BOOL event_dbvalidation(WORD event_, WORD param_, DWORD flags_, LPCSTR message_, DWORD refdata_)
{
// param_ contains FPIDB_xxx
// flags_ contains date
// message_ contains name
#ifdef FSAV
printboth("%s version %04lu-%02hu-%02hu",
message_, get_db_year(flags_), get_db_month(flags_), get_db_day(flags_));
if (param_ != FPIDB_VALID)
printboth(" %s", get_db_state(param_));
printboth("\n");
check_db_date(message_, flags_);
#else
printboth(">> Database:\t\"%s\", status=%hu (%s), date=%04d-%02d-%02d\n",
message_, param_, get_db_state(param_),
get_db_year(flags_), get_db_month(flags_), get_db_day(flags_));
if (options.control)
{
create_control_file(message_, get_db_year(flags_), get_db_month(flags_), get_db_day(flags_));
}
#endif
return TRUE;
}
void check_db_date(const char* dbname, DWORD date)
{
struct tm t;
time_t now, db;
double diff;
if (date == 0)
return;
now = time(NULL);
t.tm_year = get_db_year(date) - 1900;
t.tm_mon = get_db_month(date) - 1;
t.tm_mday = get_db_day(date);
t.tm_hour = 0;
t.tm_min = 0;
t.tm_sec = 0;
db = mktime(&t);
if (difftime(now, db) > 240*86400.0)
{
printboth("\n"
"Warning: The %s file is rather old and does not contain\n"
"information on a substantial number of new viruses.\n"
"To update your copy of F-Secure Anti-Virus, connect to the Internet\n"
"and run the fsavupdate utility.\n\n",
dbname);
}
}
uint8 DreamGenContext::printslow(const uint8 *string, uint16 x, uint16 y, uint8 maxWidth, bool centered) {
data.byte(kPointerframe) = 1;
data.byte(kPointermode) = 3;
const Frame* charSet = (const Frame *)segRef(data.word(kCharset1)).ptr(0, 0);
do {
uint16 offset = x;
uint16 charCount = getnumber(charSet, string, maxWidth, centered, &offset);
do {
uint8 c0 = string[0];
uint8 c1 = string[1];
uint8 c2 = string[2];
c0 = engine->modifyChar(c0);
printboth(charSet, &offset, y, c0, c1);
if ((c1 == 0) || (c1 == ':')) {
return 0;
}
if (charCount != 1) {
c1 = engine->modifyChar(c1);
data.word(kCharshift) = 91;
uint16 offset2 = offset;
printboth(charSet, &offset2, y, c1, c2);
data.word(kCharshift) = 0;
for (int i=0; i<2; ++i) {
uint16 mouseState = waitframes();
if (mouseState == 0)
continue;
if (mouseState != data.word(kOldbutton)) {
return 1;
}
}
}
++string;
--charCount;
} while (charCount);
y += 10;
} while (true);
}
void create_control_file(const char* name, DWORD year, WORD month, WORD day)
{
const char* control_name;
if (stricmp(name, "sign.def") == 0)
control_name = "signdef-version";
else if (stricmp(name, "fsmacro.def") == 0)
control_name = "fsmacrodef-version";
else
return;
FILE* f = fopen(control_name, "w");
if (!f)
{
printboth("Cannot write control file %s\n", control_name);
}
fprintf(f, "%s version %lu-%02hu-%02hu\n", name, year, month, day);
fclose(f);
}
BOOL query(const char* actionstring)
{
BOOL answer;
printboth("\tQuery: %s, do it? (y/n) ", actionstring);
#ifdef _CONSOLE
int c;
#ifdef UNIX
c = getchar();
#else
c = getch();
#endif
answer = (c=='y' || c=='Y');
#else
int ret;
char querytext[100];
sprintf(querytext, "Action==\"%s\", do it?", actionstring);
ret = MessageBox(NULL, querytext, "FPIRUN Query",
MB_YESNO | MB_ICONQUESTION);
answer = (ret==IDYES);
#endif
return answer;
}
BOOL FPIFN FN_CALLBACK (WORD event_, WORD param_, DWORD flags_, LPCSTR message_, DWORD refdata_)
{
char name[200];
char fullname[500];
char eventstring[100];
char actionstring[100];
char virusmessage[300];
DWORD tickStart;
DWORD tickNow;
switch (event_)
{
case FPIEVENT_QUERYABORT:
#if defined _CONSOLE && !defined UNIX
if (kbhit())
{
int c = getch();
if (c=='x')
{
printboth("\n[STOPPED BY USER]\n");
bExitScan = TRUE;
return TRUE;
}
}
#endif
tickStart = get_ticks_from_refdata(refdata_);
tickNow = GetTickCount();
if (tickStart != 0)
{
if (options.max_time > 0 && (double)(tickNow - tickStart) > options.max_time*1000.0)
{
printboth("\n[SINGLE-FILE TIME LIMIT EXCEEDED]\n");
return TRUE;
}
}
return FALSE;
case FPIEVENT_QUERY:
break;
case FPIEVENT_INFECTION:
break;
case FPIEVENT_ERROR:
break;
case FPIEVENT_DBVALIDATION:
return event_dbvalidation(event_, param_, flags_, message_, refdata_);
default:
printboth("%s:\tFPI violation: Invalid event (%hu)\n",
fullname, event_);
nApiErrors++;
break;
}
get_name_from_refdata(refdata_, name, sizeof name);
get_fullname_from_refdata(refdata_, fullname, sizeof fullname);
FPIFILEHANDLE handle = get_handle_from_refdata(refdata_);
isFileClean = FALSE;
virusmessage[0] = '\0';
if (event_ == FPIEVENT_QUERY || event_ == FPIEVENT_INFECTION)
{
strcpy(eventstring, "Infection");
if (flags_ & FPIFLAG_SUSPECTED)
strcat(eventstring, "/suspected");
if ((flags_ & FPIFLAG_HEURISTIC) == FPIFLAG_HEURISTIC)
strcat(eventstring, "/heuristic");
if ((flags_ & FPIFLAG_INTEGRITY) == FPIFLAG_INTEGRITY)
strcat(eventstring, "/integrity");
if (flags_ & FPIFLAG_SUSPECTED)
{
isFileSuspicious = TRUE;
if (flags_ & FPIFLAG_MSGEXTRA)
{
// message_ given, but no virus name available because it is only suspected
strcat(virusmessage, message_);
}
else
{
// message_ ignored
}
}
else
{
isFileInfected = TRUE;
if (flags_ & FPIFLAG_MSGEXTRA)
{
// message_ contains actual virus name delimited with \x01
const char* firstdelim;
BOOL bNameUnknown = FALSE;
firstdelim = strchr(message_, '\x01');
if (firstdelim == NULL)
{
strcat(virusmessage, "Name unknown - invalid message format (FPI violation)");
nApiErrors++;
bNameUnknown = TRUE;
}
else
{
int len = strcspn(firstdelim+1, "\x01");
strncat(virusmessage, firstdelim+1, len);
}
if (options.fullmessage || bNameUnknown)
{
strcat(virusmessage, "\tFull message:\t");
strcat(virusmessage, message_);
}
}
else
{
// message_ *is* actual virus name
strcpy(virusmessage, message_);
}
}
}
else if (event_ == FPIEVENT_ERROR)
{
strcpy(eventstring, "Error");
isFileFailed = TRUE;
}
switch (event_)
{
case FPIEVENT_QUERY:
if (options.interest_infections)
{
if (options.ask)
printboth("%s:\t%s:\t%s\n",
fullname, eventstring, virusmessage);
else
printlog("%s:\t%s:\t%s\n",
fullname, eventstring, virusmessage);
collect_sample("inf", FPICONTAINERHANDLE_NULL, fullname, name, handle);
}
break;
case FPIEVENT_INFECTION:
if (options.interest_infections)
{
printlog("%s:\t%s:\t%s\n",
fullname, eventstring, virusmessage);
collect_sample("inf", FPICONTAINERHANDLE_NULL, fullname, name, handle);
}
break;
case FPIEVENT_ERROR:
if (options.interest_errors)
{
if (param_!=FPIERROR_WRONGAPI || !options.terse)
{
printboth("%s:\t%s\t(%hu = %s) %s\n",
fullname, eventstring, param_,
(param_ <= FPIERROR_LASTERROR ? fpierror[param_] : "unknown"),
(message_ == NULL ? "" : message_));
collect_sample("err", FPICONTAINERHANDLE_NULL, fullname, name, handle);
}
}
break;
}
if (event_ == FPIEVENT_INFECTION)
{
if (flags_ & FPIFLAG_SUSPECTED)
{
nSuspicious++;
sumTicksSuspicious += GetTickCount() - tickStartFile;
}
else
{
nInfections++;
sumTicksInfected += GetTickCount() - tickStartFile;
}
}
if (event_ == FPIEVENT_ERROR)
{
nScanErrors++;
}
if (event_ == FPIEVENT_QUERY && param_ != FPIACTION_NONE)
{
if (param_ == FPIACTION_DISINFECT)
strcpy(actionstring, "Disinfect");
else
sprintf(actionstring, "Invalid action (%hu)", param_);
if (!options.ask)
{
if (options.interest_infections)
printlog("\tQuery: %s (yes, without asking)\n", actionstring);
return TRUE;
}
else
{
if (query(actionstring))
{
if (options.interest_infections)
printboth(" yes\n");
return TRUE;
}
else
{
if (options.interest_infections)
printboth(" no\n");
return FALSE;
}
}
}
if (event_ == FPIEVENT_INFECTION)
{
if (param_ == FPIACTION_NONE)
{
if (options.disinfect)
strcpy(actionstring, "Nothing done");
else
strcpy(actionstring, "");
}
else if (param_ == FPIACTION_DISINFECT)
{
strcpy(actionstring, "Disinfected");
isFileDisinfected = TRUE;
nDisinfections++;
}
else
{
sprintf(actionstring, "Invalid action performed (%hu)", param_);
}
if (actionstring[0] != '\0')
{
if (options.interest_infections)
printlog("\t%s\n", actionstring);
}
}
return FALSE;
}
