[WINDOWS]安全卫士类软件部分功能检查实现
1: ActiveX检查,一般是注册表:(internet选项-安全-自定义级别)
注册表项:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
如:注册表键“2201”=0x3 表示:[ActiveX 控件自动提示]勾选了“已禁用”
2:强制禁用ActiveX:
注册表项:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{ActiveX的ID}
注册表键:“Compatibility Flags”=0x400 表示:禁用固定ID的ACTIVEX控件
3:相关软件的依赖检查:
使用Depends.exe软件可以查看某个dll,ocx,exe等程序,依赖哪些dll,ocx。
4:获得文件版本的两种方法:
//获得文件版本:只能获得版本如:4.0.0.1 string GetFileVersion(const string strFile) { struct st_Language { WORD wLanguageID; WORD wCodePage; }; DWORD dwSize = GetFileVersionInfoSize(CommonFunc::StringToLPCWSTR(strFile),NULL); if(0 == dwSize) return "Error:" + strFile; LPBYTE pBlock = (BYTE*)malloc(dwSize); BOOL b = GetFileVersionInfo(CommonFunc::StringToLPCWSTR(strFile),0,dwSize,pBlock); char* pVerValue = NULL; UINT nlen1 = 0; VerQueryValueA(pBlock,"file://VarFileInfo//Translation", (LPVOID*)&pVerValue,&nlen1); //获取语言 char* pLanValue = NULL; UINT nLen2 = 0; VerQueryValueA(pBlock,"VarFileInfo\\Translation",(LPVOID*)&pLanValue,&nLen2); //080404b0为中文 st_Language stlang = *((st_Language *)pLanValue); //获取版本属性 VerQueryValueA(pBlock,"\\",(LPVOID*)&pVerValue,&nlen1); VS_FIXEDFILEINFO *pfixfileinfo = (VS_FIXEDFILEINFO *)pVerValue; //修改属性 char *cstrR = new char[128]; ZeroMemory(cstrR,128); sprintf_s(cstrR,128,"%d.%d.%d.%d" ,pfixfileinfo->dwProductVersionMS >> 16 ,pfixfileinfo->dwProductVersionMS & 0xFFFF ,pfixfileinfo->dwProductVersionLS >> 16 ,pfixfileinfo->dwProductVersionLS & 0xFFFF); free(pBlock); return string(cstrR); } //获得文件版本2//可以获得版本后面的信息例如6.1.00.845(win7sp_blue) string GetFileVersion2(const string strFile) { HRESULT hr; struct LANGANDCODEPAGE { WORD wLanguage; WORD wCodePage; } *lpTranslate; PathStripPath(CommonFunc::StringToLPWSTR(strFile)); PathRemoveExtension (CommonFunc::StringToLPWSTR(strFile)); DWORD dwSize = GetFileVersionInfoSize(CommonFunc::StringToLPCWSTR(strFile),NULL); BYTE *pBlock = new BYTE[dwSize]; if (!GetFileVersionInfo(CommonFunc::StringToLPCWSTR(strFile),0,dwSize,pBlock)) { delete[] pBlock; return "ERROR1"; } // Read the list of languages and code pages. UINT cbTranslate; VerQueryValue(pBlock, TEXT("\\VarFileInfo\\Translation"), (LPVOID*)&lpTranslate, &cbTranslate); // Read the file description for each language and code page. //TCHAR SubBlock[50] = "\\StringFileInfo\\080403A8\\FileVersion"; for(int i=0; i < (cbTranslate/sizeof(struct LANGANDCODEPAGE)); i++ ) { //hr = StringCchPrintf(SubBlock, 50, TEXT("\\StringFileInfo\\%04x%04x\\FileVersion"), lpTranslate[i].wLanguage, lpTranslate[i].wCodePage); char cstrSubBlock[56] = {'\0'}; ZeroMemory(cstrSubBlock,56); //IntToHex sprintf_s(cstrSubBlock ,56,"\\StringFileInfo\\%04x%04x\\FileVersion",lpTranslate[i].wLanguage, lpTranslate[i].wCodePage); string strSubBlock = string(cstrSubBlock); //if (FAILED(hr)) //{ // delete[] pBlock; //} LPVOID lpBuffer; UINT dwBytes; // Retrieve file description for language and code page "i". if (VerQueryValue(pBlock, CommonFunc::StringToLPCWSTR(strSubBlock), &lpBuffer, &dwBytes)) { char* cbuffer = (char*)lpBuffer; string strRet = ""; for(int j=0;j<dwBytes;j++) { strRet += string(cbuffer); cbuffer = cbuffer + 2; } if(pBlock) delete[] pBlock; return strRet; } } if(pBlock)delete[] pBlock; return "ERROR2"; }
5,网络检查:
ping指令
