?? filemon.c
字號:
/******************************************************************************
*
* FUNCTION: PopFindDialog:
*
* PURPOSE: Calls the find message dialog box.
*
*****************************************************************************/
void PopFindDialog(HWND hWnd)
{
wcscpy( FindString, PrevMatchString );
FindTextInfo.lStructSize = sizeof( FindTextInfo );
FindTextInfo.hwndOwner = hWnd;
FindTextInfo.hInstance = (HANDLE)hInst;
FindTextInfo.lpstrFindWhat = FindString;
FindTextInfo.lpstrReplaceWith = NULL;
FindTextInfo.wFindWhatLen = sizeof(FindString);
FindTextInfo.wReplaceWithLen = 0;
FindTextInfo.lCustData = 0;
FindTextInfo.Flags = FindFlags;
FindTextInfo.lpfnHook = (LPFRHOOKPROC)(FARPROC)NULL;
FindTextInfo.lpTemplateName = NULL;
if ((hWndFind = FindText(&FindTextInfo)) == NULL)
MessageBox( hWnd, _T("Unable to create Find dialog"), APPNAME, MB_OK|MB_ICONERROR );
}
/****************************************************************************
*
* FUNCTION: FilterProc
*
* PURPOSE: Processes messages for "Filter" dialog box
*
****************************************************************************/
BOOL APIENTRY FilterProc( HWND hDlg, UINT message, UINT wParam, LONG lParam )
{
int nb;
DWORD newMaxLines;
FILTER upcaseFilter;
char history[64];
switch ( message ) {
case WM_INITDIALOG:
// initialize the controls to reflect the current filter
SetDlgItemTextA( hDlg, IDC_PROCFILTER, FilterDefinition.processfilter );
SetDlgItemTextA( hDlg, IDC_PROCEXCLUDE, FilterDefinition.excludeprocess );
SetDlgItemTextA( hDlg, IDC_PATHFILTER, FilterDefinition.pathfilter );
SetDlgItemTextA( hDlg, IDC_EXCLUDEFILTER, FilterDefinition.excludefilter );
CheckDlgButton( hDlg, IDC_FILTERREADS, FilterDefinition.logreads );
CheckDlgButton( hDlg, IDC_FILTERWRITES,FilterDefinition.logwrites );
sprintf( history, "%d", MaxLines );
SetDlgItemTextA( hDlg, IDC_HISTORY, history );
return TRUE;
case WM_COMMAND:
if ( LOWORD( wParam ) == IDOK ) {
// make sure that max lines is legal
GetDlgItemTextA( hDlg, IDC_HISTORY, history, 64 );
if( !sscanf( history, "%d", &newMaxLines )) {
MessageBox( NULL, _T("Invalid History Depth."),
_T("Filter Error"), MB_OK|MB_ICONWARNING );
return TRUE;
}
MaxLines = newMaxLines;
// read the values that were set
GetDlgItemTextA( hDlg, IDC_PROCFILTER, FilterDefinition.processfilter, MAXFILTERLEN );
GetDlgItemTextA( hDlg, IDC_PROCEXCLUDE, FilterDefinition.excludeprocess, MAXFILTERLEN );
GetDlgItemTextA( hDlg, IDC_PATHFILTER, FilterDefinition.pathfilter, MAXFILTERLEN );
GetDlgItemTextA( hDlg, IDC_EXCLUDEFILTER, FilterDefinition.excludefilter, MAXFILTERLEN );
FilterDefinition.logreads = IsDlgButtonChecked( hDlg, IDC_FILTERREADS );
FilterDefinition.logwrites = IsDlgButtonChecked( hDlg, IDC_FILTERWRITES );
// make an upcase version for the driver
upcaseFilter = FilterDefinition;
_strupr(upcaseFilter.processfilter);
_strupr(upcaseFilter.excludeprocess);
_strupr(upcaseFilter.pathfilter);
_strupr(upcaseFilter.excludefilter);
// tell the driver the new filter
if ( ! DeviceIoControl( sys_handle, FILEMON_setfilter,
&upcaseFilter, sizeof(FILTER), NULL,
0, &nb, NULL ) )
{
Abort( hDlg, _T("Couldn't access device driver") );
return TRUE;
}
EndDialog( hDlg, TRUE );
return TRUE;
} else if( LOWORD( wParam ) == IDCANCEL ) {
