PE-sieve
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
Loading...
Searching...
No Matches
path_util.cpp
Go to the documentation of this file.
1#include "path_util.h"
2
3#include "format_util.h"
4
5char* pesieve::util::get_subpath_ptr(char *modulePath, char* searchedPath)
6{
7 if (modulePath == nullptr || searchedPath == nullptr) {
8 return nullptr;
9 }
10 size_t modNameLen = strlen(modulePath);
11 size_t sysPathLen = strlen(searchedPath);
12 size_t i = 0;
13 for (; i < modNameLen && i < sysPathLen; i++) {
14 char c1 = tolower(modulePath[i]);
15 char c2 = tolower(searchedPath[i]);
16 if (c1 == '/') c1 = '\\'; //normalize
17 if (c1 != c2) {
18 break;
19 }
20 }
21 if (i == sysPathLen) {
22 return modulePath + i;
23 }
24 return nullptr;
25}
26
27std::string pesieve::util::escape_path_separators(std::string path)
28{
29 size_t pos = std::string::npos;
30 size_t prev = 0;
31 const char to_escape = '\\';
32 const std::string escaped = "\\\\";
33 do
34 {
35 pos = path.find(to_escape, prev);
36 if (pos == std::string::npos) break;
37
38 path.replace(pos, 1, escaped);
39 prev = pos + escaped.length();
40
41 } while (pos < path.length() && prev < path.length());
42
43 return path;
44}
45
46std::string pesieve::util::get_system_drive()
47{
48 char buf[MAX_PATH] = { 0 };
49 if (!GetWindowsDirectoryA(buf, MAX_PATH)) {
50 return "";
51 }
52 buf[2] = '\0'; // cut after the drive letter
53 return std::string(buf);
54}
55
56std::string get_full_path(const char* szPath)
57{
58 char out_buf[MAX_PATH] = { 0 };
59 if (GetFullPathNameA(szPath, MAX_PATH, out_buf, nullptr) == 0) {
60 return "";
61 }
62 return out_buf;
63}
64
65bool pesieve::util::dir_exists(const char* szPath)
66{
67 DWORD dwAttrib = GetFileAttributes(szPath);
68
69 return (dwAttrib != INVALID_FILE_ATTRIBUTES &&
70 (dwAttrib & FILE_ATTRIBUTE_DIRECTORY));
71}
72
73bool pesieve::util::create_dir_recursively(const std::string& in_path)
74{
75 std::string path = get_full_path(in_path.c_str());
76 if (path.length() == 0) path = in_path;
77
78 if (dir_exists(path.c_str())) {
79 return true;
80 }
81 size_t pos = 0;
82 do
83 {
84 pos = path.find_first_of("\\/", pos + 1);
85 if (CreateDirectoryA(path.substr(0, pos).c_str(), NULL) == FALSE) {
86 if (GetLastError() != ERROR_ALREADY_EXISTS) {
87 return false;
88 }
89 }
90 } while (pos != std::string::npos);
91 return true;
92}
93
94std::string pesieve::util::strip_prefix(std::string path, std::string prefix)
95{
96 const size_t prefix_len = prefix.length();
97 if (prefix_len == 0) {
98 return path;
99 }
100 // case insensitive:
101 std::string my_path = to_lowercase(path);
102 prefix = to_lowercase(prefix);
103
104 size_t found_index = my_path.find(prefix);
105 if (found_index != std::string::npos
106 && found_index == 0) //the found string must be at the beginning
107 {
108 path.erase(found_index, prefix_len);
109 }
110 return path;
111}
112
format_util.h
pesieve::util::dir_exists
bool dir_exists(const char *path)
Definition path_util.cpp:65
pesieve::util::create_dir_recursively
bool create_dir_recursively(const std::string &path)
Definition path_util.cpp:73
pesieve::util::get_subpath_ptr
char * get_subpath_ptr(char *modulePath, char *searchedPath)
Definition path_util.cpp:5
pesieve::util::strip_prefix
std::string strip_prefix(std::string path, std::string prefix)
Definition path_util.cpp:94
pesieve::util::to_lowercase
std::string to_lowercase(std::string)
Definition strings_util.cpp:6
pesieve::util::get_system_drive
std::string get_system_drive()
Definition path_util.cpp:46
pesieve::util::DWORD
DWORD(__stdcall *_PssCaptureSnapshot)(HANDLE ProcessHandle
pesieve::util::escape_path_separators
std::string escape_path_separators(std::string path)
Definition path_util.cpp:27
pesieve.MAX_PATH
int MAX_PATH
Definition pesieve.py:11
get_full_path
std::string get_full_path(const char *szPath)
Definition path_util.cpp:56
path_util.h
Generated by doxygen 1.17.0