Category : System Diagnostics for your computer
Archive   : FINDWRM1.ZIP
Filename : FINDWORM.C

/*****************************************************************************
* Program: FINDWORMS V1.1
*
* Author: Jason Mathews
*
* Date: November 1991
*
* Description: This program finds and identifies filename conflicts
* [pairs of matching .COM and .EXE files], which may be
* potential worm programs.
*
* Language: Borland Turbo C
*
* Operation: Type "FINDWORM [d:]", where d: is the drive to search for
* potential worms.
*
* History: 11/2/91 V1.1 - Fixed bug in directory display
* Added search for all drives
*
* DISCLAIMER: This program only shows COM/EXE file pairs that have the same
* filename. I claim no responsibility whatsoever for any havoc,
* damage, data loss, or anything else that results from the
* running of this program or what you do with the results.
* I wrote this program as an exercise for parsing files in all
* directories. Under normal circumstances, there cannot be any
* damage resulting from a read-only search for files.

*
* Copyright (C) 1991 by Jason Mathews. Permission is granted to any
* individual or institution to use, copy or redistribute this software so long
* as it is not sold for profit, provided this copyright notice is retained.
*****************************************************************************/

#include /* uses I/O functions */
#include /* uses findfirst & findnext */
#include /* uses directory information */
#include /* uses open flags */
#include /* uses tm structure */

/* global variables */

const char *allFiles = "*.*"; /* mask for all files */
const char *filespec = "*.COM"; /* mask for .COM files */

char path[255]; /* directory path */
int count = 0; /* worm counter */

/* Function prototypes */

void GetFiles(), Title(), Usage();

/* Main */

void main(argc, argv)
int argc;
char **argv;
{
char dir[80]; /* current directory */
int drive; /* current drive */
int curDrive; /* current drive */
int newDrive; /* search drive */
int endDrive; /* last drive to search */
int fatal = 0; /* error flag */
int arg_cnt; /* argument counter */
int numDisks; /* number of available drives */
char allDrives = 0; /* flag to search all drives */

/* initialize current disk location */
endDrive = newDrive = drive = getdisk();

/* check arguments */

if (argc > 1)
{
for (arg_cnt = 1; arg_cnt < argc; arg_cnt++)
{
if (*argv[arg_cnt]=='-' || *argv[arg_cnt]=='/')
{
switch(argv[arg_cnt][1])
{
case 'a':
case 'A':
/* set allDrive flag */
allDrives = 1;
break;
case '?':
/* abort w/o error */
fatal = -1;
break;
default:
/* error - invalid option */
fatal = 1;
}
} /* check drive letter */
else if (*argv[arg_cnt]>='A' && *argv[arg_cnt]<='Z')
newDrive = *argv[arg_cnt] - 'A';
else if (*argv[arg_cnt]>='a' && *argv[arg_cnt]<='z')
newDrive = *argv[arg_cnt] - 'a';
else
{
fatal = 2; /* error - invalid drive */
}

numDisks = setdisk (newDrive);
if (newDrive >= numDisks) fatal = 2;

if (fatal) break;
} /* for each argument */

if (fatal != 0)
Usage (fatal, argv[arg_cnt]);

endDrive = (allDrives) ? numDisks - 1 : newDrive;
}

Title ();
fprintf(stderr, "Search Path = [ ");
for (curDrive=newDrive; curDrive <= endDrive; curDrive++)
{
fprintf(stderr, "%c: ", curDrive + 'A');
}
fprintf(stderr, "]\n\n");

printf("Suspected File Program\t\tPotential Home Directory\n");
printf("Worm Program Length Date & Time\tTarget\n");

for (curDrive = newDrive; curDrive <= endDrive; curDrive++)
{
setdisk(curDrive);
path[0] = curDrive + 'A';
path[1] = ':';
path[3] = 0;

getcwd(dir, 80); /* get starting directory */

GetFiles("\\"); /* start at root directory and find worm programs */
chdir(dir); /* return to starting directory */
}

/* return to home disk if change was made */
if (drive != endDrive) setdisk (drive);

if (count==0)
{
puts("\nNo suspected worms found on selected drives");
}
else printf("\nTotal of %d suspected worm programs found on selected drives\n",
count);
} /* main */


/*
* Title
* Show title and credits for program
*/

void Title ()
{
fprintf(stderr, "FindWorm V1.1 - by Jason Mathews (c) 1991\n");
fprintf(stderr, "Find Potential Worm Programs\n");
}


