Home > Others

On the method of traversing disk Win32

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

Recently to write an online kill the east, although it is dedicated to kill (originally just to clear a few specific files and kill a few specific processes, and then restore the user's registry to normal, a lot of virus Trojan favorite thing to do is to write image hijacking and then the machine restarts, security-related software all finished, but there is no technical content , using the operating system "vulnerability" only), but because it is a disk drive, the virus (Trojan) is disgusting, is an infection type, your disk EXE file can all give you infected into a "small disk machine", very scary, hehe, so no way, to clear it, must kill the disk drive after the process, Scan the whole, for every infected EXE file (like COM file can not infect) to repair, how to do disk traversal? Take a look at the following code: (In fact, the anti-virus engine is the process of working on a file to traverse the disk, and then processing each file)

  2. // -------------------------------------------------------------------------
  4. Function: Scandirectory
  6. Function: Traverse a directory and do something (what do you want to do?)
  8. return value: DWORD
  10. Parameter: const WCHAR *pwszpath
  12. Note: The disk root directory can be
  14. // -------------------------------------------------------------------------
  16. DWORD scandirectory (const WCHAR *pwszpath)
  18. {
  20. Uses_conversion;
  24. static int ncountfile = 0;
  26. DWORD dwret = 1;
  30. WCHAR *s = NULL;
  34. HANDLE hfind = NULL;
  36. Win32_find_dataw fd = {0};
  40. WCHAR Wszfilename[max_path] = L"";
  42. Lstrcpyw (Wszfilename, Pwszpath);
  46. s = wszfilename + wcslen (wszfilename);
  48. if (* (s-1)! = L'//')
  50. *s++ = L'//';
  52. //wcscpy_s (S, 4, L "* *");
  54. :: Lstrcpyw (S, L"* *");
  58. Hfind = Findfirstfilew (Wszfilename, &FD);
  60. if (hfind==invalid_handle_value)
  62. goto Exit0;
  64. Do
  66. {
  68. //Filter
  70. if (_wcsicmp (L".", fd.cfilename) = = 0 | | _wcsicmp (L":", fd.cfilename) = = 0)
  72. continue;
  76. :: Lstrcpyw (S, fd.cfilename);
  78. * (S + lstrlenw (fd.cfilename)) = L'/0 ';
  82. //If the folder is recursive
  84. if (fd.dwfileattributes & file_attribute_directory)
  86. {
  88. //delete. SVN directory, I do a small job, delete the file, O (∩_∩) o ...
  90. WCHAR Wszsvncmd[max_path] = {0};
  92. :: Lstrcpyw (Wszsvncmd, L"rmdir/s/q");
  94. :: Lstrcatw (Wszsvncmd, wszfilename);
  96. :: Lstrcatw (Wszsvncmd, L"//.svn");
  98. System (W2A (Wszsvncmd));
  100. Scandirectory (Wszfilename);
  102. }
  104. Else
  106. {
  108. //Scan the file
  110. //Here you can put in your processing code for the file
  112. }
  116. }while (:: Findnextfilew (Hfind, &FD));
  120. Dwret = 0;
  126. Exit0:
  128. if (hfind! = INVALID_HANDLE_VALUE)
  130. {
  132. :: FindClose (Hfind);
  134. Hfind = NULL;
  136. }
  140. return dwret;
  142. }

Of course, the above code can only traverse a disk, unless you know that your machine has several disks, and then call a few times, but you do not know how many disks on the user's machine, so there must be the following code and the above match:

