Esempi in C# (CSharp) per ThreatCheck CustomConsole.WriteDebug

Esempio n. 1

File: Defender.cs Progetto: backlion/ThreatCheck

        byte[] HalfSplitter(byte[] originalarray, int lastgood)
        {
            var splitArray = new byte[(originalarray.Length - lastgood) / 2 + lastgood];

            if (originalarray.Length == splitArray.Length + 1)
            {
                var result = Scan(FilePath, true);
                var msg    = string.Format("Identified end of bad bytes at offset 0x{0:X}", originalarray.Length);
                var sig    = string.Format("File matched signature {0}", result.Signature);

                CustomConsole.WriteThreat(msg);
                CustomConsole.WriteThreat(sig);

                byte[] offendingBytes = new byte[256];

                if (originalarray.Length < 256)
                {
                    Array.Resize(ref offendingBytes, originalarray.Length);
                    Buffer.BlockCopy(originalarray, originalarray.Length, offendingBytes, 0, originalarray.Length);
                }
                else
                {
                    Buffer.BlockCopy(originalarray, originalarray.Length - 256, offendingBytes, 0, 256);
                }

                Helpers.HexDump(offendingBytes);

#if DEBUG
                CustomConsole.WriteDebug($"Removing {FilePath}");
#endif
                File.Delete(@"C:\Temp\testfile.exe");
                Complete = true;
            }

            Array.Copy(originalarray, splitArray, splitArray.Length);
            return(splitArray);
        }

Esempio n. 2

File: Defender.cs Progetto: backlion/ThreatCheck

        public void AnalyzeFile()
        {
            if (!Directory.Exists(@"C:\Temp"))
            {
#if DEBUG
                CustomConsole.WriteDebug(@"C:\Temp doesn't exist. Creating it...");
#endif
                Directory.CreateDirectory(@"C:\Temp");
            }

            FilePath = Path.Combine(@"C:\Temp", "file.exe");
            File.WriteAllBytes(FilePath, FileBytes);

            var status = Scan(FilePath);

            if (status.Result == ScanResult.NoThreatFound)
            {
                CustomConsole.WriteOutput("No threat found!");
                return;
            }
            else
            {
                Malicious = true;
            }

            CustomConsole.WriteOutput($"Target file size: {FileBytes.Length} bytes");
            CustomConsole.WriteOutput("Analyzing...");

            var splitArray = new byte[FileBytes.Length / 2];
            Buffer.BlockCopy(FileBytes, 0, splitArray, 0, FileBytes.Length / 2);
            var lastgood = 0;

            while (!Complete)
            {
#if DEBUG
                CustomConsole.WriteDebug($"Testing {splitArray.Length} bytes");
#endif
                File.WriteAllBytes(FilePath, splitArray);
                var detectionStatus = Scan(FilePath);

                if (detectionStatus.Result == ScanResult.ThreatFound)
                {
#if DEBUG
                    CustomConsole.WriteDebug("Threat found, splitting");
#endif
                    var tmpArray = HalfSplitter(splitArray, lastgood);
                    Array.Resize(ref splitArray, tmpArray.Length);
                    Array.Copy(tmpArray, splitArray, tmpArray.Length);
                }
                else if (detectionStatus.Result == ScanResult.NoThreatFound)
                {
#if DEBUG
                    CustomConsole.WriteDebug("No threat found, increasing size");
#endif
                    lastgood = splitArray.Length;
                    var tmpArray = Overshot(FileBytes, splitArray.Length);
                    Array.Resize(ref splitArray, tmpArray.Length);
                    Buffer.BlockCopy(tmpArray, 0, splitArray, 0, tmpArray.Length);
                }
            }
        }