Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- using System;
- using System.Collections.Generic;
- using System.Linq;
- using System.Text;
- using System.Threading.Tasks;
- using System.IO;
- using System.Runtime.InteropServices;
- using System.Security.Permissions;
- //create 2 folders
- //transfer data placed in one to the other after checking
- //virus status
- //check inca connection
- //check power connection
- //antivirus scan
- //create source folder
- //check drive capacity
- namespace Updates
- {
- class Program
- {
- [DllImport("Amsi.dll", EntryPoint = "AmsiInitialize", CallingConvention = CallingConvention.StdCall)]
- public static extern int AmsiInitialize([MarshalAs(UnmanagedType.LPWStr)]string appName, out IntPtr amsiContext);
- [DllImport("Amsi.dll", EntryPoint = "AmsiUninitialize", CallingConvention = CallingConvention.StdCall)]
- public static extern void AmsiUninitialize(IntPtr amsiContext);
- [DllImport("Amsi.dll", EntryPoint = "AmsiOpenSession", CallingConvention = CallingConvention.StdCall)]
- public static extern int AmsiOpenSession(IntPtr amsiContext, out IntPtr session);
- [DllImport("Amsi.dll", EntryPoint = "AmsiCloseSession", CallingConvention = CallingConvention.StdCall)]
- public static extern void AmsiCloseSession(IntPtr amsiContext, IntPtr session);
- [DllImport("Amsi.dll", EntryPoint = "AmsiScanString", CallingConvention = CallingConvention.StdCall)]
- public static extern int AmsiScanString(IntPtr amsiContext, [InAttribute()] [MarshalAsAttribute(UnmanagedType.LPWStr)]string @string, [InAttribute()] [MarshalAsAttribute(UnmanagedType.LPWStr)]string contentName, IntPtr session, out AMSI_RESULT result);
- [DllImport("Amsi.dll", EntryPoint = "AmsiScanBuffer", CallingConvention = CallingConvention.StdCall)]
- public static extern int AmsiScanBuffer(IntPtr amsiContext, byte[] buffer, ulong length, string contentName, IntPtr session, out AMSI_RESULT result);
- //This method apparently exists on MSDN but not in AMSI.dll (version 4.9.10586.0)
- [DllImport("Amsi.dll", CharSet = CharSet.Unicode, CallingConvention = CallingConvention.StdCall)]
- public static extern bool AmsiResultIsMalware(AMSI_RESULT result);
- static void Main(string[] args)
- {
- PaintCar(CarColor.blue);
- bool xxx;
- string sourcePath = @"D:\TestSource";
- string destinationPath = @"D:\TestDestination";
- Find:
- string[] move = Directory.GetFiles(sourcePath, "*.*", SearchOption.AllDirectories);
- if (move.Length != 0)
- {
- xxx = true;
- foreach (string file in move)
- {
- //check file size
- //check drive capacity
- string a = Path.GetFullPath(file);
- string files = Path.GetFileName(file);
- string fileContent = File.ReadAllText(file);
- CallAntimalwareScanInterface(fileContent, files);
- string dstfile = Path.Combine(destinationPath, files);
- if (File.Exists(dstfile))
- {
- dstfile = dstfile + "copy";
- File.Move(a, dstfile);
- //File.Delete(e.FullPath); // For example
- }
- else
- {
- File.Move(a, dstfile);
- }
- Console.WriteLine("{a} is in directory {file}");
- }
- }
- else
- {
- xxx = false;
- Console.WriteLine("Empty");
- System.Threading.Thread.Sleep(20000);
- }
- goto Find;
- }
- static void CallAntimalwareScanInterface(string fileContent, string fileName)
- {
- IntPtr amsiContext;
- IntPtr session;
- AMSI_RESULT result = 0;
- int returnValue;
- //implement for bytes
- //returnValue = AmsiScanBuffer
- //implement for stream
- //check data type
- returnValue = AmsiInitialize("AliceLocalUpdates", out amsiContext);
- returnValue = AmsiOpenSession(amsiContext, out session);
- //returnValue = AmsiScanString(amsiContext, @"X5O!P % @AP[4\PZX54(P ^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*", "EICAR", session, out result);
- returnValue = AmsiScanString(amsiContext, fileContent, fileName, session, out result);
- // AmsiResultIsMalware(result);
- AmsiCloseSession(amsiContext, session);
- AmsiUninitialize(amsiContext);
- Console.WriteLine("{0} in {1} has been checked for virus with result: {2} and return value of {3}", fileName, fileContent, result, returnValue);
- }
- static void moveFiles()
- {
- bool check;
- }
- FileSystemWatcher watcher = new FileSystemWatcher();
- public enum AMSI_RESULT
- {
- AMSI_RESULT_CLEAN = 0,
- AMSI_RESULT_NOT_DETECTED = 1,
- AMSI_RESULT_DETECTED = 32768
- }
- [PermissionSet(SecurityAction.Demand, Name = "FullTrust")]
- private static void Run()
- {
- //string[] args = Environment.GetCommandLineArgs();
- //if (args.Length != 2)
- //{
- // Console.WriteLine("Usage: Watcher.exe (directory)");
- // return;
- //}
- using (FileSystemWatcher watcher = new FileSystemWatcher())
- {
- //watcher.Path = ;
- watcher.NotifyFilter = NotifyFilters.LastAccess
- | NotifyFilters.LastWrite
- | NotifyFilters.FileName
- | NotifyFilters.DirectoryName;
- watcher.Filter = "*.*";
- watcher.Changed += OnChanged;
- watcher.Created += OnChanged;
- watcher.Deleted += OnChanged;
- // watcher.Renamed += OnRenamed;
- watcher.EnableRaisingEvents = true;
- Console.WriteLine("Press 'q' to quit");
- while (Console.Read() != 'q') ;
- }
- }
- //private static void OnRenamed(object sender, RenamedEventArgs e)
- //{
- //}
- private static void OnChanged(object sender, FileSystemEventArgs e)
- {
- }
- static void GetSum(int number, out int solution)
- {
- solution = number * 2;
- }
- enum CarColor
- {
- Orange = 3,
- blue,
- red = 7,
- green
- }
- static void PaintCar(CarColor cc)
- {
- Console.WriteLine("The color {0} has the code {1}", cc, (int)cc);
- }
- public static void Swap(ref int num1, ref int num2)
- {
- int temp = num1;
- num1 = num2;
- num2 = temp;
- }
- public static double getMore(params double[] nums)
- {
- double sum = 0;
- foreach (int num in nums)
- {
- sum += num;
- }
- return sum;
- }
- public static void PrintInfo(string name, int zipCode)
- {
- Console.WriteLine(name, zipCode);
- }
- //public void CreateFolders(sourceName, destinationFolderName)
- //{
- // if (!sourceFolderDirectory.Exists())
- // {
- // //CreateFolders
- // }
- //}
- //public void MoveFiles(source, destination)
- //{
- // if (fileAddedToFolder)
- // {
- // runVirusScan();
- // MoveFilesFromSourceToDestination();
- // }
- //}
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement