private void LoadLowRights(COMRegistryMode mode, Sid user)
{
m_lowrights = new List <COMIELowRightsElevationPolicy>();
if (mode == COMRegistryMode.Merged || mode == COMRegistryMode.MachineOnly)
{
LoadLowRightsKey(Registry.LocalMachine);
}
if (mode == COMRegistryMode.Merged || mode == COMRegistryMode.UserOnly)
{
using (RegistryKey key = Registry.Users.OpenSubKey(user.ToString()))
{
if (key != null)
{
LoadLowRightsKey(key);
}
}
}
m_lowrights.Sort();
}
private static RegistryKey OpenClassesKey(COMRegistryMode mode, Sid user)
{
if (user == null)
{
throw new ArgumentNullException("user");
}
switch (mode)
{
case COMRegistryMode.Merged:
return(Registry.ClassesRoot);
case COMRegistryMode.MachineOnly:
return(Registry.LocalMachine.OpenSubKey(@"SOFTWARE\Classes"));
case COMRegistryMode.UserOnly:
return(Registry.Users.OpenSubKey(String.Format(@"{0}\SOFTWARE\Classes", user)));
default:
throw new ArgumentException("Invalid mode", "mode");
}
}
/// <summary>
/// Default constructor
/// </summary>
private COMRegistry(COMRegistryMode mode, Sid user, IProgress <Tuple <string, int> > progress)
: this(mode)
{
using (RegistryKey classes_key = OpenClassesKey(mode, user))
{
const int total_count = 9;
LoadDefaultSecurity();
Report(progress, "CLSIDs", 1, total_count);
LoadCLSIDs(classes_key);
Report(progress, "AppIDs", 2, total_count);
LoadAppIDs(classes_key);
Report(progress, "ProgIDs", 3, total_count);
LoadProgIDs(classes_key);
Report(progress, "Interfaces", 4, total_count);
LoadInterfaces(classes_key);
Report(progress, "MIME Types", 5, total_count);
LoadMimeTypes(classes_key);
Report(progress, "PreApproved", 6, total_count);
LoadPreApproved(mode, user);
Report(progress, "LowRights", 7, total_count);
LoadLowRights(mode, user);
Report(progress, "TypeLibs", 8, total_count);
LoadTypelibs(classes_key);
Report(progress, "Runtime Classes", 9, total_count);
LoadWindowsRuntime(classes_key, mode);
}
try
{
CreatedUser = user.Name;
}
catch
{
CreatedUser = user.ToString();
}
}
/// <summary>
/// The main entry point for the application.
/// </summary>
public static void Main(string[] args)
{
string database_file = null;
string save_file = null;
bool do_enum = false;
bool enum_clsid = false;
bool enum_runtime = false;
bool show_help = false;
bool query_interfaces = false;
int concurrent_queries = Environment.ProcessorCount;
bool refresh_interfaces = false;
bool enable_activation_filter = false;
string symbol_dir = null;
bool delete_database = false;
string view_access_sd = null;
string view_launch_sd = null;
string view_name = null;
COMRegistryMode mode = COMRegistryMode.Merged;
IEnumerable <COMServerType> server_types = new COMServerType[] { COMServerType.InProcHandler32, COMServerType.InProcServer32, COMServerType.LocalServer32 };
OptionSet opts = new OptionSet()
{
{ "i|in=", "Open a database file.", v => database_file = v },
{ "o|out=", "Save database and exit.", v => save_file = v },
{ "e|enum", "Enumerate the provided CLSID (GUID).", v => enum_clsid = v != null },
{ "r|rt", "Enumerate the provided Runtime Class.", v => enum_runtime = v != null },
{ "q|query", "Query all interfaces for database", v => query_interfaces = v != null },
{ "c|conn=", "Number of concurrent interface queries", v => concurrent_queries = int.Parse(v) },
{ "s|server=", "Specify server types for query", v => server_types = ParseServerTypes(v) },
{ "refresh", "Refresh interfaces in query", v => refresh_interfaces = v != null },
{ "m", "Loading mode is machine only.", v => mode = COMRegistryMode.MachineOnly },
{ "u", "Loading mode is user only.", v => mode = COMRegistryMode.UserOnly },
{ "a", "Enable activation filter.", v => enable_activation_filter = v != null },
{ "g=", "Generate a symbol file in the specified directory.", v => symbol_dir = v },
{ "d", "Delete the input database once loaded", v => delete_database = v != null },
{ "v=", "View a COM access security descriptor (specify the SDDL)", v => view_access_sd = v },
{ "l=", "View a COM launch security descriptor (specify the SDDL)", v => view_launch_sd = v },
{ "n=", "Name any simple form display such as security descriptor", v => view_name = v },
{ "h|help", "Show this message and exit.", v => show_help = v != null },
};
List <string> additional_args = new List <string>();
try
{
additional_args = opts.Parse(args);
}
catch
{
show_help = true;
}
do_enum = enum_clsid || enum_runtime;
if (show_help || (do_enum && additional_args.Count < 4) || (symbol_dir != null && !Directory.Exists(symbol_dir)))
{
StringWriter writer = new StringWriter();
writer.WriteLine("Usage: OleViewDotNet [options] [enum args]");
writer.WriteLine();
writer.WriteLine("Options:");
opts.WriteOptionDescriptions(writer);
MessageBox.Show(writer.ToString(), "Help", MessageBoxButtons.OK, MessageBoxIcon.Information);
Environment.Exit(1);
}
if (do_enum)
{
try
{
Environment.Exit(EnumInterfaces(new Queue <string>(additional_args), enum_runtime));
}
catch
{
Environment.Exit(42);
}
}
else if (symbol_dir != null)
{
try
{
COMUtilities.GenerateSymbolFile(symbol_dir,
Environment.Is64BitProcess ? Properties.Settings.Default.DbgHelpPath64 : Properties.Settings.Default.DbgHelpPath32, Properties.Settings.Default.SymbolPath);
Environment.Exit(0);
}
catch (Exception)
{
Environment.Exit(1);
}
}
else
{
AppDomain.CurrentDomain.UnhandledException += UnhandledExceptionHandler;
Application.EnableVisualStyles();
Application.SetCompatibleTextRenderingDefault(false);
try
{
if (view_access_sd != null || view_launch_sd != null)
{
bool access = view_access_sd != null;
SecurityDescriptor sd = new SecurityDescriptor(view_access_sd ?? view_launch_sd);
AccessMask valid_access = access ? 0x7 : 0x1F;
SecurityDescriptorViewerControl control = new SecurityDescriptorViewerControl();
DocumentForm frm = new DocumentForm(control);
string title = $"{(access ? "Access Security" : "Launch Security")}";
if (!string.IsNullOrWhiteSpace(view_name))
{
title = $"{view_name} {title}";
}
frm.Text = title;
control.SetSecurityDescriptor(sd, typeof(COMAccessRights), new GenericMapping()
{
GenericExecute = valid_access,
GenericRead = valid_access,
GenericWrite = valid_access,
GenericAll = valid_access
}, valid_access);
Application.Run(frm);
return;
}
COMRegistry registry = database_file != null?COMUtilities.LoadRegistry(null, database_file)
: COMUtilities.LoadRegistry(null, mode);
if (delete_database && database_file != null)
{
File.Delete(database_file);
}
if (query_interfaces)
{
if (!COMUtilities.QueryAllInterfaces(null, registry.Clsids.Values, server_types, concurrent_queries, refresh_interfaces))
{
Environment.Exit(1);
}
}
if (save_file != null)
{
registry.Save(save_file);
Environment.Exit(0);
}
_appContext = new MultiApplicationContext(new MainForm(registry));
if (enable_activation_filter)
{
