Unit unit2;
Interface Uses Windows, ActiveX, Sysutils, Winsock, Comobj, Variants, Forms, Classes, Comctrls, Controls, IPMacedit, Inifiles
Function pluginname: pchar; stdcall;
PROCEDURE LOADDLL; STDCALL;
PROCEDURE UNLOADDLL; STDCALL;
Function config (GroupID: Integer): boolean; stdcall;
Function logProc (GroupID: PBYTEARRAY; longth: ulong; opcode: ulong; action: ulong; plugin: pchar; warnmsg: pchar): integer; stdcall;
Type Tlog = Record Time: TDATETIME;
SRCIP, DSTIP: DWORD;
Plugin, MSG, LINK: STRING
ACT: Integer;
END;
PLOG = ^ TLOG;
Const opcode_tolan = 1;
Const opcode_toint = 2;
Const adopenforwardonly = 0;
AdopenKeyset = 1;
AdoPENDYNAMIC = 2;
AdoPenStatic = 3;
AdlockReadonly = 1;
AdlockPESSIMISTIC = 2;
AdlockOptimistic = 3;
AdlockBatchOptimistic = 4;
ADUSESERVER = 2;
AduseClient = 3;
Procedure saveconfig;
PROCEDURE SAVELOGS;
Procedure loadConfig;
Function TestConnect (UDLFILE: STRING): Boolean;
Function getModulenAme: string;
Procedure Clearloglist;
Var Loglist: TLIST;
MaxLog: integer;
Datalink: String;
DBERROR: BOOLEAN = FALSE;
Adoconn, Adoccu, AdoConn: oleobj_e_first;
Implementation // · μ »ØÄ £ ¿ éû3æèëë¿ Úo ¯ê f function pluginname: pchar; stdcall;
Begin Result: = 'èõõ/4êý4¾¿ âêä3ö ';
END;
// ä £ ¿ é3õõ1/4 »× × ° ôøè¿¿ Úºêý procedure loadingdll; stdcall;
Begin Coinitialize (NIL);
Adoconn: = CreateoleObject ('AdoDb.Connection');
Adors: = CreateoleObject ('AdoDb.Recordset');
Adors.cursorlocation: = aduseclient;
LoadConfig;
Loglist: = tList.create;
END;
// ä £ ¿ é1/2áêøç ° ð øèë¿ Úºêý procedure unloaddll; stdcall;
Begin if Loglist.count> 0 THEN SAVELOGS;
Clearloglist; loglist.free;
Adors: = UNASSIGNED;
Adoconn: = unassigned;
Couninitialize;
END;
// õõ¾///4èë¿¿ ¯êý Function LogProc (GroupID: INTEGER; DATA: PBYTEARRAY; longth: ulong; opcode: ulong; action: ulong; plugin: pchar; warnmsg: pchar): integer; stdcall
Var Envlog: PLOG;
Begin Result: = 0;
NEW (Envlog);
Envlog ^ .time: = NOW;
IF (Length> $ 22) and (PWORD (@Data [$ 0c]) ^ = $ 0008) THEN BEGIN CASE OPCODE OF OPCODE_TOLAN:
Begin Envlog ^ .dstip: = NTOHL (PDWORD (@Data [$ 1a]) ^);
Envlog ^ .SRCIP: = NTOHL (PDWORD (@Data [$ 1e]) ^);
END;
OpCode_Toint:
Begin Envlog ^ .SrCIP: = NTOHL (PDWORD (@Data [$ 1a]) ^);
Envlog ^ .dstip: = NTOHL (PDWORD (@Data [$ 1e]) ^);
END;
END;
END;
Envlog ^ .plugin: = Plugin
Envlog ^ .msg: = WARNMSG;
Envlog ^ .Link: = WARNMSG 256;
Envlog ^ .act: = Action and $ 7;
Loglist.add (envlog);
END;
// åäöãèë¿¿ ¯ºê f function config (GroupID: integer): boolean;
Begin end;
Function getModulenAme: string;
Var SzFileName: array [0..max_path] of char;
Begin getModuleFileName (Hinstance, SzFileName, Max_Path);
Result: = szfilename;
END;
Procedure Clearloglist;
VAR i: integer;
Begin for i: = 0 to loglist.count - 1 Do Begin Dispose (PLOG (Loglist.Items [i]));
END;
Loglist.clear;
END;
// ' ªªäöãã¯ê procedure loadconfig;
VAR INIFILE: TINIFILE
Begin Inifile: = TiniFile.create (extractfilepath (getModulen) 'logtodb.ini');
MaxLog: = INIFILE.Readinteger ('config', 'maxlog', 100);
DataLink: = INIFILE.Readstring ('config', 'Datalink', ExtractFilePath (Application.exename) 'Plugins / DBLink.udl');
InIfile.Free;
END;
Procedure saveconfig;
Var Inifile: Tinifile; Begin Inifile: = TiniFile.create (extractfilepath (getModulen) 'logtodb.ini');
InIfile.WriteInteger ('config', 'maxlog', maxlog);
InIfile.WritString ('config', 'Datalink', Datalink);
InIfile.Free;
DBERROR: = FALSE;
END;
PROCEDURE SAVELOGS;
Var LogItem: PLOG;
IP: TIP;
i: integer;
Begin if DBERROR THEN EXIT;
Try adoconn.open ('file name =' datalink ');
Except dberror: = true;
EXIT;
END;
Try Adors.open ('Select * from EventLog where 0 = 1', Adoconn, AdopenkeySet, AdlockBatchOptimistic);
Except adoconn.close;
DBERROR: = True;
EXIT;
END;
Ip: = tip.create;
Try for i: = 0 to loglist.count - 1 do beg Logitem: = loglist.items [i];
Adors.Addnew;
Adors.fields.Item ['EventTime']. Value: = LogItem ^ .time;
Ip.dip: = logitem ^ .srcip;
Adors.fields.Item ['srcip']. Value: = ip.ipstring;
Ip.dip: = logitem ^ .dstip;
Adors.fields.Item ['Dstip']. Value: = ip.ipstring;
Adors.fields.Item ['Plugin']. Value: = LogItem ^ .plugin
Adors.fields.Item ['Act']. Value: = LogItem ^ .act;
Adors.fields.Item ['msg']. Value: = LogItem ^ .msg;
Adors.fields.Item ['res']. Value: = logitem ^ .LINK;
END;
Adors.Updatebatch;
Except adors.cancelupdate;
DBERROR: = True;
END;
Ip.free;
Adors.close;
Adoconn.Close;
END;
Function TestConnect (UDLFILE: STRING): Boolean;
Begin try adoconn.open ('file name =' UDLFILE ');
Excepter: = false;
EXIT;
END;
Try Adors.open ('SELECT EventTime, Srcip, Dstip, Plugin, ACT, MSG, RES from EventLog where id = 0', adoconn, adopenkeyset, adlickbatchoptimistic); Except adoconn.close;
Result: = FALSE;
EXIT;
END;
Adors.close;
Adoconn.Close;
RESULT: = TRUE;
END;
End.
Unit2;
Interface
Uses Windows, ActiveX, Sysutils, Winsock, Comobj, Variants, Forms, Classes, Comctrls, Controls, IPMACedit, Inifiles
Function pluginname: pchar; stdcall;
PROCEDURE LOADDLL;
PROCEDURE UNLOADDL1;
Function config (GroupID: Integer): boolean; stdcall;
Function logProc (GroupID: PBYTEARRAY; longth: ulong; opcode: ulong; action: ulong; plugin: pchar; warnmsg: pchar): integer; stdcall;
Type
TLOG = Record
Time: TDATETIME;
SRCIP, DSTIP: DWORD;
Plugin, MSG, LINK: STRING
ACT: Integer;
END;
PLOG = ^ TLOG;
Const
Opcode_tolan = 1;
Const
Opcode_toint = 2;
Const
AdopenForwardonly = 0;
AdopenKeyset = 1;
AdoPENDYNAMIC = 2;
AdoPenStatic = 3;
AdlockReadonly = 1;
AdlockPESSIMISTIC = 2;
AdlockOptimistic = 3;
AdlockBatchOptimistic = 4;
ADUSESERVER = 2;
AduseClient = 3;
Procedure saveconfig;
PROCEDURE SAVELOGS;
Procedure loadConfig;
Function TestConnect (UDLFILE: STRING): Boolean;
Function getModulenAme: string;
Procedure Clearloglist;
VAR
Loglist: TLIST;
MaxLog: integer;
Datalink: String;
DBERROR: BOOLEAN = FALSE;
Adoconn, Adoccu, AdoConn: oleobj_e_first;
IMPLEMentation
// · μ »ØÄ £ ¿ éû3æèëë¿ Úo ¯êý
Function pluginname: pchar; stdcall;
Begin
Result: = 'õõ¾/4êý4¾¿¿¿ âêä3ö ';
END;
// ä £ ¿ é3õõ1/4 »× × ° ôøè¿¿ Úo ¯êý
PROCEDURE LOADDLL; stdcall;
Begin
Coinitialize (NIL);
Adoconn: = CreateoleObject ('AdoDb.connection'); Adors: = CreateoleObject ('AdoDb.Recordset');
Adors.cursorlocation: = aduseclient;
LoadConfig;
Loglist: = tList.create;
END;
// ä £ ¿ é1/2áêøç ° ð øèë¿ Úo ¯êý
PROCEDURE UNLOADDL1;
Begin
IF loglist.count> 0. Savelogs;
