Background:
Blogger last year in a well-known domestic internet company to do a URL security test when written a draft.
Finally, it didn't work on the project.
At that time, the main want to use for URL security storage and update, need to establish the download file and URL Security attribute Association.
The logic is roughly the same:
If the downloaded file is poisoned, the URL is identified as dangerous, and if it is not poisoned, it is safe to restore the URL.
At that time to find a lot of information is not ideal, especially for different versions of IE browser, the idea of online predecessors almost have been ineffective.
Finally helpless fencing, reverse the IE browser this part of the function, only to achieve the goal, the specific implementation code as follows:
#include <WinInet.h> #pragma comment (lib, "Wininet.lib") HRESULT Getiedownloadcache (HANDLE &henumhandle, Lpinternet_cache_entry_infoa &lpcache, DWORD &nentrysize) {HRESULT hr; DWORD nerror; DWORD dwsize; Lpinternet_cache_entry_infoa Lpcacheentry; HANDLE Hhandle; DWORD dwentrysize; dwentrysize = 0; hr = E_INVALIDARG; if (! Findfirsturlcacheentryexa ("Iedownload:", 0, 0xFFFFFFFF, 0, NULL, &dwentrysize, NULL, NULL, NULL)) {if (Getlasterro R ()! = error_insufficient_buffer) goto failexit; dwsize = dwentrysize; Lpcacheentry = (LPINTERNET_CACHE_ENTRY_INFOA) HeapAlloc (GetProcessHeap (), heap_zero_memory, dwSize); if (!lpcacheentry) return e_outofmemory; Hhandle = Findfirsturlcacheentryexa ("Iedownload:", 0,0xffffffff,0,lpcacheentry,&dwentrysize,null,null,null); if (hhandle) {hr = 0; Lpcache = Lpcacheentry; Nentrysize = dwentrysize; Henumhandle = Hhandle; } else {failexit:nerror = GetLastError (); hr = Nerror; if ((signed int) nerror > 0) hr = (unsigned __int16) nerror | 0x80070000; }} return hr; HRESULT Findnextcache (HANDLE &henumhandle, Lpinternet_cache_entry_infoa &lpcache, DWORD &dwentrysize) { HRESULT hr; DWORD nSize; Lpinternet_cache_entry_infoa Lpcacheentry; DWORD nerror; DWORD Cbcacheentryinfo; Cbcacheentryinfo = 0; hr = E_INVALIDARG; if (! FindNextUrlCacheEntryA (Henumhandle, NULL, &cbcacheentryinfo)) {if (GetLastError ()! = Error_insufficient_buffer) Goto Failexit; NSize = Cbcacheentryinfo; Lpcacheentry = (LPINTERNET_CACHE_ENTRY_INFOA) HeapAlloc (GetProcessHeap (), heap_zero_memory, nSize); if (!lpcacheentry) return e_outofmemory; if (FindNextUrlCacheEntryA (Henumhandle, Lpcacheentry, &cbcacheentryinfo)) {hr = 0; Lpcache = Lpcacheentry; Dwentrysize = Cbcacheentryinfo; } else {failexit:nerror = GetLastError (); hr = Nerror; if ((signed int) nerror > 0) hr = (unsigned __int16) nerror | 0x80070000; }} return hr; void __cdecl Myheapfree (lpvoid lpmem) {HANDLE hheap; if (lpmem) {hheap = GetProcessHeap (); HeapFree (hheap, 0, Lpmem); }} int getieversion () {HKEY HKEY = NULL; DWORD dwtype = 0; CHAR szdata[16] = {0}; DWORD dwdatasize = 15; int nversion = 0; if (Regopenkeyexa (HKEY_LOCAL_MACHINE, "Software\\microsoft\\internet Explorer", 