public static bool CheckStaticAnalysisResultIsPersent(string FilePath)
{
string ConfigFile = FilePath + ".krconfig";
if (!File.Exists(ConfigFile))
{
return(false);
}
try
{
Dictionary <string, ulong> config = KrkrHelper.ReadKrkrConfigFile(ConfigFile);
if (config.Count == 0)
{
return(false);
}
if (!config.ContainsKey("exporter"))
{
return(false);
}
if (config["exporter"] == ulong.MaxValue || config["exporter"] == 0L)
{
return(false);
}
}
catch (Exception ex)
{
Console.WriteLine(Environment.StackTrace);
Console.WriteLine("Exception:");
Console.WriteLine(ex.ToString());
return(false);
}
return(true);
}
private void ProcessExitHandler(object sender, EventArgs eventArgs)
{
m_NotifyEnd();
if (!File.Exists(m_TempFile) || m_Process.ExitCode != 0)
{
Console.WriteLine("static analysis failed : {0}", m_Process.ExitCode);
m_NotifyStatus("static analysis failed");
CleanupVars();
return;
}
ulong ExporterOffset = 0uL;
try
{
using (StreamReader stream = new StreamReader(File.Open(m_TempFile, FileMode.Open, FileAccess.Read)))
{
ExporterOffset = ulong.Parse(stream.ReadLine().Replace(Environment.NewLine, string.Empty));
PEImage pe = PEImage.ReadFromFile(m_FilePath);
if (ExporterOffset <= (ulong)(long)pe.BaseAddress)
{
throw new Exception("Exporter address < pe.BaseAddress");
}
ExporterOffset = (ulong)((long)ExporterOffset - (long)pe.BaseAddress);
}
File.Delete(m_TempFile);
}
catch (Exception ex)
{
Console.WriteLine(Environment.StackTrace);
Console.WriteLine("Exception:");
Console.WriteLine(ex.ToString());
CleanupVars();
return;
}
if (ExporterOffset == 0L)
{
m_NotifyStatus("failed to parse exporter address");
CleanupVars();
return;
}
try
{
if (!KrkrHelper.WriteKrkrConfigFile(m_FilePath + ".krconfig", ExporterOffset))
{
m_NotifyStatus("failed to write info to config file");
CleanupVars();
return;
}
}
catch (Exception)
{
m_NotifyStatus("failed to write info to config file");
CleanupVars();
return;
}
m_NotifyStatus("Static analysis : ok");
CreateProcessAndExit(m_FilePath);
CleanupVars();
}
private bool RunStaticAnalysisSubProcess(string FilePath)
{
bool RunStaticAnalysis = true;
if (RunStaticAnalysis && !KrkrHelper.IsKrkrEngine(FilePath))
{
m_NotifyStatus("Unsupported krkr engine or packed file");
RunStaticAnalysis = false;
}
if (RunStaticAnalysis && !KrkrHelper.NeedStaticAnalysis(FilePath))
{
m_NotifyStatus("Skip static analysis");
RunStaticAnalysis = false;
}
m_InTask = true;
string CurrentDir = Directory.GetCurrentDirectory();
string ScriptPath = Path.Combine(Path.Combine(Path.Combine(Path.Combine(CurrentDir, "Externals"), "scripts"), "r2"), "find_private_proc.py");
string R2Home = Path.Combine(Path.Combine(Path.Combine(CurrentDir, "Externals"), Environment.Is64BitOperatingSystem ? "radare2_64" : "radare2"), "bin");
string PythonPath = Path.Combine(Path.Combine(Path.Combine(CurrentDir, "Externals"), "python"), "python.exe");
string TempFile = Path.Combine(CurrentDir, "3389.bin");
ProcessStartInfo info = new ProcessStartInfo(PythonPath, JoinToArgs(new string[4]
{
ScriptPath,
FilePath,
R2Home,
TempFile
}));
info.UseShellExecute = false;
m_Process = new Process();
m_Process.Exited += ProcessExitHandler;
m_Process.StartInfo = info;
m_Process.EnableRaisingEvents = true;
m_TempFile = TempFile;
m_FilePath = FilePath;
try
{
m_Process.Start();
m_NotifyStatus("Analyzing");
}
catch (Exception ex)
{
Console.WriteLine(Environment.StackTrace);
Console.WriteLine("Exception:");
Console.WriteLine(ex.ToString());
CleanupVars();
return(false);
}
m_NotifyStart();
return(true);
}