J
Jax
The following code is not C++ but is written in ASIC which is a stripped
down version of BASIC. The application (called Exevalid) is to tell if a
file is really an executable AND if it's actually intact. It's to find
malware.
Do you think it should have tested for the ZM marker found in some old DOS
programs in addition to the MZ marker it checks? Is it an oversight to
ignore those DOS executables?
Also... this code checks if the file length is *less* than reported but is
there a valid technical reason why it would not need to check if the file
length is *greater* than reported?
Any feedback and info is welcome!
print"Valid executable checker. Version 1.1a"
print"Written by Dustin Cook January 10th, 2007"
print""
print"Enter file extension: ";
input extension$;
print""
print"Delete them if corrupt [Y/N]";
gosub getyesno:
if a$="Y" then
killcorruptexe=1
else
killcorruptexe=0
endif
print"Delete if not an .EXE [Y/N]";
gosub getyesno:
if a$="Y" then
dienonexe=1
else
dienonexe=0
endif
print"Doing it..."
search$="*"
search$=search$+extension$
search$=ucase$(search$)
attribute=6
call sub "FindFirstF" search$ attribute errcode
if errcode>0 then
print"Sorry, no files found to verify structure."
end
endif
loopstart=1
while loopstart=1
call sub "GetNameF" filename$
call sub "GetsizeF" file_length&
if loopstart=1 then
open"i",1,filename$
input #1,a$ BYTE
input #1,b$ BYTE
c$=a$+b$
if c$="MZ" then
input #1,partialblock
input #1,blocks
isexe=1
else
print filename$;
print" isn't an .EXE file."
isexe=0
if dienonexe=1 then
kill filename$
endif
endif
close 1
blocks=abs(blocks)
totalsize&=blocks*512
partialblock=abs(partialblock)
partialblock=512-partialblock
if partialblock>0 then
totalsize&=totalsize&-partialblock
endif
if isexe=1 then
if totalsize&>file_length& then
print filename$;
print" is likely corrupt. File's Actual length less than reported."
if killcorruptexe=1 then
kill filename$
endif
endif
endif
call sub "FindNextF" errcode
if errcode>0 then
loopstart=0
endif
wend
print"Done!"
endif
end
getyesno:
loopstart=1
while loopstart=1
a$=inkey$
a$=ucase$(a$)
if a$="Y" then
loopstart=0
endif
if a$="N" then
loopstart=0
endif
wend
print a$
return
down version of BASIC. The application (called Exevalid) is to tell if a
file is really an executable AND if it's actually intact. It's to find
malware.
Do you think it should have tested for the ZM marker found in some old DOS
programs in addition to the MZ marker it checks? Is it an oversight to
ignore those DOS executables?
Also... this code checks if the file length is *less* than reported but is
there a valid technical reason why it would not need to check if the file
length is *greater* than reported?
Any feedback and info is welcome!
print"Valid executable checker. Version 1.1a"
print"Written by Dustin Cook January 10th, 2007"
print""
print"Enter file extension: ";
input extension$;
print""
print"Delete them if corrupt [Y/N]";
gosub getyesno:
if a$="Y" then
killcorruptexe=1
else
killcorruptexe=0
endif
print"Delete if not an .EXE [Y/N]";
gosub getyesno:
if a$="Y" then
dienonexe=1
else
dienonexe=0
endif
print"Doing it..."
search$="*"
search$=search$+extension$
search$=ucase$(search$)
attribute=6
call sub "FindFirstF" search$ attribute errcode
if errcode>0 then
print"Sorry, no files found to verify structure."
end
endif
loopstart=1
while loopstart=1
call sub "GetNameF" filename$
call sub "GetsizeF" file_length&
if loopstart=1 then
open"i",1,filename$
input #1,a$ BYTE
input #1,b$ BYTE
c$=a$+b$
if c$="MZ" then
input #1,partialblock
input #1,blocks
isexe=1
else
print filename$;
print" isn't an .EXE file."
isexe=0
if dienonexe=1 then
kill filename$
endif
endif
close 1
blocks=abs(blocks)
totalsize&=blocks*512
partialblock=abs(partialblock)
partialblock=512-partialblock
if partialblock>0 then
totalsize&=totalsize&-partialblock
endif
if isexe=1 then
if totalsize&>file_length& then
print filename$;
print" is likely corrupt. File's Actual length less than reported."
if killcorruptexe=1 then
kill filename$
endif
endif
endif
call sub "FindNextF" errcode
if errcode>0 then
loopstart=0
endif
wend
print"Done!"
endif
end
getyesno:
loopstart=1
while loopstart=1
a$=inkey$
a$=ucase$(a$)
if a$="Y" then
loopstart=0
endif
if a$="N" then
loopstart=0
endif
wend
print a$
return