static VOID GetPageEx(PHANDLE_CONTEXT Ctx, HINTERNET hFile, DWORD_PTR dwContext) { INTERNET_BUFFERS Buffers = {0}; LPVOID pMem = hAlloc(MAX_CONTENT_BUFFER_SIZE); if (pMem) { Buffers.dwStructSize = sizeof(INTERNET_BUFFERS); Buffers.lpvBuffer = pMem; do { Buffers.dwBufferLength = MAX_CONTENT_BUFFER_SIZE; if (InternetReadFileEx(hFile, &Buffers, IRF_SYNC | IRF_NO_WAIT, dwContext)) { ASSERT(Buffers.dwBufferLength <= MAX_CONTENT_BUFFER_SIZE); ASSERT(Buffers.dwBufferTotal <= MAX_CONTENT_BUFFER_SIZE); if (Buffers.dwBufferLength == 0) { Ctx->Status = LOADING_COMPLETE; break; } else CoInvoke(Ctx->pStream, Write, pMem, Buffers.dwBufferLength, NULL); } // if (InternetReadFileEx( else { if (GetLastError() != ERROR_IO_PENDING) Ctx->Status = ERROR_WHILE_LOADING; break; } // else // if (InternetReadFileEx( }while (TRUE); hFree(pMem); } // if (pMem) }
unsigned int _stdcall EP_FillerThread(void* _pContext) { CPs_BufferFillerContext* pContext = (CPs_BufferFillerContext*)_pContext; HINTERNET hInternet; HINTERNET hURLStream; DWORD dwTimeout; BOOL bStreamComplete = FALSE; INTERNET_BUFFERS internetbuffer; BYTE bReadBuffer[CIC_READCHUNKSIZE]; CP_CHECKOBJECT(pContext); PostMessage(pContext->m_hWndNotify, CPNM_SETSTREAMINGSTATE, (WPARAM)TRUE, (LPARAM)0); // Check that we can open this file hInternet = InternetOpen("CoolPlayer", INTERNET_OPEN_TYPE_PRECONFIG, NULL, NULL, 0L); if (hInternet == NULL) { pContext->m_pCircleBuffer->SetComplete(pContext->m_pCircleBuffer); CP_TRACE0("EP_FillerThread::NoInternetOpen"); return 0; } dwTimeout = 2000; InternetSetOption(hInternet, INTERNET_OPTION_CONNECT_TIMEOUT, &dwTimeout, sizeof(dwTimeout)); hURLStream = InternetOpenUrl(hInternet, pContext->m_pcFlexiURL, NULL, 0, INTERNET_FLAG_NO_CACHE_WRITE | INTERNET_FLAG_PRAGMA_NOCACHE, 0); if (hURLStream == NULL) { InternetCloseHandle(hInternet); pContext->m_pCircleBuffer->SetComplete(pContext->m_pCircleBuffer); CP_TRACE1("EP_FillerThread::NoOpenURL %s", pContext->m_pcFlexiURL); return 0; } // Setup the internet buffer internetbuffer.dwStructSize = sizeof(internetbuffer); internetbuffer.Next = NULL; internetbuffer.lpcszHeader = NULL; internetbuffer.lpvBuffer = bReadBuffer; internetbuffer.dwBufferLength = CIC_READCHUNKSIZE; // Perform reading while (pContext->m_bTerminate == FALSE && bStreamComplete == FALSE) { BOOL bReadResult; // Is our circle buffer full? if (pContext->m_pCircleBuffer->GetFreeSize(pContext->m_pCircleBuffer) < CIC_READCHUNKSIZE) { Sleep(20); continue; } // Read in another chunk - if we don't get any data that's ok - we would rather poll the // buffers than just hang on the socket (so the stream can be shutdown if needed) internetbuffer.dwBufferLength = CIC_READCHUNKSIZE; bReadResult = InternetReadFileEx(hURLStream, &internetbuffer, IRF_NO_WAIT, 0); if (bReadResult == FALSE) bStreamComplete = TRUE; if (internetbuffer.dwBufferLength) { pContext->m_pCircleBuffer->Write(pContext->m_pCircleBuffer, internetbuffer.lpvBuffer, internetbuffer.dwBufferLength); PostMessage(pContext->m_hWndNotify, CPNM_SETSTREAMINGSTATE, (WPARAM)TRUE, (LPARAM)(pContext->m_pCircleBuffer->GetUsedSize(pContext->m_pCircleBuffer)*100) / CIC_STREAMBUFFERSIZE); } else Sleep(20); } InternetCloseHandle(hURLStream); InternetCloseHandle(hInternet); pContext->m_pCircleBuffer->SetComplete(pContext->m_pCircleBuffer); PostMessage(pContext->m_hWndNotify, CPNM_SETSTREAMINGSTATE, (WPARAM)FALSE, (LPARAM)0); CP_TRACE0("EP_FillerThread normal shutdown"); return 0; }
//------------------------------------------------------------------------------ void GetSHA256Info(VIRUSTOTAL_STR *vts) { //init connexion HINTERNET M_connexion = 0; if (!use_other_proxy)M_connexion = InternetOpen("",/*INTERNET_OPEN_TYPE_DIRECT*/INTERNET_OPEN_TYPE_PRECONFIG, NULL, NULL, INTERNET_FLAG_NO_CACHE_WRITE); else M_connexion = InternetOpen("",/*INTERNET_OPEN_TYPE_DIRECT*/INTERNET_OPEN_TYPE_PROXY, proxy_ch_auth, NULL, 0); if (M_connexion==NULL)M_connexion = InternetOpen("",INTERNET_OPEN_TYPE_DIRECT, NULL, NULL, INTERNET_FLAG_NO_CACHE_WRITE); if (M_connexion==NULL)return; HINTERNET M_session = InternetConnect(M_connexion, "www.virustotal.com",443,"","",INTERNET_SERVICE_HTTP,0,0); if (M_session==NULL) { InternetCloseHandle(M_connexion); return; } char request[MAX_PATH] = "/file/upload/?sha256="; strncat(request,vts->sha256,MAX_PATH); strncat(request,"\0",MAX_PATH); //connexion HINTERNET M_requete = HttpOpenRequest(M_session,"GET",request,NULL,"https://www.virustotal.com/",NULL, INTERNET_FLAG_NO_CACHE_WRITE|INTERNET_FLAG_SECURE |INTERNET_FLAG_IGNORE_CERT_CN_INVALID|INTERNET_FLAG_IGNORE_CERT_DATE_INVALID,0); if (use_proxy_advanced_settings) { InternetSetOption(M_requete,INTERNET_OPTION_PROXY_USERNAME,proxy_ch_user,sizeof(proxy_ch_user)); InternetSetOption(M_requete,INTERNET_OPTION_PROXY_PASSWORD,proxy_ch_password,sizeof(proxy_ch_password)); } //Création du paramètre char cookie[MAX_PATH]="Cookie: csrftoken="; strncat(cookie,vts->token,MAX_PATH); strncat(cookie,"\0",MAX_PATH); if (M_requete==NULL) { InternetCloseHandle(M_session); InternetCloseHandle(M_connexion); return; }else if (HttpSendRequest(M_requete, cookie, strlen(cookie), NULL, 0)) { INTERNET_BUFFERS ib; ib.dwStructSize = sizeof(INTERNET_BUFFERS); ib.lpcszHeader = NULL; ib.dwHeadersLength = 0; ib.dwHeadersTotal = 0; ib.dwOffsetLow = 0; ib.dwOffsetHigh = 0; char resultat[16000]; ib.lpvBuffer = resultat; ib.dwBufferLength = 16000-1; ib.dwBufferTotal = 16000-1; if(InternetReadFileEx(M_requete,&ib,IRF_NO_WAIT,0)) { if (strlen(resultat)>20) { //"file_exists": true char *c = resultat; while (*c && (*c != ',' || *(c+1)!