VOID VirusTotalBuildJsonArray(
    _In_ PVIRUSTOTAL_FILE_HASH_ENTRY Entry,
    _In_ PVOID JsonArray
    )
{
    HANDLE fileHandle;
    FILE_NETWORK_OPEN_INFORMATION fileAttributeInfo;
    PPH_STRING hashString = NULL;

    if (NT_SUCCESS(PhQueryFullAttributesFileWin32(
        Entry->FileName->Buffer,
        &fileAttributeInfo
        )))
    {
        Entry->CreationTime = VirusTotalTimeString(&fileAttributeInfo.CreationTime);
    }

    if (NT_SUCCESS(PhCreateFileWin32(
        &fileHandle,
        Entry->FileName->Buffer,
        FILE_GENERIC_READ,
        0,
        FILE_SHARE_READ,
        FILE_OPEN,
        FILE_NON_DIRECTORY_FILE | FILE_SYNCHRONOUS_IO_NONALERT // FILE_OPEN_FOR_BACKUP_INTENT
        )))
    {
        if (NT_SUCCESS(HashFileAndResetPosition(
            fileHandle,
            &fileAttributeInfo.EndOfFile,
            Sha256HashAlgorithm,
            &hashString
            )))
        {
            PVOID entry;

            Entry->FileHash = hashString;
            Entry->FileHashAnsi = PhConvertUtf16ToMultiByte(Entry->FileHash->Buffer);

            entry = PhCreateJsonObject();
            PhAddJsonObject(entry, "autostart_location", "");
            PhAddJsonObject(entry, "autostart_entry", "");
            PhAddJsonObject(entry, "hash", Entry->FileHashAnsi->Buffer);
            PhAddJsonObject(entry, "image_path", Entry->FileNameAnsi->Buffer);
            PhAddJsonObject(entry, "creation_datetime", Entry->CreationTime ? Entry->CreationTime->Buffer : "");
            PhAddJsonArrayObject(JsonArray, entry);
        }

        NtClose(fileHandle);
    }
}
Exemple #2
0
BOOLEAN CreateDirectoryPath(
    _In_ PPH_STRING DirectoryPath
    )
{
    BOOLEAN success = FALSE;
    BOOLEAN directoryExists = FALSE;
    FILE_NETWORK_OPEN_INFORMATION directoryInfo;

    if (NT_SUCCESS(PhQueryFullAttributesFileWin32(DirectoryPath->Buffer, &directoryInfo)))
    {
        if (directoryInfo.FileAttributes & FILE_ATTRIBUTE_DIRECTORY)
        {
            directoryExists = TRUE;
        }
    }

    if (!directoryExists)
    {
        INT errorCode = SHCreateDirectoryEx(NULL, DirectoryPath->Buffer, NULL);

        if (errorCode == ERROR_SUCCESS)
        {
            DEBUG_MSG(L"Created Directory: %s\r\n", DirectoryPath->Buffer);
            success = TRUE;
        }
        else
        {
            DEBUG_MSG(L"SHCreateDirectoryEx Failed\r\n");
        }
    }
    else
    {
        //DEBUG_MSG(L"Directory Exists: %s\r\n", DirectoryPath->Buffer);
        success = TRUE;
    }

    return success;
}