From 352d895e3a1c23d185a7d10b31e9f41afadd4220 Mon Sep 17 00:00:00 2001 From: Brad Spengler Date: Mon, 13 Feb 2017 13:53:24 -0500 Subject: [PATCH] Fix two problems, little cleanups --- cuckoomon.c | 2 +- hook_file.c | 38 ++++++++++++++++++++++++++++---------- hooks.h | 11 ++++++++++- 3 files changed, 39 insertions(+), 12 deletions(-) diff --git a/cuckoomon.c b/cuckoomon.c index a7eed53..32fea33 100644 --- a/cuckoomon.c +++ b/cuckoomon.c @@ -137,7 +137,7 @@ static hook_t g_hooks[] = { // Covered by NtCreateFile() but still grab this information HOOK(kernel32, CopyFileA), HOOK(kernel32, CopyFileW), - HOOK(kernel32, CopyFileExW), + HOOK_NOTAIL_ALT(kernel32, CopyFileExW, 6), // Covered by NtSetInformationFile() but still grab this information HOOK(kernel32, DeleteFileA), diff --git a/hook_file.c b/hook_file.c index 01d2f8f..a0cd24f 100644 --- a/hook_file.c +++ b/hook_file.c @@ -743,11 +743,8 @@ HOOKDEF_NOTAIL(WINAPI, MoveFileWithProgressW, BOOL ret = TRUE; if (lpProgressRoutine) { - wchar_t *path = malloc(32768 * sizeof(wchar_t)); - ensure_absolute_unicode_path(path, lpExistingFileName); - LOQ_bool("filesystem", "uFh", "ExistingFileName", path, + LOQ_bool("filesystem", "FFh", "ExistingFileName", lpExistingFileName, "NewFileName", lpNewFileName, "Flags", dwFlags); - free(path); return 0; } return 1; @@ -795,11 +792,8 @@ HOOKDEF_NOTAIL(WINAPI, MoveFileWithProgressTransactedW, BOOL ret = TRUE; if (lpProgressRoutine) { - wchar_t *path = malloc(32768 * sizeof(wchar_t)); - ensure_absolute_unicode_path(path, lpExistingFileName); - LOQ_bool("filesystem", "uFh", "ExistingFileName", path, + LOQ_bool("filesystem", "FFh", "ExistingFileName", lpExistingFileName, "NewFileName", lpNewFileName, "Flags", dwFlags); - free(path); return 0; } return 1; @@ -1014,7 +1008,31 @@ HOOKDEF(BOOL, WINAPI, CopyFileW, return ret; } -HOOKDEF(BOOL, WINAPI, CopyFileExW, +HOOKDEF_NOTAIL(WINAPI, CopyFileExW, + _In_ LPWSTR lpExistingFileName, + _In_ LPWSTR lpNewFileName, + _In_opt_ LPPROGRESS_ROUTINE lpProgressRoutine, + _In_opt_ LPVOID lpData, + _In_opt_ LPBOOL pbCancel, + _In_ DWORD dwCopyFlags +) { + BOOL ret = TRUE; + BOOL file_existed = FALSE; + + if (GetFileAttributesW(lpNewFileName) != INVALID_FILE_ATTRIBUTES) + file_existed = TRUE; + + if (lpProgressRoutine) { + LOQ_bool("filesystem", "FFis", "ExistingFileName", lpExistingFileName, + "NewFileName", lpNewFileName, "CopyFlags", dwCopyFlags, "ExistedBefore", file_existed ? "yes" : "no"); + return 0; + } + + return 1; +} + + +HOOKDEF_ALT(BOOL, WINAPI, CopyFileExW, _In_ LPWSTR lpExistingFileName, _In_ LPWSTR lpNewFileName, _In_opt_ LPPROGRESS_ROUTINE lpProgressRoutine, @@ -1030,7 +1048,7 @@ HOOKDEF(BOOL, WINAPI, CopyFileExW, ret = Old_CopyFileExW(lpExistingFileName, lpNewFileName, lpProgressRoutine, lpData, pbCancel, dwCopyFlags); LOQ_bool("filesystem", "FFis", "ExistingFileName", lpExistingFileName, - "NewFileName", lpNewFileName, "CopyFlags", dwCopyFlags, file_existed ? "yes" : "no"); + "NewFileName", lpNewFileName, "CopyFlags", dwCopyFlags, "ExistedBefore", file_existed ? "yes" : "no"); if (ret) new_file_path_unicode(lpNewFileName); diff --git a/hooks.h b/hooks.h index fe23b60..84a4825 100644 --- a/hooks.h +++ b/hooks.h @@ -240,7 +240,7 @@ extern HOOKDEF(BOOL, WINAPI, CopyFileW, __in BOOL bFailIfExists ); -extern HOOKDEF(BOOL, WINAPI, CopyFileExW, +extern HOOKDEF_NOTAIL(WINAPI, CopyFileExW, _In_ LPWSTR lpExistingFileName, _In_ LPWSTR lpNewFileName, _In_opt_ LPPROGRESS_ROUTINE lpProgressRoutine, @@ -249,6 +249,15 @@ extern HOOKDEF(BOOL, WINAPI, CopyFileExW, _In_ DWORD dwCopyFlags ); +extern HOOKDEF_ALT(BOOL, WINAPI, CopyFileExW, + _In_ LPWSTR lpExistingFileName, + _In_ LPWSTR lpNewFileName, + _In_opt_ LPPROGRESS_ROUTINE lpProgressRoutine, + _In_opt_ LPVOID lpData, + _In_opt_ LPBOOL pbCancel, + _In_ DWORD dwCopyFlags +); + extern HOOKDEF(BOOL, WINAPI, DeleteFileA, __in LPCSTR lpFileName );