Changeset 04f2743 in nscp

Timestamp:

01/25/09 14:30:22 (4 years ago)

Author:

Michael Medin <michael@…>

Branches:

master, 0.4.0, 0.4.1, 0.4.2, stable

Children:

1d53fe0

Parents:

3692371

Message:

2009-01-25 MickeM

• Fixed issue with checkVersion ( #242 )
• Fixed spelling error ( #244 )
• Fixed crash in CheckFile when a file was locked in exclusive mode ( #254 ) + Improved error handling in all CheckDIsk/CheckFile checks. Should report errors better now.
• Updated the config file a bit: remving "beta" from a bunch of modules no longer in beta. ( #270 ) + Added more filter operatos to all numeric filters so they accept eq:, ne:, gt:, lt: in addition to =, >, <, <>, !, !=, in: ( #269 )

Files:

• AutoBuild.h (modified) (1 diff)
• NSC.dist (modified) (1 diff)
• NSClient++-2005.sln (modified) (5 diffs)
• changelog (modified) (2 diffs)
• helpers/installer/Product.wxs (modified) (3 diffs)
• include/EnumProcess.cpp (modified) (4 diffs)
• include/EnumProcess.h (modified) (4 diffs)
• include/checkHelpers.hpp (modified) (5 diffs)
• include/filter_framework.hpp (modified) (1 diff)
• include/utils.h (modified) (1 diff)
• modules/CheckDisk/CheckDisk.cpp (modified) (15 diffs)
• modules/CheckEventLog/CheckEventLog.cpp (modified) (5 diffs)
• modules/CheckHelpers/CheckHelpers.cpp (modified) (1 diff)
• modules/CheckSystem/CheckSystem.cpp (modified) (7 diffs)
• modules/CheckSystem/CheckSystem.h (modified) (1 diff)
• modules/DebugLogMetrics/DebugLogMetrics.cpp (modified) (2 diffs)
• modules/NRPEListener/NRPEListener.cpp (modified) (1 diff)

AutoBuild.h

@@ -3 +3 @@
 // change the FALSE to TRUE for autoincrement of build number
 #define INCREMENT_VERSION TRUE
-#define FILEVER        0,3,6,168
-#define PRODUCTVER     0,3,6,168
-#define STRFILEVER     _T("0.3.6.168")
-#define STRPRODUCTVER  _T("0.3.6.168")
-#define STRPRODUCTDATE  _T("2009-01-20")
+#define FILEVER        0,3,6,249
+#define PRODUCTVER     0,3,6,249
+#define STRFILEVER     _T("0.3.6.249")
+#define STRPRODUCTVER  _T("0.3.6.249")
+#define STRPRODUCTDATE  _T("2009-01-25")
 #endif // AUTOBUILD_H

NSC.dist

@@ -18 +18 @@
 ;CheckWMI.dll
 ;
+; Script to check external scripts and/or internal aliases.
+;CheckExternalScripts.dll
+;
+; NSCA Agent if you enable this NSClient++ will talk to NSCA hosts repeatedly (so dont enable unless you want to use NSCA)
+;NSCAAgent.dll
+;
+; LUA script module used to write your own "check deamon".
+;LUAScript.dll
+;
 ; RemoteConfiguration IS AN EXTREM EARLY IDEA SO DONT USE FOR PRODUCTION ENVIROMNEMTS!
 ;RemoteConfiguration.dll
-; NSCA Agent is a new beta module use with care!
-;NSCAAgent.dll
-; LUA script module used to write your own "check deamon" (sort of) early beta.
-;LUAScript.dll
-; Script to check external scripts and/or internal aliases, early beta.
-;CheckExternalScripts.dll
 ; Check other hosts through NRPE extreme beta and probably a bit dangerous! :)
 ;NRPEClient.dll

NSClient++-2005.sln

@@ -5 +5 @@
     Debug.AspNetCompiler.Debug = "True"
     Release.AspNetCompiler.Debug = "False"
+  EndProjectSection
+  ProjectSection(ProjectDependencies) = postProject
+    {BA246C01-063A-4548-8957-32D5CC76171B} = {BA246C01-063A-4548-8957-32D5CC76171B}
+    {43718644-173B-42D8-8AD1-E359BFB2BB20} = {43718644-173B-42D8-8AD1-E359BFB2BB20}
+    {2FF60AF6-09AA-49AB-B414-2E8FD01655C6} = {2FF60AF6-09AA-49AB-B414-2E8FD01655C6}
+    {62B685D7-3A2E-4F3E-B2B8-B17F20C0217F} = {62B685D7-3A2E-4F3E-B2B8-B17F20C0217F}
+    {4241C6CF-EC01-4AD9-89B0-B75EBA8A5996} = {4241C6CF-EC01-4AD9-89B0-B75EBA8A5996}
+    {630857C0-6AD8-4CEE-B5F7-CA1DF620CA9A} = {630857C0-6AD8-4CEE-B5F7-CA1DF620CA9A}
+    {6F55C9BF-57F6-4A15-A058-C83A52F539EE} = {6F55C9BF-57F6-4A15-A058-C83A52F539EE}
+    {05DE66AC-E55C-43B3-849F-7EC695D8B8D0} = {05DE66AC-E55C-43B3-849F-7EC695D8B8D0}
+    {E6E588AB-EFEF-481C-9AF7-DCDCB95CFF45} = {E6E588AB-EFEF-481C-9AF7-DCDCB95CFF45}
+    {26B84883-BE52-40E6-9BEE-55AD056D5751} = {26B84883-BE52-40E6-9BEE-55AD056D5751}
+    {F3401E75-60FB-4A0E-A18C-6505587D5B1A} = {F3401E75-60FB-4A0E-A18C-6505587D5B1A}
+    {53FB9872-5E74-4E62-892D-AD82C2ED67CE} = {53FB9872-5E74-4E62-892D-AD82C2ED67CE}
+    {08D6246D-1B4A-47A3-965D-296DCC54A4E8} = {08D6246D-1B4A-47A3-965D-296DCC54A4E8}
+    {BBFF8362-C626-4838-B0A2-F695D638AD24} = {BBFF8362-C626-4838-B0A2-F695D638AD24}
+    {2FCAF54B-AAD3-4F59-895A-8F9CEAFDC65D} = {2FCAF54B-AAD3-4F59-895A-8F9CEAFDC65D}
+    {0BEEC749-0E3E-4FB2-82DA-AC8D4730A129} = {0BEEC749-0E3E-4FB2-82DA-AC8D4730A129}
+    {8F1C3E39-D6C6-4414-AAD2-FE03C9A8655F} = {8F1C3E39-D6C6-4414-AAD2-FE03C9A8655F}
+    {626EB00E-A4D2-4B02-9BF4-4C655CA2B7E4} = {626EB00E-A4D2-4B02-9BF4-4C655CA2B7E4}
   EndProjectSection
 EndProject
@@ -1170 +1190 @@
     {A3CF4E23-1D1B-4D93-A16A-48C52D118560}.Debug|Mixed Platforms.Build.0 = Debug
     {A3CF4E23-1D1B-4D93-A16A-48C52D118560}.Debug|Win32.ActiveCfg = Debug
-    {A3CF4E23-1D1B-4D93-A16A-48C52D118560}.Debug|Win32.Build.0 = Debug
     {A3CF4E23-1D1B-4D93-A16A-48C52D118560}.Debug|x64.ActiveCfg = Debug
     {A3CF4E23-1D1B-4D93-A16A-48C52D118560}.Debug|x64.Build.0 = Debug
@@ -1225 +1244 @@
     {6206F046-3D36-4258-BB03-3291A7070117}.Debug|Mixed Platforms.Build.0 = Debug|Win32
     {6206F046-3D36-4258-BB03-3291A7070117}.Debug|Win32.ActiveCfg = Debug|Win32
-    {6206F046-3D36-4258-BB03-3291A7070117}.Debug|Win32.Build.0 = Debug|Win32
     {6206F046-3D36-4258-BB03-3291A7070117}.Debug|x64.ActiveCfg = Debug|Win32
     {6206F046-3D36-4258-BB03-3291A7070117}.Debug-MemCheck|Any CPU.ActiveCfg = Debug|Win32
@@ -1266 +1284 @@
     {D96F7075-F6CD-4921-B5D8-8488E2D24BDB}.Debug|Mixed Platforms.Build.0 = Debug|x64
     {D96F7075-F6CD-4921-B5D8-8488E2D24BDB}.Debug|Win32.ActiveCfg = Debug|Win32
-    {D96F7075-F6CD-4921-B5D8-8488E2D24BDB}.Debug|Win32.Build.0 = Debug|Win32
     {D96F7075-F6CD-4921-B5D8-8488E2D24BDB}.Debug|x64.ActiveCfg = Debug|x64
     {D96F7075-F6CD-4921-B5D8-8488E2D24BDB}.Debug|x64.Build.0 = Debug|x64
@@ -1523 +1540 @@
     {10A0052D-542B-47AD-85C3-1A3DD45BF2ED}.Debug|Mixed Platforms.Build.0 = Debug
     {10A0052D-542B-47AD-85C3-1A3DD45BF2ED}.Debug|Win32.ActiveCfg = Debug
-    {10A0052D-542B-47AD-85C3-1A3DD45BF2ED}.Debug|Win32.Build.0 = Debug
     {10A0052D-542B-47AD-85C3-1A3DD45BF2ED}.Debug|x64.ActiveCfg = Debug
     {10A0052D-542B-47AD-85C3-1A3DD45BF2ED}.Debug|x64.Build.0 = Debug

