public void HandlePushNotification(string func, object args) { try { if (func == "ActivityNotification") { NotifyActivity(GetArg <Guid>(args, 0), GetArg <Program.LogEntry>(args, 1)); } else if (func == "ChangeNotification") { NotifyChange(GetArg <Guid>(args, 0)); } else { throw new Exception("Unknown Notificacion"); } } catch (Exception err) { AppLog.Line("Error in {0}: {1}", MiscFunc.GetCurrentMethod(), err.Message); } }
// *** Tasks *** static public List <string> EnumTasks(string path) { List <string> list = new List <string>(); try { TaskScheduler.TaskScheduler service = new TaskScheduler.TaskScheduler(); service.Connect(); ITaskFolder folder = service.GetFolder(path); foreach (IRegisteredTask task in folder.GetTasks((int)_TASK_ENUM_FLAGS.TASK_ENUM_HIDDEN)) { list.Add(task.Name); } } catch (Exception err) { AppLog.Line("Error in {0}: {1}", MiscFunc.GetCurrentMethod(), err.Message); return(null); } return(list); }
public bool Load(XmlNode entryNode) { foreach (XmlNode node in entryNode.ChildNodes) { if (node.Name == "id") { ProgramList.ID id = new ProgramList.ID(); if (id.Load(node)) { IDs.Add(id); } } else if (node.Name == "Name") { config.Name = node.InnerText; } else if (node.Name == "Category") { config.Category = node.InnerText; } else if (node.Name == "Icon") { config.Icon = node.InnerText; } else if (node.Name == "NetAccess") { Enum.TryParse(node.InnerText, out config.NetAccess); } else if (node.Name == "Notify") { config.Notify = MiscFunc.parseBool(node.InnerText, null); } else { AppLog.Line("Unknown Program Value, '{0}':{1}", node.Name, node.InnerText); } } return(IDs.Count > 0 && config.Name != null); }
public static string SID_SPLevel = "S-1-16-28672"; // Secure Process Mandatory Level internal static bool TakeOwn(string path) { bool ret = true; try { TokenManipulator.AddPrivilege(TokenManipulator.SE_TAKE_OWNERSHIP_NAME); FileSecurity ac = File.GetAccessControl(path); ac.SetOwner(new SecurityIdentifier(FileOps.SID_Admins)); File.SetAccessControl(path, ac); } catch (PrivilegeNotHeldException err) { AppLog.Line("Couldn't take Ovnership {0}", err.ToString()); ret = false; } finally { TokenManipulator.RemovePrivilege(TokenManipulator.SE_TAKE_OWNERSHIP_NAME); } return(ret); }
static public bool IsTaskEnabled(string path, string name) { if (name == "*") { List <string> names = EnumTasks(path); if (names == null) { return(true); // we dont know so just in case } foreach (string found in names) { if (IsTaskEnabled(path, found)) { return(true); } } return(false); } try { TaskScheduler.TaskScheduler service = new TaskScheduler.TaskScheduler(); service.Connect(); ITaskFolder folder = service.GetFolder(path); IRegisteredTask task = folder.GetTask(name); return(task.Enabled); } catch (FileNotFoundException) { return(false); } catch (Exception err) { AppLog.Line("Error in {0}: {1}", MiscFunc.GetCurrentMethod(), err.Message); } return(true); // we dont know so just in case }
public FilteringModes GetFilteringMode() { try { if (TestFirewallEnabled(true)) { if (TestDefaultOutboundAction(NET_FW_ACTION_.NET_FW_ACTION_ALLOW)) { return(FilteringModes.BlackList); } if (TestDefaultOutboundAction(NET_FW_ACTION_.NET_FW_ACTION_BLOCK)) { return(FilteringModes.WhiteList); } } return(FilteringModes.NoFiltering); } catch (Exception err) { AppLog.Line("Getting FilteringMode failed: " + err.Message); } return(FilteringModes.Unknown); }
public Auditing GetAuditPol() { try { AuditPol.AUDIT_POLICY_INFORMATION pol = AuditPol.GetSystemPolicy("0CCE9226-69AE-11D9-BED3-505054503030"); if ((pol.AuditingInformation & AuditPol.AUDIT_POLICY_INFORMATION_TYPE.Success) != 0 && (pol.AuditingInformation & AuditPol.AUDIT_POLICY_INFORMATION_TYPE.Failure) != 0) { return(Auditing.All); } if ((pol.AuditingInformation & AuditPol.AUDIT_POLICY_INFORMATION_TYPE.Success) != 0) { return(Auditing.Allowed); } if ((pol.AuditingInformation & AuditPol.AUDIT_POLICY_INFORMATION_TYPE.Failure) != 0) { return(Auditing.Blocked); } } catch (Exception err) { AppLog.Line("Error in {0}: {1}", MiscFunc.GetCurrentMethod(), err.Message); } return(Auditing.Off); }
