void ProcessVerify(HWND hWnd,CMyList *m_list,int Type)
{
CString PidNum;
CString FilePath;
DWORD dwReadByte;
POSITION pos = m_list->GetFirstSelectedItemPosition(); //判断列表框中是否有选择项
int Item = m_list->GetNextSelectedItem(pos); //将列表中被选择的下一项索引值保存到数组中
FilePath.Format(L"%s",m_list->GetItemText(Item,3));
WCHAR lpwzNum[50];
WCHAR lpwzFilePath[260];
WCHAR lpwzTrue[260];
CHAR lpszFilePath[5024];
memset(lpwzNum,0,sizeof(lpwzNum));
memset(lpszFilePath,0,sizeof(lpszFilePath));
memset(lpwzFilePath,0,sizeof(lpwzFilePath));
wcscat(lpwzFilePath,FilePath);
if (!wcslen(lpwzFilePath))
{
return;
}
if (GetFileAttributes(lpwzFilePath) == INVALID_FILE_ATTRIBUTES)
{
MessageBoxW(hWnd,L"文件无法访问!",L"A盾电脑防护",0);
return;
}
//1为验证数字签名
if (Type == 1){
if (VerifyEmbeddedSignature(lpwzFilePath)){
AfxMessageBox(L"通过数字签名验证");
}else
AfxMessageBox(L"没有通过数字签名验证");
return;
}
WideCharToMultiByte (CP_OEMCP,NULL,lpwzFilePath,-1,lpszFilePath,wcslen(lpwzFilePath)*2,NULL,FALSE);
FILE * fp=fopen(lpszFilePath,"rb");
if(fp)
{
MD5VAL val;
val = md5File(fp);
wsprintfW(lpwzNum,L"%08x%08x%08x%08x",conv(val.a),conv(val.b),conv(val.c),conv(val.d));
fclose(fp);
}
FileVerify(lpszFilePath,lpwzNum,lpwzTrue);
WCHAR lpwzMessageBox[256] = {0};
WCHAR lpszSuccess[256];
memset(lpszSuccess,0,sizeof(lpszSuccess));
memset(lpwzMessageBox,0,sizeof(lpwzMessageBox));
if (_wcsnicmp(lpwzTrue,L"不支持当前系统",wcslen(L"不支持当前系统")) == 0)
{
wsprintfW(lpwzMessageBox,L"%s\r\n\r\n是否允许\"A盾电脑防护\"收集您的计算机版本以便作为后续版本更新?",L"不支持当前系统");
if (MessageBoxW(hWnd,lpwzMessageBox,L"A盾电脑防护",MB_YESNO | MB_ICONWARNING) == IDYES)
{
//开始收集系统信息
}
}
else if (_wcsnicmp(lpwzTrue,L"MD5(√)/签名(-)",wcslen(L"MD5(√)/签名(-)")) == 0)
{
wsprintfW(lpszSuccess,L"文件:%ws\r\nMD5值:%ws\r\n\r\n已经通过验证,属于系统原生文件!\r\n",lpwzFilePath,lpwzNum);
AfxMessageBox(lpszSuccess);
}
else
{
wsprintfW(lpszSuccess,L"文件:%ws\r\nMD5值:%ws\r\n\r\n%ws!\r\n",lpwzFilePath,lpwzNum,lpwzTrue);
AfxMessageBox(lpszSuccess);
}
}
int test_Basic(const char *name, void (*test_fct)(FILE *f, int Ocsp, int Crl), void (*test_virtual)(FILE *f, int Ocsp, int Crl), const char *folder, const char *reader, int bVerify, int Ocsp, int Crl)
{
PTEID_Status tStatus = {0};
long lHandle = 0;
long lRet = 0;
FILE *f=NULL;
int i = 0;
int j = 0;
int iOcsp = 0;
int iCrl = 0;
char buffer[50];
time_t timeStart;
time_t timeStop;
time(&timeStart);
for(i=0;i<3;i++)
{
if(Ocsp>=0 && Ocsp<=2)
i=Ocsp;
switch(i)
{
case 0: iOcsp=PTEID_OCSP_CRL_NOT_USED; break;
case 1: iOcsp=PTEID_OCSP_CRL_OPTIONAL; break;
case 2: iOcsp=PTEID_OCSP_CRL_MANDATORY; break;
}
for(j=0;j<3;j++)
{
if(Crl>=0 && Crl<=2)
j=Crl;
switch(j)
{
case 0: iCrl=PTEID_OCSP_CRL_NOT_USED; break;
case 1: iCrl=PTEID_OCSP_CRL_OPTIONAL; break;
case 2: iCrl=PTEID_OCSP_CRL_MANDATORY; break;
}
if(NULL == (f=FileOpen(name, folder, bVerify, i, j)))
