Mirrored_Repos/wabbajack
1
0
Fork 0
mirror of https://github.com/wabbajack-tools/wabbajack.git synced 2024-08-30 18:42:17 +00:00
Code Issues Packages Projects Releases Wiki Activity
fae922ef01
wabbajack/Wabbajack.Lib/VirusScanner.cs

79 lines
2.4 KiB
C#
Raw Normal View History

WIP
2020-07-15 03:04:31 +00:00
using System.IO;
Make Windows defender lookup dynamic
2020-07-15 22:41:49 +00:00
using System.Linq;
Add virus scanning support to Wabbajack and the server, scan all patched executable files
2020-07-15 04:20:56 +00:00
using System.Threading;
WIP
2020-07-15 03:04:31 +00:00
using System.Threading.Tasks;
Add virus scanning support to Wabbajack and the server, scan all patched executable files
2020-07-15 04:20:56 +00:00
using Org.BouncyCastle.Bcpg;
WIP
2020-07-15 03:04:31 +00:00
using Wabbajack.Common;
Add virus scanning support to Wabbajack and the server, scan all patched executable files
2020-07-15 04:20:56 +00:00
using Wabbajack.Common.FileSignatures;
WIP
2020-07-15 03:04:31 +00:00
namespace Wabbajack.Lib
{
/// <summary>
/// Wrapper around Windows Defender's commandline tool
/// </summary>
public class VirusScanner
{
public enum Result : int
{
NotMalware = 0,
Malware = 2
}
Make Windows defender lookup dynamic
2020-07-15 22:41:49 +00:00
private static AbsolutePath ScannerPath()
{
return ((AbsolutePath)@"C:\ProgramData\Microsoft\Windows Defender\Platform")
.EnumerateDirectories(recursive:false)
.OrderByDescending(f => f.FileName)
.First()
.EnumerateFiles(recursive:true)
.First(f => f.FileName == (RelativePath)"MpCmdRun.exe");
}
Add virus scanning support to Wabbajack and the server, scan all patched executable files
2020-07-15 04:20:56 +00:00
public static async Task<(Hash, Result)> ScanStream(Stream stream)
WIP
2020-07-15 03:04:31 +00:00
{
Add virus scanning support to Wabbajack and the server, scan all patched executable files
2020-07-15 04:20:56 +00:00
var ms = new MemoryStream();
await stream.CopyToAsync(ms);
ms.Position = 0;
var hash = await ms.xxHashAsync();
ms.Position = 0;
WIP
2020-07-15 03:04:31 +00:00
await using var file = new TempFile();
Add virus scanning support to Wabbajack and the server, scan all patched executable files
2020-07-15 04:20:56 +00:00
try
{
await file.Path.WriteAllAsync(ms);
}
catch (IOException ex)
{
// Was caught before we could fully scan the file due to real-time virus scans
if (ex.Message.ToLowerInvariant().Contains("malware"))
{
return (hash, Result.Malware);
}
}
WIP
2020-07-15 03:04:31 +00:00
Add virus scanning support to Wabbajack and the server, scan all patched executable files
2020-07-15 04:20:56 +00:00
var process = new ProcessHelper
WIP
2020-07-15 03:04:31 +00:00
{
Make Windows defender lookup dynamic
2020-07-15 22:41:49 +00:00
Path = ScannerPath(),
WIP
2020-07-15 03:04:31 +00:00
Arguments = new object[] {"-Scan", "-ScanType", "3", "-DisableRemediation", "-File", file.Path},
};
Add virus scanning support to Wabbajack and the server, scan all patched executable files
2020-07-15 04:20:56 +00:00
return (hash, (Result)await process.Start());
WIP
2020-07-15 03:04:31 +00:00
}
Add virus scanning support to Wabbajack and the server, scan all patched executable files
2020-07-15 04:20:56 +00:00
private static SignatureChecker ExecutableChecker = new SignatureChecker(Definitions.FileType.DLL,
Definitions.FileType.EXE,
Definitions.FileType.PIF,
Definitions.FileType.QXD,
Definitions.FileType.QTX,
Definitions.FileType.DRV,
Definitions.FileType.SYS,
Definitions.FileType.COM);
public static async Task<bool> ShouldScan(AbsolutePath path)
WIP
2020-07-15 03:04:31 +00:00
{
Add virus scanning support to Wabbajack and the server, scan all patched executable files
2020-07-15 04:20:56 +00:00
return await ExecutableChecker.MatchesAsync(path) != null;
WIP
2020-07-15 03:04:31 +00:00
}
}
}
Reference in New Issue Copy Permalink