private void sigfreeToolStripMenuItem_Click(object sender, EventArgs e) { Sigfree u = new Sigfree(); u.MdiParent = this; u.Show(); }
private void btn_next_Click(object sender, EventArgs e) { LB_inst.Items.Clear(); LB_CTI.Items.Clear(); //-------------------------------------------get Illegal instr // convert all_inst node array to Node List List<Node> All_inst_L = new List<Node>(); All_inst_L.AddRange(Inj_instr); Sigfree obj = new Sigfree(); //created obj to access sub in Sigfree class.. //for display all instr in LB_Instr foreach (Node tmp_N in All_inst_L) { String tmp_inst = ""; tmp_inst = tmp_inst + " " + tmp_N.name; if (tmp_N.operands != null) { foreach (String c in tmp_N.operands) { tmp_inst = tmp_inst + " " + c.ToString(); } } else tmp_inst = tmp_inst + " NULL "; //tmp_inst = tmp_inst+" " + tmp_N.type ; tmp_inst = tmp_inst + " " + tmp_N.addr; LB_inst.Items.Add(tmp_inst.ToString());//add each instruction ShowInfectdURL(tmp_inst.ToString()); } //-------------------------------------------get Illegal instr // convert all_inst node array to Node List Node[] CTI_inst_N;//all usless CTI instructions, distilled from bytes CTI_inst_N = SecPhase.seperate(All_inst_L, ref Sigfree.Useless).ToArray(); //for display in LB_CTI foreach (Node tmp_N in CTI_inst_N) { String tmp_inst = ""; tmp_inst = tmp_inst + " " + tmp_N.name; if (tmp_N.operands != null) { foreach (String c in tmp_N.operands) { tmp_inst = tmp_inst + " " + c.ToString(); } } else tmp_inst = tmp_inst + " NULL "; //tmp_inst = tmp_inst+" " + tmp_N.type ; tmp_inst = tmp_inst + " " + tmp_N.addr; LB_CTI.Items.Add(tmp_inst.ToString());//add each instruction } //-----------------------------------fingding invalid MOV instr (reg assignment instruction) Node[] Mov_inst_N;//all usless MOV ( reg assignment) instructions distilled from bytes Mov_inst_N = obj.get_Mov_inst(All_inst_L).ToArray(); //for display in LB_CTI foreach (Node tmp_N in Mov_inst_N) { String tmp_inst = ""; tmp_inst = tmp_inst + " " + tmp_N.name; if (tmp_N.operands != null) { foreach (String c in tmp_N.operands) { tmp_inst = tmp_inst + " " + c.ToString(); } } else tmp_inst = tmp_inst + " NULL "; //tmp_inst = tmp_inst+" " + tmp_N.type ; tmp_inst = tmp_inst + " " + tmp_N.addr; LB_CTI.Items.Add(tmp_inst.ToString());//add each instruction } //-----------------------------------END-------of fingding invalid MOV instr (reg assignment instruction) lab_ULess.Text = LB_CTI.Items.Count.ToString(); if (LB_CTI.Items.Count > 0) { pictureBox1.Visible = true; MessageBox.Show("Request blocked\nRequest Contains Malicious Instructions", "Sigfree Alert", MessageBoxButtons.OK,MessageBoxIcon.Exclamation ); } else { Process p = new Process(); try { p.StartInfo.FileName = "iexplore"; p.StartInfo.Arguments = textBox1.Text; p.Start(); } catch (Exception ex) { MessageBox.Show(ex.ToString()); } } TB_injectedURL.Text = textBox1.Text + inst_bytes.ToString (); }