changelog

@@ -5 +5 @@
  * Improved socket performance (would be nice if we could be used as a "hub")
 
+2009-01-25 MickeM 
+ * Fixed issue with checkVersion (#242)
+ * Fixed spelling error (#244)
+ * Fixed crash in CheckFile when a file was locked in exclusive mode (#254)
+ + Improved error handling in all CheckDIsk/CheckFile checks. Should report errors better now.
+ * Updated the config file a bit: remving "beta" from a bunch of modules no longer in beta.  (#270)
+ + Added more filter operatos to all numeric filters so they accept eq:, ne:, gt:, lt: in addition to =, >, <, <>, !, !=, in: (#269)
+
+2009-01-23 MickeM 
+ + Added better support for numerical hit matching in the eventlog module. You can now use exact and detailed matching.
+    You can now use the following syntax:
+    CheckEventLog ... warn=ne:1 crit=eq:0 ...
+    To generate a warning if the number of hits are != 1 and a critical if the number of hits are = 0.
+    Other operators avalible are: =, >, <, <>, !, !=, eq:, ne:, gt:, lt:
+
+2009-01-23 MickeM 
+ * Cleaned up the checkProcState code and it is not a lot better.
+   - Removed race conditions (crashes?) as well as improved perfoamnce and better error handling.
+ + Added new option 16bit to checkProcState. When set checkProcState will enumerate all 16 bit processes found running under NTVDM.
+ * Fixed NRPE version reported "incorrectly". (Version is now takedn from NSClient++)
+
+2009-01-21 MickeM 
+ + Added experimental 16 bit process support to checkProcState
+
 2009-01-20 MickeM 
  * Fixed issue with CheckWMI when no filter was specified.
@@ -13 +37 @@
  * Fixed so PDH Collectors use the same exception as the rest of the PDH stuff (might give better errors when PDH breaks, but I doubt it)
  * removed debug output from -noboot
- + Added new command line option pdhmatch to use pattern matching on PDH queries
+ + Added new command line pdhmatch option to use pattern matching on PDH queries
    Usage: nsclient++ -noboot CheckSystem pdhmatch \Process(*)\Antal trådar
  * Improved error reporting in the PDH subsystem.

helpers/installer/Product.wxs

@@ -1 +1 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <Wix xmlns="http://schemas.microsoft.com/wix/2003/01/wi">
-  <?ifdef "$(var.boost)" ?>
+  <?if "$(var.boost)" = "true" ?>
     <?define PlatForm = "$(var.arch)" ?>
     <?define Mode = "Nightly" ?>
@@ -19 +19 @@
     <?define Mode = "Nightly" ?>
   <?else?>
-    <?define PlatForm = "Unknown: $(var.SysTray.ConfigurationName)" ?>
+    <?define PlatForm = "Unknown: $(var.boost)" ?>
   <?endif?>
   <?endif?>
@@ -90 +90 @@
               </File>
               <File Id="NSClientINI" Name="NSC.ini" LongName="NSC.ini" DiskId="1" Source="$(var.Path.ini)/NSC.ini" Vital="no"/>
-              <?ifdef "$(var.boost)" ?>
+              <?if "$(var.boost)" = "true" ?>
                 <File Id="Changelog" Name="change.log" LongName="changelog.txt" DiskId="1" Source="$(var.Source)/changelog.txt" Vital="no"/>
               <?else?>

include/EnumProcess.cpp

@@ -31 +31 @@
 
 
-CEnumProcess::CEnumProcess() : m_pProcesses(NULL), m_pModules(NULL), m_pCurrentP(NULL), m_pCurrentM(NULL), lpString(NULL), PSAPI(NULL)
-{
-  lpString = new TCHAR[MAX_FILENAME+1];
-
+CEnumProcess::CEnumProcess() : PSAPI(NULL), VDMDBG(NULL), FVDMEnumTaskWOWEx(NULL)
+{
   PSAPI = ::LoadLibrary(_TEXT("PSAPI"));
   if (PSAPI)  
   {
-    // Setup variables
-    m_MAX_COUNT = 256;
-    m_cProcesses = 0;
-    m_cModules   = 0;
-
     // Find PSAPI functions
     FEnumProcesses = (PFEnumProcesses)::GetProcAddress(PSAPI, "EnumProcesses");
@@ -53 +46 @@
   }
 
-  // Find the preferred method of enumeration
-  m_method = ENUM_METHOD::NONE;
-  int method = GetAvailableMethods();
-  if (method == (method|ENUM_METHOD::PSAPI))    m_method = ENUM_METHOD::PSAPI;
-
+  VDMDBG = ::LoadLibrary(_TEXT("VDMDBG"));
+  if (VDMDBG)
+  {
+    // Find VDMdbg functions
+    FVDMEnumTaskWOWEx = (PFVDMEnumTaskWOWEx)::GetProcAddress(VDMDBG, "VDMEnumTaskWOWEx");
+  }
 }
 
