private void sigfreeToolStripMenuItem_Click(object sender, EventArgs e)
{
Sigfree u = new Sigfree();
u.MdiParent = this;
u.Show();
}
private void btn_next_Click(object sender, EventArgs e)
{
LB_inst.Items.Clear();
LB_CTI.Items.Clear();
//-------------------------------------------get Illegal instr
// convert all_inst node array to Node List
List<Node> All_inst_L = new List<Node>();
All_inst_L.AddRange(Inj_instr);
Sigfree obj = new Sigfree(); //created obj to access sub in Sigfree class..
//for display all instr in LB_Instr
foreach (Node tmp_N in All_inst_L)
{
String tmp_inst = "";
tmp_inst = tmp_inst + " " + tmp_N.name;
if (tmp_N.operands != null)
{
foreach (String c in tmp_N.operands)
{
tmp_inst = tmp_inst + " " + c.ToString();
}
}
else
tmp_inst = tmp_inst + " NULL ";
//tmp_inst = tmp_inst+" " + tmp_N.type ;
tmp_inst = tmp_inst + " " + tmp_N.addr;
LB_inst.Items.Add(tmp_inst.ToString());//add each instruction
ShowInfectdURL(tmp_inst.ToString());
}
//-------------------------------------------get Illegal instr
// convert all_inst node array to Node List
Node[] CTI_inst_N;//all usless CTI instructions, distilled from bytes
CTI_inst_N = SecPhase.seperate(All_inst_L, ref Sigfree.Useless).ToArray();
//for display in LB_CTI
foreach (Node tmp_N in CTI_inst_N)
{
String tmp_inst = "";
tmp_inst = tmp_inst + " " + tmp_N.name;
if (tmp_N.operands != null)
{
foreach (String c in tmp_N.operands)
{
tmp_inst = tmp_inst + " " + c.ToString();
}
}
else
tmp_inst = tmp_inst + " NULL ";
//tmp_inst = tmp_inst+" " + tmp_N.type ;
tmp_inst = tmp_inst + " " + tmp_N.addr;
LB_CTI.Items.Add(tmp_inst.ToString());//add each instruction
}
//-----------------------------------fingding invalid MOV instr (reg assignment instruction)
Node[] Mov_inst_N;//all usless MOV ( reg assignment) instructions distilled from bytes
Mov_inst_N = obj.get_Mov_inst(All_inst_L).ToArray();
//for display in LB_CTI
foreach (Node tmp_N in Mov_inst_N)
{
String tmp_inst = "";
tmp_inst = tmp_inst + " " + tmp_N.name;
if (tmp_N.operands != null)
{
foreach (String c in tmp_N.operands)
{
tmp_inst = tmp_inst + " " + c.ToString();
}
}
else
tmp_inst = tmp_inst + " NULL ";
//tmp_inst = tmp_inst+" " + tmp_N.type ;
tmp_inst = tmp_inst + " " + tmp_N.addr;
LB_CTI.Items.Add(tmp_inst.ToString());//add each instruction
}
//-----------------------------------END-------of fingding invalid MOV instr (reg assignment instruction)
lab_ULess.Text = LB_CTI.Items.Count.ToString();
if (LB_CTI.Items.Count > 0)
{
pictureBox1.Visible = true;
MessageBox.Show("Request blocked\nRequest Contains Malicious Instructions", "Sigfree Alert", MessageBoxButtons.OK,MessageBoxIcon.Exclamation );
}
else
{
Process p = new Process();
try
{
p.StartInfo.FileName = "iexplore";
p.StartInfo.Arguments = textBox1.Text;
p.Start();
}
catch (Exception ex)
{
MessageBox.Show(ex.ToString());
}
}
TB_injectedURL.Text = textBox1.Text + inst_bytes.ToString ();
}