  2. // -------------------------------------------------------------------------
  4. Function: Parsediskname
  6. function: Resolves the name of the disk that can be scanned on the machine
  8. Return value: DWORD returns the number of disks that can be scanned
  10. Parameter: TCHAR *pszdiskname buffer put the English letter name of the disk that can be scanned
  12. Note:
  14. // -------------------------------------------------------------------------
  16. DWORD parsediskname (TCHAR *pszdiskname)
  18. {
  20. static TCHAR *pszwordtable = {"abcdefghijklmnopqrstuvwxyz"};
  24. DWORD Dwdisk;
  26. DWORD dwbase = 0x1;
  28. DWORD dwcount = 0; //record number of disks
  30. DWORD dwscancount = 0; //number of valid disks to scan for return
  32. DWORD dwstyle;
  36. TCHAR Szdiskpath[4] = {0}; //cache a disk root directory name
  38. TCHAR szdiskarray[26] = {0}; //Record all disk names to be scanned
  42. Dwdisk = GetLogicalDrives ();
  46. While (Dwdisk && dwcount <=:: Lstrlen (pszwordtable))
  48. {
  50. memset (Szdiskpath, 0, sizeof (Szdiskpath));
  54. if (Dwdisk & dwbase)
  56. {
  58. :: Lstrcpyn (Szdiskpath, pszwordtable + dwcount, 2);
  60. :: Lstrcat (Szdiskpath, TEXT ("://"));
  62. Dwstyle = GetDriveType (Szdiskpath);
  66. //Whether it is possible to scan the
  68. if (drive_removable = = Dwstyle | | drive_fixed = = dwstyle)
  70. {
  72. Szdiskarray[dwscancount] = Pszwordtable[dwcount];
  74. dwscancount++;
  76. }
  78. }
  82. Dwdisk = Dwdisk & ~dwbase;
  84. Dwbase = Dwbase * 2;
  86. dwcount++;
  88. }
  92. :: lstrcpy (Pszdiskname, Szdiskarray);
  94. return dwscancount;
  96. }

Hehe, almost, but the above traversal file with recursive implementation, there may be a stack overflow situation, with iterative implementation of traversing the disk is also possible, but I have not to write one, or feel too troublesome, recursive more convenient AH. Again show point code, to restart the computer, but this restart is similar to the power-down restart, we do not casually try Ah, a tune your machine can not get any notice on the restart, why so use it? It is because some viruses do something bad when they receive a system restart notification, and this is the way to completely erase it.

  2. // -------------------------------------------------------------------------
  4. Function: Forceshutdown
  6. Function: Forced restart
  8. return value: HRESULT
  10. Note:
  12. // -------------------------------------------------------------------------
  14. HRESULT Forceshutdown ()
  16. {
  18. //force restart Parameter function pointer declaration
  20. typedef ENUM _shutdown_action
  22. {
  24. Shutdownnoreboot,
  26. Shutdownreboot,
  28. Shutdownpoweroff
  30. } shutdown_action;
  32. typedef DWORD (winapi* lpntshutdownsystem) (shutdown_action ACTION);
  36. LONG nret = FALSE;
  40. HANDLE Htoken;
  42. Token_privileges TKP;
  44. HANDLE hprocess = NULL;
  48. hmodule hntdll = NULL;
  52. hprocess =:: GetCurrentProcess ();
  54. if (hprocess = = NULL)
  56. goto Exit0;
  60. if (!::openprocesstoken (hprocess, Token_adjust_privileges | Token_query, &htoken))
  62. goto Exit0;
  66. if (!::lookupprivilegevalue (NULL, Se_shutdown_name, &TKP. Privileges[0]. LUID))
  68. goto Exit0;
  72. Tkp. Privilegecount = 1;
  74. Tkp. Privileges[0]. Attributes = se_privilege_enabled;
  78. :: AdjustTokenPrivileges (Htoken, FALSE, &TKP, 0, (ptoken_privileges) NULL, 0);
  84. Hntdll = LoadLibrary (_t ("NTDLL.DLL"));
  86. if (hntdll)
  88. {
  90. Lpntshutdownsystem Ntshutdownsystem = (lpntshutdownsystem) GetProcAddress (Hntdll, "Ntshutdownsystem");
  92. if (ntshutdownsystem)
  94. {
  96. Ntshutdownsystem (Shutdownreboot);
  98. }
  102. :: FreeLibrary (Hntdll);
  106. Nret = TRUE;
  108. }
  112. Exit0:
  114. if (htoken)
  116. {
  118. :: CloseHandle (Htoken);
  120. Htoken = NULL;
  122. }
  126. if (hprocess)
  128. {
  130. :: CloseHandle (hprocess);
  132. hprocess = NULL;
  134. }
  136. return nret;
  138. }

Let's talk about that stack overflow later.

http://blog.csdn.net/magictong/article/details/2784420

On the method of traversing disk Win32

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
signature of method function of method method of sending email sata disk on module size on disk size size on disk microsoft internet on disk

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More