Exemple #1
0
        public FileWatchers()
        {
            systemp = sysroot + "temp\\";
            //c:\Windows
            psexecWatcher = new FileSystemWatcher();
            psexecWatcher.Path = sysroot;
            psexecWatcher.Filter = "*.*";
            psexecWatcher.NotifyFilter = NotifyFilters.FileName | NotifyFilters.Size;
            psexecWatcher.IncludeSubdirectories = false;
            psexecWatcher.Changed += new FileSystemEventHandler(psexecChanged);
            psexecWatcher.EnableRaisingEvents = true;

            //%temp%
            exploitWatcher = new FileSystemWatcher();
            exploitWatcher.Path = usertemp;
            exploitWatcher.Filter = "*.*";
            exploitWatcher.NotifyFilter = NotifyFilters.FileName | NotifyFilters.Size;
            exploitWatcher.IncludeSubdirectories = true;
            exploitWatcher.Changed += new FileSystemEventHandler(exploitChanged);
            exploitWatcher.EnableRaisingEvents = true;

            //c:\windows\temp
            systempWatcher = new FileSystemWatcher();
            systempWatcher.Path = systemp;
            systempWatcher.Filter = "*.*";
            systempWatcher.NotifyFilter = NotifyFilters.FileName | NotifyFilters.Size;
            systempWatcher.IncludeSubdirectories = false;
            systempWatcher.Changed += new FileSystemEventHandler(systempChanged);
            systempWatcher.EnableRaisingEvents = true;

            w = Writer.getInstance();
        }
 public EventLogWatchers()
 {
     EventLog evtLog = new EventLog("Security");
     evtLog.EntryWritten += new EntryWrittenEventHandler(entryWritten);
     evtLog.EnableRaisingEvents = true;
     builder = new StringBuilder();
     w = Writer.getInstance();
 }
Exemple #3
0
 public ProcWatchers()
 {
     //Hook WMI because its awesome
     watcher = new ManagementEventWatcher();
     WqlEventQuery query = new WqlEventQuery("SELECT * FROM Win32_ProcessStartTrace");
     watcher.Query = query;
     watcher.EventArrived += new EventArrivedEventHandler(watcher_EventArrived);
     watcher.Start();
     w = Writer.getInstance();
     builder = new StringBuilder();
 }
Exemple #4
0
 public static Writer getInstance()
 {
     if (instance == null)
     {
         instance = new Writer();
         return instance;
     }
     else
     {
         return instance;
     }
 }
        public RegistryWatchers()
        {
            WqlEventQuery bootQuery = new WqlEventQuery(bootSql);
            WqlEventQuery serviceQuery = new WqlEventQuery(serviceSql);
            WindowsIdentity currentUser = WindowsIdentity.GetCurrent();
            WqlEventQuery userQuery = new WqlEventQuery("SELECT * FROM RegistryTreeChangeEvent WHERE " +
                            "Hive = 'HKEY_USERS' " +
                             @"AND RootPath = '" + currentUser.User.Value + @"\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run'");

            userWatch.Query = userQuery;
            bootWatch.Query = bootQuery;
            serviceWatch.Query = serviceQuery;

            userWatch.EventArrived += new EventArrivedEventHandler(currentUserEvent);
            userWatch.Start();

            bootWatch.EventArrived += new EventArrivedEventHandler(localMachineEvent);
            bootWatch.Start();

            serviceWatch.EventArrived += new EventArrivedEventHandler(serviceEvent);
            serviceWatch.Start();
            initialize();
            w = Writer.getInstance();
        }
Exemple #6
0
        public AntiPwny()
        {
            icon = new NotifyIcon();
            icon.Text = "Antipwny";
            icon.Icon = new System.Drawing.Icon(System.Reflection.Assembly.GetExecutingAssembly().GetManifestResourceStream("AnalysisEngine.Resources.icon.ico"));
            icon.ContextMenu = new ContextMenu();
            icon.ContextMenu.MenuItems.Add("Exit",OnExit);

            icon.DoubleClick += new EventHandler(ShowGui);
            icon.Visible = true;

            InitializeComponent();
            initializeGui();

            w = Writer.getInstance();
            w.LogAdded += HandleItemAdded;
            builder = new StringBuilder();

            w.setPath("output.txt");
            FileWatchers filewatch = new FileWatchers();
            regwatch = new RegistryWatchers();
            regwatch.addRegistry += regwatch_addRegistry;
            regwatch.removedEntry += regwatch_removedEntry;
            EventLogWatchers evt = new EventLogWatchers();
            proc = new ProcWatchers();
            rescanButton.Enabled = false;
            procListUpdater.RunWorkerAsync();
        }