#include "brian.h" typedef struct _ASYNC_FSCTRL { USHORT FileIndex; BOOLEAN UseEvent; PIO_APC_ROUTINE ApcRoutine; PVOID ApcContext; ULONG IoControlCode; PULONG InputBuffer; ULONG InputBufferLength; PULONG OutputBuffer; ULONG OutputBufferLength; BOOLEAN VerboseResults; USHORT AsyncIndex; } ASYNC_FSCTRL, *PASYNC_FSCTRL; VOID RequestUsn ( IN PASYNC_FSCTRL Fsctrl ); // // Local procedures // VOID InputUsn( IN PCHAR ParamBuffer ) { BOOLEAN HaveFileIndex = FALSE; BOOLEAN HaveIoControlCode = FALSE; USHORT FileIndex; BOOLEAN UseEvent = TRUE; PIO_APC_ROUTINE ApcRoutine = NULL; PVOID ApcContext = NULL; ULONG IoControlCode = 0; PULONG InputBuffer = NULL; ULONG InputBufferLength = 0; PULONG OutputBuffer = NULL; ULONG OutputBufferLength = 0; BOOLEAN VerboseResults = FALSE; BOOLEAN DisplayParms = FALSE; USHORT AsyncIndex; BOOLEAN LastInput = TRUE; // // While there is more input, analyze the parameter and update the // query flags. // while(TRUE) { ULONG DummyCount; // // Swallow leading white spaces. // ParamBuffer = SwallowWhite( ParamBuffer, &DummyCount ); if (*ParamBuffer) { ULONG TempIndex; // // If the next parameter is legal then check the paramter value. // Update the parameter value. // if((*ParamBuffer == '-' || *ParamBuffer == '/') && (ParamBuffer++, *ParamBuffer != '\0')) { // // Switch on the next character. // switch (*ParamBuffer) { BOOLEAN SwitchBool; // // Update buffers to use. // case 'b' : case 'B' : // // Move to the next character, as long as there // are no white spaces continue analyzing letters. // On the first bad letter, skip to the next // parameter. // ParamBuffer++; if (*ParamBuffer == '\0') { break; } switch (*ParamBuffer) { case 'i': case 'I': TempIndex = AsciiToInteger( ++ParamBuffer ); if (TempIndex >= MAX_BUFFERS) { bprint "\n\tInputUsn: Invalid Input buffer" ); } else { InputBuffer = (PULONG) Buffers[TempIndex].Buffer; InputBufferLength = Buffers[TempIndex].Length; } break; case 'o': case 'O': TempIndex = AsciiToInteger( ++ParamBuffer ); if (TempIndex >= MAX_BUFFERS) { bprint "\n\tInputUsn: Invalid output buffer" ); } else { OutputBuffer = (PULONG) Buffers[TempIndex].Buffer; OutputBufferLength = Buffers[TempIndex].Length; } break; } ParamBuffer = SwallowNonWhite( ParamBuffer, &DummyCount ); break; // // Update buffer lengths. // case 'l' : case 'L' : // // Move to the next character, as long as there // are no white spaces continue analyzing letters. // On the first bad letter, skip to the next // parameter. // ParamBuffer++; if (*ParamBuffer == '\0') { break; } switch (*ParamBuffer) { case 'i': case 'I': InputBufferLength = AsciiToInteger( ++ParamBuffer ); break; case 'o': case 'O': OutputBufferLength = AsciiToInteger( ++ParamBuffer ); break; } ParamBuffer = SwallowNonWhite( ParamBuffer, &DummyCount ); break; // // Update the file handle index. // case 'i' : case 'I' : // // Move to the next character, as long as there // are no white spaces continue analyzing letters. // On the first bad letter, skip to the next // parameter. // ParamBuffer++; FileIndex = (USHORT) (AsciiToInteger( ParamBuffer )); ParamBuffer = SwallowNonWhite( ParamBuffer, &DummyCount ); HaveFileIndex = TRUE; break; // // Check whether we should use an event to signal // completion. // case 'e' : case 'E' : // // Legal values for use event are T/t or F/f. // ParamBuffer++; if (*ParamBuffer == 'T' || *ParamBuffer == 't') { UseEvent = TRUE; ParamBuffer++; } else if (*ParamBuffer == 'F' || *ParamBuffer == 'f') { UseEvent = FALSE; ParamBuffer++; } break; // // Modify the operation // case 'o' : case 'O' : ParamBuffer++; SwitchBool = TRUE; while (*ParamBuffer && *ParamBuffer != ' ' && *ParamBuffer != '\t') { // // Perform switch on character. // switch (*ParamBuffer) { case 'a' : case 'A' : IoControlCode = FSCTL_ENUM_USN_DATA; HaveIoControlCode = TRUE; break; case 'b' : case 'B' : IoControlCode = FSCTL_READ_USN_JOURNAL; HaveIoControlCode = TRUE; break; case 'c' : case 'C' : IoControlCode = FSCTL_CREATE_USN_JOURNAL; HaveIoControlCode = TRUE; break; case 'd' : case 'D' : IoControlCode = FSCTL_READ_FILE_USN_DATA; HaveIoControlCode = TRUE; break; case 'e' : case 'E' : IoControlCode = FSCTL_WRITE_USN_CLOSE_RECORD; HaveIoControlCode = TRUE; break; case 'f' : case 'F' : IoControlCode = FSCTL_QUERY_USN_JOURNAL; HaveIoControlCode = TRUE; break; case 'g' : case 'G' : IoControlCode = FSCTL_DELETE_USN_JOURNAL; HaveIoControlCode = TRUE; break; default : ParamBuffer = SwallowNonWhite( ParamBuffer, &DummyCount ); SwitchBool = FALSE; } if (!SwitchBool) { break; } ParamBuffer++; } break; case 'v' : case 'V' : // // Legal values for params are T/t or F/f. // ParamBuffer++; if (*ParamBuffer == 'T' || *ParamBuffer == 't') { VerboseResults = TRUE; ParamBuffer++; } else if (*ParamBuffer == 'F' || *ParamBuffer == 'f') { VerboseResults = FALSE; ParamBuffer++; } ParamBuffer = SwallowNonWhite( ParamBuffer, &DummyCount ); break; case 'y' : case 'Y' : // // Set the display parms flag and jump over this // character. // DisplayParms = TRUE; ParamBuffer = SwallowNonWhite( ParamBuffer, &DummyCount ); break; case 'z' : case 'Z' : // // Set flag for more input and jump over this char. // LastInput = FALSE; ParamBuffer = SwallowNonWhite( ParamBuffer, &DummyCount ); break; default : // // Swallow to the next white space and continue the // loop. // ParamBuffer = SwallowNonWhite( ParamBuffer, &DummyCount ); } } // // Else the text is invalid, skip the entire block. // // // // Else if there is no input then exit. // } else if (LastInput) { break; // // Else try to read another line for open parameters. // } else { } } if (!HaveFileIndex || !HaveIoControlCode) { printf( "\n Usage: Usn -i -o -b -l\n" ); printf( "\n Options:" ); printf( "\n -i Open file handle" ); printf( "\n -o Usn operation" ); printf( "\n -oa Enumerate Usn Data" ); printf( "\n -ob Read Usn Journal" ); printf( "\n -oc Create Usn Journal" ); printf( "\n -od Read File Usn Data" ); printf( "\n -oe Write Usn Close Record" ); printf( "\n -of Query Usn Journal" ); printf( "\n -og Delete Usn Journal" ); printf( "\n -b[i|o] I/O buffers" ); printf( "\n -l[i|o] I/O buffer lengths" ); printf( "\n -e[t|f] Use event results" ); printf( "\n -v[t|f] Verbose results" ); printf( "\n -y Display parameters to query" ); printf( "\n -z Additional input line" ); printf( "\n\n" ); // // Else process the call. // } else { NTSTATUS Status; SIZE_T RegionSize; ULONG TempIndex; PASYNC_FSCTRL AsyncFsctrl; HANDLE ThreadHandle; ULONG ThreadId; RegionSize = sizeof( ASYNC_FSCTRL ); Status = AllocateBuffer( 0, &RegionSize, &TempIndex ); AsyncIndex = (USHORT) TempIndex; if (!NT_SUCCESS( Status )) { printf("\n\tInputUsn: Unable to allocate async structure" ); } else { AsyncFsctrl = (PASYNC_FSCTRL) Buffers[AsyncIndex].Buffer; AsyncFsctrl->FileIndex = FileIndex; AsyncFsctrl->UseEvent = UseEvent; AsyncFsctrl->ApcRoutine = ApcRoutine; AsyncFsctrl->ApcContext = ApcContext; AsyncFsctrl->IoControlCode = IoControlCode; AsyncFsctrl->InputBuffer = InputBuffer; AsyncFsctrl->InputBufferLength = InputBufferLength; AsyncFsctrl->OutputBuffer = OutputBuffer; AsyncFsctrl->OutputBufferLength = OutputBufferLength; AsyncFsctrl->VerboseResults = VerboseResults; AsyncFsctrl->AsyncIndex = AsyncIndex; if (DisplayParms) { printf( "\nUsn Operation Parameters" ); printf( "\n Handle index -> %ld", FileIndex ); printf( "\n Usn operation -> %ld", IoControlCode ); printf( "\n\n" ); } if (!SynchronousCmds) { ThreadHandle = CreateThread( NULL, 0, RequestUsn, AsyncFsctrl, 0, &ThreadId ); if (ThreadHandle == 0) { printf( "\nInputUsn: Spawning thread fails -> %d\n", GetLastError() ); } } else { RequestUsn( AsyncFsctrl ); } } } return; } VOID RequestUsn ( IN PASYNC_FSCTRL Fsctrl ) { HANDLE ThisEvent; USHORT ThisEventIndex = 0; NTSTATUS Status = STATUS_SUCCESS; IO_STATUS_BLOCK IoSb; IoSb.Status = 0; IoSb.Information = 0; if (Fsctrl->UseEvent) { Status = ObtainEvent( &ThisEventIndex ); if (!NT_SUCCESS( Status )) { bprint "\n\tRequestUsn: Unable to allocate an event" ); } else { ThisEvent = Events[ThisEventIndex].Handle; } } if (NT_SUCCESS( Status )) { IoSb.Status = 0; IoSb.Information = 0; Status = NtFsControlFile( Handles[Fsctrl->FileIndex].Handle, ThisEvent, Fsctrl->ApcRoutine, Fsctrl->ApcContext, &IoSb, Fsctrl->IoControlCode, Fsctrl->InputBuffer, Fsctrl->InputBufferLength, Fsctrl->OutputBuffer, Fsctrl->OutputBufferLength ); if (Fsctrl->VerboseResults) { bprint "\nRequestUsn: Status -> %08lx\n", Status ); if (Fsctrl->UseEvent && NT_SUCCESS( Status )) { if ((Status = NtWaitForSingleObject( ThisEvent, FALSE, NULL )) != STATUS_SUCCESS) { bprint "\n\tRequestUsn: Wait for event failed -> %08lx", Status ); } } if (NT_SUCCESS( Status )) { bprint "\nRequestUsn: IoSb.Status -> %08lx", IoSb.Status ); bprint "\nRequestUsn: IoSb.Information -> %08lx", IoSb.Information ); } bprint "\n" ); } } if (ThisEventIndex != 0) { FreeEvent( ThisEventIndex ); } DeallocateBuffer( Fsctrl->AsyncIndex ); NtTerminateThread( NtCurrentThread(), STATUS_SUCCESS ); bprint "\nRequestUsn: Thread not terminated\n" ); }