public TrayIcon()
{
this.components = new Container();
this.contextMenu = new ContextMenu();
// Initialize menuItem1
this.menuBlock = new MenuItem();
this.menuBlock.Index = 0;
this.menuBlock.Text = Translate.fmt("mnu_block");
ProgramID id = ProgramID.NewID(ProgramID.Types.Global);
ProgramSet prog = App.client.GetProgram(id, true);
if (prog == null)
{
this.menuBlock.Enabled = false;
}
else
{
this.menuBlock.Checked = (prog.config.CurAccess == ProgramSet.Config.AccessLevels.BlockAccess);
}
this.menuBlock.Click += new System.EventHandler(this.menuBlock_Click);
// Initialize menuItem1
this.menuExit = new MenuItem();
this.menuExit.Index = 0;
this.menuExit.Text = Translate.fmt("mnu_exit");
this.menuExit.Click += new System.EventHandler(this.menuExit_Click);
// Initialize contextMenu1
this.contextMenu.MenuItems.AddRange(new MenuItem[] { this.menuBlock, new MenuItem("-"), this.menuExit });
// Create the NotifyIcon.
this.notifyIcon = new NotifyIcon(this.components);
string exePath = System.Reflection.Assembly.GetExecutingAssembly().Location;
// The Icon property sets the icon that will appear
// in the systray for this application.
//notifyIcon1.Icon = new Icon("wu.ico");
notifyIcon.Icon = System.Drawing.Icon.ExtractAssociatedIcon(exePath);
// The ContextMenu property sets the menu that will
// appear when the systray icon is right clicked.
notifyIcon.ContextMenu = this.contextMenu;
// The Text property sets the text that will be displayed,
// in a tooltip, when the mouse hovers over the systray icon.
notifyIcon.Text = FileVersionInfo.GetVersionInfo(exePath).FileDescription;
// Handle the DoubleClick event to activate the form.
notifyIcon.DoubleClick += new System.EventHandler(this.notifyIcon1_DoubleClick);
notifyIcon.Click += new System.EventHandler(this.notifyIcon1_Click);
mTimer.Tick += new EventHandler(OnTimerTick);
mTimer.Interval = new TimeSpan(0, 0, 0, 0, 500);
mTimer.Start();
}
private void UpdateFwMode()
{
ProgramID id = ProgramID.NewID(ProgramID.Types.Global);
ProgramSet prog = App.client.GetProgram(id, true);
if (prog == null)
{
this.menuBlock.Enabled = false;
}
else
{
this.menuBlock.Checked = prog.config.CurAccess == ProgramConfig.AccessLevels.BlockAccess;
}
UpdateMode();
}
public static bool LoadRule(FirewallRule rule, INetFwRule2 entry)
{
try
{
INetFwRule3 entry3 = entry as INetFwRule3;
rule.BinaryPath = entry.ApplicationName;
rule.ServiceTag = entry.serviceName;
if (entry3 != null)
{
rule.AppSID = entry3.LocalAppPackageId;
}
// Note: while LocalAppPackageId and serviceName can be set at the same timea universall App can not be started as a service
ProgramID progID;
if (entry.ApplicationName != null && entry.ApplicationName.Equals("System", StringComparison.OrdinalIgnoreCase))
{
progID = ProgramID.NewID(ProgramID.Types.System);
}
// Win10
else if (entry3 != null && entry3.LocalAppPackageId != null)
{
if (entry.serviceName != null)
{
throw new ArgumentException("Firewall paremeter conflict");
}
progID = ProgramID.NewAppID(entry3.LocalAppPackageId, entry.ApplicationName);
}
//
else if (entry.serviceName != null)
{
progID = ProgramID.NewSvcID(entry.serviceName, entry.ApplicationName);
}
else if (entry.ApplicationName != null)
{
progID = ProgramID.NewProgID(entry.ApplicationName);
}
else // if nothing is configured than its a global roule
{
progID = ProgramID.NewID(ProgramID.Types.Global);
}
