ANTI EXPLOIT BITS

//fichier AntiBITS.h
int KILLJOB = 1;
int REMOVEFILE = 2;


//AntiBITS.cpp
#define _WIN32_WINNT 0x0400
#define _WIN32_DCOM

#include <stdio.h>
#include <windows.h>
#include <objbase.h>
#include <bits.h>
#include "AntiBITS.h"

#pragma hdrstop
#pragma comment(lib, "bits.lib")
#pragma comment(lib, "ole32.lib")


int AntiBITSModeValue;

bool startwith(LPWSTR word, char* start){
if(wcslen(word) < strlen(start)) return false;
for(int i = 0; i < strlen(start); i++){
	//printf("compare %c %c\n", start[i], word[i]);
	if(start[i] != word[i]) return false;
}
return true;
}
int handleFile(LPWSTR pLocalFileName = NULL, LPWSTR pRemoteFileName = NULL){

	printf("[file found]\n %ws, %ws \n", pLocalFileName, pRemoteFileName);

	char* black = "http://www.reconstructer.org";
	if(startwith(pRemoteFileName, black)) return S_FALSE;

	//if the file is not allowed, return S_FALSE;
	return S_OK;
}

void jobStatistics(IBackgroundCopyJob* pJob){

	LPWSTR data;
    BG_JOB_STATE jobState;
	CHAR* word;	
	BG_JOB_PROGRESS progress;

	pJob->GetDisplayName(&data); printf("%ws \n", data);
	pJob->GetOwner(&data ); printf("owned by %ws \n", data);
	pJob->GetState( &jobState);

	switch(jobState){
		case BG_JOB_STATE_QUEUED:
			word="Queued";
			break;

		case BG_JOB_STATE_CONNECTING:
			word = "connecting";	
break;
		case BG_JOB_STATE_TRANSFERRING:
			word="transferring";
break;
		case BG_JOB_STATE_SUSPENDED:
			word="suspended";
break;
		case BG_JOB_STATE_ERROR:
			word="error";
break;
		case BG_JOB_STATE_TRANSIENT_ERROR:
			word="transient error";
break;
		case BG_JOB_STATE_TRANSFERRED:
			word="transeferd";
		break;

		case BG_JOB_STATE_ACKNOWLEDGED:
			word="acknowledged";
break;

		case BG_JOB_STATE_CANCELLED:
			word="canceled";
break;
	}
	printf("state: %s \n", word);
/*

typedef enum 
{
  BG_JOB_STATE_QUEUED,
  BG_JOB_STATE_CONNECTING,
  BG_JOB_STATE_TRANSFERRING,
  BG_JOB_STATE_SUSPENDED,
  BG_JOB_STATE_ERROR,
  BG_JOB_STATE_TRANSIENT_ERROR,
  BG_JOB_STATE_TRANSFERRED,
  BG_JOB_STATE_ACKNOWLEDGED,
  BG_JOB_STATE_CANCELLED
}BG_JOB_STATE;


*/
//	printf("%ws, priority %i \n", data);
//	HRESULT GetPriority( BG_JOB_PRIORITY* pPriority); */

//	HRESULT GetType(  BG_JOB_TYPE* pJobType ); 


/*typedef struct _BG_JOB_PROGRESS {
  UINT64 BytesTotal;
  UINT64 BytesTransferred;
  ULONG FilesTotal;
  ULONG FilesTransferred;
} BG_JOB_PROGRESS;
*/

	pJob->GetProgress( &progress); 
	printf(" %i bytes on %i already transfered,%i files on %i files \n",
		progress.BytesTransferred, progress.BytesTotal, progress.FilesTransferred, progress.FilesTotal);


 //HRESULT GetDescription( LPWSTR* ppDescription); */



}

/**
 Perform security test on a BITS job !
*/
int handleJob(IBackgroundCopyJob* pJob){
	printf("[BITS Job found]\n");
	jobStatistics(pJob);
	 HRESULT hr;
	   HRESULT 	hresult = S_OK;
	IEnumBackgroundCopyFiles* pFiles = NULL;
	IBackgroundCopyFile* pFile = NULL;
	LPWSTR pLocalFileName = NULL;
	LPWSTR pRemoteFileName = NULL;
	ULONG cFileCount = 0;
	ULONG idx = 0;


hr = pJob->EnumFiles(&pFiles);
if(hr != S_OK){
	printf("Error: unable to retreive the files list of the current job !");
	return S_FALSE;
}

