static void Main()
{
try
{
if (!SingleInstance.Start())
{
SingleInstance.ShowFirstInstance();
return;
}
Application.EnableVisualStyles();
Application.SetCompatibleTextRenderingDefault(false);
KavprotManager.Initialize(KavprotInitialization.Full);
Application.Run(new MainForm());
if (SingleInstance.run)
{
SingleInstance.Stop();
}
}
catch (Exception ex)
{
AntiCrash.LogException(ex);
}
finally
{
}
}
public static void Stop()
{
try
{
if (SettingsManager.Firewall)
{
Firewall.Stop();
}
if (SettingsManager.NIDS)
{
NetworkMonitor.Stop();
}
if (SettingsManager.SystemMonitor)
{
FileSystemMonitor.Stop();
}
if (SettingsManager.WebAgent)
{
WebMonitor.Stop();
}
Protected = false;
AntivirusState.SetProtection(false);
}
catch (Exception ex)
{
AntiCrash.LogException(ex);
}
finally
{
}
}
public Disassembler(string AssemblyFile, SQLiteConnection SDBO)
{
try
{
_TD = new Collection <TypeDefinition>();
_MD = new Collection <MethodDefinition>();
if (AssemblyFile.Contains(Application.StartupPath))
{
assembly = null;
}
else
{
assembly = AssemblyFactory.GetAssembly(AssemblyFile);
}
SDB = SDBO;
}
catch (Exception ex)
{
AntiCrash.LogException(ex, 3);
}
finally
{
}
}
public static void Remove(string file)
{
try
{
if (FileFormat.GetFileFormat(file).Name == "PE-TYPE-SCANNER")
{
// kill processes
foreach (Process p in Process.GetProcessesByName(Path.GetFileNameWithoutExtension(file)))
{
p.Kill();
}
File.Delete(file);
}
else
{
File.Delete(file);
}
}
catch (Exception ex)
{
AntiCrash.LogException(ex);
}
finally
{
}
}
public static void Store(string filename, string infection)
{
try
{
if (filename.StartsWith(Environment.SystemDirectory))
{
var result = MessageBox.Show("Kavprot smart security will quarantine a file system. \r\n Do you want to remove this file completely and place it in Quarantine? + \n" + filename, "Kavprot Quarantine", MessageBoxButtons.YesNo, MessageBoxIcon.Warning);
if (result == DialogResult.Yes)
{
AVEngine.EventsManager.CallQuarantined();
File.WriteAllText(Application.StartupPath + @"\Quarantine\" + Path.GetFileName(filename) + ".KPQI", filename + "\r\n" + infection);
EncryptFile(filename, Application.StartupPath + @"\Quarantine\" + Path.GetFileName(filename) + ".KPQ", key);
File.Delete(filename);
}
}
else
{
AVEngine.EventsManager.CallQuarantined();
File.WriteAllText(Application.StartupPath + @"\Quarantine\" + Path.GetFileName(filename) + ".KPQI", filename + "\r\n" + infection);
EncryptFile(filename, Application.StartupPath + @"\Quarantine\" + Path.GetFileName(filename) + ".KPQ", key);
File.Delete(filename);
}
}
catch (Exception ex)
{
AntiCrash.LogException(ex);
}
finally
{
}
}
/// <summary>
/// Initialize VDB
/// </summary>
public static void Initialize()
{
try
{
WDB = new SQLiteConnection(BuildConString(Application.StartupPath + @"\VDB\WDB.avdb", SettingsManager.CacheSize, 3, SettingsManager.MaxPages, SettingsManager.PageSize, false, false));
PEDB = new SQLiteConnection(BuildConString(Application.StartupPath + @"\VDB\PEDB.avdb", SettingsManager.CacheSize, 3, SettingsManager.MaxPages, SettingsManager.PageSize, false, false));
HADB = new SQLiteConnection(BuildConString(Application.StartupPath + @"\VDB\HDB.avdb", SettingsManager.CacheSize, 3, SettingsManager.MaxPages, SettingsManager.PageSize, false, false));
SDB = new SQLiteConnection(BuildConString(Application.StartupPath + @"\VDB\SDB.avdb", SettingsManager.CacheSize, 3, SettingsManager.MaxPages, SettingsManager.PageSize, false, false));
PGDB = new SQLiteConnection(BuildConString(Application.StartupPath + @"\VDB\PROGRAM.avdb", SettingsManager.CacheSize, 3, SettingsManager.MaxPages, SettingsManager.PageSize, false, false));