=' '|| *(c+2)!='"' || *(c+3)!='f'|| *(c+4)!='i'))c++; if (*c == ',' && *(c+1)== ' '&& *(c+2)== '"' && *(c+3)== 'f'&& *(c+4)== 'i') { c+=strlen(", \"file_exists\": "); //17 if (*c == 't') { vts->exist = TRUE; }else vts->exist = FALSE; }else vts->exist = FALSE; //lecture + convertion : , "last_analysis_date": " c = resultat; while (*c && (*c != ',' || *(c+1)!=' '|| *(c+2)!='"' || *(c+3)!='l'|| *(c+4)!='a'|| *(c+17)!='d'))c++; if (*c == ',' && *(c+1)==' ' && *(c+2)=='"' && *(c+3)=='l' && *(c+4)=='a' && *(c+17)=='d') { c+=strlen(", \"last_analysis_date\": \""); //25 //test si une date ou non !!! if (*c == 'u')strncpy(vts->last_analysis_date,"NULL",5); else { strncpy(vts->last_analysis_date,c,19); vts->last_analysis_date[4]='/'; vts->last_analysis_date[7]='/'; vts->last_analysis_date[10]='-'; vts->last_analysis_date[19]=0; } } //lecture : detection_ratio c = resultat; while (*c && (*c != '['))c++; if (*c == '[') { c++; if (*(c+1) == ',') { snprintf(vts->detection_ratio,19,"0%s",c); }else strncpy(vts->detection_ratio,c,19); //recherche de la fin c = vts->detection_ratio; while (*c && *c!=']')c++; *c=0; } }else vts->exist = -2; } InternetCloseHandle(M_requete); } //close InternetCloseHandle(M_session); InternetCloseHandle(M_connexion); }
HRESULT CHttpDownloader::ReadData(_bstr_t &strBuffer) { HRESULT hr = E_FAIL; IStream *pStream = NULL; INTERNET_BUFFERS ib ={0}; ULONG ulWritten; BOOL bResult; DWORD dwErr; TCHAR buf[32]; DWORD dwBufferLength; TCHAR *szNULL = _T("\x0"); // Get file size dwBufferLength = 32*sizeof(TCHAR); if(::HttpQueryInfo(m_hRequest, HTTP_QUERY_CONTENT_LENGTH, buf, &dwBufferLength, NULL)) { m_dwTotalSize = _tcstoul(buf, &szNULL, 10); if(m_hWnd != NULL && m_nMessage != 0) ::PostMessage(m_hWnd, m_nMessage, m_dwDownloaded, m_dwTotalSize); } //Check MD5 hash if(m_request.md5 != NULL && _tcslen(m_request.md5) >= 22) { dwBufferLength = 32*sizeof(TCHAR); if(::HttpQueryInfo(m_hRequest, HTTP_QUERY_CONTENT_MD5, buf, &dwBufferLength, NULL)) { if(0 == _tcsnicmp(m_request.md5, buf, 22)) { if(m_hWnd != NULL && m_nMessage != 0) ::PostMessage(m_hWnd, m_nMessage, m_dwTotalSize, m_dwTotalSize); } return S_OK; } } hr = CreateStreamOnHGlobal(NULL, TRUE, &pStream); if(FAILED(hr)) { return hr; } ib.lpcszHeader = NULL; ib.dwHeadersLength = NULL; ib.lpvBuffer = new TCHAR[COMMAND_BUFF_SIZE_PART]; ib.dwBufferLength = COMMAND_BUFF_SIZE_PART; ib.dwStructSize = sizeof(ib); do { ib.dwBufferLength = COMMAND_BUFF_SIZE_PART; if(m_longAbort > 0) { hr = E_ABORT; break; } m_context.op = HTTP_DOWNLOADER_OP_READ_DATA; bResult = InternetReadFileEx(m_hRequest, &ib, IRF_ASYNC | IRF_USE_CONTEXT, (DWORD)&m_context); dwErr = GetLastError(); if(!bResult && dwErr == 997) // Overlapped I/O operation is in progress. { bResult = WaitForComplete(m_dwTimeout); if(bResult) continue; } if(bResult) { if(ib.dwBufferLength) { hr = pStream->Write(ib.lpvBuffer, ib.dwBufferLength, &ulWritten); if(FAILED(hr)) { strBuffer = _T("Cannot write to stream"); break; } m_dwDownloaded += ib.dwBufferLength; if(m_hWnd != NULL && m_nMessage != 0) ::PostMessage(m_hWnd, m_nMessage, m_dwDownloaded, m_dwTotalSize); } } else { hr = E_FAIL; break; } // Sleep(1); } while(ib.dwBufferLength); if(ib.lpvBuffer) { delete[] ib.lpvBuffer; ib.lpvBuffer = NULL; } if(SUCCEEDED(hr) && pStream) { m_pStream = pStream; return hr; } else { if(pStream) pStream->Release(); pStream = NULL; } return hr; }
//------------------------------------------------------------------------------ DWORD WINAPI UpdateRtCA_Thread(LPVOID lParam) { update_thread_start = 1; //get current date time_t date; time(&date); struct tm *today = localtime(&date); //get date char date_today[DATE_SIZE_MAX]=""; strftime(date_today, DATE_SIZE_MAX,"%Y/%m/%d %H:%M:%S",today); //--------------------------- //update malware database //http://www.selectrealsecurity.com/public-block-lists SendMessage(hstatus_bar,SB_SETTEXT,0, (LPARAM)cps[TXT_UPDATE_START].c); //init database ? //sqlite3_exec(db_scan,"DELETE from malware_dns_list;", NULL, NULL, NULL); //ddl malware file https://easylist-downloads.adblockplus.org/malwaredomains_full.txt //init SSL connexion HINTERNET M_connexion = 0; if (!use_other_proxy)M_connexion = InternetOpen("",/*INTERNET_OPEN_TYPE_DIRECT*/INTERNET_OPEN_TYPE_PRECONFIG, NULL, NULL, INTERNET_FLAG_NO_CACHE_WRITE); else M_connexion = InternetOpen("",/*INTERNET_OPEN_TYPE_DIRECT*/INTERNET_OPEN_TYPE_PROXY, proxy_ch_auth, NULL, 0); if (M_connexion==NULL)M_connexion = InternetOpen("",INTERNET_OPEN_TYPE_DIRECT, NULL, NULL, INTERNET_FLAG_NO_CACHE_WRITE); if (M_connexion==NULL)return 0; if(!SQLITE_FULL_SPEED)sqlite3_exec(db_scan,"BEGIN TRANSACTION;", NULL, NULL, NULL); //--------------------------- HINTERNET M_session = InternetConnect(M_connexion, "easylist-downloads.adblockplus.org",443,"","",INTERNET_SERVICE_HTTP,0,0); if (M_session!=NULL) { //connexion HINTERNET M_requete = HttpOpenRequest(M_session,"GET","/malwaredomains_full.txt",NULL,"https://easylist-downloads.adblockplus.org",NULL, INTERNET_FLAG_NO_CACHE_WRITE|INTERNET_FLAG_SECURE |INTERNET_FLAG_IGNORE_CERT_CN_INVALID|INTERNET_FLAG_IGNORE_CERT_DATE_INVALID,0); if (use_proxy_advanced_settings) { InternetSetOption(M_requete,INTERNET_OPTION_PROXY_USERNAME,proxy_ch_user,sizeof(proxy_ch_user)); InternetSetOption(M_requete,INTERNET_OPTION_PROXY_PASSWORD,proxy_ch_password,sizeof(proxy_ch_password)); } if (HttpSendRequest(M_requete, NULL, 0, NULL, 0)) { char *res = malloc(DIXM); //10MO memset(res,0,DIXM); if (res != NULL) { INTERNET_BUFFERS ib; ib.dwStructSize = sizeof(INTERNET_BUFFERS); ib.lpcszHeader = NULL; ib.dwHeadersLength = 0; ib.dwHeadersTotal = 0; ib.dwOffsetLow = 0; ib.dwOffsetHigh = 0; ib.lpvBuffer = res; ib.dwBufferLength = DIXM-1; ib.dwBufferTotal = DIXM-1; if(InternetReadFileEx(M_requete,&ib,IRF_NO_WAIT,0)) { if (strlen(res)>0) { //working with file and update char request[MAX_LINE_SIZE], domain[MAX_PATH], *c = res, *d; do { //get data by line if (*c++ == '|') { if (*c++ == '|') { d = domain; while (*c && *c!='^' && (d-domain < MAX_PATH)) *d++ = *c++; *d = 0; if (strlen(domain)>=DNS_MALWARE_MIN_SIZE) { snprintf(request,MAX_LINE_SIZE,"INSERT INTO malware_dns_list (domain,description,update_time) " "VALUES(\"%s\",\"https://easylist-downloads.adblockplus.org/malwaredomains_full.txt\",\"%s\");",domain,date_today); //MessageBox(NULL,"OK",request,MB_OK|MB_TOPMOST); sqlite3_exec(db_scan,request, NULL, NULL, NULL); SendMessage(hstatus_bar,SB_SETTEXT,1, (LPARAM)domain); } //next while (*c && *c != '\n')c++; }else while (*c && *c != '\n')c++; }else while (*c && *c != '\n')c++; if (*c == '\n')c++; }while (*c); } } free(res); } } SendMessage(hstatus_bar,SB_SETTEXT,1, (LPARAM)"OK : https://easylist-downloads.adblockplus.org/malwaredomains_full.txt"); } //--------------------------- //http://malc0de.com/bl/BOOT M_session = InternetConnect(M_connexion, "malc0de.com",80,"","",INTERNET_SERVICE_HTTP,0,0); if (M_session!=NULL) { //connexion HINTERNET M_requete = HttpOpenRequest(M_session,"GET","/bl/BOOT",NULL,"http://malc0de.com",NULL, INTERNET_FLAG_NO_CACHE_WRITE,0); if (use_proxy_advanced_settings) { InternetSetOption(M_requete,INTERNET_OPTION_PROXY_USERNAME,proxy_ch_user,sizeof(proxy_ch_user)); InternetSetOption(M_requete,INTERNET_OPTION_PROXY_PASSWORD,proxy_ch_password,sizeof(proxy_ch_password)); } if (HttpSendRequest(M_requete, NULL, 0, NULL, 0)) { char *res = malloc(DIXM); //10MO memset(res,0,DIXM); if (res != NULL) { INTERNET_BUFFERS ib; ib.dwStructSize = sizeof(INTERNET_BUFFERS); ib.lpcszHeader = NULL; ib.dwHeadersLength = 0; ib.dwHeadersTotal = 0; ib.dwOffsetLow = 0; ib.dwOffsetHigh = 0; ib.lpvBuffer = res; ib.dwBufferLength = DIXM-1; ib.dwBufferTotal = DIXM-1; if(InternetReadFileEx(M_requete,&ib,IRF_NO_WAIT,0)) { if (strlen(res)>323)//bypass 323 first caracts { //working with file and update char request[MAX_LINE_SIZE], domain[MAX_PATH], *c = res+323, *d; do { //get data by line //PRIMARY duote.com.cn blockeddomain.hosts while(*c && *c!=' ')c++; if (*c==' ') { c++; d = domain; while ((d-domain < MAX_PATH) && *c && *c!