antinimda.zip VirusKiller.h

www.pudn.com > antinimda.zip > VirusKiller.h
// VirusKiller.h: interface for the VirusKiller class. 
// 
////////////////////////////////////////////////////////////////////// 
 
#if !defined(AFX_VIRUSKILLER_H__4D0A0DB8_8877_4A66_87A3_A8BB69BBB4E7__INCLUDED_) 
#define AFX_VIRUSKILLER_H__4D0A0DB8_8877_4A66_87A3_A8BB69BBB4E7__INCLUDED_ 
 
#if _MSC_VER > 1000 
#pragma once 
#endif // _MSC_VER > 1000 
 
#pragma warning(disable : 4786) 
#include  
 
using namespace std; 
 
#define VIRUS_SKIPPED			1 
#define VIRUS_SCANNED			2 
#define VIRUS_INFECTED			4 
#define VIRUS_CLEANED			8 
#define VIRUS_DELETED			16 
#define VIRUS_NOTIMPLIMENTED	32 
#define VIRUS_ERR				128 
 
 
/* type definition for virus scanners & killers */ 
class VirusKiller { 
public: 
	/* result type of scan */ 
	typedef int SCANRESULT; 
	 
	/* collection of virus killers */ 
	typedef set Set; 
 
	/* constructors */ 
	VirusKiller(LPCTSTR name, LPCTSTR extensions=NULL, bool all_files=false); 
	VirusKiller(const VirusKiller& copy); 
 
	/* destructor */ 
	virtual ~VirusKiller() {} 
 
	/* assignment */ 
	VirusKiller& operator=(const VirusKiller& copy); 
 
	/* returns the name of the virus */ 
	inline const CString& Name() const { return m_name; } 
 
	/* returns file extensions associated with this virus (seperated by semi-colons) */ 
	inline const CString& Extensions() const { return m_extensions; } 
 
	/* returns whether all files with this extension will be cleaned */ 
	inline bool AllFiles() const { return m_allfiles; } 
	void AllFiles(bool allfiles) { m_allfiles=allfiles; } 
 
	/* returns the signature for this virus : 
			You must set the m_signature in the child class so the scanning algorithm will 
			know what to scan for in the files. 
	*/ 
	inline LPBYTE Signature() const { return m_signature; } 
 
	/* cleans a file that contains a recognized signature  
			Called by the scanner when it has detected a file that must be cleaned. You must 
			override this method in any child class. 
	*/ 
	virtual SCANRESULT Clean(LPCTSTR file) { return VIRUS_NOTIMPLIMENTED; } 
 
	/* cleans a process that contains a recognized signature  
			Called by the scanner when it has detected a process that must be cleaned. You must 
			override this method in any child class if you want to support cleaning (or terminating) 
			of an infected process. 
	*/ 
	virtual SCANRESULT Clean(HANDLE hprocess, LPCTSTR module_name, ULONG base_address, ULONG length) { return VIRUS_NOTIMPLIMENTED; } 
 
	/* comparison operator sorts collection of virus killers by name */ 
	inline bool operator<(const VirusKiller& rhs) const { return m_name