SystemProtecter

1. { Written by Kulverstukas on 2010.02.20 for EZ community - evilzone.org || last update: 2010.04.03 }
2.  
3. program SystemProtekter;
4.  uses SysUtils, Crt, Windows, Dos;
5.   var original_autoexec, original_boot, original_ntldr, original_hal, original_config, original_io, original_ntdetect, original_msdos,
6.       backup_autoexec, backup_boot, backup_ntldr, backup_hal, backup_config, backup_io, backup_ntdetect, backup_msdos : File of byte;
7.  
8.       // homedrive_envvar, homedrive_autoexec_orig, system32_var, homedrive_autoexec_bak : pchar;
9. //=================================
10. {
11.   check if backup folder exist in designated location, if folder exists, check if files exist in the backup folder,
12.   if files exist, then say that it's all cool and exit. If files in backup folder doesn't exist then copy them
13.   If backup folder doesn't exist then create one and copy files from WINDOWS dir. However, if files in WINDOWS dir
14.   doesn't exist, then copy them from backup folder to WINDOWS dir. *If files in SYSTEM are different in size then
15.   backup files, then remove the SYSTEM files and copy backup ones*.
16.   *** Caution: this program was written assuming that if you run this program for the first time, files that are
17.   critical for system boot already exist in WINDOWS dir.
18. }
19.      {$I-}     // disable IO checking. If folder/file exists then do what is written instead of halting.
20.  
21. //=================================
22. {
23.   "FileAge" returns the last modification time of file "FileName". The "RawDate" format can be transformed to
24.   "TDateTime" format with the "FileDateToDateTime" function.
25. }
26. function GetTimeStamp(FileName : string);   //*** GetTimeStamp starts from this line
27.  var DateTime : TDateTime;
28.      RawDate : longint;
29. begin
30.  RawDate   := FileAge(FileName);   // Get the Time Stamp in it's raw stage - not readable to humans.
31.   if RawDate <> -1 then            // If something goes wrong then -1 is returned
32.    begin
33.  DateTime  := FileDateToDateTime(RawDate);  // Second stage transformation - still not readable to humans.
34.  Writeln(DateTimeToStr(DateTime));          // Third stage transformation - now it's readable.
35.    end
36.   else
37.    begin
38.  TextColor(Red);
39.  WriteLn('Malfunction');    // Write this if anything goes wrong
40.  TextColor(white);
41.    end;
42. end;
43. //=================================
44. {
45.   Environmental Variables does not work with CopyFile(); because procedure in SysUtils is like this:
46.   CopyFile(const FileName, NewFileName:string; SkipIfExists:boolean);
47.   So to use Environmental Variables they have to be in raw text and not stored into a variable.
48.   Whatever written between '' is used directly with no conversion. So if "%systemdrive%" was written instead of
49.   "C:", compiler will think that "%systemdrive%" is a name of disk.
