Example #1
0
            public void run()
            {
                StreamWriter malicious_list_sw = new StreamWriter(new FileStream(MALICOUS_LIST_FILE_PATH, FileMode.Append));

                try {
                    try {
                        Process process = message_server.startProcessAndInject(_program_start_description);

                        string       report_file_path = _report_directory + generateFileName(process);
                        StreamWriter sw = new StreamWriter(new FileStream(report_file_path, FileMode.CreateNew));
                        try {
                            Console.WriteLine("Waiting for process to end...");
                            bool result = message_server.waitForProcessToEnd(process, _program_start_description.max_running_time);
                            Console.WriteLine("Writting report to file: " + report_file_path);
                            #region Write  a report to file
                            message_server.waitForTheEndOfProcessing();
                            sw.WriteLine(_program_start_description);
                            Place.writeStatistics(Place.PrintLevel.Medium, sw);

                            //Check if executable exposed any detectable malicious functionality
                            // and write path to it into report file.
                            IEnumerable <Place> detection_places = Place.getDetectionPlaces();
                            foreach (Place place in detection_places)
                            {
                                if (!place.isVirgin())
                                {
                                    Console.WriteLine("We have detected malicious activity " + place + " for this program");
                                    malicious_list_sw.WriteLine(_program_start_description.image_path);
                                    ProgramResponseDescription response = new ProgramResponseDescription(_program_start_description);
                                    response.desciption = "Detected " + place + " functionality";
                                    _response_queue.Enqueue(response);
                                    break;
                                }
                            }
                            malicious_list_sw.Flush();
                            sw.WriteLine(result ? "Exited" : "Killed");
                            sw.Flush();
                        } catch (Exception e) {
                            Console.WriteLine("APIMonMain.runExperiment Error while processing");
                            Console.WriteLine(e);
                        } finally {
                            sw.Close();
                        }
                        #endregion
                        //cleaning up
                        Place.clearAllPlaces();
                        System.GC.Collect();
                    } catch (Exception ExtInfo) {
                        Console.WriteLine("There was an error while running target: " + _program_start_description.image_path + "\r\n{0}", ExtInfo.ToString());
                        //throw ExtInfo;
                    }
                } finally {
                    malicious_list_sw.Close();
                }
            }
Example #2
0
 public ProgramResponseDescription[] getLaunchResults()
 {
     ProgramResponseDescription[] result = new ProgramResponseDescription[0];
     try {
         result         = remote_control.getLaunchResults();
         server_present = true;
     } catch (RemotingException) {
         server_present = false;
     }
     return(result);
 }
Example #3
0
        /// <summary>
        /// Tries to create a block of responses
        /// </summary>
        /// <returns>Queue of responses. Queue might be empty</returns>
        private Queue <ProgramResponseDescription> getBlockToSend()
        {
            //check how many tu-s we have
            int queue_count = response_queue.Count;
            Queue <ProgramResponseDescription> response_block = new Queue <ProgramResponseDescription>(queue_count + 1);

            for (int i = 0; i < queue_count; i++)
            {
                //we don't expect it to block here since it is guaranteed that we have enough tu-s
                ProgramResponseDescription response = (ProgramResponseDescription)response_queue.Dequeue();
                //Console.WriteLine("Response prepared ID=" + response.id + "\n" + response);
                response_block.Enqueue(response);
            }
            return(response_block);
        }