void MainDlg::parseListDotXml() {
//extract ZIP file
bool extracted = FileTools::getInstance()->unzip(tmpDir, "/list.zip");
if (!extracted) {
//TODO: get error message
hasError = true;
}
//verify MD5 sum.
QString calculatedMd5 = md5::md5FromFile(tmpDir.path()+"/list.xml");
QFile md5File(tmpDir.path()+"/list.md5");
if (!md5File.open(QIODevice::ReadOnly)) {
hasError = true;
} else {
QString originalMd5(md5File.readLine());
if (originalMd5.compare(calculatedMd5)) {
hasError = true;
}
}
//actually parse XML file
if (!hasError) {
XMLParser xml;
connect(&xml, SIGNAL(hasNewItem(SoftwareEntry*)), this, SLOT(addSoftwareEntry(SoftwareEntry*)));
connect(&xml, SIGNAL(finished()), this, SLOT(buildTabContent()));
xml.readFile(tmpDir.path()+"/list.xml");
}
VOID GetFileMd5Hash(char *lpszDLLPath,char *lpszMd5)
{
FILE * fp=fopen(lpszDLLPath,"rb");
if(fp)
{
MD5VAL val;
val = md5File(fp);
wsprintfA(lpszMd5,"%08x%08x%08x%08x",conv(val.a),conv(val.b),conv(val.c),conv(val.d));
fclose(fp);
}
return;
}
void MD5Utils::md5File(const char *fileName) {
int fd;
fd = open(fileName , O_RDONLY);
if (fd == -1) {
printf("File Name : <%s>\n" , fileName);
perror("md5File ");
return;
}
md5File(fd);
close(fd);
}
//根据的绝路路径计算文件的md5如:D:\Downloads\d3.ppt
CString ValueMD5(CString file)
{
MD5VAL val;
CString result;
TCHAR chtmp[1024];
file = strChange(file);
FILE *fp = _wfopen(file, L"rb");
if(fp)
{
val = md5File(fp);
swprintf(chtmp,1024,
L"%08x%08x%08x%08x", conv(val.a), conv(val.b), conv(val.c), conv(val.d));
fclose(fp);
}
result.Format(L"%s", chtmp);
return result;
}
void CopyProcessMD5ToClipboard(HWND hWnd,CMyList *m_list)
{
CString ProcessPath;
int ItemNum = m_list->GetItemCount();
POSITION pos = m_list->GetFirstSelectedItemPosition(); //判断列表框中是否有选择项
int Item = m_list->GetNextSelectedItem(pos); //将列表中被选择的下一项索引值保存到数组中
ProcessPath.Format(L"%s",m_list->GetItemText(Item,3));
WCHAR lpwzProcessPath[260];
CHAR lpszProcessPath[1024];
char *lpString = NULL;
memset(lpwzProcessPath,0,sizeof(lpwzProcessPath));
memset(lpszProcessPath,0,sizeof(lpszProcessPath));
wcscat(lpwzProcessPath,ProcessPath);
WideCharToMultiByte( CP_ACP,
0,
lpwzProcessPath,
-1,
lpszProcessPath,
wcslen(lpwzProcessPath)*2,
NULL,
NULL
);
CHAR lpszNum[100] = {0};
FILE * fp=fopen(lpszProcessPath,"rb");
if(fp)
{
MD5VAL val;
val = md5File(fp);
wsprintfA(lpszNum,"%08x%08x%08x%08x",conv(val.a),conv(val.b),conv(val.c),conv(val.d));
fclose(fp);
}
lpString = setClipboardText(lpszNum);
if (lpString)
{
MessageBoxW(hWnd,L"操作成功!",L"A盾电脑防护",MB_ICONWARNING);
}
}
void DecompressManager::checkMd5()
{
