private static void OnResultProvided(object sender, ScanResultArgs <AutoTweakableResult> e) { if (CheckForManager()) { ITweakable tweakble = e.result.tweakble; Manager.RegisterTweakable(tweakble); e.result.autoTweakable.tweakable = tweakble; e.result.autoTweakable.UniqueId = e.result.uniqueId; } }
private void CustomSerializerFound(object sender, ScanResultArgs <CustomSerializerResult> e) { CustomTypeSerializer customTypeSerializer = Activator.CreateInstance(e.result.type, this) as CustomTypeSerializer; customSerializers.Add(customTypeSerializer.CustomType, customTypeSerializer); }
static void Main(string[] args) { // Output some information about the program running Console.Title = "Berzerk Malware Scanner - Test Client - http://JordanHook.com"; // Output version of tester Console.WriteLine("Berzerk Malware Scanner Test Client 1.0"); // Scan a folder based on the args if (args.Length == 0) { Console.WriteLine("No scan directory specified..."); return; } // Declare some variables for the scan string ScanDirectory = args[0]; // Our controllers... SignatureController Signatures = new SignatureController("sigs.sdb"); // Load the library setting defaults (we will add a settings controller later...) BerzerkAPI.Settings.Defaults(); //Set max file size to 5mb to testing purposes.. BerzerkAPI.Settings.MaxFileSize = (1024 * 1024) * 5; // Try to load the signatures if (Signatures.LoadDatabase()) { Console.WriteLine("Signature database was loaded with {0} entries", Signatures.Signatures.Count); } else { // If the signatures can't be loaded... we can't scan for anything Console.WriteLine("Unable to load signature database..."); return; } // Output current task Console.WriteLine("\nGathering files to scan..."); // Now that our controllers have been loaded... we can attempt to start scanning files Queue <string> ScanList = BerzerkAPI.IO.File.CreateFileQueue(ScanDirectory, true); // Output current task Console.WriteLine("\nScanning {0} files...", ScanList.Count); // Loop through each file in the list //foreach (string file in ScanList) //{ // try // { // // Run a scan on the file // Signature scan = BerzerkAPI.IO.File.ScanFile(file, Signatures, Cached); // // Check if there is a threat detected // if (scan != null) // { // // Output the detection type and file location // Console.WriteLine("\nDETECTED {0}:\n{1}", scan.Definition, file); // } // } // catch (Exception) // { // // We were unable to access the current file due to permission issues or it being in use... // } //} // Multi threaded scan List <Thread> ScanThreads = new List <Thread>(); int totalFiles = ScanList.Count(); // Run an extra thread to display some information about the scan... new Thread(() => { // While the scan is still running while (ScanList.Count > 0) { Thread.Sleep(5000); Console.WriteLine("{0} Files left to scan...", ScanList.Count); Console.WriteLine("{0} Scanning threads running...", ScanThreads.Count()); Console.WriteLine("{0} Files have been scanned...", totalFiles - ScanList.Count()); // Garbage collect call since our scans use a lot of resources GC.Collect(); } }).Start(); // While there are files left to scan... while (true) { // If there are no scans running and no files left to scan // Exit the infinite loop if (ScanThreads.Count() == 0 && ScanList.Count == 0) { break; } // Find a dead thread... var dead = ScanThreads.FirstOrDefault(th => th.ThreadState == ThreadState.Stopped); // While there are more dead threads while (dead != null) { // Remove them ScanThreads.Remove(dead); // Find more? dead = ScanThreads.FirstOrDefault(th => th.ThreadState == ThreadState.Stopped); } // Ensure 1 thread per processor core while (ScanThreads.Count() < Environment.ProcessorCount) { // Don't start a new thread if the scan list is empty.. we just need to wait for the rest of the scans to finish... if (ScanList.Count == 0) { break; } // Create a new thead Thread t = new Thread(() => { try { // Get the next file string current = ScanList.Dequeue(); // Scan the current file //Signature scan = BerzerkAPI.IO.File.ScanFile(current, ref Signatures, ref Cached); ScanResultArgs result = BerzerkAPI.IO.File.ScanFile(current, Signatures); // Check the results if (result.Detection != null) { Console.WriteLine("\nDETECTED {0}:\n{1}", result.Detection.Definition, current); } } catch (Exception) { // We were unable to access the current file due to permission issues or it being in use... } }); // Add the scan thread to the list ScanThreads.Add(t); // Run the thread t.IsBackground = true; t.Start(); } // Pause while we wait for a scan to finish... Thread.Sleep(10); } // All scans completed, give a delay before outputting finished results incase a detection is still being outputted.. Thread.Sleep(1500); // EOP... Console.WriteLine("\n\n\nScan complete, press any key to exit..."); Console.ReadKey(); }
private void OnObjectFound(object sender, ScanResultArgs <T> e) { RegisterObject(e.result); }
private void OnWatchableScanned(object sender, ScanResultArgs <IWatchable> e) { scannedObjects.Add(e.result); }
private void OnTweakableScanned(object sender, ScanResultArgs <ITweakable> e) { scannedObjects.Add(e.result); }