return -1;
PrintTestHeader(f,name);
sprintf_s(buffer, sizeof(buffer), "%s (OCSP=%d - CRL=%d)",name,i,j);
PrintHeader(f,buffer);
PrintTestFunction(f,"PTEID_Init");
tStatus = PTEID_Init((char*)reader, iOcsp, iCrl, &lHandle);
PrintStatus(f,"PTEID_Init",&tStatus);
if(PTEID_OK != tStatus.general)
{
PrintTestFunction(f,"PTEID_Exit");
tStatus = PTEID_Exit();
PrintStatus(f,"PTEID_Exit",&tStatus);
//Don't warn if both parameter are set to mandatory, that's not allow
if(iOcsp!=PTEID_OCSP_CRL_MANDATORY || iCrl!=PTEID_OCSP_CRL_MANDATORY)
PrintWARNING(f,"Initialisation failed");
FileClose(f);
lRet = FileVerify(name, folder, bVerify, i, j);
if(Crl>=0 && Crl<=2)
break;
else
continue;
}
test_fct(f,Ocsp,Crl);
PrintTestFunction(f,"PTEID_Exit");
tStatus = PTEID_Exit();
PrintStatus(f,"PTEID_Exit",&tStatus);
//Virtual Reader
if(test_virtual)
{
PrintHeader(f,"INIT VIRTUAL READER");
PrintTestFunction(f,"PTEID_Init(VIRTUAL)");
tStatus = PTEID_Init("VIRTUAL", iOcsp, iCrl, &lHandle);
PrintStatus(f,"PTEID_Init",&tStatus);
if(PTEID_OK != tStatus.general)
{
PrintTestFunction(f,"PTEID_Exit");
tStatus = PTEID_Exit();
PrintWARNING(f,"Initialisation failed");
PrintStatus(f,"PTEID_Exit",&tStatus);
FileClose(f);
lRet = FileVerify(name, folder, bVerify, i, j);
if(Crl>=0 && Crl<=2)
break;
else
continue;
}
test_virtual(f,Ocsp,Crl);
PrintTestFunction(f,"PTEID_Exit");
tStatus = PTEID_Exit();
PrintStatus(f,"PTEID_Exit",&tStatus);
}
FileClose(f);
lRet = FileVerify(name, folder, bVerify, i, j);
if(Crl>=0 && Crl<=2)
break;
}
if(Ocsp>=0 && Ocsp<=2)
break;
}
time(&timeStop);
printf("TOTAL TEST TIME = %.0lf secondes\n\n",difftime(timeStop,timeStart));
return lRet;
}
VOID QuerySystemProcess(HWND m_hWnd,ULONG ID,CMyList *m_list)
{
DWORD dwReadByte;
int ItemNum = m_list->GetItemCount();
HANDLE hProcess;
int i=0;
//触发最后一个进程,不然无法列举最后一个执行的进程
//hProcess = RunAProcess("ping 127.0.0.1 -n 100");
//WinExec("ping 127.0.0.1 -n 5",SW_HIDE);
if (bIsPhysicalCheck){
SaveToFile("\r\n\r\n[---系统进程---]\r\n",PhysicalFile);
}
SetDlgItemTextW(m_hWnd,ID,L"正在扫描系统进程,请稍后...");
if (NormalProcessInfo)
{
VirtualFree(NormalProcessInfo,sizeof(PROCESSINFO)*900,MEM_RESERVE | MEM_COMMIT);
NormalProcessInfo = NULL;
}
NormalProcessInfo = (PPROCESSINFO)VirtualAlloc(0, sizeof(PROCESSINFO)*900,MEM_RESERVE | MEM_COMMIT, PAGE_READWRITE);
if (NormalProcessInfo)
{
//为进程图标服务
SHFILEINFO shfileinfo;
ProcessImg.Create(16,16, ILC_COLOR32, 2, 100);
HIMAGELIST hImageList = NULL;
CMyAProtectApp *imgApp=(CMyAProtectApp*)AfxGetApp();
bool PathEmpty=true;
memset(NormalProcessInfo,0,sizeof(PROCESSINFO)*900);
ReadFile((HANDLE)LIST_PROCESS,NormalProcessInfo,sizeof(PROCESSINFO)*900,&dwReadByte,0);
for ( i=0;i<NormalProcessInfo->ulCount;i++)
{
WCHAR lpwzTextOut[100];