=' ') *d++ = *c++; *d = 0; if (strlen(domain)>=DNS_MALWARE_MIN_SIZE) { snprintf(request,MAX_LINE_SIZE,"INSERT INTO malware_dns_list (domain,description,update_time) " "VALUES(\"%s\",\"http://malc0de.com/bl/BOOT\",\"%s\");",domain,date_today); sqlite3_exec(db_scan,request, NULL, NULL, NULL); SendMessage(hstatus_bar,SB_SETTEXT,1, (LPARAM)domain); } //next line while (*c && *c != '\n')c++; if (*c == '\n')c++; }else break; }while (*c); } } free(res); } } SendMessage(hstatus_bar,SB_SETTEXT,1, (LPARAM)"OK : http://malc0de.com/bl/BOOT"); } //--------------------------- //http://www.malwaredomainlist.com/hostslist/hosts.txt M_session = InternetConnect(M_connexion, "www.malwaredomainlist.com",80,"","",INTERNET_SERVICE_HTTP,0,0); if (M_session!=NULL) { //connexion HINTERNET M_requete = HttpOpenRequest(M_session,"GET","/hostslist/hosts.txt",NULL,"http://www.malwaredomainlist.com",NULL, INTERNET_FLAG_NO_CACHE_WRITE,0); if (use_proxy_advanced_settings) { InternetSetOption(M_requete,INTERNET_OPTION_PROXY_USERNAME,proxy_ch_user,sizeof(proxy_ch_user)); InternetSetOption(M_requete,INTERNET_OPTION_PROXY_PASSWORD,proxy_ch_password,sizeof(proxy_ch_password)); } if (HttpSendRequest(M_requete, NULL, 0, NULL, 0)) { char *res = malloc(DIXM); //10MO memset(res,0,DIXM); if (res != NULL) { INTERNET_BUFFERS ib; ib.dwStructSize = sizeof(INTERNET_BUFFERS); ib.lpcszHeader = NULL; ib.dwHeadersLength = 0; ib.dwHeadersTotal = 0; ib.dwOffsetLow = 0; ib.dwOffsetHigh = 0; ib.lpvBuffer = res; ib.dwBufferLength = DIXM-1; ib.dwBufferTotal = DIXM-1; if(InternetReadFileEx(M_requete,&ib,IRF_NO_WAIT,0)) { DWORD sz = strlen(res); if (sz>207) //bypass 206 first caracts { //working with file and update char request[MAX_LINE_SIZE], domain[MAX_PATH], *c = res+206, *d; do { //get data by line //127.0.0.1 0koryu0.easter.ne.jp d = domain; while ((d-domain < MAX_PATH) && *c && *c!='\r' && *c!='\n') *d++ = *c++; *d = 0; if (strlen(domain)>=DNS_MALWARE_MIN_SIZE) { snprintf(request,MAX_LINE_SIZE,"INSERT INTO malware_dns_list (domain,description,update_time) " "VALUES(\"%s\",\"http://www.malwaredomainlist.com/hostslist/hosts.txt\",\"%s\");",domain,date_today); sqlite3_exec(db_scan,request, NULL, NULL, NULL); SendMessage(hstatus_bar,SB_SETTEXT,1, (LPARAM)domain); } //next datas while (*c && *c != ' ')c++; if (*c == ' ')c++; if (*c == ' ')c++; }while (*c); } } free(res); } } SendMessage(hstatus_bar,SB_SETTEXT,1, (LPARAM)"OK : http://www.malwaredomainlist.com/hostslist/hosts.txt"); } //--------------------------- InternetCloseHandle(M_connexion); SendMessage(hstatus_bar,SB_SETTEXT,0, (LPARAM)cps[TXT_UPDATE_END].c); SendMessage(hstatus_bar,SB_SETTEXT,1, (LPARAM)""); if(!SQLITE_FULL_SPEED)sqlite3_exec(db_scan,"END TRANSACTION;", NULL, NULL, NULL); update_thread_start = 0; return 0; }