From fc660cc0aad7b787c16c1809337d507236477595 Mon Sep 17 00:00:00 2001
From: benwoo1110 <wben1110@gmail.com>
Date: Sun, 14 Aug 2022 15:46:13 +0800
Subject: [PATCH] Implement export for File Info and VirusTotal

---
 .../ViewModels/Tools/FileInfoViewModel.cs     |  41 ++++++-
 .../ViewModels/Tools/VirusTotalViewModel.cs   | 110 ++++++++++++------
 .../Views/Tools/FileInfo.xaml                 |   3 +-
 .../Views/Tools/FileInfo.xaml.cs              |  25 ----
 .../Views/Tools/VirusTotal.xaml               |  35 ++++--
 .../Views/Tools/VirusTotal.xaml.cs            |   5 +-
 .../ImportExports/Common/SimpleJsonHandler.cs |  20 ++++
 .../ImportExports/ImportExportFactory.cs      |   1 +
 8 files changed, 163 insertions(+), 77 deletions(-)
 create mode 100644 MalwareToolbox.Library/ImportExports/Common/SimpleJsonHandler.cs

diff --git a/MalwareToolbox.DesktopApp/ViewModels/Tools/FileInfoViewModel.cs b/MalwareToolbox.DesktopApp/ViewModels/Tools/FileInfoViewModel.cs
index d8c6643..dc0420e 100644
--- a/MalwareToolbox.DesktopApp/ViewModels/Tools/FileInfoViewModel.cs
+++ b/MalwareToolbox.DesktopApp/ViewModels/Tools/FileInfoViewModel.cs
@@ -4,11 +4,13 @@
 using System.Diagnostics.CodeAnalysis;
 using System.Runtime.CompilerServices;
 using System.Threading.Tasks;
+using Windows.Storage.Pickers;
 using CommunityToolkit.WinUI;
 using CommunityToolkit.WinUI.UI;
 using MalwareToolbox.DesktopApp.Core.Configurations;
 using MalwareToolbox.DesktopApp.Core.Utils;
 using MalwareToolbox.DesktopApp.Core.WindowFiles;
+using MalwareToolbox.DesktopApp.UI.Notifications;
 using MalwareToolbox.Library.ImportExports;
 using MalwareToolbox.Library.Utils;
 using MalwareToolbox.LibraryC.Executables;
@@ -89,7 +91,7 @@ public class FileInfoViewModel : ToolboxViewModel
 
     };
 
-    private readonly ImportExportFactory<Dictionary<string, List<string>>> _fileInfoFactory;
+    private readonly ImportExportFactory<object> _factory;
     private bool _initialised;
     private bool _validPE;
     private string _search;
@@ -164,7 +166,7 @@ public string Search
 
     public FileInfoViewModel()
     {
-        _fileInfoFactory = ImportExportFactory<Dictionary<string, List<string>>>.ForStrings();
+        _factory = ImportExportFactory<object>.SimpleFactory();
         FileManager.WinFileClosed += WinFileManager_WinFileClosed;
     }
 
@@ -407,6 +409,41 @@ public void LoadFileDetails()
         _initialised = true;
     }
 
+    public async void Export()
+    {
+        var savePicker = new FileSavePicker();
+        savePicker.FileTypeChoices.Add("JavaScript Object Notation", new List<string>() { ".json" });
+
+        savePicker.SuggestedFileName = "export";
+
+        var hwnd = WinRT.Interop.WindowNative.GetWindowHandle(App.Instance.WindowsManager.MainWindow);
+        WinRT.Interop.InitializeWithWindow.Initialize(savePicker, hwnd);
+
+        var file = await savePicker.PickSaveFileAsync();
+        if (file == null) return;
+        
+        var notification = new ExportNotification(file);
+        notification.StartExport();
+
+        Windows.Storage.CachedFileManager.DeferUpdates(file);
+
+        Dictionary<string, object> data = new Dictionary<string, object>()
+        {
+            {"Section Headers", _sectionListCollection},
+            {"Import Table", _importsListCollection},
+            {"Imported Functions", _functionsListCollection},
+            {"File Properties", _propertiesListCollection},
+            {"DOS Headers", _headersListCollection},
+            {"Hashing", _hashesListCollection},
+            {"NT Headers", _ntHeadersListCollection},
+            {"Rich Headers", _richHeadersCollection}
+        };
+
+        await _factory.ExportAsync(file.Path, data);
+
+        notification.ExportComplete();
+    }
+
     public void OnSearch(AutoSuggestBox sender, AutoSuggestBoxQuerySubmittedEventArgs args)
     {
         Search = args.QueryText;
diff --git a/MalwareToolbox.DesktopApp/ViewModels/Tools/VirusTotalViewModel.cs b/MalwareToolbox.DesktopApp/ViewModels/Tools/VirusTotalViewModel.cs
index 84afa8c..8e94bdd 100644
--- a/MalwareToolbox.DesktopApp/ViewModels/Tools/VirusTotalViewModel.cs
+++ b/MalwareToolbox.DesktopApp/ViewModels/Tools/VirusTotalViewModel.cs
@@ -2,7 +2,9 @@
 using System.Collections.Generic;
 using System.Collections.ObjectModel;
 using System.Threading.Tasks;
+using Windows.Storage.Pickers;
 using MalwareToolbox.DesktopApp.Core.Utils;
+using MalwareToolbox.DesktopApp.UI.Notifications;
 using MalwareToolbox.Library.ImportExports;
 using MalwareToolbox.Library.VirusTotalAPI;
 
@@ -10,8 +12,7 @@ namespace MalwareToolbox.DesktopApp.ViewModels.Tools;
 
 public class VirusTotalViewModel : ToolboxViewModel
 {
-    private readonly ImportExportFactory<Dictionary<string, List<string>>> _fileInfoFactory;
-    private bool _initialised;
+    private readonly ImportExportFactory<object> _factory;
     private bool _loaded;
     private ObservableCollection<GroupedList> _sectionListCollection = new ObservableCollection<GroupedList>();
     private ObservableCollection<GroupedList> _importsListCollection = new ObservableCollection<GroupedList>();
@@ -39,6 +40,11 @@ public ObservableCollection<GroupedList> NamesListCollection
         set => SetProperty(ref _namesListCollection, value);
     }
 
+    public VirusTotalViewModel()
+    {
+        _factory = ImportExportFactory<object>.SimpleFactory();
+    }
+
     public async Task<bool> LoadVirusTotalDetailsAsync(string apiKey, string hash)
     {
         var virusTotal = new VirusTotalAPI();
@@ -46,12 +52,12 @@ public async Task<bool> LoadVirusTotalDetailsAsync(string apiKey, string hash)
         if (result == null)
         {
             _loaded = false;
-        } 
-        else
-        {
-            // Details
-            _filePropertiesListCollection.Clear();
-            var PropertiesList = new GroupedList(new List<string>
+            return false;
+        }
+
+        // Details
+        _filePropertiesListCollection.Clear();
+        var PropertiesList = new GroupedList(new List<string>
         {
             "MD5: " + result.data.attributes.md5,
             "SHA-1: " + result.data.attributes.sha1,
@@ -64,22 +70,22 @@ public async Task<bool> LoadVirusTotalDetailsAsync(string apiKey, string hash)
             "Last Modified: " + result.data.attributes.last_modification_date,
             "File Size (bytes): " + result.data.attributes.size,
         });
-            _filePropertiesListCollection.Add(PropertiesList);
+        _filePropertiesListCollection.Add(PropertiesList);
 
