VirusKiller.h
资源名称:antinimda.zip [点击查看]
上传用户:leon2013
上传日期:2007-01-10
资源大小:186k
文件大小:3k
源码类别:
杀毒
开发平台:
Visual C++
- // VirusKiller.h: interface for the VirusKiller class.
- //
- //////////////////////////////////////////////////////////////////////
- #if !defined(AFX_VIRUSKILLER_H__4D0A0DB8_8877_4A66_87A3_A8BB69BBB4E7__INCLUDED_)
- #define AFX_VIRUSKILLER_H__4D0A0DB8_8877_4A66_87A3_A8BB69BBB4E7__INCLUDED_
- #if _MSC_VER > 1000
- #pragma once
- #endif // _MSC_VER > 1000
- #pragma warning(disable : 4786)
- #include <set>
- using namespace std;
- #define VIRUS_SKIPPED 1
- #define VIRUS_SCANNED 2
- #define VIRUS_INFECTED 4
- #define VIRUS_CLEANED 8
- #define VIRUS_DELETED 16
- #define VIRUS_NOTIMPLIMENTED 32
- #define VIRUS_ERR 128
- /* type definition for virus scanners & killers */
- class VirusKiller {
- public:
- /* result type of scan */
- typedef int SCANRESULT;
- /* collection of virus killers */
- typedef set<VirusKiller*> Set;
- /* constructors */
- VirusKiller(LPCTSTR name, LPCTSTR extensions=NULL, bool all_files=false);
- VirusKiller(const VirusKiller& copy);
- /* destructor */
- virtual ~VirusKiller() {}
- /* assignment */
- VirusKiller& operator=(const VirusKiller& copy);
- /* returns the name of the virus */
- inline const CString& Name() const { return m_name; }
- /* returns file extensions associated with this virus (seperated by semi-colons) */
- inline const CString& Extensions() const { return m_extensions; }
- /* returns whether all files with this extension will be cleaned */
- inline bool AllFiles() const { return m_allfiles; }
- void AllFiles(bool allfiles) { m_allfiles=allfiles; }
- /* returns the signature for this virus :
- You must set the m_signature in the child class so the scanning algorithm will
- know what to scan for in the files.
- */
- inline LPBYTE Signature() const { return m_signature; }
- /* cleans a file that contains a recognized signature
- Called by the scanner when it has detected a file that must be cleaned. You must
- override this method in any child class.
- */
- virtual SCANRESULT Clean(LPCTSTR file) { return VIRUS_NOTIMPLIMENTED; }
- /* cleans a process that contains a recognized signature
- Called by the scanner when it has detected a process that must be cleaned. You must
- override this method in any child class if you want to support cleaning (or terminating)
- of an infected process.
- */
- virtual SCANRESULT Clean(HANDLE hprocess, LPCTSTR module_name, ULONG base_address, ULONG length) { return VIRUS_NOTIMPLIMENTED; }
- /* comparison operator sorts collection of virus killers by name */
- inline bool operator<(const VirusKiller& rhs) const { return m_name<rhs.m_name; }
- protected:
- CString m_name, /* name of the virus */
- m_extensions; /* extensions associated with virus */
- LPBYTE m_signature; /* signature string of virus */
- bool m_allfiles; /* all files with this signature will be cleaned */
- };
- #endif // !defined(AFX_VIRUSKILLER_H__4D0A0DB8_8877_4A66_87A3_A8BB69BBB4E7__INCLUDED_)