Log CreateFile calls

Since I've hooked CreateFile use log level 32 to log how it's used,
providing a simple file monitor.

ANSI.c

@@ -210,9 +210,10 @@
     scrolling will use the default attribute for new lines;
     workaround Windows 10 1803 console bug.
 
-  v1.85, 22 August, 2018:
+  v1.85, 22 & 23 August, 2018:
     fix creating the wrap buffer;
-    always inject from ansicon.exe, even if it's GUI or excluded.
+    always inject from ansicon.exe, even if it's GUI or excluded;
+    log CreateFile calls.
 */
 
 #include "ansicon.h"
@@ -3614,13 +3615,66 @@ WINAPI MyFreeLibrary( HMODULE hModule )
 // Add GENERIC_READ access to enable retrieving console info.
 //-----------------------------------------------------------------------------
 
+static void log_CreateFile( HANDLE h, LPCVOID name, BOOL wide, DWORD access,
+			    DWORD dwDesiredAccess, DWORD dwCreationDisposition )
+{
+  DWORD err = GetLastError();
+
+  static char log[] = "CreateFile%s: %*s, %s, %s, %\"s";
+  LPCSTR acc, op;
+  char state[32];
+  int  len;
+
+  if (access != dwDesiredAccess)
+    acc = "w->r/w";
+  else if (access == (GENERIC_READ | GENERIC_WRITE) ||
+	   (access & (FILE_READ_DATA | FILE_WRITE_DATA)) == (FILE_READ_DATA |
+							     FILE_WRITE_DATA))
+    acc = "r/w";
+  else if (access == GENERIC_WRITE ||
+	   access & (FILE_WRITE_DATA | FILE_APPEND_DATA))
+    acc = "write";
+  else if (access == GENERIC_READ ||
+	   access & FILE_READ_DATA)
+    acc = "read";
+  else
+    acc = "access";
+
+  switch (dwCreationDisposition)
+  {
+    case CREATE_ALWAYS:     op = "create";   break;
+    case CREATE_NEW:	    op = "new";      break;
+    case OPEN_ALWAYS:	    op = "open";     break;
+    case OPEN_EXISTING:     op = "existing"; break;
+    case TRUNCATE_EXISTING: op = "truncate"; break;
+    default:		    op = "unknown";  break;
+  }
+
+  if (h == INVALID_HANDLE_VALUE)
+    len = ac_sprintf( state, "failed (%u)", err );
+  else
+  {
+    state[0] = 'o';
+    state[1] = 'k';
+    len = 2;
+  }
+  log[sizeof(log) - 2] = wide ? 'S' : 's';
+  DEBUGSTR( 1, log, wide ? "W" : "A", len, state, op, acc, name );
+
+  SetLastError( err );
+}
+
 HANDLE
 WINAPI MyCreateFileA( LPCSTR lpFileName, DWORD dwDesiredAccess,
 		      DWORD dwShareMode,
 		      LPSECURITY_ATTRIBUTES lpSecurityAttributes,
 		      DWORD dwCreationDisposition, DWORD dwFlagsAndAttributes,
 		      HANDLE hTemplateFile )
 {
+  LPCSTR name = lpFileName;
+  DWORD access = dwDesiredAccess;
+  HANDLE h;
+
   if (dwDesiredAccess == GENERIC_WRITE)
   {
     PDWORD con = (PDWORD)lpFileName;
@@ -3631,9 +3685,13 @@ WINAPI MyCreateFileA( LPCSTR lpFileName, DWORD dwDesiredAccess,
       dwDesiredAccess |= GENERIC_READ;
     }
   }
-  return CreateFileA( lpFileName, dwDesiredAccess, dwShareMode,
-		      lpSecurityAttributes, dwCreationDisposition,
-		      dwFlagsAndAttributes, hTemplateFile );
+  h = CreateFileA( lpFileName, dwDesiredAccess, dwShareMode,
+		   lpSecurityAttributes, dwCreationDisposition,
+		   dwFlagsAndAttributes, hTemplateFile );
+  if (log_level & 32)
+    log_CreateFile( h, name, FALSE, access,
+		    dwDesiredAccess, dwCreationDisposition );
+  return h;
 }
 