memset(lpwzTextOut,0,sizeof(lpwzTextOut));
wsprintfW(lpwzTextOut,L"共有 %d 个数据,正在扫描第 %d 个,请稍后...",NormalProcessInfo->ulCount,i);
SetDlgItemTextW(m_hWnd,ID,lpwzTextOut);
WCHAR lpwzProcName[100];
WCHAR lpwzPid[50];
WCHAR lpwzInheritedPid[50];
WCHAR lpwzFullProcName[256];
WCHAR lpwzEProcess[100];
WCHAR lpwzStatus[50];
WCHAR lpwzFileServices[256];
WCHAR lpwzTrue[256];
memset(lpwzProcName,0,sizeof(lpwzProcName));
memset(lpwzPid,0,sizeof(lpwzPid));
memset(lpwzInheritedPid,0,sizeof(lpwzInheritedPid));
memset(lpwzFullProcName,0,sizeof(lpwzFullProcName));
memset(lpwzEProcess,0,sizeof(lpwzEProcess));
memset(lpwzStatus,0,sizeof(lpwzStatus));
memset(lpwzFileServices,0,sizeof(lpwzFileServices));
//提取进程DOS路径
WCHAR lpwzWinDir[256];
WCHAR lpwzSysDisk[10];
char lpszString[256];
char lpszFullString[5024];
WCHAR lpwzFullString[256];
memset(lpszString,0,sizeof(lpszString));
memset(lpszFullString,0,sizeof(lpszFullString));
memset(lpwzFullString,0,sizeof(lpwzFullString));
memset(lpwzTrue,0,sizeof(lpwzTrue));
memset(lpwzWinDir,0,sizeof(lpwzWinDir));
memset(lpwzSysDisk,0,sizeof(lpwzSysDisk));
if (_wcsicmp(NormalProcessInfo->ProcessInfo[i].lpwzFullProcessPath,L"System") == 0)
{
wcscat(lpwzFullString,L"System");
wcscat(lpwzProcName,L"System");
goto Next;
}
if (_wcsicmp(NormalProcessInfo->ProcessInfo[i].lpwzFullProcessPath,L"System Idle") == 0)
{
wcscat(lpwzFullString,L"System Idle");
wcscat(lpwzProcName,L"System Idle");
goto Next;
}
if (wcsstr(NormalProcessInfo->ProcessInfo[i].lpwzFullProcessPath,L"\\Device\\") != NULL)
{
//开始处理dos路径
NtFilePathToDosFilePath(NormalProcessInfo->ProcessInfo[i].lpwzFullProcessPath,lpwzFullString);
}else
{
wcsncat(lpwzFullString,NormalProcessInfo->ProcessInfo[i].lpwzFullProcessPath,wcslen(NormalProcessInfo->ProcessInfo[i].lpwzFullProcessPath));
}
//----------------------
WideCharToMultiByte( CP_ACP,
0,
lpwzFullString,
-1,
lpszFullString,
wcslen(lpwzFullString)*2,
NULL,
NULL);
char *p = strstr(lpszFullString,"\\");
if (p)
{
wsprintfA(lpszString,"%s",ExtractFileName(lpszFullString));
MultiByteToWideChar(
CP_ACP,
0,
lpszString,
-1,
lpwzProcName,
strlen(lpszString)
);
}
FILE * fp=fopen(lpszFullString,"rb");
if(fp)
{
PathEmpty=false;
if (!bIsProcMD5Check)
{
wcscat(lpwzTrue,L"未知(右键扫描)");
fclose(fp);
goto Next;
}
MD5VAL val;
val = md5File(fp);
wsprintfW(lpwzFileServices,L"%08x%08x%08x%08x",conv(val.a),conv(val.b),conv(val.c),conv(val.d));
FileVerify(lpszFullString,lpwzFileServices,lpwzTrue);
fclose(fp);
}
//MessageBoxW(NormalProcessInfo->ProcessInfo[i].lpwzFullProcessPath,lpwzFullProcName,0);
Next:
wsprintfW(lpwzPid,L"%d",NormalProcessInfo->ProcessInfo[i].ulPid);
wsprintfW(lpwzInheritedPid,L"%d",NormalProcessInfo->ProcessInfo[i].ulInheritedFromProcessId);
