Problem with FindFirstFile and FindNextFile?

Question

4.00/5 (1 vote)

See more:

Hi guys,
I have problem is that:
I want to kill virus called "Packed.Win32.Krap.ar" and this virus when being activated transfer itself to a random directory and random file name in "C:\Program Files". And this virus hide itself perfectly and no one can see this file even when you put your mouse on the directory the folder looks like it's empty, but the virus in there. And I have programmed a VB.net program to show this virus but it was not worked.

So, I have program in c++ win32 console application and this program get me the list of files in directory using "FindFirstFile & FindNextFile" functions, and this program works well, It gets me the virus name with full path.
So, I decided to make a c++/cli dll class library so I can call this function into the VB.net. But the dll It can't get me the List of files in that directory!!!!!!! why??

This is the code of c++ win32:

C++

int _tmain(int argc, TCHAR *argv[])
{
   WIN32_FIND_DATA ffd;
   LARGE_INTEGER filesize;
   HANDLE hFind = INVALID_HANDLE_VALUE;
   DWORD dwError=0;
   
   // Find the first file in the directory.

   hFind = FindFirstFile(TEXT("C:\\Program Files\\YSxXeMcr\\*.*"), &ffd);

   if (INVALID_HANDLE_VALUE == hFind) 
   {
      DisplayErrorBox(TEXT("FindFirstFile"));
      return dwError;
   } 
   
   // List all the files in the directory with some info about them.

   do
   {
      if (!(ffd.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY))
      {
         filesize.LowPart = ffd.nFileSizeLow;
         filesize.HighPart = ffd.nFileSizeHigh;
         _tprintf(TEXT("  %s   %ld bytes\n"), ffd.cFileName, filesize.QuadPart);
      }
      else
      {
         _tprintf(TEXT("  %s   <DIR>\n"), ffd.cFileName);
      }
   }
   while (FindNextFile(hFind, &ffd) != 0);
 
   dwError = GetLastError();
   if (dwError != ERROR_NO_MORE_FILES) 
   {
      DisplayErrorBox(TEXT("FindFirstFile"));
   }

   FindClose(hFind);
   system("pause");
   return dwError;
}

And this is the c++/cli dll code:

C++

String^ ReadFirstFile(String^ Path)
{
    WIN32_FIND_DATA     FindFileData;
    if (Path->Length == 3) Path +="*.*";
    else Path += "\\*.*";
    char*               path = (char*) Marshal::StringToHGlobalAnsi(Path).ToPointer();
    hFile = FindFirstFile(path, &FindFileData);
    if (hFile == INVALID_HANDLE_VALUE)
    {
        String^     Error;
        LPCTSTR     E      =   GetTheError("FindFirstFile");
        Error = gcnew String(reinterpret_cast<const char*>(E));
        throw gcnew ReadStreamException(Error);
        return "";
    }
    do
    {
        if (!(FindFileData.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY))
        {
            String^ FileName;
            FileName = gcnew String(reinterpret_cast<const char*>(FindFileData.cFileName ));
            Path     = Path->Replace("*.*",FileName);
            return Path;
        }
    }
    while (FindNextFile(hFile, &FindFileData) != 0);
    return "";
}

Oh!, don't wary about the dll code it's just pring me the first file and then I call the FindNextFile.

I hope you understand my question...
And I hope you have answer.

Posted 21-Apr-12 10:12am

Rasool Ahmed

Add a Solution

3 solutions

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Richard MacCutchan · Answer 1 · 2012-04-22T22:24:00

Solution 3

In your do {} while; loop you are ignoring all directories and returning the first file that you find. What happens next?

Posted 22-Apr-12 22:24pm

Richard MacCutchan

Comments

[no name] 23-Apr-12 11:44am

Why you asked this question, I want to get the first file that I find, but in cli will not get me the first file for the directory that contains the virus. Only in win32.

Richard MacCutchan 23-Apr-12 12:06pm

Why I asked this question: because I am trying to understand what your problem is. Unfortunately the statement " I want to get the first file that I find, but in cli will not get me the first file for the directory that contains the virus. Only in win32." does not tell me anything.

[no name] 23-Apr-12 14:54pm

What part of my question you don't understand?

Richard MacCutchan 24-Apr-12 3:15am

You have not explained what errors you get, what results come from the FindFirstFile() call etc. Also as I said above, looking at your code I still do not understand what is supposed to happen in your do loop.

[no name] 24-Apr-12 13:26pm

Alright, My program don't return me any error, only wrong results.
In my do loop it suppose ignore all the directories until get the first file.
The program work fine but...
In CLI programming the directory that contains the virus the program return me 0 files.
In the WIN32 programming the program return me the virus name in that directory.

Richard MacCutchan 25-Apr-12 4:28am

The only thing I can suggest is to step through it in your debugger to find out where these wrong results are coming from. You could also add some debug code to print some more information about what is happening in the dll code.

«_Superman_» · Answer 2 · 2012-04-22T15:30:00

Solution 2

I think you should use an Anti-Virus program.

Posted 22-Apr-12 15:30pm

«_Superman_»

Comments

[no name] 22-Apr-12 23:10pm

Body, I am building an anti-virus.

«_Superman_» 22-Apr-12 23:24pm

In that case, you need to do a lot more research.
Because you cannot rely on APIs like FindFirstFile as there are programs called rootkits that hide from such file enumerating APIs.

enhzflep 23-Apr-12 6:04am

My 5. Rootkit is the key-word here.

[no name] 23-Apr-12 11:46am

The only solution is use win32 but I want use cli!!!

C^hris L^osinger · Answer 3 · 2012-04-22T06:42:00

Solution 1

"It can't get me the List of files in that directory!!!!!!! "

does it give an error of any kind?

Posted 22-Apr-12 6:42am

C^hris L^osinger154.1K

Comments

[no name] 22-Apr-12 15:47pm

Nop, no error.