金山卫士开源_安全软件开源_金山卫士手机版(4)

以上主要的工作是调用ScanVul创建一线程完成扫描

bool CVulEngine::ScanVul(HWND hWnd)
{
	if(m_hThreadVulScan)
		_SafeTerminateThread( m_hThreadVulScan, FALSE );

	m_bVulScanCanceled = FALSE;
	m_hThreadVulScan = CreateThread(NULL, 0, ThreadFunc_Scan, (void*)hWnd, 0, NULL);
	return m_hThreadVulScan!=NULL;
}

DWORD WINAPI CVulEngine::ThreadFunc_Scan( LPVOID lpParam )
{
	HWND hWnd = (HWND)lpParam;
	theEngine->_ScanVul(hWnd);	
	return 0;
}

void CVulEngine::_ScanVul(HWND hWnd)
{
	DWORD dwFlags = _GetScanFlags();
	CWindowVulfixObserver observer( hWnd);
	if(!m_pVulScan)
		// 创建扫描组件IVulfix
		m_pVulScan = CreateVulFix();
	
	HRESULT hr = E_POINTER;
	if(m_pVulScan)
	{
		// 设计扫描组件的观察者对象
		m_pVulScan->SetObserver(&observer);
		// 执行扫描(要持续一段时间)
		hr = m_pVulScan->Scan(dwFlags);
		DEBUG_TRACE(_T("CVulEngine::_ScanVul ScanVul %x(%x) \n"), hr, dwFlags);
		m_pVulScan->SetObserver(NULL);
	}
	// 通知扫描完成
	_RelayMessage(hWnd, WMH_SCAN_DONE, m_bVulScanCanceled, hr);
}

我也被这个问题困扰着，从KSafeMain工程中我们只能知道

hr = m_pVulScan->Scan(dwFlags);

返回了失败.所以没有扫描结果。金山卫士开源

但原因是什么呢？我决定对此打破砂锅。金山卫士开源

（2、2、3、1）Scan的实现在VulfixLIb工程中（在上面的（2、2、1）中讲到）

说是扫描，其实是从文件 office64.dat、office.dat、soft.dat、system64.dat、system.dat中读取漏洞列表

看到这里更坚定了我对对金山的开源的失望是对的。

//  从文件 office64.dat、office.dat、soft.dat、system64.dat、system.dat中读取漏洞列表
HRESULT CImplVulfix::Scan(DWORD dwFlags)
{
	TIME_CHECK( _T("CImplVulfix::Scan ") );
	m_Canceled = FALSE;
	T_ComInit __init__com__;
	HRESULT hr ; 	
	do
	{
		// 把和补丁列表清除
		Reset();
		GetLangID();
		
		CSysEnv& sysEnv = singleton<CSysEnv>::Instance();
		sysEnv.Init();
		if( FAILED( hr=sysEnv.IsSupported(FALSE) ) )
			break;
		
		Init();
		m_objIgnore.LoadIgnoreDB();

		CString filenameSystem, filenameOffice, filenameSoft;
		GetXmlDBFileName(VTYPE_WINDOWS, filenameSystem, IsWin64());
		GetXmlDBFileName(VTYPE_OFFICE, filenameOffice, FALSE);
		GetXmlDBFileName(VTYPE_SOFTLEAK, filenameSoft, FALSE);
		if( !PathFileExists(filenameSystem) && !PathFileExists(filenameOffice) && !PathFileExists(filenameSoft) )
		{
			hr = KERR_LOAD_FILE;
			break;
		}
		// 创建OS Filter
		m_pFilterOS = CreateOSFilter(sysEnv.m_WinVer, dwFlags);
		// 初始化OS Filter
		InitOSFilter( m_pFilterOS, sysEnv.m_WinVer, dwFlags);
		if( m_pFilterOS->WaitComplete() )
		{
			// 设计对象的观察者
			m_dbOS.SetObserver( m_Observer );
			m_dbOffice.SetObserver( m_Observer );
			m_dbSoft.SetObserver( m_Observer );
			m_pFilterOS->SetIIgnore( &m_objIgnore );
			
			CString filename;
			try
			{
				FixLocale();

				//BOOL bWin64 = IsWin64();
				//PVOID OldValue = NULL;
				//if(bWin64)
				//	Wow64DisableWow64FsRedirection(&OldValue);
				
				// 从data文件夹里的文件载入数据
				!m_Canceled && m_dbOffice.Load( filenameOffice, m_pFilterOS, dwFlags );
				!m_Canceled && sysEnv.IsLangSupported() && sysEnv.IsOsSupported() && m_dbOS.Load( filenameSystem, m_pFilterOS, dwFlags );
				!m_Canceled && m_dbSoft.Load( filenameSoft, NULL, dwFlags);

				//if(bWin64)
				//	Wow64RevertWow64FsRedirection(OldValue);
			}
			catch (...)
			{
				hr = KERR_LOAD_FILE;
			}
			
			CSimpleArray<LPTUpdateItem> arrLeaks;
			CSimpleArray<TReplacedUpdate*> arrReplaced;		
			// 从中获得列表 
			m_dbOS.GetUnfixedLeakList( arrLeaks, m_arrFixedVuls, m_arrInvalid, arrReplaced );
			m_dbOffice.GetUnfixedLeakList( arrLeaks, m_arrFixedVuls, m_arrInvalid, arrReplaced );

			const CSimpleArray<int> &arrExpired = m_dbOS.GetExpiredIds();
			CSimpleArray<int> arrReplacedId;
			for(int i=0; i<arrReplaced.GetSize(); ++i)
			{
				arrReplacedId.Add( arrReplaced[i]->nKBID );
			}
			
			// select soft ignored vuls 
			CSimpleArray<LPTVulSoft> arrSoftLeaks;
			m_dbSoft.GetUnfixedLeakList( arrSoftLeaks );
			for(int i=0; i<arrSoftLeaks.GetSize(); ++i)
			{
				LPTVulSoft ps = arrSoftLeaks[i];
				ps->isIgnored = m_objIgnore.IsIgnored( ps->nID );
				if( ps->isIgnored )
				{
					LPTUpdateItem pu = new TUpdateItem;
					pu->m_nType = VTYPE_SOFTLEAK;
					pu->nID = ps->nID;
					pu->strName = ps->matchedItem.strName;
					pu->strDescription = ps->strDescription;
					pu->strWebpage = ps->matchedItem.strWebpage;
					pu->nWarnLevel = ps->nLevel;
					pu->strPubdate = ps->strPubdate;

					m_arrIgnoredVuls.Add( pu );
					m_arrIgnoredVulsFromSoft.Add( pu );
				}
				else
					m_arrSoftLeaks.Add( ps );
			}
			
			// select installable, ignored , expired 
			for(int i=0; i<arrLeaks.GetSize(); ++i )
			{
				LPTUpdateItem &pi = arrLeaks[i];
				pi->isExpired = arrExpired.Find( pi->nID )!=-1;

				if(pi->isExpired)
					m_arrInvalid.Add( pi );
				else if(pi->isIgnored)
					m_arrIgnoredVuls.Add( pi );
				else
				{
					bool bReplaced = arrReplacedId.Find( pi->nID )!=-1;
					if(!bReplaced)
						m_arrLeaks.Add( pi );
				}
			}
			
			// find correct replace relationship 
			for(int i=0; i<arrReplaced.GetSize(); ++i)
			{
				TReplacedUpdate* pu = arrReplaced[i];
				BOOL bInstalled = FindArrayIndex( m_arrFixedVuls, pu->nKBID )!=-1;
				if( !bInstalled )
				{
					if( FindArrayIndex(m_arrFixedVuls, pu->nKBID2)!=-1 
						|| FindArrayIndex(m_arrLeaks, pu->nKBID2)!=-1
						|| FindArrayIndex(m_arrIgnoredVuls, pu->nKBID2)!=-1 )
						m_arrReplacedUpdates.Add( pu );
				}
			}

			// - 保存最后无漏洞时间, 使得下次不再提示有风险 
			// -- 非快速扫描的结果才有效果 
			if( RequireUsingIntece() && !(dwFlags & VULSCAN_EXPRESS_SCAN) )
			{
				BOOL hasMustLeak = FALSE;
				const CSimpleArray<LPTUpdateItem> &arrLeaks = GetResults();
				for(int i=0; i<arrLeaks.GetSize(); ++i)
				{
					if(arrLeaks[i]->nWarnLevel>0)
					{
						hasMustLeak = TRUE;
						break;
					}
				}
				CString strVal;
				if(!hasMustLeak)
				{
					T_Date date;
					GetLatestPackgeDate(date.nYear, date.nMonth, date.nDay);
					strVal.Format(_T("%04d-%02d-%02d"), date.nYear, date.nMonth, date.nDay);
				}
				WriteVulConfig(_T("VulScan"), _T("LastSafePkgDate"), strVal);
			}			
		}
		
		hr = KERR_NONE;
	} while (FALSE);
	return hr;
}

（2、2、3、2） 只需要把文件拷到KSafeMain工程目录下即可得到扫描结果。

图一中的整个文件夹data拷到图二中即可

本文来自电脑杂谈，转载请注明本文网址：
http://www.pc-fly.com/a/ruanjian/article-38143-4.html