AnalysisEngine.ProcWatchers.watcher_EventArrived C# (CSharp) Method

ProcWatchers Class Documentation Datei anzeigen Open project: rvazarkar/antipwny

watcher_EventArrived() private method

Called every time a new process is created
private watcher_EventArrived ( object sender, System.Management.EventArrivedEventArgs e ) : void
sender object
e System.Management.EventArrivedEventArgs
return void 
        private void watcher_EventArrived(object sender, EventArrivedEventArgs e)
        {
            string type = e.NewEvent.ClassPath.ClassName;

            try
            {
                Process p = Process.GetProcessById(Convert.ToInt32(e.NewEvent.Properties["ProcessId"].Value));

                if (p.ProcessName != "AntiPwny")
                {
                    string date = DateTime.Now.ToShortDateString() + " " + DateTime.Now.ToShortTimeString();
                    if (AntiPwny.PreventionMode)
                    {
                        //Schedule 4 scans at 3 second intervals to maximize our chance to catch meterpreter
                        Timer t1 = new Timer();
                        t1.Interval = 3000;
                        t1.Elapsed += (s, args) => t_Elapsed(s, args, p, date);
                        t1.Start();

                        Timer t2 = new Timer();
                        t2.Interval = 6000;
                        t2.Elapsed += (s, args) => t_Elapsed(s, args, p, date);
                        t2.Start();

                        Timer t3 = new Timer();
                        t3.Interval = 9000;
                        t3.Elapsed += (s, args) => t_Elapsed(s, args, p, date);
                        t3.Start();

                        Timer t4 = new Timer();
                        t4.Interval = 12000;
                        t4.Elapsed += (s, args) => t_Elapsed(s, args, p, date);
                        t4.Start();
                    }
                    else
                    {
                        //It takes a bit of time for Meterpreter to properly load itself into memory. Wait 10 seconds before we scan the process
                        Timer t = new Timer();
                        t.Interval = 10000;
                        t.Elapsed += (s, args) => t_Elapsed(s, args, p, date);
                        t.Start();
                    }
                }
            }
            catch (Exception)
            {
                return;
            }
        }
ProcWatchers
ProcWatchers
t_Elapsed
watcher_EventArrived