-            // Names
-            _namesListCollection.Clear();
-            var NamesList = new GroupedList(new List<string> { });
-            foreach (var function in result.data.attributes.names)
-            {
-                NamesList.Add(function);
-            }
-            _namesListCollection.Add(NamesList);
+        // Names
+        _namesListCollection.Clear();
+        var NamesList = new GroupedList(new List<string> { });
+        foreach (var function in result.data.attributes.names)
+        {
+            NamesList.Add(function);
+        }
+        _namesListCollection.Add(NamesList);
 
 
-            _sectionListCollection.Clear();
-            foreach (var section in result.data.attributes.pe_info.sections)
-            {
-                var SectionsList = new GroupedList(new List<string>
+        _sectionListCollection.Clear();
+        foreach (var section in result.data.attributes.pe_info.sections)
+        {
+            var SectionsList = new GroupedList(new List<string>
             {
                 "Flags: " + section.flags,
                 "Virtual Address: : " + section.virtual_address,
@@ -90,27 +96,57 @@ public async Task<bool> LoadVirusTotalDetailsAsync(string apiKey, string hash)
                 "Chi2: " + section.chi2
             });
 
-                SectionsList.Key = section.name;
-                _sectionListCollection.Add(SectionsList);
-            }
+            SectionsList.Key = section.name;
+            _sectionListCollection.Add(SectionsList);
+        }
 
-            // Imports
-            _importsListCollection.Clear();
-            var ImportsList = new GroupedList(new List<string> { });
-            foreach (var imports in result.data.attributes.pe_info.import_list)
+        // Imports
+        _importsListCollection.Clear();
+        var ImportsList = new GroupedList(new List<string> { });
+        foreach (var imports in result.data.attributes.pe_info.import_list)
+        {
+            foreach (var function in imports.imported_functions)
             {
-                foreach (var function in imports.imported_functions)
-                {
-                    ImportsList.Add(function);
-                }
-
-                ImportsList.Key = imports.library_name;
-                _importsListCollection.Add(ImportsList);
+                ImportsList.Add(function);
             }
 
-            _loaded = true;
+            ImportsList.Key = imports.library_name;
+            _importsListCollection.Add(ImportsList);
         }
 
-        return _loaded;
+        _loaded = true;
+        return true;
+    }
+
+    public async void Export()
+    {
+        var savePicker = new FileSavePicker();
+        savePicker.FileTypeChoices.Add("JavaScript Object Notation", new List<string>() { ".json" });
+
+        savePicker.SuggestedFileName = "export";
+
+        var hwnd = WinRT.Interop.WindowNative.GetWindowHandle(App.Instance.WindowsManager.MainWindow);
+        WinRT.Interop.InitializeWithWindow.Initialize(savePicker, hwnd);
+
+        var file = await savePicker.PickSaveFileAsync();
+        if (file == null) return;
+
+        var notification = new ExportNotification(file);
+        notification.StartExport();
+
+        Windows.Storage.CachedFileManager.DeferUpdates(file);
+
+        Dictionary<string, object> data = new Dictionary<string, object>()
+        {
+            {"Section Headers", _sectionListCollection},
+            {"Import Table", _importsListCollection},
+            {"File Properties", _filePropertiesListCollection},
+            {"Names", _namesListCollection}
+        };
+
+        await _factory.ExportAsync(file.Path, data);
+
+        notification.ExportComplete();
     }
+
 }
diff --git a/MalwareToolbox.DesktopApp/Views/Tools/FileInfo.xaml b/MalwareToolbox.DesktopApp/Views/Tools/FileInfo.xaml
index 7038c33..3ef7765 100644
--- a/MalwareToolbox.DesktopApp/Views/Tools/FileInfo.xaml
+++ b/MalwareToolbox.DesktopApp/Views/Tools/FileInfo.xaml
@@ -93,7 +93,8 @@
                                 <FontIcon FontFamily="Segoe MDL2 Assets" Glyph="&#xE8C5;"/>
                             </MenuFlyoutItem.Icon>
                         </MenuFlyoutItem>
-                        <MenuFlyoutItem Text="Export">
+                        <MenuFlyoutItem Text="Export" 
+                                        Click="{x:Bind ViewModel.Export}">
                             <MenuFlyoutItem.Icon>
                                 <FontIcon FontFamily="Segoe MDL2 Assets" Glyph="&#xE72D;"/>
                             </MenuFlyoutItem.Icon>
diff --git a/MalwareToolbox.DesktopApp/Views/Tools/FileInfo.xaml.cs b/MalwareToolbox.DesktopApp/Views/Tools/FileInfo.xaml.cs
index e4d6b1a..65cc184 100644
--- a/MalwareToolbox.DesktopApp/Views/Tools/FileInfo.xaml.cs
+++ b/MalwareToolbox.DesktopApp/Views/Tools/FileInfo.xaml.cs
@@ -20,7 +20,6 @@ namespace MalwareToolbox.DesktopApp.Views.Tools;
 public sealed partial class FileInfo : Page, IPageRequireFile
 {
     public FileInfoViewModel ViewModel { get; }
-    private readonly ImportExportFactory<object> _factory;
 
