예제 #1
0
        public static List <CSVfileHandler> CSVparser(string path)
        {
            List <CSVfileHandler> output = new List <CSVfileHandler>();

            StreamReader sr = new StreamReader(path);

            string line;

            string[] row = new string[7];
            line = sr.ReadLine();
            while ((line = sr.ReadLine()) != null)
            {
                row = line.Split(new string[] { "\",\"" }, StringSplitOptions.None);
                CSVfileHandler temp = new CSVfileHandler();
                for (int i = 0; i < row.Length; i++)
                {
                    switch (i)
                    {
                    case 0:
                        temp.timeOfDay = row[i].Substring(1);
                        break;

                    case 1:
                        temp.processName = row[i];
                        break;

                    case 2:
                        int x = 0;
                        Int32.TryParse(row[i], out x);
                        temp.PID = x;
                        break;

                    case 3:
                        temp.operation = row[i];
                        break;

                    case 4:
                        temp.path = row[i];
                        break;

                    case 5:
                        temp.result = row[i];
                        break;

                    case 6:
                        temp.detail = row[i];
                        break;

                    default:
                        break;
                    }
                }
                output.Add(temp);
            }
            return(output);
        }
예제 #2
0
        public static void shannonReaction(string path)
        {
            //Thread.Sleep(2000);
            ProcMon.procmonTerminator(pathToBackingFile, BACKINGNAME + INDEXER);
            //Thread.Sleep(10000);

            INDEXER++;
            var cpmbf = new Thread(() => ProcMon.createProcmonBackingFile(pathToBackingFile, BACKINGNAME + INDEXER));

            cpmbf.Start();

            Thread.Sleep(3000);

            ProcMon.convertPMLfileToCSV(pathToBackingFile, BACKINGNAME + (INDEXER - 1) + ".PML", "convertedFile" + (INDEXER - 1) + ".CSV");
            //Thread.Sleep(3000);

            bool hasCSVbeenWritten = false;

            Console.WriteLine("Path to CSV file: " + pathToBackingFile + "\\" + "convertedFile" + (INDEXER - 1) + ".CSV");

            while (hasCSVbeenWritten == false)
            {
                try
                {
                    using (Stream stream = new FileStream(pathToBackingFile + "\\" + "convertedFile" + (INDEXER - 1) + ".CSV", FileMode.Open))
                    {
                        hasCSVbeenWritten = true;
                        stream.Dispose();
                    }
                }
                catch (IOException)
                {
                }
                Thread.Sleep(50);
            }

            List <CSVfileHandler> parsedData = CSVfileHandler.CSVparser(pathToBackingFile + "\\" + "convertedFile" + (INDEXER - 1) + ".CSV");

            foreach (var item in parsedData)
            {
                if (!item.processName.Equals("Explorer.EXE"))
                {
                    try
                    {
                        pID.Add(item.PID);
                        killedProcesses.Add(Process.GetProcessById(item.PID).ProcessName);
                        try
                        {
                            Console.WriteLine("Process: " + Process.GetProcessById(item.PID).ProcessName + " is killed due to suspicious behaviour");
                            killProcess(item.PID);
                        }
                        catch (Exception)
                        {
                            //Save processname as a temp
                            Console.WriteLine("Killing of the process failed");
                        }
                    }
                    catch
                    {
                    }
                }
            }

            try
            {
                /*
                 * Console.WriteLine("Process: " + Process.GetProcessById(pID.Last()).ProcessName + " is killed due to suspicious behaviour");
                 * killedProcesses.Add(Process.GetProcessById(pID.Last()).ProcessName);
                 * killProcess(pID.Last());*/
                if (!killedFirstProcess)
                {
                    firstKilledProcessTime = DateTime.Now;
                    killedFirstProcess     = true;
                }
            }
            catch (Exception)
            {
                Console.WriteLine("Killing of  -- FAILED.");
            }

            //Console.WriteLine("Do you wish to kill? ");
            //string killInput = Console.ReadLine();



            //Dataanalysis
        }