rule.ProgID = Priv10Engine.AdjustProgID(progID);
// https://docs.microsoft.com/en-us/windows/desktop/api/netfw/nn-netfw-inetfwrule
rule.Name = entry.Name;
rule.Grouping = entry.Grouping;
rule.Description = entry.Description;
//rule.ProgramPath = entry.ApplicationName;
//rule.ServiceName = entry.serviceName;
rule.Enabled = entry.Enabled;
switch (entry.Direction)
{
case NET_FW_RULE_DIRECTION_.NET_FW_RULE_DIR_IN: rule.Direction = FirewallRule.Directions.Inbound; break;
case NET_FW_RULE_DIRECTION_.NET_FW_RULE_DIR_OUT: rule.Direction = FirewallRule.Directions.Outboun; break;
}
switch (entry.Action)
{
case NET_FW_ACTION_.NET_FW_ACTION_ALLOW: rule.Action = FirewallRule.Actions.Allow; break;
case NET_FW_ACTION_.NET_FW_ACTION_BLOCK: rule.Action = FirewallRule.Actions.Block; break;
}
rule.Profile = entry.Profiles;
if (entry.InterfaceTypes.Equals("All", StringComparison.OrdinalIgnoreCase))
{
rule.Interface = (int)FirewallRule.Interfaces.All;
}
else
{
rule.Interface = 0;
if (entry.InterfaceTypes.IndexOf("Lan", StringComparison.OrdinalIgnoreCase) != -1)
{
rule.Interface |= (int)FirewallRule.Interfaces.Lan;
}
if (entry.InterfaceTypes.IndexOf("Wireless", StringComparison.OrdinalIgnoreCase) != -1)
{
rule.Interface |= (int)FirewallRule.Interfaces.Wireless;
}
if (entry.InterfaceTypes.IndexOf("RemoteAccess", StringComparison.OrdinalIgnoreCase) != -1)
{
rule.Interface |= (int)FirewallRule.Interfaces.RemoteAccess;
}
}
rule.Protocol = entry.Protocol;
/*The localAddrs parameter consists of one or more comma-delimited tokens specifying the local addresses from which the application can listen for traffic. "*" is the default value. Valid tokens include:
*
* "*" indicates any local address. If present, this must be the only token included.
* "Defaultgateway"
* "DHCP"
* "WINS"
* "LocalSubnet" indicates any local address on the local subnet. This token is not case-sensitive.
* A subnet can be specified using either the subnet mask or network prefix notation. If neither a subnet mask not a network prefix is specified, the subnet mask defaults to 255.255.255.255.
* A valid IPv6 address.
* An IPv4 address range in the format of "start address - end address" with no spaces included.
* An IPv6 address range in the format of "start address - end address" with no spaces included.*/
switch (rule.Protocol)
{
case (int)FirewallRule.KnownProtocols.ICMP:
case (int)FirewallRule.KnownProtocols.ICMPv6:
rule.SetIcmpTypesAndCodes(entry.IcmpTypesAndCodes);
break;
case (int)FirewallRule.KnownProtocols.TCP:
case (int)FirewallRule.KnownProtocols.UDP:
// , separated number or range 123-456
rule.LocalPorts = entry.LocalPorts;
rule.RemotePorts = entry.RemotePorts;
break;
}
rule.LocalAddresses = entry.LocalAddresses;
rule.RemoteAddresses = entry.RemoteAddresses;
// https://docs.microsoft.com/de-de/windows/desktop/api/icftypes/ne-icftypes-net_fw_edge_traversal_type_
//EdgeTraversal = (int)(Entry.EdgeTraversal ? NET_FW_EDGE_TRAVERSAL_TYPE_.NET_FW_EDGE_TRAVERSAL_TYPE_ALLOW : NET_FW_EDGE_TRAVERSAL_TYPE_.NET_FW_EDGE_TRAVERSAL_TYPE_DENY);
rule.EdgeTraversal = entry.EdgeTraversalOptions;
if (entry3 != null)
{
/*
* string s0 = entry3.LocalAppPackageId // 8
* string s1 = entry3.RemoteUserAuthorizedList; // 7
* string s2 = entry3.RemoteMachineAuthorizedList; // 7
* string s3 = entry3.LocalUserAuthorizedList; // 8
* string s4 = entry3.LocalUserOwner; // 8
* int i1 = entry3.SecureFlags; // ??
*/
}
}
catch (Exception err)
{
Priv10Logger.LogError("Reading Firewall Rule failed {0}", err.ToString());
return(false);
}
return(true);
}
public void UpdateSockets()
{
UInt64 curTick = MiscFunc.GetTickCount64();
UInt64 Interval = curTick - LastUpdate;
LastUpdate = curTick;
List <IPHelper.I_SOCKET_ROW> Sockets = new List <IPHelper.I_SOCKET_ROW>();
// enum all ockets
IntPtr tcp4Table = IPHelper.GetTcpSockets(ref Sockets);
IntPtr tcp6Table = IPHelper.GetTcp6Sockets(ref Sockets);
IntPtr udp4Table = IPHelper.GetUdpSockets(ref Sockets);
IntPtr udp6Table = IPHelper.GetUdp6Sockets(ref Sockets);
MultiValueDictionary <UInt64, NetworkSocket> OldSocketList = SocketList.Clone();
for (int i = 0; i < Sockets.Count; i++)
{
IPHelper.I_SOCKET_ROW SocketRow = Sockets[i];
NetworkSocket Socket = FindSocket(OldSocketList, SocketRow.ProcessId, SocketRow.ProtocolType, SocketRow.LocalAddress, SocketRow.LocalPort, SocketRow.RemoteAddress, SocketRow.RemotePort, NetworkSocket.MatchMode.Strict);
if (Socket != null)
{
//AppLog.Debug("Found Socket {0}:{1} {2}:{3}", Socket.LocalAddress, Socket.LocalPort, Socket.RemoteAddress, Socket.RemotePort);
OldSocketList.Remove(Socket.HashID, Socket);
}
else
{
Socket = new NetworkSocket(SocketRow.ProcessId, SocketRow.ProtocolType, SocketRow.LocalAddress, SocketRow.LocalPort, SocketRow.RemoteAddress, SocketRow.RemotePort);
//AppLog.Debug("Added Socket {0}:{1} {2}:{3}", Socket.LocalAddress, Socket.LocalPort, Socket.RemoteAddress, Socket.RemotePort);
SocketList.Add(Socket.HashID, Socket);
}
// Note: sockets observed using ETW are not yet initialized as we are missing owner informations there
if (Socket.ProgID == null)
{
Socket.CreationTime = SocketRow.CreationTime;
if (App.engine.DnsInspector != null && Socket.RemoteAddress != null)
{
App.engine.DnsInspector.GetHostName(Socket.ProcessId, Socket.RemoteAddress, Socket, NetworkSocket.HostSetter);
}
var moduleInfo = SocketRow.Module;
if (moduleInfo == null || moduleInfo.ModulePath.Equals("System", StringComparison.OrdinalIgnoreCase))
{
Socket.ProgID = ProgramID.NewID(ProgramID.Types.System);
}
else
{
string fileName = moduleInfo.ModulePath;
string serviceTag = moduleInfo.ModuleName;
// Note: for services and system TCPIP_OWNER_MODULE_BASIC_INFO.pModuleName is the same TCPIP_OWNER_MODULE_BASIC_INFO.pModulePath
// hence we don't have the actuall exe path and we will have to resolve it.
if (serviceTag.Equals(fileName))
{
fileName = null; // filename not valid
}
else
{
serviceTag = null; // service tag not valid
}
Socket.ProgID = App.engine.GetProgIDbyPID(Socket.ProcessId, serviceTag, fileName);
}
}
Socket.Update(SocketRow, Interval);
//IPHelper.ModuleInfo Info = SocketRow.Module;
//AppLog.Debug("Socket {0}:{1} {2}:{3} {4}", Socket.LocalAddress, Socket.LocalPort, Socket.RemoteAddress, Socket.RemotePort, (Info != null ? (Info.ModulePath + " (" + Info.ModuleName + ")") : "") + " [PID: " + Socket.ProcessId + "]");
}
foreach (NetworkSocket Socket in OldSocketList.GetAllValues())
{
bool bIsUDPPseudoCon = (Socket.ProtocolType & (UInt32)IPHelper.AF_PROT.UDP) == (UInt32)IPHelper.AF_PROT.UDP && Socket.RemotePort != 0;
// Note: sockets observed using ETW are not yet initialized as we are missing owner informations there
if (Socket.ProgID == null)
{
Socket.CreationTime = DateTime.Now;
if (App.engine.DnsInspector != null && Socket.RemoteAddress != null)
{
App.engine.DnsInspector.GetHostName(Socket.ProcessId, Socket.RemoteAddress, Socket, NetworkSocket.HostSetter);
}
// Note: etw captured connections does not handle services to well :/
Socket.ProgID = App.engine.GetProgIDbyPID(Socket.ProcessId, null, null);
}
Socket.Update(null, Interval);
if (bIsUDPPseudoCon && (DateTime.Now - Socket.LastActivity).TotalMilliseconds < 5000) // 5 sec // todo: customize udp pseudo con time
{
OldSocketList.Remove(Socket.HashID, Socket);
if (Socket.RemovedTimeStamp != 0)
{
Socket.RemovedTimeStamp = 0;
}
}
else
{
Socket.State = (int)IPHelper.MIB_TCP_STATE.CLOSED;
}
}
UInt64 CurTick = MiscFunc.GetCurTick();
foreach (NetworkSocket Socket in OldSocketList.GetAllValues())
{
if (Socket.RemovedTimeStamp == 0)
{
Socket.RemovedTimeStamp = CurTick;
}
else if (Socket.RemovedTimeStamp < CurTick + 3000) // todo: customize retention time
{
SocketList.Remove(Socket.HashID, Socket);
Socket.Program?.RemoveSocket(Socket);
}
//AppLog.Debug("Removed Socket {0}:{1} {2}:{3}", CurSocket.LocalAddress, CurSocket.LocalPort, CurSocket.RemoteAddress, CurSocket.RemotePort);
}
// cleanup
if (tcp4Table != IntPtr.Zero)
{
Marshal.FreeHGlobal(tcp4Table);
}
if (tcp6Table != IntPtr.Zero)
{
Marshal.FreeHGlobal(tcp6Table);
}
if (udp4Table != IntPtr.Zero)
{
Marshal.FreeHGlobal(udp4Table);
}
if (udp6Table != IntPtr.Zero)
{
Marshal.FreeHGlobal(udp6Table);
}
}
public void UpdateSockets()
{
UInt64 curTick = MiscFunc.GetTickCount64();
UInt64 Interval = curTick - LastUpdate;
LastUpdate = curTick;
List <IPHelper.I_SOCKET_ROW> Sockets = new List <IPHelper.I_SOCKET_ROW>();
// enum all ockets
IntPtr tcp4Table = IPHelper.GetTcpSockets(ref Sockets);
IntPtr tcp6Table = IPHelper.GetTcp6Sockets(ref Sockets);
IntPtr udp4Table = IPHelper.GetUdpSockets(ref Sockets);
IntPtr udp6Table = IPHelper.GetUdp6Sockets(ref Sockets);
MultiValueDictionary <UInt64, NetworkSocket> OldSocketList = SocketList.Clone();
for (int i = 0; i < Sockets.Count; i++)
{
IPHelper.I_SOCKET_ROW SocketRow = Sockets[i];
NetworkSocket Socket = FindSocket(OldSocketList, SocketRow.ProcessId, SocketRow.ProtocolType, SocketRow.LocalAddress, SocketRow.LocalPort, SocketRow.RemoteAddress, SocketRow.RemotePort, NetworkSocket.MatchMode.Strict);
if (Socket != null)
{
//AppLog.Debug("Found Socket {0}:{1} {2}:{3}", Socket.LocalAddress, Socket.LocalPort, Socket.RemoteAddress, Socket.RemotePort);
OldSocketList.Remove(Socket.HashID, Socket);
}
else
{
Socket = new NetworkSocket(SocketRow.ProcessId, SocketRow.ProtocolType, SocketRow.LocalAddress, SocketRow.LocalPort, SocketRow.RemoteAddress, SocketRow.RemotePort);
//AppLog.Debug("Added Socket {0}:{1} {2}:{3}", Socket.LocalAddress, Socket.LocalPort, Socket.RemoteAddress, Socket.RemotePort);
SocketList.Add(Socket.HashID, Socket);
}
// Note: sockets observed using ETW are not yet initialized as we are missing owner informations there
if (Socket.ProgID == null)
{
Socket.CreationTime = SocketRow.CreationTime;
if (Socket.RemoteAddress != null)
{
App.engine.DnsInspector.GetHostName(Socket.ProcessId, Socket.RemoteAddress, Socket, NetworkSocket.HostSetter);
}
var moduleInfo = SocketRow.Module;
if (moduleInfo == null || moduleInfo.ModulePath.Equals("System", StringComparison.OrdinalIgnoreCase))
{
Socket.ProgID = ProgramID.NewID(ProgramID.Types.System);
}
else
{
string fileName = moduleInfo.ModulePath;
string serviceTag = moduleInfo.ModuleName;
// Note: for services and system TCPIP_OWNER_MODULE_BASIC_INFO.pModuleName is the same TCPIP_OWNER_MODULE_BASIC_INFO.pModulePath
// hence we don't have the actuall exe path and we will have to resolve it.
if (serviceTag.Equals(fileName))
{
fileName = null; // filename not valid
}
else
{
serviceTag = null; // service tag not valid
}
Socket.ProgID = App.engine.GetProgIDbyPID(Socket.ProcessId, serviceTag, fileName);
}
}
// a program may have been removed than the sockets get unasigned and has to be re asigned
if (Socket.Assigned == false)
{
Program prog = Socket.ProgID == null ? null : App.engine.ProgramList.GetProgram(Socket.ProgID, true, ProgramList.FuzzyModes.Any);
prog?.AddSocket(Socket);
if (prog != null)
{
Socket.Access = prog.LookupRuleAccess(Socket);
}
}
Socket.Update(SocketRow, Interval);
//IPHelper.ModuleInfo Info = SocketRow.Module;
//AppLog.Debug("Socket {0}:{1} {2}:{3} {4}", Socket.LocalAddress, Socket.LocalPort, Socket.RemoteAddress, Socket.RemotePort, (Info != null ? (Info.ModulePath + " (" + Info.ModuleName + ")") : "") + " [PID: " + Socket.ProcessId + "]");
}
UInt64 CurTick = MiscFunc.GetCurTick();
foreach (NetworkSocket Socket in OldSocketList.GetAllValues())
{
if (Socket.RemovedTimeStamp == 0)
{
Socket.RemovedTimeStamp = CurTick;
}
else if (Socket.RemovedTimeStamp < CurTick + 3000) // todo: customize retention time
{
SocketList.Remove(Socket.HashID, Socket);
Program prog = Socket.ProgID == null ? null : App.engine.ProgramList.GetProgram(Socket.ProgID);
prog?.RemoveSocket(Socket);
}
//AppLog.Debug("Removed Socket {0}:{1} {2}:{3}", CurSocket.LocalAddress, CurSocket.LocalPort, CurSocket.RemoteAddress, CurSocket.RemotePort);
}
// cleanup
if (tcp4Table != IntPtr.Zero)
{
Marshal.FreeHGlobal(tcp4Table);
}
if (tcp6Table != IntPtr.Zero)
{
Marshal.FreeHGlobal(tcp6Table);
}
if (udp4Table != IntPtr.Zero)
{
Marshal.FreeHGlobal(udp4Table);
}
if (udp6Table != IntPtr.Zero)
{
Marshal.FreeHGlobal(udp6Table);
}
}