Clearloglist;
Loglist.free;
Adors: = UNASSIGNED;
Adoconn: = unassigned;
Couninitialize;
END;
// õõ¾///4èë¿¿ Úo ¯êý
Function logProc (GroupID: PBYTEARRAY; longth: ulong; opcode: ulong; action: ulong; plugin: pchar; warnmsg: pchar): integer; stdcall;
VAR
Envlog: PLOG;
Begin
Result: = 0;
NEW (Envlog);
Envlog ^ .time: = NOW;
IF (Length> $ 22) and (PWORD (@Data [$ 0c]) ^ = $ 0008) THEN
Begin
Case opcode of
Opcode_tolan:
Begin
Envlog ^ .dstip: = NTOHL (PDWORD (@Data [$ 1a]) ^);
Envlog ^ .SRCIP: = NTOHL (PDWORD (@Data [$ 1e]) ^);
END;
OpCode_Toint:
Begin
Envlog ^ .SrCIP: = NTOHL (PDWORD (@Data [$ 1a]) ^);
Envlog ^ .dstip: = NTOHL (PDWORD (@Data [$ 1e]) ^);
END;
END;
END;
Envlog ^ .plugin: = Plugin
Envlog ^ .msg: = WARNMSG;
Envlog ^ .Link: = WARNMSG 256;
Envlog ^ .act: = Action and $ 7;
Loglist.add (envlog);
END;
// åäöãèë¿¿ Úo ¯êý
Function Config (GroupID: Integer): Boolean;
Begin
END;
Function getModulenAme: string;
VAR
SZFileName: array [0..max_path] of char;
Begin
GetModuleFileName (Hinstance, SzFileName, Max_Path);
Result: = szfilename;
END;
Procedure Clearloglist;
VAR
i: integer;
Begin
For i: = 0 to loglist.count - 1 do
Begin
Dispose (PLOG (Loglist.Items [i]));
END;
Loglist.clear;
END;
// ' ªªäãã ¯êý
Procedure loadConfig;
VAR
InIfile: tinifile;
Begin
InIfile: = TiniFile.create (extractfilepath) 'logtodb.ini'); MaxLog: = INIFILE.Readinteger ('config', 'maxlog', 100);
DataLink: = INIFILE.Readstring ('config', 'Datalink', ExtractFilePath (Application.exename) 'Plugins / DBLink.udl');
InIfile.Free;
END;
Procedure saveconfig;
VAR
InIfile: tinifile;
Begin
InIfile: = tinifile.create (extractfilepath 'logtodb.ini');
InIfile.WriteInteger ('config', 'maxlog', maxlog);
InIfile.WritString ('config', 'Datalink', Datalink);
InIfile.Free;
DBERROR: = FALSE;
END;
PROCEDURE SAVELOGS;
VAR
Logitem: PLOG;
IP: TIP;
i: integer;
Begin
If dberror kiln
Try
Adoconn.open ('file name =' Datalink ');
Except
DBERROR: = True;
EXIT;
END;
Try
Adors.open ('Select * from EventLog Where 0 = 1', Adoconn, AdopenkeySet, AdlockbatchOptimistic);
Except
Adoconn.Close;
DBERROR: = True;
EXIT;
END;
Ip: = tip.create;
Try
For i: = 0 to loglist.count - 1 do
Begin
Logitem: = loglist.items [i];
Adors.Addnew;
Adors.fields.Item ['EventTime']. Value: = LogItem ^ .time;
Ip.dip: = logitem ^ .srcip;
Adors.fields.Item ['srcip']. Value: = ip.ipstring;
Ip.dip: = logitem ^ .dstip;
Adors.fields.Item ['Dstip']. Value: = ip.ipstring;
Adors.fields.Item ['Plugin']. Value: = LogItem ^ .plugin
Adors.fields.Item ['Act']. Value: = LogItem ^ .act;
Adors.fields.Item ['msg']. Value: = LogItem ^ .msg;
Adors.fields.Item ['res']. Value: = logitem ^ .LINK;
END;
Adors.Updatebatch;
Except
Adors.cancelupdate;
DBERROR: = True;
Ip.free;
Adors.close;
Adoconn.Close;
END;
Function TestConnect (UDLFILE: STRING): Boolean;
Begin
Try
Adoconn.open ('file name =' UDLFILE ');
Except
Result: = FALSE;
EXIT;
END;
Try
Adors.open ('Select EventTime, SrCIP, Dstip, Plugin, ACT, MSG, Res range Eventlog where id = 0', Adoconn, AdopenKeyset, AdlockBatchOptimistic);
Except
Adoconn.Close;
Result: = FALSE;
EXIT;
END;
Adors.close;
Adoconn.Close;
RESULT: = true;
END;
End.