 CEnumProcess::~CEnumProcess()
 {
-  delete [] lpString;
-  if (m_pProcesses) {delete[] m_pProcesses;}
-  if (m_pModules)   {delete[] m_pModules;}
   if (PSAPI) FreeLibrary(PSAPI);
-}
-
-
-
-int CEnumProcess::GetAvailableMethods() {
-  int res = 0;
-  // Does all psapi functions exist?
-  if (PSAPI&&FEnumProcesses&&FEnumProcessModules&&FGetModuleFileNameEx) 
-    res += ENUM_METHOD::PSAPI;
-  return res;
-}
-
-int CEnumProcess::SetMethod(int method) {
-  int avail = GetAvailableMethods();
-  if (avail == (method|avail)) 
-    m_method = method;
-  return m_method;
-}
-
-int CEnumProcess::GetSuggestedMethod()
-{
-  return m_method;
-}
-// Retrieves the first process in the enumeration. Should obviously be called before
-// GetProcessNext
-////////////////////////////////////////////////////////////////////////////////////
-BOOL CEnumProcess::GetProcessFirst(CEnumProcess::CProcessEntry *pEntry)
-{
-  if (ENUM_METHOD::NONE == m_method) {
-    return FALSE; 
-  } else if ((ENUM_METHOD::PSAPI|m_method) == m_method) {
-    // Use PSAPI functions
-    // ----------------------
-    if (m_pProcesses) {delete[] m_pProcesses;}
-    m_pProcesses = new DWORD[m_MAX_COUNT];
-    m_pCurrentP = m_pProcesses;
-    DWORD cbNeeded = 0;
-    BOOL OK = FEnumProcesses(m_pProcesses, m_MAX_COUNT*sizeof(DWORD), &cbNeeded);
-
-    // We might need more memory here..
-    if (cbNeeded >= m_MAX_COUNT*sizeof(DWORD)) 
-    {
-      m_MAX_COUNT += 256;
-      return GetProcessFirst(pEntry); // Try again.
+  if (VDMDBG) FreeLibrary(VDMDBG);
+}
+
+struct find_16bit_container {
+  std::list<CEnumProcess::CProcessEntry> *target;
+  DWORD pid;
+};
+BOOL CALLBACK Enum16Proc( DWORD dwThreadId, WORD hMod16, WORD hTask16, PSZ pszModName, PSZ pszFileName, LPARAM lpUserDefined )
+{
+  find_16bit_container *container = reinterpret_cast<find_16bit_container*>(lpUserDefined);
+  CEnumProcess::CProcessEntry pEntry;
+  pEntry.dwPID = container->pid;
+  pEntry.command_line = strEx::string_to_wstring(pszFileName);
+  std::wstring::size_type pos = pEntry.command_line.find_last_of(_T("\\"));
+  if (pos != std::wstring::npos)
+    pEntry.filename = pEntry.command_line.substr(++pos);
+  else
+    pEntry.filename = pEntry.command_line;
+  container->target->push_back(pEntry);
+  return FALSE;
+}
+
+
+CEnumProcess::process_list CEnumProcess::enumerate_processes(bool expand_command_line, bool find_16bit, CEnumProcess::error_reporter *error_interface, unsigned int buffer_size) {
+  std::list<CProcessEntry> ret;
+  DWORD *dwPIDs = new DWORD[buffer_size+1];
+  DWORD cbNeeded = 0;
+  BOOL OK = FEnumProcesses(dwPIDs, buffer_size*sizeof(DWORD), &cbNeeded);
+  if (cbNeeded >= DEFAULT_BUFFER_SIZE*sizeof(DWORD)) {
+    delete [] dwPIDs;
+    return enumerate_processes(expand_command_line, find_16bit, error_interface, buffer_size + 1024); 
+  }
+  if (!OK) {
+    delete [] dwPIDs;
+    throw process_enumeration_exception(_T("Failed to enumerate process: ") + error::lookup::last_error());
+  }
+  unsigned int process_count = cbNeeded/sizeof(DWORD);
+  for (unsigned int i = 0;i <process_count; ++i) {
+    if (dwPIDs[i] == 0)
+      continue;
+    CProcessEntry entry;
+    try {
+      try {
+        entry = describe_pid(dwPIDs[i], expand_command_line);
+      } catch (process_enumeration_exception &e) {
+        if (error_interface!=NULL)
+          error_interface->report_warning(e.what());
+        entry = describe_pid(dwPIDs[i], false);
+      }
+      if (VDMDBG!=NULL&&find_16bit) {
+        if( _wcsicmp(entry.filename.substr(0,9).c_str(), _T("NTVDM.EXE")) == 0) {
+          find_16bit_container container;
+          container.target = &ret;
+          container.pid = entry.dwPID;
+          FVDMEnumTaskWOWEx(entry.dwPID, (TASKENUMPROCEX)&Enum16Proc, (LPARAM) &container);
+        }
+      }
+      ret.push_back(entry);
+    } catch (process_enumeration_exception &e) {
+      if (error_interface!=NULL)
+        error_interface->report_error(_T("Unhandled exception describing PID: ") + strEx::itos(dwPIDs[i]) + _T(": ") + e.what());
+    } catch (...) {
+      if (error_interface!=NULL)
+        error_interface->report_error(_T("Unknown exception describing PID: ") + strEx::itos(dwPIDs[i]));
     }
-
-    if (!OK) return FALSE;
-    m_cProcesses = cbNeeded/sizeof(DWORD); 
-    return FillPStructPSAPI(*m_pProcesses, pEntry);
-  } else {
-    return FALSE;
-  }
-  return TRUE;
-}
-
-// Returns the following process
-////////////////////////////////////////////////////////////////
-BOOL CEnumProcess::GetProcessNext(CEnumProcess::CProcessEntry *pEntry)
-{
-  if (ENUM_METHOD::NONE == m_method) return FALSE; 
-
-  // Use ToolHelp functions
-  // ----------------------
-  if ((ENUM_METHOD::PSAPI|m_method) == m_method) {
-    // Use PSAPI functions
-    // ----------------------
-    if (--m_cProcesses <= 0) return FALSE;
-    FillPStructPSAPI(*++m_pCurrentP, pEntry);
-  } else {
-    return FALSE;
-  }
-  return TRUE;
-}
-
-
-BOOL CEnumProcess::GetModuleFirst(DWORD dwPID, CEnumProcess::CModuleEntry *pEntry)
-{
-  if (ENUM_METHOD::NONE == m_method) return FALSE; 
-  if ((ENUM_METHOD::PSAPI|m_method) == m_method) {
-    // Use PSAPI functions
-    // ----------------------
-    if (m_pModules) {delete[] m_pModules;}
-    m_pModules = new HMODULE[m_MAX_COUNT];
-    m_pCurrentM = m_pModules;
-    DWORD cbNeeded = 0;
-    HANDLE hProc = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, dwPID);
-    if (hProc)
-    {
-      BOOL OK = FEnumProcessModules(hProc, m_pModules, m_MAX_COUNT*sizeof(HMODULE), &cbNeeded);
-      CloseHandle(hProc);
-
-      // We might need more memory here..
-      if (cbNeeded >= m_MAX_COUNT*sizeof(HMODULE)) 
-      {
-        m_MAX_COUNT += 256;
-        return GetModuleFirst(dwPID, pEntry); // Try again.
+  }
+  delete [] dwPIDs;
+  return ret;
+}
+
+CEnumProcess::CProcessEntry CEnumProcess::describe_pid(DWORD pid, bool expand_command_line) {
+  CProcessEntry entry;
+  entry.dwPID = pid;
+  // Open process to get filename
+  DWORD openArgs = PROCESS_QUERY_INFORMATION|PROCESS_VM_READ;
+  if (expand_command_line)
+    openArgs |= PROCESS_VM_OPERATION;
+  HANDLE hProc = OpenProcess(openArgs, FALSE, pid);
+  if (!hProc) {
+    throw process_enumeration_exception(_T("Failed to open process: ") + strEx::itos(pid) + _T(": ") + error::lookup::last_error());
+  }
+  if (expand_command_line) {
+    entry.command_line = GetCommandLine(hProc);
+  }
+  HMODULE hMod;
+  DWORD size;
+  // Get the first module (the process itself)
+  if( FEnumProcessModules(hProc, &hMod, sizeof(hMod), &size) ) {
+    TCHAR buffer[MAX_FILENAME+1];
+    if( !FGetModuleFileNameEx( hProc, hMod, reinterpret_cast<LPTSTR>(&buffer), MAX_FILENAME) ) { 
+      throw process_enumeration_exception(_T("Failed to find name for: ") + strEx::itos(pid) + _T(": ") + error::lookup::last_error());
+    } else {
+      std::wstring path = buffer;
+      std::wstring::size_type pos = path.find_last_of(_T("\\"));
+      if (pos != std::wstring::npos) {
+        path = path.substr(++pos);
       }
-
-      if (!OK) return FALSE;
-
-      m_cModules = cbNeeded/sizeof(HMODULE); 
-      return FillMStructPSAPI(dwPID, *m_pCurrentM, pEntry);
+      entry.filename = path;
     }
-    return FALSE;
-  } else {
-    return FALSE;
-  }
-}
-
-
-BOOL CEnumProcess::GetModuleNext(DWORD dwPID, CEnumProcess::CModuleEntry *pEntry)
-{
-  if (ENUM_METHOD::NONE == m_method) return FALSE; 
-  if ((ENUM_METHOD::PSAPI|m_method) == m_method) {
-    // Use PSAPI functions
-    // ----------------------
-    if (--m_cModules <= 0) return FALSE;
-    return FillMStructPSAPI(dwPID, *++m_pCurrentM, pEntry);
-  } else {
-    return FALSE;
-  }
-
-}
-
-
-BOOL CEnumProcess::EnableTokenPrivilege (LPTSTR privilege)
-{
-  HANDLE hToken;                        
-  TOKEN_PRIVILEGES token_privileges;                  
-  DWORD dwSize;                        
-  ZeroMemory (&token_privileges, sizeof (token_privileges));
-  token_privileges.PrivilegeCount = 1;
-  if ( !OpenProcessToken (GetCurrentProcess(), TOKEN_ALL_ACCESS, &hToken))
-    return FALSE;
-  if (!LookupPrivilegeValue ( NULL, privilege, &token_privileges.Privileges[0].Luid))
-  { 
-    CloseHandle (hToken);
-    return FALSE;
-  }
-
-  token_privileges.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
-  if (!AdjustTokenPrivileges ( hToken, FALSE, &token_privileges, 0, NULL, &dwSize))
-  { 
-    CloseHandle (hToken);
-    return FALSE;
-  }
-  CloseHandle (hToken);
-  return TRUE;
+  }
+  CloseHandle(hProc);
+  return entry;
 }
 
