Log CreateFile calls
Since I've hooked CreateFile use log level 32 to log how it's used, providing a simple file monitor.
This commit is contained in:
Jason Hood
parent
4e84582f02
commit
06459edb69
74
ANSI.c
74
ANSI.c
@ -210,9 +210,10 @@
|
||||
scrolling will use the default attribute for new lines;
|
||||
workaround Windows 10 1803 console bug.
|
||||
|
||||
v1.85, 22 August, 2018:
|
||||
v1.85, 22 & 23 August, 2018:
|
||||
fix creating the wrap buffer;
|
||||
always inject from ansicon.exe, even if it's GUI or excluded.
|
||||
always inject from ansicon.exe, even if it's GUI or excluded;
|
||||
log CreateFile calls.
|
||||
*/
|
||||
|
||||
#include "ansicon.h"
|
||||
@ -3614,6 +3615,55 @@ WINAPI MyFreeLibrary( HMODULE hModule )
|
||||
// Add GENERIC_READ access to enable retrieving console info.
|
||||
//-----------------------------------------------------------------------------
|
||||
|
||||
static void log_CreateFile( HANDLE h, LPCVOID name, BOOL wide, DWORD access,
|
||||
DWORD dwDesiredAccess, DWORD dwCreationDisposition )
|
||||
{
|
||||
DWORD err = GetLastError();
|
||||
|
||||
static char log[] = "CreateFile%s: %*s, %s, %s, %\"s";
|
||||
LPCSTR acc, op;
|
||||
char state[32];
|
||||
int len;
|
||||
|
||||
if (access != dwDesiredAccess)
|
||||
acc = "w->r/w";
|
||||
else if (access == (GENERIC_READ | GENERIC_WRITE) ||
|
||||
(access & (FILE_READ_DATA | FILE_WRITE_DATA)) == (FILE_READ_DATA |
|
||||
FILE_WRITE_DATA))
|
||||
acc = "r/w";
|
||||
else if (access == GENERIC_WRITE ||
|
||||
access & (FILE_WRITE_DATA | FILE_APPEND_DATA))
|
||||
acc = "write";
|
||||
else if (access == GENERIC_READ ||
|
||||
access & FILE_READ_DATA)
|
||||
acc = "read";
|
||||
else
|
||||
acc = "access";
|
||||
|
||||
switch (dwCreationDisposition)
|
||||
{
|
||||
case CREATE_ALWAYS: op = "create"; break;
|
||||
case CREATE_NEW: op = "new"; break;
|
||||
case OPEN_ALWAYS: op = "open"; break;
|
||||
case OPEN_EXISTING: op = "existing"; break;
|
||||
case TRUNCATE_EXISTING: op = "truncate"; break;
|
||||
default: op = "unknown"; break;
|
||||
}
|
||||
|
||||
if (h == INVALID_HANDLE_VALUE)
|
||||
len = ac_sprintf( state, "failed (%u)", err );
|
||||
else
|
||||
{
|
||||
state[0] = 'o';
|
||||
state[1] = 'k';
|
||||
len = 2;
|
||||
}
|
||||
log[sizeof(log) - 2] = wide ? 'S' : 's';
|
||||
DEBUGSTR( 1, log, wide ? "W" : "A", len, state, op, acc, name );
|
||||
|
||||
SetLastError( err );
|
||||
}
|
||||
|
||||
HANDLE
|
||||
WINAPI MyCreateFileA( LPCSTR lpFileName, DWORD dwDesiredAccess,
|
||||
DWORD dwShareMode,
|
||||
@ -3621,6 +3671,10 @@ WINAPI MyCreateFileA( LPCSTR lpFileName, DWORD dwDesiredAccess,
|
||||
DWORD dwCreationDisposition, DWORD dwFlagsAndAttributes,
|
||||
HANDLE hTemplateFile )
|
||||
{
|
||||
LPCSTR name = lpFileName;
|
||||
DWORD access = dwDesiredAccess;
|
||||
HANDLE h;
|
||||
|
||||
if (dwDesiredAccess == GENERIC_WRITE)
|
||||
{
|
||||
PDWORD con = (PDWORD)lpFileName;
|
||||
@ -3631,9 +3685,13 @@ WINAPI MyCreateFileA( LPCSTR lpFileName, DWORD dwDesiredAccess,
|
||||
dwDesiredAccess |= GENERIC_READ;
|
||||
}
|
||||
}
|
||||
return CreateFileA( lpFileName, dwDesiredAccess, dwShareMode,
|
||||
h = CreateFileA( lpFileName, dwDesiredAccess, dwShareMode,
|
||||
lpSecurityAttributes, dwCreationDisposition,
|
||||
dwFlagsAndAttributes, hTemplateFile );
|
||||
if (log_level & 32)
|
||||
log_CreateFile( h, name, FALSE, access,
|
||||
dwDesiredAccess, dwCreationDisposition );
|
||||
return h;
|
||||
}
|
||||
|
||||
HANDLE
|
||||
@ -3643,6 +3701,10 @@ WINAPI MyCreateFileW( LPCWSTR lpFileName, DWORD dwDesiredAccess,
|
||||
DWORD dwCreationDisposition, DWORD dwFlagsAndAttributes,
|
||||
HANDLE hTemplateFile )
|
||||
{
|
||||
LPCWSTR name = lpFileName;
|
||||
DWORD access = dwDesiredAccess;
|
||||
HANDLE h;
|
||||
|
||||
if (dwDesiredAccess == GENERIC_WRITE)
|
||||
{
|
||||
#ifdef _WIN64
|
||||
@ -3662,9 +3724,13 @@ WINAPI MyCreateFileW( LPCWSTR lpFileName, DWORD dwDesiredAccess,
|
||||
dwDesiredAccess |= GENERIC_READ;
|
||||
}
|
||||
}
|
||||
return CreateFileW( lpFileName, dwDesiredAccess, dwShareMode,
|
||||
h = CreateFileW( lpFileName, dwDesiredAccess, dwShareMode,
|
||||
lpSecurityAttributes, dwCreationDisposition,
|
||||
dwFlagsAndAttributes, hTemplateFile );
|
||||
if (log_level & 32)
|
||||
log_CreateFile( h, name, TRUE, access,
|
||||
dwDesiredAccess, dwCreationDisposition );
|
||||
return h;
|
||||
}
|
||||
|
||||
HANDLE
|
||||
|
||||
23
ansicon.c
23
ansicon.c
@ -93,12 +93,13 @@
|
||||
v1.84, 7 May, 2018:
|
||||
import the DLL.
