From 3878b27e216b26f5fd8b035434d6aef3eaf7868a Mon Sep 17 00:00:00 2001
From: CyberGreg05 <62875146+CyberGreg05@users.noreply.github.com>
Date: Tue, 19 Mar 2024 00:50:54 +0300
Subject: [PATCH] Working with a mounted flash drive (#270)

* Working with a mounted flash drive

If a flash drive smaller than 80 GB is mounted, there will be a false positive.

* wiring of small devices

USB Devices rarely have a capacity of more than 80 GB. A false positive occurs.

* fix ;

* Revert "fix ;"

This reverts commit bf68dc275833bf8dc4e847fc2cdbeb6966708a91.

* fix deleted }
---
 al-khaser/AntiVM/Generic.cpp | 40 ++++++++++++++++++++++++++++++++----
 1 file changed, 36 insertions(+), 4 deletions(-)

diff --git a/al-khaser/AntiVM/Generic.cpp b/al-khaser/AntiVM/Generic.cpp
index 03c7702..8848908 100755
--- a/al-khaser/AntiVM/Generic.cpp
+++ b/al-khaser/AntiVM/Generic.cpp
@@ -512,6 +512,33 @@ BOOL number_cores_wmi()
 	return bFound;
 }
 
+/*
+Filter for removable disk, CD-ROM, network drive or RAM disk
+*/
+BOOL checkDriveType(IWbemClassObject* pclsObj)
+{
+	if (!pclsObj)
+		return FALSE;
+
+	BOOL res = FALSE;
+	VARIANT vtDriveType;
+	HRESULT hResDriveType;
+
+	hResDriveType = pclsObj->Get(_T("DriveType"), 0, &vtDriveType, NULL, 0);
+	if (SUCCEEDED(hResDriveType) && V_VT(&vtDriveType) != VT_NULL)
+	{
+		if (vtDriveType.uintVal == 2 // removable disk (USB)
+			|| vtDriveType.uintVal == 4 // network drive
+			|| vtDriveType.uintVal == 5 // CD-ROM
+			|| vtDriveType.uintVal == 6 // RAM disk
+			)
+		{
+			res = TRUE;
+		}
+		VariantClear(&vtDriveType);
+	}
+	return res;
+}
 
 /*
 Check hard disk size using WMI
@@ -545,7 +572,13 @@ BOOL disk_size_wmi()
 				hRes = pEnumerator->Next(WBEM_INFINITE, 1, &pclsObj, &uReturn);
 				if (0 == uReturn)
 					break;
-
+				
+				// Don`t check removable disk, network drive CD-ROM and RAM disk
+				if (checkDriveType(pclsObj)) {
+					pclsObj->Release();
+					continue;
+				}
+				
 				// Get the value of the Name property
 				hRes = pclsObj->Get(_T("Size"), 0, &vtProp, NULL, 0);
 				if (SUCCEEDED(hRes)) {
@@ -561,8 +594,7 @@ BOOL disk_size_wmi()
 							if (diskSizeBytes < minHardDiskSize) { // Less than 80GB
 								bFound = TRUE;
 							}
-						}
-
+						}	
 						// release the current result object
 						VariantClear(&vtProp);
 					}
@@ -2011,4 +2043,4 @@ BOOL number_SMBIOS_tables()
 		free(smbios);
 	}
 	return result;
-}
\ No newline at end of file
+}