@@ -233 +178 @@
   MEMORY_BASIC_INFORMATION mbi;
   if (VirtualQueryEx (hProcess, PROCESS_DATA_BLOCK_ADDRESS, &mbi, sizeof(mbi) ) == 0)
-    throw EnumProcException(_T("VirtualQueryEx failed"), GetLastError());
+    throw process_enumeration_exception(_T("VirtualQueryEx failed: ") + error::lookup::last_error());
   LPBYTE lpBuffer = (LPBYTE)malloc (sysinfo.dwPageSize);
   if (lpBuffer == NULL)
-    throw EnumProcException(_T("Failed to allocate buffer"));
+    throw process_enumeration_exception(_T("Failed to allocate buffer"));
   SIZE_T dwBytesRead;
   if (!ReadProcessMemory( hProcess, mbi.BaseAddress, (LPVOID)lpBuffer, sysinfo.dwPageSize, &dwBytesRead)) {
     free(lpBuffer);
-    throw EnumProcException(_T("ReadProcessMemory failed"), GetLastError());
+    throw process_enumeration_exception(_T("ReadProcessMemory failed: ") + error::lookup::last_error());
   }
   LPBYTE lpPos = lpPos = lpBuffer + ((DWORD)PROCESS_DATA_BLOCK_ADDRESS - (DWORD)mbi.BaseAddress);
@@ -271 +216 @@
 }
 
-
-BOOL CEnumProcess::FillPStructPSAPI(DWORD dwPID, CEnumProcess::CProcessEntry* pEntry)
-{
-  pEntry->dwPID = dwPID;
-  // Open process to get filename
-  bool bCmdLine = pEntry->getCommandLine();
-  DWORD openArgs = PROCESS_QUERY_INFORMATION|PROCESS_VM_READ;
-  if (bCmdLine)
-    openArgs |= PROCESS_VM_OPERATION;
-  HANDLE hProc = OpenProcess(openArgs, FALSE, dwPID);
-  if (!hProc) {
-    pEntry->filename = _T("N/A (security restriction)");
-    return TRUE;
-  }
-  if (bCmdLine) {
-    try {
-      pEntry->command_line = GetCommandLine(hProc);
-    } catch (EnumProcException &e) {
-      pEntry->command_line = _T("ERROR: " + e.getMessage(););
-    } catch (...) {
-      pEntry->command_line = _T("ERROR: Failed to get CommandLine.");
-    }
-  }
-  HMODULE hMod;
-  DWORD size;
-  // Get the first module (the process itself)
-  if( FEnumProcessModules(hProc, &hMod, sizeof(hMod), &size) ) {
-    //Get filename
-    //GetModuleFileNameEx
-
-    if( !FGetModuleFileNameEx( hProc, hMod, lpString, MAX_FILENAME) ) { 
-      pEntry->filename = _T("N/A (error)");
-    } else {
-      std::wstring path = lpString;
-      std::wstring::size_type pos = path.find_last_of(_T("\\"));
-      if (pos != std::wstring::npos) {
-        path = path.substr(++pos);
-      }
-      pEntry->filename = path;
-    }
-  }
-  CloseHandle(hProc);
-  return TRUE;
-}
-
-
-BOOL CEnumProcess::FillMStructPSAPI(DWORD dwPID, HMODULE mMod, CEnumProcess::CModuleEntry *pEntry)
-{
-  HANDLE hProc = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, dwPID);
-  if (hProc)
-  {
-    if( !FGetModuleFileNameEx( hProc, mMod, lpString, MAX_FILENAME) )
-    {
-      pEntry->sFilename = _T("N/A (error)");
-    } else {
-      pEntry->sFilename = lpString;
-    }
-    pEntry->pLoadBase = (PVOID) mMod;
-    pEntry->pPreferredBase = GetModulePreferredBase(dwPID, (PVOID)mMod);
-    CloseHandle(hProc);
-    return TRUE;
-  }
-  return FALSE;
-}
-
-
-
-PVOID CEnumProcess::GetModulePreferredBase(DWORD dwPID, PVOID pModBase)
-{
-  if (ENUM_METHOD::NONE == m_method) return NULL; 
-  HANDLE hProc = OpenProcess(PROCESS_VM_READ, FALSE, dwPID);
-  if (hProc)
-  {
-    IMAGE_DOS_HEADER idh;
-    IMAGE_NT_HEADERS inh;
-    //Read DOS header
-    ReadProcessMemory(hProc, pModBase, &idh, sizeof(idh), NULL);
-
-    if (IMAGE_DOS_SIGNATURE == idh.e_magic) // DOS header OK?
-      // Read NT headers at offset e_lfanew 
-      ReadProcessMemory(hProc, (PBYTE)pModBase + idh.e_lfanew, &inh, sizeof(inh), NULL);
-
-    CloseHandle(hProc); 
-
-    if (IMAGE_NT_SIGNATURE == inh.Signature) //NT signature OK?
-      // Get the preferred base...
-      return (PVOID) inh.OptionalHeader.ImageBase; 
-
-  }
-
-  return NULL; //didn't find anything useful..
-}
-
-

include/EnumProcess.h

@@ -39 +39 @@
 typedef BOOL (WINAPI *PFEnumProcessModules)(HANDLE hProcess, HMODULE * lphModule, DWORD cb, LPDWORD lpcbNeeded);
 typedef DWORD (WINAPI *PFGetModuleFileNameEx)(HANDLE hProcess, HMODULE hModule, LPTSTR lpFilename, DWORD nSize);
+//typedef BOOL ( WINAPI *PROCESSENUMPROC )(DWORD dwProcessId, DWORD dwAttributes, LPARAM lpUserDefined  );
+typedef BOOL ( WINAPI *TASKENUMPROCEX )(DWORD dwThreadId, WORD hMod16, WORD hTask16, PSZ pszModName, PSZ pszFileName, LPARAM lpUserDefined );
+typedef INT (WINAPI *PFVDMEnumTaskWOWEx)(DWORD dwProcessId, TASKENUMPROCEX fp, LPARAM lparam); 
 #else
 // Functions loaded from PSAPI
@@ -44 +47 @@
 typedef BOOL (WINAPI *PFEnumProcessModules)(HANDLE hProcess, HMODULE * lphModule, DWORD cb, LPDWORD lpcbNeeded);
 typedef DWORD (WINAPI *PFGetModuleFileNameEx)(HANDLE hProcess, HMODULE hModule, LPTSTR lpFilename, DWORD nSize);
+typedef BOOL ( WINAPI *TASKENUMPROCEX )(DWORD dwThreadId, WORD hMod16, WORD hTask16, PSZ pszModName, PSZ pszFileName, LPARAM lpUserDefined );
+typedef INT (WINAPI *PFVDMEnumTaskWOWEx)(DWORD dwProcessId, TASKENUMPROCEX fp, LPARAM lparam); 
 #endif
+
+#define DEFAULT_BUFFER_SIZE 1024
 
 class CEnumProcess  
@@ -50 +57 @@
 public:
 
