exehashcheck.cpp

BVB杀毒软件的引擎代码,可以学习这种杀毒软件的核心 帮助自己设计杀毒软件

#include <string>
 #include <windows.h>
 #include <vector>
 #include <fstream>
 #include <cassert>
 #include <sstream>
 #include <stdexcept>
 #include <ctime>
 
 #include "Globals.h"
 
 using namespace std;
 
 ExeHashCheck::ExeHashCheck( vector<string> V, string S)
 /*
 Description: Constructor that takes the filename vector and the backup file name
 */
 {
 FileNames = V;
 ExeHashFile = S;
 }
 
 ExeHashCheck::ExeHashCheck( void )
 /*
 Description: Default constructor
 */
 {
 
 }
 
 void ExeHashCheck::setExeHashFile( string S)
 /*
 Description: Obvious
 */
 {
 ExeHashFile = S; 
 }
 
 void ExeHashCheck::setFileNamesVector( vector<string> V)
 /*
 Description: Obvious
 */
 {
 FileNames = V;
 }
 
 string ExeHashCheck::getDataFromBackup( ifstream* efh, int size )
 /*
 Description: Gets size number of bytes from an open stream pointed at by efh
 */
 {
 string data( size, '\0');
 int i;
 for(i=0;i<size;i++)
 {
 data[i] = efh->get();
 } 
 data.resize( i );
 return data;
 }
 
 string ExeHashCheck::getHashOfExe( string exePath )
 /*
 Description: copies the first MAGIC_BYTE_NUMBER bytes from the exe at exePath and returns them as a string
 */
 {
 string hash;
 CSHA1 hasher;
 
 hasher.HashFile( exePath.c_str() );
 hasher.Final();
 
 hasher.ReportHash( hash );
 
 return hash;
 }
 
 string ExeHashCheck::getName( ifstream* efh )
 /*
 Description: copies a the name out of a backup file. It works exactly like the getline function
 */
 {
 string data( MAX_FILEPATH_LENGTH, '\0');
 efh->ignore();
 int i;
 for(i=0;i<MAX_FILEPATH_LENGTH;i++)
 {
 data[i] = efh->get();
 if( data[i] == '\n' ) break;
 }
 data[i] = '\0';
 data.resize( i );
 return data;
 }
 
 string getLogFileName( void )
 /*
 Description: generates a logfile name with a timestamp
 */
 {
 string fileName, prefix("log"), suffix(".txt");
 unsigned int itime = (unsigned int)time(0);
 ostringstream oss;
 
 
 
 oss << prefix << itime << suffix;
 
 fileName = oss.str();
 
 
 
 return fileName;
 }
 
 int ExeHashCheck::checkAllHashes( string& logname )
 /*
 Description: checks all Hashs found in the backup file specified by the member variable ExeHashFile.
 Returns the number of failed checks, or -1 for error.
 */
 { 
 ifstream ExeHashFileHandle( ExeHashFile.c_str() );
 logname = getLogFileName();
 ofstream LogFileHandle(logname.c_str() );
 int count = 0, position, fcount = 0;
 string name, bdata, fdata;
 
 if( !ExeHashFileHandle.good() ) return -1;
 
 do
 {
 ExeHashFileHandle >> position;
 
 assert( position >= 0);
 
 name = getName( &ExeHashFileHandle );
 bdata = getDataFromBackup( &ExeHashFileHandle, 40 );
 fdata = getHashOfExe( name );
 
 if( count != position )
 {break;}
 
 if ( bdata != fdata )
 {
 fcount++;
 LogFileHandle << "Hash of " 
 << name 
 << " changed!\nExpected: " 
 << bdata 
 << endl 
 << "Observed: " 
 << fdata 
 << endl;
 }
 
 
 
 count++;
 }
 while( ExeHashFileHandle.good() );
 
 ExeHashFileHandle.close();
 LogFileHandle.close();
 
 if( fcount == 0 ) system(("del " + logname).c_str());
 //TODO: Check data 
 
 return fcount;
 }