Open();
SQLiteCommand cmd = new SQLiteCommand();
cmd.Connection = SDB;
cmd.CommandText = string.Format("SELECT version FROM VERSION WHERE [vd]='{0}'", 1);
object result = cmd.ExecuteScalar();
version = Convert.ToInt32(result);
VDB.VDBDefinitions();
}
catch (Exception ex)
{
Initialized = false;
AntiCrash.LogException(ex);
}
finally
{
}
}
private void addbtn_Click(object sender, EventArgs e)
{
try{
if (switchButton1.Value)
{
Firewall.Add("AllowAll", filetxt.Text);
LabelItem lb = new LabelItem();
lb.Text = filetxt.Text + "|AllowAll";
lb.Name = "lb" + itemPanel1.Items.Count.ToString();
itemPanel1.Items.Add(lb);
}
else
{
Firewall.Add("DenyAll", filetxt.Text);
LabelItem lb = new LabelItem();
lb.Text = filetxt.Text + "|DenyAll";
lb.Name = "lb" + itemPanel1.Items.Count.ToString();
itemPanel1.Items.Add(lb);
}
}
catch (Exception ex)
{
AntiCrash.LogException(ex);
}
finally
{
}
}
public void SLoad()
{
try{
itemPanel1.Items.Clear();
using (SQLiteCommand cmd = new SQLiteCommand(VDB.SDB))
{
cmd.CommandText = "SELECT * FROM TDI";
SQLiteDataReader dr = cmd.ExecuteReader();
while (dr.Read())
{
LabelItem lb = new LabelItem();
lb.Text = (string)dr["app"] + "|" + (string)dr["access"];
lb.Name = "lb" + itemPanel1.Items.Count.ToString();
itemPanel1.Items.Add(lb);
}
}
}
catch (Exception ex)
{
AntiCrash.LogException(ex);
}
finally
{
}
}
public static void Start()
{
try
{
// enable monitors
foreach (FileSystemWatcher watch in Monitors)
{
watch.EnableRaisingEvents = true;
}
// enable control filter
if (Process.GetProcessesByName("KavprotSD").Length == 0)
{
if (SettingsManager.SelfDefense)
{
Process.Start(Application.StartupPath + @"\KavprotSD.exe");
}
}
Runing = true;
}
catch (Exception ex)
{
AntiCrash.LogException(ex);
}
finally
{
}
}
public static void Stop()
{
try
{
// enable monitors
foreach (FileSystemWatcher watch in Monitors)
{
watch.EnableRaisingEvents = false;
}
foreach (Process p in Process.GetProcessesByName("KavprotSD"))
{
p.Kill();
}
Runing = false;
}
catch (Exception ex)
{
AntiCrash.LogException(ex);
}
finally
{
}
}
public static void Initialize()
{
try
{
if (!File.Exists(Application.StartupPath + @"\Conf\Config.avcnf"))
{
Default();
}
sprefs = new Dictionary <string, string>();
Regex reg = new Regex(@"=", RegexOptions.IgnoreCase | RegexOptions.Compiled);
using (StreamReader sr = new StreamReader(Application.StartupPath + @"\Conf\Config.avcnf"))
{
while (sr.Peek() >= 0)
{
string[] t = reg.Split(sr.ReadLine(), 2);
sprefs.Add(t[0], t[1]);
}
}
}
catch (Exception ex)
{
AntiCrash.LogException(ex);
}
}
public static void Initialize(ScanSense sense)
{
try
{
ScanSensitivity = sense;
EventsManager = new KAVE.BaseEngine.KavprotEvents();
AsyncInvoke inv = new AsyncInvoke(VirusReportService.Initialize);
inv.BeginInvoke(null, null);
// load scanners
AsyncInvoke sinv = new AsyncInvoke(Init);
sinv.BeginInvoke(null, null);
if (SettingsManager.TurboMode)
{
AsyncInvoke ssinv = new AsyncInvoke(VDB.Initialize);
ssinv.BeginInvoke(null, null);
}
else
{
VDB.Initialize();
}
}
catch (Exception ex)
{
AntiCrash.LogException(ex);
}
}
public static void Initialize(bool high)
{
try
{
if (!Initialized)
{
Monitors = new List <FileSystemWatcher>();
if (high)
{
foreach (string drive in Environment.GetLogicalDrives())
{
FileSystemWatcher watcher = new FileSystemWatcher();
watcher.Path = drive;
/* Watch for changes in LastAccess and LastWrite times, and
* the renaming of files or directories. */
watcher.NotifyFilter = NotifyFilters.LastWrite;
watcher.IncludeSubdirectories = true;
// Only watch text files.