//ping url bool PingURL(const string strUrl, string& strReturn) { try { bool bSucceeded = true; //启用winsock WSADATA wsa_data; if (WSAStartup(MAKEWORD(2, 2), &wsa_data) != 0) { strReturn += "探测"+strUrl+"失败:无法启用WinSock.\r\n"; return false; } //调用 IcmpSendEcho 所需参数 HANDLE icmp_file = ::IcmpCreateFile(); char* request = new char[32]; memset(request, 'a', 32); int response_size = sizeof(ICMP_ECHO_REPLY) + 32; char* response = new char[response_size]; ZeroMemory(response, response_size); //检测域名 strReturn = ">ping " + strUrl + "\r\n"; hostent* host = gethostbyname(strUrl.c_str()); if (host == NULL) { strReturn += "解析域名" + strUrl + "失败!\r\n" ; return false; } in_addr ip = *(in_addr*)host->h_addr; for (int i=0; i<4; i++) { DWORD ret_val = IcmpSendEcho( icmp_file, ip.s_addr, request, 32, NULL, response, response_size, 3000 ); PICMP_ECHO_REPLY reply = (PICMP_ECHO_REPLY)(response); if (ret_val >= 1 && reply->Status == IP_SUCCESS) { strReturn += "Reply from " + string(inet_ntoa(ip)) + ": bytes=32 time=" + CommonFunc::IntToString(reply->RoundTripTime) + " TTL=" + CommonFunc::IntToString((int)reply->Options.Ttl) + "\r\n"; } else { strReturn += "Request timed out.\r\n"; bSucceeded = false; } } //END free( request ); request = NULL; free( response ); response = NULL; return bSucceeded; }catch(...) { strReturn+="ping url 异常。#e\r\n"; return false; } return true; }
//ping ip bool PingIP(const string strIP, string& strReturn) { try { bool bSucceeded = true; //reset strReturn = ""; //调用 IcmpSendEcho 所需参数 HANDLE icmp_file = ::IcmpCreateFile(); char* request = new char[32]; memset(request, 'a', 32); int response_size = sizeof(ICMP_ECHO_REPLY) + 32; char* response = new char[response_size]; ZeroMemory(response, response_size); //ip 转换格式 in_addr ip; ip.S_un.S_addr = inet_addr(strIP.c_str()); strReturn = ">ping " + strIP + "\r\n" ; for (int i=0; i<4; i++) { DWORD ret_val = IcmpSendEcho( icmp_file, ip.s_addr, request, 32, NULL, response, response_size, 3000 ); PICMP_ECHO_REPLY reply = (PICMP_ECHO_REPLY)(response); if (ret_val >= 1 && reply->Status == IP_SUCCESS) { strReturn += "Reply from " + string(inet_ntoa(ip)) + ": bytes=32 time=" + CommonFunc::IntToString(reply->RoundTripTime) + " TTL=" + CommonFunc::IntToString((int)reply->Options.Ttl) + "\r\n"; } else { strReturn += "Request timed out.\r\n"; bSucceeded = false; } } //END free( request ); request = NULL; free( response ); response = NULL; return bSucceeded; }catch(...) { strReturn += "ping ip 异常。#e\r\n"; return false; } return true; }
NSLOOK指令
//NSLOOK : DNS检测需要 bool NsLookURL(const string strURL, string &strReturn) { try { strReturn = ""; if(strURL.length() <=0) { strReturn += "Error:URL==NULL\r\n"; return false; } strReturn += ">nslookup " + strURL + "\r\n"; WSADATA wsa_data; if (WSAStartup(MAKEWORD(2, 2), &wsa_data) != 0) { strReturn += "Error:WSAStartup\r\n"; return false; } hostent* host = gethostbyname( strURL.c_str() ); WSACleanup(); if (host == NULL) { strReturn += "Error:Gethostbyname\r\n"; return false; } else { strReturn += "Name: " + string(host->h_name) + "\r\n"; char** addresses = host->h_addr_list; if (*addresses != NULL) { strReturn += "Addresses " + string(inet_ntoa(*(in_addr*)*addresses)) + "\r\n"; while (*(++addresses) != NULL) { strReturn += " " + string(inet_ntoa(*(in_addr*)*addresses)) + "\r\n"; } } char** aliases = host->h_aliases; if (*aliases != NULL) { strReturn += "Aliases: " + string(*aliases) + "\r\n"; while (*(++aliases) != NULL) { strReturn += " " + string(*aliases) + "\r\n"; } } return true; } }catch(...) { strReturn += "Error:Exception\r\n"; return false; } } //NSLOOK : DNS检测需要 若成功,则返回具体ip bool NsLookURL(const string strURL, string &strReturn,string &strIP) { try { strReturn = ""; strIP = ""; if(strURL.length() <=0) { strReturn += "Error:URL==NULL\r\n"; return false; } strReturn += ">nslookup " + strURL + "\r\n"; WSADATA wsa_data; if (WSAStartup(MAKEWORD(2, 2), &wsa_data) != 0) { strReturn += "Error:WSAStartup\r\n"; return false; } hostent* host = gethostbyname( strURL.c_str() ); WSACleanup(); if (host == NULL) { strReturn += "Error:Gethostbyname\r\n"; return false; } else { strReturn += "Name: " + string(host->h_name) + "\r\n"; char** addresses = host->h_addr_list; if (*addresses != NULL) { strIP = string(inet_ntoa(*(in_addr*)*addresses)) ; strReturn += "Addresses " + strIP + "\r\n"; while (*(++addresses) != NULL) { strReturn += " " + string(inet_ntoa(*(in_addr*)*addresses)) + "\r\n"; } } char** aliases = host->h_aliases; if (*aliases != NULL) { strReturn += "Aliases: " + string(*aliases) + "\r\n"; while (*(++aliases) != NULL) { strReturn += " " + string(*aliases) + "\r\n"; } } return true; } }catch(...) { strReturn += "Error:Exception\r\n"; return false; } }
trace指令
//trace URL , iPackLen为每次探测的包长 bool TraceURL(const string strURL,const int iPackLen,string &strReturn) { strReturn = ""; WSADATA wsa; if(WSAStartup(MAKEWORD(2,2),&wsa)!=0) { strReturn += ("WSAStartup failed.\r\n"); return false; } //转换IP地址到整数 unsigned long ip = inet_addr(strURL.c_str()); if(ip==INADDR_NONE) { //用户可能输入的是域名 hostent* pHost = gethostbyname(strURL.c_str()); //如果域名无法解析 if(pHost==NULL) { strReturn += ("Invalid IP or domain name:" + strURL + "\r\n"); return false; } //取域名的第一个IP地址 ip = *(unsigned long*)pHost->h_addr_list[0]; strReturn += ("trace route to " + strURL + "(" + string(inet_ntoa(*(in_addr*)&ip)) + ")"+ " Len:" + CommonFunc::IntToString(iPackLen) + "\r\n"); } else { strReturn += ("trace route to " + strURL + " Len:" + CommonFunc::IntToString(iPackLen) + "\r\n"); } //打开ICMP句柄 HANDLE hIcmp; if ((hIcmp = IcmpCreateFile()) == INVALID_HANDLE_VALUE) { strReturn += ("Unable to open ICMP file.\r\n" ); return false; } //设置IP报头的TTL值 IP_OPTION_INFORMATION IpOption; ZeroMemory(&IpOption,sizeof(IP_OPTION_INFORMATION)); IpOption.Ttl = 1; //设置要发送的数据 char *SendData; if(iPackLen == TRACER_1460_PACK) { SendData = new char[TRACER_1460_PACK]; } else if(iPackLen == TRACER_1400_PACK) { SendData = new char[TRACER_1400_PACK]; } else if(iPackLen == TRACER_1000_PACK) { SendData = new char[TRACER_1000_PACK]; } else { SendData = new char[TRACER_32_PACK]; } ZeroMemory(SendData,iPackLen); //设置接收缓冲区 char ReplyBuffer[sizeof(ICMP_ECHO_REPLY)+32]; PICMP_ECHO_REPLY pEchoReply = (PICMP_ECHO_REPLY)ReplyBuffer; BOOL bLoop = TRUE; int iMaxHop = 30; while(bLoop && iMaxHop--) { string strLine = "";//记录一条记录 strLine += CommonFunc::IntToString((int)IpOption.Ttl); //发送ICMP回显请求 if(IcmpSendEcho(hIcmp,(IPAddr)ip, SendData, sizeof(SendData), &IpOption, ReplyBuffer, sizeof(ReplyBuffer), 3000)!=0) { if(pEchoReply->RoundTripTime==0) { strLine += " <1ms"; } else { strLine += " " + CommonFunc::IntToString(pEchoReply->RoundTripTime) + "ms" ; } strLine += " " + string(inet_ntoa(*(in_addr*)&(pEchoReply->Address))) ; //判断是否完成路由路径探测 if((unsigned long)pEchoReply->Address==ip) { strLine += "\r\nTrace complete."; bLoop = FALSE; } } else { strLine += " Request time out."; } strReturn += (strLine + "\r\n" ); IpOption.Ttl++; } IcmpCloseHandle(hIcmp); WSACleanup(); return true; }
