Changeset 1600

Show
Ignore:
Timestamp:
06/03/08 12:39:36 (3 months ago)
Author:
kindlund
Message:

Additional testing, using DLL injection techniques.

Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved

  • honeyclient/branches/exp/kindlund-strace/lib/HoneyClient/Agent.pm

    r1599 r1600  
    14021402                             namespace => $args{'driver_name'}); 
    14031403    # TODO: Updated for initial STRACE support - Clean this up further. 
    1404     #my $status = $job->spawn($processExec, $processName . " " . $args{'parameters'}); 
    1405     my $status = $job->spawn('C:\WINDOWS\system32\cmd.exe', 'cmd.exe /C C:\cygwin\home\Administrator\src\honeyclient-trunk\bin\strace_wrapper.cmd "' . $processExec . "\" \"" . $args{'parameters'} . "\" && sleep " . ($args{'timeout'} + 10)); 
     1404    my $status = $job->spawn($processExec, $processName . " " . $args{'parameters'}); 
     1405    #my $status = $job->spawn('C:\WINDOWS\system32\cmd.exe', 'cmd.exe /C C:\cygwin\home\Administrator\src\honeyclient-trunk\bin\strace_wrapper.cmd "' . $processExec . "\" \"" . $args{'parameters'} . "\" && sleep " . ($args{'timeout'} + 10)); 
    14061406 
    14071407    # Sanity check. 
     
    14121412    } 
    14131413 
     1414    # TODO: Clean this up, eventually. 
     1415    $LOG->info($args{'driver_name'} . " - Injecting STRACE.DLL_IE7 into PID (" . $status . ")"); 
     1416    if (system(q{"/cygdrive/c/Program Files/STRACE/INJDLL.EXE" /p:} . $status . q{ /d:"C:\Program Files\STRACE\STRACE.DLL_IE7" > /dev/null 2>&1}) != 0) { 
     1417        $LOG->error($args{'driver_name'} . " - Injection FAILED!"); 
     1418    } 
     1419 
    14141420    $LOG->info($args{'driver_name'} . " - Driving To Resource: " . $args{'parameters'}); 
    14151421 
    14161422    # TODO: Updated for initial STRACE support - Clean this up further. 
    14171423    # Run the job. 
    1418     #$job->run($args{'timeout'}); 
     1424    $job->run($args{'timeout'}); 
    14191425    # TODO: Clean this up, eventually. 
    1420     use File::stat; 
    1421     my $watch_counter = 0; 
    1422     my $size_counter = 0; 
    1423     my $current_strace_size = 0; 
    1424     my $previous_strace_size = 0; 
    1425     $job->watch(sub { 
    1426         my $job = shift; 
    1427         if ($watch_counter >= $args{'timeout'}) { 
    1428             # TODO: Delete this, eventually. 
    1429             $LOG->warn("Driver Status: Timeout!"); 
    1430             return 1; 
    1431         } 
    1432         $watch_counter++; 
    1433         # TODO: Delete this, eventually. 
    1434         $LOG->info("Watch Counter: " . $watch_counter); 
    1435  
    1436         # TODO: Clean this up, eventually. 
    1437         my $stat_obj = stat("/tmp/strace.log"); 
    1438         if (defined($stat_obj)) { 
    1439             $current_strace_size = $stat_obj->size; 
    1440         } 
    1441         # TODO: Delete this, eventually. 
    1442         $LOG->info("STrace Log Size: " . $current_strace_size . " (bytes)"); 
    1443         # If the size has not changed, then increment 
    1444         # the size_counter; otherwise, reset the size_counter 
    1445         # to 0. 
    1446         if ($previous_strace_size == $current_strace_size) { 
    1447             $size_counter++; 
    1448         } else { 
    1449             $size_counter = 0; 
    1450         } 
    1451  
    1452         # TODO: Clean this up, eventually. 
    1453         if ($size_counter >= 4) { 
    1454             # TODO: Delete this, eventually. 
    1455             $LOG->info("Driver Status: Done?"); 
    1456             return 1; 
    1457         } 
    1458  
    1459         $previous_strace_size = $current_strace_size; 
    1460         return 0; 
    1461     }, 1); 
     1426    #use File::stat; 
     1427    #my $watch_counter = 0; 
     1428    #my $size_counter = 0; 
     1429    #my $current_strace_size = 0; 
     1430    #my $previous_strace_size = 0; 
     1431    #$job->watch(sub { 
     1432    #    my $job = shift; 
     1433    #    if ($watch_counter >= $args{'timeout'}) { 
     1434    #        # TODO: Delete this, eventually. 
     1435    #        $LOG->warn("Driver Status: Timeout!"); 
     1436    #        return 1; 
     1437    #    } 
     1438    #    $watch_counter++; 
     1439    #    # TODO: Delete this, eventually. 
     1440    #    $LOG->info("Watch Counter: " . $watch_counter); 
     1441
     1442#        # TODO: Clean this up, eventually. 
     1443#        my $stat_obj = stat("/tmp/strace.log"); 
     1444#        if (defined($stat_obj)) { 
     1445#            $current_strace_size = $stat_obj->size; 
     1446#        } 
     1447#        # TODO: Delete this, eventually. 
     1448#        $LOG->info("STrace Log Size: " . $current_strace_size . " (bytes)"); 
     1449#        # If the size has not changed, then increment 
     1450#        # the size_counter; otherwise, reset the size_counter 
     1451#        # to 0. 
     1452#        if ($previous_strace_size == $current_strace_size) { 
     1453#            $size_counter++; 
     1454#        } else { 
     1455#            $size_counter = 0; 
     1456#        } 
     1457
     1458#        # TODO: Clean this up, eventually. 
     1459#        if ($size_counter >= 4) { 
     1460#            # TODO: Delete this, eventually. 
     1461#            $LOG->info("Driver Status: Done?"); 
     1462#            return 1; 
     1463#        } 
     1464
     1465#        $previous_strace_size = $current_strace_size; 
     1466#        return 0; 
     1467#    }, 1); 
    14621468 
    14631469    # Check to see if run fails.