16,551
社区成员
发帖
与我相关
我的任务
分享各位老大,解决我的问题奉送200分!!
问题见
http://www.csdn.net/Expert/TopicView1.asp?id=559961
http://www.csdn.net/Expert/TopicView1.asp?id=559961
...全文
请发表友善的回复…
发表回复
intel_p4 2002-03-09
- 打赏
- 举报
在dll中也可以的,我在服务程序中也试验过了,你做comdll用filemon做什么啊?做一个自定义的DeviceIOControl也不复杂,你还可以在sys中加汇编的调试语句调试,很快的,否则你只猜测可能解决不了问题的,调试sys最好的工具就是softice
024029 2002-03-09
- 打赏
- 举报
要得到FileMon输出必须DeviceIOControl ,但是用DeviceIOControl读输出,结果还是为空调试sys最好的工具是softice.你还可以在sys中加汇编的调试语句调试
0aaron 2002-03-09
- 打赏
- 举报
gz
我不是大明 2002-03-09
- 打赏
- 举报
为表诚意,加上如果你相信CSDN有高手,就应该现在就放200分!
(不过我不是高手!)
(不过我不是高手!)
partime 2002-03-09
- 打赏
- 举报
问题已经解决
散分了
不过很遗憾,没有人给出了建设性的意见
分数照给,哈哈
散分了
不过很遗憾,没有人给出了建设性的意见
分数照给,哈哈
partime 2002-03-09
- 打赏
- 举报
以上原因很奇怪
为什么堆栈中的内存地址不行,想不明白
但是我想要动态申请的内存
该怎样做?
为什么堆栈中的内存地址不行,想不明白
但是我想要动态申请的内存
该怎样做?
partime 2002-03-09
- 打赏
- 举报
好像是因为DeviceIOControl的输出指针不能在堆栈中
我定义一个全局数组,就可以得到返回结果了
但是用new 或 GlobalAlloc等返回的内存地址就不行
我定义一个全局数组,就可以得到返回结果了
但是用new 或 GlobalAlloc等返回的内存地址就不行
partime 2002-03-09
- 打赏
- 举报
用Dialog Based MFC试,没有返回数据。
partime 2002-03-09
- 打赏
- 举报
用Console exe试,还是没有返回数据。
partime 2002-03-09
- 打赏
- 举报
to intel_p4:
用上p4机器啦?真幸福。
自己做一个DeviceIOControl?
应该不是Sys没得到数据消息吧
这样跟踪也太复杂了些
我的程序是COM DLL,而例子是Exe的,不知道是不是与此有关。
我试一下
用上p4机器啦?真幸福。
自己做一个DeviceIOControl?
应该不是Sys没得到数据消息吧
这样跟踪也太复杂了些
我的程序是COM DLL,而例子是Exe的,不知道是不是与此有关。
我试一下
partime 2002-03-08
- 打赏
- 举报
跟踪没有用啊
代码执行完全正常,只是没有得到设备驱动服务的数据
代码执行完全正常,只是没有得到设备驱动服务的数据
dycdyc123 2002-03-08
- 打赏
- 举报
你可以跟踪!
