// main method
static int Main(string[] args)
{
banner();
if (args.Length == 0)
{
usage();
return 0;
}
// display process list
if (args[0].ToString().Equals("-proclist"))
{
System.Console.WriteLine("\nPID\tProcess Name");
System.Console.WriteLine("---------------------");
foreach (Process p in Process.GetProcesses())
{
System.Console.WriteLine(p.Id + "\t" + p.ProcessName);
}
return 0;
}
CliArgs myargs = new CliArgs();
if (args[0].ToString().Equals("-string") && args.Length >= 5)
{
myargs.setRunType("string");
// sending results over a socket
if (args[1].ToString().Equals("-s"))
{
if (args.Length >= 8)
{
myargs.setMode("socket");
myargs.setPID(args[2]);
myargs.setIPaddr(args[3]);
myargs.setPortnum(args[4]);
myargs.setDelay(args[5]);
myargs.setPrePostFix(args[6]);
myargs.setSearchTerm(args, 7);
Console.WriteLine("Starting search for \"{0}\" on procid {1} sending output to {2}:{3} with delay of {4} and width of {5}", myargs.searchterm, myargs.pid.ToString(), myargs.ipaddr, myargs.portnum.ToString(), myargs.delay.ToString(), myargs.prepostfix.ToString());
}
}
if (args[1].ToString().Equals("-f"))
{
if (args.Length >= 6)
{
myargs.setMode("file");
myargs.setPID(args[2]);
myargs.setFilename(args[3]);
myargs.setDelay(args[4]);
myargs.setPrePostFix(args[5]);
myargs.setSearchTerm(args, 6);
Console.WriteLine("Starting search for \"{0}\" on procid {1} sending output to file {2} with delay of {3} and width of {4}", myargs.searchterm, myargs.pid.ToString(), myargs.filename, myargs.delay.ToString(), myargs.prepostfix.ToString());
}
}
if (args[1].ToString().Equals("-o"))
{
if (args.Length >= 5)
{
myargs.setMode("stdio");
myargs.setPID(args[2]);
myargs.setDelay(args[3]);
myargs.setPrePostFix(args[4]);
myargs.setSearchTerm(args, 5);
Console.WriteLine("Starting search for \"{0}\" on procid {1} sending output to stdio with delay of {2} and width of {3}", myargs.searchterm, myargs.pid.ToString(), myargs.delay.ToString(), myargs.prepostfix.ToString());
}
}
}
if (args[0].ToString().Equals("-regex") && args.Length >= 5)
{
myargs.setRunType("regex");
// sending results over a socket
if (args[1].ToString().Equals("-s"))
{
if (args.Length >= 8)
{
myargs.setMode("socket");
myargs.setPID(args[2]);
myargs.setIPaddr(args[3]);
myargs.setPortnum(args[4]);
myargs.setDelay(args[5]);
myargs.setPrePostFix(args[6]);
myargs.setSearchTerm(args, 7);
Console.WriteLine("Starting search for \"{0}\" on procid {1} sending output to {2}:{3} with delay of {4} and width of {5}", myargs.searchterm, myargs.pid.ToString(), myargs.ipaddr, myargs.portnum.ToString(), myargs.delay.ToString(), myargs.prepostfix.ToString());
}
}
if (args[1].ToString().Equals("-f"))
{
if (args.Length >= 6)
{
myargs.setMode("file");
myargs.setPID(args[2]);
myargs.setFilename(args[3]);
myargs.setDelay(args[4]);
myargs.setPrePostFix(args[5]);
myargs.setSearchTerm(args, 6);
Console.WriteLine("Starting search for \"{0}\" on procid {1} sending output to file {2} with delay of {3} and width of {4}", myargs.searchterm, myargs.pid.ToString(), myargs.filename, myargs.delay.ToString(), myargs.prepostfix.ToString());
}
}
if (args[1].ToString().Equals("-o"))
{
if (args.Length >= 5)
{
myargs.setMode("stdio");
myargs.setPID(args[2]);
