Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- -- Creates a copy of the shell API in a separate table and returns said table.
- function getShellCopy()
- local shellCopy = {}
- for itemIndex, item in pairs(shell) do
- shellCopy[itemIndex] = item
- end
- return shellCopy
- end
- -- Creates a copy of the fs API and returns it.
- function getFsCopy()
- local fsCopy = {}
- for itemIndex, item in pairs( _G["fs"] ) do
- fsCopy[itemIndex] = item
- end
- return fsCopy
- end
- -- Creates a copy of the io API and returns it.
- function getIoCopy()
- local ioCopy = {}
- for itemIndex, item in pairs( _G["io"] ) do
- ioCopy[itemIndex] = item
- end
- return ioCopy
- end
- -- Creates a copy of the os API and returns it.
- function getOsCopy()
- local osCopy = {}
- for itemIndex, item in pairs( _G["os"] ) do
- osCopy[itemIndex] = item
- end
- return osCopy
- end
- -- Checks if a file that is a lightshot recording that is
- -- of a version before 1.2 is malicious or simply illegeal.
- -- Returns true if the given line contains malicious code,
- -- and false if not.
- function checkFileForVirus(filePath)
- -- Get a file handle and the contents of the file.
- local fileHandle = fs.open(filePath, 'r')
- local fileContents = fileHandle.readAll()
- fileHandle.close()
- -- Create a copy of the shell, fs, and io API's, plus the os.run function.
- local old_shell = getShellCopy()
- local old_fsAPI = getFsCopy()
- local old_ioAPI = getIoCopy()
- local old_osAPI = getOsCopy()
- local old_sleep = _G["sleep"]
- local old_print = _G["print"]
- local old_write = _G["write"]
- -- Replace shell API.
- local dummy_shell = {}
- for shellItemIndex, shellItem in pairs(old_shell) do
- dummy_shell[shellItemIndex] = function( ... )
- error("Unauthorized shell call: " .. shellItemIndex .. '!')
- end
- end
- shell = dummy_shell
- -- Replace fs API.
- for fsItemIndex, fsItem in pairs(old_fsAPI) do
- _G["fs"][fsItemIndex] = function( ... )
- error("Unauthorized fs call: " .. fsItemIndex .. '!')
- end
- end
- -- Replace io API.
- for ioItemIndex, ioItem in pairs(old_ioAPI) do
- _G["io"][ioItemIndex] = function( ... )
- error("Unauthorized io call: " .. ioItemIndex .. '!')
- end
- end
- -- Replace os API.
- for osItemIndex, osItem in pairs(old_osAPI) do
- _G["os"][osItemIndex] = function( ... )
- error("Unauthorized os call: " .. osItemIndex .. '!')
- end
- end
- -- Replace the sleep function so that we can run through this recording much, much faster.
- _G["sleep"] = function( ... )
- end
- -- Replace the print and write functions so that we don't get the end of recording message from the recording.
- _G["write"] = function( ... )
- end
- _G["print"] = function( ... )
- end
- -- Load the line into a function as a string, then run the function with
- -- a limited environment. However, the terminal is available.
- local recordingAsFunction, errorMessage = loadstring(fileContents)
- -- Check for errors in the line before continuing.
- if errorMessage then
- print("Error: " .. errorMessage .. " in file " .. filePath .. '.')
- return true
- end
- -- Now that the APIs are replaced, run the file with a protected call and capture the error.
- local _, virusError = pcall(recordingAsFunction)
- -- Restore all of the APIs back to their original state.
- shell = old_shell
- _G["fs"] = old_fsAPI
- _G["io"] = old_ioAPI
- _G["os"] = old_osAPI
- _G["sleep"] = old_sleep
- _G["write"] = old_write
- _G["print"] = old_print
- -- If we captured an error, then return true and the error because this line is probably a virus.
- if virusError then
- return true, virusError
- end
- -- If there was no error, then return false because this is probably not a virus.
- return false
- end
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement