Device Insertion Monitor (DIM)

1. // I call it a device insertion monitor, and it is used to monitor any media or USB devices that are inserted or plugged into the PC.
2. // This can also serve as a virus transmission tool since a virus can replicate itself upon media/device detection to be transmitted to // other victims via USB drives for example. But that is another subject that we can discuss later...
3. // For now, this program is capable of detecting CD/DVD media and USB devices and capturing fundamental information. I will work on it when //I get home, to print more data on the machines...
4. // A notable mention is that I used the RegisterDeviceNotification API to "record" USB devices.
5. // This is absolutely necessary since DBT_DEVICEARRIVAL / DBT_DEVICEREMOVECOMPLETE messages are sent by default for CD/DVD ROMs, but not for USBs.
6.  
7. #include <windows.h>
8. #include <dbt.h>
9. #include <assert.h>
10. #include <atlstr.h>
11. #include <Setupapi.h>
12. #include <GdiPlus.h>
13. using namespace Gdiplus;
14.  
15. #pragma comment(lib, "gdiplus")
16. #pragma comment(lib, "Setupapi")
17.  
18. char *dupcat(const char *s1, ...){
19.     int len;
20.     char *p, *q, *sn;
21.     va_list ap;
22.  
23.     len = strlen(s1);
24.     va_start(ap, s1);
25.     while (1) {
26.         sn = va_arg(ap, char *);
27.         if (!sn)
28.             break;
29.         len += strlen(sn);
30.     }
31.     va_end(ap);
32.  
33.     p = new char[len + 1];
34.     strcpy(p, s1);
35.     q = p + strlen(p);
36.  
37.     va_start(ap, s1);
38.     while (1) {
39.         sn = va_arg(ap, char *);
40.         if (!sn)
41.             break;
42.         strcpy(q, sn);
43.         q += strlen(q);
44.     }
45.     va_end(ap);
46.  
47.     return p;
48. }
49.  
50. //Global id for raw USB devices
51. GUID raw = {0xa5dcbf10, 0x6530, 0x11d2, 0x90, 0x1f, 0x00, 0xc0, 0x4f, 0xb9, 0x51, 0xed };
52.  
53. char FirstDriveFromMask(ULONG unitmask)
54. {
55.     char i;
56.  
57.     for (i = 0; i < 26; ++i)
58.     {
59.         if (unitmask & 0x1)
60.             break;
61.         unitmask = unitmask >> 1;
62.     }
63.  
64.     return(i + 'A');
65. }
66.  
67. void AddText(HWND edit, LPCTSTR Text)
68. {
69.     int len = GetWindowTextLength(edit);
70.     SendMessage(edit, EM_SETSEL, (WPARAM)len, (LPARAM)len);
71.     SendMessage(edit, EM_REPLACESEL, 0, (LPARAM)Text);
72. }
73.  
74. #define APP MAKEINTRESOURCE(101)
75. #define APPSMALL MAKEINTRESOURCE(102)
76. HWND hwnd, devType, devFriendlyName, devInfo;
77. LRESULT CALLBACK WndProc(HWND, UINT, WPARAM, LPARAM);
78. static char gszClassName[] = "Ath";
79. static HINSTANCE ghInstance = NULL;
80.  
81. /*
82.     The following code is not mine!
83.     It is copied and modified for my needs from this article http://www.codeproject.com/Articles/14500/Detecting-Hardware-Insertion-and-or-Removal
84.     Credits to Sam NG
85. */
86.  
87. TCHAR *UpdateDevice(PDEV_BROADCAST_DEVICEINTERFACE pDevInf, WPARAM wParam)
88. {
89.     // dbcc_name:
90.     // \\?\USB#Vid_04e8&Pid_503b#0002F9A9828E0F06#{a5dcbf10-6530-11d2-901f-00c04fb951ed}
91.     // convert to
92.     // USB\Vid_04e8&Pid_503b\0002F9A9828E0F06
93.     assert(lstrlen(pDevInf->dbcc_name) > 4);
94.     CString szDevId = pDevInf->dbcc_name + 4;
95.     int idx = szDevId.ReverseFind(_T('#'));
96.     assert(-1 != idx);
97.     szDevId.Truncate(idx);
98.     szDevId.Replace(_T('#'), _T('\\'));
99.     szDevId.MakeUpper();
100.  