  //Get the count of files in the job. 
  pFiles->GetCount(&cFileCount);
  printf("%i files found for the current job\n" , cFileCount);
  //Enumerate the files in the job.
  for (idx=0; idx<cFileCount; idx++)
  {
    hr = pFiles->Next(1, &pFile, NULL);
    if (S_OK == hr)
    {
      //Get the local name of the file.
      hr = pFile->GetLocalName(&pLocalFileName);
	  hr = pFile->GetRemoteName(&pRemoteFileName);
     
	  hr = handleFile(pLocalFileName, pRemoteFileName);
	  if(hr != S_OK){
		  //Cancel();
		  printf("> unauthorized transfert detected \n");
	      printf("> AntiBITS policy: %i \n", AntiBITSModeValue);
		
		  if(AntiBITSModeValue == KILLJOB){
			hr = pJob->Cancel();
			char* msg = "failed";
			if(hr == S_OK) msg = "success";
			printf(">> kill the job ... %s \n", msg);
			
		   break;
		 }

		 if(AntiBITSModeValue == REMOVEFILE){	
		   //hr = pJob->Cancel();
			char*  msg = "NON IMPLEMENTED";
		   printf(" >> remove the unauthorized file transfert ... %s \n", msg);
		   break;
		 }
	  }else{
		  printf("> file authorized \n");
	  }

      pFile->Release();
      pFile = NULL;
    }
    else
    {
      //Handle error
      hresult =   S_FALSE;
    break;

    }

	hresult = S_OK;
  }

  pFiles->Release();
  pFiles = NULL;

  return hresult;

}


int main()
{
  HRESULT hresult;
  //Use the IBackgroundCopyManager interface to create transfer jobs, retrieve an enumerator object that contains the jobs in the queue, and to retrieve individual jobs from the queue.
  //http://msdn2.microsoft.com/en-us/library/aa363050.aspx
  IBackgroundCopyManager * bgcopyman;
  ULONG idx = 0;
  ULONG cJobCount = 0;
  GUID jobid;

  IEnumBackgroundCopyJobs* pEnumJobs;
  IBackgroundCopyJob* pJob = NULL;

  AntiBITSModeValue   = KILLJOB;
  hresult = CoInitializeEx(NULL,COINIT_APARTMENTTHREADED);  
   
  if(SUCCEEDED(hresult))  
  {  
   hresult = CoInitializeSecurity(NULL,-1,NULL,NULL,  
                                 RPC_C_AUTHN_LEVEL_CONNECT,  
                                 RPC_C_IMP_LEVEL_IMPERSONATE,  
                                 NULL,EOAC_NONE,0);  
    
	if(SUCCEEDED(hresult))  
		hresult = CoCreateInstance(CLSID_BackgroundCopyManager,
                              0,  
                              CLSCTX_ALL,  
                              IID_IBackgroundCopyManager,  
                              (LPVOID *)&bgcopyman);     
   
  }
 
  if (hresult!=S_OK)
  {
	//"erreur lors de l'initialisation des composants !"
  }

/*
HRESULT EnumJobs(
  DWORD dwFlags,
  IEnumBackgroundCopyJobs** ppEnumJobs
);
*/
 hresult = bgcopyman -> EnumJobs(BG_JOB_ENUM_ALL_USERS, &pEnumJobs);
 if(hresult == E_ACCESSDENIED){
	 printf("The user must be an administrator or belong to an administrator group to enumerate jobs owned by another user.\n");
	printf("Will check only user's jobs.\n");
	hresult = bgcopyman -> EnumJobs(NULL, &pEnumJobs);
	if(hresult != S_OK){
		printf("Fatal error : unable to start checks.\n");
	}

  return -1;
}
  printf("Successfull initialisations \n");
  hresult =  pEnumJobs -> GetCount(&cJobCount);
  printf("%i jobs found in the transfer queue \n" , cJobCount);
  //Enumerate the jobs in the queue.
  for (idx=0; idx<cJobCount; idx++)
  {

	/*HRESULT Next(
	ULONG celt,
	IBackgroundCopyJob** rgelt,
	ULONG* pceltFetched
	);
	*/
	  hresult = pEnumJobs->Next(1, &pJob, NULL);
    if (S_OK == hresult)
    {
      //Retrieve or set job properties.
	  handleJob(pJob);
	  
      pJob->Release();
	  pJob = NULL;
	  
    }
    else
    {
      //Handle error
      break;
    }
  }

  pEnumJobs->Release();
  pEnumJobs = NULL;

  CoUninitialize();
  return 0;
}