public bool WatchConnections(bool enable = true) { try { if (enable) { mEventWatcher = new EventLogWatcher(new EventLogQuery("Security", PathType.LogName, "*[System[(Level=4 or Level=0) and (EventID=" + (int)EventIDs.Blocked + " or EventID=" + (int)EventIDs.Allowed + ")]] and *[EventData[Data[@Name='LayerRTID']>='48']]")); mEventWatcher.EventRecordWritten += new EventHandler <EventRecordWrittenEventArgs>(OnConnection); mEventWatcher.Enabled = true; } else { mEventWatcher.EventRecordWritten -= new EventHandler <EventRecordWrittenEventArgs>(OnConnection); mEventWatcher.Dispose(); mEventWatcher = null; } } catch (Exception err) { AppLog.Line("Error in {0}: {1}", MiscFunc.GetCurrentMethod(), err.Message); return(false); } return(true); }
public bool Install(bool start = false) { try { if (!ServiceHelper.ServiceIsInstalled(ServiceName)) { ServiceHelper.Install(ServiceName, App.mName, "\"" + App.exePath + "\" -svc"); } ServiceHelper.ChangeStartMode(ServiceName, ServiceHelper.ServiceBootFlag.AutoStart); if (start) { ServiceHelper.StartService(ServiceName); } return(true); } catch (Exception err) { AppLog.Line("Error in {0}: {1}", MiscFunc.GetCurrentMethod(), err.Message); } return(false); }
public static bool Exec(string cmd, string args, bool hidden = true) { try { Process process = new Process(); process.StartInfo.UseShellExecute = false; if (hidden) { process.StartInfo.WindowStyle = ProcessWindowStyle.Hidden; process.StartInfo.CreateNoWindow = true; } process.StartInfo.FileName = cmd; process.StartInfo.Arguments = args; process.StartInfo.Verb = "runas"; // run as admin process.Start(); process.WaitForExit(); return(true); } catch (Exception err) { AppLog.Line("Error in {0}: {1}", MiscFunc.GetCurrentMethod(), err.Message); } return(false); }
public void LoadLog() { EventLog eventLog = new EventLog("Security"); try { //for (int i = eventLog.Entries.Count-1; i > 0; i--) foreach (EventLogEntry logEntry in eventLog.Entries) { //EventLogEntry entry = eventLog.Entries[i]; if (logEntry.InstanceId != (long)EventIDs.Allowed && logEntry.InstanceId != (long)EventIDs.Blocked) { continue; } string[] ReplacementStrings = logEntry.ReplacementStrings; string direction_str = ReplacementStrings[2]; Directions direction = Directions.Unknown; if (direction_str == "%%14592") { direction = Directions.Inbound; } else if (direction_str == "%%14593") { direction = Directions.Outboun; } int processId = MiscFunc.parseInt(ReplacementStrings[0]); string path = ReplacementStrings[1]; ProgramList.ID id = GetIDforEntry(path, processId); if (id == null) { return; } Actions action = Actions.Undefined; if (logEntry.InstanceId == (int)EventIDs.Blocked) { action = Actions.Block; } else if (logEntry.InstanceId == (int)EventIDs.Allowed) { action = Actions.Allow; } string src_ip = ReplacementStrings[3]; int src_port = MiscFunc.parseInt(ReplacementStrings[4]); string dest_ip = ReplacementStrings[5]; int dest_port = MiscFunc.parseInt(ReplacementStrings[6]); int protocol = MiscFunc.parseInt(ReplacementStrings[7]); Program.LogEntry entry = new Program.LogEntry(id, action, direction, src_ip, src_port, dest_ip, dest_port, protocol, processId, logEntry.TimeGenerated); App.engine.LogActivity(entry, true); } } catch (Exception err) { AppLog.Line("Error in {0}: {1}", MiscFunc.GetCurrentMethod(), err.Message); } eventLog.Dispose(); }