     public FileInfo()
     {
@@ -56,28 +55,4 @@ private void CollapseAll_MenuFlyoutItem_Click(object sender, Microsoft.UI.Xaml.R
         ImportTableExpander.IsExpanded = false;
         ImportedFunctionsExpander.IsExpanded = false;
     }
-
-    //private async void ExportButton_OnClick(object sender, RoutedEventArgs e)
-    //{
-    //    var savePicker = new FileSavePicker();
-    //    savePicker.FileTypeChoices.Add("Text File", new List<string>() { ".txt" });
-
-    //    savePicker.SuggestedFileName = "File Info Export";
-
-    //    var hwnd = WinRT.Interop.WindowNative.GetWindowHandle(App.Instance.WindowsManager.MainWindow);
-    //    WinRT.Interop.InitializeWithWindow.Initialize(savePicker, hwnd);
-
-    //    var file = await savePicker.PickSaveFileAsync();
-    //    if (file != null)
-    //    {
-    //        var notification = new ExportNotification(file);
-    //        notification.StartExport();
-
-    //        Windows.Storage.CachedFileManager.DeferUpdates(file);
-    //        await _factory.ExportAsync(file.Path, );
-
-    //        notification.ExportComplete();
-    //    }
-
-    //}
 }
diff --git a/MalwareToolbox.DesktopApp/Views/Tools/VirusTotal.xaml b/MalwareToolbox.DesktopApp/Views/Tools/VirusTotal.xaml
index 5687672..f39c5ec 100644
--- a/MalwareToolbox.DesktopApp/Views/Tools/VirusTotal.xaml
+++ b/MalwareToolbox.DesktopApp/Views/Tools/VirusTotal.xaml
@@ -46,7 +46,6 @@
         </TeachingTip>
     </Page.Resources>
     