TCHAR* targetDir = FileInfo::getInstance().getTargetFileName();
TCHAR jsonFileName[MAX_PATH] = {0};
wcscpy(jsonFileName, targetDir);
wcscat(jsonFileName, L"F33APP\\AppMd5.json");
HANDLE jsonFile = CreateFile(jsonFileName, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
if (jsonFile == INVALID_HANDLE_VALUE)
{
DWORD hr = GetLastError();
return ;
}
DWORD fileSize = GetFileSize(jsonFile, NULL);
if (fileSize == -1)
{
return ;
}
char* jsonDocument = new char[fileSize];
if (jsonDocument == NULL)
{
return ;
}
DWORD readSize = 0;
if (!ReadFile(jsonFile, jsonDocument, fileSize, &readSize, NULL))
{
delete[] jsonDocument;
return ;
}
Json::Reader reader;
Json::Value jsonObject;
if(reader.parse(jsonDocument, jsonObject) == false)
{
delete[] jsonDocument;
decompressDelegate_->decompressError(JSON_FILE_PARSE_ERROR);
return ;
}
Json::Value::Members member;
member = jsonObject.getMemberNames();
for (Json::Value::Members::iterator iter = member.begin(); iter != member.end(); iter++)
{
TCHAR relativePath[MAX_PATH] = {0};
MultiByteToWideChar(GetACP(), 0, (*iter).c_str(), (*iter).size()*2, relativePath, MAX_PATH);
FILE * fp = NULL;
map<wstring, wstring >::iterator it;
it=fileContainer_.find(relativePath);
if(it==fileContainer_.end())
{
//没有MD5值先忽略
continue;
}
wstring absolutePath((*it).second);
if (absolutePath.find(L"AppMd5.json") != absolutePath.npos)
{
//MD5文件跳过
continue;
}
_wfopen_s(&fp, (*it).second.c_str(), L"rb");
if (fp == NULL)
{
continue ;
}
MD5VAL val=md5File(fp);
char md5_result[MD5_KEY_MAX_LENGTH] = {0};
sprintf(md5_result, "%08x%08x%08x%08x",conv_(val.a),conv_(val.b),conv_(val.c),conv_(val.d));
fclose(fp);
string origString = jsonObject[(*iter)].asString();
if (origString != md5_result)
{
delete[] jsonDocument;
decompressDelegate_->decompressError(MD5_CHECK_ERROR);
return ;
}
}
delete[] jsonDocument;
}
void ProcessVerify(HWND hWnd,CMyList *m_list,int Type)
{
CString PidNum;
CString FilePath;
DWORD dwReadByte;
POSITION pos = m_list->GetFirstSelectedItemPosition(); //判断列表框中是否有选择项
int Item = m_list->GetNextSelectedItem(pos); //将列表中被选择的下一项索引值保存到数组中
FilePath.Format(L"%s",m_list->GetItemText(Item,3));
WCHAR lpwzNum[50];
WCHAR lpwzFilePath[260];
WCHAR lpwzTrue[260];
CHAR lpszFilePath[5024];
memset(lpwzNum,0,sizeof(lpwzNum));
memset(lpszFilePath,0,sizeof(lpszFilePath));
memset(lpwzFilePath,0,sizeof(lpwzFilePath));
wcscat(lpwzFilePath,FilePath);
if (!wcslen(lpwzFilePath))
{
return;
}
if (GetFileAttributes(lpwzFilePath) == INVALID_FILE_ATTRIBUTES)
{
MessageBoxW(hWnd,L"文件无法访问!",L"A盾电脑防护",0);
return;
}
//1为验证数字签名
if (Type == 1){