|
||||
|
||||
v1.85, 22 August, 2018:
|
||||
v1.85, 22 & 23 August, 2018:
|
||||
use IsConsoleHandle for my_fputws, to distinguish NUL;
|
||||
don't load into the parent if already loaded.
|
||||
don't load into the parent if already loaded;
|
||||
add log level 32 to log CreateFile.
|
||||
*/
|
||||
|
||||
#define PDATE L"22 August, 2018"
|
||||
#define PDATE L"23 August, 2018"
|
||||
|
||||
#include "ansicon.h"
|
||||
#include "version.h"
|
||||
@ -870,25 +871,25 @@ L"http://ansicon.adoxa.vze.com/\n"
|
||||
L"\n"
|
||||
L"Process ANSI escape sequences in " WINTYPE L" console programs.\n"
|
||||
L"\n"
|
||||
L"ansicon [-l<level>] [-i] [-I] [-u] [-U] [-m[<attr>]] [-p[u]]\n"
|
||||
L" [-e|E string | -t|T [file(s)] | program [args]]\n"
|
||||
L"ansicon [-lLEVEL] [-i] [-I] [-u] [-U] [-m[ATTR]] [-p[u]]\n"
|
||||
L" [-e|E STRING | -t|T [FILE...] | PROGRAM [ARGS]]\n"
|
||||
L"\n"
|
||||
L" -l\t\tset the logging level (1=process, 2=module, 3=function,\n"
|
||||
L" \t\t +4=output, +8=append) for program (-p is unaffected)\n"
|
||||
L" \t\t +4=output, +8=append, +16=imports, +32=files) for PROGRAM\n"
|
||||
L" -i\t\tinstall - add ANSICON to CMD's AutoRun entry (also implies -p)\n"
|
||||
L" -u\t\tuninstall - remove ANSICON from the AutoRun entry\n"
|
||||
L" -I -U\t\tuse local machine instead of current user\n"
|
||||
L" -m\t\tuse grey on black (\"monochrome\") or <attr> as default color\n"
|
||||
L" -m\t\tuse grey on black (\"monochrome\") or ATTR as default color\n"
|
||||
L" -p\t\thook into the parent process\n"
|
||||
L" -pu\t\tunhook from the parent process\n"
|
||||
L" -e\t\techo string\n"
|
||||
L" -E\t\techo string, don't append newline\n"
|
||||
L" -e\t\techo STRING\n"
|
||||
L" -E\t\techo STRING, don't append newline\n"
|
||||
L" -t\t\tdisplay files (\"-\" for stdin), combined as a single stream\n"
|
||||
L" -T\t\tdisplay files, name first, blank line before and after\n"
|
||||
L" program\trun the specified program\n"
|
||||
L" PROGRAM\trun the specified program\n"
|
||||
L" nothing\trun a new command processor, or display stdin if redirected\n"
|
||||
L"\n"
|
||||
L"<attr> is one or two hexadecimal digits; please use \"COLOR /?\" for details.\n"
|
||||
L"ATTR is one or two hexadecimal digits; please use \"COLOR /?\" for details.\n"
|
||||
L"It may start with '-' to reverse foreground and background (but not for -p)."
|
||||
);
|
||||
}
|
||||
|
||||
@ -102,6 +102,7 @@ Usage
|
||||
4 Log console output (add to any of the above)
|
||||
8 Append to the existing file (add to any of the above)
|
||||
16 Log all imported modules (add to any of the above)
|
||||
32 Log CreateFile (add to any of the above)
|
||||
|
||||
The log option will not work with '-p'; set the environment variable
|
||||
ANSICON_LOG (to the number) instead. The variable is only read once when a
|
||||
@ -339,11 +340,12 @@ Version History
|
||||
|
||||
Legend: + added, - bug-fixed, * changed.
|
||||
|
||||
1.85 - 22 August, 2018:
|
||||
1.85 - 23 August, 2018:
|
||||
- fix wrap issues with a buffer bigger than the window;
|
||||
- fix -e et al when redirecting to NUL;
|
||||
- prevent -p from injecting when already injected;
|
||||
- fix running directly via ansicon (hook even if it's GUI or excluded).
|
||||
- fix running directly via ansicon (hook even if it's GUI or excluded);
|
||||
+ add log level 32 to monitor CreateFile.
|
||||
|
||||
1.84 - 11 May, 2018:
|
||||
- close the flush handles on detach;
|
||||
@ -634,4 +636,4 @@ Distribution
|
||||
|
||||
|
||||
============================
|
||||
Jason Hood, 22 August, 2018.
|
||||
Jason Hood, 23 August, 2018.
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user