0, Key_read, &hkey)! = ERROR_SUCCE SS) {goto Exit0;} CHAR Szversion[max_path] = {0}; DWORD dwversionsize = max_path-1; LONG Lret = Regqueryvalueexa (HKey, "svcversion", NULL, &dwtype, (byte*) szversion, &dwversionsize); if (error_success = = Lret && REG_SZ = = dwtype) {PCHAR pfind = strstr (Szversion, "."); if (pfind! = NULL) {*pfind = 0; int nver = atoi (szversion); if (9 = = Nver | | Ten = = Nver | | = = nver) {nversion = Nver; Goto Exit0; }}} if (Error_success! = Regqueryvalueexa (HKey, "Build", NULL, &dwtype, (byte*) szdata, &dwdatasize)) {goto Ex It0; } nversion = Atoi (szdata); while (Nversion >=) {nversion = NVERSION/10;} if (nversion < 6) {nversion = 0; Goto Exit0; }exit0:if (HKey! = NULL) {RegCloseKey (HKey);} return nversion;} BOOL Getiedownloadhistoryformcache (wstring & destfile,wstring & Refurl, wstring &downloadurl) {unsigned int I Lpinternet_cache_entry_infoa Lpcache; BOOL bRet = FALSE; HANDLE Henumhandle; DWORD dwsize; DWORD ieurl_buffer_offset = 0; Lpinternet_cache_entry_infoa Lpcacheentry; DWORD iever=getieversion (); Wstring Strrefurl,strmimetype,strsrcfile,strdownloadurl,strdestfile; Henumhandle = NULL; Lpcacheentry = NULL; dwsize = 0; for (i = Getiedownloadcache (Henumhandle, Lpcacheentry, dwsize); (I & 0x80000000u) = = 0; i = Findnextcache (Henumhandle, Lpcacheentry, dwsize)) {lpcache = Lpcacheentry; if (strnicmp (Lpcache->lpszsourceurlname, "Iedownload:", one) = = 0) {if (lpcache->lpheaderinfo) {BRet = TR UE; DWORD dwlimitsize = 0x200; for (DWORD n = 0; n < dwlimitsize; n++) {BYTE http[] = {0x68, 0x00, 0x74, 0x00, 0x74, 0x00, 0x70, 0x00, 0x3a, 0x00, 0x2f, 0x00, 0x2f}; BYTE https[] = {0x68, 0x00, 0x74, 0x00, 0x74, 0x00, 0x70, 0x00, 0x73, 0x00, 0x3a, 0x00, 0x2f, 0x00, 0x2f}; BYTE ftp[] = {0x66, 0x00, 0x74, 0x00, 0x70, 0x00, 0x3a, 0x00, 0x2f, 0x00, 0x2f}; if ((MEMCMP (Lpcache->lpheaderinfo+n, (pbyte) http,sizeof (http)) = = 0) | | (MEMCMP (Lpcache->lpheaderinfo+n, (pbyte) ftp,sizeof (FTP)) = = 0) | | (MEMCMP (Lpcache->lpheaderinfo+n, (pbyte) https,sizeof (https)) = = 0)) {ieurl_buffer_offset = n; Break }} wprintf (L "------------------------------------------\ n"); LPWSTR Lprefurl; LPWSTR Lpmimetype; LPWSTR Lpsrcfile; LPWSTR Lpdownloadurl; LPWSTR Lpdestfile; if (Iever = = 9) {Lprefurl = (LPWSTR) ((LPBYTE) lpcache->lpheaderinfo+ieurl_buffer_offset); Strrefurl = Lprefurl; if (!strrefurl.empty ()) {wprintf (L "refurl[%s]\n", Strrefurl.c_str ()); Lpdownloadurl = (LPWSTR) ((LPBYTE) lprefurl+ ((WCSLEn (Lprefurl) +1)); Strdownloadurl = Lpdownloadurl; if (!strdownloadurl.empty ()) {wprintf (L "downloadurl[%s]\n", Strdownloadurl.c_str ()); Lpdestfile= (LPWSTR) ((LPBYTE) lpdownloadurl+ ((Wcslen (Lpdownloadurl) +1)); strDestFile = Lpdestfile; wprintf (L "destfile[%s]\n", Strdestfile.c_str ()); }}} else if (Iever = = 11| | Iever = = Ten) {Lprefurl = (LPWSTR) ((LPBYTE) lpcache->lpheaderinfo+ieurl_buffer_offset); Strrefurl = Lprefurl; if (!strrefurl.empty ()) {wprintf (L "refurl[%s]\n", Strrefurl.c_str ()); Lpmimetype = (LPWSTR) ((LPBYTE) lprefurl+ ((Wcslen (Lprefurl) +1))); } strmimetype = Lpmimetype; if (Strmimetype.find (l "tp:/") = = Wstring::npos) {if (!strmimetype.empty ()) {wprintf (l "mimetype[%s]\ N ", Strmimetype.c_str ()); Lpsrcfile = (LPWSTR) ((LPBYTE) lpmimetype+ ((Wcslen (Lpmimetype) +1))); } strsrcfile = Lpsrcfile; if (!strsrcfile.empty ()) {wprintf (L "SRcfile[%s]\n ", Strsrcfile.c_str ()); Lpdownloadurl= (LPWSTR) ((LPBYTE) lpsrcfile+ ((Wcslen (lpsrcfile) +1)); } Strdownloadurl = Lpdownloadurl; if (!strdownloadurl.empty ()) {wprintf (L "downloadurl[%s]\n", Strdownloadurl.c_str ()); Lpdestfile= (LPWSTR) ((LPBYTE) lpdownloadurl+ ((Wcslen (Lpdownloadurl) +1)); wprintf (L "destfile[%s]\n", lpdestfile); strDestFile = Lpdestfile; }}//compatible upgrade from IE9 to IE10 or above, else {Lpdownloadurl = (LPWSTR) ((LPBYTE) lprefurl+ ((Wcslen (Lprefurl) +1)); Strdownloadurl = Lpdownloadurl; if (!strdownloadurl.empty ()) {wprintf (L "downloadurl[%s]\n", Strdownloadurl.c_str ()); Lpdestfile= (LPWSTR) ((LPBYTE) lpdownloadurl+ ((Wcslen (Lpdownloadurl) +1)); strDestFile = Lpdestfile; wprintf (L "destfile[%s]\n", Strdestfile.c_str ()); }}} wprintf (L "------------------------------------------\ n"); }} else//ie9 the following version {strdownloadurl=ca2w (Lpcache->lpszsourceuRlname); STRDESTFILE=CA2W (Lpcache->lpszlocalfilename); Transform (Strdestfile.begin (), Strdestfile.end (), Strdestfile.begin (), towlower); The filter destination file directory is a temporary directory if (Strdestfile.find (l "content.ie5") ==std::string::npos) {wprintf (l "----------------------------- -------------\ n "); wprintf (L "lpszsourceurl[%s]\n", Strdownloadurl.c_str ()); wprintf (L "lpszlocalfile[%s]\n", Strdestfile.c_str ()); wprintf (L "------------------------------------------\ n"); }}//deleteurlcacheentrya (Lpcache->lpszsourceurlname); Myheapfree (Lpcache); Transform (Strdestfile.begin (), Strdestfile.end (), Strdestfile.begin (), towlower); Transform (Destfile.begin (), Destfile.end (), Destfile.begin (), towlower); if (Strdestfile.find (Destfile.c_str ())!=wstring::npos) {refurl=strrefurl; DownloadURL = Strdownloadurl; return bRet; }} return bRet;} -------------------------------------------------------------------------------------------------BOOL Getiedownloadfileurl (wstring& Strcachefilepath, wstring& refurl,wstring& FileUrl) {unsigned int i; Lpinternet_cache_entry_infoa Lpcache; BOOL bRet = FALSE; HANDLE Henumhandle; DWORD dwsize; DWORD ieurl_buffer_offset = 0; Lpinternet_cache_entry_infoa Lpcacheentry; Wstring Strrefurl,strmimetype,strsrcfile,strdownloadurl,strdestfile; Henumhandle = NULL; Lpcacheentry = NULL; dwsize = 0; Debug_put ("------------------Getiedownloadhistoryformcache------------------------\ n")); for (i = Getiedownloadcache (Henumhandle, Lpcacheentry, dwsize); (I & 0x80000000) = = 0; i = Findnextcache (Henumhandle, Lpcacheentry, dwsize)) {lpcache = Lpcacheentry; if (strnicmp (Lpcache->lpszsourceurlname, "Iedownload:", one) = = 0) {if (lpcache->lpheaderinfo) {BRet = TR UE; DWORD dwlimitsize = 0x200; for (DWORD n = 0; n < dwlimitsize; n++) {BYTE http[] = {0x68, 0x00, 0x74, 0x00, 0x74, 0x00, 0x70, 0x XX, 0x3a, 0x00, 0x2f, 0x00, 0x2f}; BYTE https[] = {0x68, 0x00, 0x74, 0x00, 0x74, 0x00, 0x70, 0x00, 0x73, 0x00, 0x3a, 0x00, 0x2f, 0x00, 0x2f}; BYTE ftp[] = {0x66, 0x00, 0x74, 0x00, 0x70, 0x00, 0x3a, 0x00, 0x2f, 0x00, 0x2f}; if ((MEMCMP (Lpcache->lpheaderinfo+n, (pbyte) http,sizeof (http)) = = 0) | | (MEMCMP (Lpcache->lpheaderinfo+n, (pbyte) ftp,sizeof (FTP)) = = 0) | | (MEMCMP (Lpcache->lpheaderinfo+n, (pbyte) https,sizeof (https)) = = 0)) {ieurl_buffer_offset = n; Break }} debug_put (("------------------------------------------\ n")); LPWSTR Lprefurl; LPWSTR Lpmimetype; LPWSTR Lpsrcfile; LPWSTR Lpdownloadurl; LPWSTR Lpdestfile; Lprefurl = (LPWSTR) ((LPBYTE) lpcache->lpheaderinfo+ieurl_buffer_offset); Strrefurl = Lprefurl; if (!strrefurl.empty ()) {debug_put ("refurl[%s]\n", Strrefurl.c_str ())); Lpmimetype = (LPWSTR) ((LPBYTE) lprefurl+ ((Wcslen (Lprefurl) +1))); Strmimetype = Lpmimetype; } if (Strmimetype.find (L "tp:/") = = Wstring::npos) {if (!strmimetype.empTy ()) {debug_put ("mimetype[%s]\n", Strmimetype.c_str ())); Lpsrcfile = (LPWSTR) ((LPBYTE) lpmimetype+ ((Wcslen (Lpmimetype) +1))); } strsrcfile = Lpsrcfile; if (!strsrcfile.empty ()) {debug_put ("srcfile[%s]\n", Strsrcfile.c_str ())); Lpdownloadurl= (LPWSTR) ((LPBYTE) lpsrcfile+ ((Wcslen (lpsrcfile) +1)); } Strdownloadurl = Lpdownloadurl; if (!strdownloadurl.empty ()) {debug_put ("downloadurl[%s]\n", Strdownloadurl.c_str ())); Lpdestfile= (LPWSTR) ((LPBYTE) lpdownloadurl+ ((Wcslen (Lpdownloadurl) +1)); Debug_put (("destfile[%s]\n", Lpdestfile)); strDestFile = Lpdestfile; }}//compatible with IE9 else {Lpdownloadurl = (LPWSTR) ((LPBYTE) lprefurl+ ((Wcslen (Lprefurl) +1) *)); Strdownloadurl = Lpdownloadurl; if (!strdownloadurl.empty ()) {debug_put ("downloadurl[%s]\n", Strdownloadurl.c_str ())); Lpdestfile= (LPWSTR) ((LPBYTE) lpdownloadurl+ ((Wcslen (Lpdownloadurl) +1)); strDestFile = Lpdestfile; Debug_put (("destfile[%s]\n", Strdestfile.c_str ())); }} debug_put (("------------------------------------------\ n")); }} else {//compatible with IE9 version strdownloadurl=ca2w (lpcache->lpszsourceurlname); STRDESTFILE=CA2W (Lpcache->lpszlocalfilename); Transform (Strdestfile.begin (), Strdestfile.end (), Strdestfile.begin (), towlower); }//Clear record//deleteurlcacheentrya (Lpcache->lpszsourceurlname); Myheapfree (Lpcache); Transform (Strdestfile.begin (), Strdestfile.end (), Strdestfile.begin (), towlower); Transform (Strcachefilepath.begin (), Strcachefilepath.end (), Strcachefilepath.begin (), towlower); if (Strdestfile.find (Strcachefilepath)!=wstring::npos) {refurl=strrefurl; FILEURL = Strdownloadurl; return TRUE; }} return bRet;}
Get the specific implementation of IE download history
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
