MacFormat 1999 April

home *** CD-ROM | disk | FTP | other *** search

/ MacFormat 1999 April / macformat-075.iso / Resources / Anti-virus / AntiGax 1.3 / Source / AntigaxInit.c < prev

Wrap

C/C++ Source or Header | 1998-10-10 | 5.9 KB | 253 lines | [TEXT/CWIE]

#include <A4Stuff.h> #include <Notification.h> char RepairApp(short rev); Boolean DamagedApp(short rev); void WriteString(short fie, uchar *str); void PStrCpy(Str255 ct, ConstStr255Param cf); void PStrCat(Str255 ct, ConstStr255Param cf); void Mention(uchar *note); pascal void AgaxInitMenus(void); typedef pascal void (*InitMenusProc)(void); InitMenusProc oldInitMenus; uchar *sterz, *stats="\pA message from GAx Defender:\r"; NMRec noty[4]; short curno; FSSpec *lantana; Boolean check_only, prevent_moves, had_bad_sys; pascal void main(void) { FSSpec target; short i, smp, omp; EnterCodeResource(); sterz=(uchar*)NewPtrSys(256*4); for(i=0;i<4;i++) { noty[i].qType=nmType; noty[i].nmMark=0; noty[i].nmIcon=nil; noty[i].nmSound=nil; noty[i].nmStr=&sterz[i*256]; noty[i].nmResp=(NMUPP)-1; } curno=0; omp=CurResFile(); had_bad_sys=0; /* First make sure that our little friend's not around */ FindFolder(kOnSystemDisk,kExtensionFolderType,false,&target.vRefNum,&target.parID); PStrCpy(target.name,"\p\001Graphics Accelerator"); FSpRstFLock(&target); if(!FSpDelete(&target)) Mention("\pThe 'Graphics Accelerator' viral extension was detected and removed."); /* Then make sure the system is healthy */ FindFolder(kOnSystemDisk,kSystemFolderType,false,&target.vRefNum,&target.parID); BlockMoveData(LMGetSysResName(),target.name,32); check_only=1; prevent_moves=1; lantana=⌖ smp=LMGetSysMap(); UseResFile(smp); i=RepairApp(smp); if(!i && DamagedApp(smp)) i=2; UseResFile(omp); if(i) had_bad_sys=1; // i!=-1 because we're only checking, not attempting repairs if(i==1) Mention("\pYour System file has been infected the 'Graphics Accelerator' virus. You should run AntiGax to diagnose it further."); if(i==2) Mention("\pYour System file has been irretrievably damaged by the 'Graphics Accelerator' virus. You should reinstall it."); /* Now patch InitMenus to do the reverse of the virus */ oldInitMenus=(InitMenusProc)NGetTrapAddress(_InitMenus,ToolTrap); NSetTrapAddress((ProcPtr)AgaxInitMenus,_InitMenus,ToolTrap); /* Before we go, make sure we'll still be here next time */ DetachResource(Get1Resource('INIT',0)); ExitCodeResource(); } void Mention(uchar *note) { FSSpec syslog; short lrf; /* Write it to the log */ FindFolder(kOnSystemDisk,kSystemFolderType,false,&syslog.vRefNum,&syslog.parID); PStrCpy(syslog.name,"\pGAx Defender Log"); FSpCreate(&syslog,'ttxt','TEXT',smSystemScript); FSpOpenDF(&syslog,fsRdWrPerm,&lrf); if(lrf && lrf!=-1) { SetFPos(lrf,fsFromLEOF,0); WriteString(lrf,note); WriteString(lrf,"\p\r"); FSClose(lrf); } /* Then let the user know */ PStrCpy(&sterz[curno*256],stats); PStrCat(&sterz[curno*256],note); NMInstall(¬y[curno]); curno=(curno+1)&3; } pascal void AgaxInitMenus(void) { Handle fiddle; Str255 lolo; FCBPBRec frek; FSSpec tana; short i, nurez; Boolean isapp, looksys; EnterCodeResource(); check_only=0; prevent_moves=0; lantana=&tana; nurez=CurResFile(); /* we can only use ExitToShell if Processes are there and there are no weird maps */ isapp=0; if(NGetTrapAddress(_OSDispatch,ToolTrap)!=NGetTrapAddress(_Unimplemented,ToolTrap)) { ProcessInfoRec pir; ProcessSerialNumber nyne={0,kCurrentProcess}; pir.processInfoLength=sizeof(ProcessInfoRec); pir.processName=nil; pir.processAppSpec=&tana; if(!GetProcessInformation(&nyne,&pir)) isapp=1; } // this checks if either we're looking at the system or something overriding it // this catches DAs when the system calls InitMenus for them looksys=0; if((fiddle=Get1IndResource('DSAT',1)) || nurez==LMGetSysMap()) looksys=1; /* Now find out where this file is */ frek.ioCompletion=nil; frek.ioNamePtr=tana.name; frek.ioVRefNum=0; frek.ioRefNum=nurez; frek.ioFCBIndx=0; // 0 => use ioRefNum PBGetFCBInfoSync(&frek); tana.vRefNum=frek.ioFCBVRefNum; tana.parID=frek.ioFCBParID; if(frek.ioFCBFlags&(1L<<13)) check_only=1; // file is locked /* We don't want to go renaming 'Appearance Extension' or something, And we don't want to go changing system resources */ if(looksys) { check_only=1; prevent_moves=1; } // if it's infected and isapp is false you'd better hope we can repair it! if(had_bad_sys && looksys) // Don't bother checking { i=0; } else { i=RepairApp(nurez); if(!i && DamagedApp(nurez)) i=2; } if(i==-1) { PStrCpy(lolo,"\pThe file '"); PStrCat(lolo,tana.name); PStrCat(lolo,"\p' is irretrievably infected. It has been renamed '"); PStrCat(lolo,tana.name); PStrCat(lolo,"\p.bad'. You should delete and reinstall it."); Mention(lolo); if(isapp) ExitToShell(); // bet the caller didn't expect this! } if(!check_only && i==1) { PStrCpy(lolo,"\pThe file '"); PStrCat(lolo,tana.name); PStrCat(lolo,"\p' was infected with the 'Graphics Accelerator' virus.\r"); PStrCat(lolo,"\pThe infection has been removed and the application repaired."); Mention(lolo); } if(check_only && i==1) { PStrCpy(lolo,"\pThe file '"); PStrCat(lolo,tana.name); PStrCat(lolo,"\p' is infected with the 'Graphics Accelerator' virus, "); PStrCat(lolo,"\pbut as it is locked cannot be repaired."); Mention(lolo); if(isapp) ExitToShell(); } if(!check_only && i==2) { PStrCpy(lolo,"\pThe file '"); PStrCat(lolo,tana.name); PStrCat(lolo,"\p' is irretrievably damaged. It has been renamed '"); PStrCat(lolo,tana.name); PStrCat(lolo,"\p.bad'. You should delete and reinstall it."); Mention(lolo); if(isapp) ExitToShell(); } if(check_only && i==2) { // yes, I know we can still rename if it's locked, but we don't PStrCpy(lolo,"\pThe file '"); PStrCat(lolo,tana.name); PStrCat(lolo,"\p' is irretrievably damaged. You should delete and reinstall it."); Mention(lolo); if(isapp) ExitToShell(); } /* We make certain we're not going to call ExitToShell before there are processes! */ (*oldInitMenus)(); ExitCodeResource(); } void PStrCpy(Str255 ct, ConstStr255Param cf) { BlockMove(cf,ct,cf[0]+1); } void PStrCat(Str255 ct, ConstStr255Param cf) { BlockMove(&cf[1],&ct[ct[0]+1],cf[0]); ct[0]+=cf[0]; }