📄 fixlogfilesthread1.cpp
字号:
int fgsi=buf.Pos(fgs);
if(fgsi>0)
{
buft=buf.SubString(1,fgsi-1);
buf=buf.Delete(1,fgsi+fgs.Length()-1);
}
else
{
buft=buf;
buf="";
}
}
buf=buf.Trim();
if(sn=="Referer")
{
cks=buft;
AnsiString s0="";
int i0=buft.Pos(" ");
if(i0>0)
{
s0=buft.SubString(1,i0-1);
buft=buft.Delete(1,i0);
}
else
{
s0=buft;
buft="";
}
AnsiString s1="";
AnsiString s2="";
AnsiString s3="";
int len=buft.Length();
for(int k=len;k>0;k--)
{
AnsiString s4=buft.SubString(k,1);
if(s4==" ")
break;
else
{
s3=s4+s3;
buft=buft.Delete(k,1);
}
}
s1=buft;
i0=s1.Pos("?");
if(i0>0)
{
s2=s1.SubString(1,i0-1);
s1=s1.Delete(1,i0);
}
if(finfo->fieldname[fcn]=="datetime")
fcn++;
info->field[fcn]=s0;
fcn++;
info->field[fcn]=s2;
fcn++;
info->field[fcn]=s1;
fcn++;
info->field[fcn]=s3;
fcn++;
}
else if(sn.SubString(1,8)=="datetime")
{
buft=fixncsatime(buft,sn);
info->field[fcn]=buft;
fcn++;
lasttime=buft;
}
else if((sn=="date") || (sn=="date1") || (sn=="time") || (sn=="time1"))
{
if(finfo->fieldname[fcn]!="datetime")
fcn++;
buft=fixncsatime(buft,sn);
info->field[fcn]=info->field[fcn]+" "+buft;
lasttime=info->field[fcn];
}
else
{
if((sn=="in-info") || (sn=="er-info") || (sn=="cs-uri-stem") || (sn=="cs-uri-query"))
cks+=buft;
if(finfo->fieldname[fcn]=="datetime")
fcn++;
info->field[fcn]=buft;
fcn++;
}
}
return cks;
}
bool TFixLogFilesThread::Checkfilehaker(TLOGSMODESTR* hbuf,int hcn,CLOGS_FIX_BUF_INFO* info,AnsiString buf)
{
bool res=false;
if(buf.Length()>1024)
{
info->img=1;
info->modename="缓冲溢出攻击";
info->modetype="严重危害";
return true;
}
info->img=-1;
info->modename="";
info->modetype="";
AnsiString ext=FILE_TYPE_BMP;
ext+="*.asp";
ext+="*.htm";
ext+="*.html";
ext+="*.gif";
ext+="*.txt";
ext+="*.wav";
ext+="*.swf";
ext+="*.js";
ext+="*.css";
ext+="*.mid";
ext+="*.doc";
AnsiString s0=buf.LowerCase();
AnsiString s=s0;
int len1=s.Pos(".");
if(len1==0)
s="";
else
{
while(len1>0)
{
s=s.Delete(1,len1);
len1=s.Pos(".");
}
if(ext.Pos(s)>0)
return res;
}
for(int i=0;i<hcn;i++)
{
AnsiString s1=hbuf[i].eigenstr;
int len=s0.Pos(s1);
if(len>0)
{
AnsiString fwd=s0.SubString(s0.Length()-4,4);
len=ext.Pos(fwd);
if(len<=0)
{
res=true;
info->img=1;
info->modename=hbuf[i].leakname;
info->modetype=hbuf[i].safetylevel;
}
}
}
return res;
}
void TFixLogFilesThread::Checkfilesafety(CLOGS_FIX_BUF_INFO* info,AnsiString buf,int checktype)
{
TFIX_DEFMODE_INFO* usermode=(TFIX_DEFMODE_INFO*)usermodebuf;
if((checktype==9) || (checktype==18))
{
if(Checkfilehaker((TLOGSMODESTR*)defmodeinfo.defloghttp,defmodeinfo.defloghttpcn,info,buf))
return;
if(Checkfilehaker((TLOGSMODESTR*)usermode->defloghttp,usermode->defloghttpcn,info,buf))
return;
}
if((checktype==10) || (checktype==18))
{
if(Checkfilehaker((TLOGSMODESTR*)defmodeinfo.deflogftp,defmodeinfo.deflogftpcn,info,buf))
return;
if(Checkfilehaker((TLOGSMODESTR*)usermode->deflogftp,usermode->deflogftpcn,info,buf))
return;
}
if((checktype==11) || (checktype==18))
{