qhq800 2002-03-08
- 打赏
- 举报
关注
partime 2002-03-08
- 打赏
- 举报
连接FILEMON驱动服务的程序
代码如下:
#define FILE_DEVICE_FILEMON 0x00008300
#define FILEMONVERSION 400
#define FILEMON_setdrives (ULONG) CTL_CODE( FILE_DEVICE_FILEMON, 0x00, METHOD_BUFFERED, FILE_ANY_ACCESS )
#define FILEMON_zerostats (ULONG) CTL_CODE( FILE_DEVICE_FILEMON, 0x01, METHOD_BUFFERED, FILE_ANY_ACCESS )
#define FILEMON_getstats (ULONG) CTL_CODE( FILE_DEVICE_FILEMON, 0x02, METHOD_NEITHER, FILE_ANY_ACCESS )
#define FILEMON_unloadquery (ULONG) CTL_CODE( FILE_DEVICE_FILEMON, 0x03, METHOD_NEITHER, FILE_ANY_ACCESS )
#define FILEMON_stopfilter (ULONG) CTL_CODE( FILE_DEVICE_FILEMON, 0x04, METHOD_BUFFERED, FILE_ANY_ACCESS )
#define FILEMON_startfilter (ULONG) CTL_CODE( FILE_DEVICE_FILEMON, 0x05, METHOD_BUFFERED, FILE_ANY_ACCESS )
#define FILEMON_setfilter (ULONG) CTL_CODE( FILE_DEVICE_FILEMON, 0x06, METHOD_BUFFERED, FILE_ANY_ACCESS )
#define FILEMON_timetype (ULONG) CTL_CODE( FILE_DEVICE_FILEMON, 0x07, METHOD_BUFFERED, FILE_ANY_ACCESS )
#define FILEMON_version (ULONG) CTL_CODE( FILE_DEVICE_FILEMON, 0x08, METHOD_BUFFERED, FILE_ANY_ACCESS )
#pragma pack(1)
typedef struct {
ULONG seq;
LARGE_INTEGER time;
char text[1];
} ENTRY, *PENTRY;
#pragma pack()
#define MAXFILTERLEN 256
typedef struct {
char processfilter[MAXFILTERLEN];
char excludeprocess[MAXFILTERLEN];
char pathfilter[MAXFILTERLEN];
char excludefilter[MAXFILTERLEN];
BOOLEAN logreads;
BOOLEAN logwrites;
} FILTER, *PFILTER;
unsigned long __declspec(dllexport) _stdcall MonitorThread(void *Param)
{
BOOL IsNT;
HANDLE hEvent,hControl;
long ErrorCode=0;
SC_HANDLE schService=NULL;
SC_HANDLE schSCManager=NULL;
char ErrorString[256];
try
{
FILTER FilterDefinition;
ServiceParams *Parameter=(ServiceParams *)Param;
unsigned long ServiceThreadID=Parameter->ServiceThreadID;
unsigned int MonitorID=Parameter->MonitorID;
char *BufferPtr=Parameter->BufferPtr;
unsigned long BufferSize=Parameter->BufferSize;
hEvent=Parameter->hEvent;
hControl=Parameter->hControl;
LogEvent=Parameter->LogEvent;
SetEvent(hEvent);
IsNT = GetVersion() < 0x80000000;
char *DeviceName=_T("\\\\.\\FILEMON");
char *DriverName=_T("FILEMON");
char *DriverBin=IsNT?_T("FILEMON.SYS"):_T("FILEMON.VXD");
schSCManager = OpenSCManager( NULL, NULL, SC_MANAGER_ALL_ACCESS );
schService = OpenService( schSCManager,
DriverName,
SERVICE_ALL_ACCESS
);
if (schService == NULL )
{
schService = CreateService( schSCManager, // SCManager database
DriverName, // name of service
DriverName, // name to display
SERVICE_ALL_ACCESS, // desired access
SERVICE_KERNEL_DRIVER,// service type
SERVICE_DEMAND_START, // start type
SERVICE_ERROR_NORMAL, // error control type
DriverBin, // service's binary
NULL, // no load ordering group
NULL, // no tag identifier
NULL, // no dependencies
NULL, // LocalSystem account
NULL); // no password
}
if(schService==NULL)
{
ErrorCode=GetLastError();
wsprintf(ErrorString,_T("Failed 1 Code %xl"),ErrorCode);
throw(-1);
}
StartService(schService,0,NULL);
Sleep(10);
HANDLE SysHandle=CreateFile(DeviceName,
STANDARD_RIGHTS_ALL, FILE_SHARE_READ, NULL,OPEN_EXISTING,FILE_FLAG_DELETE_ON_CLOSE,NULL );