EndDialog( hDlg, TRUE );
} else if( LOWORD( wParam ) == IDRESET ) {
// reset filter to default of none
sprintf( FilterDefinition.processfilter, "*" );
sprintf( FilterDefinition.excludeprocess, "" );
sprintf( FilterDefinition.pathfilter, "*" );
sprintf( FilterDefinition.excludefilter, "");
FilterDefinition.logreads = TRUE;
FilterDefinition.logwrites = TRUE;
MaxLines = 0;
// initialize the controls to reflect the current filter
SetDlgItemTextA( hDlg, IDC_PROCFILTER, FilterDefinition.processfilter );
SetDlgItemTextA( hDlg, IDC_PROCEXCLUDE, FilterDefinition.excludeprocess );
SetDlgItemTextA( hDlg, IDC_PATHFILTER, FilterDefinition.pathfilter );
SetDlgItemTextA( hDlg, IDC_EXCLUDEFILTER, FilterDefinition.excludefilter );
CheckDlgButton( hDlg, IDC_FILTERREADS, FilterDefinition.logreads );
CheckDlgButton( hDlg, IDC_FILTERWRITES, FilterDefinition.logwrites );
SetDlgItemTextA( hDlg, IDC_HISTORY, "0" );
}
break;
case WM_CLOSE:
EndDialog( hDlg, TRUE );
return TRUE;
}
return FALSE;
}
/******************************************************************************
*
* FUNCTION: Get_Position_Settings
*
* PURPOSE: Reads the Registry to get the last-set window position.
*
******************************************************************************/
VOID Get_Position_Settings()
{
HKEY hKey;
DWORD ParamSize;
POSITION_SETTINGS regPositionInfo;
// Fist, set the default settings
PositionInfo.top = CW_USEDEFAULT;
PositionInfo.left = CW_USEDEFAULT;
PositionInfo.width = CW_USEDEFAULT;
PositionInfo.height = CW_USEDEFAULT;
PositionInfo.maximized = FALSE;
// set the default listview widths
PositionInfo.column[0] = 35; // seq
PositionInfo.column[1] = 90; // time
PositionInfo.column[2] = 90; // process
PositionInfo.column[3] = 130; // irp
PositionInfo.column[4] = 200; // path
PositionInfo.column[5] = 70; // result
PositionInfo.column[6] = 150; // other
// intialize the hooked drives
PositionInfo.curdriveset = (DWORD) -1;
// duration is default
PositionInfo.timeduration = FALSE;
// initialize history depth
PositionInfo.historydepth = 0;
// initialize filter
strcpy( PositionInfo.filter.processfilter, "*" );
strcpy( PositionInfo.filter.excludeprocess, "" );
strcpy( PositionInfo.filter.pathfilter, "*" );
strcpy( PositionInfo.filter.excludefilter, "" );
PositionInfo.filter.logreads = TRUE;
PositionInfo.filter.logwrites = TRUE;
// first, get the last-entered params from the registry
RegCreateKey(HKEY_CURRENT_USER,
_T("Software\\Systems Internals\\NTFilemon"),
&hKey );
// get the params and ignore errors
ParamSize = sizeof( PositionInfo );
RegQueryValueEx( hKey,_T("Settings"), NULL, NULL, (LPBYTE) ®PositionInfo,
&ParamSize );
RegCloseKey( hKey );
// only use the registry settings if the version matches
if( regPositionInfo.posversion == POSVERSION ) PositionInfo = regPositionInfo;
// extract global settings from the value returned from the Registry (or the default)
CurDriveSet = PositionInfo.curdriveset;
MaxLines = PositionInfo.historydepth;
TimeIsDuration = PositionInfo.timeduration;
FilterDefinition = PositionInfo.filter;
}
/******************************************************************************
*
* FUNCTION: Save_Position_Settings
*
* PURPOSE: Saves the current window settings to the Registry.
*
******************************************************************************/
VOID Save_Position_Settings( HWND hWnd )
{
RECT rc;
int i;
HKEY hKey;
// set version #
PositionInfo.posversion = POSVERSION;
// get the position of the main window
GetWindowRect( hWnd, &rc );
if( !IsIconic( hWnd )) {
PositionInfo.left = rc.left;
PositionInfo.top = rc.top;
PositionInfo.width = rc.right - rc.left;
PositionInfo.height = rc.bottom - rc.top;
}
PositionInfo.maximized = IsZoomed( hWnd );
// get the history depth
PositionInfo.historydepth = MaxLines;
// get time format
PositionInfo.timeduration = TimeIsDuration;
// get the widths of the listview columns
#if GETPROCESS
for( i = 0; i < NUMCOLUMNS; i++ ) {
#else
for( i = 0; i < NUMCOLUMNS-1; i++ ) {
#endif
PositionInfo.column[i] = ListView_GetColumnWidth( hWndList, i );
}
// save filters
PositionInfo.filter = FilterDefinition;
// get the current drive set
PositionInfo.curdriveset = CurDriveSet;
// save connection info to registry
RegOpenKey(HKEY_CURRENT_USER,
_T("Software\\Systems Internals\\NTFilemon"),
&hKey );
RegSetValueEx( hKey, _T("Settings"), 0, REG_BINARY, (LPBYTE) &PositionInfo,
sizeof( PositionInfo ) );
RegCloseKey( hKey );
}
/******************************************************************************
*
* FUNCTION: Hook_Drives
*
* PURPOSE: Hook the currently selected drives, updating menu checks
*
******************************************************************************/
DWORD Hook_Drives( HMENU DriveMenu, DWORD MaxDriveSet, DWORD CurDriveSet )
{
DWORD nb;
DWORD drive;
// Tell device driver which drives to monitor
if ( ! DeviceIoControl( sys_handle, FILEMON_setdrives,
&CurDriveSet, sizeof CurDriveSet,
&CurDriveSet, sizeof CurDriveSet,
&nb, NULL ) )
return 0;
// Update menu items
for ( drive = 0; drive < 32; ++drive )
if ( MaxDriveSet & (1<<drive) ) {
if ( CurDriveSet & (1<<drive) )
CheckMenuItem( DriveMenu, IDC_DRIVE+drive, MF_BYCOMMAND|MF_CHECKED );
else
CheckMenuItem( DriveMenu, IDC_DRIVE+drive, MF_BYCOMMAND|MF_UNCHECKED );
}
return CurDriveSet;
}
/******************************************************************************
*
* FUNCTION: Split
*
* PURPOSE: Split a delimited line into components
*
******************************************************************************/
int Split( char * line, char delimiter, char * items[] )
{
int cnt = 0;
for (;;) {
// Add prefix to list of components
items[cnt++] = line;
// Check for more components
line = strchr( line, delimiter );
if ( line == NULL )
return cnt;
// Terminate previous component and move to next
*line++ = '\0';
}
}
/******************************************************************************
*
* FUNCTION: ListAppend
*
* PURPOSE: Add a new line to List window
*
******************************************************************************/
BOOL List_Append( HWND hWndList, DWORD seq, LONGLONG time, char * line )
{
LV_ITEM lvI; // list view item structure
int row;
char * items[20];
int itemcnt = 0;
FILETIME localTime;
SYSTEMTIME systemTime;
// Split line into columns
itemcnt = Split( line, '\t', items );
if ( itemcnt == 0 )
return TRUE;
// Determine row number for request
if ( *items[0] ) {
// Its a new request. Put at end.