101.     CString szClass;
102.     idx = szDevId.Find(_T('\\'));
103.     assert(-1 != idx);
104.     szClass = szDevId.Left(idx);
105.  
106.     // if we are adding device, we only need present devices
107.     // otherwise, we need all devices
108.     DWORD dwFlag = DBT_DEVICEARRIVAL != wParam
109.         ? DIGCF_ALLCLASSES : (DIGCF_ALLCLASSES | DIGCF_PRESENT);
110.     HDEVINFO hDevInfo = SetupDiGetClassDevs(NULL, szClass, NULL, dwFlag);
111.     if (INVALID_HANDLE_VALUE == hDevInfo)
112.     {
113.         return NULL;
114.     }
115.  
116.     SP_DEVINFO_DATA* pspDevInfoData =
117.         (SP_DEVINFO_DATA*)HeapAlloc(GetProcessHeap(), 0, sizeof(SP_DEVINFO_DATA));
118.     pspDevInfoData->cbSize = sizeof(SP_DEVINFO_DATA);
119.     for (int i = 0; SetupDiEnumDeviceInfo(hDevInfo, i, pspDevInfoData); i++)
120.     {
121.         DWORD DataT;
122.         DWORD nSize = 0;
123.         TCHAR buf[MAX_PATH];
124.  
125.         if (!SetupDiGetDeviceInstanceId(hDevInfo, pspDevInfoData, buf, sizeof(buf), &nSize))
126.         {
127.             break;
128.         }
129.  
130.         if (szDevId == buf)
131.         {
132.             // device found
133.             if (SetupDiGetDeviceRegistryProperty(hDevInfo, pspDevInfoData,
134.                 SPDRP_FRIENDLYNAME, &DataT, (PBYTE)buf, sizeof(buf), &nSize)) {
135.                 // do nothing
136.             }
137.             else if (SetupDiGetDeviceRegistryProperty(hDevInfo, pspDevInfoData,
138.                 SPDRP_DEVICEDESC, &DataT, (PBYTE)buf, sizeof(buf), &nSize)) {
139.                 // do nothing
140.             }
141.             else {
142.                 lstrcpy(buf, _T("Unknown"));
143.             }
144.             TCHAR *ret = new TCHAR[260];
145.             _tcscpy(ret, buf);
146.             return ret;
147.             // update UI
148.             // .....
149.             // .....
150.         }
151.     }
152.  
153.     if (pspDevInfoData) HeapFree(GetProcessHeap(), 0, pspDevInfoData);
154.     SetupDiDestroyDeviceInfoList(hDevInfo);
155.     return NULL;
156. }
157.  
158. void GDIPLUS(HDC hdc, int drvIndex = -1){
159.     Graphics graphics(hdc);
160.     wchar_t *title = L"Device insertion monitor";
161.     wchar_t *author = L"Athenian - Rohitab forums";
162.  
163.     //labels
164.     wchar_t *dev_type = L"Device type: ";
165.     wchar_t *dev_name = L"Device name: ";
166.     wchar_t *dev_info = L"Device information: ";
167.  
168.     FontFamily family(L"Verdana");
169.     FontFamily family2(L"Calibri");
170.     Font font(&family, 25, FontStyleRegular, UnitPixel);
171.     Font font2(&family2, 15, FontStyleRegular, UnitPixel);
172.  
173.     SolidBrush sbrush(Color::White);
174.     graphics.DrawString(title, wcslen(title), &font, PointF(20, 20), &sbrush);
175.     graphics.DrawString(author, wcslen(author), &font2, PointF(20, 60), &sbrush);
176.  
177.     //draw labels
178.     graphics.DrawString(dev_type, wcslen(dev_type), &font2, PointF(20, 120), &sbrush);
179.     graphics.DrawString(dev_name, wcslen(dev_name), &font2, PointF(20, 180), &sbrush);
180.     graphics.DrawString(dev_info, wcslen(dev_info), &font2, PointF(20, 240), &sbrush);
181. }
182.  
183. int WINAPI WinMain(HINSTANCE hInstance,
184.     HINSTANCE hPrevInstance,
185.     LPSTR lpCmdLine,
186.     int nCmdShow)
187. {
188.     WNDCLASSEX WndClass;
189.     MSG Msg;
190.     ghInstance = hInstance;
191.  