获得网页内容
#define URLRESULT_MAXLEN 2048 //获得网页的最大长度 //根据URL通过GET请求,获得网页内容//若要完整获取,可在InternetReadFile使用循环读取 bool GetHtmlResultByURL(string& strHtmlResult,const string strURL) { //1,分解URL //PBDebug::WriteDebugLog("1、分解URL"); bool bHttps = true; string strHostName = ""; int iHostPort = 443; string strCommand = ""; //string strGetData = ""; strHtmlResult = ""; if( false == CommonFunc::AnalyseURL(strURL, bHttps,strHostName,iHostPort,strCommand) ) { strHtmlResult = "AnalyseURL ERROR : [" + strURL + "]\r\n"; return false; } /* PBDebug::WriteDebugLog(strURL); PBDebug::WriteDebugLog(strHostName); if(bHttps) PBDebug::WriteDebugLog("https"); PBDebug::WriteDebugLog(CommonFunc::IntToString(iHostPort)); PBDebug::WriteDebugLog(strCommand); */ wstring wstrHostName = CommonFunc::s2ws(strHostName); wstring wstrCommand = CommonFunc::s2ws(strCommand); //wstring wstrGetData = CommonFunc::s2ws(strGetData); LPCTSTR cstrHostName = wstrHostName.c_str(); LPCTSTR cszCommand = wstrCommand.c_str(); //LPCTSTR cstrGetData = wstrGetData.c_str(); //int iGetDataLen = strGetData.length(); //2、设置 //PBDebug::WriteDebugLog("2、设置"); LPCTSTR cstrRequestMethod = L"GET"; DWORD dwOpenRequestFlags; if(bHttps) { dwOpenRequestFlags = INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP | INTERNET_FLAG_KEEP_CONNECTION | INTERNET_FLAG_NO_AUTH | INTERNET_FLAG_NO_COOKIES | INTERNET_FLAG_NO_UI | //设置启用HTTPS INTERNET_FLAG_SECURE | INTERNET_FLAG_IGNORE_CERT_CN_INVALID| INTERNET_FLAG_RELOAD; } else { dwOpenRequestFlags = INTERNET_FLAG_NO_CACHE_WRITE | INTERNET_FLAG_RELOAD; } //3、打开连接 //PBDebug::WriteDebugLog("3、打开连接"); HINTERNET hInte = InternetOpen(L"", INTERNET_OPEN_TYPE_PRECONFIG,NULL,NULL,0); if(NULL == hInte) { strHtmlResult = "InternetOpen ERROR : " + CommonFunc::IntToString(GetLastError()) + "[" + strURL + "]\r\n"; return false; } //4、尝试连接 //PBDebug::WriteDebugLog("4、尝试连接"); HINTERNET hConnection = InternetConnect(hInte, cstrHostName, iHostPort, NULL, NULL, INTERNET_SERVICE_HTTP, 0, 0); if(NULL == hConnection) { strHtmlResult = "InternetConnect ERROR " + CommonFunc::IntToString(GetLastError()) + ": [" + strURL + "]\r\n"; InternetCloseHandle(hInte); return false; } //5、接收数据 //PBDebug::WriteDebugLog("5、接收数据"); HINTERNET hRequest = HttpOpenRequest(hConnection, cstrRequestMethod, cszCommand, HTTP_VERSION, L"", NULL, dwOpenRequestFlags, 0); if(NULL == hRequest) { strHtmlResult = "HttpOpenRequest ERROR " + CommonFunc::IntToString(GetLastError()) + ": [" + strURL + "]\r\n"; InternetCloseHandle(hInte); InternetCloseHandle(hConnection); return false; } HttpAddRequestHeaders(hRequest, L"---------------------------\r\n\r\n" , -1, HTTP_ADDREQ_FLAG_ADD | HTTP_ADDREQ_FLAG_REPLACE); bool bRet = false; //6、发送数据 //PBDebug::WriteDebugLog("6、发送数据"); if( TRUE == HttpSendRequest(hRequest,NULL,0,"",0) ) { DWORD dwLen = URLRESULT_MAXLEN; char szBuffer[URLRESULT_MAXLEN]; memset(szBuffer,0,URLRESULT_MAXLEN); if( TRUE == InternetReadFile(hRequest, szBuffer, URLRESULT_MAXLEN, &dwLen) ) { strHtmlResult = string(szBuffer,dwLen); bRet = true; } else { strHtmlResult = " InternetRead ERROR :" + CommonFunc::IntToString(GetLastError()); bRet = false; } } else { strHtmlResult = " HttpSend ERROR " + CommonFunc::IntToString(GetLastError()); bRet = false; } InternetCloseHandle(hInte); InternetCloseHandle(hConnection); InternetCloseHandle(hRequest); return bRet; }