/********************************************************/ /* ntapi: Native API core library */ /* Copyright (C) 2013--2017 Z. Gilboa */ /* Released under GPLv2 and GPLv3; see COPYING.NTAPI. */ /********************************************************/ #include #include #include #include "ntapi_impl.h" ssize_t __cdecl __ntapi_log_write( __in void * hfile, __in const void * buf, __in size_t bytes) { nt_iosb iosb; int32_t status; status = __ntapi->zw_write_file( hfile, (void *)0, (nt_io_apc_routine *)0, (void *)0, &iosb, (void *)buf, (uint32_t)bytes, (nt_large_integer *)0, (uint32_t *)0); if (status == NT_STATUS_SUCCESS) return iosb.info; else return -1; } int32_t __cdecl __ntapi_log_fn_call( __in void * hfile __optional, __in const char * fn_caller_name, __in void * fn_callee_addr, __in uintptr_t fn_ret, __in ntapi_log_write* pfn_log_write __optional, __in const char * source __optional, __in int line __optional) { struct pe_ldr_tbl_entry * image_meta; void * image_base; char * fn_name; ssize_t bytes; char log_buf[2048]; if (!pfn_log_write) pfn_log_write = __ntapi_log_write; image_meta = pe_get_symbol_module_info(fn_callee_addr); fn_name = (char *)0; if (image_meta) image_base = image_meta->dll_base; else image_base = (void *)0; if (image_base) fn_name = pe_get_symbol_name( image_base, fn_callee_addr); if (source && fn_name) bytes = __ntapi->sprintf( log_buf, "%s: (%s:%d):\n" "--> %s returned 0x%08x\n\n", fn_caller_name, source, line, fn_name, fn_ret); else if (fn_name) bytes = __ntapi->sprintf( log_buf, "%s: %s returned 0x%08x\n\n", fn_caller_name, fn_name, fn_ret); else if (source) bytes = __ntapi->sprintf( log_buf, "%s: (%s:%d):\n" "--> calling 0x%08x returned 0x%08x\n\n", fn_caller_name, source, line, fn_callee_addr, fn_ret); else bytes = __ntapi->sprintf( log_buf, "%s: calling 0x%08x returned 0x%08x\n\n", fn_caller_name, fn_callee_addr, fn_ret); if (bytes) { bytes = __ntapi->strlen(log_buf); if (bytes == pfn_log_write(hfile,log_buf,bytes)) return NT_STATUS_SUCCESS; else return NT_STATUS_UNSUCCESSFUL; } else return NT_STATUS_UNSUCCESSFUL; } int32_t __cdecl __ntapi_log_msg( __in void * hfile __optional, __in const char * source __optional, __in int line __optional, __in const char * fn_caller_name, __in const char * fmt, __in uintptr_t arg1, __in uintptr_t arg2, __in uintptr_t arg3, __in uintptr_t arg4, __in uintptr_t arg5, __in uintptr_t arg6, __in ntapi_log_write* pfn_log_write __optional) { char * buffer; ssize_t bytes; char log_buf[2048]; if (!pfn_log_write) pfn_log_write = __ntapi_log_write; bytes = 0; buffer = log_buf; if (source) bytes = __ntapi->sprintf( buffer, "%s: (%s:%d):\n--> ", fn_caller_name,source,line); else if (fn_caller_name) bytes = __ntapi->sprintf( buffer, "%s: ", fn_caller_name); else log_buf[0] = '\0'; if (bytes >= 0) buffer += __ntapi->strlen(log_buf); else return NT_STATUS_UNSUCCESSFUL; bytes = __ntapi->sprintf(buffer,fmt,arg1,arg2,arg3,arg4,arg5,arg6); if (bytes) { bytes = __ntapi->strlen(log_buf); if (bytes == pfn_log_write(hfile,log_buf,bytes)) return NT_STATUS_SUCCESS; else return NT_STATUS_UNSUCCESSFUL; } else return NT_STATUS_UNSUCCESSFUL; }