if(SysHandle==INVALID_HANDLE_VALUE)
{
ErrorCode=GetLastError();
wsprintf(ErrorString,_T("Failed 2 Code %xl"),ErrorCode);
throw(-1);
}
DWORD WaitResult;
ResetEvent(hControl);
//==================================================================
sprintf( FilterDefinition.processfilter, "*" );
sprintf( FilterDefinition.excludeprocess, "" );
sprintf( FilterDefinition.pathfilter, "*" );
sprintf( FilterDefinition.excludefilter, "");
FilterDefinition.logreads = TRUE;
FilterDefinition.logwrites = TRUE;
//==================================================================
if(DeviceIoControl(SysHandle, FILEMON_zerostats,
NULL, 0, NULL, 0, &WaitResult, NULL )==0)
{
sprintf(ErrorString,_T("FILEMON_zerostats1 Error : %xl"),GetLastError());
throw(-1);
}
unsigned long StatsLen;
unsigned long CurDriveSet=0xfffffffel;
if(DeviceIoControl(SysHandle, FILEMON_startfilter,NULL, 0, NULL, 0, &WaitResult, NULL )==0)
{
sprintf(ErrorString,_T("FILEMON_startfilter Error : %xl"),GetLastError());
throw(-1);
}
if(DeviceIoControl(SysHandle, FILEMON_setdrives,
&CurDriveSet, sizeof CurDriveSet,
&CurDriveSet, sizeof CurDriveSet,
&WaitResult, NULL )==0)
{
sprintf(ErrorString,_T("FILEMON_setdrives Error : %xl"),GetLastError());
throw(-1);
}
if(DeviceIoControl(SysHandle, FILEMON_setfilter,&FilterDefinition, sizeof(FILTER), NULL, 0, &WaitResult, NULL )==0)
{
sprintf(ErrorString,_T("FILEMON_setfilter Error : %xl"),GetLastError());
throw(-1);
}
bool TimeIsDuration=true;
if(DeviceIoControl(SysHandle, FILEMON_timetype,(PVOID) &TimeIsDuration, sizeof(bool), NULL, 0, &WaitResult, NULL )==0)
{
sprintf(ErrorString,_T("FILEMON_timetype Error : %xl"),GetLastError());
throw(-1);
}
bool MoreData=false;
do
{
StatsLen=0;
MoreData=false;
WaitResult=DeviceIoControl(SysHandle, FILEMON_getstats,NULL, 0, BufferPtr, BufferSize,&StatsLen, NULL );
if(WaitResult==0)
{
if(GetLastError()==ERROR_MORE_DATA)
MoreData=true;
else
{
sprintf(ErrorString,_T("FILEMON_getstats Error : %xl"),GetLastError());
throw(-1);
}
}
if(StatsLen!=0)
{
VARIANT var;
unsigned short Value=1;
var.vt=VT_I2;
var.uiVal=1111;
PostThreadMessage(ServiceThreadID,ME_EVENT,MonitorID,StatsLen);
WaitForSingleObject(hEvent,INFINITE);
ResetEvent(hEvent);
}
WaitResult=WaitForSingleObject(hControl,MoreData?0:100);
}while(WaitResult==WAIT_TIMEOUT);
if(WAIT_FAILED==WaitResult)
{
WaitResult=GetLastError();
}
CloseHandle(SysHandle);
}
catch(...)
{
LogEvent(ErrorString);
// Add PostThreadMessage to Service Thread to Declare Monitor Thread Terminated
}
SERVICE_STATUS ServiceStatus;
if(schService)
{
ControlService(schService,SERVICE_CONTROL_STOP,&ServiceStatus);
DeleteService(schService);
}
if(schSCManager)
CloseServiceHandle( schSCManager);
SetEvent(hEvent);
return ErrorCode;
}
没有触发任何异常
但是执行
WaitResult=DeviceIoControl(SysHandle, FILEMON_getstats,NULL, 0, BufferPtr, BufferSize,&StatsLen, NULL );
后StatsLen总为0
代码如下:
#define FILE_DEVICE_FILEMON 0x00008300
#define FILEMONVERSION 400
#define FILEMON_setdrives (ULONG) CTL_CODE( FILE_DEVICE_FILEMON, 0x00, METHOD_BUFFERED, FILE_ANY_ACCESS )
