home *** CD-ROM | disk | FTP | other *** search
/ Garbo / Garbo.cdr / mac / virus / killwdef.sit / KillWDEF.c < prev    next >
Encoding:
C/C++ Source or Header  |  1989-12-10  |  2.4 KB  |  89 lines  |  [TEXT/KAHL]
  1. /*
  2. >>    Kill WDEF-virus INIT
  3. */
  4. #include <SetUpA4.h>
  5.  
  6. #define    GetResourceNum    0x9A0
  7.  
  8. int        ActiveFlag;
  9. char    dtstr[]="\PFinder 1.0";    /*    Ugly, ugly, ugly...                            */
  10.  
  11. void    KillWDEF()                /*    Called when finder does GetResource('WDEF',0);    */
  12. {                                /*    Remove suspect WDEF 0 resources.                */
  13.     Handle    theWDEF;
  14.     Handle    DesktopString;
  15.     int        i;
  16.     char    *rdtstr;
  17.  
  18.     SetUpA4();
  19.                                 /*    Find out if current res file is Desktop            */
  20.     if(0==(DesktopString=Get1Resource('STR ',0)))    return;
  21.     if(GetHandleSize(DesktopString)!=dtstr[0]+1)    return;
  22.     rdtstr=*DesktopString;
  23.     for(i=0;i<=dtstr[0];i++)
  24.     {    if(dtstr[i]!=rdtstr[i])                        return;
  25.     }
  26.  
  27.     theWDEF=Get1Resource('WDEF',0);    /*    Find out if WDEF is in DeskTop            */
  28.     if(theWDEF)                        /*    If it is, beep three times                */
  29.     {    SysBeep(10);
  30.         SysBeep(10);
  31.         SysBeep(10);
  32.         RmveResource(theWDEF);        /*    And remove the resource!                */
  33.     }
  34.     RestoreA4();
  35. }
  36. void    InstallGetResourcePatch()        /*    Install patch to GetResource            */
  37. {                                        /*    This code look weird, but it works fine.*/
  38.     long    OldGetResource;
  39.     long    NewGetResource;
  40.  
  41.     OldGetResource=NGetTrapAddress(GetResourceNum,ToolTrap);
  42.     asm    {
  43.         lea        @OldGetResource,A0
  44.         move.l    OldGetResource,(A0)
  45.         lea        @NewGetResource,A0
  46.         move.l    A0,NewGetResource
  47.         }
  48.     NSetTrapAddress(NewGetResource,GetResourceNum,ToolTrap);
  49.     return;                                /*    Installation ends here                    */
  50. asm    {
  51. @NewGetResource
  52.     cmp.l    #'WDEF',6(sp)                /*    Is someone trying to get a WDEF?        */
  53.     beq.s    @LookOut                    /*    If so, look into it.                    */
  54. @ItsOk
  55.     move.l    @OldGetResource,A0            /*    No, just a plain old GetResource.        */
  56.     jmp        (A0)
  57. @LookOut
  58.     cmp.w    #0,4(sp)                    /*    Is someone trying to get WDEF 0?        */
  59.     bne.s    @ItsOk                        /*    No, just some other WDEF.                */
  60.     lea        FinderName,A0                /*    Is the finder name                        */
  61.     lea        CurApName,A1                /*    equal to the current application name?    */
  62.     clr.l    D0
  63.     move.b    (A0)+,D0
  64.     swap.w    D0
  65.     move.b    (A1)+,D0
  66.     _CmpString    MARKS
  67.     tst.b    D0
  68.     bne.s    @ItsOk                        /*    No, Finder is not running.                */
  69.     movem.l    D0-D7/A2-A4,-(sp)
  70.     jsr        KillWDEF                    /*    Finder is loading a WDEF 0.                */
  71.     movem.l    (sp)+,D0-D7/A2-A4
  72.     bra.s    @ItsOk
  73. @OldGetResource
  74.     dc.l    0
  75.     }
  76. }
  77. void    main()
  78. {
  79.     RememberA0();
  80.     SetUpA4();
  81. asm    {
  82.     move.l    A4,A0
  83.     _RecoverHandle                        /*    Find handle of this code resource.        */
  84.     move.l    A0,-(SP)                    /*    Detach it. It's already locked in the    */
  85.     _DetachResource                        /*    system heap, because of res flags.        */
  86.     }
  87.     InstallGetResourcePatch();            /*    Patch GetResource to look for virus.    */
  88.     RestoreA4();                        /*    Done!                                    */
  89. }