );
int CALLBACK ListCompareProc( LPARAM lParam1, LPARAM lParam2, LPARAM lParamSort );
void SaveFile( HWND hDlg, HWND listbox, BOOLEAN SaveAs );
/******************************************************************************
*
* FUNCTION: Abort:
*
* PURPOSE: Handles emergency exit conditions.
*
*****************************************************************************/
void Abort( HWND hWnd, TCHAR * Msg )
{
LPVOID lpMsgBuf;
TCHAR errmsg[256];
DWORD error = GetLastError();
FormatMessage( FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM,
NULL, GetLastError(),
MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT),
(LPTSTR) &lpMsgBuf, 0, NULL );
UnloadDeviceDriver( SYS_NAME );
wsprintf(errmsg, _T("%s: %s"), Msg, lpMsgBuf );
if( error == ERROR_INVALID_HANDLE )
wsprintf(errmsg, _T("%s\nMake sure that you are an administrator and that ")
_T("Filemon is located on a local drive."), errmsg );
MessageBox( hWnd, errmsg, _T("Filemon"), MB_OK|MB_ICONERROR );
PostQuitMessage( 1 );
LocalFree( lpMsgBuf );
}
/******************************************************************************
*
* FUNCTION: BalloonDialog
*
* PURPOSE: Dialog function for home-brewed balloon help.
*
******************************************************************************/
LONG APIENTRY BalloonDialog( HWND hDlg, UINT message, UINT wParam, LONG lParam )
{
static ITEM_CLICK ctx;
static RECT rect;
static HFONT hfont;
LPCREATESTRUCT lpcs;
HDC hdc;
LOGFONT lf;
switch (message) {
case WM_CREATE:
lpcs = (void *)lParam;
ctx = *(PITEM_CLICK) lpcs->lpCreateParams;
hdc = GetDC( hDlg );
// Get font
if ( hfont == NULL ) {
GetObject( GetStockObject(SYSTEM_FONT), sizeof lf, &lf );
lf.lfWeight = FW_NORMAL;
lf.lfHeight = 8;
lf.lfWidth = 0;
wcscpy( lf.lfFaceName, _T("MS Sans Serif") );
hfont = CreateFontIndirect( &lf );
}
// Compute size of required rectangle
rect.left = 0;
rect.top = 0;
rect.right = lpcs->cx;
rect.bottom = lpcs->cy;
SelectObject( hdc, hfont );
DrawText( hdc, ctx.itemText, -1, &rect,
DT_NOCLIP|DT_LEFT|DT_NOPREFIX|DT_WORDBREAK|DT_CALCRECT );
// Move and resize window
if( ctx.itemPosition.x - 5 + rect.right + 10 >
GetSystemMetrics(SM_CXFULLSCREEN) ) {
ctx.itemPosition.x = GetSystemMetrics(SM_CXFULLSCREEN) -
(rect.right+10-5);
}
MoveWindow( hDlg,
ctx.itemPosition.x-5, ctx.itemPosition.y+10,
rect.right + 10,
rect.bottom + 10,
TRUE );
// Adjust rectangle so text is centered
rect.left += 5;
rect.right += 5;
rect.top += 5;
rect.bottom += 5;
break;
case WM_PAINT:
hdc = GetDC( hDlg );
// Set colors
SetTextColor( hdc, 0x00000000 );
SetBkMode( hdc, TRANSPARENT );
SelectObject( hdc, hfont );
DrawText( hdc, ctx.itemText, -1, &rect,
DT_NOCLIP|DT_LEFT|DT_NOPREFIX|DT_WORDBREAK );
break;
case WM_MOUSEMOVE:
case WM_CLOSE:
hBalloon = NULL;
DestroyWindow( hDlg );
break;
}
return DefWindowProc( hDlg, message, wParam, lParam );
}
/******************************************************************************
*
* FUNCTION: FindInListview:
*
* PURPOSE: Searches for a string in the listview. Note: its okay if
* items are being added to the list view or the list view
* is cleared while this search is in progress - the effect
* is harmless.
*
*****************************************************************************/
BOOLEAN FindInListview(HWND hWnd, LPFINDREPLACE FindInfo )
{
int currentItem;
DWORD i;
int subitem, numItems;
TCHAR fieldtext[256];
BOOLEAN match = FALSE;
TCHAR errmsg[256];
BOOLEAN goUp;
// get the search direction
goUp = ((FindInfo->Flags & FR_DOWN) == FR_DOWN);
// initialize stuff
if( !(numItems = ListView_GetItemCount( hWndList ))) {
MessageBox( hWnd, _T("No items to search"), _T("Filemon"),
MB_OK|MB_ICONWARNING );
return FALSE;
}
// find the item with the focus
currentItem = ListView_GetNextItem( hWndList, 0, LVNI_SELECTED );
// if no current item, start at the top or the bottom
if( currentItem == -1 ) {
if( goUp )
currentItem = 0;
else {
if( PrevMatch ) {
wsprintf(errmsg, _T("Cannot find string \"%s\""), FindInfo->lpstrFindWhat );
MessageBox( hWnd, errmsg, _T("Filemon"), MB_OK|MB_ICONWARNING );
return FALSE;
}
currentItem = numItems;
}
}
// if we're continuing a search, start with the next item
if( PrevMatch && !wcscmp( FindString, PrevMatchString ) ) {
if( goUp ) currentItem++;
else currentItem--;
if( (!goUp && currentItem < 0) ||
(goUp && currentItem >= numItems )) {
wsprintf(errmsg, _T("Cannot find string \"%s\""), FindInfo->lpstrFindWhat );
MessageBox( hWnd, errmsg, APPNAME, MB_OK|MB_ICONWARNING );
return FALSE;
}
}
// loop through each item looking for the string
while( 1 ) {
// get the item text
for( subitem = 0; subitem < NUMCOLUMNS; subitem++ ) {
fieldtext[0] = 0;
ListView_GetItemText( hWndList, currentItem, subitem, fieldtext, 256 );
// make sure enought string for a match
if( wcslen( fieldtext ) < wcslen( FindInfo->lpstrFindWhat ))
continue;
// do a scan all the way through for the substring
if( FindInfo->Flags & FR_WHOLEWORD ) {
i = 0;
while( fieldtext[i] ) {
while( fieldtext[i] && fieldtext[i] != ' ' ) i++;
if( FindInfo->Flags & FR_MATCHCASE )
match = !wcscmp( fieldtext, FindInfo->lpstrFindWhat );
else
match = !wcsicmp( fieldtext, FindInfo->lpstrFindWhat );
if( match) break;
i++;
}
} else {
for( i = 0; i < wcslen( fieldtext ) - wcslen(FindInfo->lpstrFindWhat)+1; i++ ) {
if( FindInfo->Flags & FR_MATCHCASE )
match = !wcsncmp( &fieldtext[i], FindInfo->lpstrFindWhat,
wcslen(FindInfo->lpstrFindWhat) );
else
match = !wcsnicmp( &fieldtext[i], FindInfo->lpstrFindWhat,
wcslen(FindInfo->lpstrFindWhat) );
if( match ) break;
}
}
if( match ) {
wcscpy( PrevMatchString, FindInfo->lpstrFindWhat );
PrevMatch = TRUE;
ListView_SetItemState( hWndList, currentItem,
LVIS_SELECTED|LVIS_FOCUSED,
LVIS_SELECTED|LVIS_FOCUSED );
ListView_EnsureVisible( hWndList, currentItem, FALSE );
SetFocus( hWndList );
return TRUE;
}
}
currentItem = currentItem + (goUp ? 1:-1);
if( !currentItem || currentItem == numItems+1 ) {
// end of the road
break;
}
}
wsprintf(errmsg, _T("Cannot find string \"%s\""), FindInfo->lpstrFindWhat );
MessageBox( hWnd, errmsg, APPNAME, MB_OK|MB_ICONWARNING );
return FALSE;
}
?? 快捷鍵說明
復制代碼
Ctrl + C
搜索代碼
Ctrl + F
全屏模式
F11
切換主題
Ctrl + Shift + D
顯示快捷鍵
?
增大字號
Ctrl + =
減小字號
Ctrl + -