public bool IsCrashed(TuringSocket socket, out byte[] zipCrashData, out EExploitableResult exploitResult, delItsAlive isAlive, TuringAgentArgs e) { byte[] zip = null; zipCrashData = null; exploitResult = EExploitableResult.NOT_DUMP_FOUND; var errors = new List <ZipHelper.FileEntry>(); foreach (var pr in Process) { if (!pr.HasExited) { continue; } string error = pr.StandardError.ReadToEnd(); if (!string.IsNullOrEmpty(error) && !string.IsNullOrEmpty(error.Trim())) { errors.Add ( new ZipHelper.FileEntry("Error_" + pr.ProcessName + "_" + pr.Id.ToString() + ".txt", pr.StandardError.CurrentEncoding.GetBytes(error.Trim())) ); } } if (errors.Count > 0) { if (ZipHelper.AppendOrCreateZip(ref zip, errors) > 0 && zip != null && zip.Length > 0) { zipCrashData = zip; } } return(zipCrashData != null && zipCrashData.Length > 0); }
/// <summary> /// Return if are WER file /// </summary> /// <param name="socket">Socket</param> /// <param name="zipCrashData">Crash data</param> /// <param name="isAlive">IsAlive</param> public bool IsCrashed(TuringSocket socket, out byte[] zipCrashData, out EExploitableResult exploitResult, delItsAlive isAlive, TuringAgentArgs e) { zipCrashData = null; if (_Process == null) { exploitResult = EExploitableResult.NOT_DUMP_FOUND; return(false); } // Wait for exit var isBreak = false; if (_Process != null) { var miniwait = TimeSpan.FromMilliseconds(100); foreach (var p in _Process) { try { var ts = TimeSpan.FromMilliseconds(p.StartInfo.ExitTimeout.TotalMilliseconds); while (ts.TotalMilliseconds > 0 && (isAlive == null || isAlive.Invoke(socket, e)) && !p.HasExited) { p.WaitForExit((int)miniwait.TotalMilliseconds); ts = ts.Subtract(miniwait); } } catch { } // Check store location for changes if (!isBreak && p.ItsChangedStoreLocation()) { isBreak = true; } } } // Courtesy wait Thread.Sleep(500); // Search logs var fileAppend = new List <ILogFile>(); if (_FileNames != null) { foreach (var f in _FileNames) { var l = new LogFile(f); if (l.TryLoadFile(TimeSpan.FromSeconds(isBreak ? 5 : 2))) { fileAppend.Add(l); } } } // If its alive kill them if (_Process != null) { foreach (var p in _Process) { try { p.KillProcess(); } catch { } } } // Check exploitability exploitResult = EExploitableResult.NOT_DUMP_FOUND; for (int x = 0, m = fileAppend.Count; x < m; x++) { var dump = (LogFile)fileAppend[x]; if (dump.FileName.ToLowerInvariant().EndsWith(".dmp")) { exploitResult = WinDbgHelper.CheckMemoryDump(dump.Path, out string log); if (!string.IsNullOrEmpty(log)) { fileAppend.Add(new MemoryLogFile("exploitable.log", Encoding.UTF8.GetBytes(log))); } } } // Compress to zip byte[] zip = null; if (ZipHelper.AppendOrCreateZip(ref zip, fileAppend.Select(u => u.GetZipEntry())) > 0 && zip != null && zip.Length > 0) { zipCrashData = zip; } return(zipCrashData != null && zipCrashData.Length > 0); }