watcher.Filter = "*.*";
// Add event handlers.
watcher.Created += new FileSystemEventHandler(OnChanged);
watcher.Changed += new FileSystemEventHandler(OnChanged);
// Begin watching.
watcher.EnableRaisingEvents = true;
Monitors.Add(watcher);
}
}
else
{
FileSystemWatcher watcher = new FileSystemWatcher();
watcher.Path = "C:\\";
/* Watch for changes in LastAccess and LastWrite times, and
* the renaming of files or directories. */
watcher.NotifyFilter = NotifyFilters.LastWrite | NotifyFilters.LastAccess;
watcher.IncludeSubdirectories = true;
// Only watch text files.
watcher.Filter = "*.*";
// Add event handlers.
watcher.Created += new FileSystemEventHandler(OnChanged);
watcher.Changed += new FileSystemEventHandler(OnChanged);
// Begin watching.
watcher.EnableRaisingEvents = true;
Monitors.Add(watcher);
}
Initialized = true;
Runing = true;
}
}
catch (Exception ex)
{
AntiCrash.LogException(ex);
}
}
static string CheckVRPS(string filename)
{
string result = "safe";
try
{
if (SettingsManager.VRPS)
{
if (FileFormat.GetVRPS(Path.GetExtension(filename)) != "false")
{
// only VT
if (FileFormat.GetVRPS(Path.GetExtension(filename)) == "1")
{
string vn = null;
bool ssresult = VT.Check(Security.GetMD5HashFromFile(filename), out vn);
if (ssresult)
{
Alert.InfectedByMany(vn, filename);
result = vn;
}
}
else if (FileFormat.GetVRPS(Path.GetExtension(filename)) == "2")
{
string vn = null;
bool ssresult = VT.Check(Security.GetMD5HashFromFile(filename), out vn);
if (ssresult)
{
Alert.InfectedByMany(vn, filename);
result = vn;
}
else
{
string infec = null;
bool sysresult = ThreadExpert.Check(Security.GetMD5HashFromFile(filename), out infec);
if (sysresult)
{
if (Regex.Match(infec, @"[A-Z]", RegexOptions.IgnoreCase).Success)
{
result = infec;
Alert.InfectedByMany(infec, filename);
}
}
}
}
}
}
}
catch (Exception ex)
{
AntiCrash.LogException(ex);
}
finally
{
}
return(result);
}
public static void UpdateProgram(ProgressBarX progress, Label lb)
{
try
{
GUI.UpdateLabel(lb, "Initialzing...");
GUI.UpdateProgress(progress, 5, 100);
string updateserver = "http://arsslensoft.tk/update/";
string vdbinfo = "PROG.version";
// Initializing
WebClient wbc = new WebClient();
wbc.Headers[HttpRequestHeader.AcceptEncoding] = "gzip";
wbc.Headers[HttpRequestHeader.Accept] = "text/plain";
wbc.Headers[HttpRequestHeader.Cookie] = "$Version=1; Skin=new;";
wbc.Headers[HttpRequestHeader.AcceptCharset] = "utf-8";
Thread.Sleep(1000);
// search for update from server
GUI.UpdateLabel(lb, "Downloading PROGRAM update file...");
GUI.UpdateProgress(progress, 10, 100);
string vdbucontent = wbc.DownloadString(updateserver + vdbinfo);
int versf = Int32.Parse(Assembly.GetExecutingAssembly().GetName().Version.ToString().Replace(".", ""));
