static int runTermination(Logit log, string targetName, ContractEnum contractType, int maxTTL, int targetsProcessed) { log.Append("acquiring targets...", LogVerboseLevel.Normal); List <Target> targets = new List <Target>(); try { targets = acquireTargets(targetName, log); } catch (Exception ex) { log.Append("Error acquiring targets: " + ex.Message, LogVerboseLevel.Normal); } if (targets.Count > 0) { log.Append("targets acquired: " + targets.Count + " processing targets...", LogVerboseLevel.Normal); foreach (Target target in targets) { if (processTarget(target, contractType, maxTTL, log)) { targetsProcessed++; } } } return(targetsProcessed); }
static List <Target> acquireTargets(string name, Logit log) { List <Target> targets = new List <Target>(); List <Target> allprocs = GetActiveProcessList(log); foreach (Target proc in allprocs) { log.Append("evaluating: " + proc.Name, LogVerboseLevel.Debug); if (proc.Name.ToLower() == name.ToLower()) { try { Target target = new Target(); target.Name = proc.Name; target.Path = proc.Path; target.StartTime = proc.StartTime; target.DiscoveryTime = DateTime.Now; target.PID = proc.PID; targets.Add(target); } catch (Exception ex) { log.Append("Warning: could not evaluate potential target: " + proc.Name + " error: " + ex.Message, LogVerboseLevel.Normal); } } } return(targets); }
static List <Target> GetActiveProcessList(Logit log) { List <Target> activeList = new List <Target>(); WqlObjectQuery w = new WqlObjectQuery("Select * from Win32_Process"); ManagementObjectSearcher mos = new ManagementObjectSearcher(w); foreach (ManagementObject mo in mos.Get()) { try { Target po = new Target(); po.PID = Convert.ToInt32(mo.Properties["ProcessID"].Value.ToString()); try { po.StartTime = convertFromWmiToDotNetDateTime(mo.Properties["CreationDate"].Value.ToString()); } catch { } string pathName = "NA"; if (po.PID == 0) { pathName = "System Idle Process"; } else if (po.PID == 4) { pathName = "System"; } else { try { pathName = mo.Properties["ExecutablePath"].Value.ToString(); } catch { pathName = mo.Properties["Caption"].Value.ToString(); // can fail when attempting to get extended process info on protected processes, until i do, we use the process name as path } } po.Name = mo.Properties["Caption"].Value.ToString().ToLower(); po.Path = pathName.ToLower(); activeList.Add(po); } catch (Exception ex) { log.Append("Warning: could not get details on process: " + mo.Path, LogVerboseLevel.Normal); } } return(activeList); }
static void Main(string[] args) { // diagnostics log, written to %TEMP% by default Logit log = new Logit(); log.Verbosity = LogVerboseLevel.Normal; if (args.Contains("LOG=DEBUG")) { log.Verbosity = LogVerboseLevel.Debug; } log.Init(); string targetName = "NA"; int maxTTL = 0; ContractEnum contractType = ContractEnum.Tag; int targetsProcessed = 0; bool proceed = true; try { targetName = pullTargetFromArgs(args, log); maxTTL = pullTTLFromArgs(args, log); contractType = pullContractFromArgs(args, log); if (targetName == "NA" || maxTTL == 0) { displayHelp(); proceed = false; } } catch (Exception ex) { log.Append("Error pulling command line parameters: " + ex.Message, LogVerboseLevel.Normal); proceed = false; } if (proceed) { log.Append("Terminate is starting", LogVerboseLevel.Normal); log.Append(" target app: " + targetName, LogVerboseLevel.Normal); log.Append(" max time to live (minutes): " + maxTTL, LogVerboseLevel.Normal); log.Append(" contract type: " + contractType, LogVerboseLevel.Normal); targetsProcessed = runTermination(log, targetName, contractType, maxTTL, targetsProcessed); log.Append("Total targets processed: " + targetsProcessed, LogVerboseLevel.Normal); log.Append("Terminate is complete. Shutting down.", LogVerboseLevel.Normal); } quit(log); }
static bool processTarget(Target target, ContractEnum contract, int ttl, Logit log) { bool success = false; try { if (contract == ContractEnum.Kill && target.TargetAge > ttl) { log.Append("Killing process: " + target.Name, LogVerboseLevel.Normal); Process deadProcRunning = Process.GetProcessById(target.PID); deadProcRunning.Kill(); log.Append(" done", LogVerboseLevel.Normal); success = true; } else if (contract == ContractEnum.Tag && target.TargetAge > ttl) { log.Append("tagging process: " + target.Name, LogVerboseLevel.Normal); RegistryKey ldKey = Registry.LocalMachine.OpenSubKey("SOFTWARE\\LANDesk\\ManagementSuite\\WinClient"); string ldPath = ldKey.GetValue("Path").ToString(); ProcessStartInfo psi = new ProcessStartInfo(); psi.FileName = ldPath + "\\miniscan.exe"; psi.Arguments = "\"/send=Custom Data - Support - ProcessName = " + target.Name + "\""; psi.WorkingDirectory = ldPath; Process myProc = Process.Start(psi); myProc.WaitForExit(); psi.Arguments = "\"/send=Custom Data - Support - ProcessAgeMinutes = " + target.TargetAge + "\""; myProc = Process.Start(psi); myProc.WaitForExit(); log.Append(" done", LogVerboseLevel.Normal); success = true; } else { log.Append("Hit aborted. target too young: " + target.TargetAge + " minutes, name: " + target.Name, LogVerboseLevel.Normal); } } catch (Exception ex) { log.Append("Error completing processing target: " + target.Name + " error: " + ex.Message, LogVerboseLevel.Normal); } return(success); }