C# (CSharp) BinaryTarget.ClearSignatureHits Beispiele

Beispiel #1

Datei: DetectItEasy.cs Projekt: xn0px90/rgat

        /// <summary>
        /// Begin a scan
        /// </summary>
        /// <param name="targ">Target to scan</param>
        /// <param name="reload">If rules should be reloaded</param>
        public void StartDetectItEasyScan(BinaryTarget targ, bool reload = false)
        {
            targ.ClearSignatureHits(CONSTANTS.eSignatureType.DIE);
            if (rgatState.ConnectedToRemote && rgatState.NetworkBridge.GUIMode)
            {
                JObject cmdparams = new JObject();
                cmdparams.Add("Type", "DIE");
                cmdparams.Add("TargetSHA1", targ.GetSHA1Hash());
                cmdparams.Add("Reload", reload);
                rgatState.NetworkBridge.SendCommand("StartSigScan", null, null, cmdparams);
                return;
            }

            if (reload)
            {
                string scriptsPath = GetScriptsPath(GlobalConfig.GetSettingPath(CONSTANTS.PathKey.DiESigsDirectory));
                dielib.ReloadScriptDatabase(scriptsPath, out string?error);
                if (error is not null)
                {
                    Logging.RecordError($"Error loading database: {error}");
                }
            }

            if (!dielib.DatabaseLoaded)
            {
                return;
            }

            if (!File.Exists(targ.FilePath))
            {
                return;
            }

            ulong handle = 0;

            lock (scansLock)
            {
                handle = dielib.CreateScanHandle();

                if (DIEScanHandles.ContainsKey(targ))
                {
                    DIEScanHandles[targ] = handle;
                }
                else
                {
                    DIEScanHandles.Add(targ, handle);
                }
            }

            List <object> args = new List <object>()
            {
                dielib, targ, handle
            };

            Thread DIEThread = new Thread(new ParameterizedThreadStart(DetectItScanThread));

            DIEThread.Name = "DetectItEasy_" + targ.FileName;
            DIEThread.Start(args);
        }

Beispiel #2

        /// <summary>
        /// Scan a target binary file
        /// </summary>
        /// <param name="targ">File path</param>
        /// <param name="reload">reload the signatures first</param>
        public void StartYARATargetScan(BinaryTarget targ, bool reload = false)
        {
            targ.ClearSignatureHits(CONSTANTS.eSignatureType.YARA);
            if (rgatState.ConnectedToRemote && rgatState.NetworkBridge.GUIMode)
            {
                JObject cmdparams = new JObject();
                cmdparams.Add("Type", "YARA");
                cmdparams.Add("Reload", reload);
                cmdparams.Add("TargetSHA1", targ.GetSHA1Hash());
                rgatState.NetworkBridge.SendCommand("StartSigScan", null, null, cmdparams);
                return;
            }
            try
            {
                if (reload)
                {
                    RefreshRules(GlobalConfig.GetSettingPath(CONSTANTS.PathKey.YaraRulesDirectory), forceRecompile: true);
                }

                if (!File.Exists(targ.FilePath))
                {
                    return;
                }

                List <object> args = new List <object>()
                {
                    targ
                };

                Thread YaraThread = new Thread(new ParameterizedThreadStart(YARATargetScanThread));
                YaraThread.Name = "YARA_F_" + targ.FileName;
                YaraThread.Start(args);
            }
            catch (Exception e)
            {
                Logging.RecordException($"Error starting YARA scan: {e.Message}", e);
            }
        }