myargs.setDelay(args[3]);
myargs.setPrePostFix(args[4]);
myargs.setSearchTerm(args, 5);
Console.WriteLine("Starting search for \"{0}\" on procid {1} sending output to stdio with delay of {2} and width of {3}", myargs.searchterm, myargs.pid.ToString(), myargs.delay.ToString(), myargs.prepostfix.ToString());
}
}
}
if (args[0].ToString().Equals("-ccdata") && args.Length >= 3)
{
myargs.setRunType("ccdata");
// sending results over a socket
if (args[1].ToString().Equals("-s"))
{
if (args.Length >= 6)
{
myargs.setMode("socket");
myargs.setPID(args[2]);
myargs.setIPaddr(args[3]);
myargs.setPortnum(args[4]);
myargs.setDelay(args[5]);
Console.WriteLine("Starting search for credit card numbers on procid {0} sending output to {1}:{2} with delay of {4}", myargs.pid.ToString(), myargs.ipaddr, myargs.portnum.ToString(), myargs.delay.ToString());
}
}
if (args[1].ToString().Equals("-f"))
{
if (args.Length >= 5)
{
myargs.setMode("file");
myargs.setPID(args[2]);
myargs.setFilename(args[3]);
myargs.setDelay(args[4]);
Console.WriteLine("Starting search for credit card numbers on procid {0} sending output to file {1} with delay of {2}", myargs.pid.ToString(), myargs.filename, myargs.delay.ToString());
}
}
if (args[1].ToString().Equals("-o"))
{
if (args.Length >= 4)
{
myargs.setMode("stdio");
myargs.setPID(args[2]);
myargs.setDelay(args[3]);
Console.WriteLine("Starting search for credit card numbers on procid {0} sending output to stdio with delay of {1}", myargs.pid.ToString(), myargs.delay.ToString());
}
}
}
if (args[0].ToString().Equals("-msdata") && args.Length >= 3)
{
myargs.setRunType("msdata");
// sending results over a socket
if (args[1].ToString().Equals("-s"))
{
if (args.Length >= 6)
{
myargs.setMode("socket");
myargs.setPID(args[2]);
myargs.setIPaddr(args[3]);
myargs.setPortnum(args[4]);
myargs.setDelay(args[5]);
Console.WriteLine("Starting search for magnetic stripe data on procid {0} sending output to {1}:{2} with delay of {4}", myargs.pid.ToString(), myargs.ipaddr, myargs.portnum.ToString(), myargs.delay.ToString());
}
}
if (args[1].ToString().Equals("-f"))
{
if (args.Length >= 5)
{
myargs.setMode("file");
myargs.setPID(args[2]);
myargs.setFilename(args[3]);
myargs.setDelay(args[4]);
Console.WriteLine("Starting search for magnetic stripe data on procid {0} sending output to file {1} with delay of {2}", myargs.pid.ToString(), myargs.filename, myargs.delay.ToString());
}
}
if (args[1].ToString().Equals("-o"))
{
if (args.Length >= 4)
{
myargs.setMode("stdio");
myargs.setPID(args[2]);
myargs.setDelay(args[3]);
Console.WriteLine("Starting search for magnetic stripe data on procid {0} sending output to stdio with delay of {1}", myargs.pid.ToString(), myargs.delay.ToString());
}
}
}
// validate arguments, if good then off we go!
if (myargs.isValid())
{
process = Process.GetProcessById(myargs.pid);
switch (myargs.runType)
{
case "string":
memScanString(myargs);
break;
case "regex":
memScanRegex(myargs);
break;
case "ccdata":
memScanCCData(myargs);
break;
case "msdata":
memScanMSData(myargs);
break;
default:
Console.WriteLine("Unrecognised run mode.");
usage();
return 0;
}
}
else
{
Console.WriteLine("Error in arguments. Check and try again.");
usage();
}
return 1;
}