#define FILEMON_zerostats (ULONG) CTL_CODE( FILE_DEVICE_FILEMON, 0x01, METHOD_BUFFERED, FILE_ANY_ACCESS )
#define FILEMON_getstats (ULONG) CTL_CODE( FILE_DEVICE_FILEMON, 0x02, METHOD_NEITHER, FILE_ANY_ACCESS )
#define FILEMON_unloadquery (ULONG) CTL_CODE( FILE_DEVICE_FILEMON, 0x03, METHOD_NEITHER, FILE_ANY_ACCESS )
#define FILEMON_stopfilter (ULONG) CTL_CODE( FILE_DEVICE_FILEMON, 0x04, METHOD_BUFFERED, FILE_ANY_ACCESS )
#define FILEMON_startfilter (ULONG) CTL_CODE( FILE_DEVICE_FILEMON, 0x05, METHOD_BUFFERED, FILE_ANY_ACCESS )
#define FILEMON_setfilter (ULONG) CTL_CODE( FILE_DEVICE_FILEMON, 0x06, METHOD_BUFFERED, FILE_ANY_ACCESS )
#define FILEMON_timetype (ULONG) CTL_CODE( FILE_DEVICE_FILEMON, 0x07, METHOD_BUFFERED, FILE_ANY_ACCESS )
#define FILEMON_version (ULONG) CTL_CODE( FILE_DEVICE_FILEMON, 0x08, METHOD_BUFFERED, FILE_ANY_ACCESS )
#pragma pack(1)
typedef struct {
ULONG seq;
LARGE_INTEGER time;
char text[1];
} ENTRY, *PENTRY;
#pragma pack()
#define MAXFILTERLEN 256
typedef struct {
char processfilter[MAXFILTERLEN];
char excludeprocess[MAXFILTERLEN];
char pathfilter[MAXFILTERLEN];
char excludefilter[MAXFILTERLEN];
BOOLEAN logreads;
BOOLEAN logwrites;
} FILTER, *PFILTER;
unsigned long __declspec(dllexport) _stdcall MonitorThread(void *Param)
{
BOOL IsNT;
HANDLE hEvent,hControl;
long ErrorCode=0;
SC_HANDLE schService=NULL;
SC_HANDLE schSCManager=NULL;
char ErrorString[256];
try
{
FILTER FilterDefinition;
ServiceParams *Parameter=(ServiceParams *)Param;
unsigned long ServiceThreadID=Parameter->ServiceThreadID;
unsigned int MonitorID=Parameter->MonitorID;
char *BufferPtr=Parameter->BufferPtr;
unsigned long BufferSize=Parameter->BufferSize;
hEvent=Parameter->hEvent;
hControl=Parameter->hControl;
LogEvent=Parameter->LogEvent;
SetEvent(hEvent);
IsNT = GetVersion() < 0x80000000;
char *DeviceName=_T("\\\\.\\FILEMON");
char *DriverName=_T("FILEMON");
char *DriverBin=IsNT?_T("FILEMON.SYS"):_T("FILEMON.VXD");
schSCManager = OpenSCManager( NULL, NULL, SC_MANAGER_ALL_ACCESS );
schService = OpenService( schSCManager,
DriverName,
SERVICE_ALL_ACCESS
);
if (schService == NULL )
{
schService = CreateService( schSCManager, // SCManager database
DriverName, // name of service
DriverName, // name to display
SERVICE_ALL_ACCESS, // desired access
SERVICE_KERNEL_DRIVER,// service type
SERVICE_DEMAND_START, // start type
SERVICE_ERROR_NORMAL, // error control type
DriverBin, // service's binary
NULL, // no load ordering group
NULL, // no tag identifier
NULL, // no dependencies
NULL, // LocalSystem account
NULL); // no password
}
if(schService==NULL)
{
ErrorCode=GetLastError();
wsprintf(ErrorString,_T("Failed 1 Code %xl"),ErrorCode);
throw(-1);
}
StartService(schService,0,NULL);
Sleep(10);
HANDLE SysHandle=CreateFile(DeviceName,
STANDARD_RIGHTS_ALL, FILE_SHARE_READ, NULL,OPEN_EXISTING,FILE_FLAG_DELETE_ON_CLOSE,NULL );
if(SysHandle==INVALID_HANDLE_VALUE)
{
ErrorCode=GetLastError();
wsprintf(ErrorString,_T("Failed 2 Code %xl"),ErrorCode);
throw(-1);
}
DWORD WaitResult;
ResetEvent(hControl);
//==================================================================