if (Convert.ToInt32(vdbucontent) > versf)
{
GUI.UpdateLabel(lb, "Downloading Updates " + vdbucontent + ".pgup");
GUI.UpdateProgress(progress, 50, 100);
WebClient wb = new WebClient();
wb.DownloadFileCompleted += new System.ComponentModel.AsyncCompletedEventHandler(wb_DownloadFileCompleted);
wb.DownloadFileAsync(new Uri(updateserver + "PROG/WIN32_KPAV_" + vdbucontent + ".pgup"), AVEngine.TempDir + @"PGUP\KPAVNEW.zip");
remv = versf.ToString();
remcv = vdbucontent;
}
else
{
GUI.UpdateLabel(lb, "Kavprot smart security is up to date");
GUI.UpdateProgress(progress, 0, 100);
}
}
catch (Exception ex)
{
GUI.UpdateProgress(progress, 0, 100);
GUI.UpdateLabel(lb, " ");
if (ex.TargetSite.ReflectedType.ToString() != "System.Net.WebClient")
{
AntiCrash.LogException(ex);
}
}
finally
{
}
}
private void addbtn_Click(object sender, EventArgs e)
{
try{
if (Directory.Exists(filetxt.Text))
{
uint x = 0;
if (readcheck.Checked)
{
x |= (uint)(0x00000020 | 0x00000200);
}
if (delcheck.Checked)
{
x |= (uint)(0x00000100 | 0x00004000);
}
if (wrcheck.Checked)
{
x |= (uint)(0x00000400 | 0x00000040 | 0x00000080);
}
if (rencheck.Checked)
{
x |= (uint)(0x00002000);
}
if (qscheck.Checked)
{
x |= (uint)(0x00020000 | 0x00010000 | 0x00001000 | 0x00008000 | 0x00000800 | 0x00000010);
}
if (accheck.Checked)
{
x |= (uint)(0x00040000);
}
using (StreamWriter str = new StreamWriter(Application.StartupPath + @"\Conf\FSR.klist", true))
str.WriteLine(x.ToString() + "=" + filetxt.Text);
LabelItem lb = new LabelItem();
lb.Text = filetxt.Text + "|" + x.ToString();
lb.Name = filetxt.Text;
itemPanel1.Items.Add(lb);
}
}
catch (Exception ex)
{
AntiCrash.LogException(ex);
}
}
void wprot_WSLChanged(object sender, EventArgs e)
{
try
{
scannedwebsites++;
Forms.frm.swlb.Text = "SW : " + scannedwebsites;
}
catch (Exception ex)
{
AntiCrash.LogException(ex);
}
}
void pfrm_PSLChanged(object sender, EventArgs e)
{
try
{
scannedfiles++;
Forms.frm.sflb.Text = "SF : " + scannedfiles;
}
catch (Exception ex)
{
AntiCrash.LogException(ex);
}
}
static void Firewall_AccessDenied(string username, string app, string protocol, string source, string destination, string direction)
{
try
{
if (!Firewall.Apps.Contains(app))
{
if (!SettingsManager.Silence)
{
Firewall.Apps.Add(app);
KavprotVoice.SpeakAsync("Would you like to allow this network access");
DevComponents.DotNetBar.TaskDialogInfo inf = new DevComponents.DotNetBar.TaskDialogInfo();
inf.DialogButtons = DevComponents.DotNetBar.eTaskDialogButton.Yes | DevComponents.DotNetBar.eTaskDialogButton.No;
inf.Title = "Firewall Rule";
inf.Text = "An application is trying to connect to a remote host (" + destination + ") via " + protocol + " protocol. \n " + Path.GetFileName(app) + "\n do you want to authorize this connection?";
