-
Notifications
You must be signed in to change notification settings - Fork 0
/
Helper.bat
93 lines (75 loc) · 2.17 KB
/
Helper.bat
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
@ECHO off
SETLOCAL enableextensions enabledelayedexpansion
ECHO Ensuring the proper working directory
%~d0
cd %~dp0
REM Verify the files exist
SET agent64=.\x64\
SET agent32=.\x86\
SET script=MemoryzeAuditScript.xml
SET outputdir=.
SET bitness=%PROCESSOR_ARCHITECTURE%
SET sessionsFolder=Sessions
SET analysisFolderCommonName=AnalysisSession
SET auditsFolder=Audits
IF NOT EXIST "%agent64%" GOTO :failed
REM IF NOT EXIST "%agent32%" GOTO :failed
IF NOT EXIST "%script%" GOTO :failed
IF "%1"=="" (
SET "outputdir=%~dp0"
GOTO :usedefault
)
SET "outputdir=%1"
REM Check that the directory exists, and if not create it.
IF NOT EXIST "%outputdir%" CALL mkdir "%outputdir%"
:usedefault
SET "sessionsFolder=%outputdir%\%sessionsFolder%"
SET "analysisFolderCustomName=%analysisFolderCommonName%1"
IF EXIST "%sessionsFolder%" (
FOR /f "delims=" %%a IN ('cscript //nologo "%~dp0\getNextSessionFolder.js" "%sessionsFolder%" "%analysisFolderCommonName%"') DO (SET analysisFolderCustomName=%%a)
) ELSE (
MKDIR "%sessionsFolder%"
)
MKDIR "%sessionsFolder%\%analysisFolderCustomName%"
SET "fullAuditsPath=%sessionsFolder%\%analysisFolderCustomName%\%auditsFolder%"
MKDIR "%fullAuditsPath%"
SET args=-o "%fullAuditsPath%" -f "%script%"
SET agent=%agent32%
IF "%bitness%"=="x86" GOTO :agentset
IF "%bitness%"=="IA64" GOTO :unsupported
SET agent=%agent64%
:agentset
FOR /f "delims=" %%a IN ('cscript //nologo "%~dp0\getPath.js" "%agent%"') DO (SET "agent=%%a")
SET "fullAgentPath=%agent%xagt.exe"
ECHO "%fullAgentPath%" %args%
rem PAUSE
call "%fullAgentPath%" %args%
SET iocExists=false
IF EXIST IOCs (
SET iocExists=true
)
cscript //nologo "%~dp0\finishAnalysis.js" "%sessionsFolder%\%analysisFolderCustomName%" "%analysisFolderCustomName%" "%fullAuditsPath%" "%auditsFolder%" "%iocExists%"
GOTO :end
:failed
ECHO.
ECHO.
ECHO Failure Encountered:
ECHO Agent and/or Redline Audit Script not found.
GOTO :end
:unsupported
ECHO.
ECHO.
ECHO Failure Encountered:
ECHO This Operating System is not supported by the FireEye Agent
GOTO :end
:auditfail
ECHO.
ECHO.
ECHO Failure Encountered
ECHO %errorlevel% return from "%lastcmd%"
IF EXIST "%buildlog%" START notepad "%buildlog%"
GOTO :end
:end
REM PAUSE
ENDLOCAL
@ECHO on