? objfre_wnet_amd64 ? objfre_wxp_x86 Index: cvsflt.c =================================================================== RCS file: /scotty/cvsflt/cvsflt/cvsflt.c,v retrieving revision 1.10 diff -c -r1.10 cvsflt.c *** cvsflt.c 20 Sep 2012 03:22:00 -0000 1.10 --- cvsflt.c 26 Sep 2012 07:30:58 -0000 *************** *** 366,371 **** --- 366,375 ---- ULONG gSTrialExpired = 0; ULONG gSEventMsgRun = 0; + ULONG gSEventMsgLoad = 0; + ULONG gSEventMsgPosixDir = 0; + ULONG gSEventMsgGetDir = 0; + ULONG gSEventMsgGetVer = 0; // // Here is what the major and minor versions should be for the various OS versions: *************** *** 425,430 **** --- 429,439 ---- DbgPrint _string : \ ((void)0)) + #define CVS_EVENT_LOG( _dbgLevel, _errcode, _string ) \ + (FlagOn(SfDebug,(_dbgLevel)) ? \ + CvsEventLog ( gCvsFltDriverObject , _errcode , _string , NULL ) : \ + ((void)0)) + // // Delay values for KeDelayExecutionThread() // (Values are negative to represent relative time) *************** *** 510,516 **** #define CVSDEBUG_TRACE_IOCTL 0x00000020 //trace ioctl actions #define CVSDEBUG_TRACE_EVENTLOG 0x00000040 //trace event actions #define CVSDEBUG_TRACE_ALLPOSIX 0x00000080 //trace all posix filenames ! #define CVSDEBUG_TRACE_UNUSED 0x00000100 // - not currently in use - #define CVSDEBUG_TRACE_SIMILARPOSIX 0x00000200 //trace similar posix filenames #define CVSDEBUG_TRACE_TAILPOSIX 0x00000400 //trace similar posix filenames #define CVSDEBUG_TRACE_ESSENTIAL 0x00000800 //trace essential info add/remove/etc. --- 519,525 ---- #define CVSDEBUG_TRACE_IOCTL 0x00000020 //trace ioctl actions #define CVSDEBUG_TRACE_EVENTLOG 0x00000040 //trace event actions #define CVSDEBUG_TRACE_ALLPOSIX 0x00000080 //trace all posix filenames ! #define CVSDEBUG_TRACE_MOREEVENTS 0x00000100 //create more events #define CVSDEBUG_TRACE_SIMILARPOSIX 0x00000200 //trace similar posix filenames #define CVSDEBUG_TRACE_TAILPOSIX 0x00000400 //trace similar posix filenames #define CVSDEBUG_TRACE_ESSENTIAL 0x00000800 //trace essential info add/remove/etc. *************** *** 633,638 **** --- 642,655 ---- ); #endif + ULONG + CvsEventLog( + IN PVOID Driver_or_Device_Object, + IN NTSTATUS myerrcode, + IN PWSTR myname, + IN PULONG bDoneAlready + ); + NTSTATUS CvsPassThrough( IN PDEVICE_OBJECT DeviceObject, *************** *** 1235,1240 **** --- 1252,1258 ---- UNICODE_STRING nameString,linkString; NTSTATUS status; ULONG i; + PWSTR mystart = L"CvsFlt"; #if WINVER >= 0x0501 // *************** *** 1584,1589 **** --- 1602,1608 ---- // ClearFlag( gCvsFltControlDeviceObject->Flags, DO_DEVICE_INITIALIZING ); + CvsEventLog(DriverObject,CVSFLT_LOADDRV,mystart,&gSEventMsgLoad); return STATUS_SUCCESS; } *************** *** 1634,1639 **** --- 1653,1659 ---- LARGE_INTEGER interval; # define DEVOBJ_LIST_SIZE 