void GeneratorTest()
{
char* string;
JsonObject* root = CreateJsonObject();
JsonObject* element = CreateJsonObject();
JsonArray* array = CreateJsonArray();
AddInteger(array, 0);
AddReal(array, 0.0);
AddBoolean(array, FALSE);
AddObject(array, element);
AddString(array, "element");
AddNull(array);
PutNull(root, "0");
PutInteger(root, "Year", 1970);
PutInteger(root, "Month", 3);
PutInteger(root, "Date", 18);
PutArray(root, "Array", array);
PutBoolean(root, "Proposition", TRUE);
PutString(root, "Text", "Hello World");
PutReal(root, "Pi", 3.14159265358979323846264338327950288419716939937510582097494459230781640);
string = ToString(root);
printf("%s", string);
printf("\r\n");
EXPECT_EQUAL_STRING("{\"0\":null,\"Year\":1970,\"Month\":3,\"Date\":18,\"Array\":[0,0.000000,false,{},\"element\",null],\"Proposition\":true,\"Text\":\"Hello World\",\"Pi\":3.141593}", string);
free(string);
ClearJsonObject(root);
ClearJsonArray(array);
string = ToString(root);
EXPECT_EQUAL_STRING("{}", string);
free(string);
}
NTSTATUS NTAPI VirusTotalProcessApiThread(
_In_ PVOID Parameter
)
{
LONG priority;
IO_PRIORITY_HINT ioPriority;
// TODO: Workqueue support.
priority = THREAD_PRIORITY_LOWEST;
ioPriority = IoPriorityVeryLow;
NtSetInformationThread(NtCurrentThread(), ThreadBasePriority, &priority, sizeof(LONG));
NtSetInformationThread(NtCurrentThread(), ThreadIoPriority, &ioPriority, sizeof(IO_PRIORITY_HINT));
Sleep(10 * 1000);
do
{
ULONG i;
INT64 resultLength;
PSTR jsonArrayToSendString;
PSTR jsonApiResult = NULL;
PVOID jsonArray;
PVOID rootJsonObject = NULL;
PVOID dataJsonObject;
PPH_LIST resultTempList = NULL;
PPH_LIST virusTotalResults = NULL;
jsonArray = CreateJsonArray();
resultTempList = PhCreateList(30);
PhAcquireQueuedLockExclusive(&ProcessListLock);
for (i = 0; i < VirusTotalList->Count; i++)
{
PVIRUSTOTAL_FILE_HASH_ENTRY extension = VirusTotalList->Items[i];
if (resultTempList->Count >= 30)
break;
if (!extension->Stage1)
{
extension->Stage1 = TRUE;
PhAddItemList(resultTempList, extension);
}
}
PhReleaseQueuedLockExclusive(&ProcessListLock);
if (resultTempList->Count == 0)
{
Sleep(30 * 1000); // Wait 30 seconds
goto CleanupExit;
}
for (i = 0; i < resultTempList->Count; i++)
{
VirusTotalBuildJsonArray(resultTempList->Items[i], jsonArray);
}
if (!(jsonArrayToSendString = GetJsonArrayString(jsonArray)))
goto CleanupExit;
if (!(jsonApiResult = VirusTotalSendHttpRequest(PhCreateBytes(jsonArrayToSendString))))
goto CleanupExit;
if (!(rootJsonObject = CreateJsonParser(jsonApiResult)))
goto CleanupExit;
if (!(dataJsonObject = JsonGetObject(rootJsonObject, "data")))
goto CleanupExit;
if (!(resultLength = GetJsonValueAsUlong(rootJsonObject, "result")))
goto CleanupExit;
if (virusTotalResults = VirusTotalJsonToResultList(dataJsonObject))
{
for (i = 0; i < virusTotalResults->Count; i++)
{
PVIRUSTOTAL_API_RESULT result = virusTotalResults->Items[i];
if (result->Found)
{
PVIRUSTOTAL_FILE_HASH_ENTRY entry = VirusTotalGetCachedResultFromHash(result->FileHash);
if (entry && !entry->Processed)
{
entry->Processed = TRUE;
entry->Found = result->Found;
entry->Positives = result->Positives;
entry->Total = result->Total;
if (!FindProcessDbObject(&entry->FileName->sr))
{
CreateProcessDbObject(
entry->FileName,
entry->Positives,
entry->Total,
result->FileHash
);
}
}
}
}
}
CleanupExit:
if (virusTotalResults)
{
for (i = 0; i < virusTotalResults->Count; i++)
{
PVIRUSTOTAL_API_RESULT result = virusTotalResults->Items[i];
// PhClearReference(&result->Permalink);
// PhClearReference(&result->FileHash);
// PhClearReference(&result->DetectionRatio);
//
PhFree(result);
}
PhDereferenceObject(virusTotalResults);
}
if (rootJsonObject)
{
CleanupJsonParser(rootJsonObject);
}
if (jsonArray)
{
CleanupJsonParser(jsonArray);
}
if (jsonApiResult)
{
PhFree(jsonApiResult);
}
if (resultTempList)
{
// Re-queue items without any results from VirusTotal.
//for (i = 0; i < resultTempList->Count; i++)
//{
// PVIRUSTOTAL_FILE_HASH_ENTRY result = resultTempList->Items[i];
// PPROCESS_EXTENSION extension = result->Extension;
//
// if (extension->Retries > 3)
// continue;
//
// if (PhIsNullOrEmptyString(result->FileResult))
// {
// extension->Stage1 = FALSE;
// }
//
// extension->Retries++;
//}
PhDereferenceObject(resultTempList);
}
Sleep(5 * 1000); // Wait 5 seconds
} while (VirusTotalHandle);
return STATUS_SUCCESS;
}