sprintf( FilterDefinition.processfilter, "*" );
sprintf( FilterDefinition.excludeprocess, "" );
sprintf( FilterDefinition.pathfilter, "*" );
sprintf( FilterDefinition.excludefilter, "");
FilterDefinition.logreads = TRUE;
FilterDefinition.logwrites = TRUE;
//==================================================================
if(DeviceIoControl(SysHandle, FILEMON_zerostats,
NULL, 0, NULL, 0, &WaitResult, NULL )==0)
{
sprintf(ErrorString,_T("FILEMON_zerostats1 Error : %xl"),GetLastError());
throw(-1);
}
unsigned long StatsLen;
unsigned long CurDriveSet=0xfffffffel;
if(DeviceIoControl(SysHandle, FILEMON_startfilter,NULL, 0, NULL, 0, &WaitResult, NULL )==0)
{
sprintf(ErrorString,_T("FILEMON_startfilter Error : %xl"),GetLastError());
throw(-1);
}
if(DeviceIoControl(SysHandle, FILEMON_setdrives,
&CurDriveSet, sizeof CurDriveSet,
&CurDriveSet, sizeof CurDriveSet,
&WaitResult, NULL )==0)
{
sprintf(ErrorString,_T("FILEMON_setdrives Error : %xl"),GetLastError());
throw(-1);
}
if(DeviceIoControl(SysHandle, FILEMON_setfilter,&FilterDefinition, sizeof(FILTER), NULL, 0, &WaitResult, NULL )==0)
{
sprintf(ErrorString,_T("FILEMON_setfilter Error : %xl"),GetLastError());
throw(-1);
}
bool TimeIsDuration=true;
if(DeviceIoControl(SysHandle, FILEMON_timetype,(PVOID) &TimeIsDuration, sizeof(bool), NULL, 0, &WaitResult, NULL )==0)
{
sprintf(ErrorString,_T("FILEMON_timetype Error : %xl"),GetLastError());
throw(-1);
}
bool MoreData=false;
do
{
StatsLen=0;
MoreData=false;
WaitResult=DeviceIoControl(SysHandle, FILEMON_getstats,NULL, 0, BufferPtr, BufferSize,&StatsLen, NULL );
if(WaitResult==0)
{
if(GetLastError()==ERROR_MORE_DATA)
MoreData=true;
else
{
sprintf(ErrorString,_T("FILEMON_getstats Error : %xl"),GetLastError());
throw(-1);
}
}
if(StatsLen!=0)
{
VARIANT var;
unsigned short Value=1;
var.vt=VT_I2;
var.uiVal=1111;
PostThreadMessage(ServiceThreadID,ME_EVENT,MonitorID,StatsLen);
WaitForSingleObject(hEvent,INFINITE);
ResetEvent(hEvent);
}
WaitResult=WaitForSingleObject(hControl,MoreData?0:100);
}while(WaitResult==WAIT_TIMEOUT);
if(WAIT_FAILED==WaitResult)
{
WaitResult=GetLastError();
}
CloseHandle(SysHandle);
}
catch(...)
{
LogEvent(ErrorString);
// Add PostThreadMessage to Service Thread to Declare Monitor Thread Terminated
}
SERVICE_STATUS ServiceStatus;
if(schService)
{
ControlService(schService,SERVICE_CONTROL_STOP,&ServiceStatus);
DeleteService(schService);
}
if(schSCManager)
CloseServiceHandle( schSCManager);
SetEvent(hEvent);
return ErrorCode;
}
没有触发任何异常
但是执行
WaitResult=DeviceIoControl(SysHandle, FILEMON_getstats,NULL, 0, BufferPtr, BufferSize,&StatsLen, NULL );
后StatsLen总为0
intel_p4 2002-03-08
- 打赏
- 举报
用softice跟踪进去看,是sys没有得到读取数据的消息呢,还是读取的地址不对,没有返回正确的值
intel_p4 2002-03-08
- 打赏
- 举报
你是看的源代码吗?你可以自己做一个DeviceIOControl来读一读看看啊
partime 2002-03-08
- 打赏
- 举报
CreateFile后虽然挂接起来了
但是还得不到FileMon的输出
要得到FileMon输出必须DeviceIOControl
但是用DeviceIOControl读输出,结果还是为空。
但是还得不到FileMon的输出
要得到FileMon输出必须DeviceIOControl
但是用DeviceIOControl读输出,结果还是为空。
intel_p4 2002-03-08
- 打赏
- 举报
我看过filemon,好像没有你这么复杂的呀?sys以后了,只要createfile就挂接起来了‘