if (VerifyEmbeddedSignature(lpwzFilePath)){
AfxMessageBox(L"通过数字签名验证");
}else
AfxMessageBox(L"没有通过数字签名验证");
return;
}
WideCharToMultiByte (CP_OEMCP,NULL,lpwzFilePath,-1,lpszFilePath,wcslen(lpwzFilePath)*2,NULL,FALSE);
FILE * fp=fopen(lpszFilePath,"rb");
if(fp)
{
MD5VAL val;
val = md5File(fp);
wsprintfW(lpwzNum,L"%08x%08x%08x%08x",conv(val.a),conv(val.b),conv(val.c),conv(val.d));
fclose(fp);
}
FileVerify(lpszFilePath,lpwzNum,lpwzTrue);
WCHAR lpwzMessageBox[256] = {0};
WCHAR lpszSuccess[256];
memset(lpszSuccess,0,sizeof(lpszSuccess));
memset(lpwzMessageBox,0,sizeof(lpwzMessageBox));
if (_wcsnicmp(lpwzTrue,L"不支持当前系统",wcslen(L"不支持当前系统")) == 0)
{
wsprintfW(lpwzMessageBox,L"%s\r\n\r\n是否允许\"A盾电脑防护\"收集您的计算机版本以便作为后续版本更新?",L"不支持当前系统");
if (MessageBoxW(hWnd,lpwzMessageBox,L"A盾电脑防护",MB_YESNO | MB_ICONWARNING) == IDYES)
{
//开始收集系统信息
}
}
else if (_wcsnicmp(lpwzTrue,L"MD5(√)/签名(-)",wcslen(L"MD5(√)/签名(-)")) == 0)
{
wsprintfW(lpszSuccess,L"文件:%ws\r\nMD5值:%ws\r\n\r\n已经通过验证,属于系统原生文件!\r\n",lpwzFilePath,lpwzNum);
AfxMessageBox(lpszSuccess);
}
else
{
wsprintfW(lpszSuccess,L"文件:%ws\r\nMD5值:%ws\r\n\r\n%ws!\r\n",lpwzFilePath,lpwzNum,lpwzTrue);
AfxMessageBox(lpszSuccess);
}
}
VOID QuerySystemProcess(HWND m_hWnd,ULONG ID,CMyList *m_list)
{
DWORD dwReadByte;
int ItemNum = m_list->GetItemCount();
HANDLE hProcess;
int i=0;
//触发最后一个进程,不然无法列举最后一个执行的进程
//hProcess = RunAProcess("ping 127.0.0.1 -n 100");
//WinExec("ping 127.0.0.1 -n 5",SW_HIDE);
if (bIsPhysicalCheck){
SaveToFile("\r\n\r\n[---系统进程---]\r\n",PhysicalFile);
}
SetDlgItemTextW(m_hWnd,ID,L"正在扫描系统进程,请稍后...");
if (NormalProcessInfo)
{
VirtualFree(NormalProcessInfo,sizeof(PROCESSINFO)*900,MEM_RESERVE | MEM_COMMIT);
NormalProcessInfo = NULL;
}
NormalProcessInfo = (PPROCESSINFO)VirtualAlloc(0, sizeof(PROCESSINFO)*900,MEM_RESERVE | MEM_COMMIT, PAGE_READWRITE);
if (NormalProcessInfo)
{
//为进程图标服务
SHFILEINFO shfileinfo;
ProcessImg.Create(16,16, ILC_COLOR32, 2, 100);
HIMAGELIST hImageList = NULL;
CMyAProtectApp *imgApp=(CMyAProtectApp*)AfxGetApp();
bool PathEmpty=true;
memset(NormalProcessInfo,0,sizeof(PROCESSINFO)*900);
ReadFile((HANDLE)LIST_PROCESS,NormalProcessInfo,sizeof(PROCESSINFO)*900,&dwReadByte,0);
for ( i=0;i<NormalProcessInfo->ulCount;i++)
{
WCHAR lpwzTextOut[100];
memset(lpwzTextOut,0,sizeof(lpwzTextOut));
wsprintfW(lpwzTextOut,L"共有 %d 个数据,正在扫描第 %d 个,请稍后...",NormalProcessInfo->ulCount,i);
SetDlgItemTextW(m_hWnd,ID,lpwzTextOut);
WCHAR lpwzProcName[100];
WCHAR lpwzPid[50];
WCHAR lpwzInheritedPid[50];
WCHAR lpwzFullProcName[256];
WCHAR lpwzEProcess[100];
WCHAR lpwzStatus[50];
WCHAR lpwzFileServices[256];
