public int GetCount(string username, string password, string nameSpace, string filter) { var context = new ManagementNamedValueCollection(); ManagementScope scope = new ManagementScope(GetScopeString("localhost", nameSpace), new ConnectionOptions("en-US", username, password, "", ImpersonationLevel.Default, AuthenticationLevel.Default, true, context, TimeSpan.FromSeconds(60))); { ObjectQuery query = new ObjectQuery(filter); using (ManagementObjectSearcher searcher = new ManagementObjectSearcher(scope, query, new EnumerationOptions(context, TimeSpan.FromSeconds(60), 4096, true, true, true, false, false, true, true))) { return(searcher.Get().Count); } } }
public IEnumerable <object> Get(string username, string password, string nameSpace, string filter) { var context = new ManagementNamedValueCollection(); ManagementScope scope = new ManagementScope(GetScopeString("localhost", nameSpace), new ConnectionOptions("en-US", username, password, "", ImpersonationLevel.Default, AuthenticationLevel.Default, true, context, TimeSpan.FromSeconds(60))); { ObjectQuery query = new ObjectQuery(filter); using (ManagementObjectSearcher searcher = new ManagementObjectSearcher(scope, query, new EnumerationOptions(context, TimeSpan.FromSeconds(60), 4096, true, true, true, false, false, true, true))) { foreach (ManagementBaseObject obj in searcher.Get()) { yield return(ToEndointAddress(obj, _isLocal)); } } } }
private static RegType GetValueType(ManagementClass mc, RegHive hDefKey, string sSubKeyName, string sValueName) { ManagementBaseObject inParams = mc.GetMethodParameters("EnumValues"); inParams["hDefKey"] = hDefKey; inParams["sSubKeyName"] = sSubKeyName; ManagementNamedValueCollection objCtx = new ManagementNamedValueCollection(); objCtx.Add("__ProviderArchitecture", 64); objCtx.Add("__RequiredArchitecture", true); InvokeMethodOptions invokeOptions = new InvokeMethodOptions(); invokeOptions.Context = objCtx; ManagementBaseObject outParams = mc.InvokeMethod("EnumValues", inParams, invokeOptions); if (Convert.ToUInt32(outParams["ReturnValue"]) == 0) { string[] sNames = outParams["sNames"] as String[]; int[] iTypes = outParams["Types"] as int[]; for (int i = 0; i < sNames.Length; i++) { if (sNames[i] == sValueName) { return((RegType)iTypes[i]); } } return(0); } else { return(0); } return(0); }
public string GetFilthyStdOut(string strKey) { StringBuilder strOut = new StringBuilder(); bool bSeenFinishedMarker = false; Console.WriteLine("[i] Getting stdout from registry from " + strKey); ManagementClass registry = new ManagementClass(this.Scope, new ManagementPath("StdRegProv"), null); // Enumerate the values ManagementBaseObject inParams = registry.GetMethodParameters("EnumValues"); inParams["sSubKeyName"] = strKey; inParams["hDefKey"] = RegHive.HKEY_LOCAL_MACHINE; ManagementNamedValueCollection objCtx = new ManagementNamedValueCollection(); objCtx.Add("__ProviderArchitecture", 64); objCtx.Add("__RequiredArchitecture", true); InvokeMethodOptions invokeOptions = new InvokeMethodOptions(); invokeOptions.Context = objCtx; ManagementBaseObject outParams = registry.InvokeMethod("EnumValues", inParams, invokeOptions); string[] strValues = outParams["sNames"] as string[]; try { if (Convert.ToUInt32(outParams["ReturnValue"]) == 0) { } else { Console.WriteLine("[!] Failed to get values " + outParams["ReturnValue"].ToString()); return(null); } } catch (Exception ex) { Console.WriteLine("[!] Failed to get values - command likely not valid i.e. generated no stdout output - " + ex.Message.ToString()); return(null); } try { foreach (string value in strValues) { try { RegType rType = GetValueType(registry, RegHive.HKEY_LOCAL_MACHINE, strKey, value); switch (rType) { case RegType.REG_SZ: inParams = registry.GetMethodParameters("GetStringValue"); inParams["sSubKeyName"] = strKey; inParams["sValueName"] = value; inParams["hDefKey"] = RegHive.HKEY_LOCAL_MACHINE; ManagementBaseObject outParams2 = registry.InvokeMethod("GetStringValue", inParams, invokeOptions); if (outParams2.Properties["sValue"].Value != null) { if (outParams2.Properties["sValue"].Value.ToString().Contains("CDOFINISHED")) { bSeenFinishedMarker = true; } else { strOut.AppendLine(outParams2.Properties["sValue"].Value.ToString()); } } else { } // One of ours int intMy; bool isNumeric = int.TryParse("123", out intMy); if (isNumeric && intMy > 0) { inParams = registry.GetMethodParameters("DeleteValue"); inParams["sSubKeyName"] = strKey; inParams["sValueName"] = value; inParams["hDefKey"] = RegHive.HKEY_LOCAL_MACHINE; registry.InvokeMethod("DeleteValue", inParams, invokeOptions); } break; default: break; } } catch { continue; } } if (bSeenFinishedMarker == false) { Console.WriteLine("[!] WARNING: Didn't see stdout output finished marker - output may be truncated"); } else { Console.WriteLine("[i] Full command output received"); } return(strOut.ToString()); } catch { Console.WriteLine("[i] No registry keys indicating no output"); return(""); } }
