Click here to Skip to main content
Rate this: bad
good
Please Sign up or sign in to vote.
See more: C++
Hi guys,
I have problem is that:
I want to kill virus called "Packed.Win32.Krap.ar" and this virus when being activated transfer itself to a random directory and random file name in "C:\Program Files". And this virus hide itself perfectly and no one can see this file even when you put your mouse on the directory the folder looks like it's empty, but the virus in there. And I have programmed a VB.net program to show this virus but it was not worked.
 
So, I have program in c++ win32 console application and this program get me the list of files in directory using "FindFirstFile & FindNextFile" functions, and this program works well, It gets me the virus name with full path.
So, I decided to make a c++/cli dll class library so I can call this function into the VB.net. But the dll It can't get me the List of files in that directory!!!!!!! why??
 
This is the code of c++ win32:
int _tmain(int argc, TCHAR *argv[])
{
   WIN32_FIND_DATA ffd;
   LARGE_INTEGER filesize;
   HANDLE hFind = INVALID_HANDLE_VALUE;
   DWORD dwError=0;
   
   // Find the first file in the directory.

   hFind = FindFirstFile(TEXT("C:\\Program Files\\YSxXeMcr\\*.*"), &ffd);
 
   if (INVALID_HANDLE_VALUE == hFind) 
   {
      DisplayErrorBox(TEXT("FindFirstFile"));
      return dwError;
   } 
   
   // List all the files in the directory with some info about them.

   do
   {
      if (!(ffd.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY))
      {
         filesize.LowPart = ffd.nFileSizeLow;
         filesize.HighPart = ffd.nFileSizeHigh;
         _tprintf(TEXT("  %s   %ld bytes\n"), ffd.cFileName, filesize.QuadPart);
      }
      else
      {
         _tprintf(TEXT("  %s   <DIR>\n"), ffd.cFileName);
      }
   }
   while (FindNextFile(hFind, &ffd) != 0);
 
   dwError = GetLastError();
   if (dwError != ERROR_NO_MORE_FILES) 
   {
      DisplayErrorBox(TEXT("FindFirstFile"));
   }
 
   FindClose(hFind);
   system("pause");
   return dwError;
}
 
And this is the c++/cli dll code:
	    String^ ReadFirstFile(String^ Path)
	    {
	        WIN32_FIND_DATA     FindFileData;
	        if (Path->Length == 3) Path +="*.*";
	        else Path += "\\*.*";
            char*               path = (char*) Marshal::StringToHGlobalAnsi(Path).ToPointer();
	        hFile = FindFirstFile(path, &FindFileData);
	        if (hFile == INVALID_HANDLE_VALUE) 
	        {
	            String^     Error;
	            LPCTSTR     E      =   GetTheError("FindFirstFile");
	            Error = gcnew String(reinterpret_cast<const char*>(E));
	            throw gcnew ReadStreamException(Error);
		        return "";
	        }
            do
            {
                if (!(FindFileData.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY))
                {
                    String^ FileName;
	                FileName = gcnew String(reinterpret_cast<const char*>(FindFileData.cFileName ));
	                Path     = Path->Replace("*.*",FileName);
	                return Path;
                }
            }
            while (FindNextFile(hFile, &FindFileData) != 0);
            return "";
	    }
 
Oh!, don't wary about the dll code it's just pring me the first file and then I call the FindNextFile.
 
I hope you understand my question...
And I hope you have answer.
Posted 21-Apr-12 11:12am
Rate this: bad
good
Please Sign up or sign in to vote.

Solution 2

I think you should use an Anti-Virus program.
  Permalink  
Comments
Rasool Ahmed at 22-Apr-12 23:10pm
   
Body, I am building an anti-virus.
«_Superman_» at 22-Apr-12 23:24pm
   
In that case, you need to do a lot more research.
Because you cannot rely on APIs like FindFirstFile as there are programs called rootkits that hide from such file enumerating APIs.
enhzflep at 23-Apr-12 6:04am
   
My 5. Rootkit is the key-word here.
Rasool Ahmed at 23-Apr-12 11:46am
   
The only solution is use win32 but I want use cli!!!
Rate this: bad
good
Please Sign up or sign in to vote.

Solution 1

"It can't get me the List of files in that directory!!!!!!! "
 
does it give an error of any kind?
  Permalink  
Comments
Rasool Ahmed at 22-Apr-12 15:47pm
   
Nop, no error.
Rate this: bad
good
Please Sign up or sign in to vote.

Solution 3

In your do {} while; loop you are ignoring all directories and returning the first file that you find. What happens next?
  Permalink  
Comments
Rasool Ahmed at 23-Apr-12 11:44am
   
Why you asked this question, I want to get the first file that I find, but in cli will not get me the first file for the directory that contains the virus. Only in win32.
Richard MacCutchan at 23-Apr-12 12:06pm
   
Why I asked this question: because I am trying to understand what your problem is. Unfortunately the statement " I want to get the first file that I find, but in cli will not get me the first file for the directory that contains the virus. Only in win32." does not tell me anything.
Rasool Ahmed at 23-Apr-12 14:54pm
   
What part of my question you don't understand?
Richard MacCutchan at 24-Apr-12 3:15am
   
You have not explained what errors you get, what results come from the FindFirstFile() call etc. Also as I said above, looking at your code I still do not understand what is supposed to happen in your do loop.
Rasool Ahmed at 24-Apr-12 13:26pm
   
Alright, My program don't return me any error, only wrong results.
In my do loop it suppose ignore all the directories until get the first file.
The program work fine but...
In CLI programming the directory that contains the virus the program return me 0 files.
In the WIN32 programming the program return me the virus name in that directory.
Richard MacCutchan at 25-Apr-12 4:28am
   
The only thing I can suggest is to step through it in your debugger to find out where these wrong results are coming from. You could also add some debug code to print some more information about what is happening in the dll code.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



Advertise | Privacy | Mobile
Web03 | 2.8.150326.1 | Last Updated 23 Apr 2012
Copyright © CodeProject, 1999-2015
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100