Index: winsup/utils/cygcheck.cc =================================================================== RCS file: /cvs/src/src/winsup/utils/cygcheck.cc,v retrieving revision 1.94 diff -p -u -r1.94 cygcheck.cc --- winsup/utils/cygcheck.cc 20 Feb 2007 16:41:54 -0000 1.94 +++ winsup/utils/cygcheck.cc 20 May 2007 17:54:58 -0000 @@ -16,9 +16,10 @@ #include #include #include +#include #include #include -#include +#include #include "path.h" #include #include "cygwin/include/sys/cygwin.h" @@ -47,7 +48,7 @@ typedef long long longlong; #else typedef __int64 longlong; #endif - + void dump_setup (int, char **, bool); void package_find (int, char **); void package_list (int, char **); @@ -1119,6 +1120,239 @@ dump_sysinfo_services () /* inform the user if nothing found */ if (no_services) puts ("No Cygwin services found.\n"); +} + + +/* +> I'll try and find some tuits. If nothing else it might +>save a lot of time just to have the information listed in cygcheck. We +>probably want to give it the ability to detect that a badware exists or +>is installed by looking for 1) registry keys that would indicate it has +>been installed 2) presence of named executables in known (i.e. default +>install) locations and 3) presence of named executables in list of +>current running tasks. + +Sonic Solutions burning software containing DLA component +Norton/MacAffee/Symantec antivirus or antispyware +Logitech webcam software with "Logitech process monitor" service +Kerio, Agnitum or ZoneAlarm Personal Firewall +Iolo System Mechanic/AntiVirus/Firewall +LanDesk +Windows Defender +Embassy Trust Suite fingerprint reader software containing wxvault.dll + +*/ + +typedef enum BadApp { + SONIC, NORTON, MACAFFEE, SYMANTEC, + LOGITECH, KERIO, AGNITUM, ZONEALARM, + IOLO, LANDESK, WINDEFENDER, EMBASSYTS, +} eBadApp; + +typedef struct BadAppInfo { + eBadApp app_id; + const char *details; + char found_it; +} sBadAppInfo; + +typedef enum BadAppDetMethod { + HKLMKEY, HKCUKEY, FILENAME, PROCESSNAME, HOOKDLLNAME +} eBadAppDetMethod; + +typedef struct BadAppDet { + eBadAppDetMethod type; + const char *param; + eBadApp app; +} sBadAppDet; + +static const sBadAppDet dodgy_app_detects[] = { + { PROCESSNAME, "dlactrlw.exe", SONIC }, + { HOOKDLLNAME, "wxvault.dll", EMBASSYTS }, + { HKLMKEY, "SYSTEM\\CurrentControlSet\\Services\\vsdatant", ZONEALARM }, + { FILENAME, "%windir%\\System32\\vsdatant.sys", ZONEALARM }, +}; + +static const size_t num_of_detects = sizeof (dodgy_app_detects) / sizeof (dodgy_app_detects[0]); + +static sBadAppInfo big_list_of_dodgy_apps[] = { + { ZONEALARM, "ZoneAlarm Personal Firewall" }, + { SONIC, "Sonic Solutions burning software containing DLA component," }, + { EMBASSYTS, "Embassy Trust Suite fingerprint reader software containing wxvault.dll" }, +}; + +static const size_t num_of_dodgy_apps = sizeof (big_list_of_dodgy_apps) / sizeof (big_list_of_dodgy_apps[0]); + +static bool +expand_path (const char *path, char *outbuf) +{ + char *dst = outbuf; + const char *end, *envval; + char envvar[MAX_PATH]; + size_t len; + + while ((dst - outbuf) < MAX_PATH) + { + if (*path != '%') + { + if ((*dst++ = *path++) != 0) + continue; + break; + } + /* Expand an environ var. */ + end = path + 1; + while (*end != '%') + { + /* Watch out for unterminated % */ + if (*end++ == 0) + { + end = NULL; + break; + } + } + /* If we didn't find the end, can't expand it. */ + if ((end == NULL) || (end == (path + 1))) + { + /* Unterminated % so copy verbatim. */ + *dst++ = *path++; + continue; + } + /* Expand the environment var into the new path. */ + if ((end - (path + 1)) >= MAX_PATH) + return -1; + memcpy (envvar, path + 1, end - (path + 1)); + envvar[end - (path + 1)] = 0; + envval = getenv (envvar); + /* If not found, copy env var name verbatim. */ + if (envval == NULL) + { + *dst++ = *path++; + continue; + } + /* Check enough room before copying. */ + len = strlen (envval); + if ((dst + len - outbuf) >= MAX_PATH) + return false; + memcpy (dst, envval, len); + dst += len; + /* And carry on past the end of env var name. */ + path = end + 1; + } + return (dst - outbuf) < MAX_PATH; +} + +static bool +detect_dodgy_app (const sBadAppDet *det) +{ + HANDLE fh; + HKEY hk; + char expandedname[MAX_PATH]; + + switch (det->type) + { + case HKLMKEY: + if (RegOpenKeyEx (HKEY_LOCAL_MACHINE, det->param, 0, STANDARD_RIGHTS_READ, &hk) == ERROR_SUCCESS) + { + RegCloseKey (hk); + return true; + } + break; + + case HKCUKEY: + printf ("Detect reg key hkcu '%s'\n", det->param); + if (RegOpenKeyEx (HKEY_CURRENT_USER, det->param, 0, STANDARD_RIGHTS_READ, &hk) == ERROR_SUCCESS) + { + RegCloseKey (hk); + return true; + } + break; + + case FILENAME: + if (!expand_path (det->param, expandedname)) + { + assert (false); + } + fh = CreateFile (expandedname, 0, FILE_SHARE_READ | FILE_SHARE_WRITE + | FILE_SHARE_DELETE, NULL, OPEN_EXISTING, 0, NULL); + if (fh != INVALID_HANDLE_VALUE) + { + CloseHandle (fh); + return true; + } + break; + + case PROCESSNAME: + printf ("Detect proc name '%s'\n", det->param); + break; + + case HOOKDLLNAME: + printf ("Detect hookdll '%s'\n", det->param); + break; + + } + return false; +} + +/* Wish we could use C99 member initialisers to get array in order. */ +static sBadAppInfo * +find_dodgy_app_info (eBadApp which_app) +{ + size_t i; + for (i = 0; i < num_of_dodgy_apps; i++) + { + if (big_list_of_dodgy_apps[i].app_id == which_app) + return &big_list_of_dodgy_apps[i]; + } + return NULL; +} + + +static void +dump_dodgy_apps (void) +{ + size_t i, n_det = 0; + /* Go with builtin list for now; later may enhance to + read dodgy apps from a file or download from an URL. */ + for (i = 0; i < num_of_dodgy_apps; i++) + { + big_list_of_dodgy_apps[i].found_it = false; + } + + for (i = 0; i < num_of_detects; i++) + { + const sBadAppDet *det = &dodgy_app_detects[i]; + sBadAppInfo *found = find_dodgy_app_info (det->app); + bool detected = detect_dodgy_app (det); + + /* Not found would mean we coded the lists bad. */ + assert (found); + if (detected) + { + ++n_det; + found->found_it |= (1 << det->type); + } + } + if (n_det) + { + printf ("\nPotential app conflicts:\n\n"); + for (i = 0; i < num_of_dodgy_apps; i++) + { + if (big_list_of_dodgy_apps[i].found_it) + { + printf ("%s\nDetected: ", big_list_of_dodgy_apps[i].details); + if (big_list_of_dodgy_apps[i].found_it & (1 << HKLMKEY)) + printf ("HKLM Registry Key "); + if (big_list_of_dodgy_apps[i].found_it & (1 << HKCUKEY)) + printf ("HKCU Registry Key "); + if (big_list_of_dodgy_apps[i].found_it & (1 << FILENAME)) + printf ("Named file "); + if (big_list_of_dodgy_apps[i].found_it & (1 << PROCESSNAME)) + printf ("Named process "); + if (big_list_of_dodgy_apps[i].found_it & (1 << HOOKDLLNAME)) + printf ("Loaded hook DLL "); + printf ("\n\n"); + } + } + } } static void @@ -1578,6 +1812,9 @@ dump_sysinfo () puts ("Warning: There are multiple cygwin1.dlls on your path"); if (!cygwin_dll_count) puts ("Warning: cygwin1.dll not found on your path"); + + if (verbose) + dump_dodgy_apps (); if (is_nt) dump_sysinfo_services (); @@ -2007,7 +2244,9 @@ main (int argc, char **argv) if (!sysinfo) printf ("\n"); } - +#if 1 + dump_dodgy_apps (); +#else if (check_setup) dump_setup (verbose, argv, !dump_only); else if (find_package) @@ -2034,6 +2273,6 @@ main (int argc, char **argv) if (!givehelp) puts ("Use -h to see help about each section"); } - +#endif return ok ? EXIT_SUCCESS : EXIT_FAILURE; }