Navigation

← Previous Changeset
Next Changeset →

Changeset 1774

Timestamp:

08/29/08 10:42:32 (3 months ago)

Author:

xkovah

Message:

soooooo….I shouldn't have been making assumptions about the way soap_malloc() (or rather how the deallocation of soap_malloc()ed memory) worked without having read the documentation. Thus I shouldn't have moved the event allocation to use soap_malloc(). The weird thing was how it only corrupted the last element, rather than deallocating everything after any call…that would have made it easier to determine what was going on. Now I'm just keeping a list of events which need to get dealloced eventually.

Files:

capture-mod/trunk/CaptureClient.sln (modified) (1 diff)
capture-mod/trunk/CaptureSoapServer.cpp (modified) (13 diffs)
capture-mod/trunk/KernelDrivers/CaptureKernelDrivers/CaptureKernelDrivers.vcproj (modified) (1 diff)
capture-mod/trunk/install/CaptureBAT.exe (modified) (previous)
capture-mod/trunk/install/CaptureFileMonitor.sys (modified) (previous)
capture-mod/trunk/install/CaptureProcessMonitor.sys (modified) (previous)
capture-mod/trunk/install/CaptureRegistryMonitor.sys (modified) (previous)

Legend:

: Unmodified
: Added
: Removed
: Modified
: Copied
: Moved

capture-mod/trunk/CaptureClient.sln

r1644	r1774
23	23	{AE2C8E80-7D21-47AD-987B-43E0708AE549}.Release\|Win32.Build.0 = Release\|Win32
24	24	{4EF34E6D-B30C-46E5-9FC5-967ECEADE2CD}.Debug\|Win32.ActiveCfg = Debug\|Win32
	25	{4EF34E6D-B30C-46E5-9FC5-967ECEADE2CD}.Debug\|Win32.Build.0 = Debug\|Win32
25	26	{4EF34E6D-B30C-46E5-9FC5-967ECEADE2CD}.Release\|Win32.ActiveCfg = Release\|Win32
26	27	{4EF34E6D-B30C-46E5-9FC5-967ECEADE2CD}.Release\|Win32.Build.0 = Release\|Win32

