Exemplo n.º 1
0
        public void Run(ref Report report, List <Dictionary <string, string> > list)
        {
            foreach (var directory in directories)
            {
                if (!Directory.Exists(directory))
                {
                    continue;
                }

                foreach (var file in SafeFileEnumerator.EnumerateFiles(directory, "*.exe", SearchOption.AllDirectories))
                {
                    if (file.Length > 248)
                    {
                        continue;
                    }

                    var fileDate = FileInspector.GetDate(file);

                    if ((fileDate - DateTime.Now).TotalDays > 14)
                    {
                        continue;
                    }

                    try
                    {
                        list.Add(new Dictionary <string, string>
                        {
                            { "token", "File" },
                            { "hash", "[" + FileInspector.GetHash(file) },
                            { "date", fileDate.ToString("MM-dd-yyyy") + "]" },
                            { "publisher", "(" + FileInspector.GetPublisher(file) + ")" },
                            { "path", file }
                        });
                    }
                    catch (IOException)
                    {
                        list.Add(new Dictionary <string, string>
                        {
                            { "token", "File" },
                            { "date", "[" + fileDate.ToString("MM-dd-yyyy") + "]" },
                            { "path", file }
                        });
                    }
                }
            }

            report.Add(list);
        }
Exemplo n.º 2
0
        public void Run(ref Report report, List <Dictionary <string, string> > list)
        {
            var processes = Process.GetProcesses();

            var sortedProcesses = processes.OrderBy(process => process.Id).ToList();

            foreach (var process in sortedProcesses)
            {
                if (process.Id == 0)
                {
                    continue;
                }

                string path;
                string publisher = "";
                bool   error     = false;

                try
                {
                    path      = process.MainModule.FileName;
                    publisher = FileInspector.GetPublisher(path);
                }
                catch (Win32Exception)
                {
                    continue;
                }
                catch (InvalidOperationException)
                {
                    path  = "";
                    error = true;
                }

                list.Add(new Dictionary <string, string>
                {
                    { "token", "Proc" },
                    { "publisher", !error ? "(" + publisher + ")" : "" },
                    { "path", !error ? path : "(could not get path)" },
                    { "pid", "[" + process.Id + "]" },
                });
            }

            report.Add(list);
        }