Beispiel #1
0
        /// <summary>
        /// Return if are WER file
        /// </summary>
        /// <param name="socket">Socket</param>
        /// <param name="zipCrashData">Crash data</param>
        /// <param name="isAlive">IsAlive</param>
        public override bool IsCrashed(TuringSocket socket, out byte[] zipCrashData, out EExploitableResult exploitResult, ITuringMachineAgent.delItsAlive isAlive, TuringAgentArgs e)
        {
            zipCrashData = null;

            if (_Process == null)
            {
                exploitResult = EExploitableResult.NOT_DUMP_FOUND;
                return(false);
            }

            // Wait for exit
            bool isBreak = false;

            if (_Process != null)
            {
                TimeSpan miniwait = TimeSpan.FromMilliseconds(100);
                foreach (iProcess p in _Process)
                {
                    try
                    {
                        TimeSpan ts = TimeSpan.FromMilliseconds(p.StartInfo.ExitTimeout.TotalMilliseconds);
                        while (ts.TotalMilliseconds > 0 &&
                               (isAlive == null || isAlive.Invoke(socket, e)) && !p.HasExited)
                        {
                            p.WaitForExit((int)miniwait.TotalMilliseconds);
                            ts = ts.Subtract(miniwait);
                        }
                    }
                    catch { }

                    // Check store location for changes
                    if (!isBreak && p.ItsChangedStoreLocation())
                    {
                        isBreak = true;
                    }
                }
            }

            // Courtesy wait
            Thread.Sleep(500);

            // Search logs
            List <ILogFile> fileAppend = new List <ILogFile>();

            if (_FileNames != null)
            {
                foreach (string f in _FileNames)
                {
                    LogFile l = new LogFile(f);

                    if (l.TryLoadFile(TimeSpan.FromSeconds(isBreak ? 5 : 2)))
                    {
                        fileAppend.Add(l);
                    }
                }
            }

            // If its alive kill them
            if (_Process != null)
            {
                foreach (iProcess p in _Process)
                {
                    try { p.KillProcess(); } catch { }
                }
            }

            // Check exploitability
            exploitResult = EExploitableResult.NOT_DUMP_FOUND;
            for (int x = 0, m = fileAppend.Count; x < m; x++)
            {
                LogFile dump = (LogFile)fileAppend[x];

                if (dump.FileName.ToLowerInvariant().EndsWith(".dmp"))
                {
                    string log;
                    exploitResult = WinDbgHelper.CheckMemoryDump(dump.Path, out log);
                    if (!string.IsNullOrEmpty(log))
                    {
                        fileAppend.Add(new MemoryLogFile("exploitable.log", Encoding.UTF8.GetBytes(log)));
                    }
                }
            }

            // Compress to zip
            byte[] zip = null;
            if (ZipHelper.AppendOrCreateZip(ref zip, fileAppend.Select(u => u.GetZipEntry())) > 0 && zip != null && zip.Length > 0)
            {
                zipCrashData = zip;
            }

            return(zipCrashData != null && zipCrashData.Length > 0);
        }
Beispiel #2
0
 /// <summary>
 /// Return crashed data
 /// </summary>
 /// <param name="socket">Socket</param>
 /// <param name="zipCrashData">Crash data</param>
 /// <param name="exploitResult">Explotation result</param>
 /// <param name="isAlive">Its alive</param>
 /// <param name="e">Arguments</param>
 public virtual bool IsCrashed(TuringSocket socket, out byte[] zipCrashData, out EExploitableResult exploitResult, ITuringMachineAgent.delItsAlive isAlive, TuringAgentArgs e)
 {
     throw new NotImplementedException();
 }