public AnalysisResult(AnalyseResultType type, string text, IDetectionResultItem match)
: this()
{
Result = type;
Text = text;
Match = match;
}
/*
* Private Sub ProcessRuleIniFile(ByVal sRule$)
* Dim vRule As Variant, iMode%, sValue$, sHit$
* On Error GoTo Error:
* 'IniFile rule syntax:
* '[inifile],[section],[value],[default data],[infected data]
* '* [inifile] = "" -> abort
* ' * [section] = "" -> abort
* ' * [value] = "" -> abort
* ' * [default data] = "" -> delete if found
* ' * [infected data]= "" -> fix if infected
*
* 'decrypt rule
* 'sRule = Crypt(sRule, sProgramVersion)
*
* If Right(sRule, 1) = Chr(0) Then sRule = Left(sRule, Len(sRule) - 1)
* vRule = Split(sRule, ",")
* If UBound(vRule) <> 4 Or _
* InStr(CStr(vRule(0)), ".ini") = 0 Then
* 'spelling error or decrypting error
* Exit Sub
* End If
* If CStr(vRule(0)) = "" Then Exit Sub
* If CStr(vRule(1)) = "" Then Exit Sub
* If CStr(vRule(2)) = "" Then Exit Sub
* If CStr(vRule(4)) = "" Then iMode = 0
* If CStr(vRule(3)) = "" Then iMode = 1
*
* If InStr(CStr(vRule(3)), "UserInit") > 0 Then vRule(3) = CStr(vRule(3)) & ","
*
* If Left(CStr(vRule(0)), 3) = "REG" Then
* If Not bIsWinNT Then Exit Sub
*
* If CStr(vRule(4)) = "" Then iMode = 2
* If CStr(vRule(3)) = "" Then iMode = 3
* End If
*
* 'iMode:
* ' 0 = check if value is infected
* ' 1 = check if value is present
* ' 2 = check if value is infected, in the Registry
* ' 3 = check if value is present, in the Registry
*
* Select Case iMode
* Case 0
* 'sValue = String(255, " ")
* 'GetPrivateProfileString CStr(vRule(1)), CStr(vRule(2)), "", sValue, 255, CStr(vRule(0))
* 'sValue = RTrim(sValue)
* sValue = IniGetString(CStr(vRule(0)), CStr(vRule(1)), CStr(vRule(2)))
* If Right(sValue, 1) = Chr(0) Then sValue = Left(sValue, Len(sValue) - 1)
* 'If RightB(sValue, 2) = Chr(0) Then sValue = LeftB(sValue, LenB(sValue) - 2)
* If Trim(LCase(sValue)) <> LCase(CStr(vRule(3))) Then
* If bIsWinNT And Trim(LCase(sValue)) <> vbNullString Then
* sHit = "F0 - " & CStr(vRule(0)) & ": " & CStr(vRule(2)) & "=" & sValue
* If IsOnIgnoreList(sHit) Then Exit Sub
* If bMD5 Then sHit = sHit & GetFileFromAutostart(sValue)
* frmMain.lstResults.AddItem sHit
* End If
* End If
* Case 1
* 'sValue = String(255, " ")
* 'GetPrivateProfileString CStr(vRule(1)), CStr(vRule(2)), "", sValue, 255, CStr(vRule(0))
* 'sValue = RTrim(sValue)
* sValue = IniGetString(CStr(vRule(0)), CStr(vRule(1)), CStr(vRule(2)))
* If Right(sValue, 1) = Chr(0) Then sValue = Left(sValue, Len(sValue) - 1)
* 'If RightB(sValue, 2) = Chr(0) Then sValue = LeftB(sValue, LenB(sValue) - 2)
* If Trim(sValue) <> vbNullString Then
* sHit = "F1 - " & CStr(vRule(0)) & ": " & CStr(vRule(2)) & "=" & sValue
* If IsOnIgnoreList(sHit) Then Exit Sub
* If bMD5 Then sHit = sHit & GetFileFromAutostart(sValue)
* frmMain.lstResults.AddItem sHit
* End If
* Case 2
* 'so far F2 is only reg:Shell and reg:UserInit
* sValue = RegGetString(HKEY_LOCAL_MACHINE, "Software\Microsoft\Windows NT\CurrentVersion\WinLogon", CStr(vRule(2)))
* If LCase(sValue) <> LCase(CStr(vRule(3))) Then
* sHit = "F2 - " & CStr(vRule(0)) & ": " & CStr(vRule(2)) & "=" & sValue
* If IsOnIgnoreList(sHit) Then Exit Sub
* If bMD5 Then sHit = sHit & GetFileFromAutostart(sValue)
* frmMain.lstResults.AddItem sHit
* End If
* Case 3
* 'this is not really smart when more INIFile items get
* 'added, but so far F3 is only reg:load and reg:run
* sValue = RegGetString(HKEY_CURRENT_USER, "Software\Microsoft\Windows NT\CurrentVersion\Windows", CStr(vRule(2)))
* If sValue <> vbNullString Then
* sHit = "F3 - " & CStr(vRule(0)) & ": " & CStr(vRule(2)) & "=" & sValue
* If IsOnIgnoreList(sHit) Then Exit Sub
* If bMD5 Then sHit = sHit & GetFileFromAutostart(sValue)
* frmMain.lstResults.AddItem sHit
* End If
* End Select
* Exit Sub
*
* Error:
* ErrorMsg "modMain_ProcessRuleIniFile", Err.Number, Err.Description, "sRule=" & sRule
* End Sub
*/
#endregion
private BetterListViewGroup GetGroup(BetterListView listView, IDetectionResultItem resultItem)
{
var result = listView.Groups.FirstOrDefault(f => f.Name.Equals(resultItem.ResultType.ToString()));
if (result == null && resultItem.ResultType == ScanResultType.CustomAddIn && resultItem is ICustomAddInSection)
{
var customSection = (ICustomAddInSection)resultItem;
result = listView.Groups.FirstOrDefault(f => f.Name.Equals(customSection.CustomAddInSection.Id));
if (result == null)
{
result = new BetterListViewGroup(customSection.CustomAddInSection.Id,
string.Format("{0} - {1}", customSection.CustomAddInSection.Id, customSection.CustomAddInSection.Text));
betterListView1.Groups.Add(result);
}
}
return(result);
}