64 PDEVICE_OBJECT devList[DEVOBJ_LIST_SIZE]; + PWSTR myrun = L"CvsFlt"; ASSERT(DriverObject == gCvsFltDriverObject); *************** *** 1644,1649 **** --- 1664,1670 ---- CVS_LOG_PRINT( CVSDEBUG_DISPLAY_ATTACHMENT_NAMES, ("CvsFlt!DriverUnload: Unloading driver (%p)\n", DriverObject) ); + CvsEventLog(DriverObject,CVSFLT_UNLOADDRV,myrun,NULL); // // Don't get anymore file system change notifications *************** *** 6959,6964 **** --- 6980,6986 ---- } CVS_LOG_PRINT(CVSDEBUG_TRACE_ESSENTIAL,("CvsFlt!CvsAddPosixDirectory: Add %S\n",Dir)); + CVS_EVENT_LOG(CVSDEBUG_TRACE_MOREEVENTS,CVSFLT_ADDPOSIX,Dir); KeAcquireSpinLock( &gCvsDirectoryListLock, &oldIrql ); DirBuf->Next = gCvsDirectoryListRoot; *************** *** 6985,6990 **** --- 7007,7013 ---- UNICODE_STRING str1; CVS_LOG_PRINT(CVSDEBUG_TRACE_ESSENTIAL,("CvsFlt!CvsRemovePosixDirectory: Remove %S\n",Dir?Dir:(Temporary?L"all temporary":L"all global directories"))); + CVS_EVENT_LOG(CVSDEBUG_TRACE_MOREEVENTS,CVSFLT_DELPOSIX,Dir); KeAcquireSpinLock( &gCvsDirectoryListLock, &oldIrql ); DirBuf = gCvsDirectoryListRoot; *************** *** 7144,7154 **** --- 7167,7179 ---- result = RtlStringCbCopyNW(Dir,DirLen,DirBuf->wsz,DirBuf->Directory.Length); *OutLen=DirBuf->Directory.Length; CVS_LOG_PRINT(CVSDEBUG_TRACE_ESSENTIAL,("CvsFlt!CvsGetPosixDirectory: Returns %S\n",Dir)); + CVS_EVENT_LOG(CVSDEBUG_TRACE_MOREEVENTS,CVSFLT_LSTPOSIXOK,Dir); } else { CVS_LOG_PRINT(CVSDEBUG_TRACE_ESSENTIAL,("CvsFlt!CvsGetPosixDirectory: Fails\n")); result = STATUS_NOT_FOUND; + CVS_EVENT_LOG(CVSDEBUG_TRACE_MOREEVENTS,CVSFLT_LSTPOSIXFAIL,Dir); } KeReleaseSpinLock( &gCvsDirectoryListLock, oldIrql ); *************** *** 7227,7232 **** --- 7252,7258 ---- POBJECT_NAME_INFORMATION Info = (POBJECT_NAME_INFORMATION)Buf; CVS_LOG_PRINT(CVSDEBUG_TRACE_ESSENTIAL,("CvsFlt!CvsGetKernelName: %S\n",NameIn)); + CVS_EVENT_LOG(CVSDEBUG_TRACE_MOREEVENTS,CVSFLT_GETPOSIX,NameIn); RtlInitUnicodeString(&ni,NameIn); *************** *** 7339,7396 **** return STATUS_SUCCESS; } ! BOOLEAN ! CvsIsPosixFileName ( ! IN PIRP Irp, ! IN PDEVICE_OBJECT DeviceObject, ! IN PUNICODE_STRING FileName ! ) { - CVSFLT_DIRECTORY *DirBuf; - KIRQL oldIrql; - BOOLEAN bRet = FALSE, bSimilar = FALSE, bTailMatch = FALSE; PIO_ERROR_LOG_PACKET errlog_pkt; ! PWSTR myname = L"expired"; ! PWSTR myrun = L"running"; ! size_t myrunlen =0, mynamelen = 0, packetlen = 0; /* ULONG */ ! WCHAR dirchar; ! PWSTR dirptr; ! WCHAR str1char; ! PWSTR str1ptr; ! USHORT kk = 0; ! LARGE_INTEGER CvsCurrentTime; ! ULONG CvsElapsedSeconds = 0; ! ! UNREFERENCED_PARAMETER(Irp); ! ! /* Optimisation - we don't much care about multiprocessor here, because if we get a false negative ! or positive it only affects one call */ ! if(!gCvsDirectoryListRoot) ! return