-  class EnumProcException {
-    std::wstring error_;
+  class error_reporter {
   public:
-    EnumProcException(std::wstring error) : error_(error) {}
-    EnumProcException(std::wstring error, DWORD code) : error_(error) {
-      error_ += _T(":" ) + error::format::from_system(code);
-    }
-    std::wstring getMessage() const {
-      return error_;
+    virtual void report_error(std::wstring error) = 0;
+    virtual void report_warning(std::wstring error) = 0;
+  };
+  class process_enumeration_exception {
+    std::wstring what_;
+  public:
+    process_enumeration_exception(std::wstring what) : what_(what) {}
+    std::wstring what() {
+      return what_;
     }
   };
 
-  struct CProcessEntry
-  {
-    static const int fill_filename = 0x1;
-    static const int fill_command_line = 0x2;
-    DWORD fill;
+  struct CProcessEntry {
     std::wstring filename;
     std::wstring command_line;
     DWORD  dwPID;
-    // Constructors/Destructor
-    CProcessEntry() : dwPID(0), fill(0) {}
-    CProcessEntry(DWORD toFill) : dwPID(0), fill(toFill) {}
-    CProcessEntry(const CProcessEntry &e) : dwPID(e.dwPID), fill(e.fill), filename(e.filename), command_line(e.command_line) {}
-    virtual ~CProcessEntry() {}
-    bool getCommandLine() const { return (fill&fill_command_line)!=0; }
-    bool getFilename() const { return (fill&fill_filename)!=0; }
   };
+
+  typedef std::list<CProcessEntry> process_list;
+  process_list enumerate_processes(bool expand_command_line, bool find_16bit = false, CEnumProcess::error_reporter *error_interface = NULL, unsigned int buffer_size = DEFAULT_BUFFER_SIZE);
+  CProcessEntry describe_pid(DWORD pid, bool expand_command_line);
 
   struct CModuleEntry
@@ -93 +95 @@
   virtual ~CEnumProcess();
 
-  BOOL GetModuleNext(DWORD dwPID, CModuleEntry* pEntry);
-  BOOL GetModuleFirst(DWORD dwPID, CModuleEntry* pEntry);
-  BOOL GetProcessNext(CProcessEntry *pEntry);    
-  BOOL GetProcessFirst(CProcessEntry* pEntry);
-  BOOL EnableTokenPrivilege(LPTSTR privilege);
   std::wstring GetCommandLine(HANDLE hProcess);
+  bool has_PSAPI() {
+    return PSAPI != NULL;
+  }
 
-  int GetAvailableMethods();
-  int GetSuggestedMethod();
-  int SetMethod(int method);
-
-
-
-protected:
-
-  PVOID GetModulePreferredBase(DWORD dwPID, PVOID pModBase);
-  // General members
-  int m_method;
+private:
 
   // PSAPI related members
   HMODULE PSAPI;   //Handle to the module
-  int m_MAX_COUNT; 
-  DWORD* m_pProcesses, *m_pCurrentP; // Process identifiers
-  long m_cProcesses, m_cModules;     // Number of Processes/Modules found
-  HMODULE* m_pModules, *m_pCurrentM; // Handles to Modules 
+  HMODULE VDMDBG;
   // PSAPI related functions
   PFEnumProcesses       FEnumProcesses;           // Pointer to EnumProcess
   PFEnumProcessModules  FEnumProcessModules; // Pointer to EnumProcessModules
   PFGetModuleFileNameEx FGetModuleFileNameEx;// Pointer to GetModuleFileNameEx
-  BOOL FillPStructPSAPI(DWORD pid, CProcessEntry* pEntry);
-  BOOL FillMStructPSAPI(DWORD dwPID, HMODULE mMod, CModuleEntry* pEntry);
-  LPTSTR lpString;
+  PFVDMEnumTaskWOWEx FVDMEnumTaskWOWEx;
 };
 

include/checkHelpers.hpp

@@ -31 +31 @@
   typedef enum { warning, critical} ResultType;
   typedef enum { above = 1, below = -1, same = 0 } checkResultType;
-
-
+  class check_exception {
+    std::wstring error_;
+  public:
+    check_exception(std::wstring error) : error_(error) {}
+    std::wstring getMessage() {
+      return error_;
+    }
+  };
+
+  struct parse_exception : public check_exception {
+    parse_exception(std::wstring error) : check_exception(error) {}
+  };
 
   static std::wstring formatAbove(std::wstring str, ResultType what) {
@@ -48 +58 @@
       return str + _T(" < critical");
     return str + _T(" < unknown");
+  }
+  static std::wstring formatSame(std::wstring str, ResultType what) {
+    if (what == warning)
+      return str + _T(" = warning");
+    else if (what == critical)
+      return str + _T(" = critical");
+    return str + _T(" = unknown");
+  }
+  static std::wstring formatNotSame(std::wstring str, ResultType what) {
+    if (what == warning)
+      return str + _T(" != warning");
+    else if (what == critical)
+      return str + _T(" != critical");
+    return str + _T(" != unknown");
   }
   static std::wstring formatState(std::wstring str, ResultType what) {
@@ -107 +131 @@
       return crit.gatherPerfData(getAlias(), value, warn, crit);
     }
+    bool hasBounds() {
+      return warn.hasBounds() || crit.hasBounds();
+    }
     void runCheck(typename TContents::TValueType &value, NSCAPI::nagiosReturn &returnCode, std::wstring &message, std::wstring &perf) {
       std::wstring tstr;
       if (crit.check(value, getAlias(), tstr, critical)) {
+        std::wcout << _T("crit") << std::endl;
         NSCHelper::escalteReturnCodeToCRIT(returnCode);
       } else if (warn.check(value, getAlias(), tstr, warning)) {
+        std::wcout << _T("warn") << std::endl;
         NSCHelper::escalteReturnCodeToWARN(returnCode);
       }else if (show == showLong) {
+        std::wcout << _T("long") << std::endl;
         tstr = getAlias() + _T(": ") + TContents::toStringLong(value);
       }else if (show == showShort) {
+        std::wcout << _T("short") << std::endl;
         tstr = getAlias() + _T(": ") + TContents::toStringShort(value);
       }
+      std::wcout << _T("result: ") << tstr << _T("--") << std::endl;
       if (perfData)
         perf += gatherPerfData(value);
@@ -124 +156 @@
       if (!tstr.empty())
         message += tstr;
+      std::wcout << _T("result: ") << tstr << _T("--") << std::endl;
     }
   };
@@ -750 +783 @@
 
