int main(int argc, char ** argv) {
int ret = 0;
struct a6o_report report = {0};
PVOID OldValue = NULL;
if (argc >= 2 && strncmp(argv[1],"--conf",6) == 0 ) {
// TODO :: https://msdn.microsoft.com/fr-fr/library/windows/desktop/ms724072%28v=vs.85%29.aspx
//conf_poc_windows( );
return 0;
}
// Only for test purposes (command line)
if (argc >= 2 && strncmp(argv[1], "--disable_rt", 12) == 0) {
//disable_onaccess( );
return EXIT_SUCCESS;
}
if (argc >= 2 && strncmp(argv[1], "--notify", 8) == 0) {
a6o_notify_set_handler((a6o_notify_handler_t)send_notif);
a6o_notify(NOTIF_INFO,"Service started!");
a6o_notify(NOTIF_WARNING,"Malware detected :: [%s]","TrojanFake");
a6o_notify(NOTIF_ERROR,"An error occured during scan !!");
return EXIT_SUCCESS;
}
// Only for test purposes (command line) complete test = GUI + driver.
if ( argc >=2 && strncmp(argv[1],"--testGUI",9) == 0 ){
DisplayBanner();
a6o_notify_set_handler((a6o_notify_handler_t)send_notif);
if (Wow64DisableWow64FsRedirection(&OldValue) == FALSE) {
return -1;
}
/* (FD) added to get all log messages */
a6o_log_set_handler(ARMADITO_LOG_LEVEL_DEBUG, a6o_log_default_handler, NULL);
ret = LaunchCmdLineService(GUI_ONLY);
if (Wow64RevertWow64FsRedirection(OldValue) == FALSE ){
// Failure to re-enable redirection should be considered
// a criticial failure and execution aborted.
return -2;
}
if (ret < 0) {
return EXIT_FAILURE;
}
return EXIT_SUCCESS;
}
// Only for test purposes (command line) complete test = GUI + driver.
if ( argc >=2 && strncmp(argv[1],"--test",6) == 0 ){
DisplayBanner( );
a6o_notify_set_handler((a6o_notify_handler_t)send_notif);
ret = LaunchCmdLineService(SVC_MODE);
if (ret < 0) {
return EXIT_FAILURE;
}
return EXIT_SUCCESS;
}
// Only for test purposes (command line)
if ( argc >=2 && strncmp(argv[1],"--register",10) == 0 ){
#if 0
ret = register_av( );
if (ret < 0) {
return EXIT_FAILURE;
}
#endif
return EXIT_SUCCESS;
}
// Only for test purposes (command line)
if ( argc >=2 && strncmp(argv[1],"--crypt",7) == 0 ){
#if 0
if (argv[2] == NULL) {
printf("[-] Error :: --crypt option :: missing parameter [filename]\n");
return EXIT_FAILURE;
}
ret = verify_file_signature(argv[2],SIGNATURE_FILE);
if (ret < 0) {
return EXIT_FAILURE;
}
#endif
return EXIT_SUCCESS;
}
// Only for test purposes (command line)
if ( argc >=3 && strncmp(argv[1],"--quarantine",11) == 0 ){
#if 0
ret = MoveFileInQuarantine(argv[2], report);
if (ret < 0) {
return EXIT_FAILURE;
}
#endif
return EXIT_SUCCESS;
}
if ( argc >=2 && strncmp(argv[1],"--quarantine",11) == 0 ){
#if 0
ret = EnumQuarantine();
if (ret < 0) {
return EXIT_FAILURE;
}
#endif
return EXIT_SUCCESS;
}
if ( argc >=2 && strncmp(argv[1],"--restore",9) == 0 ){
#if 0
ret = ui_restore_quarantine_file(argv[1]);
if (ret < 0) {
return EXIT_FAILURE;
}
#endif
return EXIT_SUCCESS;
}
if ( argc >=3 && strncmp(argv[1],"--restore",9) == 0 ){
#if 0
ret = RestoreFileFromQuarantine(argv[2]);
if (ret < 0) {
return EXIT_FAILURE;
}
#endif
return EXIT_SUCCESS;
}
if ( argc >=2 && strncmp(argv[1],"--updatedb",10) == 0 ){
DisplayBanner( );
update_modules_db(NULL);
return EXIT_SUCCESS;
}
if ( argc >=2 && strncmp(argv[1],"--info",6) == 0 ){
if (get_av_info() < 0) {
return EXIT_FAILURE;
}
return EXIT_SUCCESS;
}
if (argc >= 2 && strncmp(argv[1], "--installboot", 13) == 0){
DisplayBanner();
ret = ServiceInstall(SERVICE_AUTO_START);
if (ret < 0) {
return EXIT_FAILURE;
}
return EXIT_SUCCESS;
}
// command line parameter "--install", install the service.
if ( argc >=2 && strncmp(argv[1],"--install",9) == 0 ){
DisplayBanner( );
ret = ServiceInstall(SERVICE_DEMAND_START);
if (ret < 0) {
return EXIT_FAILURE;
}
return EXIT_SUCCESS;
}
// command line parameter "--uninstall", uninstall the service.
if ( argc >=2 && strncmp(argv[1],"--uninstall",11) == 0 ){
DisplayBanner( );
ret = ServiceRemove( );
return EXIT_SUCCESS;
}
// command line parameter "--remove", delete the service.
if ( argc >=2 && strncmp(argv[1],"--stop",6) == 0 ){
ServiceStop();
return EXIT_SUCCESS;
}
if ( argc >=2 && strncmp(argv[1],"--start",7) == 0 ){
ServiceLaunch( );
return EXIT_SUCCESS;
}
if ( argc >=2 && strncmp(argv[1],"--pause",7) == 0 ){
ServicePause( );
return EXIT_SUCCESS;
}
if ( argc >=2 && strncmp(argv[1],"--continue",10) == 0 ){
ServiceContinue( );
return EXIT_SUCCESS;
}
//ServiceLaunchAction( );
// put this part in ServiceLaunchAction function.
