Working with a mounted flash drive (#270)

* Working with a mounted flash drive

If a flash drive smaller than 80 GB is mounted, there will be a false positive.

* wiring of small devices

USB Devices rarely have a capacity of more than 80 GB. A false positive occurs.

* fix ;

* Revert "fix ;"

This reverts commit bf68dc2.

* fix deleted }

al-khaser/AntiVM/Generic.cpp

@@ -512,6 +512,33 @@ BOOL number_cores_wmi()
 	return bFound;
 }
 
+/*
+Filter for removable disk, CD-ROM, network drive or RAM disk
+*/
+BOOL checkDriveType(IWbemClassObject* pclsObj)
+{
+	if (!pclsObj)
+		return FALSE;
+
+	BOOL res = FALSE;
+	VARIANT vtDriveType;
+	HRESULT hResDriveType;
+
+	hResDriveType = pclsObj->Get(_T("DriveType"), 0, &vtDriveType, NULL, 0);
+	if (SUCCEEDED(hResDriveType) && V_VT(&vtDriveType) != VT_NULL)
+	{
+		if (vtDriveType.uintVal == 2 // removable disk (USB)
+			|| vtDriveType.uintVal == 4 // network drive
+			|| vtDriveType.uintVal == 5 // CD-ROM
+			|| vtDriveType.uintVal == 6 // RAM disk
+			)
+		{
+			res = TRUE;
+		}
+		VariantClear(&vtDriveType);
+	}
+	return res;
+}
 
 /*
 Check hard disk size using WMI
@@ -545,7 +572,13 @@ BOOL disk_size_wmi()
 				hRes = pEnumerator->Next(WBEM_INFINITE, 1, &pclsObj, &uReturn);
 				if (0 == uReturn)
 					break;
-
+
+				// Don`t check removable disk, network drive CD-ROM and RAM disk
+				if (checkDriveType(pclsObj)) {
+					pclsObj->Release();
+					continue;
+				}
+
 				// Get the value of the Name property
 				hRes = pclsObj->Get(_T("Size"), 0, &vtProp, NULL, 0);
 				if (SUCCEEDED(hRes)) {
@@ -561,8 +594,7 @@ BOOL disk_size_wmi()
 							if (diskSizeBytes < minHardDiskSize) { // Less than 80GB
 								bFound = TRUE;
 							}
-						}
-
+						}	
 						// release the current result object
 						VariantClear(&vtProp);
 					}
@@ -2011,4 +2043,4 @@ BOOL number_SMBIOS_tables()
 		free(smbios);
 	}
 	return result;
-}
+}