-    
     <ScrollViewer>
         <Grid Padding="{ThemeResource PageGridMargin}">
             <StackPanel Width="Auto">
@@ -58,14 +57,34 @@
                 </StackPanel.Resources>
                 <TextBox Margin="0,0,0,20" x:Name="HashText" Header="Enter the hash:"/>
                 <TextBox Margin="0,0,0,10" x:Name="APIText" Header="Enter your API Key:"/>
-                
-                <StackPanel Orientation="Horizontal">
+
+                <Grid>
+                    <Grid.ColumnDefinitions>
+                        <ColumnDefinition Width="Auto"/>
+                        <ColumnDefinition />
+                        <ColumnDefinition Width="Auto"/>
+                    </Grid.ColumnDefinitions>
+
                     <Button x:Name="Enter" 
-                    Content="Enter" 
-                    Margin="0,8,8,20"
-                    Click="ShowDialog_Click" />
-                    <TextBlock HorizontalTextAlignment="Center" Margin="0,14,0,0" x:Name="ErrorText"/>
-                </StackPanel>
+                            Content="Enter" 
+                            Margin="0,8,8,20"
+                            Click="ShowDialog_Click" />
+
+                    <TextBlock Grid.Column="1"
+                               x:Name="ErrorText"
+                               HorizontalTextAlignment="Center" 
+                               Margin="0,14,0,0" />
+
+                    <Button Grid.Column="2"
+                            x:Name="Export"
+                            IsEnabled="false"
+                            Click="{x:Bind ViewModel.Export}">
+                        <StackPanel Orientation="Horizontal">
+                            <FontIcon Glyph="&#xE72D;" FontSize="14" Margin="0,0,8,0" />
+                            <TextBlock Text="Export"/>
+                        </StackPanel>
+                    </Button>
+                </Grid>
                 <Expander x:Name="FileProperties" IsEnabled="False" Header="File Properties">
                     <ScrollViewer MaxHeight="200">
                         <ListView ItemsSource="{x:Bind FilePropertiesCollectionView.View, Mode=OneWay}"
diff --git a/MalwareToolbox.DesktopApp/Views/Tools/VirusTotal.xaml.cs b/MalwareToolbox.DesktopApp/Views/Tools/VirusTotal.xaml.cs
index f790d5c..36d7129 100644
--- a/MalwareToolbox.DesktopApp/Views/Tools/VirusTotal.xaml.cs
+++ b/MalwareToolbox.DesktopApp/Views/Tools/VirusTotal.xaml.cs
@@ -67,10 +67,6 @@ private async void ShowDialog_Click(object sender, RoutedEventArgs e)
             _configProvider.ResetConfig(Configs.VirusTotalApiKey);
             OnClick();
         }
-        else
-        {
-            
-        }
     }
 
     private async void OnClick()
@@ -92,6 +88,7 @@ private async void OnClick()
         else
         {
             ErrorText.Text = "";
+            Export.IsEnabled = true;
             FileProperties.IsEnabled = true;
             Names.IsEnabled = true;
             Sections.IsEnabled = true;
diff --git a/MalwareToolbox.Library/ImportExports/Common/SimpleJsonHandler.cs b/MalwareToolbox.Library/ImportExports/Common/SimpleJsonHandler.cs
new file mode 100644
index 0000000..2dca12c
--- /dev/null
+++ b/MalwareToolbox.Library/ImportExports/Common/SimpleJsonHandler.cs
@@ -0,0 +1,20 @@
+using Newtonsoft.Json;
+
+namespace MalwareToolbox.Library.ImportExports.Common;
+
+public class SimpleJsonHandler : IImportExportHandler<object>
+{
+    public string FileType => ".json";
+    
+    public Task<object?> Import(string path, StreamReader stream)
+    {
+        throw new NotImplementedException();
+    }
+
+    public async Task<bool> Export(string path, StreamWriter stream, object data)
+    {
+        var content = await Task.Run(() => JsonConvert.SerializeObject(data, Formatting.Indented));
+        await stream.WriteAsync(content);
+        return true;
+    }
+}
diff --git a/MalwareToolbox.Library/ImportExports/ImportExportFactory.cs b/MalwareToolbox.Library/ImportExports/ImportExportFactory.cs
index 54c326b..689dda1 100644
--- a/MalwareToolbox.Library/ImportExports/ImportExportFactory.cs
+++ b/MalwareToolbox.Library/ImportExports/ImportExportFactory.cs
@@ -10,6 +10,7 @@ public class ImportExportFactory<T>
     public static ImportExportFactory<object> SimpleFactory()
     {
         var factory = new ImportExportFactory<object>();
+        factory.RegisterHandler(new SimpleJsonHandler());
         factory.RegisterHandler(new SimpleStringsHandler());
         return factory;
     }