static ProgramStartList malwareStartList(int max_running_time)
{
ProgramStartList descr_list;
#region Program start description for windows programs cmd msimn etc
descr_list = new ProgramStartList();
descr_list.last().image_dir = "Z:\\Malware\\Launch\\Virus.Win32.Parite.a";
descr_list.last().image_filename = "Virus.Win32.Parite.a_spooIsv.exe";
descr_list.last().max_running_time = max_running_time;
descr_list += ProgramStartDescription.findExecutablesRecursive("z:\\Malware\\Launch");
//descr_list.last().command_line = "";
//descr_list += new ProgramStartDescription();
//descr_list.last().image_dir = "C:\\Malware\\Virus.Win32.Virut.av";
//descr_list.last().image_filename = "explorer.exe";
//descr_list.last().command_line = "";
//descr_list.last().image_dir = "C:\\Malware\\Worm.Win32.AutoRun.afdh";
//descr_list.last().image_filename = "sEtuP.exe";
//descr_list.last().command_line = "";
//descr_list.last().max_running_time = max_running_time;
//descr_list += new ProgramStartDescription();
//descr_list.last().image_dir = "C:\\Program Files\\Internet Explorer";
//descr_list.last().image_filename = "iexplore.exe";
//descr_list.last().command_line = " http://bbc.com";
//descr_list.last().max_running_time = max_running_time;
#endregion
return(descr_list);
}
private void runExperiment(ProgramStartList descr_list)
{
string report_directory = createReportDirectory();
StreamWriter malicious_list_sw = new StreamWriter(new FileStream(MALICOUS_LIST_FILE_PATH, FileMode.Append));
try {
foreach (ProgramStartDescription program_start_decr in descr_list)
{
try {
Process process = message_server.startProcessAndInject(program_start_decr);
string report_file_path = report_directory + generateFileName(process);
StreamWriter sw = new StreamWriter(new FileStream(report_file_path, FileMode.CreateNew));
try {
Console.WriteLine("Waiting for process to end...");
bool result = message_server.waitForProcessToEnd(process, program_start_decr.max_running_time);
Console.WriteLine("Writting report to file: " + report_file_path);
#region Write a report to file
message_server.waitForTheEndOfProcessing();
sw.WriteLine(program_start_decr);
Place.writeStatistics(Place.PrintLevel.Medium, sw);
//Check if executable exposed any detectable malicious functionality
// and write path to it into report file.
IEnumerable <Place> detection_places = Place.getDetectionPlaces();
foreach (Place place in detection_places)
{
if (!place.isVirgin())
{
Console.WriteLine("We have detected something for the program launched");
malicious_list_sw.WriteLine(program_start_decr.image_path);
break;
}
}
malicious_list_sw.Flush();
sw.WriteLine(result ? "Exited" : "Killed");
sw.Flush();
} catch (Exception e) {
Console.WriteLine("APIMonMain.runExperiment Error while processing");
Console.WriteLine(e);
} finally {
sw.Close();
}
#endregion
//cleaning up
Place.clearAllPlaces();
System.GC.Collect();
} catch (Exception ExtInfo) {
Console.WriteLine("There was an error while running target: " + program_start_decr.image_path + "\r\n{0}", ExtInfo.ToString());
//throw ExtInfo;
}
}
} finally {
malicious_list_sw.Close();
}
}
/// <summary>
/// This method of launch starts processes automatically according to the ProgramStartList provided
/// </summary>
private void MainAutoStartPorcesses(ProgramStartList start_list)
{
Thread thread = startUIThread();
runExperiment(start_list);
Console.WriteLine("\nPress q to finish.");
thread.Join();
message_server.closeEnvironment();
Environment.Exit(0);
}
static ProgramStartList windowsProgramStartList(int max_running_time)
{
ProgramStartList descr_list = new ProgramStartList();
#region Program start description for windows programs cmd msimn etc
descr_list.last().image_dir = "C:\\Windows\\system32";
descr_list.last().image_filename = "cmd.exe";
descr_list.last().command_line = " /c dir";
descr_list.last().max_running_time = max_running_time;
descr_list += " /c dir c:\\Windows\\system32";
descr_list += " /c dir c:\\Windows";
descr_list += new ProgramStartDescription();
descr_list.last().image_dir = "C:\\Program Files\\Outlook Express";
descr_list.last().image_filename = "msimn.exe";
descr_list.last().command_line = "";
descr_list.last().max_running_time = max_running_time;
descr_list += new ProgramStartDescription();
descr_list.last().image_dir = "C:\\Program Files\\Internet Explorer";
descr_list.last().image_filename = "iexplore.exe";
descr_list.last().command_line = " http://bbc.com";
descr_list.last().max_running_time = max_running_time;
descr_list += new ProgramStartDescription();
descr_list.last().image_dir = "C:\\Program Files\\Opera";
descr_list.last().image_filename = "opera.exe";
descr_list.last().command_line = " http://bbc.com";
descr_list.last().max_running_time = max_running_time;
descr_list += new ProgramStartDescription();
descr_list.last().image_dir = "C:\\Program Files\\Far";
descr_list.last().image_filename = "far.exe";
descr_list.last().command_line = " ";
descr_list.last().max_running_time = max_running_time;
descr_list += new ProgramStartDescription();
descr_list.last().image_dir = "C:\\Program Files\\Messenger";
descr_list.last().image_filename = "msmsgs.exe";
descr_list.last().command_line = " ";
descr_list.last().max_running_time = max_running_time;
descr_list += new ProgramStartDescription();
descr_list.last().image_dir = "C:\\Program Files\\Movie Maker";
descr_list.last().image_filename = "moviemk.exe";
descr_list.last().command_line = " ";
descr_list.last().max_running_time = max_running_time;
descr_list += new ProgramStartDescription();
descr_list.last().image_dir = "C:\\Program Files\\MSN\\MSNCoreFiles";
descr_list.last().image_filename = "msn6.exe";
descr_list.last().command_line = " ";
descr_list.last().max_running_time = max_running_time;
descr_list += new ProgramStartDescription();
descr_list.last().image_dir = "C:\\Program Files\\Windows Media Player";
descr_list.last().image_filename = "wmplayer.exe";
descr_list.last().command_line = " ";
descr_list.last().max_running_time = max_running_time;
descr_list += new ProgramStartDescription();
descr_list.last().image_dir = "C:\\Program Files\\WinRar";
descr_list.last().image_filename = "WinRar.exe";
descr_list.last().command_line = " ";
descr_list.last().max_running_time = max_running_time;
descr_list += new ProgramStartDescription();
descr_list.last().image_dir = "C:\\Windows";
descr_list.last().image_filename = "explorer.exe";
descr_list.last().command_line = " ";
descr_list.last().max_running_time = max_running_time;
descr_list += descr_list.last().getExecutables();
descr_list += new ProgramStartDescription();
descr_list.last().image_dir = "C:\\Windows\\system32";
descr_list.last().image_filename = "accwiz.exe";
descr_list.last().command_line = " ";
descr_list.last().max_running_time = max_running_time;
descr_list += descr_list.last().getExecutables();
//descr_list += new ProgramStartDescription();
//descr_list.last().image_dir = "C:\\Documents and Settings\\amd\\Desktop";
//descr_list.last().image_filename = "Test_Files_Handles.exe";
////descr_list.last().command_line = " 50 10000";
//descr_list.last().command_line = " ";
//descr_list.last().max_running_time = 60 * 4;
#endregion
return(descr_list);
}
