#include #define _PROTOTYP( func, parms ) func parms #define FILECOUNT 2 CHAR * FileName[FILECOUNT] ; HANDLE hFile[FILECOUNT] ; HANDLE hFileMapping[FILECOUNT] ; CHAR * pView[FILECOUNT] ; struct ck_registration * RegBlock[FILECOUNT] ; FILETIME ftLastAccess[FILECOUNT], ftCreation[FILECOUNT], ftLastWrite[FILECOUNT] ; char *zinptr=NULL; int zincnt=0, zoutcnt=0; char *zoutptr=NULL; void zdstuff(char c) {}; int ckOpenFile(int i) { hFile[i] = CreateFile( FileName[i], // address of name of the file GENERIC_READ|GENERIC_WRITE, 0, // share mode NULL,// address of security descriptor OPEN_EXISTING, // how to create FILE_ATTRIBUTE_NORMAL | FILE_FLAG_SEQUENTIAL_SCAN, // file attributes NULL // handle of file with attributes to copy ); GetFileTime( hFile[i], &ftCreation[i], &ftLastAccess[i], &ftLastWrite[i] ) ; hFileMapping[i] = CreateFileMapping( hFile[i], NULL, PAGE_READWRITE, 0, 0, NULL ); pView[i] = (CHAR *) MapViewOfFile( hFileMapping[i], FILE_MAP_ALL_ACCESS, 0,0,0); if ( !pView[i] ) { return 0; } return 1; } int ckCloseFile( int i ) { if (pView[i]) UnmapViewOfFile( pView[i] ) ; if (hFileMapping[i]) CloseHandle( hFileMapping[i] ) ; if (hFile[i]) { SetFileTime( hFile[i], &ftCreation[i], &ftLastAccess[i], &ftLastWrite[i] ) ; CloseHandle( hFile[i] ) ; } return 1; } int SearchForRegBlock( int i ) { CHAR * SearchString1 = NULL, * SearchString2 = NULL; int SearchStringLength1 = 0; int SearchStringLength2 = 0; int SearchLength = 0; BY_HANDLE_FILE_INFORMATION fileInfo ; CHAR * start = NULL ; CHAR * p = NULL ; int found = 0 ; ULONG k = 0 ; if ( i == 0 ) { SearchString1 = "K95CRYPT"; // SearchString2 = "SSLEAY32"; } else { SearchString1 = "K2CRYPT"; // SearchString2 = "SSLEAY2"; } SearchStringLength1 = SearchLength = strlen(SearchString1); GetFileInformationByHandle( hFile[i], &fileInfo ) ; // We only search for the first null terminated portion of the search string // because we want to be able to find a pre-registered copy if ( !pView[i] ) return 0 ; if ( SearchString1 ) { start = pView[i] ; p = pView[i] ; found = 0 ; while ( !found && k < fileInfo.nFileSizeLow ) { LONG j = 0 ; if ( p[k] == SearchString1[0] ) { start = &p[k] ; for ( j = 0 ; j < SearchLength ; j++ ) { if ( start[j] != SearchString1[j] ) break; } if ( j == SearchLength ) found = 1 ; } k++ ; } if ( found ) { printf("%s replaced by NULs\n",SearchString1); memset(start,0,SearchStringLength1); } } if ( SearchString2 ) { SearchStringLength2 = SearchLength = strlen(SearchString2); start = pView[i] ; p = pView[i] ; found = 0 ; while ( !found && k < fileInfo.nFileSizeLow ) { LONG j = 0 ; if ( p[k] == SearchString2[0] ) { start = &p[k] ; for ( j = 0 ; j < SearchLength ; j++ ) { if ( start[j] != SearchString2[j] ) break; } if ( j == SearchLength ) found = 1 ; } k++ ; } if ( found ) { printf("%s replaced by NULs\n",SearchString2); memset(start,0,SearchStringLength2); } } return found; } int main( int argc, char ** argv ) { int dsn = 0 ; int i ; FileName[0] = "k95.exe" ; FileName[1] = "k2.exe" ; for ( i=0 ; i < FILECOUNT ; i++ ) { hFile[i] = NULL ; hFileMapping[i] = NULL ; pView[i] = NULL ; RegBlock[i] = NULL ; if ( !ckOpenFile(i) ) { printf("Unable to open %s\n", FileName[i]) ; continue; } printf("\n%s\n++++++++++++\n",FileName[i]); if (!SearchForRegBlock(i)) { printf( "Invalid %s file.\n", FileName[i] ) ; continue; } } /* Parse command line and use it to register the files */ for ( i=0; i