public List <DeobfuscationResult> ReverseTraverseCheckSubtreeWithExperimentalOutput(AstTree tree)
{
AstNode node = tree.root;
Queue <AstNode> unvisitedNodeQueue = new Queue <AstNode>();
unvisitedNodeQueue.Enqueue(node);
Stack <AstNode> pipeNodeStack = new Stack <AstNode>();
while (unvisitedNodeQueue.Count > 0)
{
AstNode n = unvisitedNodeQueue.Dequeue();
if (n.ast.GetType().ToString() == "System.Management.Automation.Language.PipelineAst")
{
pipeNodeStack.Push(n);
}
foreach (AstNode nc in n.childList)
{
unvisitedNodeQueue.Enqueue(nc);
}
}
InstancePF psIns = new InstancePF();
List <DeobfuscationResult> outputList = new List <DeobfuscationResult>();
while (pipeNodeStack.Count > 0)
{
AstNode n = pipeNodeStack.Pop();
Classifier.ClassifierResult result = c.testWithModel(AstTree.Tree2Feature(n));
DeobfuscationResult output = new DeobfuscationResult();
output.originalScript = AstNode.GetShapedScript(n.ast.Extent.Text);
if (result != Classifier.ClassifierResult.unobfuscated)
{
string returnScript = psIns.addScript(n.ast.Extent.Text);
Console.Out.WriteLine(String.Format("Script:{0}, result:{1}, Deobfuscation:{2}", n.ast.Extent.Text, result, returnScript));
output.obfuscated = 1;
output.deobfuscatedScript = AstNode.GetShapedScript(returnScript);
if (returnScript.Length != 0)
{
tree.RemoveSubTree(n, n.childList[0]);
}
tree.AddSubTree(n, returnScript);
}
else
{
Console.Out.WriteLine(String.Format("Script:{0}, result:{1}", n.ast.Extent.Text, result));
}
outputList.Add(output);
}
return(outputList);
}
public void ReverseTraverseCheckSubtree(AstTree tree)
{
AstNode node = tree.root;
Queue <AstNode> unvisitedNodeQueue = new Queue <AstNode>();
unvisitedNodeQueue.Enqueue(node);
Stack <AstNode> pipeNodeStack = new Stack <AstNode>();
while (unvisitedNodeQueue.Count > 0)
{
AstNode n = unvisitedNodeQueue.Dequeue();
if (n.ast.GetType().ToString() == "System.Management.Automation.Language.PipelineAst")
{
pipeNodeStack.Push(n);
}
foreach (AstNode nc in n.childList)
{
unvisitedNodeQueue.Enqueue(nc);
}
}
while (pipeNodeStack.Count > 0)
{
AstNode n = pipeNodeStack.Pop();
Classifier.ClassifierResult result = c.testWithModel(AstTree.Tree2Feature(n));
if (result != Classifier.ClassifierResult.unobfuscated)
{
// what to do with the obfuscated sub-tree
string returnScript = psIns.addScript(n.ast.Extent.Text);
Console.Out.WriteLine(String.Format("Script:{0}, result:{1}, Deobfuscation:{2}", n.ast.Extent.Text, result, returnScript));
tree.AddSubTree(n, returnScript);
}
else
{
Console.Out.WriteLine(String.Format("Script:{0}, result:{1}", n.ast.Extent.Text, result));
}
}
}
public void TraverseCheckSubtree(AstNode node)
{
Queue <AstNode> unvisitedNodeQueue = new Queue <AstNode>();
unvisitedNodeQueue.Enqueue(node);
while (unvisitedNodeQueue.Count > 0)
{
AstNode n = unvisitedNodeQueue.Dequeue();
if (n.ast.GetType().ToString() == "System.Management.Automation.Language.PipelineAst")
{
AstData data = AstTree.Tree2Feature(n);
Classifier.ClassifierResult result = c.testWithModel(data);
Console.Out.WriteLine(String.Format("Script:{0}, result:{1}", n.ast.Extent.Text, result.ToString()));
}
foreach (AstNode nc in n.childList)
{
unvisitedNodeQueue.Enqueue(nc);
}
}
}