WCHAR lpwzTrue[256];
memset(lpwzProcName,0,sizeof(lpwzProcName));
memset(lpwzPid,0,sizeof(lpwzPid));
memset(lpwzInheritedPid,0,sizeof(lpwzInheritedPid));
memset(lpwzFullProcName,0,sizeof(lpwzFullProcName));
memset(lpwzEProcess,0,sizeof(lpwzEProcess));
memset(lpwzStatus,0,sizeof(lpwzStatus));
memset(lpwzFileServices,0,sizeof(lpwzFileServices));
//提取进程DOS路径
WCHAR lpwzWinDir[256];
WCHAR lpwzSysDisk[10];
char lpszString[256];
char lpszFullString[5024];
WCHAR lpwzFullString[256];
memset(lpszString,0,sizeof(lpszString));
memset(lpszFullString,0,sizeof(lpszFullString));
memset(lpwzFullString,0,sizeof(lpwzFullString));
memset(lpwzTrue,0,sizeof(lpwzTrue));
memset(lpwzWinDir,0,sizeof(lpwzWinDir));
memset(lpwzSysDisk,0,sizeof(lpwzSysDisk));
if (_wcsicmp(NormalProcessInfo->ProcessInfo[i].lpwzFullProcessPath,L"System") == 0)
{
wcscat(lpwzFullString,L"System");
wcscat(lpwzProcName,L"System");
goto Next;
}
if (_wcsicmp(NormalProcessInfo->ProcessInfo[i].lpwzFullProcessPath,L"System Idle") == 0)
{
wcscat(lpwzFullString,L"System Idle");
wcscat(lpwzProcName,L"System Idle");
goto Next;
}
if (wcsstr(NormalProcessInfo->ProcessInfo[i].lpwzFullProcessPath,L"\\Device\\") != NULL)
{
//开始处理dos路径
NtFilePathToDosFilePath(NormalProcessInfo->ProcessInfo[i].lpwzFullProcessPath,lpwzFullString);
}else
{
wcsncat(lpwzFullString,NormalProcessInfo->ProcessInfo[i].lpwzFullProcessPath,wcslen(NormalProcessInfo->ProcessInfo[i].lpwzFullProcessPath));
}
//----------------------
WideCharToMultiByte( CP_ACP,
0,
lpwzFullString,
-1,
lpszFullString,
wcslen(lpwzFullString)*2,
NULL,
NULL);
char *p = strstr(lpszFullString,"\\");
if (p)
{
wsprintfA(lpszString,"%s",ExtractFileName(lpszFullString));
MultiByteToWideChar(
CP_ACP,
0,
lpszString,
-1,
lpwzProcName,
strlen(lpszString)
);
}
FILE * fp=fopen(lpszFullString,"rb");
if(fp)
{
PathEmpty=false;
if (!bIsProcMD5Check)
{
wcscat(lpwzTrue,L"未知(右键扫描)");
fclose(fp);
goto Next;
}
MD5VAL val;
val = md5File(fp);
wsprintfW(lpwzFileServices,L"%08x%08x%08x%08x",conv(val.a),conv(val.b),conv(val.c),conv(val.d));
FileVerify(lpszFullString,lpwzFileServices,lpwzTrue);
fclose(fp);
}
//MessageBoxW(NormalProcessInfo->ProcessInfo[i].lpwzFullProcessPath,lpwzFullProcName,0);
Next:
wsprintfW(lpwzPid,L"%d",NormalProcessInfo->ProcessInfo[i].ulPid);
wsprintfW(lpwzInheritedPid,L"%d",NormalProcessInfo->ProcessInfo[i].ulInheritedFromProcessId);
wsprintfW(lpwzEProcess,L"0x%08X",NormalProcessInfo->ProcessInfo[i].EProcess);
//wsprintfW(lpwzStatus,L"%d",NormalProcessInfo->ProcessInfo[i].ulKernelOpen);
