Skip to content

Commit

Permalink
AChoir v4.4
Browse files Browse the repository at this point in the history
  • Loading branch information
@OMENScan
OMENScan committed May 25, 2020
1 parent dd614fa commit a234abe
Show file tree
Hide file tree
Showing 8 changed files with 104 additions and 17 deletions.
Binary file modified A-AChoir.exe
View file
Binary file not shown.
Binary file modified A-AChoir64.exe
View file
Binary file not shown.
Binary file modified AChoir-inst.exe
View file
Binary file not shown.
102 changes: 86 additions & 16 deletions AChoir.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -225,6 +225,7 @@
/* - Only UTF-16 (Big & Little Endian) */
/* AChoir v4.2 - Make Log File consistent (set to ACQName) */
/* AChoir v4.3 - Added &HST Variable (Host Name) */
/* AChoir v4.4 - Improve Parsing to recognize dbl-quotes */
/* */
/* rc=0 - All Good */
/* rc=1 - Bad Input */
Expand Down Expand Up @@ -320,7 +321,7 @@
#define MaxArray 100
#define BUFSIZE 4096

char Version[10] = "v4.3\0";
char Version[10] = "v4.4\0";
char RunMode[10] = "Run\0";
int iRanMode = 0;
int iRunMode = 0;
Expand Down Expand Up @@ -348,6 +349,9 @@ char Delims[10] = ",\0\0\0\0\0\0\0\0";
char *TokPtr;
int TokCnt;
int TokMax;
int TokIdx;
int TokCur;
int TokOnOff;

int iNative = 0; // Are we Native 64Bit on 64Bit (Native = 1, NonNative = 0)
char sNative[10] = "\0";
Expand Down Expand Up @@ -2120,23 +2124,56 @@ int main(int argc, char *argv[])
{
memset(Tokrec, 0, 2048);
strncpy(Tokrec, Filrec, 2048);
TokPtr = strtok(Tokrec, Delims);

for (TokCnt = 0; TokCnt < TokMax; TokCnt++)

// V4.4 - Improved Parser (Look for dbl-quotes)
// TokOnOff = Tokenize Off if Quoted (0), On if Not Quoted (1)
TokCnt = TokIdx = 0;
TokOnOff = 1;
for (TokCur = 0; TokCur < strlen(Tokrec); TokCur++)
{
if (TokPtr != NULL)
TokPtr = strtok(NULL, Delims);
if (Tokrec[TokCur] == '"')
{
if (TokOnOff == 1)
TokOnOff = 0;
else
TokOnOff = 1;
}
else
if (strchr(Delims, Tokrec[TokCur]) != 0)
{
// Only Process if we are not inside a Quote
if (TokOnOff == 1)
{
TokCnt++;

if (TokCnt == TokMax)
TokIdx = TokCur+1;
else
if (TokCnt > TokMax)
{
Tokrec[TokCur] = '\0';
break;
}
}
}
}

/****************************************************************/
/* If we got a Column, Add it. */
/****************************************************************/
if (TokPtr != NULL)
if (TokCnt >= TokMax)
{
// Remove Double-Quotes if they are there
if ((Tokrec[TokIdx] == '"') && (Tokrec[strlen(Tokrec)-1] == '"'))
{
TokIdx++;
Tokrec[strlen(Tokrec)-1] = '\0';
}

if (setTrim == 1)
LRTrim(TokPtr);
LRTrim(Tokrec + TokIdx);

sprintf(Inrec + oPtr, "%s", TokPtr);
sprintf(Inrec + oPtr, "%s", Tokrec+TokIdx);
}
oPtr = strlen(Inrec);
iPtr += 3;
Expand Down Expand Up @@ -2261,23 +2298,56 @@ int main(int argc, char *argv[])
{
memset(Tokrec, 0, 2048);
strncpy(Tokrec, Lstrec, 2048);
TokPtr = strtok(Tokrec, Delims);

for (TokCnt = 0; TokCnt < TokMax; TokCnt++)
// New Version 4.4 - Improved Parsing (recognize dbl-quotes)
// TokOnOff = Tokenize Off if Quoted (0), On if Not Quoted (1)
TokCnt = TokIdx = 0;
TokOnOff = 1;
for (TokCur = 0; TokCur < strlen(Tokrec); TokCur++)
{
if (TokPtr != NULL)
TokPtr = strtok(NULL, Delims);
if (Tokrec[TokCur] == '"')
{
if (TokOnOff == 1)
TokOnOff = 0;
else
TokOnOff = 1;
}
else
if (strchr(Delims, Tokrec[TokCur]) != 0)
{
// Only Process if we are not inside a Quote
if (TokOnOff == 1)
{
TokCnt++;

if (TokCnt == TokMax)
TokIdx = TokCur+1;
else
if (TokCnt > TokMax)
{
Tokrec[TokCur] = '\0';
break;
}
}
}
}

/****************************************************************/
/* If we got a Column, Add it. */
/****************************************************************/
if (TokPtr != NULL)
if (TokCnt >= TokMax)
{
// Remove Double-Quotes if they are there
if ((Tokrec[TokIdx] == '"') && (Tokrec[strlen(Tokrec)-1] == '"'))
{
TokIdx++;
Tokrec[strlen(Tokrec)-1] = '\0';
}

if (setTrim == 1)
LRTrim(TokPtr);
LRTrim(Tokrec + TokIdx);

sprintf(Inrec + oPtr, "%s", TokPtr);
sprintf(Inrec + oPtr, "%s", Tokrec + TokIdx);
}
oPtr = strlen(Inrec);
iPtr += 3;
Expand Down
Binary file modified AChoir.exe
View file
Binary file not shown.
Binary file modified AChoir64.exe
View file
Binary file not shown.
17 changes: 17 additions & 0 deletions Scripts/ARunCopy.ACQ
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
*******************************************************
* Run Autoruns, Parse the CSV, and copy all of the *
* executables *
*******************************************************
SET:CopyPath=Part
ACQ:\ARN
SAY:[+] Executing Autoruns (Ignoring MS Executables)...
CMD:\SYS\Autorunsc.exe /accepteula -a * -c -h -m > &Acq\AutoRun.dat
SAY:[+] Copying Executables...
LST:&ACN\ARN\AutoRun.dat
NCP:"&LS8" "&ACQ"
SAY:[+] Processing Complete...
SAY:
SAY:[+] Now Hashing Artifacts...
HSH:ACQ
SAY:
PZZ: All Done! Press Any Key to Finish.
2 changes: 1 addition & 1 deletion WhatIsAChoir.txt
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
AChoir - v4.3
AChoir - v4.4

AChoir
======
Expand Down

0 comments on commit a234abe

Please sign in to comment.