Doesn't seem to work...
QuoteAssocIsDangerous Function
--------------------------------------------------------------------------------
Determines whether a file type is considered a potential security risk.
Syntax
BOOL AssocIsDangerous( LPCWSTR pszAssoc
);
Parameters
pszAssoc
[in] Pointer to a string that contains the type of file in question. This may be either an extension such as ".exe" or a progid such as "exefile".
Return Value
Returns TRUE if the file type is considered dangerous, FALSE otherwise.
Remarks
Files that are determined to be potentially dangerous, such as .exe files, should be handled with more care than other files. For instance, Microsoft Internet Explorer version 6.01 or later uses AssocIsDangerous to determine whether it should issue stronger warning language in its download dialog box. ShellExecuteEx uses AssocIsDangerous to trigger zone checking using the methods of the IInternetSecurityManager Interface interface in conjuction with the URLACTION_SHELL_SHELLEXECUTE flag.
The determination of a file's potential risk is made by checking its type against several sources, including a list of known dangerous types and the presence of the FTA_AlwaysUnsafe flag in the registry. On systems running Microsoft Windows XP Service Pack 1 (SP1) or later or Windows Server 2003, it also uses the SaferiIsExecutableFileType function to determine whether a file type is executable.
Applications that can take advantage of AssocIsDangerous include e-mail programs, browsers, chat clients capable of downloading files, and any application that moves files or data from one zone of trust to another.
Ok so to test it to see if I could use it in program and how well it works I created to test vars in the data section:
GoodExt BYTE '.txt',0
BadExt BYTE '.exe',0
push offset GoodExt
call AssocIsDangerous
PrintDec eax
push offset BadExt
call AssocIsDangerous
PrintDec eax I would assume that an exe file would be dangerous... even tried it with every extension in my registry and they all return false!
Am I missing something?
well - kinda obvious it doesn't work too well - lol
IE is not the most secure browser around - always susceptible to viruses, etc
but, i don't think you are hitting it with enough stuff to make it do anything
read the notes carefully - it merely says exe files should be handled more carefully
not that all exe files will raise a flag
i would think you need to give it a file to work on - not just an extension
eh tried a valid exe file and nothing... Yeah, ms probably forgot to finish this function :toothy
after reading further, it appears you do have the right info
i have never tried to use anything from the shlwapi.lib/dll
i assume you got those listed in the include's
it does say XP sp1 or better is required...
perhaps your internet zone settings are affecting the return values
or - the current zone setting is considered safe
AssocIsDangerous haha funny function, they better make GetUserStupidity function
which would return a value between 0.0 and 1.0
some heuristics like:
- user has tons of files in root C:\
- user has tons of files in \Desktop folder
- user has only one partition
- user has millions of apps on startup
hey... i might write that one... ::)
Quotewhich would return a value between 0.0 and 1.0
don't forget good ole' -1 - user is a complete moron and meets all of the above - lol
we could combine the two functions - UserIsDangerous - lol
LOL :bdg
yeah UserIsDangerous sounds more professional :)
It does work but you need to use unicode strings (LPCWSTR).
Quote from: sinsi on November 29, 2009, 09:16:11 PM
It does work but you need to use unicode strings (LPCWSTR).
Ya know, I totally missed that! Thanks.