192.     WndClass.cbSize = sizeof(WNDCLASSEX);
193.     WndClass.style = NULL;
194.     WndClass.lpfnWndProc = WndProc;
195.     WndClass.cbClsExtra = 0;
196.     WndClass.cbWndExtra = 0;
197.     WndClass.hInstance = ghInstance;
198.     WndClass.hIcon = LoadIcon(hInstance, APP);
199.     WndClass.hCursor = LoadCursor(NULL, IDC_ARROW);
200.     WndClass.hbrBackground = CreateSolidBrush(RGB(20, 100, 200));
201.     WndClass.lpszMenuName = 0;
202.     WndClass.lpszClassName = gszClassName;
203.     WndClass.hIconSm = LoadIcon(hInstance, APPSMALL);
204.  
205.     RegisterClassEx(&WndClass);
206.     hwnd = CreateWindowEx(
207.         0,
208.         gszClassName,
209.         "Device monitor",
210.         WS_OVERLAPPEDWINDOW,
211.         CW_USEDEFAULT, CW_USEDEFAULT,
212.         800, 600,
213.         NULL, NULL,
214.         ghInstance,
215.         NULL);
216.  
217.     devType = CreateWindow(
218.         "edit",
219.         0,
220.         WS_CHILD | WS_VISIBLE,
221.         160, 120,
222.         350, 20,
223.         hwnd, 0,
224.         ghInstance,
225.         NULL);
226.  
227.     devFriendlyName = CreateWindow(
228.         "edit",
229.         0,
230.         WS_CHILD | WS_VISIBLE,
231.         160, 180,
232.         350, 20,
233.         hwnd, 0,
234.         ghInstance,
235.         NULL);
236.  
237.     devInfo = CreateWindow(
238.         "edit",
239.         0,
240.         WS_CHILD | WS_VISIBLE,
241.         160, 240,
242.         350, 200,
243.         hwnd, 0,
244.         ghInstance,
245.         NULL);
246.  
247.     ShowWindow(hwnd, 1);
248.     UpdateWindow(hwnd);
249.  
250.     SendMessage(devType, EM_SETREADONLY, 1, 0);
251.     SendMessage(devFriendlyName, EM_SETREADONLY, 1, 0);
252.     SendMessage(devInfo, EM_SETREADONLY, 1, 0);
253.  
254.     while (GetMessage(&Msg, NULL, 0, 0)) {
255.         TranslateMessage(&Msg);
256.         DispatchMessage(&Msg);
257.     }
258.     return Msg.wParam;
259. }
260.  
261. BOOL RegisterDevice(GUID InterfaceClassGuid, HWND __hWnd, HDEVNOTIFY *hDeviceNotify)
262. {
263.     DEV_BROADCAST_DEVICEINTERFACE NotificationFilter;
264.  
265.     ZeroMemory(&NotificationFilter, sizeof(NotificationFilter));
266.     NotificationFilter.dbcc_size = sizeof(DEV_BROADCAST_DEVICEINTERFACE);
267.     NotificationFilter.dbcc_devicetype = DBT_DEVTYP_DEVICEINTERFACE;
268.     NotificationFilter.dbcc_classguid = InterfaceClassGuid;
269.  
270.     *hDeviceNotify = RegisterDeviceNotification(
271.         __hWnd,
272.         &NotificationFilter,
273.         DEVICE_NOTIFY_WINDOW_HANDLE
274.         );
275.  
276.     if (NULL == *hDeviceNotify)
277.     {
278.         return FALSE;
279.     }
280.  
281.     return TRUE;
282. }
283.  
284. LRESULT CALLBACK WndProc(HWND hwnd, UINT Message, WPARAM wParam, LPARAM lParam) {
285.     HDC hdc;
286.     PAINTSTRUCT ps;
287.     //BRODCAST_HDR is used for generic identification of devices
288.     PDEV_BROADCAST_HDR lpdb = (PDEV_BROADCAST_HDR)lParam;
289.     GdiplusStartupInput gdiplusStartupInput;
290.     ULONG_PTR           gdiplusToken;
291.     GdiplusStartup(&gdiplusToken, &gdiplusStartupInput, NULL);
292.  
