/*
Program: FINDBUG.C
Author : Kim Moser
Date   : 2/13/89
System : IBM PC / Borland Turbo-C 2.0
Descrip: Finds the "Dungeon" virus on either the boot sector or all files

Usage  :
	 FINDBUG [drive:] [options]

	 OPTIONS
	 -------
	 b	Searches in boot sector for "Dungeon"
	 f	Searches all files (including this one!) for code that
		virus appends to files.
	 e	Searches only .COM and .EXE files (including this one!) for
		code that virus appends to files.

	'drive' defaults to current drive if omitted
*/

#include <stdio.h>
#include <dir.h>  /* getdisk() */
#include <stdlib.h>
#include <ctype.h>  /* isalpha(), toupper() */
#include <dos.h>  /* fatinfo */
#include <string.h>  /* strcmp() */
#include <io.h>  /* setmode() */
#include <fcntl.h>  /* O_BINARY */
#include <alloc.h>
#include <conio.h>  /* getch() */

char DISK, OLDDISK;
char OLDDIR[255];  /* Current directory */
char *VIRUS;
long int VIRUSLEN;
char VIRUSNAME[255];  /* Will be set to 'd:\[path\]FINDBUG.VIR' */
char *SHORTNAME = "FINDBUG.VIR";
long int TOTALFILES=0;  /* How many total files searched */

int JUSTEXE=0;  /* Whether to search just EXE files */
char *BUF;

#define MAXNAMES 1000

typedef char *ptr;
ptr NAMES[MAXNAMES];  /* Array of MAXNAMES pointers to strings */
long int NAMESNDX = 0;  /* Index into NAMES; always points to next free */

#define EXTENDED 255
int keyhit(void)
{
	int ch;

	if ((ch=getch()) == NULL)
	/* Assumes that extended key code is next char returned, and that getch()
	   will NOT wait for a key [i.e. key will be available immediately]. */
		return (getch()+EXTENDED);
	else
		return ch;
}

void usage(void)
/* Shows usage and exits */
{
	printf( "Usage: FINDBUG [drive:] [options]\n" );
	printf( "OPTIONS\n" );
	printf( "      b  Searches boot sector\n" );
	printf( "      f  Searches all files\n" );
	printf( "      e  Searches just .COM and .EXE files.\n\n" );

	printf( "If no options are specified, both the 'b' and 'f options are assumed.\n" );
	printf( "If drive is not specified, drive defaults to currently logged drive.\n" );
	exit(1);
}

void readvirus(void)
/* Set VIRUSLEN, allocate VIRUS, read virus into it, allocate BUF */
{
	FILE *fp;

	if ( (fp=fopen(VIRUSNAME,"r")) == NULL) {
		printf( "Unable to open virus data file '%s' for reading.\n", VIRUSNAME );
		exit(1);
	}

	setmode(fileno(fp), O_BINARY);

	/* Get file length */
	if ( (VIRUSLEN=filelength(fileno(fp)))==-1 ) {
		printf( "Unable to get file length of virus data file '%s'.\n", VIRUSNAME );
		fclose(fp);
		exit(1);
	}

	VIRUS = (char *) calloc(1,(unsigned int)VIRUSLEN);
	if ( fread(VIRUS,1,VIRUSLEN,fp) != VIRUSLEN ) {
		printf( "Unable to read %ld bytes from virus data file.\n" );
		fclose(fp);
		exit(1);
	}

	fclose(fp);

	printf( "Virus is %ld bytes long.\n", VIRUSLEN );

	if ( (BUF=(char*)calloc(VIRUSLEN,1)) == NULL ) {
		printf( "Unable to allocate room for buffer.\n" );
		exit(1);
	}
}

void doboot(void)
/* Searches boot sector of drive 'DISK' for 'Dungeon' */
{
	struct fatinfo f;
	char *b;
	char text[] = "Dungeon";
	int i, j, infected=0;

	printf( "Reading boot sector:\n" );

	getfat(DISK+1,&f);  /* Add 1 because getfat() expects 1=A, etc */

	printf( "Reading boot sector of drive %c (%d bytes)\n", DISK+'A', f.fi_bysec );

	b = (char *) calloc(1,(unsigned int)f.fi_bysec);

	if (absread(DISK, 1, 0, b)) {
		printf( "Unable to read boot sector!\n\a" );
		exit(1);
	}

	/* Search image of boot sector for 'Dungeon': */
	for (i=0; (i<f.fi_bysec) && (!infected); i++)
		for (j=0; text[j]; j++) {
			if (b[i+j]!=text[j]) break;
			if (text[j+1]=='\0') infected=1;
		}

	if (infected)
		printf( "BOOT SECTOR IS INFECTED!\n\a" );
	else
		printf( "Boot sector is okay.\n" );

	free(b);
}

unsigned int NUMFILES=0;  /* How many total files searched */

void addname(n)
char *n;
/* Adds 'n' it to NAMES */
{
	printf( ": FILE IS INFECTED!\a" );

	if (NAMESNDX == MAXNAMES) {
		printf( "MORE THAN %lu INFECTED FILES!\n\a", (unsigned long int) MAXNAMES );
		exit(1);
	}
	if ( (NAMES[NAMESNDX] = (char*)calloc(strlen(n)+(size_t)1,1)) == NULL ) {
		printf( "UNABLE TO ALLOCATE ENOUGH MEMORY FOR FILENAME!\n\a" );
		exit(1);
	}

	strcpy(NAMES[NAMESNDX++],n);
}

void searchfile( name )
/* Searches file 'name' for virus code */
char *name;
{
	FILE *fp;
	long len;

	printf( "%s", name );

	if ( (fp=fopen(name,"r")) == NULL) {
		printf( "Unable to open file '%s' for reading.\n", name );
		exit(1);
	}

	setmode(fileno(fp), O_BINARY);

	/* Get file length */
	if ( (len=filelength(fileno(fp)))==-1 ) {
		printf( "Unable to get file length for file '%s'.\n", name );
		exit(1);
	}

	if (len>=VIRUSLEN) {
		TOTALFILES++;

		/* File long enough to contain virus, so check it: */
		fseek(fp,len-VIRUSLEN,SEEK_SET);
		if ( fread(BUF,1,VIRUSLEN,fp) != VIRUSLEN ) {
			printf( "Unable to read %ld bytes from file %s.\n", VIRUSLEN, name );
			exit(1);
		}

		/* Compare offset 138..1550: */
		/*    Search main body .................... or look for "MsDos" */
		if ( (!memcmp(VIRUS+138,BUF+138,1410)||!memcmp(VIRUS+0x10,BUF+0x10,5)) && (strcmp(name,SHORTNAME)) ) {
			/* Get full path of infected file: */
			addname( searchpath(name) );
		}
	} else
		printf( " (too short)" );

	printf( "\n" );
	fclose(fp);
}

void dofiles(void)
/* Search all files for virus code */
{
	int local=0;
	struct ffblk info;
	static int level=0;  /* Global level */
	int i;

	level++;

	while ((local++==0 ? !findfirst("*.*",&info,(~0)-FA_LABEL) : !findnext(&info))) {
		if (info.ff_attrib & FA_DIREC) {
			/* It's a directory */
			if (strcmp(info.ff_name,".") && strcmp(info.ff_name,"..")) {
				/* Ignore "." and ".." directories */
				for (i=0; i<level; i++) printf( "  " );
				printf( "Directory: %s\n", info.ff_name );
				chdir(info.ff_name);
				dofiles();
				chdir("..");
			}
		} else {
			if ( (!JUSTEXE) || (strstr(info.ff_name,".COM")||(strstr(info.ff_name,".EXE"))) ) {
				for (i=0; i<level; i++) printf( "  " );
				searchfile( info.ff_name );
			}
		}
	}
	level--;
}

void main(argc, argv)
int argc;
char **argv;
{
	int useboot=1, usefiles=1;  /* Whether to search boot sector and files */
	int i,j;

	printf( "FINDBUG v1.1 (2/27/89)  Copyright (c) 1988  Kim Moser  All Rights Reserved\n" );
	printf( "Finds the 'Dungeon' virus on the boot sector and/or all files\n" );
	printf( "on the specified drive (or on the current drive if no drive is specified).\n\n" );

	DISK = getdisk();  /* Because it's not legal in initialization */

	if (argc==1)  /* No args except filename */
		useboot = usefiles = 1;
	else {  /* At least 1 arg */
		for (i=1; i<min(3,argc); i++) {
			if (argv[i][1]==':') {  /* This is the drive specifier */
				if (i!=1)  /* If drive is specified, it must be the first param */
					usage();
				else
					if ( !isalpha(DISK=toupper(argv[i][0])) )
						usage();
					else  /* Valid, so convert to 0..25: */
						DISK -= 'A';
			} else {  /* Parse options */
				useboot = usefiles = 0;  /* Assume */
				for (j=0; argv[i][j]; j++)
					switch (toupper(argv[i][j])) {
						case 'E':
							JUSTEXE = 1;
							/* Fall through */
						case 'F':
							usefiles = 1;
							break;
						case 'B':
							useboot = 1;
							break;
						default:
							usage();
					}
			}
		}
	}

	printf( "Will search " );
	if (useboot) printf( "boot sector " );
	if (useboot && usefiles) printf( "and " );
	if (usefiles)
		printf( "%s files ", JUSTEXE ? "just .COM and .EXE" : "all" );
	if (useboot || usefiles) printf( "on " );
	printf( "drive %c: for virus\n", DISK+'A' );

	/* Set VIRUSNAME to same directory as FINDBUG.EXE: */
	strcpy( VIRUSNAME, argv[0] );
	for (i=strlen(VIRUSNAME)-1; VIRUSNAME[i]!='\\'; i-- ); 	/* Find last '\\' */
	/* Overwrite filename: */
	strcpy(VIRUSNAME+ ++i, SHORTNAME );

	readvirus();

	OLDDISK = getdisk();  /* Remember current drive */
	setdisk(DISK);  /* Log to requested drive */
	if ( getcwd(OLDDIR,255)==NULL ) {
		printf( "Unable to read current directory.\n" );
		exit(1);
	}

	if (useboot)
		doboot();
	if (usefiles) {
		printf( "Searching self: " );
		searchfile( argv[0] );
		printf( "\nSearching " );
		if (JUSTEXE) printf( ".COM and .EXE " ); else printf( "ALL ");
		printf( "files on drive %c:\n\n", DISK+'A' );
		dofiles();
	}

	printf( "\n%4ld total file(s) searched.\n", TOTALFILES );
	printf( "%4ld infected file(s) found.\n", NAMESNDX );
	if (NAMESNDX) {
		printf( "\nPlease delete the following infected files:\n" );
		for (i=0; i<NAMESNDX; i++)
			printf( "%s\n", NAMES[i] );
	}

	free(VIRUS);
	free(BUF);
	for (i=0; i<NAMESNDX; free(NAMES[i++]) );

	setdisk(OLDDISK);  /* Log to previous drive */
	chdir(OLDDIR);  /* Change to previous dir */

	if (NAMESNDX) {
		printf( "\nHIT ANY KEY TO CONTINUE.\n\a" );
		keyhit();
	}
}