if(Checkfilehaker((TLOGSMODESTR*)defmodeinfo.deflogsmtp,defmodeinfo.deflogsmtpcn,info,buf))
return;
if(Checkfilehaker((TLOGSMODESTR*)usermode->deflogsmtp,usermode->deflogsmtpcn,info,buf))
return;
}
if((checktype==12) || (checktype==18))
{
if(Checkfilehaker((TLOGSMODESTR*)defmodeinfo.deflogpop3,defmodeinfo.deflogpop3cn,info,buf))
return;
if(Checkfilehaker((TLOGSMODESTR*)usermode->deflogpop3,usermode->deflogpop3cn,info,buf))
return;
}
if((checktype==13) || (checktype==18))
{
if(Checkfilehaker((TLOGSMODESTR*)defmodeinfo.deflogproxy,defmodeinfo.deflogproxycn,info,buf))
return;
if(Checkfilehaker((TLOGSMODESTR*)usermode->deflogproxy,usermode->deflogproxycn,info,buf))
return;
}
if((checktype==14) || (checktype==18))
{
if(Checkfilehaker((TLOGSMODESTR*)defmodeinfo.deflogtelnet,defmodeinfo.deflogtelnetcn,info,buf))
return;
if(Checkfilehaker((TLOGSMODESTR*)usermode->deflogtelnet,usermode->deflogtelnetcn,info,buf))
return;
}
if((checktype==15) || (checktype==18))
{
if(Checkfilehaker((TLOGSMODESTR*)defmodeinfo.deflogdns,defmodeinfo.deflogdnscn,info,buf))
return;
if(Checkfilehaker((TLOGSMODESTR*)usermode->deflogdns,usermode->deflogdnscn,info,buf))
return;
}
if((checktype==16) || (checktype==18))
{
if(Checkfilehaker((TLOGSMODESTR*)defmodeinfo.deflogdbms,defmodeinfo.deflogdbmscn,info,buf))
return;
if(Checkfilehaker((TLOGSMODESTR*)usermode->deflogdbms,usermode->deflogdbmscn,info,buf))
return;
}
if((checktype==17) || (checktype==18))
{
if(Checkfilehaker((TLOGSMODESTR*)defmodeinfo.deflogprogram,defmodeinfo.deflogprogramcn,info,buf))
return;
if(Checkfilehaker((TLOGSMODESTR*)usermode->deflogprogram,usermode->deflogprogramcn,info,buf))
return;
}
}
void __fastcall TFixLogFilesThread::Execute()
{
SHOWSTATUSINFO pshowstatus=(SHOWSTATUSINFO)msgshowstatus;
TSPY_INFO_FIX* pinfobuf=(TSPY_INFO_FIX*)msginfobuf;
pinfobuf->filecheck="";
TFix_Serverlogs_Form* fixform=NULL;
TFix_InfoMuster_Form* fixformmuster=NULL;
TFix_InfoRelacing_Form* fixformrelacing=NULL;
mftime="";
if(fixselecttype<0)
fixformrelacing=(TFix_InfoRelacing_Form*)msghwnd;
else if(fixselecttype==0)
{
fixform=(TFix_Serverlogs_Form*)msghwnd;
fixform->allpage=0;
fixform->allhpage=0;
}
else if(fixselecttype>0)
fixformmuster=(TFix_InfoMuster_Form*)msghwnd;
bool openbz=false;
if(msgstream==NULL)
{
try
{
msgstream=new TFileStream(pinfobuf->sourcefile,fmOpenRead | fmShareDenyNone);
openbz=true;
}
catch(...)
{
msgstream=NULL;
}
}
if(msgstream==NULL)
{
if(fixform!=NULL)
SendMessage(fixform->Handle,FIX_INFO_END,0,0);
else if(fixformmuster!=NULL)
SendMessage(fixformmuster->Handle,FIX_INFO_END,fixselecttype,0);
else if(fixformrelacing!=NULL)
SendMessage(fixformrelacing->Handle,FIX_INFO_END,-fixselecttype,0);
return;
}
TFIX_DEFMODE_INFO usermode;
InitModebuf(&usermode);
usermodebuf=&usermode;
AnsiString s1;
if((pinfobuf->buftype==9) || (pinfobuf->buftype==18))
{
s1="HTTP日志";
ReadModeIno(s1,&usermode,false);
if(defmodeinfo.defloghttp==NULL)
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -