/src/import/kpfw/netpop.h
C++ Header | 1283 lines | 1071 code | 175 blank | 37 comment | 56 complexity | e4c472b5b689e698b3a53711b2a21934 MD5 | raw file
1//////////////////////////////////////////////////////////////////////////////// 2// 3// common include File for kpfw 4// 5// File : netpop.h 6// Version : 1.0 7// Comment : 定义网镖泡泡数据结构 8// 9// Create at : 2008-7-14 10// Create by : liupeng 11// 12//////////////////////////////////////////////////////////////////////////////// 13 14#pragma once 15#include "SCOM/SCOM/SCOMBase.h" 16#include "SCOM/SCOM/SCOMDef.h" 17#include "kisrpc/rfcdef.h" 18#include "serializetools.h" 19#include "netdef.h" 20#include "kis/kpfw/netwatch.h" 21#include "kis/kpfw/area.h" 22#include <vector> 23#include "strsafe.h" 24using namespace std; 25 26#pragma pack(push, 1) 27 28typedef enum KPFW_POP_INFO_TYPE 29{ 30 emPop_None = 0, //一般不传这种类型 31 emPop_App_Info = 1, //发现新的程序,模块访问网络(强泡泡) * 32 emPop_Arp_Info = 2, //arp攻击(弱泡泡) 33 emPop_Newnet_Info = 3, //发现新区域(强泡泡) * 34 emPop_Virus = 4, //发现病毒,恶意程序(弱泡泡) 35 emPop_PacketFilter = 5, //包过滤(弱泡泡) 36 emPop_NetAreaChange = 6, //区域更改(弱泡泡) 37 emPop_ActiveDefend = 7, //动态防御(弱泡泡) 38 emPop_MSNDecrypt = 8, //msn加密(弱泡泡) 39 emPop_SvrError = 9, //服务错误(弱泡泡) 40 emPop_AutoTrust = 10, //可信认证放行程序(弱泡泡) 41 emPop_UpdateComplete = 11, //升级完成 42 emPop_enable_MSNDecrypt = 12, // 是否启用msn加密(强泡泡) 43 emPop_App_Deny = 13, // 应用程序访问网络被禁止 44}KpfwPopType; 45 46 47typedef enum KPFW_APP_POP_RES 48{ 49 enumPR_None = 0, 50 enumPR_Allow = 1, 51 enumPR_Deny = 2, 52}AppPopRes; 53 54 55 56typedef enum KPFW_POP_PROTOCOL 57{ 58 enumKPP_TCP = 0, 59 enumKPP_UDP = 1, 60 enumKPP_ICMP = 2, 61 enumKPP_IGMP = 3, 62}PopProtocol; 63 64typedef enum APP_POP_REASON 65{ 66 enumPop_Reason_None = 0, 67 enumPop_Reason_Virus = 1, 68 enumPop_Reason_Change = 1 << 1, 69 enumPop_Reason_Unknown_TrustRep = 1 << 2, 70 enumPop_Reason_Prompt = 1 << 3, 71 enumPop_Reason_UnTrust_TrustRep = 1 << 4, 72}AppPopReason; 73 74typedef enum APP_DENY_REASON 75{ 76 enum_Allow = 0, // 允许 77 enum_Deny_User = 1, // 规则中用户选择禁止 78 enum_Deny_Pop = 2, // 泡泡选择禁止 79 enum_Deny_Trust = 3, // 可信认证自动禁止 80 enum_Deny_Pop_Rem = 4, // 记住了上次的泡泡阻止操作,本次自动阻止 81 enum_Deny_Port = 5, // 存在被阻止的端口 82}AppDenyReason; 83 84struct PopInfoHeader 85{ 86 DWORD nSize; 87 DWORD nPopType; 88}; 89 90////////////////////////////////////////////////////////////////////////// 91interface IKPopDataSerializer 92{ 93 // save 接口 94 virtual bool IsLoading() = 0; 95 virtual int BeginTag(LPCSTR childName) = 0; 96 virtual int EndTag(LPCSTR childName) = 0; 97 virtual int AddPop(LPCSTR popName, LPCSTR val) = 0; 98 virtual int AddPop(LPCSTR popName, INT val) = 0; 99 virtual int AddPop(LPCSTR popName, LONG val) = 0; 100 virtual int AddPop(LPCSTR popName, LPCWSTR val) = 0; 101 virtual INT GetProp(LPCSTR propName, INT& val) = 0; 102 virtual INT GetProp(LPCSTR propName, ATL::CString& val) = 0; 103}; 104 105interface IKPopData 106{ 107 virtual bin_archive& Serialize(bin_archive &_serializer) = 0; 108 virtual int Serialize(IKPopDataSerializer* _serializer) = 0; 109 virtual size_t GetSeriSize() = 0; 110}; 111 112inline void SerializeMac(IKPopDataSerializer* _serializer, LPCSTR propName, BYTE mac[6]) 113{ 114 char buf[32] = {0}; 115 StringCchPrintfA(buf, 32, "%02x:02x:02x:02x:02x:02x", mac[0], mac[1], mac[2], mac[3], mac[4], mac[5]); 116 // sprintf(buf, "%02x:02x:02x:02x:02x:02x", mac[0], mac[1], mac[2], mac[3], mac[4], mac[5]); 117 _serializer->AddPop(propName, buf); 118} 119 120inline void SerializeIp(IKPopDataSerializer* _serializer, LPCSTR propName, ULONG nIp) 121{ 122 char buf[32] = {0}; 123 BYTE* pBuf = (BYTE*)&nIp; 124 StringCchPrintfA(buf, 32, "%d.%d.%d.