static void Main(string[] args) { // Get Version Version DllVersion = YSInstance.GetVersion(); // All API calls happens here YSInstance instance = new YSInstance(); // Get list of YARA rules List <string> ruleFilenames = Directory.GetFiles(@"D:\Test\yara", "*.yar", SearchOption.AllDirectories).ToList(); // Declare external variables (could be null) Dictionary <string, object> externals = new Dictionary <string, object>() { { "filename", string.Empty }, { "filepath", string.Empty }, { "extension", string.Empty } }; // Context is where yara is initialized // From yr_initialize() to yr_finalize() using (YSContext context = new YSContext()) { // Compiling rules using (YSCompiler compiler = instance.CompileFromFiles(ruleFilenames, externals)) { // Get compiled rules YSRules rules = compiler.GetRules(); // Get errors YSReport errors = compiler.GetErrors(); // Get warnings YSReport warnings = compiler.GetWarnings(); // Some file to test yara rules string Filename = @""; // Get matches List <YSMatches> Matches = instance.ScanFile(Filename, rules, new Dictionary <string, object>() { { "filename", Alphaleonis.Win32.Filesystem.Path.GetFileName(Filename) }, { "filepath", Alphaleonis.Win32.Filesystem.Path.GetFullPath(Filename) }, { "extension", Alphaleonis.Win32.Filesystem.Path.GetExtension(Filename) } }, 0); // Iterate over matches foreach (YSMatches Match in Matches) { //... } } // Log errors } }
public static void Init() { Connector.Logger.WriteLine("[YaraIntegration.Init] Start"); Instance = new YSInstance(); Dictionary <string, object> externals = new Dictionary <string, object>() { { "filename", string.Empty }, { "filepath", string.Empty }, { "extension", string.Empty } }; Connector.Logger.WriteLine("[YaraIntegration.Init] Загрука YARA правил"); List <string> ruleFilenames = Directory.GetFiles(MODULE__SCAN.Configuration.YaraRulesDir, "*.yar", MODULE__SCAN.Configuration.YaraRulesSearchOption).ToList(); Connector.Logger.WriteLine($"[YaraIntegration.Init] Загружено {ruleFilenames.Count} файлов "); Context = new YSContext(); Compiler = Instance.CompileFromFiles(ruleFilenames, externals); Rules = Compiler.GetRules(); Errors = Compiler.GetErrors(); Warnings = Compiler.GetWarnings(); var ErrDump = Errors.Dump(); var WrnDump = Warnings.Dump(); foreach (var key in ErrDump) { Connector.Logger.WriteLine($"[YaraIntegration.Init] Error!"); } foreach (var key in WrnDump) { Connector.Logger.WriteLine($"[YaraIntegration.Init] Warning!"); } Connector.Logger.WriteLine($"[YaraIntegration.Init] Загрузка завершена"); }
public static YSScanner CompileRules(List <string> yaraRuleFiles, Action <string> loggingFunction) { YSRules result = null; using (YSCompiler compiler = _yaraInstance.CompileFromFiles(yaraRuleFiles, null)) { string yaraWarnings = string.Empty; string yaraErrors = string.Empty; YSReport warnings = compiler.GetWarnings(); if (!warnings.IsEmpty()) { yaraWarnings = string.Join(Environment.NewLine, warnings.Dump().Select(kvp => $"{kvp.Key}:" + Environment.NewLine + string.Join(Environment.NewLine + "\t", kvp.Value))); } if (!string.IsNullOrWhiteSpace(yaraWarnings)) { loggingFunction.Invoke("YARA reported warnings."); loggingFunction.Invoke(yaraWarnings); loggingFunction.Invoke(""); } YSReport errors = compiler.GetErrors(); if (!errors.IsEmpty()) { yaraErrors = string.Join(Environment.NewLine, errors.Dump().Select(kvp => $"{kvp.Key}:" + Environment.NewLine + string.Join(Environment.NewLine + "\t", kvp.Value))); yaraErrors += Environment.NewLine; } if (!string.IsNullOrWhiteSpace(yaraErrors)) { throw new Exception("YARA reported errors compiling rules:" + Environment.NewLine + yaraErrors); } result = compiler.GetRules(); } return(new YSScanner(result, null)); }