COMUtilities.CoRegisterActivationFilter(new ActivationFilter());
}
Application.Run(_appContext);
}
catch (Exception ex)
{
if (!(ex is OperationCanceledException))
{
ShowError(null, ex);
}
}
}
}
public static COMRegistry Load(COMRegistryMode mode)
{
return(Load(mode, null, new DummyProgress()));
}
public static void Main(string[] args)
{
string database_file = null;
string save_file = null;
bool enum_clsid = false;
bool enum_runtime = false;
bool show_help = false;
bool query_interfaces = false;
int concurrent_queries = Environment.ProcessorCount;
bool refresh_interfaces = false;
bool enable_activation_filter = false;
COMRegistryMode mode = COMRegistryMode.Merged;
IEnumerable <COMServerType> server_types = new COMServerType[] { COMServerType.InProcHandler32, COMServerType.InProcServer32, COMServerType.LocalServer32 };
OptionSet opts = new OptionSet()
{
{ "i|in=", "Open a database file.", v => database_file = v },
{ "o|out=", "Save database and exit.", v => save_file = v },
{ "e|enum", "Enumerate the provided CLSID (GUID).", v => enum_clsid = v != null },
{ "r|rt", "Enumerate the provided Runtime Class.", v => enum_runtime = v != null },
{ "q|query", "Query all interfaces for database", v => query_interfaces = v != null },
{ "c|conn=", "Number of concurrent interface queries", v => concurrent_queries = int.Parse(v) },
{ "s|server=", "Specify server types for query", v => server_types = ParseServerTypes(v) },
{ "refresh", "Refresh interfaces in query", v => refresh_interfaces = v != null },
{ "m", "Loading mode is machine only.", v => mode = COMRegistryMode.MachineOnly },
{ "u", "Loading mode is user only.", v => mode = COMRegistryMode.UserOnly },
{ "a", "Enable activation filter.", v => enable_activation_filter = v != null },
{ "h|help", "Show this message and exit.", v => show_help = v != null },
};
List <string> additional_args = new List <string>();
try
{
additional_args = opts.Parse(args);
}
catch
{
show_help = true;
}
if (show_help || (enum_clsid && additional_args.Count < 4) || (enum_runtime && additional_args.Count < 3))
{
StringWriter writer = new StringWriter();
writer.WriteLine("Usage: OleViewDotNet [options] [enum args]");
writer.WriteLine();
writer.WriteLine("Options:");
opts.WriteOptionDescriptions(writer);
MessageBox.Show(writer.ToString(), "Help", MessageBoxButtons.OK, MessageBoxIcon.Information);
Environment.Exit(1);
}
if (enum_clsid || enum_runtime)
{
try
{
Environment.Exit(EnumInterfaces(new Queue <string>(additional_args), enum_runtime));
}
catch
{
Environment.Exit(42);
}
}
else
{
AppDomain.CurrentDomain.UnhandledException += UnhandledExceptionHandler;
Application.EnableVisualStyles();
Application.SetCompatibleTextRenderingDefault(false);
try
{
COMRegistry registry = database_file != null?COMUtilities.LoadRegistry(null, database_file)
: COMUtilities.LoadRegistry(null, mode);
if (query_interfaces)
{
if (!COMUtilities.QueryAllInterfaces(null, registry.Clsids.Values, server_types, concurrent_queries, refresh_interfaces))
{
Environment.Exit(1);
}
}
if (save_file != null)
{
registry.Save(save_file);
Environment.Exit(0);
}
_appContext = new MultiApplicationContext(new MainForm(registry));
if (enable_activation_filter)
{
COMUtilities.CoRegisterActivationFilter(new ActivationFilter());
}
Application.Run(_appContext);
}
catch (Exception ex)
{
if (!(ex is OperationCanceledException))
{
ShowError(null, ex);
}
}
}
}
