Exemplo n.º 1
0
        ////////////////////////////
        /// Get the MD5 corresponding to a process that is communicating out and check against the
        /// downloaded EXEs
        //////////////////////

        public bool GetMD5FromPid(out String md5, uint pid)
        {
            md5 = String.Empty;
            try
            {
                if (pid == 0)
                {
                    return(false);
                }

                ProcessEnumerator pn       = new ProcessEnumerator();
                String            procpath = String.Empty;
                bool b1 = pn.ProcessPathFromPid(out procpath, pid);
                if (b1 == true)
                {
                    ProxyMD5 m5     = new ProxyMD5();
                    String   md5val = String.Empty;

                    bool b2 = m5.ComputeFileMD5(out md5val, procpath);
                    if (b2 == true && md5val != String.Empty)
                    {
                        md5 = md5val;
                        return(true);
                    }
                }
            }
            catch (Exception e)
            {
                return(false);
            }
            return(false);
        }
Exemplo n.º 2
0
        /// <summary>
        /// Pass MD5 / filesize and it will return matches
        /// </summary>

        public bool FindFileFromJournal(bool upload, uint size, String MD5, out List <string> matches)
        {
            matches = new List <string>();
            try
            {
                DriveInfo[] allDrives                  = DriveInfo.GetDrives();
                UsnJournal.NtfsUsnJournal nsf          = new UsnJournal.NtfsUsnJournal(allDrives[0]);
                UInt64 MaximumSize                     = 0x800000;
                UInt64 AllocationDelta                 = 0x100000;
                List <UsnJournal.Win32Api.UsnEntry> ue = new List <UsnJournal.Win32Api.UsnEntry>();

                if (jsint == false)
                {
                    if (nsf.GetUsnJournalState(ref jns) ==
                        UsnJournal.NtfsUsnJournal.UsnJournalReturnCode.USN_JOURNAL_SUCCESS)
                    {
                        jsint = true;
                    }
                }

                if (jsint == true)
                {
                    UInt32 reason = (uint)(upload == true ?
                                           UsnJournal.NtfsUsnJournal.UsnReasonCode.USN_REASON_BASIC_INFO_CHANGE :
                                           UsnJournal.NtfsUsnJournal.UsnReasonCode.USN_REASON_FILE_CREATE);
                    nsf.GetUsnJournalEntries(jns,
                                             (uint)reason, out ue,
                                             out jns);
                    foreach (UsnJournal.Win32Api.UsnEntry el in ue)
                    {
                        String path = String.Empty;
                        nsf.GetPathFromFileReference(el.FileReferenceNumber, out path);

                        ProxyMD5 m5     = new ProxyMD5();
                        String   md5val = String.Empty;

                        String pathtotal = allDrives[0].Name[0] + ":" + path;

                        bool b2 = m5.ComputeFileMD5(out md5val, pathtotal);
                        if (b2 == true && md5val != String.Empty)
                        {
                            Console.WriteLine(el.Name + " : " + md5val + " " + pathtotal);
                        }
                    }
                }
            }
            catch (Exception e)
            {
                return(false);
            }



            return(false);
        }
Exemplo n.º 3
0
        public bool CrossCheckMD5(string md5, UInt32 filesize, string filetype, out List <string> filepaths)
        {
            bool retval = false;
            ConcurrentDictionary <UInt64, FileInfo> fi;

            filepaths = new List <string>();
            try
            {
                mut.WaitOne();
                if (usnThread != null)
                {
                    usnThread.GetDictionary(out fi);
                    if (fi != null)
                    {
                        foreach (KeyValuePair <UInt64, FileInfo> ff in fi)
                        {
                            FileInfo ffval = ff.Value;
                            if (ffval.filesizelow == filesize) //only 32bit size is considered
                            {
                                ProxyMD5 md5v   = new ProxyMD5();
                                string   md5val = string.Empty;
                                if (md5v.ComputeFileMD5(out md5val, ffval.filepath) == true)
                                {
                                    if (md5val != null)
                                    {
                                        if (md5.Equals(md5val, StringComparison.CurrentCultureIgnoreCase))
                                        {
                                            filepaths.Add(ffval.filepath);
                                        }
                                    }
                                }
                            }
                        }
                        if (filepaths.Count > 0)
                        {
                            retval = true;
                        }
                    }
                }
            }
            catch (Exception ex)
            {
            }
            finally
            {
                mut.ReleaseMutex();
            }

            return(retval);
        }