capture-mod/trunk/CaptureSoapServer.cpp

r1773	r1774
15	15
16	16	std::list<struct ns__regEvent> regList;
	17	std::list<struct ns__regEvent> regDeallocList;
17	18	std::list<struct ns__fileEvent> fileList;
	19	std::list<struct ns__fileEvent> fileDeallocList;
18	20	std::list<struct ns__procEvent> procList;
19
	21	std::list<struct ns__procEvent> procDeallocList;
	22	void dealloc_events(); //For cleaning up when we're done with them
20	23
21	24	CaptureSoapServer::CaptureSoapServer(Visitor* v, RegistryMonitor * r, FileMonitor * f, ProcessMonitor * p){
…	…
69	72	soap_destroy(&soap); // clean up class instances
70	73	soap_end(&soap); // clean up everything and close socket
	74	dealloc_events(); //Need to clean up any memory we malloced for events
71	75	}
72	76	}
…	…
83	87	vector<wstring> extra)
84	88	{
	89	char debug = 0;
85	90	printf("CaptureSoapServer::onRegistryEvent got an event for time = %ls, length = %d\n", time.c_str(), time.length());
86	91
…	…
88	93	//TODO: use a soap function to make r
89	94	ns__regEvent_t r;
90		r.time = (char *)~~soap_malloc(&soap,~~time.length()+1);
	95	r.time = (char *)malloc(time.length()+1);
91	96	sprintf(r.time, "%ls", time.c_str());
92	97
93		r.eventType = (char *)~~soap_malloc(&soap,~~registryEventType.length()+1);
	98	r.eventType = (char *)malloc(registryEventType.length()+1);
94	99	sprintf(r.eventType, "%ls", registryEventType.c_str());
95	100
96		char * tmp = (char *)~~soap_malloc(&soap,~~extra.at(0).length()+1);
	101	char * tmp = (char *)malloc(extra.at(0).length()+1);
97	102	sprintf(tmp, "%ls", extra.at(0).c_str());
98	103	r.procPID = atoi(tmp);
99	104	free(tmp);
100	105
101		r.procName = (char *)~~soap_malloc(&soap,~~processPath.length()+1);
	106	r.procName = (char *)malloc(processPath.length()+1);
102	107	sprintf(r.procName, "%ls", processPath.c_str());
103	108
104		r.keyName = (char *)~~soap_malloc(&soap,~~registryEventPath.length()+1);
	109	r.keyName = (char *)malloc(registryEventPath.length()+1);
105	110	sprintf(r.keyName, "%ls", registryEventPath.c_str());
106	111
107		r.valueName = (char *)~~soap_malloc(&soap,~~extra.at(1).length()+1);
	112	r.valueName = (char *)malloc(extra.at(1).length()+1);
108	113	sprintf(r.valueName, "%ls", extra.at(1).c_str());
109	114
110		r.valueType = (char *)~~soap_malloc(&soap,~~extra.at(2).length()+1);
	115	r.valueType = (char *)malloc(extra.at(2).length()+1);
111	116	sprintf(r.valueType, "%ls", extra.at(2).c_str());
112	117
113		r.valueData = (char *)~~soap_malloc(&soap,~~extra.at(3).length()+1);
	118	r.valueData = (char *)malloc(extra.at(3).length()+1);
114	119	sprintf(r.valueData, "%ls", extra.at(3).c_str());
	120
	121	int * b = (int *)&r;
	122	for(int i = 0; i < 8; i++){
	123	printf("r[%d] = %#x\n", i, b[i]);
	124	}
115	125
116	126	regList.push_back(r);
…	…
124	134	vector<wstring> extra)
125	135	{
	136	char debug = 0;
126	137	printf("CaptureSoapServer::onFileEvent got an event for time = %ls\n", time.c_str());
127	138	ns__fileEvent_t f;
128		f.time = (char *)~~soap_malloc(&soap,~~time.length()+1);
	139	f.time = (char *)malloc(time.length()+1);
129	140	sprintf(f.time, "%ls", time.c_str());
130	141
131		f.eventType = (char *)~~soap_malloc(&soap,~~fileEventType.length()+1);
	142	f.eventType = (char *)malloc(fileEventType.length()+1);
132	143	sprintf(f.eventType, "%ls", fileEventType.c_str());
133	144
…	…
137	148	free(tmp);
138	149
139		f.procName = (char *)~~soap_malloc(&soap,~~processPath.length()+1);
	150	f.procName = (char *)malloc(processPath.length()+1);
140	151	sprintf(f.procName, "%ls", processPath.c_str());
141	152
142		f.fileName = (char *)~~soap_malloc(&soap,~~fileEventPath.length()+1);
	153	f.fileName = (char *)malloc(fileEventPath.length()+1);
143	154	sprintf(f.fileName, "%ls", fileEventPath.c_str());
144	155
	156	if(debug){
	157	int * b = (int *)&f;
	158	for(int i = 0; i < 5; i++){
	159	printf("f[%d] = %#x\n", i, b[i]);
	160	}
	161	}
145	162	fileList.push_back(f);
146	163	printf("added one event to fileList. Now there are %d elements in the list\n", fileList.size());
147
148	164
149	165	}
…	…
155	171	printf("CaptureSoapServer::onProcessEvent got an event for time = %ls\n", time.c_str());
156	172	ns__procEvent_t p;
157		p.time = (char *)~~soap_malloc(&soap,~~time.length()+1);
	173	p.time = (char *)malloc(time.length()+1);
158	174	sprintf(p.time, "%ls", time.c_str());
159	175
160		p.eventType = (char *)~~soap_malloc(&soap,~~11); //11 == max length == "terminated"
	176	p.eventType = (char *)malloc(11); //11 == max length == "terminated"
161	177	if(created){
162	178	sprintf(p.eventType, "created");
…	…
168	184	p.parentPID = parentProcessId;
169	185
170		p.parentName = (char *)~~soap_malloc(&soap,~~parentProcess.length()+1);
	186	p.parentName = (char *)malloc(parentProcess.length()+1);
171	187	sprintf(p.parentName, "%ls", parentProcess.c_str());
172	188
173	189	p.procPID = processId;
174	190
175		p.procName = (char *)~~soap_malloc(&soap,~~process.length()+1);
	191	p.procName = (char *)malloc(process.length()+1);
176	192	sprintf(p.procName, "%ls", process.c_str());
177	193
…	…
378	394	//If maxEventsReturned == -1, then then send as many as possible.
379	395	int ns__returnEvents(struct soap *soap, int maxEventsToReturn, struct ns__allEvents &result){
380		char debug = 0;
	396	char debug = 1;
381	397
382	398	struct ns__allEvents * all = soap_new_ns__allEvents(soap, 1);
…	…
408	424
409	425	for(unsigned int i = 0; i < dRegArray->__size; i++){
	426	if(debug){
	427	printf("i = %d\n", i);
	428	// printf("regList.front().time %s, %#x\n", regList.front().time, regList.front().time);
	429	// printf("regList.front().eventType %s, %#x\n", regList.front().eventType, regList.front().eventType);
	430	// printf("regList.front().procPID %d, %#x\n", regList.front().procPID, regList.front().procPID);
	431	// printf("regList.front().procName %s, %#x\n", regList.front().procName, regList.front().procName);
	432	int * b = (int *)&regList.front();
	433	for(int i = 0; i < 8; i++){
	434	printf("r[%d] = %#x\n", i, b[i]);
	435	}
	436	}
410	437	memcpy(&ns__regEventArray[i],&regList.front(), sizeof(struct ns__regEvent));
	438	regDeallocList.push_back(regList.front()); //Need to keep track of it to dealloc its elements later
411	439	regList.pop_front();
412		~~if(debug){~~
413		~~printf("i = %d\n", i);~~
414		~~printf("regList.front().time %s, %#x\n", regList.front().time, regList.front().time);~~
415		~~printf("regList.front().eventType %s, %#x\n", regList.front().eventType, regList.front().eventType);~~
416		~~printf("regList.front().procPID %d, %#x\n", regList.front().procPID, regList.front().procPID);~~
417		~~printf("regList.front().procName %s, %#x\n", regList.front().procName, regList.front().procName);~~
418		}
419	440	}
420	441	}
…	…
441	462	for(unsigned int i = 0; i < dFileArray->__size; i++){
442	463	memcpy(&ns__fileEventArray[i],&fileList.front(), sizeof(struct ns__fileEvent));
	464	fileDeallocList.push_back(fileList.front());
443	465	fileList.pop_front();
444	466	}
…	…
465	487	for(unsigned int i = 0; i < dProcArray->__size; i++){
466	488	memcpy(&ns__procEventArray[i],&procList.front(), sizeof(struct ns__procEvent));
	489	procDeallocList.push_back(procList.front());
467	490	procList.pop_front();
468	491	}
…	…
470	493
471	494	result = *all;
472		~~printf("result = %#x, all = %#x\n", result, all);~~
473		~~printf("all = %#x, result.regEvents = %#x\n", all, result.regEvents);~~
474	495	printf("all->regEvents = %#x, all->fileEvents = %#x, all->procEvents = %#x\n", all->regEvents, all->fileEvents, all->procEvents);
475		printf("&dRegArray = %#x, dRegArray->__ptr = %#x\n",&dRegArray, dRegArray->__ptr);
476		printf("dRegArray->__ptr[0][1][2][3] = %#x %#x %#x %#x\n", dRegArray->__ptr[0], dRegArray->__ptr[1], dRegArray->__ptr[2], dRegArray->__ptr[3]);
477
	496	// printf("&dRegArray = %#x, dRegArray->__ptr = %#x\n",&dRegArray, dRegArray->__ptr);
	497	// printf("dRegArray->__ptr[0][1][2][3] = %#x %#x %#x %#x\n", dRegArray->__ptr[0], dRegArray->__ptr[1], dRegArray->__ptr[2], dRegArray->__ptr[3]);
	498	printf("regList.size() = %d, fileList.size() = %d, procList.size() = %d\n", regList.size(), fileList.size(), procList.size());
478	499
479	500	return SOAP_OK;
480	501	}
481	502
	503	//Helper function to deallocate any memory in events which have already had their data sent via SOAP
	504	void dealloc_events(){
	505
	506	if(!regDeallocList.empty()){
	507	for(int i = 0; i < regDeallocList.size(); i++){
	508	free(regDeallocList.front().time);
	509	free(regDeallocList.front().eventType);
	510	free(regDeallocList.front().procName);
	511	free(regDeallocList.front().keyName);
	512	free(regDeallocList.front().valueName);
	513	free(regDeallocList.front().valueType);
	514	free(regDeallocList.front().valueData);
	515	regDeallocList.pop_front();
	516	}
	517	}
	518
	519	if(!fileDeallocList.empty()){
	520	for(int i = 0; i < fileDeallocList.size(); i++){
	521	free(fileDeallocList.front().time);
	522	free(fileDeallocList.front().eventType);
	523	free(fileDeallocList.front().procName);
	524	free(fileDeallocList.front().fileName);
	525	fileDeallocList.pop_front();
	526	}
	527	}
	528
	529	if(!procDeallocList.empty()){
	530	for(int i = 0; i < procDeallocList.size(); i++){
	531	free(procDeallocList.front().time);
	532	free(procDeallocList.front().eventType);
	533	free(procDeallocList.front().parentName);
	534	free(procDeallocList.front().procName);
	535	procDeallocList.pop_front();
	536	}
	537	}
	538
	539	}
482	540
483	541	//Thus far, SOAP::Lite hasn't been sending the data correctly, so we never get into this function.

capture-mod/trunk/KernelDrivers/CaptureKernelDrivers/CaptureKernelDrivers.vcproj

r823	r1774
29	29	Output="CaptureKernelDrivers.exe"
30	30	PreprocessorDefinitions="WIN32;_DEBUG"
31		IncludeSearchPath="~~D:\WinDDK\6000\inc\ddk;D:\WinDDK\6000\inc\api~~"
	31	IncludeSearchPath="F:\WinDDK\6000\inc\ddk;F:\WinDDK\6000\inc\api;F:\capture-mod\ddkbuild_v70b7;F:\Program Files\Microsoft Visual Studio 8\VC\bin;F:\capture-mod\NSIS;F:\capture-mod\expatpp\src_pp;F:\capture-mod\expatpp\expat\lib;F:\Program Files\Microsoft Visual Studio 8\VC\INCLUDE;"
32	32	ForcedIncludes=""
33	33	AssemblySearchPath=""