public void LoadApps() { Apps.Clear(); AppInfos.Clear(); //packageManager.RemovePackageAsync(package.Id.FullName); IEnumerable <Windows.ApplicationModel.Package> packages = (IEnumerable <Windows.ApplicationModel.Package>)packageManager.FindPackages(); // Todo: is there a better way to get this ? foreach (var package in packages) { string name; //string fullname; string path; string publisher; bool isFramework; try { name = package.Id.Name; //fullname = package.Id.FullName; publisher = package.Id.PublisherId; path = package.InstalledLocation.Path; isFramework = package.IsFramework; } catch (Exception err) { AppLog.Line("Error in {0}: {1}", MiscFunc.GetCurrentMethod(), err.Message); continue; } string appPackageID = name.ToLower() + "_" + publisher; string appSID = PackageIDToSid(appPackageID).ToLower(); if (Apps.ContainsKey(package.InstalledLocation.Path.ToLower())) { AppLog.Line("Warning an app with the path: {0} is already listed", package.InstalledLocation.Path.ToLower()); } else { Apps.Add(package.InstalledLocation.Path.ToLower(), appSID); } AppInfo?info = GetInfo(path, name, appPackageID, appSID); if (info != null) { AppInfo old_info; if (AppInfos.TryGetValue(appSID, out old_info)) { continue; } if (AppInfos.ContainsKey(appSID)) { AppLog.Line("Warning an app with the SID: {0} is already listed", appSID); } else { AppInfos.Add(appSID, info.Value); } } } }
public AppInfo?GetInfo(string path, string name, string id, string sid) { string manifest = Path.Combine(path, "AppxManifest.xml"); if (!File.Exists(manifest)) { return(null); } XElement xelement; try { string manifestXML = File.ReadAllText(manifest); int startIndex = manifestXML.IndexOf("<Properties>", StringComparison.Ordinal); int num = manifestXML.IndexOf("</Properties>", StringComparison.Ordinal); xelement = XElement.Parse(manifestXML.Substring(startIndex, num - startIndex + 13).Replace("uap:", string.Empty)); } catch (Exception err) { AppLog.Line("Error in {0}: {1}", MiscFunc.GetCurrentMethod(), err.Message); return(null); } string displayName = name; string logoPath = null; try { displayName = xelement.Element((XName)"DisplayName")?.Value; logoPath = xelement.Element((XName)"Logo")?.Value; } catch (Exception err) { AppLog.Line("Error in {0}: {1}", MiscFunc.GetCurrentMethod(), err.Message); } try { Uri result; if (Uri.TryCreate(displayName, UriKind.Absolute, out result)) { string pathToPri = Path.Combine(path, "resources.pri"); string resourceKey1 = "ms-resource://" + name + "/resources/" + ((IEnumerable <string>)result.Segments).Last <string>(); string stringFromPriFile = MiscFunc.GetResourceStr(pathToPri, resourceKey1); if (!string.IsNullOrEmpty(stringFromPriFile.Trim())) { displayName = stringFromPriFile; } else { string str = string.Concat(((IEnumerable <string>)result.Segments).Skip <string>(1)); string resourceKey2 = "ms-resource://" + name + "/" + str; stringFromPriFile = MiscFunc.GetResourceStr(pathToPri, resourceKey2); if (!string.IsNullOrEmpty(stringFromPriFile.Trim())) { displayName = stringFromPriFile; } } } if (logoPath != null) { string path1 = Path.Combine(path, logoPath); if (File.Exists(path1)) { logoPath = path1; } else { string path2 = Path.Combine(path, Path.ChangeExtension(path1, "scale-100.png")); if (File.Exists(path2)) { logoPath = path2; } else { string path3 = Path.Combine(Path.Combine(path, "en-us"), logoPath); string path4 = Path.Combine(path, Path.ChangeExtension(path3, "scale-100.png")); if (File.Exists(path4)) { logoPath = path4; } else { logoPath = null; } } } } } catch (Exception err) { AppLog.Line("Error in {0}: {1}", MiscFunc.GetCurrentMethod(), err.Message); } return(new AppInfo() { Name = displayName, Logo = logoPath, ID = id, SID = sid }); }