public void CheckWarningsStillScan() { string inputFileBase = "CheckWarningStillScans"; string yaraRuleFile = Path.Combine(TestDataDirectory, $"{inputFileBase}.yar"); string yaraInputFile = Path.Combine(TestDataDirectory, $"{inputFileBase}.txt"); YSInstance yaraInstance = new YSInstance(); using (YSContext context = new YSContext()) { using (YSCompiler compiler = new YSCompiler(null)) { compiler.AddFile(yaraRuleFile); YSReport compilerErrors = compiler.GetErrors(); YSReport compilerWarnings = compiler.GetWarnings(); YSScanner scanner = new YSScanner(compiler.GetRules(), null); Assert.IsTrue(scanner.ScanFile(yaraInputFile).Any(r => r.Rule.Identifier == "WarningRule")); } } }
private void InitializeYara() { var externals = new Dictionary <string, object>() { { "filename", string.Empty }, { "filepath", string.Empty }, { "extension", string.Empty } }; var ruleFilenames = System.IO.Directory.GetFiles(Path.Combine(AppContext.BaseDirectory, "rules"), "*.yara").ToList(); using (YSContext context = new YSContext()) { using (YSCompiler compiler = ysInstance.CompileFromFiles(ruleFilenames, externals)) { YSRules rules = compiler.GetRules(); YSReport errors = compiler.GetErrors(); YSReport warnings = compiler.GetWarnings(); } } }
private void OnExecute() { // Print custom help if (Help) { SilkUtility.PrintHelp(); return; } // Print trivia if (Trivia) { SilkUtility.PrintTrivia(); return; } // What type of collector are we creating? if (CollectorType == CollectorType.None) { SilkUtility.ReturnStatusMessage("[!] Select valid collector type (-t|--type)", ConsoleColor.Red); return; } else if (CollectorType == CollectorType.Kernel) { if (KernelKeywords == KernelKeywords.None) { SilkUtility.ReturnStatusMessage("[!] Select valid Kernel keyword (-kk|--kernelkeyword)", ConsoleColor.Red); return; } } else if (CollectorType == CollectorType.User) { if (String.IsNullOrEmpty(ProviderName)) { SilkUtility.ReturnStatusMessage("[!] Specify valid provider name (-pn|--providername)", ConsoleColor.Red); return; } // Check and convert UserKeywords to ulong if (String.IsNullOrEmpty(UserKeywords)) { SilkUtility.ReturnStatusMessage("[!] Specify valid keywords mask (-uk|--userkeyword)", ConsoleColor.Red); return; } else { try { if (UserKeywords.StartsWith("0x")) { SilkUtility.UlongUserKeywords = Convert.ToUInt64(UserKeywords, 16); } else { SilkUtility.UlongUserKeywords = Convert.ToUInt64(UserKeywords); } } catch { SilkUtility.ReturnStatusMessage("[!] Specify valid keywords mask (-uk|--userkeyword)", ConsoleColor.Red); return; } } } // Validate output parameters if (OutputType == OutputType.None) { SilkUtility.ReturnStatusMessage("[!] Select valid output type (-ot|--outputtype)", ConsoleColor.Red); return; } else { if (OutputType == OutputType.file) { if (String.IsNullOrEmpty(Path)) { SilkUtility.ReturnStatusMessage("[!] Specify valid output file (-p|--path)", ConsoleColor.Red); return; } else { try { FileAttributes CheckAttrib = File.GetAttributes(Path); if (CheckAttrib.HasFlag(FileAttributes.Directory)) { SilkUtility.ReturnStatusMessage("[!] Specify an output filepath not a directory (-p|--path)", ConsoleColor.Red); return; } } catch { } if (!(Directory.Exists(System.IO.Path.GetDirectoryName(Path)))) { SilkUtility.ReturnStatusMessage("[!] Invalid path specified (-p|--path)", ConsoleColor.Red); return; } else { if (!(SilkUtility.DirectoryHasPermission(System.IO.Path.GetDirectoryName(Path), System.Security.AccessControl.FileSystemRights.Write))) { SilkUtility.ReturnStatusMessage("[!] No write access to output path (-p|--path)", ConsoleColor.Red); return; } } } } else { if (String.IsNullOrEmpty(Path)) { SilkUtility.ReturnStatusMessage("[!] Specify valid URL (-p|--path)", ConsoleColor.Red); return; } else { Uri uriResult; bool UrlResult = Uri.TryCreate(Path, UriKind.Absolute, out uriResult) && (uriResult.Scheme == Uri.UriSchemeHttp || uriResult.Scheme == Uri.UriSchemeHttps); if (!UrlResult) { SilkUtility.ReturnStatusMessage("[!] Invalid URL specified (-p|--path)", ConsoleColor.Red); return; } } } } // Validate filter options // None, EventName, ProcessID, ProcessName, Opcode if (FilterOption != FilterOption.None) { if (String.IsNullOrEmpty(FilterValue)) { SilkUtility.ReturnStatusMessage("[!] Specify a valid filter value (-fv|--filtervalue) in conjunction with -f", ConsoleColor.Red); return; } if (FilterOption == FilterOption.ProcessID) { try { SilkUtility.FilterValueObject = Convert.ToUInt32(FilterValue); } catch { SilkUtility.ReturnStatusMessage("[!] Specify a valid ProcessID", ConsoleColor.Red); return; } } else if (FilterOption == FilterOption.Opcode) { try { SilkUtility.FilterValueObject = byte.Parse(FilterValue); if ((byte)SilkUtility.FilterValueObject > 9) { SilkUtility.ReturnStatusMessage("[!] Opcode outside valid range (0-9)", ConsoleColor.Red); return; } } catch { SilkUtility.ReturnStatusMessage("[!] Specify a valid Opcode", ConsoleColor.Red); return; } } else { SilkUtility.FilterValueObject = FilterValue; } } // Validate Yara folder path if (YaraScan != String.Empty) { try { FileAttributes CheckAttrib = File.GetAttributes(YaraScan); if (!(CheckAttrib.HasFlag(FileAttributes.Directory))) { SilkUtility.ReturnStatusMessage("[!] Specified path is not a folder (-y|--yara)", ConsoleColor.Red); return; } else { List <string> YaraRuleCollection = Directory.GetFiles(YaraScan, "*.yar", SearchOption.AllDirectories).ToList(); if (YaraRuleCollection.Count == 0) { SilkUtility.ReturnStatusMessage("[!] Yara folder path does not contain any *.yar files (-y|--yara)", ConsoleColor.Red); return; } else { // We already initialize yara for performace, // new rules can not be added at runtime. SilkUtility.YaraInstance = new YSInstance(); SilkUtility.YaraContext = new YSContext(); SilkUtility.YaraCompiler = SilkUtility.YaraInstance.CompileFromFiles(YaraRuleCollection, null); SilkUtility.YaraRules = SilkUtility.YaraCompiler.GetRules(); YSReport YaraReport = SilkUtility.YaraCompiler.GetErrors(); if (!(YaraReport.IsEmpty())) { SilkUtility.ReturnStatusMessage("[!] The following yara errors were detected (-y|--yara)", ConsoleColor.Red); Dictionary <string, List <string> > Errors = YaraReport.Dump(); foreach (KeyValuePair <string, List <string> > Error in Errors) { SilkUtility.ReturnStatusMessage("==> " + Error.Key, ConsoleColor.Yellow); foreach (String ErrorMsg in Error.Value) { SilkUtility.ReturnStatusMessage(" + " + ErrorMsg, ConsoleColor.Yellow); } } return; } } } } catch { SilkUtility.ReturnStatusMessage("[!] Specify a valid yara rule folder path (-y|--yara)", ConsoleColor.Red); return; } if (YaraOptions == YaraOptions.None) { SilkUtility.ReturnStatusMessage("[!] Specify a valid yara option (-yo|--yaraoptions)", ConsoleColor.Red); return; } } // We passed all collector parameter checks SilkUtility.ReturnStatusMessage("[+] Collector parameter validation success..", ConsoleColor.Green); // Launch the collector if (CollectorType == CollectorType.Kernel) { ETWCollector.StartTrace(CollectorType, (ulong)KernelKeywords, OutputType, Path, FilterOption, SilkUtility.FilterValueObject, YaraScan, YaraOptions); } else { ETWCollector.StartTrace(CollectorType, SilkUtility.UlongUserKeywords, OutputType, Path, FilterOption, SilkUtility.FilterValueObject, YaraScan, YaraOptions, ProviderName, UserTraceEventLevel); } }
// Spin up collector threads public static Boolean ValidateCollectorParameters(List <CollectorParameters> Collectors) { // Loop collector configs for (int i = 0; i < Collectors.Count; i++) { // Assign list instance to variable CollectorParameters Collector = Collectors[i]; // What type of collector are we creating? if (Collector.CollectorType == CollectorType.None) { SilkUtility.WriteCollectorGuidMessageToServiceTextLog(Collector.CollectorGUID, "Invalid CollectorType specified", true); return(false); } else if (Collector.CollectorType == CollectorType.Kernel) { if (Collector.KernelKeywords == KernelKeywords.None) { SilkUtility.WriteCollectorGuidMessageToServiceTextLog(Collector.CollectorGUID, "Invalid KernelKeywords specified", true); return(false); } } else if (Collector.CollectorType == CollectorType.User) { if (String.IsNullOrEmpty(Collector.ProviderName)) { SilkUtility.WriteCollectorGuidMessageToServiceTextLog(Collector.CollectorGUID, "Invalid ProviderName specified", true); return(false); } // Check and convert UserKeywords to ulong if (String.IsNullOrEmpty((String)Collector.UserKeywords)) { SilkUtility.WriteCollectorGuidMessageToServiceTextLog(Collector.CollectorGUID, "Invalid UserKeywords specified", true); return(false); } else { try { if (((String)Collector.UserKeywords).StartsWith("0x")) { Collector.UserKeywords = Convert.ToUInt64((String)Collector.UserKeywords, 16); } else { Collector.UserKeywords = Convert.ToUInt64((String)Collector.UserKeywords); } } catch { SilkUtility.WriteCollectorGuidMessageToServiceTextLog(Collector.CollectorGUID, "Invalid UserKeywords mask specified", true); return(false); } } } // Validate output parameters if (Collector.OutputType == OutputType.None) { SilkUtility.WriteCollectorGuidMessageToServiceTextLog(Collector.CollectorGUID, "Invalid OutputType specified", true); return(false); } else { if (Collector.OutputType == OutputType.file) { if (String.IsNullOrEmpty(Collector.Path)) { SilkUtility.WriteCollectorGuidMessageToServiceTextLog(Collector.CollectorGUID, "Invalid output path specified", true); return(false); } else { try { FileAttributes CheckAttrib = File.GetAttributes(Collector.Path); if (CheckAttrib.HasFlag(FileAttributes.Directory)) { SilkUtility.WriteCollectorGuidMessageToServiceTextLog(Collector.CollectorGUID, "Output path is a directory, not a file", true); return(false); } } catch { } if (!(Directory.Exists(System.IO.Path.GetDirectoryName(Collector.Path)))) { SilkUtility.WriteCollectorGuidMessageToServiceTextLog(Collector.CollectorGUID, "Output path does not exist", true); return(false); } else { if (!(SilkUtility.DirectoryHasPermission(System.IO.Path.GetDirectoryName(Collector.Path), System.Security.AccessControl.FileSystemRights.Write))) { SilkUtility.WriteCollectorGuidMessageToServiceTextLog(Collector.CollectorGUID, "No write access to output path", true); return(false); } } } } else if (Collector.OutputType == OutputType.url) { if (String.IsNullOrEmpty(Collector.Path)) { SilkUtility.WriteCollectorGuidMessageToServiceTextLog(Collector.CollectorGUID, "No URL specified", true); return(false); } else { Uri uriResult; bool UrlResult = Uri.TryCreate(Collector.Path, UriKind.Absolute, out uriResult) && (uriResult.Scheme == Uri.UriSchemeHttp || uriResult.Scheme == Uri.UriSchemeHttps); if (!UrlResult) { SilkUtility.WriteCollectorGuidMessageToServiceTextLog(Collector.CollectorGUID, "Invalid URL specified", true); return(false); } } } else if (Collector.OutputType == OutputType.eventlog) { Collector.Path = "SilkService-Log"; } } // Validate filter options // None, EventName, ProcessID, ProcessName, Opcode if (Collector.FilterOption != FilterOption.None) { if (String.IsNullOrEmpty((String)Collector.FilterValue)) { SilkUtility.WriteCollectorGuidMessageToServiceTextLog(Collector.CollectorGUID, "Invalid FilterValue specified", true); return(false); } if (Collector.FilterOption == FilterOption.ProcessID) { try { Collector.FilterValue = Convert.ToUInt32((String)Collector.FilterValue); } catch { SilkUtility.WriteCollectorGuidMessageToServiceTextLog(Collector.CollectorGUID, "Invalid ProcessID specified", true); return(false); } } if (Collector.FilterOption == FilterOption.Opcode) { try { Collector.FilterValue = byte.Parse((String)Collector.FilterValue); if ((byte)Collector.FilterValue > 9) { SilkUtility.WriteCollectorGuidMessageToServiceTextLog(Collector.CollectorGUID, "Opcode outside valid range (0-9)", true); return(false); } } catch { SilkUtility.WriteCollectorGuidMessageToServiceTextLog(Collector.CollectorGUID, "Invalid Opcode specified", true); return(false); } } else { Collector.FilterValue = (String)Collector.FilterValue; } } // Validate Yara folder path if (Collector.YaraScan != String.Empty) { try { FileAttributes CheckAttrib = File.GetAttributes(Collector.YaraScan); if (!(CheckAttrib.HasFlag(FileAttributes.Directory))) { SilkUtility.WriteCollectorGuidMessageToServiceTextLog(Collector.CollectorGUID, "YaraScan path is not a directory", true); return(false); } else { List <string> YaraRuleCollection = Directory.GetFiles(Collector.YaraScan, "*.yar", SearchOption.AllDirectories).ToList(); if (YaraRuleCollection.Count == 0) { SilkUtility.WriteCollectorGuidMessageToServiceTextLog(Collector.CollectorGUID, "YaraScan directory does not conatin any *.yar files", true); return(false); } else { // We already initialize yara for performace, // new rules can not be added at runtime. Collector.YaraInstance = new YSInstance(); Collector.YaraContext = new YSContext(); Collector.YaraCompiler = Collector.YaraInstance.CompileFromFiles(YaraRuleCollection, null); Collector.YaraRules = Collector.YaraCompiler.GetRules(); YSReport YaraReport = Collector.YaraCompiler.GetErrors(); if (!(YaraReport.IsEmpty())) { SilkUtility.WriteCollectorGuidMessageToServiceTextLog(Collector.CollectorGUID, "The following yara errors were detected", true); Dictionary <string, List <string> > Errors = YaraReport.Dump(); foreach (KeyValuePair <string, List <string> > Error in Errors) { SilkUtility.WriteToServiceTextLog("==> " + Error.Key); foreach (String ErrorMsg in Error.Value) { SilkUtility.WriteToServiceTextLog(" + " + ErrorMsg); } } return(false); } } } } catch { SilkUtility.WriteCollectorGuidMessageToServiceTextLog(Collector.CollectorGUID, "Invalid YaraScan folder path", true); return(false); } if (Collector.YaraOptions == YaraOptions.None) { SilkUtility.WriteCollectorGuidMessageToServiceTextLog(Collector.CollectorGUID, "Invalid YaraOptions specified", true); return(false); } } // Overwrite list entry Collectors[i] = Collector; // We passed all collector parameter checks SilkUtility.WriteCollectorGuidMessageToServiceTextLog(Collector.CollectorGUID, "Parameter validation success", false); } // Validation complete return(true); }
/// <summary> /// Forward user to form where he can check if his file is malicious. /// </summary> /// /// <param name="sender"></param> /// <param name="e"></param> private void IsThisMaliciousSign_MouseClick(object sender, MouseEventArgs e) { // TODO: only for clamp database. // Get path to \Downloads folder. string downloadsPath = KnownFolders.Downloads.Path; DialogResult result = this.chooseFileToDetermineIfMaliciousDialog.ShowDialog(); // Show the dialog. if (result == DialogResult.OK) // Test result. { string file = this.chooseFileToDetermineIfMaliciousDialog.FileName; string script = "../../../../[PYTHON]/extractFeatures.py"; #region handle non-english charachters in path // Move script to \Downloads. File.Copy(Path.GetFullPath(script).Replace("/", @"\\"), downloadsPath + @"\\" + Path.GetFileName(script), true); // Move file to \Downloads. File.Copy(file, downloadsPath + @"\\" + Path.GetFileName(file), true); var targetDirPath = new DirectoryInfo(downloadsPath + @"\\Python"); var sourceDirPath = new DirectoryInfo(Path.GetFullPath("../../../../[PYTHON]/Python/")); CopyAll(targetDirPath, sourceDirPath); script = downloadsPath + @"\\" + Path.GetFileName(script); string outputFile = (downloadsPath + @"\" + Path.GetFileName(file) + rand.Next(10000).ToString() + "_clamp_features.csv").ToString(); #endregion #region extract features with python script try { // Create process info. var psi = new ProcessStartInfo(); // Location to python. psi.FileName = Path.GetFullPath(@"../../../../[PYTHON]/Python/python.exe").ToString(); // Provide script and arguments. psi.Arguments = string.Format("{0} {1} {2}", script, downloadsPath + @"\\" + Path.GetFileName(file), outputFile); // Process configuration. psi.UseShellExecute = false; psi.CreateNoWindow = true; psi.RedirectStandardOutput = true; psi.RedirectStandardError = true; // Execute process and get output. var errors = ""; var results = ""; // Execute script. using (var process = Process.Start(psi)) { errors = process.StandardError.ReadToEnd(); results = process.StandardOutput.ReadToEnd(); } if (errors != "") { throw new Exception("[IsThisMaliciousSign_MouseClick]\r\n" + errors); } } catch (IOException) { throw new Exception("[UploadSign_MouseClick] Coudn't process the file."); } #endregion int packed = 0; string packer = "NoPacker"; #region find out packer and packer type using YaraSharp // All API calls happens here. YSInstance instance = new YSInstance(); // Declare external variables (could be null). Dictionary <string, object> externals = new Dictionary <string, object>() { { "filename", string.Empty }, { "filepath", string.Empty }, { "extension", string.Empty } }; // Get list of YARA rules. List <string> rulesFile = new List <string>(); // Download rules (peid.yara) to users computer since YaraSharp can't read non-english charachters in file path. WebClient Client = new WebClient(); Client.DownloadFile(new Uri("https://raw.githubusercontent.com/urwithajit9/ClaMP/master/scripts/peid.yara"), downloadsPath + @"\peid.yara"); rulesFile.Add(Path.GetFullPath(downloadsPath + @"\peid.yara").ToString()); // Context is where yara is initialized. // From yr_initialize() to yr_finalize(). using (YSContext context = new YSContext()) { // Compiling rules. using (YSCompiler compiler = instance.CompileFromFiles(rulesFile, externals)) { // Get compiled rules. YSRules rules = compiler.GetRules(); // Get errors. YSReport errors = compiler.GetErrors(); // Get warnings. YSReport warnings = compiler.GetWarnings(); // Some file to test yara rules. string Filename = file; // Get matches. List <YSMatches> Matches = instance.ScanFile(Filename, rules, new Dictionary <string, object>() { { "filename", Path.GetFileName(Filename) }, { "filepath", Path.GetFullPath(Filename) }, { "extension", Path.GetExtension(Filename) } }, 0); // Get packer name if packed. if (Matches.Count > 0) { packed = 1; packer = Matches[0].Rule.Identifier; } } } #endregion #region determine if file is malicious using best model so far DataTable fileFeatures = new DataTable(); #region csv to datatable using (StreamReader sr = new StreamReader(outputFile)) { string[] headers = sr.ReadLine().Split(','); foreach (string header in headers) { fileFeatures.Columns.Add(header); } while (!sr.EndOfStream) { string[] rows = sr.ReadLine().Split(','); if (rows[0] == "") { continue; } DataRow dr = fileFeatures.NewRow(); for (int i = 0; i < headers.Length; i++) { if (headers[i] == "packer") { dr[i] = packed; continue; } if (headers[i] == "packer_type") { dr[i] = packer; continue; } dr[i] = rows[i]; } fileFeatures.Rows.Add(dr); } } #endregion double evaluation = this.detection.model.symbolicTree.Evaluate(fileFeatures.Rows[0]); if (evaluation >= 0) { string mnok = "Your file is malicious!"; CustomDialogBox dialog = new CustomDialogBox("Malicious", mnok, global::antico.Properties.Resources.nok_shield, MessageBoxButtons.OK); dialog.ShowDialog(); } else { string mok = "Your file is benign!"; CustomDialogBox dialog = new CustomDialogBox("Benign", mok, global::antico.Properties.Resources.ok_shield, MessageBoxButtons.OK); dialog.ShowDialog(); } #endregion #region handle non-english charachters in path // Delete and move files at the end. if (File.Exists(downloadsPath + @"\\" + Path.GetFileName(script))) { // Delete script from \Downloads directory. File.Delete(downloadsPath + @"\\" + Path.GetFileName(script)); } if (File.Exists(outputFile)) { // Move file to its true destination. File.Move(outputFile, @"..\\..\\..\\..\\[PYTHON]\\ExtractedFeatures\\" + Path.GetFileName(outputFile)); } if (File.Exists(downloadsPath + @"\\" + Path.GetFileName(file))) { File.Delete(downloadsPath + @"\\" + Path.GetFileName(file)); } if (Directory.Exists(downloadsPath + @"\\Python")) { Directory.Delete(downloadsPath + @"\\Python", true); } #endregion // Delete downloaded peid.yara file. if (File.Exists(downloadsPath + @"\peid.yara")) { File.Delete(downloadsPath + @"\peid.yara"); } } }