Example #1
0
value onlyWin32_getFileInformationByHandle_ml(value handle_v)
{
  HANDLE handle = (HANDLE)handle_v;
  BY_HANDLE_FILE_INFORMATION fileInfo;
  CAMLparam0 ();
  CAMLlocal1 (v);
  ULARGE_INTEGER size, index;

  if( !GetFileInformationByHandle(handle, &fileInfo) ){
    DWORD err = GetLastError();
    win32_maperr(err);
    uerror("GetFileInformationByHandle", Nothing);
  }

  size.HighPart = fileInfo.nFileSizeHigh;
  size.LowPart = fileInfo.nFileSizeLow;
  index.HighPart = fileInfo.nFileIndexHigh;
  index.LowPart = fileInfo.nFileIndexLow;

  v = caml_alloc (8, 0);
  Store_field(v,0, Val_int(fileInfo.dwFileAttributes));
  Store_field(v, 1,
              caml_copy_double(FileTime_to_POSIX(fileInfo.ftCreationTime)));
  Store_field(v, 2,
              caml_copy_double(FileTime_to_POSIX(fileInfo.ftLastAccessTime)));
  Store_field(v, 3,
              caml_copy_double(FileTime_to_POSIX(fileInfo.ftLastWriteTime)));
  Store_field(v, 4, Val_int(fileInfo.dwVolumeSerialNumber));
  Store_field(v, 5, caml_copy_int64(size.QuadPart));
  Store_field(v, 6, Val_int(fileInfo.nNumberOfLinks));
  Store_field(v, 7, caml_copy_int64(index.QuadPart));

  CAMLreturn (v);
}
Example #2
0
void PathCrawler::listDir(std::string path, FileSet *infectedFiles, bool skip_decrypted)
{
    if (infectedFiles == NULL) {
        printf("File set not initialized\n");
        return;
    }
    const std::string fileName = path + "\\*.*";
    WIN32_FIND_DATA foundFileData;
    HANDLE hFind = FindFirstFile(fileName.c_str(), &foundFileData);
    if (hFind == INVALID_HANDLE_VALUE) {
        return;
    }
    do {
        if (foundFileData.dwFileAttributes == FILE_ATTRIBUTE_DIRECTORY) {
            if (strcmp(foundFileData.cFileName, ".") == 0) continue;
            if (strcmp(foundFileData.cFileName, "..") == 0) continue;
            std::string full_path = path + "\\"+ foundFileData.cFileName;
            listDir(full_path, infectedFiles, skip_decrypted);
            continue;
        }
        std::string full_path = path +"\\"+ foundFileData.cFileName;
        if (isExtensionAttacked(foundFileData.cFileName) == false) {
            continue;
        }
        if (isInfected(full_path) == false) {
            continue;
        }
        if (skip_decrypted && isDecrypted(full_path) == true) {
            printf("Already decrypted, skipping: %s\n", foundFileData.cFileName);
            continue;
        }
        char* ext_none = "<none>";
        char* ext = strrchr(foundFileData.cFileName, '.');
        if (ext == NULL) {
            ext = ext_none;
        }
        uint32_t infection_time = static_cast<uint32_t> (FileTime_to_POSIX(foundFileData.ftLastWriteTime));
        infectedFiles->addFile(full_path,  ext, infection_time);
    } while (FindNextFile(hFind, &foundFileData));
    FindClose(hFind);
}
Example #3
0
int WinFileAccess::fopen(const char* f, int read, int write)
{
	WCHAR wszFileName[MAX_PATH+1];

	if (!MultiByteToWideChar(CP_UTF8, 0, f, -1, wszFileName, sizeof wszFileName / sizeof *wszFileName)) return 0;

	hFile = CreateFileW(wszFileName, read ? GENERIC_READ : GENERIC_WRITE, FILE_SHARE_WRITE | FILE_SHARE_READ, NULL, read ? OPEN_EXISTING : OPEN_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);

	if (hFile == INVALID_HANDLE_VALUE) return 0;

	if (read)
	{
		BY_HANDLE_FILE_INFORMATION fi;

		if (!GetFileInformationByHandle(hFile,&fi)) return 0;

		size = ((m_off_t)fi.nFileSizeHigh << 32)+(m_off_t)fi.nFileSizeLow;

		mtime = FileTime_to_POSIX(&fi.ftLastWriteTime);
	}
	else if (!GetFileSizeEx(hFile,(LARGE_INTEGER*)&size)) return 0;

	return 1;
}