Process Hacker
log.c
Go to the documentation of this file.
1 /*
2  * Process Hacker -
3  * logging system
4  *
5  * Copyright (C) 2010 wj32
6  *
7  * This file is part of Process Hacker.
8  *
9  * Process Hacker is free software; you can redistribute it and/or modify
10  * it under the terms of the GNU General Public License as published by
11  * the Free Software Foundation, either version 3 of the License, or
12  * (at your option) any later version.
13  *
14  * Process Hacker is distributed in the hope that it will be useful,
15  * but WITHOUT ANY WARRANTY; without even the implied warranty of
16  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17  * GNU General Public License for more details.
18  *
19  * You should have received a copy of the GNU General Public License
20  * along with Process Hacker. If not, see <http://www.gnu.org/licenses/>.
21  */
22 
23 #define PH_LOG_PRIVATE
24 #include <phapp.h>
25 #include <settings.h>
26 
27 PH_CIRCULAR_BUFFER_PVOID PhLogBuffer;
28 PHAPPAPI PH_CALLBACK_DECLARE(PhLoggedCallback);
29 
30 VOID PhLogInitialization(
31  VOID
32  )
33 {
34  ULONG entries;
35 
36  entries = PhGetIntegerSetting(L"LogEntries");
37  if (entries > 0x1000) entries = 0x1000;
38  PhInitializeCircularBuffer_PVOID(&PhLogBuffer, entries);
39  memset(PhLogBuffer.Data, 0, sizeof(PVOID) * PhLogBuffer.Size);
40 }
41 
42 PPH_LOG_ENTRY PhpCreateLogEntry(
43  _In_ UCHAR Type
44  )
45 {
46  PPH_LOG_ENTRY entry;
47 
48  entry = PhAllocate(sizeof(PH_LOG_ENTRY));
49  memset(entry, 0, sizeof(PH_LOG_ENTRY));
50 
51  entry->Type = Type;
52  PhQuerySystemTime(&entry->Time);
53 
54  return entry;
55 }
56 
57 VOID PhpFreeLogEntry(
58  _Inout_ PPH_LOG_ENTRY Entry
59  )
60 {
61  if (Entry->Type >= PH_LOG_ENTRY_PROCESS_FIRST && Entry->Type <= PH_LOG_ENTRY_PROCESS_LAST)
62  {
63  PhDereferenceObject(Entry->Process.Name);
64  if (Entry->Process.ParentName) PhDereferenceObject(Entry->Process.ParentName);
65  }
66  else if (Entry->Type >= PH_LOG_ENTRY_SERVICE_FIRST && Entry->Type <= PH_LOG_ENTRY_SERVICE_LAST)
67  {
68  PhDereferenceObject(Entry->Service.Name);
69  PhDereferenceObject(Entry->Service.DisplayName);
70  }
71  else if (Entry->Type == PH_LOG_ENTRY_MESSAGE)
72  {
73  PhDereferenceObject(Entry->Message);
74  }
75 
76  PhFree(Entry);
77 }
78 
79 PPH_LOG_ENTRY PhpCreateProcessLogEntry(
80  _In_ UCHAR Type,
81  _In_ HANDLE ProcessId,
82  _In_ PPH_STRING Name,
83  _In_opt_ HANDLE ParentProcessId,
84  _In_opt_ PPH_STRING ParentName
85  )
86 {
87  PPH_LOG_ENTRY entry;
88 
89  entry = PhpCreateLogEntry(Type);
90  entry->Process.ProcessId = ProcessId;
91  PhReferenceObject(Name);
92  entry->Process.Name = Name;
93 
94  entry->Process.ParentProcessId = ParentProcessId;
95 
96  if (ParentName)
97  {
98  PhReferenceObject(ParentName);
99  entry->Process.ParentName = ParentName;
100  }
101 
102  return entry;
103 }
104 
105 PPH_LOG_ENTRY PhpCreateServiceLogEntry(
106  _In_ UCHAR Type,
107  _In_ PPH_STRING Name,
108  _In_ PPH_STRING DisplayName
109  )
110 {
111  PPH_LOG_ENTRY entry;
112 
113  entry = PhpCreateLogEntry(Type);
114  PhReferenceObject(Name);
115  entry->Service.Name = Name;
116  PhReferenceObject(DisplayName);
117  entry->Service.DisplayName = DisplayName;
118 
119  return entry;
120 }
121 