FALSE; ! KeQuerySystemTime(&CvsCurrentTime); ! RtlTimeToSecondsSince1970(&CvsCurrentTime,&CvsElapsedSeconds); ! if (gSEventMsgRun==0) ! { ! CVS_LOG_PRINT(CVSDEBUG_TRACE_EVENTLOG,("CvsFlt!CvsIsPosixFileName: driver has started running ok\n")); ! gSEventMsgRun=1; ! RtlStringCbLengthW(myrun,MAX_PATH*sizeof(WCHAR),&myrunlen); /* NTSTRSAFE_MAX_CCH cannot be found, so use MAX_PATH instead */ ! packetlen = myrunlen + sizeof(WCHAR) + sizeof(IO_ERROR_LOG_PACKET) + sizeof(ULONG); // sizeof(ULONG)=4? if (packetlen <= ERROR_LOG_MAXIMUM_SIZE) { ! errlog_pkt = (PIO_ERROR_LOG_PACKET) IoAllocateErrorLogEntry(DeviceObject, (UCHAR) packetlen); ! CVS_LOG_PRINT(CVSDEBUG_TRACE_EVENTLOG,("CvsFlt!CvsIsPosixFileName: allocated memory for event log message.\n")); if (errlog_pkt) { RtlZeroMemory( errlog_pkt, packetlen ); ! CVS_LOG_PRINT(CVSDEBUG_TRACE_EVENTLOG,("CvsFlt!CvsIsPosixFileName: memory for event log message zeroed.\n")); // as defined in ntiologc.h (C:\WinDDK\5112\inc\api\ntiologc.h) // or maybe defined in cvsflt_msg.h --- 7365,7406 ---- return STATUS_SUCCESS; } ! ULONG ! CvsEventLog( ! IN PVOID Driver_or_Device_Object, ! IN NTSTATUS myerrcode, ! IN PWSTR myname, ! IN PULONG bDoneAlready ! ) { PIO_ERROR_LOG_PACKET errlog_pkt; ! size_t mynamelen = 0, packetlen = 0; /* ULONG */ ! ULONG bDoneOK=0; + if (bDoneAlready!=NULL) + bDoneOK=*bDoneAlready; ! if (bDoneOK==0) ! { ! CVS_LOG_PRINT(CVSDEBUG_TRACE_EVENTLOG,("CvsFlt!CvsEventLog: start\n")); ! if (bDoneAlready!=NULL) ! *bDoneAlready=1; ! RtlStringCbLengthW(myname,MAX_PATH*sizeof(WCHAR),&mynamelen); /* NTSTRSAFE_MAX_CCH cannot be found, so use MAX_PATH instead */ ! packetlen = mynamelen + sizeof(WCHAR) + sizeof(IO_ERROR_LOG_PACKET) + sizeof(ULONG); // sizeof(ULONG)=4? if (packetlen <= ERROR_LOG_MAXIMUM_SIZE) { ! errlog_pkt = (PIO_ERROR_LOG_PACKET) IoAllocateErrorLogEntry(Driver_or_Device_Object, (UCHAR) packetlen); ! CVS_LOG_PRINT(CVSDEBUG_TRACE_EVENTLOG,("CvsFlt!CvsEventLog: allocated memory for event log message.\n")); if (errlog_pkt) { RtlZeroMemory( errlog_pkt, packetlen ); ! CVS_LOG_PRINT(CVSDEBUG_TRACE_EVENTLOG,("CvsFlt!CvsEventLog: memory for event log message zeroed.\n")); // as defined in ntiologc.h (C:\WinDDK\5112\inc\api\ntiologc.h) // or maybe defined in cvsflt_msg.h *************** *** 7400,7406 **** // IO_ERR_CONFIGURATION_ERROR (Driver or device is incorrectly configured for %1.) // ! errlog_pkt->ErrorCode = CVSFLT_RUNNING; errlog_pkt->DumpDataSize = sizeof(ULONG); // 4? errlog_pkt->DumpData[0] = (ULONG)1; errlog_pkt->StringOffset = sizeof(IO_ERROR_LOG_PACKET) + errlog_pkt->DumpDataSize; --- 7410,7416 ---- // IO_ERR_CONFIGURATION_ERROR (Driver or device is incorrectly configured for %1.) // ! errlog_pkt->ErrorCode = myerrcode; errlog_pkt->DumpDataSize = sizeof(ULONG); // 4? errlog_pkt->DumpData[0] = (ULONG)1; errlog_pkt->StringOffset = sizeof(IO_ERROR_LOG_PACKET) + errlog_pkt->DumpDataSize; *************** *** 7417,7435 **** // errlog_pkt->IoControlCode // errlog_pkt->DeviceOffset ! RtlStringCbCopyW((PWSTR) ((PUCHAR) errlog_pkt + errlog_pkt->StringOffset), myrunlen + sizeof(WCHAR), myrun); ! CVS_LOG_PRINT(CVSDEBUG_TRACE_EVENTLOG,("CvsFlt!CvsIsPosixFileName: error log string initialized ok.