private void bkgndSign_RunWorkerCompleted(object sender, RunWorkerCompletedEventArgs e)
{
try
{
if (e.Error != null)
{
throw e.Error;
}
evidence Evidence = (evidence)e.Result;
frmState = frm.FrmState.Normal;
FrmEvidence frmEvidence = new FrmEvidence(Evidence);
frmEvidence.ShowDialog(this);
}
catch (Exception ex)
{
string msg = "OcurriĆ³ un error al generar la firma" + Environment.NewLine;
msg += ex.InnerException != null ? ex.InnerException.Message : ex.Message;
MetroMessageBox.Show(this, msg, "Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
frmState = frm.FrmState.Normal;
this.Refresh(); //Refrescado de pantalla para que se sigan visualizando las lineas, BUG
}
public antiEvidence inverse(evidence ev)
{
if (ev == evidence.DOTS)
{
return(antiEvidence.AntiDOTS);
}
if (ev == evidence.EMF)
{
return(antiEvidence.AntiEMF);
}
if (ev == evidence.Fingerprints)
{
return(antiEvidence.AntiFingerprints);
}
if (ev == evidence.Orbs)
{
return(antiEvidence.AntiOrbs);
}
if (ev == evidence.SpiritBox)
{
return(antiEvidence.AntiSpiritBox);
}
if (ev == evidence.Temps)
{
return(antiEvidence.AntiTemps);
}
if (ev == evidence.Writing)
{
return(antiEvidence.AntiWriting);
}
return(0);
}
private string argGetListProcess(evidence evidence)
{
string response;
response = @" -f " + evidence.Route + " --profile=" + evidence.Profile + " pslist";
return(response);
}
private string argGetNetScan(evidence evidence)
{
string response;
response = @" -f " + evidence.Route + " --profile=" + evidence.Profile + " netscan";
return(response);
}
private string argGetCommands(evidence evidence)
{
string response;
response = @"-f " + evidence.Route + " --profile=" + evidence.Profile + " cmdscan";
return(response);
}
private string argGetImageInfo(evidence evidence)
{
string response;
response = @" -f " + evidence.Route + " imageinfo";
return(response);
}
private string argVerInfo(evidence evidence)
{
string response;
response = @"-f " + evidence.Route + " --profile=" + evidence.Profile + " verinfo";
return(response);
}
private string argListDlls(evidence evidence, process process)
{
string response;
response = @"-f " + evidence.Route + " --profile=" + evidence.Profile + " dlllist -p " + process.Pid;
return(response);
}
public string Argument(string hability, evidence evidence, process process)
{
switch (hability)
{
case "getImageInfo":
return(argGetImageInfo(evidence));
case "getListProcess":
return(argGetListProcess(evidence));
case "getNetScan":
return(argGetNetScan(evidence));
case "getCommands":
return(argGetCommands(evidence));
case "verInfo":
return(argVerInfo(evidence));
case "processDlls":
return(argListDlls(evidence, process));
default:
// Default stuff
return("noInfo");
}
}
public string executeCommand(string command, evidence evidence, process process)
{
constructArguments construct = new constructArguments();
Service.Service getResponse = new Service.Service();
string argument = construct.Argument(command, evidence, process);
string result = getResponse.getVolatilityResponse(argument);
return(result);
}
public GhostTypes(string name, evidence evidence1, evidence evidence2, evidence evidence3, string desc)
{
Name = name;
Description = desc;
this.evidence1 = evidence1;
this.evidence2 = evidence2;
this.evidence3 = evidence3;
var allEvidence = GetEvidence();
List <antiEvidence> anti = new List <antiEvidence>();
anti.Add(antiEvidence.AntiDOTS);
anti.Add(antiEvidence.AntiEMF);
anti.Add(antiEvidence.AntiFingerprints);
anti.Add(antiEvidence.AntiOrbs);
anti.Add(antiEvidence.AntiSpiritBox);
anti.Add(antiEvidence.AntiTemps);
anti.Add(antiEvidence.AntiWriting);
foreach (evidence e in allEvidence)
{
if (e == evidence.DOTS)
{
anti.Remove(antiEvidence.AntiDOTS);
}
else if (e == evidence.EMF)
{
anti.Remove(antiEvidence.AntiEMF);
}
else if (e == evidence.Fingerprints)
{
anti.Remove(antiEvidence.AntiFingerprints);
}
else if (e == evidence.SpiritBox)
{
anti.Remove(antiEvidence.AntiSpiritBox);
}
else if (e == evidence.Temps)
{
anti.Remove(antiEvidence.AntiTemps);
}
else if (e == evidence.Writing)
{
anti.Remove(antiEvidence.AntiWriting);
}
else if (e == evidence.Orbs)
{
anti.Remove(antiEvidence.AntiOrbs);
}
}
anti1 = anti[0];
anti2 = anti[1];
anti3 = anti[2];
anti4 = anti[3];
}
public bool checkEvidence(evidence ev)
{
var allEvidence = GetEvidence();
foreach (evidence e in allEvidence)
{
if (e == ev)
{
return(true);
}
}
return(false);
}
private void bkgndSign_DoWork(object sender, DoWorkEventArgs e)
{
originalStringToSignModel modelToSign = (originalStringToSignModel)e.Argument;
byte[] cer = File.ReadAllBytes(this.txtCer.Text),
key = File.ReadAllBytes(this.txtKey.Text);
//evidence Evidence = signAction.Sign(txtCer.Text, txtKey.Text, txtPwd.Text, modelToSign);
evidence Evidence = signAction.Sign(cer, key, txtPwd.Text, modelToSign);
e.Result = Evidence;
}
private void contextMenuEvidence_ItemClicked(object sender, ToolStripItemClickedEventArgs e)
{
var fileContent = string.Empty;
var filePath = string.Empty;
using (OpenFileDialog openFileDialog = new OpenFileDialog())
{
openFileDialog.InitialDirectory = "c:";
openFileDialog.Filter = "dmp files (*.dmp)|*.dmp|All files (*.*)|*.*";
openFileDialog.FilterIndex = 2;
openFileDialog.RestoreDirectory = true;
if (openFileDialog.ShowDialog() == DialogResult.OK)
{
filePath = openFileDialog.FileName;
evidence.Nodes[0].Nodes.Add(filePath);
memoryDump = new evidence(filePath, openFileDialog.FileName);
}
}
}
public FrmEvidence(evidence Evidence)
{
InitializeComponent();
this.Evidence = Evidence;
this.init();
}