public static bool SaveRule(FirewallRule rule, INetFwRule2 entry) { try { entry.EdgeTraversalOptions = (int)NET_FW_EDGE_TRAVERSAL_TYPE_.NET_FW_EDGE_TRAVERSAL_TYPE_DENY; #if win10 INetFwRule3 entry3 = entry as INetFwRule3; #endif switch (rule.mID.Type) { case ProgramList.Types.Global: entry.ApplicationName = null; break; case ProgramList.Types.System: entry.ApplicationName = "System"; break; default: if (rule.mID.Path != null && rule.mID.Path.Length > 0) { entry.ApplicationName = rule.mID.Path; } break; } if (rule.mID.Type == ProgramList.Types.Service) { entry.serviceName = rule.mID.Name; } else { entry.serviceName = null; } #if win10 if (rule.mID.Type == ProgramList.Types.App) { entry3.LocalAppPackageId = rule.mID.Name; } else { entry3.LocalAppPackageId = null; } #endif entry.Name = rule.Name; entry.Grouping = rule.Grouping; entry.Description = rule.Description; //entry.ApplicationName = rule.ProgramPath; //entry.serviceName = rule.ServiceName; entry.Enabled = rule.Enabled; switch (rule.Direction) { case Firewall.Directions.Inbound: entry.Direction = NET_FW_RULE_DIRECTION_.NET_FW_RULE_DIR_IN; break; case Firewall.Directions.Outboun: entry.Direction = NET_FW_RULE_DIRECTION_.NET_FW_RULE_DIR_OUT; break; } switch (rule.Action) { case Firewall.Actions.Allow: entry.Action = NET_FW_ACTION_.NET_FW_ACTION_ALLOW; break; case Firewall.Actions.Block: entry.Action = NET_FW_ACTION_.NET_FW_ACTION_BLOCK; break; } entry.Profiles = rule.Profile; if (rule.Interface == (int)Firewall.Interfaces.All) { entry.InterfaceTypes = "All"; } else { List <string> interfaces = new List <string>(); if ((rule.Interface & (int)Firewall.Interfaces.Lan) != 0) { interfaces.Add("Lan"); } if ((rule.Interface & (int)Firewall.Interfaces.Wireless) != 0) { interfaces.Add("Wireless"); } if ((rule.Interface & (int)Firewall.Interfaces.RemoteAccess) != 0) { interfaces.Add("RemoteAccess"); } entry.InterfaceTypes = string.Join(",", interfaces.ToArray().Reverse()); } // Note: if this is not cleared protocol change may trigger an exception if (entry.LocalPorts != null) { entry.LocalPorts = null; } if (entry.RemotePorts != null) { entry.RemotePorts = null; } if (entry.IcmpTypesAndCodes != null) { entry.IcmpTypesAndCodes = null; } // Note: protocol must be set early enough or other sets will cause errors! entry.Protocol = rule.Protocol; switch (rule.Protocol) { case (int)FirewallRule.KnownProtocols.ICMP: case (int)FirewallRule.KnownProtocols.ICMPv6: entry.IcmpTypesAndCodes = rule.IcmpTypesAndCodes; break; case (int)FirewallRule.KnownProtocols.TCP: case (int)FirewallRule.KnownProtocols.UDP: entry.LocalPorts = rule.LocalPorts; entry.RemotePorts = rule.RemotePorts; break; } if (rule.EdgeTraversal != (int)NET_FW_EDGE_TRAVERSAL_TYPE_.NET_FW_EDGE_TRAVERSAL_TYPE_DEFER_TO_USER) { entry.LocalAddresses = rule.LocalAddresses; entry.RemoteAddresses = rule.RemoteAddresses; } entry.EdgeTraversalOptions = rule.EdgeTraversal; #if win10 if (entry3 != null) { //entry3.LocalAppPackageId = rule.AppID; /*entry3.LocalAppPackageId; * entry3.RemoteMachineAuthorizedList; * entry3.LocalUserAuthorizedList; * entry3.LocalUserOwner; * entry3.SecureFlags;*/ } #endif } catch (Exception err) { AppLog.Line("Firewall Rule Commit failed {0}", err.ToString()); return(false); } return(true); }
public static bool LoadRule(FirewallRule rule, INetFwRule2 entry) { try { #if win10 INetFwRule3 entry3 = entry as INetFwRule3; #endif ProgramList.Types type; string path = entry.ApplicationName; string name = null; if (path != null && path.Equals("System", StringComparison.OrdinalIgnoreCase)) { type = ProgramList.Types.System; } else if (entry.serviceName != null) { type = ProgramList.Types.Service; name = entry.serviceName; } #if win10 else if (entry3 != null && entry3.LocalAppPackageId != null) { type = ProgramList.Types.App; name = entry3.LocalAppPackageId; } #endif