1.6.6
This commit is contained in:
DavidXanatos
parent
c828dd1958
commit
bbd242e8db
13
CHANGELOG.md
13
CHANGELOG.md
|
|
@ -4,6 +4,19 @@ This project adheres to [Semantic Versioning](http://semver.org/).
|
|||
|
||||
|
||||
|
||||
|
||||
## [1.6.6 / 5.61.6] - 2023-01-?
|
||||
|
||||
|
||||
### fixed
|
||||
- fixed potential BSOD issue in the driver
|
||||
|
||||
### changed
|
||||
- improved trace log retrival greately improving performance
|
||||
|
||||
|
||||
|
||||
|
||||
## [1.6.5 / 5.61.5] - 2023-01-10
|
||||
|
||||
### Added
|
||||
|
|
|
|||
|
|
@ -21,8 +21,8 @@
|
|||
#ifndef _MY_VERSION_H
|
||||
#define _MY_VERSION_H
|
||||
|
||||
#define MY_VERSION_BINARY 5,61,5
|
||||
#define MY_VERSION_STRING "5.61.5"
|
||||
#define MY_VERSION_BINARY 5,61,6
|
||||
#define MY_VERSION_STRING "5.61.6"
|
||||
#define MY_ABI_VERSION 0x56000
|
||||
|
||||
// These #defines are used by either Resource Compiler or NSIS installer
|
||||
|
|
@ -57,7 +57,6 @@
|
|||
|
||||
#define START_EXE L"Start.exe"
|
||||
|
||||
// see also environment variable in session.bat
|
||||
#define SBIEDLL L"SbieDll"
|
||||
|
||||
#define SBIEMSG_DLL L"SbieMsg.dll"
|
||||
|
|
|
|||
|
|
@ -157,6 +157,7 @@ enum {
|
|||
API_FILTER_TOKEN,
|
||||
API_SET_SECURE_PARAM,
|
||||
API_GET_SECURE_PARAM,
|
||||
API_MONITOR_GET2,
|
||||
|
||||
API_LAST
|
||||
};
|
||||
|
|
@ -352,6 +353,11 @@ API_ARGS_FIELD(BOOLEAN,is_message)
|
|||
//API_ARGS_FIELD(ULONG, log_aux)
|
||||
API_ARGS_CLOSE(API_MONITOR_PUT2_ARGS)
|
||||
|
||||
API_ARGS_BEGIN(API_MONITOR_GET2_ARGS)
|
||||
API_ARGS_FIELD(WCHAR *, buffer_ptr)
|
||||
API_ARGS_FIELD(ULONG *, buffer_len)
|
||||
API_ARGS_CLOSE(API_MONITOR_GET2_ARGS)
|
||||
|
||||
API_ARGS_BEGIN(API_GET_UNMOUNT_HIVE_ARGS)
|
||||
API_ARGS_FIELD(WCHAR *,path)
|
||||
API_ARGS_CLOSE(API_GET_UNMOUNT_HIVE_ARGS)
|
||||
|
|
|
|||
|
|
@ -112,6 +112,7 @@ static NTSTATUS Session_Api_MonitorPut2(PROCESS *proc, ULONG64 *parms);
|
|||
|
||||
static NTSTATUS Session_Api_MonitorGetEx(PROCESS *proc, ULONG64 *parms);
|
||||
|
||||
static NTSTATUS Session_Api_MonitorGet2(PROCESS *proc, ULONG64 *parms);
|
||||
|
||||
//---------------------------------------------------------------------------
|
||||
// Variables
|
||||
|
|
@ -143,6 +144,7 @@ _FX BOOLEAN Session_Init(void)
|
|||
Api_SetFunction(API_MONITOR_PUT2, Session_Api_MonitorPut2);
|
||||
//Api_SetFunction(API_MONITOR_GET, Session_Api_MonitorGet);
|
||||
Api_SetFunction(API_MONITOR_GET_EX, Session_Api_MonitorGetEx);
|
||||
Api_SetFunction(API_MONITOR_GET2, Session_Api_MonitorGet2);
|
||||
|
||||
|
||||
return TRUE;
|
||||
|
|
@ -984,7 +986,8 @@ _FX NTSTATUS Session_Api_MonitorGetEx(PROCESS* proc, ULONG64* parms)
|
|||
CHAR* read_ptr = NULL;
|
||||
//if (seq_num != NULL)
|
||||
// read_ptr = log_buffer_get_next(*seq_num, session->monitor_log);
|
||||
//else if (session->monitor_log->buffer_size > 0) // for compatibility with older versions we return the oldest entry
|
||||
//else
|
||||
if (session->monitor_log->buffer_used > 0)
|
||||
read_ptr = session->monitor_log->buffer_start_ptr;
|
||||
|
||||
if (!read_ptr) {
|
||||
|
|
@ -1035,7 +1038,7 @@ _FX NTSTATUS Session_Api_MonitorGetEx(PROCESS* proc, ULONG64* parms)
|
|||
//if (seq_num != NULL)
|
||||
// *seq_num = seq_number;
|
||||
//else // for compatibility with older versions we fall back to clearing the returned entry
|
||||
log_buffer_pop_entry(session->monitor_log);
|
||||
log_buffer_pop_entry(session->monitor_log);
|
||||
|
||||
}
|
||||
__except (EXCEPTION_EXECUTE_HANDLER) {
|
||||
|
|
@ -1046,3 +1049,87 @@ _FX NTSTATUS Session_Api_MonitorGetEx(PROCESS* proc, ULONG64* parms)
|
|||
|
||||
return status;
|
||||
}
|
||||
|
||||
//---------------------------------------------------------------------------
|
||||
// Session_Api_MonitorGet2
|
||||
//---------------------------------------------------------------------------
|
||||
|
||||
_FX NTSTATUS Session_Api_MonitorGet2(PROCESS *proc, ULONG64 *parms)
|
||||
{
|
||||
API_MONITOR_GET2_ARGS *args = (API_MONITOR_GET2_ARGS *)parms;
|
||||
NTSTATUS status;
|
||||
ULONG buffer_len;
|
||||
UCHAR* buffer_ptr;
|
||||
SESSION* session;
|
||||
KIRQL irql;
|
||||
|
||||
if (proc)
|
||||
return STATUS_NOT_IMPLEMENTED;
|
||||
|
||||
ProbeForRead(args->buffer_len.val, sizeof(ULONG), sizeof(ULONG));
|
||||
buffer_len = *args->buffer_len.val;
|
||||
ProbeForWrite(args->buffer_len.val, sizeof(ULONG), sizeof(ULONG));
|
||||
*args->buffer_len.val = 0;
|
||||
|
||||
ProbeForWrite(args->buffer_ptr.val, buffer_len, sizeof(UCHAR));
|
||||
buffer_ptr = (UCHAR*)args->buffer_ptr.val;
|
||||
|
||||
status = STATUS_SUCCESS;
|
||||
|
||||
session = Session_Get(FALSE, -1, &irql);
|
||||
if (!session)
|
||||
return STATUS_UNSUCCESSFUL;
|
||||
|
||||
__try {
|
||||
|
||||
if (!session->monitor_log) {
|
||||
|
||||
status = STATUS_DEVICE_NOT_READY;
|
||||
__leave;
|
||||
}
|
||||
|
||||
if (session->monitor_log->buffer_used == 0) {
|
||||
if(session->monitor_overflow)
|
||||
session->monitor_overflow = FALSE;
|
||||
status = STATUS_NO_MORE_ENTRIES;
|
||||
__leave;
|
||||
}
|
||||
|
||||
while (session->monitor_log->buffer_used > 0)
|
||||
{
|
||||
CHAR* read_ptr = session->monitor_log->buffer_start_ptr;
|
||||
|
||||
LOG_BUFFER_SIZE_T entry_size = log_buffer_get_size(&read_ptr, session->monitor_log);
|
||||
LOG_BUFFER_SEQ_T seq_number = log_buffer_get_seq_num(&read_ptr, session->monitor_log);
|
||||
if (entry_size > buffer_len - sizeof(LOG_BUFFER_SIZE_T)) {
|
||||
status = STATUS_MORE_ENTRIES;
|
||||
break;
|
||||
}
|
||||
|
||||
*(LOG_BUFFER_SIZE_T*)buffer_ptr = entry_size;
|
||||
buffer_ptr += sizeof(LOG_BUFFER_SIZE_T);
|
||||
buffer_len -= sizeof(LOG_BUFFER_SIZE_T);
|
||||
|
||||
log_buffer_get_bytes((CHAR*)buffer_ptr, entry_size, &read_ptr, session->monitor_log);
|
||||
buffer_ptr += entry_size;
|
||||
buffer_len -= entry_size;
|
||||
|
||||
log_buffer_pop_entry(session->monitor_log);
|
||||
}
|
||||
|
||||
// always terminate with null length
|
||||
*(LOG_BUFFER_SIZE_T*)buffer_ptr = 0;
|
||||
buffer_ptr += sizeof(LOG_BUFFER_SIZE_T);
|
||||
buffer_len -= sizeof(LOG_BUFFER_SIZE_T);
|
||||
|
||||
// return total used buffer length
|
||||
*args->buffer_len.val = (ULONG)(buffer_ptr - (UCHAR*)args->buffer_ptr.val);
|
||||
}
|
||||
__except (EXCEPTION_EXECUTE_HANDLER) {
|
||||
status = GetExceptionCode();
|
||||
}
|
||||
|
||||
Session_Unlock(irql);
|
||||
|
||||
return status;
|
||||
}
|
||||
|
|
@ -81,7 +81,7 @@ _FX int Syscall_HookMapMatch(const UCHAR *name, ULONG name_len, LIST *list)
|
|||
|
||||
WCHAR wname[68];
|
||||
ULONG i;
|
||||
for (i = 0; i < max(name_len, 64); i++)
|
||||
for (i = 0; i < min(name_len, 64); i++)
|
||||
wname[i] = name[i];
|
||||
wname[i] = 0;
|
||||
|
||||
|
|
|
|||
|
|
@ -63,12 +63,16 @@ struct SSbieAPI
|
|||
|
||||
lastMessageNum = 0;
|
||||
//lastRecordNum = 0;
|
||||
traceBuffer = NULL;
|
||||
traceBufferLen = 0;
|
||||
|
||||
SbieMsgDll = NULL;
|
||||
|
||||
SvcLock = 0;
|
||||
}
|
||||
~SSbieAPI() {
|
||||
if (traceBuffer)
|
||||
free(traceBuffer);
|
||||
}
|
||||
|
||||
NTSTATUS IoControl(ULONG64 *parms)
|
||||
|
|
@ -94,6 +98,8 @@ struct SSbieAPI
|
|||
bool clearingBuffers;
|
||||
ULONG lastMessageNum;
|
||||
//ULONG lastRecordNum;
|
||||
UCHAR* traceBuffer;
|
||||
ULONG traceBufferLen;
|
||||
|
||||
HMODULE SbieMsgDll;
|
||||
|
||||
|
|
@ -2487,6 +2493,7 @@ bool CSbieAPI::IsMonitoring()
|
|||
|
||||
bool CSbieAPI::GetMonitor()
|
||||
{
|
||||
#if 0
|
||||
ULONG type;
|
||||
ULONG pid = 0;
|
||||
ULONG tid = 0;
|
||||
|
|
@ -2532,6 +2539,65 @@ bool CSbieAPI::GetMonitor()
|
|||
m_TraceCache.append(LogEntry);
|
||||
|
||||
return true;
|
||||
|
||||
#else // bulk retrival starting with build 1.6.6
|
||||
|
||||
if (m->traceBuffer == NULL) {
|
||||
m->traceBufferLen = 256 * PAGE_SIZE;
|
||||
m->traceBuffer = (UCHAR*)malloc(m->traceBufferLen);
|
||||
}
|
||||
|
||||
ULONG buffer_len = m->traceBufferLen;
|
||||
UCHAR* buffer = m->traceBuffer;
|
||||
|
||||
__declspec(align(8)) ULONG64 parms[API_NUM_ARGS];
|
||||
API_MONITOR_GET2_ARGS* args = (API_MONITOR_GET2_ARGS*)parms;
|
||||
|
||||
memset(parms, 0, sizeof(parms));
|
||||
args->func_code = API_MONITOR_GET2;
|
||||
args->buffer_ptr.val = (WCHAR*)buffer;
|
||||
args->buffer_len.val = &buffer_len;
|
||||
|
||||
NTSTATUS status = m->IoControl(parms);
|
||||
if (!NT_SUCCESS(status))
|
||||
return false; // error or no more entries
|
||||
|
||||
if (m->clearingBuffers)
|
||||
return true;
|
||||
|
||||
for (UCHAR* ptr = buffer; *(ULONG*)ptr > 0; ) {
|
||||
|
||||
ULONG uSize = *(ULONG*)ptr;
|
||||
ptr += sizeof(ULONG);
|
||||
|
||||
ULONG uType = *(ULONG*)ptr;
|
||||
ptr += sizeof(ULONG);
|
||||
uSize -= sizeof(ULONG);
|
||||
|
||||
ULONG uPid = *(ULONG*)ptr;
|
||||
ptr += sizeof(ULONG);
|
||||
uSize -= sizeof(ULONG);
|
||||
|
||||
ULONG uTid = *(ULONG*)ptr;
|
||||
ptr += sizeof(ULONG);
|
||||
uSize -= sizeof(ULONG);
|
||||
|
||||
QStringList LogData;
|
||||
for (size_t pos = 0; pos < uSize; ) {
|
||||
size_t len = wcslen((WCHAR*)(ptr + pos));
|
||||
LogData.append(QString::fromWCharArray((WCHAR*)(ptr + pos), len));
|
||||
pos += (len + 1) * sizeof(WCHAR);
|
||||
}
|
||||
ptr += uSize;
|
||||
|
||||
CTraceEntryPtr LogEntry = CTraceEntryPtr(new CTraceEntry(uPid, uTid, uType, LogData));
|
||||
|
||||
QMutexLocker Lock(&m_TraceMutex);
|
||||
m_TraceCache.append(LogEntry);
|
||||
}
|
||||
|
||||
return status == STATUS_MORE_ENTRIES;
|
||||
#endif
|
||||
}
|
||||
|
||||
const QVector<CTraceEntryPtr>& CSbieAPI::GetTrace()
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@
|
|||
|
||||
#define VERSION_MJR 1
|
||||
#define VERSION_MIN 6
|
||||
#define VERSION_REV 5
|
||||
#define VERSION_REV 6
|
||||
#define VERSION_UPD 0
|
||||
|
||||
#ifndef STR
|
||||
|
|
|
|||
Loading…
Reference in New Issue