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE,NormalProcessInfo->ProcessInfo[i].ulPid);
if (hProcess)
{
wcscat(lpwzStatus,L"Yes/");
CloseHandle(hProcess);
}else
wcscat(lpwzStatus,L"No/");
if (NormalProcessInfo->ProcessInfo[i].ulKernelOpen == 1)
{
wcscat(lpwzStatus,L"Yes");
}else
wcscat(lpwzStatus,L"No");
//这里是一键体检的数据,不需要插入界面了
if (bIsPhysicalCheck){
//如果没有hook,就返回
if (NormalProcessInfo->ProcessInfo[i].IntHideType == 1 ||
_wcsnicmp(lpwzTrue,L"无法确认文件来源",wcslen(L"无法确认文件来源")) == 0)
{
WCHAR lpwzSaveBuffer[1024] ={0};
CHAR lpszSaveBuffer[2024] ={0};
memset(lpwzSaveBuffer,0,sizeof(lpwzSaveBuffer));
memset(lpszSaveBuffer,0,sizeof(lpszSaveBuffer));
wsprintfW(lpwzSaveBuffer,L" --> 发现无法识别进程:进程Pid:%ws | 进程名:%ws | EPROCESS:%ws | 进程路径:%ws\r\n",
lpwzPid,lpwzProcName,lpwzEProcess,lpwzFullString);
m_list->InsertItem(0,L"系统进程",RGB(77,77,77));
m_list->SetItemText(0,1,lpwzSaveBuffer);
WideCharToMultiByte( CP_ACP,
0,
lpwzSaveBuffer,
-1,
lpszSaveBuffer,
wcslen(lpwzSaveBuffer)*2,
NULL,
NULL
);
SaveToFile(lpszSaveBuffer,PhysicalFile);
}
continue;
}
if (NormalProcessInfo->ProcessInfo[i].IntHideType == 1)
{
m_list->InsertItem(i,lpwzPid,RGB(255,20,147)); //隐藏
memset(lpwzStatus,0,sizeof(lpwzStatus));
wcscat(lpwzStatus,L"隐藏进程");
}
else
{
if (_wcsnicmp(lpwzTrue,L"无法确认文件来源",wcslen(L"无法确认文件来源")) == 0)
{
m_list->InsertItem(i,lpwzPid,RGB(238,118,0));
}
else
{
if (!wcslen(lpwzProcName))
{
wcscat(lpwzFullString,L"* (Warning:进程文件已被移动)");
PathEmpty=true;
wcscat(lpwzProcName,L"*");
m_list->InsertItem(i,lpwzPid,RGB(255,20,147));
}else
m_list->InsertItem(i,lpwzPid,RGB(77,77,77));
}
}
//m_list->InsertItem(ItemNum,lpwzHideType);
m_list->SetItemText(i,1,lpwzInheritedPid);
m_list->SetItemText(i,2,lpwzProcName);
m_list->SetItemText(i,3,lpwzFullString);
m_list->SetItemText(i,4,lpwzEProcess);
m_list->SetItemText(i,5,lpwzStatus);
m_list->SetItemText(i,6,lpwzTrue);
if(PathEmpty)
ProcessImg.Add(imgApp->LoadIconW(IDI_WHITE));
else
{
hImageList=(HIMAGELIST)::SHGetFileInfo(lpwzFullString,0,&shfileinfo,sizeof(shfileinfo),SHGFI_ICON);
ProcessImg.Add(shfileinfo.hIcon);
}
m_list->SetImageList(&ProcessImg);
m_list->SetItemImageId(i,i);
DestroyIcon(shfileinfo.hIcon);
PathEmpty=true;
}
//VirtualFree(NormalProcessInfo,sizeof(NormalProcessInfo)*1050*200,MEM_RESERVE | MEM_COMMIT);
}else{
WCHAR lpwzTextOut[100];
memset(lpwzTextOut,0,sizeof(lpwzTextOut));
wsprintfW(lpwzTextOut,L"申请内存错误, 请重新运行A盾\r\n错误代码:%d\n",GetLastError());
MessageBox(0,lpwzTextOut,0,0);
}
WCHAR lpwzTextOut[100];
memset(lpwzTextOut,0,sizeof(lpwzTextOut));
wsprintfW(lpwzTextOut,L"系统进程扫描完毕,共有 %d 个数据",i);
SetDlgItemTextW(m_hWnd,ID,lpwzTextOut);
}