 HANDLE
@@ -3643,6 +3701,10 @@ WINAPI MyCreateFileW( LPCWSTR lpFileName, DWORD dwDesiredAccess,
 		      DWORD dwCreationDisposition, DWORD dwFlagsAndAttributes,
 		      HANDLE hTemplateFile )
 {
+  LPCWSTR name = lpFileName;
+  DWORD access = dwDesiredAccess;
+  HANDLE h;
+
   if (dwDesiredAccess == GENERIC_WRITE)
   {
 #ifdef _WIN64
@@ -3662,9 +3724,13 @@ WINAPI MyCreateFileW( LPCWSTR lpFileName, DWORD dwDesiredAccess,
       dwDesiredAccess |= GENERIC_READ;
     }
   }
-  return CreateFileW( lpFileName, dwDesiredAccess, dwShareMode,
-		      lpSecurityAttributes, dwCreationDisposition,
-		      dwFlagsAndAttributes, hTemplateFile );
+  h = CreateFileW( lpFileName, dwDesiredAccess, dwShareMode,
+		   lpSecurityAttributes, dwCreationDisposition,
+		   dwFlagsAndAttributes, hTemplateFile );
+  if (log_level & 32)
+    log_CreateFile( h, name, TRUE, access,
+		    dwDesiredAccess, dwCreationDisposition );
+  return h;
 }
 
 HANDLE

ansicon.c

@@ -93,12 +93,13 @@
   v1.84, 7 May, 2018:
     import the DLL.
 
-  v1.85, 22 August, 2018:
+  v1.85, 22 & 23 August, 2018:
     use IsConsoleHandle for my_fputws, to distinguish NUL;
-    don't load into the parent if already loaded.
+    don't load into the parent if already loaded;
+    add log level 32 to log CreateFile.
 */
 
-#define PDATE L"22 August, 2018"
+#define PDATE L"23 August, 2018"
 
 #include "ansicon.h"
 #include "version.h"
@@ -870,25 +871,25 @@ L"http://ansicon.adoxa.vze.com/\n"
 L"\n"
 L"Process ANSI escape sequences in " WINTYPE L" console programs.\n"
 L"\n"
-L"ansicon [-l<level>] [-i] [-I] [-u] [-U] [-m[<attr>]] [-p[u]]\n"
-L"        [-e|E string | -t|T [file(s)] | program [args]]\n"
+L"ansicon [-lLEVEL] [-i] [-I] [-u] [-U] [-m[ATTR]] [-p[u]]\n"
+L"        [-e|E STRING | -t|T [FILE...] | PROGRAM [ARGS]]\n"
 L"\n"
 L"  -l\t\tset the logging level (1=process, 2=module, 3=function,\n"
-L"    \t\t +4=output, +8=append) for program (-p is unaffected)\n"
+L"    \t\t +4=output, +8=append, +16=imports, +32=files) for PROGRAM\n"
 L"  -i\t\tinstall - add ANSICON to CMD's AutoRun entry (also implies -p)\n"
 L"  -u\t\tuninstall - remove ANSICON from the AutoRun entry\n"
 L"  -I -U\t\tuse local machine instead of current user\n"
-L"  -m\t\tuse grey on black (\"monochrome\") or <attr> as default color\n"
+L"  -m\t\tuse grey on black (\"monochrome\") or ATTR as default color\n"
 L"  -p\t\thook into the parent process\n"
 L"  -pu\t\tunhook from the parent process\n"
-L"  -e\t\techo string\n"
-L"  -E\t\techo string, don't append newline\n"
+L"  -e\t\techo STRING\n"
+L"  -E\t\techo STRING, don't append newline\n"
 L"  -t\t\tdisplay files (\"-\" for stdin), combined as a single stream\n"
 L"  -T\t\tdisplay files, name first, blank line before and after\n"
-L"  program\trun the specified program\n"
+L"  PROGRAM\trun the specified program\n"
 L"  nothing\trun a new command processor, or display stdin if redirected\n"
 L"\n"
-L"<attr> is one or two hexadecimal digits; please use \"COLOR /?\" for details.\n"
+L"ATTR is one or two hexadecimal digits; please use \"COLOR /?\" for details.\n"
 L"It may start with '-' to reverse foreground and background (but not for -p)."
 	);
 }

readme.txt

@@ -102,6 +102,7 @@ Usage
 	4	Log console output (add to any of the above)
 	8	Append to the existing file (add to any of the above)
        16	Log all imported modules (add to any of the above)
+       32	Log CreateFile (add to any of the above)
 
     The log option will not work with '-p'; set the environment variable
     ANSICON_LOG (to the number) instead.  The variable is only read once when a
@@ -339,11 +340,12 @@ Version History
 
     Legend: + added, - bug-fixed, * changed.
 
-    1.85 - 22 August, 2018:
+    1.85 - 23 August, 2018:
     - fix wrap issues with a buffer bigger than the window;
     - fix -e et al when redirecting to NUL;
     - prevent -p from injecting when already injected;
-    - fix running directly via ansicon (hook even if it's GUI or excluded).
+    - fix running directly via ansicon (hook even if it's GUI or excluded);
+    + add log level 32 to monitor CreateFile.
 
     1.84 - 11 May, 2018:
     - close the flush handles on detach;
@@ -634,4 +636,4 @@ Distribution
 
 
 ============================
-Jason Hood, 22 August, 2018.
+Jason Hood, 23 August, 2018.