public void Run() { // Create master thread to manage running threads Thread t = new Thread(() => { // Create local copies of databases to work with SignatureController localSignatures = this.Signatures; TargetProcess = Process.ProcessQueue(); bool loadProcess = false; //MaxThreads = 1; //MaxThreads /=2; // While we are not canceling the whole scan... while (!Cancel) { while (Pause) { Thread.Sleep(500); // exit if (Cancel == true) { // exit return; } } //detmine number of threads to use when scanning if (Settings.ReducePriority) { this.MaxThreads = Environment.ProcessorCount / 2; } else { this.MaxThreads = Environment.ProcessorCount; } // If all scans have finished and there is nothing left to scan... if (RunningThreads == 0 && TargetFiles.Count() == 0 && TargetProcess.Count() == 0) { // All files have been scanned... time to implement a process scanner.... // Attempt to raise event for scan complete // Raise the event ThreatScanComplete?.Invoke(this); // And then exit the loop break; } else if (TargetFiles.Count() == 0 && !loadProcess) { loadProcess = true; // Get a queue of new process... TargetProcess = Process.ProcessQueue(); } else { // Check for existing dead threads in the thread list //var dead = ScannerThreads.FirstOrDefault(th => th.ThreadState == ThreadState.Stopped); // // while there are dead threads to remove... // while (dead != null && !Cancel) // { // // Remove dead thread // ScannerThreads.Remove(dead); // // Check for more // dead = ScannerThreads.FirstOrDefault(th => th.ThreadState == ThreadState.Stopped); // } if (ScannerThreads.Count > 0) { for (int i = 0; i < ScannerThreads.Count; i++) { //if(ScannerThreads[i].ThreadState == ThreadState.Stopped) ScannerThreads[i].Join(); ScannerThreads.Remove(ScannerThreads[i]); } } // Clean garbage left behind by scans... GC.Collect(); // All target files were scanned... start a process scanning... if (TargetFiles.Count == 0) { // Loop through the process queue time.. while (RunningThreads < MaxThreads && TargetProcess.Count > 0 && !Cancel) { // Get next process var target = TargetProcess.Dequeue(); // Create a scanner for it.. Thread scan = new Thread(() => { try { // Check white list against process before scanning it if (Settings.WhiteList.Contains(NativeMethods.GetExecutablePath(target))) { return; } // Heuristically analyze file first var heur = BerzerkAPI.IO.Heuristic.Analyze(API.NativeMethods.GetExecutablePath(target)); if (heur != null) { ThreatDetectedArgs args = new Controllers.ThreatDetectedArgs() { Detection = heur, FilePath = API.NativeMethods.GetExecutablePath(target) }; ThreatDetected?.Invoke(this, args); } else { // create a scan of the process Signature res = Process.ScanProcess(target, ref localSignatures); // Scan the file and get results //Signature result = BerzerkAPI.IO.File.ScanFile(target, ref localSignatures, ref localCache); ScanResultArgs result = BerzerkAPI.IO.File.ScanFile(NativeMethods.GetExecutablePath(target), localSignatures); // accumulate the total scanned data in MB ScannedData += (result.Size / 1024) / 1024; // Check results if (result.Detection != null) { // Attempt to raise detection event // Create event args ThreatDetectedArgs args = new ThreatDetectedArgs() { Detection = result.Detection, FilePath = NativeMethods.GetExecutablePath(target) }; // Raise event ? ThreatDetected?.Invoke(this, args); } } // end of heuristic else // Try to scan the process //var result = BerzerkAPI.IO.Process.ScanProcess(target, ref localSignatures); //// If a threat was found in the process //if(result != null) //{ // ThreatDetectedArgs args = new Controllers.ThreatDetectedArgs() // { // Detection = result, // FilePath = NativeMethods.GetExecutablePath(target) // }; // ThreatDetected?.Invoke(this, args); //} } catch (Exception ex) { #if DEBUG Console.WriteLine(ex.Message); #endif } //ScannerThreads.Remove(Thread.CurrentThread); }); // Add thread to list ScannerThreads.Add(scan); // Run thread in bg scan.IsBackground = true; scan.SetApartmentState(ApartmentState.MTA); // Run the scan scan.Start(); // scan.Join(); } } // Now that we have freed space in the thread list, we need to create new threads // Loop while there is room left for more threads // And while there are files left to scan while (RunningThreads < MaxThreads && TargetFiles.Count > 0 && !Cancel) { // Get the next scannable file string target = TargetFiles.Dequeue(); // Create new scan thrad for the next file Thread scan = new Thread(() => { try { // Scan the file and get results //Signature result = BerzerkAPI.IO.File.ScanFile(target, ref localSignatures, ref localCache); ScanResultArgs result = BerzerkAPI.IO.File.ScanFile(target, localSignatures); // accumulate the total scanned data in MB ScannedData += (result.Size / 1024) / 1024; // Check results if (result.Detection != null) { // Attempt to raise detection event // Create event args ThreatDetectedArgs args = new ThreatDetectedArgs() { Detection = result.Detection, FilePath = target }; // Raise event ? ThreatDetected?.Invoke(this, args); } // Sleep thread before ending it to provide some timeout for the cpu //Thread.Sleep(20); } catch (Exception ex) // debugging purposes { // something went wrong... #if DEBUG Console.WriteLine(ex.Message); #endif } //ScannerThreads.Remove(Thread.CurrentThread); }); // Add thread to list ScannerThreads.Add(scan); // Run thread in bg scan.IsBackground = true; scan.SetApartmentState(ApartmentState.MTA); // Run the scan scan.Start(); //scan.Join(); } } } }); // Set the thread to run in the bg and run it t.IsBackground = true; t.Start(); }