public AnalysisResult(AnalyseResultType type, string text, IDetectionResultItem match) : this() { Result = type; Text = text; Match = match; }
/* * Private Sub ProcessRuleIniFile(ByVal sRule$) * Dim vRule As Variant, iMode%, sValue$, sHit$ * On Error GoTo Error: * 'IniFile rule syntax: * '[inifile],[section],[value],[default data],[infected data] * '* [inifile] = "" -> abort * ' * [section] = "" -> abort * ' * [value] = "" -> abort * ' * [default data] = "" -> delete if found * ' * [infected data]= "" -> fix if infected * * 'decrypt rule * 'sRule = Crypt(sRule, sProgramVersion) * * If Right(sRule, 1) = Chr(0) Then sRule = Left(sRule, Len(sRule) - 1) * vRule = Split(sRule, ",") * If UBound(vRule) <> 4 Or _ * InStr(CStr(vRule(0)), ".ini") = 0 Then * 'spelling error or decrypting error * Exit Sub * End If * If CStr(vRule(0)) = "" Then Exit Sub * If CStr(vRule(1)) = "" Then Exit Sub * If CStr(vRule(2)) = "" Then Exit Sub * If CStr(vRule(4)) = "" Then iMode = 0 * If CStr(vRule(3)) = "" Then iMode = 1 * * If InStr(CStr(vRule(3)), "UserInit") > 0 Then vRule(3) = CStr(vRule(3)) & "," * * If Left(CStr(vRule(0)), 3) = "REG" Then * If Not bIsWinNT Then Exit Sub * * If CStr(vRule(4)) = "" Then iMode = 2 * If CStr(vRule(3)) = "" Then iMode = 3 * End If * * 'iMode: * ' 0 = check if value is infected * ' 1 = check if value is present * ' 2 = check if value is infected, in the Registry * ' 3 = check if value is present, in the Registry * * Select Case iMode * Case 0 * 'sValue = String(255, " ") * 'GetPrivateProfileString CStr(vRule(1)), CStr(vRule(2)), "", sValue, 255, CStr(vRule(0)) * 'sValue = RTrim(sValue) * sValue = IniGetString(CStr(vRule(0)), CStr(vRule(1)), CStr(vRule(2))) * If Right(sValue, 1) = Chr(0) Then sValue = Left(sValue, Len(sValue) - 1) * 'If RightB(sValue, 2) = Chr(0) Then sValue = LeftB(sValue, LenB(sValue) - 2) * If Trim(LCase(sValue)) <> LCase(CStr(vRule(3))) Then * If bIsWinNT And Trim(LCase(sValue)) <> vbNullString Then * sHit = "F0 - " & CStr(vRule(0)) & ": " & CStr(vRule(2)) & "=" & sValue * If IsOnIgnoreList(sHit) Then Exit Sub * If bMD5 Then sHit = sHit & GetFileFromAutostart(sValue) * frmMain.lstResults.AddItem sHit * End If * End If * Case 1 * 'sValue = String(255, " ") * 'GetPrivateProfileString CStr(vRule(1)), CStr(vRule(2)), "", sValue, 255, CStr(vRule(0)) * 'sValue = RTrim(sValue) * sValue = IniGetString(CStr(vRule(0)), CStr(vRule(1)), CStr(vRule(2))) * If Right(sValue, 1) = Chr(0) Then sValue = Left(sValue, Len(sValue) - 1) * 'If RightB(sValue, 2) = Chr(0) Then sValue = LeftB(sValue, LenB(sValue) - 2) * If Trim(sValue) <> vbNullString Then * sHit = "F1 - " & CStr(vRule(0)) & ": " & CStr(vRule(2)) & "=" & sValue * If IsOnIgnoreList(sHit) Then Exit Sub * If bMD5 Then sHit = sHit & GetFileFromAutostart(sValue) * frmMain.lstResults.AddItem sHit * End If * Case 2 * 'so far F2 is only reg:Shell and reg:UserInit * sValue = RegGetString(HKEY_LOCAL_MACHINE, "Software\Microsoft\Windows NT\CurrentVersion\WinLogon", CStr(vRule(2))) * If LCase(sValue) <> LCase(CStr(vRule(3))) Then * sHit = "F2 - " & CStr(vRule(0)) & ": " & CStr(vRule(2)) & "=" & sValue * If IsOnIgnoreList(sHit) Then Exit Sub * If bMD5 Then sHit = sHit & GetFileFromAutostart(sValue) * frmMain.lstResults.AddItem sHit * End If * Case 3 * 'this is not really smart when more INIFile items get * 'added, but so far F3 is only reg:load and reg:run * sValue = RegGetString(HKEY_CURRENT_USER, "Software\Microsoft\Windows NT\CurrentVersion\Windows", CStr(vRule(2))) * If sValue <> vbNullString Then * sHit = "F3 - " & CStr(vRule(0)) & ": " & CStr(vRule(2)) & "=" & sValue * If IsOnIgnoreList(sHit) Then Exit Sub * If bMD5 Then sHit = sHit & GetFileFromAutostart(sValue) * frmMain.lstResults.AddItem sHit * End If * End Select * Exit Sub * * Error: * ErrorMsg "modMain_ProcessRuleIniFile", Err.Number, Err.Description, "sRule=" & sRule * End Sub */ #endregion private BetterListViewGroup GetGroup(BetterListView listView, IDetectionResultItem resultItem) { var result = listView.Groups.FirstOrDefault(f => f.Name.Equals(resultItem.ResultType.ToString())); if (result == null && resultItem.ResultType == ScanResultType.CustomAddIn && resultItem is ICustomAddInSection) { var customSection = (ICustomAddInSection)resultItem; result = listView.Groups.FirstOrDefault(f => f.Name.Equals(customSection.CustomAddInSection.Id)); if (result == null) { result = new BetterListViewGroup(customSection.CustomAddInSection.Id, string.Format("{0} - {1}", customSection.CustomAddInSection.Id, customSection.CustomAddInSection.Text)); betterListView1.Groups.Add(result); } } return(result); }