50. }
51. procedure copy_windows_files;    //*** windows file copying from windows starts from this line
52.  begin
53. {
54.        homedrive_envvar := SysUtils.GetEnvironmentVariable('systemdrive');
55.        homedrive_autoexec_orig := homedrive_envvar+'\autoexec.bat';
56.        homedrive_autoexec_bak := homedrive_envvar+'\Documents and Settings\SystemProtekter\autoexec.b4ckup';
57.        system32_var  := SysUtils.GetEnvironmentVariable('windir');
58. }
59.         CopyFile('C:\autoexec.bat','C:\Documents and Settings\SystemProtekter\autoexec_bat.b4ckup',true);
60.         CopyFile('C:\boot.ini','C:\Documents and Settings\SystemProtekter\boot_ini.b4ckup',true);
61.         CopyFile('C:\ntldr','C:\Documents and Settings\SystemProtekter\ntldr.b4ckup',true);
62.         CopyFile('C:\windows\system32\HAL.DLL','C:\Documents and Settings\SystemProtekter\hal_dll.b4ckup',true);
63.         CopyFile('C:\CONFIG.sys','C:\Documents and Settings\SystemProtekter\CONFIG_sys.b4ckup',true);
64.         CopyFile('C:\IO.sys','C:\Documents and Settings\SystemProtekter\IO_SYS.b4ckup',true);
65.         CopyFile('C:\NTDETECT.COM','C:\Documents and Settings\SystemProtekter\NTDETECT_COM.b4ckup',true);
66.         CopyFile('C:\MSDOS.SYS','C:\Documents and Settings\SystemProtekter\MSDOS_SYS.b4ckup',true);
67.  end;
68. //=================================
69. procedure copy_backup_files;   //*** backup file copying from backup starts from this line
70.  begin
71.         CopyFile('C:\Documents and Settings\SystemProtekter\AUTOEXEC_bat.b4ckup','C:\AUTOEXEC.bat',true);
72.         CopyFile('C:\Documents and Settings\SystemProtekter\boot_ini.b4ckup','C:\boot.ini',true);
73.         CopyFile('C:\Documents and Settings\SystemProtekter\ntldr.b4ckup','C:\ntldr',true);
74.         CopyFile('C:\Documents and Settings\SystemProtekter\hal_dll.b4ckup','C:\windows\system32\HAL.DLL',true);
75.         CopyFile('C:\Documents and Settings\SystemProtekter\CONFIG_sys.b4ckup','C:\CONFIG.sys',true);
76.         CopyFile('C:\Documents and Settings\SystemProtekter\IO_SYS.b4ckup','C:\IO.sys',true);
77.         CopyFile('C:\Documents and Settings\SystemProtekter\NTDETECT_COM.b4ckup','C:\NTDETECT.COM',true);
78.         CopyFile('C:\Documents and Settings\SystemProtekter\MSDOS_SYS.b4ckup','C:\MSDOS.SYS',true);
79.  end;
80. //=================================
81. {
82.   This doesn't work when everything is written in one piece, like first assigning and opening, then comparison.
83.   This has to be done separatly as it is now, wich is not practical because takes more space and size.
84.   When written in one chunk of code, it returns "Access denied" although all other procedures work file.
85.   ***There is something wrong with this that it doesn't delete and copy files and I have no clue what could be
86.   wrong. Gotta leave this for now.
87. }
88. {procedure filesize_comparison;           //*** comparison starts from this line
89.  begin
90.     begin
91.    //=====
92.     Assign(original_boot,'C:\boot.ini');
93.     Reset(original_boot);
94.     Assign(backup_boot,'C:\Documents and Settings\SystemProtekter\boot_ini.b4ckup');
95.     Reset(backup_boot);
96.      if  (FileSize(original_boot) = FileSize(backup_boot)) then
97.        begin
98.       TextColor(green);
99.       WriteLn('Original file size of ''boot.ini'' matches the backup');
100.       TextColor(white);
101.        end
102.      else
103.        begin
104.       TextColor(red);
105.       WriteLn('Original file size of ''boot.ini'' doesn''t match the backup.');
106.       WriteLn('Deleting original files and copying backup');
107.          Assign(erase_boot, 'C:\boot.ini');
108.         Erase(erase_boot);
109.          CopyFile('C:\Documents and Settings\SystemProtekter\boot_ini.b4ckup','C:\boot.ini',true);
110.       TextColor(green);
111.       WriteLn('System is protected');
