|
Explanation,
I have some code that runs in a toplevel windows position,
This code never-the less appears to get infected and corrupted by virri on occasions.
So I do a couple of CRC checks on the apps initiation to verify if the existing code is also infected.
for-example:
if( code_infected() ) { Error_message(); Exit(); }
else RunTheApp();
Ok simple enough eh!
My question is how can I detect what was the malware/nasty that infected my App ?
Note all the code is in one exe.
I could spawn a process that monitors the app, but this would be liable to be infected as well.
Any help welcome ! Thanks.
Regardz
Colin J Davies
Sonork ID 100.9197:ColinI live in Bob's HungOut now
A good example of "Fully Managed" coding
|
|
|
|
|
Look for CheckSumMappedFile() in your MSDN. You'll find there all about executable files images
Philip Patrick
"Two beer or not two beer?" (Shakesbeer)
Web-site: www.saintopatrick.com
|
|
|
|
|
There's an unused field in the PE header that you can use to store a checksum of the file. You would use or write a checksumming program and run that on your app, and that program would store the checksum in the PE header. Then your code_infected() routine would use the same algorithm to compute the checksum and compare the two.
--Mike--
My really out-of-date homepage
Buffy's on. Gotta go, bye!
Sonork - 100.10414 AcidHelm
Big fan of Alyson Hannigan.
|
|
|
|
|
What if it's a smart virii that modifies the checksum field?
Todd Smith
|
|
|
|
|
A virus that analyzes the host program, locates the checksumming algorithm, runs it against itself, and saves & verifies a new checksum? Not likely.
--Mike--
My really out-of-date homepage
Buffy's on. Gotta go, bye!
Sonork - 100.10414 AcidHelm
Big fan of Alyson Hannigan.
|
|
|
|
|
Well, what if the target application is a crack program. Then it would be very very easy to crack the program.
I think Colin is trying to protect an application from the crackers. If so, you should choose a third-party library. Here is a good one.http://www.bit-arts.com/ It is really expensive, but if you use ChargeKey service to sell your software, they provide these programs for free. Have a look at it.
Kind regards
Mustafa Demirhan
http://www.macroangel.com
Sonork ID 100.9935:zoltrix
|
|
|
|
|
I have a procedure in sybase which has to be executed
in frontend thru VC++...So, how do u go abt it...! Right now i
have used DBGrid Control to access my info in the frontend...as per my understanding...!Or is there any other way to spool the info of the stored procedure....?I just have to see the data in the stored procedure ,excuted in the front end...!
plz help
S
|
|
|
|
|
I re-worked one of my functions today and for some reason, all of the new variables that I create share the same address and, therefore, share the same data. It's causing some issues with the handling of the application and I've never seen anything like this before. Does anyone have any ideas as to how this could happen or how I could fix it?
|
|
|
|
|
Post the code here, so someone will answer more correctly.
It is something in your code, check assignments. Also are this variables pointers or not?
IS, post the code here
Philip Patrick
"Two beer or not two beer?" (Shakesbeer)
Web-site: www.saintopatrick.com
|
|
|
|
|
Here is the code:
CString OffensiveBackfield;
if (true)
{
int ItemIndex;
CString Subheading;
CString SubheadingNumber;
bool SubheadingAdded = false;
//Populate the dialog item drop down lists with the position names
NumFormations = pApp->GetProfileInt("Offensive Backfield Formations\\Formations", "NumFormations", 0);
if (NumFormations > 0)
{
for (int j = 3; j < 6; j++)
{
for (i = 1; i <= NumFormations; i++)
{
_itoa( i, buffer, 10 );
FormationRegName = pApp->GetProfileString("Offensive Backfield Formations\\Formations", "Formation" + (CString)buffer);
NumReceivers = pApp->GetProfileInt("Offensive Backfield Formations\\Formations", "WR" + (CString)buffer, 0);
if (NumReceivers == j)
{
if (!SubheadingAdded)
{
_itoa(j, SubheadingNumber.GetBuffer(0), 10);
strcat(SubheadingNumber.GetBuffer(0), " Wide Receivers");
Subheading = SubheadingNumber;
ItemIndex = pOffensiveBackfieldBox->AddString(Subheading);
pOffensiveBackfieldBox->SetItemData(ItemIndex, 0);
SubheadingAdded = true;
}
TildeCheck = FormationRegName.Find(" ~ ");
if (TildeCheck != -1)
{
FormationName = FormationRegName.Left(TildeCheck);
}
else
{
FormationName = FormationRegName;
}
ItemIndex = pOffensiveBackfieldBox->AddString(FormationName);
pOffensiveBackfieldBox->SetItemData(ItemIndex, 1);
}
}
SubheadingAdded = false;
}
}
}
if(OffensiveBackfield != "")
{
pOffensiveBackfieldBox->SelectString(0, OffensiveBackfield);
}
For some reason, the variables "Subheading", "SubheadingNumber", and "OffensiveBackfield" all have the same address associated with them. After the line "_itoa(j, SubheadingNumber.GetBuffer(0), 10);", all three of the variables have the same data in them. This is not how it should be and I'm wondering how this is happening.
|
|
|
|
|
Stew wrote:
_itoa(j, SubheadingNumber.GetBuffer(0), 10);
strcat(SubheadingNumber.GetBuffer(0), " Wide Receivers");
You have two problems there. First, you're allocating a buffer of length 0, so the _itoa() and strcat() calls are overrunning the buffer. Second, you're not calling ReleaseBuffer(). Do something like:
LPTSTR pszBuff = SubheadingNumber.GetBuffer(16);
_itoa ( j, pszBuff, 10 );
SubheadingNumber.ReleaseBuffer();
SubheadingNumber += _T(" Wide Receivers");
--Mike--
My really out-of-date homepage
Buffy's on. Gotta go, bye!
Sonork - 100.10414 AcidHelm
Big fan of Alyson Hannigan.
|
|
|
|
|
Oh, I'm late, LMAO, Well, Michael told ya already
Philip Patrick
"Two beer or not two beer?" (Shakesbeer)
Web-site: www.saintopatrick.com
|
|
|
|
|
Can someone help me with a demo project? I have two (2) edit boxes. When I type something in one edit box I want the other edit box to instantaneously update. However, if I keep typing information, new information is typed on top of old information. It looks awful. I tried
m_edit0 = name;
GetDlgItem(IDC_EDIT0)->Invalidate();
GetDlgItem(IDC_EDIT0)->UpdateWindow();
and alot of other things, but nothing makes it work correctly. Please, please, can I email a demo project that illustrates this error and hopefully, someone will be able to help me fix it?
My email address is brinasas@yahoo.com
Sincerely,
Danielle (an overworked graduate student)
|
|
|
|
|
Hi Danielle,
Just try follows:
GetDlgItem(IDC_EDIT0)->RedrawWindow();
Should help!
Best regards,
Eugene Pustovoyt
Sonork ID 100.10002:Yaumen
|
|
|
|
|
I have a ComboBox on my Dialog. I want to put items in it that aren't supposed to change so i open its properties and i type in the items seperated by CTRL+RETURN which takes me to the next line. For some reason the items dont show in the ComboBox when i run the dialog. (the dialog is called from another dialog with DoModal() ).
Can anyone think of a reason why the items wont show???? (i tried all different combinations of the properties, i tried changing the style and Owner draw and everything else so its not that)
Kuniva
--------------------------------------------
God gave man a penis and a brain but not enough blood to make both of 'em work at the same time.
|
|
|
|
|
Maybe you are calling ResetContent() somewhere in your OnInitDialog() ?
Philip Patrick
"Two beer or not two beer?" (Shakesbeer)
Web-site: www.saintopatrick.com
|
|
|
|
|
How do I access a MFC ActiveX .OCX interface in VC that was created in VC?
Thanks in advance...
~Timothy T. Rymer
www.digipen.edu
tim.xpertz.com
|
|
|
|
|
Assuming that CLSID_ISomeInterface is the class id of interface you want to access, so the code of getting it should be like this:
ISomeInterface* pInterface = NULL;
CoCreateInstance(CLSID_ISomeInterface, NULL, CLSCTX_INPROC_SERVER,
IID_ISomeInterface, (void**)&pInterface );
the pInterface will contain your interface.
But the code can be different for different ActiveXs. If you want to know exactly, tell what interface you want to access.
Philip Patrick
"Two beer or not two beer?" (Shakesbeer)
Web-site: www.saintopatrick.com
|
|
|
|
|
I am trying to write a simple dialog based multi-threaded app that has a worker thread doing blocking socket reads from a non windows server (no serialization) and updating progress controlls on the dialog window (like an ftp app).