inf.TaskDialogIcon = DevComponents.DotNetBar.eTaskDialogIcon.Exclamation;
inf.Header = "Application Connection";
inf.FooterText = "Kavprot smart security";
inf.DialogColor = DevComponents.DotNetBar.eTaskDialogBackgroundColor.Silver;
DevComponents.DotNetBar.eTaskDialogResult dl = DevComponents.DotNetBar.TaskDialog.Show(inf);
if (dl == DevComponents.DotNetBar.eTaskDialogResult.Yes)
{
Firewall.Add("AllowAll", app);
}
else
{
Firewall.Add("DenyAll", app);
}
}
else
{
Firewall.Apps.Add(app);
if (!Scanner.CheckReputation(app))
{
Firewall.Add("AllowAll", app);
}
else
{
Firewall.Add("DenyAll", app);
}
}
}
}
catch (Exception ex)
{
AntiCrash.LogException(ex);
}
finally
{
}
}
void UpdateProg()
{
try{
UpdateManager.UpdateProgram(progressBarX2, label1);
}
catch (Exception ex)
{
AntiCrash.LogException(ex);
}
finally
{
}
}
private void buttonX1_Click(object sender, EventArgs e)
{
try
{
WebMonitor.CleanWINETCache(filescheck.Checked, cookiescheck.Checked);
}
catch (Exception ex)
{
AntiCrash.LogException(ex);
}
finally
{
}
}
public static void Init()
{
try
{
SEA.InitializeKey(2048, SettingsManager.SEAKey, 32);
}
catch (Exception ex)
{
AntiCrash.LogException(ex);
}
finally
{
}
}
private void buttonX2_Click(object sender, EventArgs e)
{
try
{
File.WriteAllLines(Application.StartupPath + @"\Conf\WEBSD.dic", textBox1.Lines);
}
catch (Exception ex)
{
AntiCrash.LogException(ex);
}
finally
{
}
}
void MakeRescue()
{
try{
SystemRescue.MakeRescue(folder, file, progressBarX1);
}
catch (Exception ex)
{
AntiCrash.LogException(ex);
MessageBox.Show("BACKUP ERROR", "SYS RESCUE");
}
finally
{
}
}
void UpdateVDB()
{
try
{
UpdateManager.UpdateVDB(progressBarX1, labelX1);
}
catch (Exception ex)
{
AntiCrash.LogException(ex);
}
finally
{
}
}
public static void Activate(string Qfile)
{
try
{
DecryptFile(Application.StartupPath + @"\Quarantine\" + Qfile, File.ReadAllLines(Application.StartupPath + @"\Quarantine\" + Qfile + "I")[0], key);
}
catch (Exception ex)
{
AntiCrash.LogException(ex);
}
finally
{
}
}
private void buttonX2_Click(object sender, EventArgs e)
{
try
{
progworker.RunWorkerAsync();
}
catch (Exception ex)
{
AntiCrash.LogException(ex);
}
finally
{
}
}
void StartCloud()
{
try
{
CloudProt.Protect();
}
catch (Exception ex)
{
AntiCrash.LogException(ex);
}
finally
{
}
}
/// <summary>
/// Shutdown the Kavprot Web Protection
/// </summary>
public static void Shutdown()
{
try
{
KProxyApplication.Shutdown();
}
catch (Exception ex)
{
AntiCrash.LogException(ex);
}
finally
{
}
}
private void buttonX2_Click(object sender, EventArgs e)
{
try
{
textBoxX6.Text = Encrypt(textBoxX4.Text, textBoxX5.Text);
}
catch (Exception ex)
{
AntiCrash.LogException(ex);
}
finally
{
}
}