 
+  template <class THolder = NumericBounds<int, int_handler> >
+  class ExactBounds {
+  public:
+    THolder max;
+    THolder min;
+    THolder eq;
+    THolder neq;
+    typedef ExactBounds<THolder > TMyType;
+    typedef typename THolder::TValueType TValueType;
+
+    ExactBounds() {}
+    ExactBounds(const ExactBounds &other) {
+      max = other.max;
+      min = other.min;
+      eq = other.eq;
+      neq = other.neq;
+    }
+
+    const TMyType& operator=(std::wstring value) {
+      //value_ = value;
+      if (value.substr(0,1) == _T(">")) {
+        max = value.substr(1);
+      } else if (value.substr(0,2) == _T("<>")) {
+        neq = value.substr(2);
+      } else if (value.substr(0,1) == _T("<")) {
+        min = value.substr(1);
+      } else if (value.substr(0,1) == _T("=")) {
+        eq = value.substr(1);
+      } else if (value.substr(0,2) == _T("!=")) {
+        neq = value.substr(2);
+      } else if (value.substr(0,1) == _T("!")) {
+        neq = value.substr(1);
+        /*
+        TODO add support for lists
+      } else if (value.substr(0,3) == _T("in:")) {
+        inList = value.substr(3);
+        */
+      } else if (value.substr(0,3) == _T("gt:")) {
+        max = value.substr(3);
+      } else if (value.substr(0,3) == _T("lt:")) {
+        min = value.substr(3);
+      } else if (value.substr(0,3) == _T("ne:")) {
+        neq = value.substr(3);
+      } else if (value.substr(0,3) == _T("eq:")) {
+        eq = value.substr(3);
+      } else {
+        throw parse_exception(_T("Unknown filter key: ") + value + _T(" (numeric filters have to have an operator as well ie. foo=>5 or bar==5 foo=gt:6)"));
+      }
+      return *this;
+    }
+
+    bool hasBounds() {
+      return max.hasBounds() || min.hasBounds() || eq.hasBounds() || neq.hasBounds();
+    }
+    static std::wstring toStringLong(typename THolder::TValueType &value) {
+      return THolder::toStringLong(value);
+    }
+    static std::wstring toStringShort(typename THolder::TValueType &value) {
+      return THolder::toStringShort(value);
+    }
+    std::wstring gatherPerfData(std::wstring alias, typename THolder::TValueType &value, TMyType &warn, TMyType &crit) {
+      if (max.hasBounds()) {
+        return max.gatherPerfData(alias, value, warn.max.getPerfBound(value), crit.max.getPerfBound(value));
+      } else if (min.hasBounds()) {
+        return min.gatherPerfData(alias, value, warn.min.getPerfBound(value), crit.min.getPerfBound(value));
+      } else if (neq.hasBounds()) {
+        return neq.gatherPerfData(alias, value, warn.neq.getPerfBound(value), crit.neq.getPerfBound(value));
+      } else if (eq.hasBounds()) {
+        return eq.gatherPerfData(alias, value, warn.eq.getPerfBound(value), crit.eq.getPerfBound(value));
+      } else {
+        NSC_DEBUG_MSG_STD(_T("Missing bounds for: ") + alias);
+      }
+    }
+    bool check(typename THolder::TValueType &value, std::wstring lable, std::wstring &message, ResultType type) {
+      if ((max.hasBounds())&&(max.check(value) == above)) {
+        message = lable + _T(": ") + formatAbove(THolder::toStringLong(value), type);
+        return true;
+      } else if ((min.hasBounds())&&(min.check(value) == below)) {
+        message = lable + _T(": ") + formatBelow(THolder::toStringLong(value), type);
+        return true;
+      } else if ((eq.hasBounds())&&(eq.check(value) == same)) {
+        message = lable + _T(": ") + formatSame(THolder::toStringLong(value), type);
+        return true;
+      } else if ((neq.hasBounds())&&(neq.check(value) != same)) {
+        message = lable + _T(": ") + formatNotSame(THolder::toStringLong(value), type);
+        return true;
+      } else {
+        //std::cout << "No bounds specified..." << std::endl;
+      }
+      return false;
+    }
+
+  };
+  typedef ExactBounds<NumericBounds<unsigned long int, int_handler> > ExactBoundsULongInteger;
+
   //typedef MaxMinBounds<NumericPercentageBounds<PercentageValueType<int ,int>, int_handler> > MaxMinPercentageBoundsInteger;
   //typedef MaxMinBounds<NumericPercentageBounds<PercentageValueType<__int64, __int64>, int64_handler> > MaxMinPercentageBoundsInt64;

include/filter_framework.hpp

@@ -338 +338 @@
       } else if (value.substr(0,3) == _T("in:")) {
         inList = value.substr(3);
+      } else if (value.substr(0,3) == _T("gt:")) {
+        max = value.substr(3);
+      } else if (value.substr(0,3) == _T("lt:")) {
+        min = value.substr(3);
+      } else if (value.substr(0,3) == _T("ne:")) {
+        neq = value.substr(3);
+      } else if (value.substr(0,3) == _T("eq:")) {
+        eq = value.substr(3);
       } else {
         throw parse_exception(_T("Unknown filter key: ") + value + _T(" (numeric filters have to have an operator as well ie. foo=>5 or bar==5)"));

include/utils.h

@@ -57 +57 @@
       else if (p__.first == (_T("MinCrit") postfix)) { obj.crit.min = p__.second; }
 
+#define MAP_OPTIONS_EXACT_NUMERIC_ALL(obj, postfix) \
+      else if (p__.first == (_T("warn") postfix)) { obj.warn = p__.second; } \
+      else if (p__.first == (_T("crit") postfix)) { obj.crit = p__.second; } \
+
 #define MAP_OPTIONS_PUSH_WTYPE(type, value, obj, list) \
       else if (p__.first == value) { type o; o.obj = p__.second; list.push_back(o); }

modules/CheckDisk/CheckDisk.cpp

@@ -63 +63 @@
 }
 
+class error_reporter {
+public:
+  virtual void report_error(std::wstring error) = 0;
+  virtual void report_warning(std::wstring error) = 0;
+};
+
+
 struct file_finder_data {
-  file_finder_data(const WIN32_FIND_DATA wfd_, const std::wstring path_) : wfd(wfd_), path(path_) {}
+  file_finder_data(const WIN32_FIND_DATA wfd_, const std::wstring path_, error_reporter *errors_) : wfd(wfd_), path(path_), errors(errors_) {}
   const WIN32_FIND_DATA wfd;
   const std::wstring path;
+  error_reporter *errors;
 };
 typedef std::unary_function<const file_finder_data&, bool> baseFinderFunction;
@@ -86 +94 @@
     return error;
   }
-  inline void setError(std::wstring) {
+  inline void setError(error_reporter *errors, std::wstring msg) {
+    if (errors != NULL)
+      errors->report_error(msg);
     error = true;
   }
@@ -95 +105 @@
 
 template <class finder_function>
-void recursive_scan(std::wstring dir, finder_function & f) {
+void recursive_scan(std::wstring dir, finder_function & f, error_reporter * errors) {
   std::wstring baseDir;
   std::wstring::size_type pos = dir.find_last_of('\\');
@@ -106 +116 @@
   if (hFind != INVALID_HANDLE_VALUE) {
     do {
-      if (!f(file_finder_data(wfd, baseDir)))
+      if (!f(file_finder_data(wfd, baseDir, errors)))
         break;
       if ((wfd.dwFileAttributes&FILE_ATTRIBUTE_DIRECTORY) == FILE_ATTRIBUTE_DIRECTORY) {
         if ( (wcscmp(wfd.cFileName, _T(".")) != 0) && (wcscmp(wfd.cFileName, _T("..")) != 0) )
-          recursive_scan<finder_function>(baseDir + _T("\\") + wfd.cFileName + _T("\\*.*"), f);
+          recursive_scan<finder_function>(baseDir + _T("\\") + wfd.cFileName + _T("\\*.*"), f, errors);
       }
     } while (FindNextFile(hFind, &wfd));
   } else {
-    f.setError(_T("File not found"));
+    f.setError(errors, _T("File not found"));
   }
   FindClose(hFind);
@@ -281 +291 @@
 }
 
+class NSC_error : public error_reporter {
+  void report_error(std::wstring error) {
+    NSC_LOG_ERROR(error);
+  }
+  void report_warning(std::wstring error) {
+    NSC_LOG_MESSAGE(error);
+  }
+};
 
 
@@ -318 +336 @@
     std::wstring sName = path.getAlias();
     get_size sizeFinder;
-    recursive_scan<get_size>(path.data, sizeFinder);
+    NSC_error errors;
+    recursive_scan<get_size>(path.data, sizeFinder, &errors);
     if (sizeFinder.hasError()) {
-      message = _T("File not found");
+      message = _T("File not found check log for details");
       return NSCAPI::returnUNKNOWN;
     }
@@ -416 +435 @@
       0, OPEN_EXISTING, FILE_FLAG_BACKUP_SEMANTICS, 0);
     if (hFile == INVALID_HANDLE_VALUE) {
-      setError(_T("Could not open file: ") + ffd.path + _T("\\") + ffd.wfd.cFileName + _T(": ") + error::lookup::last_error());
+      setError(ffd.errors, _T("Could not open file: ") + ffd.path + _T("\\") + ffd.wfd.cFileName + _T(": ") + error::lookup::last_error());
       return false;
     }
@@ -427 +446 @@
     return error;
   }
-  inline void setError(std::wstring) {
+  inline void setError(error_reporter *errors, std::wstring msg) {
+    if (errors != NULL)
+      errors->report_error(msg);
     error = true;
   }
@@ -453 +474 @@
       0, OPEN_EXISTING, FILE_FLAG_BACKUP_SEMANTICS, 0);
     if (hFile == INVALID_HANDLE_VALUE) {
-      setError(_T("Could not open file: ") + ffd.path + _T("\\") + ffd.wfd.cFileName + _T(": ") + error::lookup::last_error());
+      setError(ffd.errors, _T("Could not open file: ") + ffd.path + _T("\\") + ffd.wfd.cFileName + _T(": ") + error::lookup::last_error());
+      return true;
     }
     GetFileInformationByHandle(hFile, &_info);
@@ -488 +510 @@
     return error;
   }
-  inline void setError(std::wstring) {
+  inline void setError(error_reporter *errors, std::wstring msg) {
+    if (errors != NULL)
+      errors->report_error(msg);
     error = true;
   }
@@ -523 +547 @@
       0, OPEN_EXISTING, FILE_FLAG_BACKUP_SEMANTICS, 0);
     if (hFile == INVALID_HANDLE_VALUE) {
-      setError(_T("Could not open file: ") + ffd.path + _T("\\") + ffd.wfd.cFileName + _T(": ") + error::lookup::last_error());
+      setError(ffd.errors, _T("Could not open file: ") + ffd.path + _T("\\") + ffd.wfd.cFileName + _T(": ") + error::lookup::last_error());
+      return true;
     }
     GetFileInformationByHandle(hFile, &_info);
@@ -568 +593 @@
     return error;
   }
-  inline void setError(std::wstring) {
+  inline void setError(error_reporter *errors, std::wstring msg) {
+    if (errors != NULL)
+      errors->report_error(msg);
     error = true;
   }
@@ -596 +623 @@
   }
 
-  recursive_scan<find_first_file_info>(path, finder);
+  NSC_error errors;
+  recursive_scan<find_first_file_info>(path, finder, &errors);
   if (finder.hasError()) {
-    message = _T("File not found");
+    message = _T("File not found (check log for details)");
     return NSCAPI::returnUNKNOWN;
   }
@@ -655 +683 @@
   finder.now = ((now.dwHighDateTime * ((unsigned long long)MAXDWORD+1)) + (unsigned long long)now.dwLowDateTime);
   finder.syntax = syntax;
+  NSC_error errors;
   for (std::list<std::wstring>::const_iterator pit = paths.begin(); pit != paths.end(); ++pit) {
-    recursive_scan<file_filter_function>((*pit), finder);
+    recursive_scan<file_filter_function>((*pit), finder, &errors);
     if (finder.hasError()) {
-      message = _T("File not found: ") + (*pit);
+      message = _T("File not found: ") + (*pit) + _T(" check log for details.");
       return NSCAPI::returnUNKNOWN;
     }
@@ -747 +776 @@
     finder.now = ((now.dwHighDateTime * ((unsigned long long)MAXDWORD+1)) + (unsigned long long)now.dwLowDateTime);
     finder.syntax = syntax;
+    NSC_error errors;
     for (std::list<std::wstring>::const_iterator pit = paths.begin(); pit != paths.end(); ++pit) {
-      recursive_scan<file_filter_function_ex>((*pit), finder);
+      recursive_scan<file_filter_function_ex>((*pit), finder, &errors);
       if (finder.hasError()) {
-        message = _T("Error when scanning: ") + (*pit);
+        message = _T("Error when scanning: ") + (*pit) + _T(" check log for details.");
         return NSCAPI::returnUNKNOWN;
       }

modules/CheckEventLog/CheckEventLog.cpp

@@ -495 +495 @@
   if (command != _T("CheckEventLog"))
     return NSCAPI::returnIgnored;
-  typedef checkHolders::CheckContainer<checkHolders::MaxMinBoundsULongInteger> EventLogQueryContainer;
+  typedef checkHolders::CheckContainer<checkHolders::MaxMinBoundsULongInteger> EventLogQuery1Container;
+  typedef checkHolders::CheckContainer<checkHolders::ExactBoundsULongInteger> EventLogQuery2Container;
+  
   typedef std::pair<int,eventlog_filter> filteritem_type;
   typedef std::list<filteritem_type > filterlist_type;
@@ -503 +505 @@
   std::list<std::wstring> files;
   filterlist_type filter_chain;
-  EventLogQueryContainer query;
+  EventLogQuery1Container query1;
+  EventLogQuery2Container query2;
 
   bool bPerfData = true;
@@ -529 +532 @@
   try {
     MAP_OPTIONS_BEGIN(stl_args)
-      MAP_OPTIONS_NUMERIC_ALL(query, _T(""))
+      MAP_OPTIONS_NUMERIC_ALL(query1, _T(""))
+      MAP_OPTIONS_EXACT_NUMERIC_ALL(query2, _T(""))
       MAP_OPTIONS_STR2INT(_T("truncate"), truncate)
       MAP_OPTIONS_BOOL_TRUE(_T("unique"), unique)
@@ -579 +583 @@
   } catch (filters::filter_exception e) {
     message = e.getMessage();
+    return NSCAPI::returnUNKNOWN;
+    } catch (checkHolders::parse_exception e) {
+    message = e.getMessage();
+    return NSCAPI::returnUNKNOWN;
+  } catch (...) {
+    message = _T("Invalid command line!");
     return NSCAPI::returnUNKNOWN;
   }
@@ -727 +737 @@
   }
 
-  if (!bPerfData)
-    query.perfData = false;
-  if (query.alias.empty())
-    query.alias = _T("eventlog");
-  query.runCheck(hit_count, returnCode, message, perf);
+  if (!bPerfData) {
+    query1.perfData = false;
+    query2.perfData = false;
+  }
+  if (query1.alias.empty())
+    query1.alias = _T("eventlog");
+  if (query2.alias.empty())
+    query2.alias = _T("eventlog");
+  if (query1.hasBounds())
+    query1.runCheck(hit_count, returnCode, message, perf);
+  else if (query2.hasBounds())
+    query2.runCheck(hit_count, returnCode, message, perf);
+  else {
+    message = _T("No bounds specified!");
+    return NSCAPI::returnUNKNOWN;
+  }
   if ((truncate > 0) && (message.length() > (truncate-4)))
     message = message.substr(0, truncate-4) + _T("...");
   if (message.empty())
     message = _T("Eventlog check ok");
-  NSC_DEBUG_MSG_STD(_T("Result: ") + message) ;
   return returnCode;
 }

modules/CheckHelpers/CheckHelpers.cpp

@@ -89 +89 @@
     return NSCAPI::returnOK;
   } else if (command == _T("CheckVersion")) {
-    msg = SZVERSION;
+    msg = NSCModuleHelper::getApplicationVersionString();
     return NSCAPI::returnOK;
   } else if (command == _T("CheckOK")) {

modules/CheckSystem/CheckSystem.cpp

@@ -53 +53 @@
  * @return 
  */
-CheckSystem::CheckSystem() : processMethod_(0), pdhThread(_T("pdhThread")) {}
+CheckSystem::CheckSystem() : pdhThread(_T("pdhThread")) {}
 /**
  * Default d-tor
@@ -66 +66 @@
 bool CheckSystem::loadModule() {
   pdhThread.createThread();
-  std::wstring wantedMethod = NSCModuleHelper::getSettingsString(C_SYSTEM_SECTION_TITLE, C_SYSTEM_ENUMPROC_METHOD, C_SYSTEM_ENUMPROC_METHOD_DEFAULT);
-  CEnumProcess tmp;
-  int method = tmp.GetAvailableMethods();
-  if (wantedMethod == C_SYSTEM_ENUMPROC_METHOD_AUTO) {
-    OSVERSIONINFO osVer = systemInfo::getOSVersion();
-    /*
-    if (systemInfo::isBelowNT4(osVer)) {
-      NSC_DEBUG_MSG_STD(_T("Autodetected NT4<, using PSAPI process enumeration."));
-      if (method == (method|ENUM_METHOD::PSAPI)) {
-        processMethod_ = ENUM_METHOD::PSAPI;
-      } else {
-        NSC_LOG_ERROR_STD(_T("PSAPI method not available, since you are on NT4 you need to install \"Platform SDK Redistributable: PSAPI for Windows NT\" from Microsoft."));
-        NSC_LOG_ERROR_STD(_T("Try this URL: http://www.microsoft.com/downloads/details.aspx?FamilyID=3d1fbaed-d122-45cf-9d46-1cae384097ac"));
-      }
-    } else if (systemInfo::isAboveW2K(osVer)) {
-      NSC_DEBUG_MSG_STD(_T("Autodetected W2K>, using TOOLHELP process enumeration."));
-      if (method == (method|ENUM_METHOD::TOOLHELP)) {
-        processMethod_ = ENUM_METHOD::TOOLHELP;
-      } else {
-        NSC_LOG_ERROR_STD(_T("TOOLHELP was not available, since you are on > W2K you need top manually override the ") C_SYSTEM_ENUMPROC_METHOD _T("option in NSC:ini."));
-      }
-    } else {
-    */
-      //NSC_DEBUG_MSG_STD(_T("Autodetected failed, using PSAPI process enumeration."));
-      processMethod_ = ENUM_METHOD::PSAPI;
-      if (method == (method|ENUM_METHOD::PSAPI)) {
-        processMethod_ = ENUM_METHOD::PSAPI;
-      } else {
-        NSC_LOG_ERROR_STD(_T("PSAPI method not availabletry installing \"Platform SDK Redistributable: PSAPI for Windows NT\" from Microsoft."));
-        NSC_LOG_ERROR_STD(_T("Try this URL: http://www.microsoft.com/downloads/details.aspx?FamilyID=3d1fbaed-d122-45cf-9d46-1cae384097ac"));
-      }
-    //}
-  } else if (wantedMethod == C_SYSTEM_ENUMPROC_METHOD_PSAPI) {
-    NSC_DEBUG_MSG_STD(_T("Using PSAPI method."));
-    if (method == (method|ENUM_METHOD::PSAPI)) {
-      processMethod_ = ENUM_METHOD::PSAPI;
-    } else {
-      NSC_LOG_ERROR_STD(_T("PSAPI method not available, check ") C_SYSTEM_ENUMPROC_METHOD _T(" option."));
-    }
-  } else {
-    NSC_LOG_ERROR_STD(_T("TOOLHELP method has been removed sine we dont really want to support w9x ") C_SYSTEM_ENUMPROC_METHOD _T("."));
-  }
   try {
     NSCModuleHelper::registerCommand(_T("checkCPU"), _T("Check the CPU load of the computer."));
@@ -691 +649 @@
     msg = msg.substr(0, truncate-4) + _T("...");
   if (msg.empty() && returnCode == NSCAPI::returnOK)
-    msg = _T("OK: All services are in their apropriate state.");
+    msg = _T("OK: All services are in their appropriate state.");
   else if (msg.empty())
     msg = NSCHelper::translateReturn(returnCode) + _T(": Whooha this is odd.");
@@ -828 +786 @@
 } NSPROCDATA;
 typedef std::map<std::wstring,NSPROCDATA,strEx::case_blind_string_compare> NSPROCLST;
+
+class NSC_error : public CEnumProcess::error_reporter {
+  void report_error(std::wstring error) {
+    NSC_LOG_ERROR(error);
+  }
+  void report_warning(std::wstring error) {
+    NSC_LOG_MESSAGE(error);
+  }
+};
+
 /**
 * Get a hash_map with all running processes.
 * @return a hash_map with all running processes
 */
-NSPROCLST GetProcessList(int processMethod, bool getCmdLines)
+NSPROCLST GetProcessList(bool getCmdLines, bool use16Bit)
 {
   NSPROCLST ret;
-  if (processMethod == 0) {
-    NSC_LOG_ERROR_STD(_T("ProcessMethod not defined or not available."));
-    return ret;
-  }
   CEnumProcess enumeration;
-  if (enumeration.SetMethod(processMethod) != processMethod) {
-    NSC_LOG_ERROR_STD(_T("Failed to set process enumeration method"));
-    return ret;
-  }
-  int toFill = CEnumProcess::CProcessEntry::fill_filename;
-  if (getCmdLines)
-    toFill |= CEnumProcess::CProcessEntry::fill_command_line;
-  CEnumProcess::CProcessEntry entry(toFill);
-  for (BOOL OK = enumeration.GetProcessFirst(&entry); OK; OK = enumeration.GetProcessNext(&entry) ) {
+  if (!enumeration.has_PSAPI()) {
+    NSC_LOG_ERROR_STD(_T("Failed to enumerat processes"));
+    NSC_LOG_ERROR_STD(_T("PSAPI method not availabletry installing \"Platform SDK Redistributable: PSAPI for Windows NT\" from Microsoft."));
+    NSC_LOG_ERROR_STD(_T("Try this URL: http://www.microsoft.com/downloads/details.aspx?FamilyID=3d1fbaed-d122-45cf-9d46-1cae384097ac"));
+    throw CEnumProcess::process_enumeration_exception(_T("PSAPI not avalible, please see eror log for details."));
+  }
+  NSC_error err;
+  CEnumProcess::process_list list = enumeration.enumerate_processes(getCmdLines, use16Bit, &err);
+  for (CEnumProcess::process_list::const_iterator entry = list.begin(); entry != list.end(); ++entry) {
     std::wstring key;
-    if (getCmdLines)
-      key = entry.command_line;
+    if (getCmdLines && !(*entry).command_line.empty())
+      key = (*entry).command_line;
     else
-      key = entry.filename;
+      key = (*entry).filename;
     NSPROCLST::iterator it = ret.find(key);
     if (it == ret.end()) {
-      ret[key].entry = entry;
+      ret[key].entry = (*entry);
       ret[key].count = 1;
       ret[key].key = key;
@@ -888 +852 @@
   StateContainer tmpObject;
   bool bPerfData = true;
+  bool use16bit = false;
   bool useCmdLine = false;
   typedef enum {
@@ -906 +871 @@
     MAP_OPTIONS_BOOL_TRUE(NSCLIENT, bNSClient)
     MAP_OPTIONS_BOOL_TRUE(_T("cmdLine"), useCmdLine)
+    MAP_OPTIONS_BOOL_TRUE(_T("16bit"), use16bit)
     MAP_OPTIONS_MODE(_T("match"), _T("string"), match,  match_string)
     MAP_OPTIONS_MODE(_T("match"), _T("regexp"), match,  match_regexp)
@@ -930 +896 @@
   NSPROCLST runningProcs;
   try {
-    runningProcs = GetProcessList(processMethod_, useCmdLine);
-  } catch (CEnumProcess::EnumProcException e) {
-    NSC_LOG_ERROR_STD(_T("ERROR: ") + e.getMessage());
-    msg = static_cast<std::wstring>(_T("ERROR: ")) + e.getMessage();
+    runningProcs = GetProcessList(useCmdLine, use16bit);
+  } catch (CEnumProcess::process_enumeration_exception &e) {
+    NSC_LOG_ERROR_STD(_T("ERROR: ") + e.what());
+    msg = static_cast<std::wstring>(_T("ERROR: ")) + e.what();
     return NSCAPI::returnUNKNOWN;
   } catch (...) {

modules/CheckSystem/CheckSystem.h

@@ -30 +30 @@
 private:
   CheckMemory memoryChecker;
-  int processMethod_;
   PDHCollectorThread pdhThread;
 

modules/DebugLogMetrics/DebugLogMetrics.cpp

@@ -60 +60 @@
   return false;
 }
-
+/*
 void getMetricsForPid(DWORD pid) {
   HANDLE hProcModule = OpenProcess( PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, pid );
@@ -82 +82 @@
 
 }
+*/
 
 NSCAPI::nagiosReturn DebugLogMetrics::handleCommand(const strEx::blindstr command, const unsigned int argLen, TCHAR **char_args, std::wstring &message, std::wstring &perf) {

modules/NRPEListener/NRPEListener.cpp

@@ -374 +374 @@
   strEx::token cmd = strEx::getToken(p.getPayload(), '!');
   if (cmd.first == _T("_NRPE_CHECK")) {
-    return NRPEPacket(NRPEPacket::responsePacket, NRPEPacket::version2, NSCAPI::returnOK, _T("I (") SZVERSION _T(") seem to be doing fine..."), buffer_length_);
+    return NRPEPacket(NRPEPacket::responsePacket, NRPEPacket::version2, NSCAPI::returnOK, _T("I (") + NSCModuleHelper::getApplicationVersionString() + _T(") seem to be doing fine..."), buffer_length_);
   }
   std::wstring msg, perf;