I first tried following the MFC examples, deriving my thread class from CWinThread. This runs, but doesn't work correctly. Windows messages, like scrolling, are blocked at times to all applications (not just my app). I tried setting the thread priority to the lowest, but still had problems with blocking. I guessed this was due to the thread being derived from CWinThread and having message maps, but unfortunatly the VC help files I found only talked about making worker threads from functions.
I searched and found a CThread class here on codeproject.com, and I switched my code over, deriving my worker class from the CThread class and eliminating the message maps for my worker thread (which I guess was realy a UI thread). Still the problem presents itself.
Any pointers to a multi-threaded application that updates a user interface with status progress while doing blocking work with another thread, or any other suggestions would be greatly appreciated.
|
|
|
|
|
Take a look at _beginthreadex() in MSDN, I always use it for creating threads. I really hate those thread-classes...
If you want to update a progressbar, from the thread, you can pass a pointer to the progressbar, to the thread, using the "void *arglist" parameter.
Then you can access the progressbar from your thread.
If you need to access the progressbar, at the same time, from the main thread, you can make some easy syncronizing using a Critical Section...
- Anders
Money talks, but all mine ever says is "Goodbye!"
|
|
|
|
|
I can give switching _beginthreadex() a try, and would be more willing to with some examples of using that to start a class instead of a function, but before I try, do you think that will help my problem? Will that make my blocking calls in the worker thread not affect the rest of the system?
I am not even sure if the blocking calls are the problem, or if it is due to the thread working so hard and using all cpu (as I stated before, I have tried the lowest thread priority with the same results). My mouse never has a problem moving, but waiting for a response to mouse clicks, scroll bar moves, etc on any app that is running, including my own and the windows task bar sometimes take a long time to respond.
Let me explain that better. While the transfer is happening, for about half of the time the computer is very responsive. The other half of the time it can be a few seconds or longer before the system responds. It jumps between the two states of responsiveness without any apparent pattern. Sometimes it will be very response although the worker thread is transferring a lot of data. Othertimes it will be unresponsive during the same condition.
As for updating a progress meter, origionaly I accessed the progress controll directly. My worker thread class has a member that points to it's owner thread -- the dialog. I was accessing the dialog's progress controll CProgressControll directly that way. By doing that, or even just having TRACE messages everywhere I would normaly step the progress bar, caused the system to crash after a partial 'download', and never at the same place. It was like I was sending too many messages for it (1.4Ghz) to keep up with.
Currently I have the worker thread update members on the owner thread, and an OnTimer on the owner thread/dialog to update the progress bars. That works better, the system doesn't crash and when messages are getting through the status update happens.
Has anyone seen a code example for something like an ftp transfer in a worker thread class using blocking winsock, with smooth and accurate status updates in a dialog thread class?
|
|
|
|
|
Jacob Anawalt wrote:
Will that make my blocking calls in the worker thread not affect the rest of the system?
I have never seen blocking calls effect the whole system, at least not if the thread have a low priority.
Are you running Win9x or NT/2k/XP?
Jacob Anawalt wrote:
While the transfer is happening, for about half of the time the computer is very responsive. The other half of the time it can be a few seconds or longer before the system responds. It jumps between the two states of responsiveness without any apparent pattern. Sometimes it will be very response although the worker thread is transferring a lot of data. Othertimes it will be unresponsive during the same condition.
I have no idea why this is happening, I have never seen anything like that. But, I always use NT/Win2k, and they handle threads a lot better that Win9x systems...
Another option would be to move away from the blocking socket, and use a async socket instead...
- Anders
Money talks, but all mine ever says is "Goodbye!"
|
|
|
|
|
Is there any freeware libraries for a media player (MP3, MPEG, AVI etc...) that does not need windows media player installed on the clients computer. Something like a third party dll containing MP3 decoder stuff. It will be used as an extra 'bonus' part of another program so it doesnt have to be too complex!
Ive already looked at the Audio/Video section of codeproject and nothing will do the job.
Any thoughts?
.NET or not .NET? MFC is the question......
|
|
|
|
|
Oddly enough the sample that exists on CP is under an example for skinable apps. But there is full source here somewhere for playing mp3s, it's just used in the context of an app that is skanable, like Winamp.
Christian
I have come to clean zee pooollll. - Michael Martin Dec 30, 2001
Sonork ID 100.10002:MeanManOzI live in Bob's HungOut now
|
|
|
|
|
There are lots of free decoder libraries, check out sites like www.sourceforge.net
Stephen Caldwell
Blackfission, CEO
http://blackfission.myip.org:81
|
|
|
|
|