293.     HDEVNOTIFY notify;
294.  
295.     switch (Message) {
296.  
297.     case WM_CREATE:
298.             //For USB devices,the device type is DBT_DEVTYP_DEVICEINTERFACE
299.             //DBT_DEVICEARRIVAL/DBT_DEVICEREMOVECOMPLETE are sent by default for all
300.             //the devices,but not for USB type.
301.             //We need to register them with RegisterDeviceNotification
302.          
303.         if (!RegisterDevice(raw, hwnd, &notify))
304.             ExitProcess(0);
305.         break;
306.          
307.     case WM_DEVICECHANGE:
308.     {
309.                             switch (wParam)
310.                             {
311.                             case DBT_DEVICEARRIVAL:
312.  
313.                                 // Check for USB devices
314.                                 if (lpdb->dbch_devicetype == DBT_DEVTYP_DEVICEINTERFACE){
315.                                     PDEV_BROADCAST_DEVICEINTERFACE usb = (PDEV_BROADCAST_DEVICEINTERFACE)lpdb;
316.                                     SetWindowText(devType, "USB");
317.                                     MessageBox(hwnd, "An usb device has been inserted!", "USB", 0);
318.                                     TCHAR *name = UpdateDevice(usb, wParam);
319.                                     if (name)
320.                                         SetWindowText(devFriendlyName, name);
321.                                 }
322.  
323.                                 // Check whether a CD or DVD was inserted into a drive.
324.                                 if (lpdb->dbch_devicetype == DBT_DEVTYP_VOLUME)
325.                                 {
326.                                     PDEV_BROADCAST_VOLUME lpdbv = (PDEV_BROADCAST_VOLUME)lpdb;
327.  
328.                                     if (lpdbv->dbcv_flags & DBTF_MEDIA)
329.                                     {
330.                                         SetWindowText(devType, "CD / DVD");
331.                                         char *drive = (char *)FirstDriveFromMask(lpdbv->dbcv_unitmask);
332.                                         MessageBox(0, dupcat("Drive: - Media inserted!", 0) , "CD/DVD", 0);
333.                                     }
334.                                 }
335.                                 break;
336.  
337.                             case DBT_DEVICEREMOVECOMPLETE:
338.                                 SetWindowText(devType, 0);
339.                                 SetWindowText(devFriendlyName, 0);
340.                                 SetWindowText(devInfo, 0);
341.  
342.                                 // Check for USB devices
343.                                 if (lpdb->dbch_devicetype == DBT_DEVTYP_DEVICEINTERFACE){
344.                                     PDEV_BROADCAST_DEVICEINTERFACE usb = (PDEV_BROADCAST_DEVICEINTERFACE)lpdb;
345.                                     MessageBox(hwnd, "An usb device has been removed!", "USB", 0);
346.                                 }
347.  
348.                                 // Check whether a CD or DVD was removed from a drive.
349.                                 if (lpdb->dbch_devicetype == DBT_DEVTYP_VOLUME)
350.                                 {
351.                                     PDEV_BROADCAST_VOLUME lpdbv = (PDEV_BROADCAST_VOLUME)lpdb;
352.  
353.                                     if (lpdbv->dbcv_flags & DBTF_MEDIA)
354.                                     {
355.                                         char *drive = (char *)FirstDriveFromMask(lpdbv->dbcv_unitmask);
356.                                         MessageBox(0, dupcat("Drive: - Media removed!", 0), "CD/DVD", 0);
357.                                     }
358.                                 }
359.                                 break;
360.  
361.                             default:
362.                                 //Process other WM_DEVICECHANGE notifications for other
363.                                 //devices or reasons.
364.                                 ;
365.                             }
366.     }
367.         break;
368.     case WM_PAINT:
369.         hdc = BeginPaint(hwnd, &ps);
370.         GDIPLUS(hdc);
371.         EndPaint(hwnd, &ps);
372.         break;
373.     case WM_CLOSE:
374.         DestroyWindow(hwnd);
375.         break;
376.     case WM_DESTROY:
377.         PostQuitMessage(0);
378.         break;
379.     default:
380.         return DefWindowProc(hwnd, Message, wParam, lParam);
381.     }
382.     return 0;
383. }