public static List <CSVfileHandler> CSVparser(string path) { List <CSVfileHandler> output = new List <CSVfileHandler>(); StreamReader sr = new StreamReader(path); string line; string[] row = new string[7]; line = sr.ReadLine(); while ((line = sr.ReadLine()) != null) { row = line.Split(new string[] { "\",\"" }, StringSplitOptions.None); CSVfileHandler temp = new CSVfileHandler(); for (int i = 0; i < row.Length; i++) { switch (i) { case 0: temp.timeOfDay = row[i].Substring(1); break; case 1: temp.processName = row[i]; break; case 2: int x = 0; Int32.TryParse(row[i], out x); temp.PID = x; break; case 3: temp.operation = row[i]; break; case 4: temp.path = row[i]; break; case 5: temp.result = row[i]; break; case 6: temp.detail = row[i]; break; default: break; } } output.Add(temp); } return(output); }
public static void shannonReaction(string path) { //Thread.Sleep(2000); ProcMon.procmonTerminator(pathToBackingFile, BACKINGNAME + INDEXER); //Thread.Sleep(10000); INDEXER++; var cpmbf = new Thread(() => ProcMon.createProcmonBackingFile(pathToBackingFile, BACKINGNAME + INDEXER)); cpmbf.Start(); Thread.Sleep(3000); ProcMon.convertPMLfileToCSV(pathToBackingFile, BACKINGNAME + (INDEXER - 1) + ".PML", "convertedFile" + (INDEXER - 1) + ".CSV"); //Thread.Sleep(3000); bool hasCSVbeenWritten = false; Console.WriteLine("Path to CSV file: " + pathToBackingFile + "\\" + "convertedFile" + (INDEXER - 1) + ".CSV"); while (hasCSVbeenWritten == false) { try { using (Stream stream = new FileStream(pathToBackingFile + "\\" + "convertedFile" + (INDEXER - 1) + ".CSV", FileMode.Open)) { hasCSVbeenWritten = true; stream.Dispose(); } } catch (IOException) { } Thread.Sleep(50); } List <CSVfileHandler> parsedData = CSVfileHandler.CSVparser(pathToBackingFile + "\\" + "convertedFile" + (INDEXER - 1) + ".CSV"); foreach (var item in parsedData) { if (!item.processName.Equals("Explorer.EXE")) { try { pID.Add(item.PID); killedProcesses.Add(Process.GetProcessById(item.PID).ProcessName); try { Console.WriteLine("Process: " + Process.GetProcessById(item.PID).ProcessName + " is killed due to suspicious behaviour"); killProcess(item.PID); } catch (Exception) { //Save processname as a temp Console.WriteLine("Killing of the process failed"); } } catch { } } } try { /* * Console.WriteLine("Process: " + Process.GetProcessById(pID.Last()).ProcessName + " is killed due to suspicious behaviour"); * killedProcesses.Add(Process.GetProcessById(pID.Last()).ProcessName); * killProcess(pID.Last());*/ if (!killedFirstProcess) { firstKilledProcessTime = DateTime.Now; killedFirstProcess = true; } } catch (Exception) { Console.WriteLine("Killing of -- FAILED."); } //Console.WriteLine("Do you wish to kill? "); //string killInput = Console.ReadLine(); //Dataanalysis }