wsprintfW(lpwzEProcess,L"0x%08X",NormalProcessInfo->ProcessInfo[i].EProcess);
//wsprintfW(lpwzStatus,L"%d",NormalProcessInfo->ProcessInfo[i].ulKernelOpen);
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE,NormalProcessInfo->ProcessInfo[i].ulPid);
if (hProcess)
{
wcscat(lpwzStatus,L"Yes/");
CloseHandle(hProcess);
}else
wcscat(lpwzStatus,L"No/");
if (NormalProcessInfo->ProcessInfo[i].ulKernelOpen == 1)
{
wcscat(lpwzStatus,L"Yes");
}else
wcscat(lpwzStatus,L"No");
//这里是一键体检的数据,不需要插入界面了
if (bIsPhysicalCheck){
//如果没有hook,就返回
if (NormalProcessInfo->ProcessInfo[i].IntHideType == 1 ||
_wcsnicmp(lpwzTrue,L"无法确认文件来源",wcslen(L"无法确认文件来源")) == 0)
{
WCHAR lpwzSaveBuffer[1024] ={0};
CHAR lpszSaveBuffer[2024] ={0};
memset(lpwzSaveBuffer,0,sizeof(lpwzSaveBuffer));
memset(lpszSaveBuffer,0,sizeof(lpszSaveBuffer));
wsprintfW(lpwzSaveBuffer,L" --> 发现无法识别进程:进程Pid:%ws | 进程名:%ws | EPROCESS:%ws | 进程路径:%ws\r\n",
lpwzPid,lpwzProcName,lpwzEProcess,lpwzFullString);
m_list->InsertItem(0,L"系统进程",RGB(77,77,77));
m_list->SetItemText(0,1,lpwzSaveBuffer);
WideCharToMultiByte( CP_ACP,
0,
lpwzSaveBuffer,
-1,
lpszSaveBuffer,
wcslen(lpwzSaveBuffer)*2,
NULL,
NULL
);
SaveToFile(lpszSaveBuffer,PhysicalFile);
}
continue;
}
if (NormalProcessInfo->ProcessInfo[i].IntHideType == 1)
{
m_list->InsertItem(i,lpwzPid,RGB(255,20,147)); //隐藏
memset(lpwzStatus,0,sizeof(lpwzStatus));
wcscat(lpwzStatus,L"隐藏进程");
}
else
{
if (_wcsnicmp(lpwzTrue,L"无法确认文件来源",wcslen(L"无法确认文件来源")) == 0)
{
m_list->InsertItem(i,lpwzPid,RGB(238,118,0));
}
else
{
if (!wcslen(lpwzProcName))
{
wcscat(lpwzFullString,L"* (Warning:进程文件已被移动)");
PathEmpty=true;
wcscat(lpwzProcName,L"*");
m_list->InsertItem(i,lpwzPid,RGB(255,20,147));
}else
m_list->InsertItem(i,lpwzPid,RGB(77,77,77));
}
}
//m_list->InsertItem(ItemNum,lpwzHideType);
m_list->SetItemText(i,1,lpwzInheritedPid);
m_list->SetItemText(i,2,lpwzProcName);
m_list->SetItemText(i,3,lpwzFullString);
m_list->SetItemText(i,4,lpwzEProcess);
m_list->SetItemText(i,5,lpwzStatus);
m_list->SetItemText(i,6,lpwzTrue);
if(PathEmpty)
ProcessImg.Add(imgApp->LoadIconW(IDI_WHITE));
else
{
hImageList=(HIMAGELIST)::SHGetFileInfo(lpwzFullString,0,&shfileinfo,sizeof(shfileinfo),SHGFI_ICON);
ProcessImg.Add(shfileinfo.hIcon);
}
m_list->SetImageList(&ProcessImg);
m_list->SetItemImageId(i,i);
DestroyIcon(shfileinfo.hIcon);
PathEmpty=true;
}
//VirtualFree(NormalProcessInfo,sizeof(NormalProcessInfo)*1050*200,MEM_RESERVE | MEM_COMMIT);
}else{
WCHAR lpwzTextOut[100];
memset(lpwzTextOut,0,sizeof(lpwzTextOut));
wsprintfW(lpwzTextOut,L"申请内存错误, 请重新运行A盾\r\n错误代码:%d\n",GetLastError());
MessageBox(0,lpwzTextOut,0,0);
}
WCHAR lpwzTextOut[100];
memset(lpwzTextOut,0,sizeof(lpwzTextOut));
wsprintfW(lpwzTextOut,L"系统进程扫描完毕,共有 %d 个数据",i);
SetDlgItemTextW(m_hWnd,ID,lpwzTextOut);
}