/* Usage
* Show Program usage & error message [if any]
*/

void Usage (err_code, option)
int err_code;
char *option;
{
Title();
switch (err_code)
{
case 1: /* invalid option */
fprintf(stderr, "\ninvalid option (%s)\n", option);
break;
case 2: /* invalid drive */
fprintf(stderr, "\ninvalid or unavailable drive letter (%s)\n",
option);
}

fprintf(stderr, "\nUsage: findworm [-a] [d:]\n\n");
fprintf(stderr, "\t -a = Search all drives starting with d:\n");
fprintf(stderr, "\t d = drive letter (A,B,C,..)\n");
fprintf(stderr, "\t default is current drive\n");
exit(1);
}


/* wildmatch: perform a wildcard match on two strings
The string specification can contain the wildcards ? (matches one
character) and * (matches a series of character [0 or more]).

Returns 1 if successful match
or 0 for no match.
*/

int wildmatch(spec, match)
char *spec, *match;
{
for (; *spec != 0 && *match != 0; spec++, match++) {
switch(*spec) {
case '?': /* skip over one character */
break;

case '*':
spec++;
while (*spec!=0 && *match!=0 && *match!=*spec)
match++;
/* if the end of the specification was reached
and the last character was a wildcard (*) then
the rest of the match is accepted */
if (*spec==0) return(1);
/* else check match in default case */

default:
if (*match != *spec) return(0);
break;

} /* switch */
} /* for */

/* check if the last two characters match
* either one must be NULL to end the loop,
* but they both must equal NULL for a match
*/
return( (*spec == *match) ? 1 : 0);
} /* wildmatch */


/* PrintFiles
* Display current directory and computed file date & time for worm.
*/

void PrintFiles (fb, hostFile, path)
struct ffblk fb; /* file block of worm */
char *hostFile; /* host .EXE file */
char *path; /* directory with files */
{
struct tm date; /* time & date structure */
char period; /* 24-hour time period */

/* Compute actual time & date of worm program */

date.tm_mon = fb.ff_fdate>>5 & 0xf;
date.tm_mday = fb.ff_fdate & 0x1f;
date.tm_year = fb.ff_fdate>>9;
date.tm_hour = fb.ff_ftime>>11;
date.tm_min = fb.ff_ftime>>5 & 0x3f;

if (date.tm_hour < 12) period = 'a';
else
{
period = 'p';
if (date.tm_hour != 12) date.tm_hour -= 12;
}

/* Print File Information */

printf("%-15s%5ld %2d-%02d-%2d %2d:%02d%cm %-14s%s\n",
fb.ff_name, fb.ff_fsize,
date.tm_mon, date.tm_mday,
date.tm_year + 80, date.tm_hour,
date.tm_min, period,
hostFile, path);
}


/* GetFiles
* Function to recursively go through the directories in a depth-first
* search method.
*/

void GetFiles (dir)
char *dir;
{
static level = 0; /* directory level */
struct ffblk fb; /* file block */
int attrib = ~0 & ~FA_LABEL; /* file attribute mask */
int rc; /* return code */
int fd; /* file descriptor */
int len; /* file name size */
int offset; /* offset in dir string */
char hostFile[13]; /* host file name */

if (chdir(dir))
{
return; /* error changing directory */
}

offset = strlen(path);
strcpy(path + offset, dir);

/* add subdirectory separator for all but the root directory */
if (level++ > 0) strcat(path, "\\");

rc = findfirst (allFiles, &fb, attrib);

if (rc==0) do
{
/* Check for a directory entry */
if (fb.ff_attrib & FA_DIREC && *fb.ff_name != '.')
{
GetFiles (fb.ff_name);
}
else if (wildmatch (filespec, fb.ff_name))
{
len = strlen(fb.ff_name);
/* build corresponding EXE filename */
strncpy(hostFile, fb.ff_name, len-3);
strcpy(hostFile + len-3, "EXE");

/* Test if the EXE file exists */
fd = open (hostFile, O_RDONLY | O_BINARY);
if (fd >=0)
{
PrintFiles(fb, hostFile, path);
close(fd);
++count;
}
}
rc = findnext(&fb); /* go to the next directory entry */
} while (rc==0);

chdir(".."); /* go up a level */
--level; /* decrement tree depth/level counter */

path[offset] = 0; /* trim path name back to previous level */
}