value onlyWin32_getFileInformationByHandle_ml(value handle_v) { HANDLE handle = (HANDLE)handle_v; BY_HANDLE_FILE_INFORMATION fileInfo; CAMLparam0 (); CAMLlocal1 (v); ULARGE_INTEGER size, index; if( !GetFileInformationByHandle(handle, &fileInfo) ){ DWORD err = GetLastError(); win32_maperr(err); uerror("GetFileInformationByHandle", Nothing); } size.HighPart = fileInfo.nFileSizeHigh; size.LowPart = fileInfo.nFileSizeLow; index.HighPart = fileInfo.nFileIndexHigh; index.LowPart = fileInfo.nFileIndexLow; v = caml_alloc (8, 0); Store_field(v,0, Val_int(fileInfo.dwFileAttributes)); Store_field(v, 1, caml_copy_double(FileTime_to_POSIX(fileInfo.ftCreationTime))); Store_field(v, 2, caml_copy_double(FileTime_to_POSIX(fileInfo.ftLastAccessTime))); Store_field(v, 3, caml_copy_double(FileTime_to_POSIX(fileInfo.ftLastWriteTime))); Store_field(v, 4, Val_int(fileInfo.dwVolumeSerialNumber)); Store_field(v, 5, caml_copy_int64(size.QuadPart)); Store_field(v, 6, Val_int(fileInfo.nNumberOfLinks)); Store_field(v, 7, caml_copy_int64(index.QuadPart)); CAMLreturn (v); }
void PathCrawler::listDir(std::string path, FileSet *infectedFiles, bool skip_decrypted) { if (infectedFiles == NULL) { printf("File set not initialized\n"); return; } const std::string fileName = path + "\\*.*"; WIN32_FIND_DATA foundFileData; HANDLE hFind = FindFirstFile(fileName.c_str(), &foundFileData); if (hFind == INVALID_HANDLE_VALUE) { return; } do { if (foundFileData.dwFileAttributes == FILE_ATTRIBUTE_DIRECTORY) { if (strcmp(foundFileData.cFileName, ".") == 0) continue; if (strcmp(foundFileData.cFileName, "..") == 0) continue; std::string full_path = path + "\\"+ foundFileData.cFileName; listDir(full_path, infectedFiles, skip_decrypted); continue; } std::string full_path = path +"\\"+ foundFileData.cFileName; if (isExtensionAttacked(foundFileData.cFileName) == false) { continue; } if (isInfected(full_path) == false) { continue; } if (skip_decrypted && isDecrypted(full_path) == true) { printf("Already decrypted, skipping: %s\n", foundFileData.cFileName); continue; } char* ext_none = "<none>"; char* ext = strrchr(foundFileData.cFileName, '.'); if (ext == NULL) { ext = ext_none; } uint32_t infection_time = static_cast<uint32_t> (FileTime_to_POSIX(foundFileData.ftLastWriteTime)); infectedFiles->addFile(full_path, ext, infection_time); } while (FindNextFile(hFind, &foundFileData)); FindClose(hFind); }
int WinFileAccess::fopen(const char* f, int read, int write) { WCHAR wszFileName[MAX_PATH+1]; if (!MultiByteToWideChar(CP_UTF8, 0, f, -1, wszFileName, sizeof wszFileName / sizeof *wszFileName)) return 0; hFile = CreateFileW(wszFileName, read ? GENERIC_READ : GENERIC_WRITE, FILE_SHARE_WRITE | FILE_SHARE_READ, NULL, read ? OPEN_EXISTING : OPEN_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL); if (hFile == INVALID_HANDLE_VALUE) return 0; if (read) { BY_HANDLE_FILE_INFORMATION fi; if (!GetFileInformationByHandle(hFile,&fi)) return 0; size = ((m_off_t)fi.nFileSizeHigh << 32)+(m_off_t)fi.nFileSizeLow; mtime = FileTime_to_POSIX(&fi.ftLastWriteTime); } else if (!GetFileSizeEx(hFile,(LARGE_INTEGER*)&size)) return 0; return 1; }