row = 0x7FFFFFFF;
} else {
// Its a status. Locate its associated request.
lvI.mask = LVIF_PARAM;
lvI.iSubItem = 0;
for ( row = ListView_GetItemCount(hWndList) - 1; row >= 0; --row ) {
lvI.iItem = row;
if ( ListView_GetItem( hWndList, &lvI ) && (DWORD)lvI.lParam == seq )
break;
}
if ( row == -1 )
// No request associated with status.
return TRUE;
}
// Sequence number if a new item
if ( *items[0] ) {
wsprintf( msgbuf, _T("%d"), seq );
lvI.mask = LVIF_TEXT | LVIF_PARAM;
lvI.iItem = row;
lvI.iSubItem = 0;
lvI.pszText = msgbuf;
lvI.cchTextMax = lstrlen( lvI.pszText ) + 1;
lvI.lParam = seq;
row = ListView_InsertItem( hWndList, &lvI );
if ( row == -1 ) {
wsprintf( msgbuf, _T("Error adding item %d to list view"), seq );
MessageBox( hWndList, msgbuf, APPNAME, MB_OK|MB_ICONERROR );
return FALSE;
}
LastRow = row;
}
// Time - note: in order to save space in the log records
// I convert all times read to date/times and, based on whether
// the year is reasonable, chose to interpret the time as
// a timestamp or a duration.
FileTimeToLocalFileTime( (PFILETIME) &time, &localTime );
FileTimeToSystemTime( &localTime, &systemTime );
if( systemTime.wYear < 1998 || systemTime.wYear > 2100 ) {
swprintf( msgbuf, _T("%10.8f"), (((float) time) /
((float) PerfFrequency.QuadPart)) );
} else {
GetTimeFormat( LOCALE_USER_DEFAULT, 0,
&systemTime, NULL, msgbuf, 64 );
}
ListView_SetItemText( hWndList, row, 1, msgbuf );
#if GETPROCESS
// Process name
if ( itemcnt>0 && *items[0] ) {
OemToChar( items[0], msgbuf );
ListView_SetItemText( hWndList, row, 2, msgbuf );
}
#endif
// Request type
if ( itemcnt>1 && *items[1] ) {
OemToChar( items[1], msgbuf );
ListView_SetItemText( hWndList, row, 2+GETPROCESS, msgbuf );
}
// Path
if ( itemcnt>2 && *items[2] ) {
OemToChar( items[2], msgbuf );
ListView_SetItemText( hWndList, row, 3+GETPROCESS, msgbuf );
}
// Result
if ( itemcnt>4 && *items[4] ) {
OemToChar( items[4], msgbuf );
ListView_SetItemText( hWndList, row, 4+GETPROCESS, msgbuf );
}
// Additional
if ( itemcnt>3 && *items[3] ) {
OemToChar( items[3], msgbuf );
ListView_SetItemText( hWndList, row, 5+GETPROCESS, msgbuf );
}
return TRUE;
}
/******************************************************************************
*
* FUNCTION: UpdateStatistics
*
* PURPOSE: Clear the statistics window and refill it with the current
* contents of the statistics buffer. Does not refresh the
* buffer from the device driver.
*
******************************************************************************/
void UpdateStatistics( HWND hWnd, HWND hWndList, BOOL Clear )
{
PENTRY ptr;
// Just return if nothing to do
if ( !Clear && StatsLen < sizeof(int)+2 )
return;
// Start with empty list
if ( Clear ) {
ListView_DeleteAllItems( hWndList );
LastRow = 0;
?? 快捷鍵說明
復制代碼
Ctrl + C
搜索代碼
Ctrl + F
全屏模式
F11
切換主題
Ctrl + Shift + D
顯示快捷鍵
?
增大字號
Ctrl + =
減小字號
Ctrl + -