112.       TextColor(white);
113.        end;
114.     Close(original_boot);
115.     Close(backup_boot);
116.    //=====
117.     Assign(original_ntldr, 'C:\ntldr');
118.     Reset (original_ntldr);
119.     Assign(backup_ntldr, 'C:\Documents and Settings\SystemProtekter\ntldr.b4ckup');
120.     Reset (backup_ntldr);
121.      if (FileSize(original_ntldr) = FileSize(backup_ntldr)) then
122.        begin
123.       TextColor(green);
124.       WriteLn('Original file size of ''ntldr'' matches the backup');
125.       TextColor(white);
126.        end
127.      else
128.        begin
129.       TextColor(red);
130.       WriteLn('Original file size of ''ntldr'' doesn''t match the backup.');
131.       WriteLn('Deleting original files and copying backup');
132.          Assign(erase_ntldr, 'C:\ntldr');
133.         Erase(erase_ntldr);
134.          CopyFile('C:\Documents and Settings\SystemProtekter\ntldr.b4ckup','C:\ntldr',true);
135.       TextColor(green);
136.       WriteLn('System is protected');
137.       TextColor(white);
138.        end;
139.     Close(original_ntldr);
140.     Close(backup_ntldr);
141.    //=====
142.     Assign(original_hal, 'C:\windows\system32\HAL.DLL');
143.     Reset (original_hal);
144.     Assign(backup_hal, 'C:\Documents and Settings\SystemProtekter\hal_dll.b4ckup');
145.     Reset (backup_hal);
146.      if (FileSize(original_hal) = FileSize(backup_hal)) then
147.        begin
148.       TextColor(green);
149.       WriteLn('Original file size of ''hall.dll'' matches the backup');
150.       TextColor(white);
151.        end
152.      else
153.        begin
154.       TextColor(red);
155.       WriteLn('Original file size of ''hal.dll'' doesn''t match the backup.');
156.       WriteLn('Deleting original files and copying backup');
157.          Assign(erase_hal, 'C:\windows\system32\HAL.DLL');
158.         Erase(erase_hal);
159.          CopyFile('C:\Documents and Settings\SystemProtekter\hal_dll.b4ckup','C:\windows\system32\HAL.DLL',true);
160.       TextColor(green);
161.       WriteLn('System is protected');
162.       TextColor(white);
163.        end;
164.     Close(original_hal);
165.     Close(backup_hal);
166.    //=====
167.     Assign(original_config, 'C:\CONFIG.sys');
168.     Reset (original_config);
169.     Assign(backup_config, 'C:\Documents and Settings\SystemProtekter\CONFIG_sys.b4ckup');
170.     Reset (backup_config);
171.      if (FileSize(original_config) = FileSize(backup_config)) then
172.        begin
173.       TextColor(green);
174.       WriteLn('Original file size of ''config.sys'' matches the backup');
175.       TextColor(white);
176.        end
177.      else
178.        begin
179.       TextColor(red);
180.       WriteLn('Original file size of ''config.sys'' doesn''t match the backup.');
181.       WriteLn('Deleting original files and copying backup');
182.          Assign(erase_config, 'C:\CONFIG.sys');
183.         Erase(erase_config);
184.          CopyFile('C:\Documents and Settings\SystemProtekter\CONFIG_sys.b4ckup','C:\CONFIG.sys',true);
185.       TextColor(green);
186.       WriteLn('System is protected');
187.       TextColor(white);
188.        end;
189.     Close(original_config);
190.     Close(backup_config);
191.    //=====
192.     Assign(original_io, 'C:\IO.sys');
193.     Reset (original_io);
194.     Assign(backup_io, 'C:\Documents and Settings\SystemProtekter\IO_SYS.b4ckup');
195.     Reset (backup_io);
196.      if (FileSize(original_io) = FileSize(backup_io)) then
197.        begin
198.       TextColor(green);
199.       WriteLn('Original file size of ''IO.sys'' matches the backup.');
200.       TextColor(white);
201.        end
202.      else
203.        begin
204.       TextColor(red);
205.       WriteLn('Original file size of ''IO.sys'' doesn''t match the backup.');
206.       WriteLn('Deleting original files and copying backup');
207.          Assign(erase_io, 'C:\IO.sys');
208.         Erase(erase_io);
209.          CopyFile('C:\Documents and Settings\SystemProtekter\IO_SYS.b4ckup','C:\IO.sys',true);
210.       TextColor(green);
211.       WriteLn('System is protected');
212.       TextColor(white);
213.        end;
214.     Close(original_io);
215.     Close(backup_io);
216.    //=====
217.     Assign(original_ntdetect, 'C:\NTDETECT.COM');
218.     Reset (original_ntdetect);
219.     Assign(backup_ntdetect, 'C:\Documents and Settings\SystemProtekter\NTDETECT_COM.b4ckup');
220.     Reset (backup_ntdetect);
221.      if (FileSize(original_ntdetect) = FileSize(backup_ntdetect)) then
222.        begin
223.       TextColor(green);
224.       WriteLn('Original file size of ''NTDETECT.com'' matches the backup.');
225.       TextColor(white);
226.        end
227.      else
228.        begin
229.       TextColor(red);
230.       WriteLn('Original file size of ''NTDETECT.com'' doesn''t match the backup.');
231.       WriteLn('Deleting original files and copying backup');
232.          Assign(erase_ntdetect, 'C:\NTDETECT.COM');
233.         Erase(erase_ntdetect);
234.          CopyFile('C:\Documents and Settings\SystemProtekter\NTDETECT_COM.b4ckup','C:\NTDETECT.COM',true);
235.       TextColor(green);
236.       WriteLn('System is protected');
237.       TextColor(white);
238.        end;
239.     Close(original_ntdetect);
240.     Close(backup_ntdetect);
241.    //=====
242.     Assign(original_msdos, 'C:\MSDOS.SYS');
243.     Reset (original_msdos);
244.     Assign(backup_msdos, 'C:\Documents and Settings\SystemProtekter\MSDOS_SYS.b4ckup');
245.     Reset (backup_msdos);
246.      if (FileSize(original_msdos) = FileSize(backup_msdos)) then
247.        begin
248.       TextColor(green);
249.       WriteLn('Original files size of ''MSDOS.sys'' matches the backup');
250.       TextColor(white);
251.        end
252.      else
253.        begin
254.       TextColor(red);
255.       WriteLn('Original files size of ''MSDOS.sys'' doesn''t match the backup.');
256.       WriteLn('Deleting original files and copying backup');
257.          Assign(erase_msdos, 'C:\MSDOS.SYS');
258.         Erase(erase_msdos);
259.          CopyFile('C:\Documents and Settings\SystemProtekter\MSDOS_SYS.b4ckup','C:\MSDOS.SYS',true);
260.       TextColor(green);
261.       WriteLn('System is protected');
262.       TextColor(white);
263.     end;
264.        end;
265.     Close(original_msdos);
266.     Close(backup_msdos);
267.    //=====
268.    end;
269.  end;   }
270. //=================================
271. function backup_file;                                //*** backup file operations start from this line
272.  begin
273.       if   FileExists('C:\Documents and Settings\SystemProtekter\AUTOEXEC_bat.b4ckup')
274.       and  FileExists('C:\Documents and Settings\SystemProtekter\boot_ini.b4ckup')
275.       and  FileExists('C:\Documents and Settings\SystemProtekter\ntldr.b4ckup')
276.       and  FileExists('C:\Documents and Settings\SystemProtekter\hal_dll.b4ckup')
277.       and  FileExists('C:\Documents and Settings\SystemProtekter\CONFIG_sys.b4ckup')
278.       and  FileExists('C:\Documents and Settings\SystemProtekter\IO_SYS.b4ckup')
279.       and  FileExists('C:\Documents and Settings\SystemProtekter\NTDETECT_COM.b4ckup')
280.       and  FileExists('C:\Documents and Settings\SystemProtekter\MSDOS_SYS.b4ckup') then
281.           begin
282.          TextColor(white);
283.          WriteLn;
284.          TextColor(green);
285.          WriteLn('Backup files exist. Sizes of backup files:');
286.      //======
287.         Assign(backup_boot,'C:\Documents and Settings\SystemProtekter\boot_ini.b4ckup');
288.         Reset(backup_boot);
289.         TextColor (lightgreen);
290.        Write ('[backup]\boot_ini.b4ckup...............: ',FileSize(backup_boot),' bytes. Mod: ');
291.          GetTimeStamp('C:\Documents and Settings\SystemProtekter\boot_ini.b4ckup');
292.         Close(backup_boot);
293.      //======
294.         Assign(backup_ntldr,'C:\Documents and Settings\SystemProtekter\ntldr.b4ckup');
295.         Reset(backup_ntldr);
296.        Write ('[backup]\ntldr.b4ckup..................: ',FileSize(backup_ntldr),' bytes. Mod: ');
297.          GetTimeStamp('C:\Documents and Settings\SystemProtekter\ntldr.b4ckup');
298.         Close(backup_ntldr);
299.      //======
300.         Assign(backup_hal,'C:\Documents and Settings\SystemProtekter\hal_dll.b4ckup');
301.         Reset(backup_hal);
302.        Write ('[backup]\hal_dll.b4ckup................: ',FileSize(backup_hal),' bytes. Mod: ');
303.          GetTimeStamp('C:\Documents and Settings\SystemProtekter\hal_dll.b4ckup');
304.         Close(backup_hal);
305.      //======
306.         Assign(backup_config,'C:\Documents and Settings\SystemProtekter\CONFIG_sys.b4ckup');
307.         Reset(backup_config);
308.        Write ('[backup]\CONFIG_sys.b4ckup.............: ',FileSize(backup_config),' bytes. Mod: ');
309.          GetTimeStamp('C:\Documents and Settings\SystemProtekter\CONFIG_sys.b4ckup');
310.         Close(backup_config);
311.      //======
312.         Assign(backup_io,'C:\Documents and Settings\SystemProtekter\IO_SYS.b4ckup');
313.         Reset(backup_io);
314.        Write ('[backup]\IO_SYS.b4ckup.................: ',FileSize(backup_io),' bytes. Mod:');
315.          GetTimeStamp('C:\Documents and Settings\SystemProtekter\IO_SYS.b4ckup');
316.         Close(backup_io);
317.      //======
318.         Assign(backup_ntdetect,'C:\Documents and Settings\SystemProtekter\NTDETECT_COM.b4ckup');
319.         Reset(backup_ntdetect);
320.        Write ('[backup]\NTDETECT_COM.b4ckup...........: ',FileSize(backup_ntdetect),' bytes. Mod: ');
321.          GetTimeStamp('C:\Documents and Settings\SystemProtekter\NTDETECT_COM.b4ckup');
322.         Close(backup_ntdetect);
323.      //======
324.         Assign(backup_msdos,'C:\Documents and Settings\SystemProtekter\MSDOS_SYS.b4ckup');
325.         Reset(backup_msdos);
326.        Write ('[backup]\MSDOS_SYS.b4ckup..............: ',FileSize(backup_msdos),' bytes. Mod:');
327.          GetTimeStamp('C:\Documents and Settings\SystemProtekter\MSDOS_SYS.b4ckup');
328.         Close(backup_msdos);
329.        TextColor(white);
330.      //======
331.          TextColor(white);
332.           end
333.         else
334.          begin
335.           TextColor(red);
336.           WriteLn('Files doesn''t exist. Copying from SYSTEM dir...');
337.           TextColor(white);
338.           copy_windows_files;
339.          end;
340.  end;
341. //=================================
342. procedure backup_folder;                    //*** backup folder operations start from this line
343.  begin
344.          MkDir('C:\Documents and Settings\SystemProtekter');
345.           if (IOResult <> 0) then     // if folder exists then IOResult returns 1 if it doesn't, IOResult returns 0
346.            begin
347.             TextColor(white);
348.             WriteLn('========================================================');
349.             TextColor(green);
350.             WriteLn ('Backup folder exists. Checking if backup files exist...');  // IOResult is returened as 1, so write that it does exist
351.             TextColor(white);
352.             backup_file;
353.            end
354.           else
355.            begin
356.             TextColor(white);
357.             WriteLn('========================================================');
358.             TextColor(red);
359.             WriteLn('Backup folder doesn''t exist. Creating and copying files...');
360.             TextColor(white);
361.             MkDir('C:\Documents and Settings\SystemProtekter');
362.             copy_windows_files;       // folder has just been created so obviously no files are in it. Go and copy them
363.            end;
364.  end;
365. //=================================
366. function file_windows;        //*** file checking in WINDOWS dir starts from this line
367.  begin
368.        if  FileExists('C:\AUTOEXEC.bat')
369.        and FileExists('C:\boot.ini')
370.        and FileExists('C:\ntldr')
371.        and FileExists('C:\windows\system32\HAL.DLL')
372.        and FileExists('C:\CONFIG.sys')
373.        and FileExists('C:\IO.sys')
374.        and FileExists('C:\NTDETECT.COM')
375.        and FileExists('C:\MSDOS.SYS') then
376.      begin
377.        TextColor (white);
378.        WriteLn('========================================================');
379.        TextColor (green);
380.        WriteLn ('Files exists in SYSTEM. Sizes of original files:');
381.        TextColor (white);
382.      //======
383.         Assign(original_boot,'C:\boot.ini');
384.         Reset(original_boot);
385.         TextColor (lightgreen);
386.        Write ('C:\boot.ini............................: ',FileSize(original_boot),' bytes. Mod: ');
387.          GetTimeStamp('C:\boot.ini');
388.         Close(original_boot);
389.      //======
390.         Assign(original_ntldr,'C:\ntldr');
391.         Reset(original_ntldr);
392.        Write ('C:\ntldr...............................: ',FileSize(original_ntldr),' bytes. Mod: ');
393.          GetTimeStamp('C:\ntldr');
394.         Close(original_ntldr);
395.      //======
396.         Assign(original_hal,'C:\windows\system32\HAL.DLL');
397.         Reset(original_hal);
398.        Write ('%windir%\system32\HAL.DLL..............: ',FileSize(original_hal),' bytes. Mod: ');
399.          GetTimeStamp('C:\windows\system32\HAL.DLL');
400.         Close(original_hal);
401.      //======
402.         Assign(original_config,'C:\CONFIG.sys');
403.         Reset(original_config);
404.        Write ('C:\CONFIG.sys..........................: ',FileSize(original_config),' bytes. Mod: ');
405.          GetTimeStamp('C:\CONFIG.sys');
406.         Close(original_config);
407.      //======
408.         Assign(original_io,'C:\IO.sys');
409.         Reset(original_io);
410.        Write ('C:\IO.sys..............................: ',FileSize(original_io),' bytes. Mod: ');
411.          GetTimeStamp('C:\IO.sys');
412.         Close(original_io);
413.      //======
414.         Assign(original_ntdetect,'C:\NTDETECT.com');
415.         Reset(original_ntdetect);
416.        Write ('C:\NTDETECT.com........................: ',FileSize(original_ntdetect),' bytes. Mod: ');
417.          GetTimeStamp('C:\NTDETECT.com');
418.         Close(original_ntdetect);
419.      //======
420.         Assign(original_msdos,'C:\MSDOS.sys');
421.         Reset(original_msdos);
422.        Write ('C:\MSDOS.sys...........................: ',FileSize(original_msdos),' bytes. Mod: ');
423.          GetTimeStamp('C:\MSDOS.sys');
424.         Close(original_msdos);
425.        TextColor(white);
426.      //======
427.       backup_folder;
428.       WriteLn('========================================================');
429.      end
430.   else
431.      begin
432.       TextColor(red);
433.       WriteLn('Files doesn''t exist in SYSTEM. Copying...');
434.       copy_backup_files;
435.      end;
436.  end;
437. //=================================
438.  
439. begin
440.  file_windows;
441.  Write ('Hit any key to exit...');
442. //=====
443.   GoToXY(40,23);        // Date-to-String and Time-to-String converts date and time to human language. "now" returns current time and date
444.   Write('Time and date: ',DateToStr(now),' // ',TimeToStr(now));
445. //=====
446.  readkey;
447. end.