%d", pBuf[0], pBuf[1], pBuf[2], pBuf[3]); 125 _serializer->AddPop(propName, buf); 126} 127 128inline void SerializeGUID(IKPopDataSerializer* _serializer, LPCSTR propName, GUID& val) 129{ 130 char buf[256] = {0}; 131 StringCchPrintfA(buf, 256, "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x", val.Data1, val.Data2, val.Data3, val.Data4[0], val.Data4[1], 132 val.Data4[2], val.Data4[3], val.Data4[4], val.Data4[5], val.Data4[6], val.Data4[7] ); 133 _serializer->AddPop(propName, buf); 134} 135 136inline void SerializeIpRange(IKPopDataSerializer* _serializer, LPCSTR propName, KIPRange& val) 137{ 138 _serializer->BeginTag(propName); 139 SerializeIp(_serializer, "start_ip", val.ipStart); 140 SerializeIp(_serializer, "end_ip", val.ipEnd); 141 _serializer->EndTag(propName); 142} 143 144inline void SerializeIPLOG_EXTRADATA(IKPopDataSerializer* _serializer, int nProtocol, LPCSTR propName, IPLOG_EXTRADATA& val) 145{ 146 switch (nProtocol) 147 { 148 case enumPT_TCP: 149 { 150 _serializer->BeginTag("TCP_DATA"); 151 _serializer->AddPop("local_port", val.TCP_DATA.LocalPort); 152 _serializer->AddPop("remote_port", val.TCP_DATA.RemotePort); 153 _serializer->AddPop("tcp_flag", val.TCP_DATA.byTcpFlags); 154 _serializer->EndTag("TCP_DATA"); 155 } 156 break; 157 case enumPT_UDP: 158 { 159 _serializer->BeginTag("UDP_DATA"); 160 _serializer->AddPop("local_port", val.UDP_DATA.LocalPort); 161 _serializer->AddPop("remote_port", val.UDP_DATA.RemotePort); 162 _serializer->EndTag("UDP_DATA"); 163 } 164 break; 165 case enumPT_ICMP: 166 { 167 _serializer->BeginTag("ICMP_DATA"); 168 _serializer->AddPop("code", val.ICMP_DATA.byCode); 169 _serializer->AddPop("type", val.ICMP_DATA.byType); 170 _serializer->EndTag("ICMP_DATA"); 171 } 172 break; 173 case enumPT_IGMP: 174 { 175 176 } 177 break; 178 case enumPT_IP: 179 break; 180 } 181} 182 183inline void SerializeAppRequest(IKPopDataSerializer* _serializer, int nProtocol, LPCSTR propName, APP_REQUEST_INFO& val) 184{ 185 _serializer->BeginTag("APP_REQUEST_INFO"); 186 _serializer->AddPop("RequestProtocol", (int)val.nRequestProtocol); 187 _serializer->AddPop("nRequestType", (int)val.nRequestType); 188 _serializer->AddPop("ProcessId", (int)val.dwProcessId); 189 _serializer->AddPop("ThreadId", (int)val.dwThreadId); 190 switch (val.nRequestType) 191 { 192 case ART_TrustUrl: 193 { 194 _serializer->BeginTag("TrustUrlInfo"); 195 _serializer->AddPop("host", val.Parameters.TrustUrl.szHost); 196 _serializer->AddPop("url", val.Parameters.TrustUrl.szUrl); 197 _serializer->EndTag("TrustUrlInfo"); 198 } 199 break; 200 case ART_FileChanged: 201 { 202 203 } 204 break; 205 case ART_PacketRecord: 206 break; 207 default: 208 { 209 switch (val.nRequestProtocol) 210 { 211 case enumPT_LANMAN: 212 { 213 _serializer->BeginTag("LanMonInfo"); 214 _serializer->AddPop("path", val.Parameters.LanMan.wsPath); 215 _serializer->EndTag("LanMonInfo"); 216 } 217 break; 218 default: 219 { 220 _serializer->BeginTag("TdiInfo"); 221 SerializeIp(_serializer, "RemoteAddress", val.Parameters.TDI.dwRemoteAddress); 222 _serializer->AddPop("uRemoteAddress", (LONG)val.Parameters.TDI.dwRemoteAddress); 223 _serializer->AddPop("RemotePort", val.Parameters.TDI.wRemotePort); 224 SerializeIp(_serializer, "LocalAddress", val.Parameters.TDI.dwLocalAddress); 225 _serializer->AddPop("uLocalAddress", (LONG)val.Parameters.TDI.dwLocalAddress); 226 _serializer->AddPop("LocalPort", val.Parameters.TDI.wLocalPort); 227 _serializer->AddPop("PacketDir", (int)val.Parameters.TDI.uDataLen); 228 _serializer->EndTag("TdiInfo"); 229 } 230 } 231 } 232 break; 233 } 234 _serializer->EndTag("APP_REQUEST_INFO"); 235} 236////////////////////////////////////////////////////////////////////////// 237// 应用程序访问网络泡泡 238class KPopModuleInfo : public IKPopData 239{ 240private: 241 ATL::CString m_strPath; 242 ATL::CString m_strDesc; 243 INT m_nPopReason; // 当使用在应用程序询问泡泡上时类型:AppPopReason, 244 // 当使用在应用程序阻止泡泡上是类型:AppDenyReason 245 DWORD m_nTrustMode; 246 DWORD m_nUserMode; 247 248public: 249 KPopModuleInfo(): m_nPopReason(0),m_nTrustMode(0),m_nUserMode(0) {} 250 251 KPopModuleInfo(LPCWSTR strPath, LPCWSTR strDesc, INT nPopReason, DWORD nUserMode, DWORD nTrustMode) 252 { 253 m_strPath = strPath; 254 m_strDesc = strDesc; 255 m_nPopReason = nPopReason; 256 m_nUserMode = nUserMode; 257 m_nTrustMode = nTrustMode; 258 } 259 260 ~KPopModuleInfo() {} 261 262 void Init(LPCWSTR strPath ,INT nReason, LPCWSTR strDesc) 263 { 264 m_strPath = strPath; 265 m_nPopReason = nReason; 266 m_strDesc = strDesc; 267 } 268 269 void SetMode(DWORD nTrustMode, DWORD nUserMode) 270 { 271 m_nTrustMode = nTrustMode; 272 m_nUserMode = nUserMode; 273 } 274 void SetUserMode(DWORD nUserMode) 275 { 276 m_nUserMode = nUserMode; 277 } 278 ATL::CString& GetPath() { return m_strPath; } 279 280 ATL::CString& GetDesc() { return m_strDesc; } 281 282 INT GetPopReason() { return m_nPopReason; } 283 284 DWORD GetTrustMode() { return m_nTrustMode; } 285 286 DWORD GetUserMode() { return m_nUserMode; } 287 288 size_t GetSeriSize() 289 { 290 size_t nSize = 0; 291 nSize += TypeSize::get_size(m_strPath); 292 nSize += TypeSize::get_size(m_strDesc); 293 nSize += sizeof(m_nPopReason) + sizeof(m_nTrustMode) + sizeof(m_nUserMode); 294 return nSize; 295 } 296 297 bin_archive& Serialize(bin_archive &_serializer) 298 { 299 if(_serializer.is_loading()) 300 { 301 _serializer >> m_strPath; 302 _serializer >> m_strDesc; 303 _serializer >> m_nPopReason; 304 _serializer >> m_nTrustMode; 305 _serializer >> m_nUserMode; 306 } 307 else 308 { 309 _serializer << m_strPath; 310 _serializer << m_strDesc; 311 _serializer << m_nPopReason; 312 _serializer << m_nTrustMode; 313 _serializer << m_nUserMode; 314 } 315 return _serializer; 316 } 317 318 virtual int Serialize(IKPopDataSerializer* _serializer) 319 { 320 if (!_serializer->IsLoading()) 321 { 322 _serializer->BeginTag("KPopModuleInfo"); 323 _serializer->AddPop("Path", m_strPath); 324 _serializer->AddPop("Desc", m_strDesc); 325 _serializer->AddPop("PopReason", m_nPopReason); 326 _serializer->AddPop("TrustMode", (int)m_nTrustMode); 327 _serializer->AddPop("UserMode", (int)m_nUserMode); 328 _serializer->EndTag("KPopModuleInfo"); 329 } 330 return 0; 331 } 332 333}; 334 335class KPopAppInfo: public IKPopData 336{ 337public: 338 KPopAppInfo(): m_pExeInfo(NULL),m_ePopRes(enumPR_None), m_bRemember(FALSE) { 339 memset(&m_RequestInfo, 0, sizeof(m_RequestInfo)); 340 } 341 342 ~KPopAppInfo() { 343 Clear(); 344 } 345 346 ATL::CString& GetExePath() 347 { 348 if (m_pExeInfo) 349 return m_pExeInfo->GetPath(); 350 static ATL::CString tmp(TEXT("")); 351 return tmp; 352 } 353 354 INT GetDllCnt() 355 { 356 return (INT)m_dllInfos.size(); 357 } 358 359 KPopModuleInfo* GetExeInfo() { return m_pExeInfo; } 360 KPopModuleInfo* GetDllInfo(INT i) 361 { 362 return m_dllInfos[i]; 363 } 364 365 ATL::CString& GetDllPath(INT i) 366 { 367 return m_dllInfos[i]->GetPath(); 368 } 369 370 KPopModuleInfo* AddExePath(LPCWSTR str, INT nReason, LPCWSTR strDesc) 371 { 372 ASSERT(!m_pExeInfo); 373 if (!m_pExeInfo) 374 { 375 m_pExeInfo = new KPopModuleInfo(); 376 m_pExeInfo->Init(str, nReason, strDesc); 377 return m_pExeInfo; 378 } 379 return NULL; 380 } 381 382 KPopModuleInfo* AddDllPath(LPCWSTR str, INT nReason, LPCWSTR strDesc) 383 { 384 KPopModuleInfo* pDllInfo = new KPopModuleInfo(); 385 pDllInfo->Init(str, nReason, strDesc); 386 m_dllInfos.push_back(pDllInfo); 387 return pDllInfo; 388 } 389 390 DWORD GetProcessID() 391 { 392 return m_RequestInfo.dwProcessId; 393 } 394 395 VOID SetRequestInfo(PAPP_REQUEST_INFO pInfo) 396 { 397 if (pInfo) 398 m_RequestInfo = *pInfo; 399 } 400 PAPP_REQUEST_INFO GetRequestInfo() 401 { 402 return &m_RequestInfo; 403 } 404 405 AppPopRes GetPopRes() 406 { 407 return (AppPopRes)m_ePopRes; 408 } 409 void SetPopRes(AppPopRes res) 410 { 411 m_ePopRes = (DWORD)res; 412 } 413 414 BOOL GetRemember() 415 { 416 return m_bRemember; 417 } 418 VOID SetRemember(BOOL b) 419 { 420 m_bRemember = b; 421 } 422 423 virtual int Serialize(IKPopDataSerializer* _serializer) 424 { 425 if (!_serializer->IsLoading()) 426 { 427 _serializer->BeginTag("KPopAppInfo"); 428 429 SerializeAppRequest(_serializer, 0, "", m_RequestInfo); 430 431 _serializer->BeginTag("ExeInfo"); 432 if (m_pExeInfo) 433 m_pExeInfo->Serialize(_serializer); 434 _serializer->EndTag("ExeInfo"); 435 436 _serializer->BeginTag("DllInfo"); 437 for (size_t i = 0; i < m_dllInfos.size(); i++) 438 { 439 m_dllInfos[i]->Serialize(_serializer); 440 } 441 _serializer->EndTag("DllInfo"); 442 443 _serializer->EndTag("KPopAppInfo"); 444 } 445 else 446 { 447 INT nVal = 0; 448 _serializer->GetProp("PopRes", nVal); 449 m_ePopRes = nVal; 450 nVal = 0; 451 _serializer->GetProp("Remember", nVal); 452 m_bRemember = nVal; 453 } 454 return 0; 455 } 456 457 bin_archive& Serialize(bin_archive &_serializer) 458 { 459 if(_serializer.is_loading()) 460 { 461 Clear(); 462 _serializer >> m_ePopRes; 463 _serializer >> m_bRemember; 464 _serializer.read(&m_RequestInfo, sizeof(m_RequestInfo), 1); 465 466 m_pExeInfo = new KPopModuleInfo(); 467 m_pExeInfo->Serialize(_serializer); 468 INT nCnt = 0; 469 _serializer >> nCnt; 470 for (int i = 0; i < nCnt; i++) 471 { 472 KPopModuleInfo* pDllInfo = new KPopModuleInfo; 473 pDllInfo->Serialize(_serializer); 474 m_dllInfos.push_back(pDllInfo); 475 } 476 } 477 else 478 { 479 ASSERT(m_pExeInfo); 480 // 先序列化常规参数 481 _serializer << m_ePopRes; 482 _serializer << m_bRemember; 483 _serializer.write(&m_RequestInfo, sizeof(m_RequestInfo), 1); 484 485 m_pExeInfo->Serialize(_serializer); 486 INT nCnt = (int)m_dllInfos.size(); 487 _serializer << nCnt; 488 for (int i = 0; i < nCnt; i++) 489 m_dllInfos[i]->Serialize(_serializer); 490 } 491 return _serializer; 492 } 493 494 size_t GetSeriSize() 495 { 496 size_t nSize = 0; 497 nSize += sizeof(m_ePopRes) + sizeof(m_bRemember) + sizeof(m_RequestInfo); 498 499 nSize += m_pExeInfo->GetSeriSize(); 500 501 INT nCnt = (int)m_dllInfos.size(); 502 nSize += sizeof(nCnt); 503 for (int i = 0; i < nCnt; i++) 504 nSize += m_dllInfos[i]->GetSeriSize(); 505 return nSize; 506 } 507 508private: 509 void Clear() 510 { 511 if (m_pExeInfo) 512 { 513 delete m_pExeInfo; 514 m_pExeInfo = NULL; 515 } 516 for (int i = 0; i < (int)m_dllInfos.size(); i++) 517 { 518 delete m_dllInfos[i]; 519 } 520 m_dllInfos.clear(); 521 } 522 523private: 524 DWORD m_ePopRes; 525 BOOL m_bRemember; 526 APP_REQUEST_INFO m_RequestInfo; 527 528 KPopModuleInfo* m_pExeInfo; 529 vector<KPopModuleInfo*> m_dllInfos; 530}; 531 532////////////////////////////////////////////////////////////////////////// 533// 自动放行规则 534 535class KAutoTrustInfo : public IKPopData 536{ 537public: 538 539 KAutoTrustInfo() 540 { 541 } 542 543 ~KAutoTrustInfo() 544 {} 545 546 KAutoTrustInfo( ATL::CString& strFileName ) 547 { 548 m_strFileName = strFileName; 549 } 550 551 KAutoTrustInfo( LPCTSTR pszFileName ) 552 { 553 m_strFileName = pszFileName; 554 } 555 556 void GetFileName( ATL::CString& strFileName ) 557 { 558 strFileName = m_strFileName; 559 } 560 561 virtual int Serialize(IKPopDataSerializer* _serializer) 562 { 563 if (!_serializer->IsLoading()) 564 { 565 _serializer->BeginTag("KAutoTrustInfo"); 566 _serializer->AddPop("FileName", m_strFileName); 567 _serializer->EndTag("KAutoTrustInfo"); 568 } 569 return 0; 570 } 571 572 bin_archive& Serialize(bin_archive &_serializer) 573 { 574 if(_serializer.is_loading()) 575 { 576 _serializer >> m_strFileName; 577 } 578 else 579 { 580 _serializer << m_strFileName; 581 } 582 return _serializer; 583 } 584 585 size_t GetSeriSize() 586 { 587 size_t nSize = 0; 588 nSize += TypeSize::get_size( m_strFileName ); 589 return nSize; 590 } 591 592private: 593 594 ATL::CString m_strFileName; 595}; 596 597////////////////////////////////////////////////////////////////////////// 598// 包过滤泡泡 599 600class KPacketFilterInfo : public IKPopData 601{ 602private: 603 LOG_IP_RULE m_logInfo; 604 605public: 606 607 KPacketFilterInfo() 608 {} 609 610 KPacketFilterInfo( PLOG_IP_RULE rule) 611 { 612 m_logInfo = *rule; 613 } 614 615 ~KPacketFilterInfo() 616 {} 617 618 PLOG_IP_RULE GetLogInfo() 619 { 620 return &m_logInfo; 621 } 622 623 virtual int Serialize(IKPopDataSerializer* _serializer) 624 { 625 if (!_serializer->IsLoading()) 626 { 627 _serializer->BeginTag("KPacketFilterInfo"); 628 629 _serializer->BeginTag("LOG_IP_RULE"); 630 631 SerializeGUID(_serializer, "id", m_logInfo.id); 632 _serializer->AddPop("count", (int)m_logInfo.nCount); 633 _serializer->AddPop("protocol", m_logInfo.byProtocolType); 634 SerializeIp(_serializer, "LocalAddr", ntohl( (unsigned int) m_logInfo.LocalAddr ) ); 635 SerializeIp(_serializer, "RemoteAddr", ntohl( (unsigned int) m_logInfo.RemoteAddr ) ); 636 _serializer->AddPop("Direction", (int)m_logInfo.byDirection); 637 _serializer->AddPop("Operation", (int)m_logInfo.nOperation); 638 _serializer->AddPop("AttackType", (int)m_logInfo.nAttackType); 639 SerializeIPLOG_EXTRADATA(_serializer, m_logInfo.byProtocolType, "", m_logInfo.ExtraInfo); 640 641 _serializer->EndTag("LOG_IP_RULE"); 642 643 _serializer->EndTag("KPacketFilterInfo"); 644 } 645 return 0; 646 } 647 648 bin_archive& Serialize(bin_archive &_serializer) 649 { 650 if(_serializer.is_loading()) 651 { 652 _serializer >> m_logInfo; 653 } 654 else 655 { 656 _serializer << m_logInfo; 657 } 658 return _serializer; 659 } 660 661 size_t GetSeriSize() 662 { 663 size_t nSize = 0; 664 nSize += sizeof( m_logInfo ); 665 return nSize; 666 } 667 668private: 669}; 670 671////////////////////////////////////////////////////////////////////////// 672// 发现病毒泡泡 673class KFindVirusInfo : public IKPopData 674{ 675public: 676 677 KFindVirusInfo() 678 {} 679 680 KFindVirusInfo ( ATL::CString& strFileName, ATL::CString& strVirusName ) 681 { 682 m_strFileName = strFileName; 683 m_strVirusName = strVirusName; 684 } 685 686 KFindVirusInfo ( LPCTSTR strFileName, LPCTSTR strVirusName ) 687 { 688 m_strFileName = strFileName; 689 m_strVirusName = strVirusName; 690 } 691 692 bool operator == (const KFindVirusInfo& info) 693 { 694 if (info.m_strFileName != m_strFileName) 695 return false; 696 if (info.m_strVirusName != m_strVirusName) 697 return false; 698 return true; 699 } 700 701 ~KFindVirusInfo () 702 {} 703 704 void GetFileName( ATL::CString& strFileName ) 705 { 706 strFileName = m_strFileName; 707 } 708 709 void GetVirusName( ATL::CString& strVirusName ) 710 { 711 strVirusName = m_strVirusName; 712 } 713 714 virtual int Serialize(IKPopDataSerializer* _serializer) 715 { 716 if (!_serializer->IsLoading()) 717 { 718 _serializer->BeginTag("KFindVirusInfo"); 719 _serializer->AddPop("FileName", m_strFileName); 720 _serializer->AddPop("VirusName", m_strVirusName); 721 _serializer->EndTag("KFindVirusInfo"); 722 } 723 return 0; 724 } 725 726 bin_archive& Serialize(bin_archive &_serializer) 727 { 728 if(_serializer.is_loading()) 729 { 730 _serializer >> m_strFileName; 731 _serializer >> m_strVirusName; 732 } 733 else 734 { 735 _serializer << m_strFileName; 736 _serializer << m_strVirusName; 737 } 738 return _serializer; 739 } 740 741 size_t GetSeriSize() 742 { 743 size_t nSize = 0; 744 nSize += TypeSize::get_size( m_strFileName ) ; 745 nSize += TypeSize::get_size( m_strVirusName ) ; 746 return nSize; 747 } 748 749private: 750 751 ATL::CString m_strFileName; 752 ATL::CString m_strVirusName; 753}; 754 755class KFindVirusInfoVec: public IKPopData 756{ 757private: 758 vector<KFindVirusInfo*> m_VirusInfo; 759 ATL::CString m_ProcessName; 760 761public: 762 KFindVirusInfoVec() {} 763 ~KFindVirusInfoVec() {Clear();} 764 765 void SetProcessName(LPCWSTR name) 766 { 767 m_ProcessName = name; 768 } 769 770 ATL::CString& GetProcessName() 771 { 772 return m_ProcessName; 773 } 774 775 void AddInfo(LPCWSTR file ,LPCWSTR desc) 776 { 777 KFindVirusInfo* pInfo = new KFindVirusInfo(file, desc); 778 m_VirusInfo.push_back(pInfo); 779 } 780 781 vector<KFindVirusInfo*>& GetVirusInfo() 782 { 783 return m_VirusInfo; 784 } 785 786 bool operator==(const KFindVirusInfoVec& info) 787 { 788 if (info.m_ProcessName != m_ProcessName) 789 return false; 790 if (info.m_VirusInfo.size() != m_VirusInfo.size()) 791 return false; 792 for (int i = 0; i < (int)m_VirusInfo.size(); i++) 793 if (!(*m_VirusInfo[i] == *info.m_VirusInfo[i])) 794 return false; 795 return true; 796 } 797 798 int GetCnt() 799 { 800 return (int)m_VirusInfo.size(); 801 } 802 803 virtual int Serialize(IKPopDataSerializer* _serializer) 804 { 805 if (!_serializer->IsLoading()) 806 { 807 _serializer->BeginTag("KFindVirusInfoVec"); 808 _serializer->AddPop("ProcessName", m_ProcessName); 809 810 _serializer->BeginTag("VirusInfos"); 811 for (size_t i = 0; i < m_VirusInfo.size(); i++) 812 { 813 m_VirusInfo[i]->Serialize(_serializer); 814 } 815 _serializer->EndTag("VirusInfos"); 816 817 _serializer->EndTag("KFindVirusInfoVec"); 818 } 819 return 0; 820 } 821 822 bin_archive& Serialize(bin_archive &_serializer) 823 { 824 if(_serializer.is_loading()) 825 { 826 Clear(); 827 int nCnt = 0; 828 _serializer >> nCnt; 829 for (int i = 0; i < nCnt; i++) 830 { 831 KFindVirusInfo* pInfo = new KFindVirusInfo; 832 pInfo->Serialize(_serializer); 833 m_VirusInfo.push_back(pInfo); 834 } 835 _serializer >> m_ProcessName; 836 } 837 else 838 { 839 int nCnt = (int)m_VirusInfo.size(); 840 _serializer << nCnt; 841 for (int i = 0; i < nCnt; i++) 842 { 843 m_VirusInfo[i]->Serialize(_serializer); 844 } 845 _serializer << m_ProcessName; 846 } 847 return _serializer; 848 } 849 850 size_t GetSeriSize() 851 { 852 size_t nSize = 0; 853 nSize = sizeof(int); 854 for (int i = 0; i < (int)m_VirusInfo.size(); i++) 855 nSize += m_VirusInfo[i]->GetSeriSize(); 856 nSize += TypeSize::get_size( m_ProcessName ) ; 857 return nSize; 858 } 859private: 860 void Clear() 861 { 862 for (int i = 0; i < (int)m_VirusInfo.size(); i++) 863 delete m_VirusInfo[i]; 864 m_VirusInfo.clear(); 865 } 866}; 867 868////////////////////////////////////////////////////////////////////////// 869 870struct PopAttackInfo 871{ 872 PopInfoHeader header; 873}; 874 875////////////////////////////////////////////////////////////////////////// 876// arp阻止泡泡 877class KPopArpInfo: public IKPopData 878{ 879private: 880 ARP_EXTRA_DATA* m_pArpInfo; 881 INT m_nType; 882public: 883 KPopArpInfo(): m_pArpInfo(NULL) {} 884 ~KPopArpInfo() { Clear(); } 885 886 const ARP_EXTRA_DATA* GetArpInfo() 887 { 888 return m_pArpInfo; 889 } 890 891 INT GetType() 892 { 893 return m_nType; 894 } 895 896 void SetArpInfo(ARP_EXTRA_DATA* pInfo, int nType) 897 { 898 Clear(); 899 if (pInfo) 900 { 901 m_pArpInfo = new ARP_EXTRA_DATA; 902 *m_pArpInfo = *pInfo; 903 m_nType = nType; 904 } 905 } 906 907 908 virtual int Serialize(IKPopDataSerializer* _serializer) 909 { 910 if (!_serializer->IsLoading()) 911 { 912 _serializer->BeginTag("KPopArpInfo"); 913 _serializer->AddPop("ArpType", m_nType); 914 915 _serializer->BeginTag("ARP_EXTRA_DATA"); 916 SerializeMac(_serializer, "eh_dst", m_pArpInfo->eh_dst); 917 SerializeMac(_serializer, "eh_src", m_pArpInfo->eh_src); 918 SerializeMac(_serializer, "arp_sha", m_pArpInfo->arp_sha); 919 SerializeIp(_serializer, "arp_spa", m_pArpInfo->arp_spa); 920 SerializeMac(_serializer, "arp_tha", m_pArpInfo->arp_tha); 921 SerializeIp(_serializer, "arp_tpa", m_pArpInfo->arp_tpa); 922 _serializer->EndTag("ARP_EXTRA_DATA"); 923 924 _serializer->EndTag("KPopArpInfo"); 925 } 926 return 0; 927 } 928 929 bin_archive& Serialize(bin_archive &_serializer) 930 { 931 if(_serializer.is_loading()) 932 { 933 Clear(); 934 m_pArpInfo = new ARP_EXTRA_DATA; 935 _serializer.read(m_pArpInfo, sizeof(ARP_EXTRA_DATA), 1); 936 _serializer >> m_nType; 937 } 938 else 939 { 940 if (m_pArpInfo) 941 _serializer.write(m_pArpInfo, sizeof(ARP_EXTRA_DATA), 1); 942 _serializer << m_nType; 943 } 944 return _serializer; 945 } 946 947 size_t GetSeriSize() 948 { 949 size_t nSize = 0; 950 951 if (m_pArpInfo) 952 nSize += sizeof(ARP_EXTRA_DATA); 953 954 nSize += sizeof(m_nType); 955 return nSize; 956 } 957 958 void Clear() 959 { 960 if (m_pArpInfo) 961 { 962 delete m_pArpInfo; 963 m_pArpInfo = NULL; 964 } 965 } 966}; 967 968////////////////////////////////////////////////////////////////////////// 969//发现新区域泡泡 970class KPopAreaInfo: public IKPopData 971{ 972private: 973 BYTE m_GateMac[6]; 974 long m_GateIp; 975 int m_eRes; 976 ATL::CString m_strAreaName; 977 978 long m_nNextHome; 979 long m_nNextOffice; 980 long m_nNextUnknown; 981 982public: 983 KPopAreaInfo(): m_eRes(enumAT_Unknown), m_GateIp(0) 984 { 985 986 } 987 988 ~KPopAreaInfo() { Clear(); } 989 990 int GetPopRes() 991 { 992 return m_eRes; 993 } 994 void SetPopRes(int res) 995 { 996 m_eRes = res; 997 } 998 999 void SetID(long nNextHome, long nNextOffice, long nNextUnkonwn) 1000 { 1001 m_nNextHome = nNextHome; 1002 m_nNextOffice = nNextOffice; 1003 m_nNextUnknown = nNextUnkonwn; 1004 } 1005 1006 BYTE* GetGateMac() 1007 { 1008 return m_GateMac; 1009 } 1010 1011 long GetGateIp() 1012 { 1013 return m_GateIp; 1014 } 1015 1016 void SetAreaName( ATL::CString& strAreaName ) 1017 { 1018 m_strAreaName = strAreaName; 1019 } 1020 1021 void GetAreaName( ATL::CString& strAreaName ) 1022 { 1023 strAreaName = m_strAreaName; 1024 } 1025 1026 void SetGateInfo(BYTE gateMac[6], ULONG ip) 1027 { 1028 Clear(); 1029 memcpy(m_GateMac, gateMac, sizeof(m_GateMac)); 1030 m_GateIp = ip; 1031 } 1032 1033 virtual int Serialize(IKPopDataSerializer* _serializer) 1034 { 1035 if (!_serializer->IsLoading()) 1036 { 1037 _serializer->BeginTag("KPopAreaInfo"); 1038 SerializeIp(_serializer, "GateIp", m_GateIp); 1039 _serializer->AddPop("AreaName", m_strAreaName); 1040 SerializeMac(_serializer, "GateMac", m_GateMac); 1041 1042 _serializer->AddPop("NextHomeID", m_nNextHome); 1043 _serializer->AddPop("NextOfficeID", m_nNextOffice); 1044 _serializer->AddPop("NextUnkonwnID", m_nNextUnknown); 1045 1046 _serializer->EndTag("KPopAreaInfo"); 1047 } 1048 else 1049 { 1050 int nType = 0; 1051 _serializer->GetProp("AreaType", nType); 1052 m_eRes = nType; 1053 _serializer->GetProp("AreaName", m_strAreaName); 1054 } 1055 return 0; 1056 } 1057 1058 bin_archive& Serialize(bin_archive &_serializer) 1059 { 1060 if(_serializer.is_loading()) 1061 { 1062 Clear(); 1063 _serializer.read(m_GateMac, sizeof(m_GateMac), 1); 1064 _serializer >> m_GateIp; 1065 int nRes = 0; 1066 _serializer >> nRes; 1067 _serializer >> m_strAreaName; 1068 m_eRes = (int)nRes; 1069 } 1070 else 1071 { 1072 _serializer.write(m_GateMac, sizeof(m_GateMac), 1); 1073 _serializer << m_GateIp; 1074 int nRes = m_eRes; 1075 _serializer << nRes; 1076 _serializer << m_strAreaName; 1077 } 1078 return _serializer; 1079 } 1080 1081 size_t GetSeriSize() 1082 { 1083 size_t nSize = 0; 1084 1085 nSize += sizeof(m_GateMac) + sizeof(m_GateIp) + sizeof(int) ; 1086 nSize += TypeSize::get_size( m_strAreaName ); 1087 1088 return nSize; 1089 } 1090 1091 void Clear() 1092 { 1093 memset(m_GateMac, 0, sizeof(m_GateIp)); 1094 m_GateIp = 0; 1095 } 1096}; 1097////////////////////////////////////////////////////////////////////////// 1098// 动态防御泡泡 1099class KActiveDefendInfo : public IKPopData 1100{ 1101public: 1102 1103 KActiveDefendInfo(){} 1104 1105 KActiveDefendInfo( UINT uIp, UINT uDefendTime ) 1106 { 1107 m_uIp = uIp; 1108 m_uDefendTime = uDefendTime; 1109 } 1110 ~KActiveDefendInfo() 1111 {} 1112 1113 UINT GetIp() 1114 { 1115 return m_uIp; 1116 } 1117 1118 UINT GetDefendTime() 1119 { 1120 return m_uDefendTime; 1121 } 1122 1123 virtual int Serialize(IKPopDataSerializer* _serializer) 1124 { 1125 if (!_serializer->IsLoading()) 1126 { 1127 _serializer->BeginTag("KActiveDefendInfo"); 1128 SerializeIp(_serializer, "Ip", ntohl( (unsigned int)m_uIp) ); 1129 _serializer->AddPop("DefendTime", (int)m_uDefendTime); 1130 _serializer->EndTag("KActiveDefendInfo"); 1131 } 1132 return 0; 1133 } 1134 1135 bin_archive& Serialize(bin_archive &_serializer) 1136 { 1137 if(_serializer.is_loading()) 1138 { 1139 _serializer >> m_uIp; 1140 _serializer >> m_uDefendTime; 1141 } 1142 else 1143 { 1144 _serializer << m_uIp; 1145 _serializer << m_uDefendTime; 1146 } 1147 return _serializer; 1148 } 1149 1150 size_t GetSeriSize() 1151 { 1152 size_t nSize = 0; 1153 nSize += sizeof( m_uDefendTime ); 1154 nSize += sizeof( m_uIp ); 1155 return nSize; 1156 } 1157 1158private: 1159 1160 UINT m_uIp; 1161 UINT m_uDefendTime; 1162}; 1163 1164////////////////////////////////////////////////////////////////////////// 1165//区域改变泡泡 1166class KChangeAreaInfo : public IKPopData 1167{ 1168public: 1169 1170 KChangeAreaInfo( ) 1171 {} 1172 1173 KChangeAreaInfo( ATL::CString& strAreaName, int areaType ) 1174 { 1175 m_strAreaName = strAreaName; 1176 m_areaType = areaType; 1177 } 1178 1179 KChangeAreaInfo( LPCTSTR strAreaName, int areaType ) 1180 { 1181 m_strAreaName = strAreaName; 1182 m_areaType = areaType; 1183 } 1184 1185 ~KChangeAreaInfo() 1186 {} 1187 1188 void GetAreaName( ATL::CString& strAreaName ) 1189 { 1190 strAreaName = m_strAreaName; 1191 } 1192 1193 int GetAreaType() 1194 { 1195 return m_areaType; 1196 } 1197 1198 virtual int Serialize(IKPopDataSerializer* _serializer) 1199 { 1200 if (!_serializer->IsLoading()) 1201 { 1202 _serializer->BeginTag("KChangeAreaInfo"); 1203 _serializer->AddPop("AreaName", m_strAreaName); 1204 _serializer->AddPop("AreaType", (int)m_areaType); 1205 _serializer->EndTag("KChangeAreaInfo"); 1206 } 1207 return 0; 1208 } 1209 1210 bin_archive& Serialize(bin_archive &_serializer) 1211 { 1212 if(_serializer.is_loading()) 1213 { 1214 _serializer >> m_strAreaName; 1215 _serializer >> m_areaType; 1216 } 1217 else 1218 { 1219 _serializer << m_strAreaName; 1220 _serializer << m_areaType; 1221 } 1222 return _serializer; 1223 } 1224 1225 size_t GetSeriSize() 1226 { 1227 size_t nSize = 0; 1228 nSize += TypeSize::get_size( m_strAreaName ); 1229 nSize += sizeof( m_areaType ); 1230 return nSize; 1231 } 1232 1233private: 1234 1235 ATL::CString m_strAreaName; 1236 int m_areaType; 1237}; 1238 1239////////////////////////////////////////////////////////////////////////// 1240class KPopUpdateInfo: public IKPopData 1241{ 1242public: 1243 KPopUpdateInfo(DWORD nStatus ): m_nUpdateStatus(nStatus) 1244 {} 1245 1246 ~KPopUpdateInfo() 1247 {} 1248 1249 virtual int Serialize(IKPopDataSerializer* _serializer) 1250 { 1251 if (!_serializer->IsLoading()) 1252 { 1253 _serializer->BeginTag("KPopUpdateInfo"); 1254 _serializer->AddPop("UpdateStatus", (int)m_nUpdateStatus); 1255 _serializer->EndTag("KPopUpdateInfo"); 1256 } 1257 return 0; 1258 } 1259 1260 bin_archive& Serialize(bin_archive &_serializer) 1261 { 1262 if(_serializer.is_loading()) 1263 { 1264 _serializer >> m_nUpdateStatus; 1265 } 1266 else 1267 { 1268 _serializer << m_nUpdateStatus; 1269 } 1270 return _serializer; 1271 } 1272 1273 size_t GetSeriSize() 1274 { 1275 return sizeof(m_nUpdateStatus); 1276 } 1277 1278private: 1279 DWORD m_nUpdateStatus; 1280}; 1281////////////////////////////////////////////////////////////////////////// 1282// 1283#pragma pack(pop)