else if (path != null) { type = ProgramList.Types.Program; } else { type = ProgramList.Types.Global; } rule.mID = new ProgramList.ID(type, path, name); // https://docs.microsoft.com/en-us/windows/desktop/api/netfw/nn-netfw-inetfwrule rule.Name = entry.Name; rule.Grouping = entry.Grouping; rule.Description = entry.Description; //rule.ProgramPath = entry.ApplicationName; //rule.ServiceName = entry.serviceName; rule.Enabled = entry.Enabled; switch (entry.Direction) { case NET_FW_RULE_DIRECTION_.NET_FW_RULE_DIR_IN: rule.Direction = Firewall.Directions.Inbound; break; case NET_FW_RULE_DIRECTION_.NET_FW_RULE_DIR_OUT: rule.Direction = Firewall.Directions.Outboun; break; } switch (entry.Action) { case NET_FW_ACTION_.NET_FW_ACTION_ALLOW: rule.Action = Firewall.Actions.Allow; break; case NET_FW_ACTION_.NET_FW_ACTION_BLOCK: rule.Action = Firewall.Actions.Block; break; } rule.Profile = entry.Profiles; if (entry.InterfaceTypes.Equals("All", StringComparison.OrdinalIgnoreCase)) { rule.Interface = (int)Firewall.Interfaces.All; } else { rule.Interface = (int)Firewall.Interfaces.None; if (entry.InterfaceTypes.IndexOf("Lan", StringComparison.OrdinalIgnoreCase) != -1) { rule.Interface |= (int)Firewall.Interfaces.Lan; } if (entry.InterfaceTypes.IndexOf("Wireless", StringComparison.OrdinalIgnoreCase) != -1) { rule.Interface |= (int)Firewall.Interfaces.Wireless; } if (entry.InterfaceTypes.IndexOf("RemoteAccess", StringComparison.OrdinalIgnoreCase) != -1) { rule.Interface |= (int)Firewall.Interfaces.RemoteAccess; } } rule.Protocol = entry.Protocol; /*The localAddrs parameter consists of one or more comma-delimited tokens specifying the local addresses from which the application can listen for traffic. "*" is the default value. Valid tokens include: * * "*" indicates any local address. If present, this must be the only token included. * "Defaultgateway" * "DHCP" * "WINS" * "LocalSubnet" indicates any local address on the local subnet. This token is not case-sensitive. * A subnet can be specified using either the subnet mask or network prefix notation. If neither a subnet mask not a network prefix is specified, the subnet mask defaults to 255.255.255.255. * A valid IPv6 address. * An IPv4 address range in the format of "start address - end address" with no spaces included. * An IPv6 address range in the format of "start address - end address" with no spaces included.*/ switch (rule.Protocol) { case (int)FirewallRule.KnownProtocols.ICMP: case (int)FirewallRule.KnownProtocols.ICMPv6: //The icmpTypesAndCodes parameter is a list of ICMP types and codes separated by semicolon. "*" indicates all ICMP types and codes. rule.IcmpTypesAndCodes = entry.IcmpTypesAndCodes; break; case (int)FirewallRule.KnownProtocols.TCP: case (int)FirewallRule.KnownProtocols.UDP: // , separated number or range 123-456 rule.LocalPorts = entry.LocalPorts; rule.RemotePorts = entry.RemotePorts; break; } rule.LocalAddresses = entry.LocalAddresses; rule.RemoteAddresses = entry.RemoteAddresses; // https://docs.microsoft.com/de-de/windows/desktop/api/icftypes/ne-icftypes-net_fw_edge_traversal_type_ //EdgeTraversal = (int)(Entry.EdgeTraversal ? NET_FW_EDGE_TRAVERSAL_TYPE_.NET_FW_EDGE_TRAVERSAL_TYPE_ALLOW : NET_FW_EDGE_TRAVERSAL_TYPE_.NET_FW_EDGE_TRAVERSAL_TYPE_DENY); rule.EdgeTraversal = entry.EdgeTraversalOptions; #if win10 if (entry3 != null) { //rule.AppID = entry3.LocalAppPackageId; /*string s1 = entry3.LocalAppPackageId; * string s2 = entry3.RemoteMachineAuthorizedList; * string s3 = entry3.LocalUserAuthorizedList; * string s4 = entry3.LocalUserOwner; * int i1 = entry3.SecureFlags;*/ } #endif } catch (Exception err) { AppLog.Line("Reading Firewall Rule failed {0}", err.ToString()); return(false); } return(true); }