public InvokeMethodOptions(ManagementNamedValueCollection context, System.TimeSpan timeout) { }
public DeleteOptions(ManagementNamedValueCollection context, System.TimeSpan timeout) {}
public PutOptions(ManagementNamedValueCollection context, System.TimeSpan timeout, bool useAmendedQualifiers, PutType putType) { }
public DeleteOptions(ManagementNamedValueCollection context, System.TimeSpan timeout) { }
public ObjectGetOptions(ManagementNamedValueCollection context, System.TimeSpan timeout, bool useAmendedQualifiers) {}
public ObjectGetOptions(ManagementNamedValueCollection context, System.TimeSpan timeout, bool useAmendedQualifiers) { }
public ObjectGetOptions(ManagementNamedValueCollection context) { }
public EventWatcherOptions(ManagementNamedValueCollection context, TimeSpan timeout, int blockSize) { throw new NotImplementedException(); }
public EventWatcherOptions(ManagementNamedValueCollection context, System.TimeSpan timeout, int blockSize) { }
public ConnectionOptions(string locale, string username, string password, string authority, ImpersonationLevel impersonation, AuthenticationLevel authentication, bool enablePrivileges, ManagementNamedValueCollection context, System.TimeSpan timeout) { }
public ConnectionOptions(string locale, string username, System.Security.SecureString password, string authority, ImpersonationLevel impersonation, AuthenticationLevel authentication, bool enablePrivileges, ManagementNamedValueCollection context, System.TimeSpan timeout) {}
public EnumerationOptions(ManagementNamedValueCollection context, System.TimeSpan timeout, int blockSize, bool rewindable, bool returnImmediatley, bool useAmendedQualifiers, bool ensureLocatable, bool prototypeOnly, bool directRead, bool enumerateDeep) {}
public ObjectGetOptions(ManagementNamedValueCollection context) {}
public PutOptions(ManagementNamedValueCollection context, System.TimeSpan timeout, bool useAmendedQualifiers, PutType putType) { }
public InvokeMethodOptions(ManagementNamedValueCollection context, System.TimeSpan timeout) {}
public PutOptions(ManagementNamedValueCollection context) { }
public EventWatcherOptions (ManagementNamedValueCollection context, TimeSpan timeout, int blockSize) { throw new NotImplementedException (); }
//WMI Query Registry for software details public int ReadRegistryForSoftwareWMI() { ComputerSoftware computerSoftwares = new ComputerSoftware(); int rtn = -1; try { using (var db = new DatabaseContext()) { const int REG_SZ = 1; const int REG_EXPAND_SZ = 2; const int REG_BINARY = 3; const int REG_DWORD = 4; const int REG_MULTI_SZ = 7; const int REG_QWORD = 11; var queryDBSoftware = db.ComputerSoftwares.Select(x => x.Name); List <int> softwareBits = new List <int> { 32, 64 }; foreach (int bit in softwareBits) { ManagementNamedValueCollection mContext = new ManagementNamedValueCollection { { "__ProviderArchitecture", bit }, { "__RequiredArchitecture", true } }; ConnectionOptions connectionOptions = new ConnectionOptions { Impersonation = ImpersonationLevel.Impersonate, Context = mContext }; ManagementScope scope = new ManagementScope("\\\\" + Environment.MachineName + "\\root\\CIMV2", connectionOptions); scope.Connect(); string softwareRegLoc = @"Software\Microsoft\Windows\CurrentVersion\Uninstall"; ManagementClass registry = new ManagementClass(scope, new ManagementPath("StdRegProv"), null); ManagementBaseObject inParams = registry.GetMethodParameters("EnumKey"); inParams["hDefKey"] = 0x80000002;//HKEY_LOCAL_MACHINE inParams["sSubKeyName"] = softwareRegLoc; // Read Registry Key Names ManagementBaseObject outParams = registry.InvokeMethod("EnumKey", inParams, null); string[] softwareGuids = outParams["sNames"] as string[]; foreach (string subKeyName in softwareGuids) { inParams = registry.GetMethodParameters("EnumValues"); inParams["hDefKey"] = 0x80000002;//HKEY_LOCAL_MACHINE inParams["sSubKeyName"] = softwareRegLoc + @"\" + subKeyName; // Read Registry Value outParams = registry.InvokeMethod("EnumValues", inParams, null); if (outParams.Properties["sNames"].Value != null && outParams.Properties["Types"].Value != null) { //For Names string[] softwareValueNames = (outParams.Properties["sNames"].Value) as string[]; int[] softwareValueTypes = (outParams.Properties["Types"].Value) as int[]; //For Types for (int i = 0; i < softwareValueTypes.Count(); i++) { int valueTypes = softwareValueTypes[i]; string valueNames = softwareValueNames[i]; string executionMethod; switch (valueTypes) { case REG_SZ: { executionMethod = "GetStringValue"; //inParams = registry.GetMethodParameters("GetStringValue"); break; } case REG_EXPAND_SZ: { executionMethod = "GetExpandedStringValue"; break; } case REG_BINARY: { executionMethod = "GetBinaryValue"; break; } case REG_DWORD: { executionMethod = "GetDWORDValue"; break; } case REG_MULTI_SZ: { executionMethod = "GetMultiStringValue"; break; } case REG_QWORD: { executionMethod = "GetQWORDValue"; break; } default: { executionMethod = "Close"; break; } } if (executionMethod != "Close") { inParams = registry.GetMethodParameters(executionMethod); inParams["hDefKey"] = 0x80000002;//HKEY_LOCAL_MACHINE inParams["sSubKeyName"] = softwareRegLoc + @"\" + subKeyName; inParams["sValueName"] = valueNames; outParams = registry.InvokeMethod(executionMethod, inParams, null); int softwareSystemComponent; //Get values switch (valueNames) { case "DisplayName": { computerSoftwares.Name = outParams.Properties["sValue"].Value.ToString(); break; } case "InstallLocation": { computerSoftwares.InstalledLocation = outParams.Properties["sValue"].Value.ToString(); break; } case "DisplayVersion": { computerSoftwares.Version = outParams.Properties["sValue"].Value.ToString(); break; } case "Publisher": { computerSoftwares.Publisher = outParams.Properties["sValue"].Value.ToString(); break; } case "InstallDate": { DateTime dt; if (outParams.Properties["sValue"].Value.ToString() == null) { computerSoftwares.InstalledOn = Convert.ToDateTime("19900903"); } else { try { if (DateTime.TryParseExact(outParams.Properties["sValue"].Value.ToString(), "yyyyMMdd", CultureInfo.InvariantCulture, DateTimeStyles.None, out dt)) { computerSoftwares.InstalledOn = dt; } else if (DateTime.TryParseExact(outParams.Properties["sValue"].Value.ToString(), "yyyy-MM-dd", CultureInfo.InvariantCulture, DateTimeStyles.None, out dt)) { computerSoftwares.InstalledOn = dt; } else if (DateTime.TryParseExact(outParams.Properties["sValue"].Value.ToString(), "yyyy/MM/dd", CultureInfo.InvariantCulture, DateTimeStyles.None, out dt)) { computerSoftwares.InstalledOn = dt; } } catch (Exception ex) { throw ex; } } break; } case "EstimatedSize": { computerSoftwares.Size = Convert.ToInt32(outParams.Properties["uValue"].Value); break; } case "SystemComponent": { softwareSystemComponent = Convert.ToInt32(outParams.Properties["uValue"].Value); if (softwareSystemComponent.Equals("")) { softwareSystemComponent = 1; } computerSoftwares.SystemComponent = softwareSystemComponent; break; } default: break; } } } //Filter unwanted softwares if (softwareValueNames.Contains("WindowsInstaller") && !softwareValueNames.Contains("ParentDisplayName") && !softwareValueNames.Contains("ParentDisplayName") && softwareValueNames.Contains("UninstallString")) { var currentRegistryScan = computerSoftwares.Name.ToString(); if (!string.IsNullOrEmpty(currentRegistryScan) && char.IsUpper(currentRegistryScan[0]) && !currentRegistryScan.Contains("-") && !currentRegistryScan.ToLower().Contains("pack") && !currentRegistryScan.ToLower().Contains("kb") && !currentRegistryScan.ToLower().Contains("update") && !queryDBSoftware.Contains(currentRegistryScan) && computerSoftwares.SystemComponent == 1) { computerSoftwares.Status = "Active"; db.ComputerSoftwares.Add(computerSoftwares); db.SaveChanges(); } } } } } rtn = 1; } } catch (Exception ex) { throw ex; } return(rtn); }
public PutOptions(ManagementNamedValueCollection context) { }
public EventWatcherOptions(ManagementNamedValueCollection context, System.TimeSpan timeout, int blockSize) {}