\n")); IoWriteErrorLogEntry(errlog_pkt); ! CVS_LOG_PRINT(CVSDEBUG_TRACE_EVENTLOG,("CvsFlt!CvsIsPosixFileName: driver has written a running message to event log\n")); // IoFreeErrorLogEntry(errlog_pkt); // only use this if you do NOT call IoWriteErrorLogEntry ! CVS_LOG_PRINT(CVSDEBUG_TRACE_EVENTLOG,("CvsFlt!CvsIsPosixFileName: driver has free'd the event log buffer\n")); } else ! CVS_LOG_PRINT(CVSDEBUG_TRACE_EVENTLOG,("CvsFlt!CvsIsPosixFileName: driver cannot write event log 'running' because out of memory...\n")); } else ! CVS_LOG_PRINT(CVSDEBUG_TRACE_EVENTLOG,("CvsFlt!CvsIsPosixFileName: driver cannot write event log because it's too long...\n")); } #ifdef CVSTRIAL_MAX --- 7427,7487 ---- // errlog_pkt->IoControlCode // errlog_pkt->DeviceOffset ! RtlStringCbCopyW((PWSTR) ((PUCHAR) errlog_pkt + errlog_pkt->StringOffset), mynamelen + sizeof(WCHAR), myname); ! CVS_LOG_PRINT(CVSDEBUG_TRACE_EVENTLOG,("CvsFlt!CvsEventLog: error log string initialized ok.\n")); IoWriteErrorLogEntry(errlog_pkt); ! CVS_LOG_PRINT(CVSDEBUG_TRACE_EVENTLOG,("CvsFlt!CvsEventLog: driver has written a running message to event log\n")); // IoFreeErrorLogEntry(errlog_pkt); // only use this if you do NOT call IoWriteErrorLogEntry ! CVS_LOG_PRINT(CVSDEBUG_TRACE_EVENTLOG,("CvsFlt!CvsEventLog: driver has free'd the event log buffer\n")); } else ! CVS_LOG_PRINT(CVSDEBUG_TRACE_EVENTLOG,("CvsFlt!CvsEventLog: driver cannot write event log 'running' because out of memory...\n")); } else ! CVS_LOG_PRINT(CVSDEBUG_TRACE_EVENTLOG,("CvsFlt!CvsEventLog: driver cannot write event log because it's too long...\n")); ! } ! return 0; ! } ! ! ! ! BOOLEAN ! CvsIsPosixFileName ( ! IN PIRP Irp, ! IN PDEVICE_OBJECT DeviceObject, ! IN PUNICODE_STRING FileName ! ) ! { ! CVSFLT_DIRECTORY *DirBuf; ! KIRQL oldIrql; ! BOOLEAN bRet = FALSE, bSimilar = FALSE, bTailMatch = FALSE; ! PWSTR myname = L"expired"; ! PWSTR myrun = L"running"; ! WCHAR dirchar; ! PWSTR dirptr; ! WCHAR str1char; ! PWSTR str1ptr; ! USHORT kk = 0; ! ! ! LARGE_INTEGER CvsCurrentTime; ! ULONG CvsElapsedSeconds = 0; ! ! UNREFERENCED_PARAMETER(Irp); ! ! /* Optimisation - we don't much care about multiprocessor here, because if we get a false negative ! or positive it only affects one call */ ! if(!gCvsDirectoryListRoot) ! return FALSE; ! ! KeQuerySystemTime(&CvsCurrentTime); ! RtlTimeToSecondsSince1970(&CvsCurrentTime,&CvsElapsedSeconds); ! ! if ((gSEventMsgRun==0)&&(FlagOn(SfDebug,(CVSDEBUG_TRACE_EVENTLOG)))) ! { ! CVS_LOG_PRINT(CVSDEBUG_TRACE_EVENTLOG,("CvsFlt!CvsIsPosixFileName: driver has started running ok\n")); ! CvsEventLog(DeviceObject,CVSFLT_RUNNING,myrun,&gSEventMsgRun); } #ifdef CVSTRIAL_MAX *************** *** 7445,7499 **** if ((gSTrialExpired==0) && (CvsElapsedSeconds>(CVSTRIAL_MAX+7858800))) { CVS_LOG_PRINT(CVSDEBUG_TRACE_EVENTLOG,("CvsFlt!CvsIsPosixFileName: Trial License has expired\n")); gSTrialExpired=1; - RtlStringCbLengthW(myname,MAX_PATH*sizeof(WCHAR),&mynamelen); /* NTSTRSAFE_MAX_CCH cannot be found, so use MAX_PATH instead */ - packetlen = mynamelen + sizeof(WCHAR) + sizeof(IO_ERROR_LOG_PACKET) + sizeof(ULONG); // sizeof(ULONG)=4? - - if (packetlen <= ERROR_LOG_MAXIMUM_SIZE) - { - - errlog_pkt = (PIO_ERROR_LOG_PACKET) IoAllocateErrorLogEntry(DeviceObject, (UCHAR) packetlen); - - if (errlog_pkt) - { - - RtlZeroMemory( errlog_pkt, sizeof( IO_ERROR_LOG_PACKET ) ); - - // as defined in ntiologc.h (C:\WinDDK\5112\inc\api\ntiologc.h) - // or maybe defined in cvsflt_msg.h - // - // STATUS_SEVERITY_INFORMATIONAL (or maybe STATUS_SEVERITY_ERROR or even STATUS_SEVERITY_WARNING) - // FACILITY_IO_ERROR_CODE (ie: not RPC - remote procedure call, and not MCA - machine check - // IO_ERR_CONFIGURATION_ERROR (Driver or device is incorrectly configured for %1.) - // - - errlog_pkt->ErrorCode = CVSFLT_MSG_STRING; - errlog_pkt->DumpDataSize = sizeof(ULONG); // 4? - errlog_pkt->DumpData[0] = (ULONG)1; - errlog_pkt->StringOffset = sizeof(IO_ERROR_LOG_PACKET) + errlog_pkt->DumpDataSize; - errlog_pkt->NumberOfStrings = 1; - errlog_pkt->RetryCount = 0; - - // optional stuff - // errlog_pkt->MajorFunctionCode - // errlog_pkt->EventCategory - // errlog_pkt->UniqueErrorValue - // errlog_pkt->FinalStatus - // errlog_pkt->SequenceNumber - // errlog_pkt->IoControlCode - // errlog_pkt->DeviceOffset - - RtlStringCbCopyW((PWSTR) ((PUCHAR) errlog_pkt + errlog_pkt->StringOffset), mynamelen + sizeof(WCHAR), myname); - - IoWriteErrorLogEntry(errlog_pkt); - // IoFreeErrorLogEntry(errlog_pkt); // only use this if you do NOT call IoWriteErrorLogEntry - CVS_LOG_PRINT(CVSDEBUG_TRACE_EVENTLOG,("CvsFlt!CvsIsPosixFileName: Written event log: Trial License has expired\n")); - } - else - CVS_LOG_PRINT(CVSDEBUG_TRACE_EVENTLOG,("CvsFlt!CvsIsPosixFileName: driver cannot write event log 'expired' because out of memory...\n")); - } - else - CVS_LOG_PRINT(CVSDEBUG_TRACE_EVENTLOG,("CvsFlt!CvsIsPosixFileName: driver cannot write event log 'expired' because it's too long...\n")); } #endif --- 7497,7504 ---- if ((gSTrialExpired==0) && (CvsElapsedSeconds>(CVSTRIAL_MAX+7858800))) { CVS_LOG_PRINT(CVSDEBUG_TRACE_EVENTLOG,("CvsFlt!CvsIsPosixFileName: Trial License has expired\n")); + CvsEventLog(DeviceObject,CVSFLT_MSG_STRING,myname,&gSTrialExpired); gSTrialExpired=1; } #endif Index: cvsflt_msg.h =================================================================== RCS file: /scotty/cvsflt/cvsflt/cvsflt_msg.h,v retrieving revision 1.5 diff -c -r1.5 cvsflt_msg.h *** cvsflt_msg.h 18 Sep 2012 12:16:24 -0000 1.5 --- cvsflt_msg.h 26 Sep 2012 07:22:28 -0000 *************** *** 51,71 **** #define STATUS_SEVERITY_ERROR 0x3 - // - // MessageId: CVSFLT_MSG_STRING - // - // MessageText: - // - // cvsflt trial license is %2. - // #define CVSFLT_MSG_STRING ((NTSTATUS)0x40040001L) - - // - // MessageId: CVSFLT_RUNNING - // - // MessageText: - // - // cvsflt is %2 OK. - // #define CVSFLT_RUNNING ((NTSTATUS)0x40040002L) --- 51,64 ---- #define STATUS_SEVERITY_ERROR 0x3 #define CVSFLT_MSG_STRING ((NTSTATUS)0x40040001L) #define CVSFLT_RUNNING ((NTSTATUS)0x40040002L) + #define CVSFLT_ERR_STRING ((NTSTATUS)0x40040003L) + #define CVSFLT_ADDPOSIX ((NTSTATUS)0x40040004L) + #define CVSFLT_DELPOSIX ((NTSTATUS)0x40040005L) + #define CVSFLT_LSTPOSIXOK ((NTSTATUS)0x40040006L) + #define CVSFLT_LSTPOSIXFAIL ((NTSTATUS)0x40040007L) + #define CVSFLT_GETPOSIX ((NTSTATUS)0x40040008L) + #define CVSFLT_LOADDRV ((NTSTATUS)0x40040009L) + #define CVSFLT_UNLOADDRV ((NTSTATUS)0x4004000aL) Index: cvsflt_msg.mc =================================================================== RCS file: /scotty/cvsflt/cvsflt/cvsflt_msg.mc,v retrieving revision 1.3 diff -c -r1.3 cvsflt_msg.mc *** cvsflt_msg.mc 18 Sep 2012 11:58:07 -0000 1.3 --- cvsflt_msg.mc 26 Sep 2012 07:28:26 -0000 *************** *** 40,42 **** --- 40,105 ---- cvsflt is %2 OK. . + MessageId=0x3 + SymbolicName=CVSFLT_ERR_STRING + Severity=Informational + Facility=IO_ERROR + Language=English + debugging progress: %2. + . + + MessageId=0x4 + SymbolicName=CVSFLT_ADDPOSIX + Severity=Informational + Facility=IO_ERROR + Language=English + add directory %2 OK. + . + + MessageId=0x5 + SymbolicName=CVSFLT_DELPOSIX + Severity=Informational + Facility=IO_ERROR + Language=English + remove directory %2 OK. + . + + MessageId=0x6 + SymbolicName=CVSFLT_LSTPOSIXOK + Severity=Informational + Facility=IO_ERROR + Language=English + list directory %2 OK. + . + + MessageId=0x7 + SymbolicName=CVSFLT_LSTPOSIXFAIL + Severity=Informational + Facility=IO_ERROR + Language=English + list directory %2 OK. + . + + MessageId=0x8 + SymbolicName=CVSFLT_GETPOSIX + Severity=Informational + Facility=IO_ERROR + Language=English + get directory %2 OK. + . + + MessageId=0x9 + SymbolicName=CVSFLT_LOADDRV + Severity=Informational + Facility=IO_ERROR + Language=English + load driver %2 OK. + . + + MessageId=0xa + SymbolicName=CVSFLT_UNLOADDRV + Severity=Informational + Facility=IO_ERROR + Language=English + unload driver %2 OK. + .