SERVICE_TABLE_ENTRY DispatchTable[] =
{
{ SVCNAME, (LPSERVICE_MAIN_FUNCTION) ServiceMain },
{ NULL, NULL }
};
// This call returs when the service has stopped.
if (!StartServiceCtrlDispatcher(DispatchTable)) {
//SvcReportEvent(TEXT("StartServiceCtrlDispatcher"));
//printf("[i] StartServiceCtrlDispatcher :: %d\n",GetLastError());
}
return EXIT_SUCCESS;
}
/* --------------- Service entry point
Must run 3 in ways with the same procedure:
1. Install
2. Start
3. Remove */
int APIENTRY WinMain(HINSTANCE hInstance,
HINSTANCE hPrevInstance,
LPSTR lpCmdLine,
int nCmdShow)
{
ServicesDatabase = OpenSCManager(NULL, NULL, SC_MANAGER_CREATE_SERVICE);
if(!ServicesDatabase)
{
RaiseError(ErrServiceDBMsg);
return(0);
}
/* Check if the service is in starting state */
ServiceHandle = OpenService(ServicesDatabase, ServiceName, SERVICE_ALL_ACCESS);
if(!ServiceHandle)
{
/* Call user procedure */
if(ServiceStart()) goto InstallProceed;
CloseServiceHandle(ServicesDatabase);
return(0);
}
if(QueryServiceStatus(ServiceHandle, &ServiceStatusTable))
{
/* Feed service manager with our thread if starting state */
if(ServiceStatusTable.dwCurrentState == SERVICE_START_PENDING)
{
CloseServiceHandle(ServiceHandle);
CloseServiceHandle(ServicesDatabase);
ServiceTable[0].lpServiceName = ServiceName;
ServiceTable[0].lpServiceProc = &ServiceMain;
if(!StartServiceCtrlDispatcher(&ServiceTable[0])) RaiseError(ErrStartMsg);
return(0);
}
}
CloseServiceHandle(ServiceHandle);
InstallProceed:
GetModuleFileName(0, FileName, MAX_PATH);
/* Try to install */
ServiceHandle = CreateService(ServicesDatabase, ServiceName, ServiceName, SERVICE_ALL_ACCESS,
ServiceTypeFlag, ServiceStartFlag, SERVICE_ERROR_NORMAL, FileName,
NULL, NULL, NULL, NULL, NULL);
if(ServiceHandle)
{
OsVer.dwOSVersionInfoSize = sizeof(OsVer);
if(GetVersionEx(&OsVer) != 0)
{
if(OsVer.dwMajorVersion >= 5)
{
// Add a description if OS >= Win2k
if(OsVer.dwPlatformId == VER_PLATFORM_WIN32_NT)
{
ServiceDesc.lpDescription = ServiceDescription;
ChangeServiceConfig2(ServiceHandle, SERVICE_CONFIG_DESCRIPTION, &ServiceDesc);
}
}
}
if(ServiceStartRightNow) StartService(ServiceHandle, 0, 0);
CloseServiceHandle(ServiceHandle);
CloseServiceHandle(ServicesDatabase);
RaiseInformation(ServiceInstalledMsg);
return(0);
}
if(GetLastError() != ERROR_SERVICE_EXISTS)
{
CloseServiceHandle(ServicesDatabase);
RaiseError(ErrCreateServiceMsg);
return(0);
}
/* Perform removal */
ServiceHandle = OpenService(ServicesDatabase, ServiceName, SERVICE_ALL_ACCESS | DELETE);
if(!ServiceHandle)
{
CloseServiceHandle(ServicesDatabase);
RaiseError(ErrOpenServiceMsg);
return(0);
}
QueryServiceStatus(ServiceHandle, &ServiceStatusTable);
if(ServiceStatusTable.dwCurrentState != SERVICE_STOPPED)
{
ControlService(ServiceHandle, SERVICE_CONTROL_STOP, &ServiceStatusTable);
Sleep(500);
}
/* Call user procedure */
if(!ServiceRemove())
{
CloseServiceHandle(ServiceHandle);
CloseServiceHandle(ServicesDatabase);
return(0);
}
if(DeleteService(ServiceHandle))
{
CloseServiceHandle(ServiceHandle);
CloseServiceHandle(ServicesDatabase);
RaiseInformation(ServiceRemovedMsg);
return(0);
}
CloseServiceHandle(ServiceHandle);
CloseServiceHandle(ServicesDatabase);
RaiseError(ErrRemoveServiceMsg);
return(0);
}