122 PPH_LOG_ENTRY PhpCreateMessageLogEntry(
123  _In_ UCHAR Type,
124  _In_ PPH_STRING Message
125  )
126 {
127  PPH_LOG_ENTRY entry;
128 
129  entry = PhpCreateLogEntry(Type);
130  PhReferenceObject(Message);
131  entry->Message = Message;
132 
133  return entry;
134 }
135 
136 VOID PhpLogEntry(
137  _In_ PPH_LOG_ENTRY Entry
138  )
139 {
140  PPH_LOG_ENTRY oldEntry;
141 
142  oldEntry = PhAddItemCircularBuffer2_PVOID(&PhLogBuffer, Entry);
143 
144  if (oldEntry)
145  PhpFreeLogEntry(oldEntry);
146 
147  PhInvokeCallback(&PhLoggedCallback, Entry);
148 }
149 
150 VOID PhClearLogEntries(
151  VOID
152  )
153 {
154  ULONG i;
155 
156  for (i = 0; i < PhLogBuffer.Size; i++)
157  {
158  if (PhLogBuffer.Data[i])
159  PhpFreeLogEntry(PhLogBuffer.Data[i]);
160  }
161 
162  PhClearCircularBuffer_PVOID(&PhLogBuffer);
163  memset(PhLogBuffer.Data, 0, sizeof(PVOID) * PhLogBuffer.Size);
164 }
165 
166 VOID PhLogProcessEntry(
167  _In_ UCHAR Type,
168  _In_ HANDLE ProcessId,
169  _In_ PPH_STRING Name,
170  _In_opt_ HANDLE ParentProcessId,
171  _In_opt_ PPH_STRING ParentName
172  )
173 {
174  PhpLogEntry(PhpCreateProcessLogEntry(Type, ProcessId, Name, ParentProcessId, ParentName));
175 }
176 
177 VOID PhLogServiceEntry(
178  _In_ UCHAR Type,
179  _In_ PPH_STRING Name,
180  _In_ PPH_STRING DisplayName
181  )
182 {
183  PhpLogEntry(PhpCreateServiceLogEntry(Type, Name, DisplayName));
184 }
185 
186 VOID PhLogMessageEntry(
187  _In_ UCHAR Type,
188  _In_ PPH_STRING Message
189  )
190 {
191  PhpLogEntry(PhpCreateMessageLogEntry(Type, Message));
192 }
193 
194 PPH_STRING PhFormatLogEntry(
195  _In_ PPH_LOG_ENTRY Entry
196  )
197 {
198  switch (Entry->Type)
199  {
200  case PH_LOG_ENTRY_PROCESS_CREATE:
201  return PhFormatString(
202  L"Process created: %s (%u) started by %s (%u)",
203  Entry->Process.Name->Buffer,
204  (ULONG)Entry->Process.ProcessId,
205  PhGetStringOrDefault(Entry->Process.ParentName, L"Unknown Process"),
206  (ULONG)Entry->Process.ParentProcessId
207  );
208  case PH_LOG_ENTRY_PROCESS_DELETE:
209  return PhFormatString(L"Process terminated: %s (%u)", Entry->Process.Name->Buffer, (ULONG)Entry->Process.ProcessId);
210  case PH_LOG_ENTRY_SERVICE_CREATE:
211  return PhFormatString(L"Service created: %s (%s)", Entry->Service.Name->Buffer, Entry->Service.DisplayName->Buffer);
212  case PH_LOG_ENTRY_SERVICE_DELETE:
213  return PhFormatString(L"Service deleted: %s (%s)", Entry->Service.Name->Buffer, Entry->Service.DisplayName->Buffer);
214  case PH_LOG_ENTRY_SERVICE_START:
215  return PhFormatString(L"Service started: %s (%s)", Entry->Service.Name->Buffer, Entry->Service.DisplayName->Buffer);
216  case PH_LOG_ENTRY_SERVICE_STOP:
217  return PhFormatString(L"Service stopped: %s (%s)", Entry->Service.Name->Buffer, Entry->Service.DisplayName->Buffer);
218  case PH_LOG_ENTRY_SERVICE_CONTINUE:
219  return PhFormatString(L"Service continued: %s (%s)", Entry->Service.Name->Buffer, Entry->Service.DisplayName->Buffer);
220  case PH_LOG_ENTRY_SERVICE_PAUSE:
221  return PhFormatString(L"Service paused: %s (%s)", Entry->Service.Name->Buffer, Entry->Service.DisplayName->Buffer);
222  case PH_LOG_ENTRY_MESSAGE:
223  PhReferenceObject(Entry->Message);
224  return Entry->Message;
225  default:
226  return PhReferenceEmptyString();
227  }
228 }