private void btnRemoveProc_Click(object sender, EventArgs e) { if (!LoadConfigOrShowError("config.xml")) { return; } string newList = ""; if (lvProtProc.SelectedItems.Count == 0) { return; } for (int i = 0; i < lvProtProc.Items.Count; i++) { if (lvProtProc.SelectedItems[0].Index != i) { newList += lvProtProc.Items[i].Text; if (i + 1 < lvProtProc.Items.Count) { newList += "|"; } } } newList = newList.Trim('|'); string procName = (string)lvProtProc.SelectedItems[0].Text; lvProtProc.Items.RemoveAt(lvProtProc.SelectedItems[0].Index); XmlConfig.SetConfigString("configuration/protectedProcessList/property/processList", newList); if (procName != null) { string configXml = procName.Replace(".exe", "_config.xml"); if (File.Exists(EventManager.InstallPath + configXml)) { DialogResult dlgResult = MessageBox.Show( "Delete custom configuration for \"" + procName + "\"?", "Delete Configuration", MessageBoxButtons.YesNo, MessageBoxIcon.Question); if (dlgResult == System.Windows.Forms.DialogResult.Yes) { File.Delete(EventManager.InstallPath + configXml); } } } }
private void cbEnableDiD_CheckedChanged(object sender, EventArgs e) { if (undergoingUIUpdate) { return; } XmlConfig.SetConfigString("configuration/defenseInDepth/property/enabled", cbEnableDiD.Checked ? "true" : "false"); if (ExpertOptions.RefEnableDiDCore != null) { ExpertOptions.RefEnableDiDCore.Checked = cbEnableDiD.Checked; } }
private void cbEnableCF_CheckedChanged(object sender, EventArgs e) { if (undergoingUIUpdate) { return; } XmlConfig.SetConfigString("configuration/browserProtection/property/enabled", cbEnableCF.Checked ? "true" : "false"); if (ExpertOptions.RefEnableBpCore != null) { ExpertOptions.RefEnableBpCore.Checked = cbEnableCF.Checked; } }
public static void SetProtectionLevelInConfig(EProtectionLevel protLevel) { if (XmlConfig.Path == null) { throw new Exception("XmlConfig needs to have been initialised before calling"); } Dictionary <string, string> settings = protLevelPresets[(int)protLevel]; foreach (KeyValuePair <string, string> kvp in settings) { XmlConfig.SetConfigString(kvp.Key, kvp.Value); } }
private bool LoadConfigOrShowError(string configFileName) { if (!XmlConfig.OpenConfig(EventManager.InstallPath + configFileName)) { ShowConfigLoadError(configFileName); return(false); } if (!XmlConfig.ReadConfig()) { ShowConfigLoadError(configFileName); return(false); } XmlConfig.Close(); return(true); }
private void lvProtProc_SelectedIndexChanged(object sender, EventArgs e) { if (lvProtProc.SelectedItems.Count == 0) { lblAEPLevel.Text = "Anti-Exploit Protection Level (<select a process>):"; return; } string proc = lvProtProc.SelectedItems[0].Text; string xmlFile = proc.Replace(".exe", "_config.xml"); lblAEPLevel.Text = "Anti-Exploit Protection Level (" + proc + "):"; if (File.Exists(EventManager.InstallPath + xmlFile)) { if (!LoadConfigOrShowError(xmlFile)) { return; } string uiProtLevel = XmlConfig.GetConfigString("configuration/defenseInDepth/property/uiProtLevel"); int level = int.Parse(uiProtLevel); tbProtLevel.Value = level; HighlightProtSliderLevel(); radUseCustom.Checked = true; } else { if (XmlConfig.Path == null || XmlConfig.Path.EndsWith("_config.xml")) { if (!LoadConfigOrShowError("config.xml")) { return; } } radUseDefault.Checked = true; HighlightProtSliderLevel(); } }
private void cbPromptUserExe_CheckedChanged(object sender, EventArgs e) { string xmlPathLast = new FileInfo(XmlConfig.Path).Name; if (string.IsNullOrEmpty(xmlPathLast)) { return; } if (!LoadConfigOrShowError("config.xml")) { return; } XmlConfig.SetConfigString("configuration/apiMonitor/property/promptUserExeBlocked", cbPromptUserExe.Checked ? "true" : "false"); if (!LoadConfigOrShowError(xmlPathLast)) { return; } }
private void cbPromptOnDotNet_CheckedChanged(object sender, EventArgs e) { string xmlPathLast = new FileInfo(XmlConfig.Path).Name; if (string.IsNullOrEmpty(xmlPathLast)) { return; } if (!LoadConfigOrShowError("config.xml")) { return; } XmlConfig.SetConfigString("configuration/apiMonitor/property/promptRelaxDotnet", cbPromptOnDotNet.Checked ? "true" : "false"); MainUI.MinimizeToTray = cbMinimizeToTray.Checked; if (!LoadConfigOrShowError(xmlPathLast)) { return; } }
private void cbMinimizeToTray_CheckedChanged(object sender, EventArgs e) { string xmlPathLast = new FileInfo(XmlConfig.Path).Name; if (string.IsNullOrEmpty(xmlPathLast)) { return; } if (!LoadConfigOrShowError("config.xml")) { return; } XmlConfig.SetConfigString("configuration/defenseInDepth/property/minimizeToTray", cbMinimizeToTray.Checked ? "true" : "false"); MainUI.MinimizeToTray = cbMinimizeToTray.Checked; if (!LoadConfigOrShowError(xmlPathLast)) { return; } }
private void radUseCustom_CheckedChanged(object sender, EventArgs e) { if (radUseCustom.Checked) { if (lvProtProc.SelectedItems.Count == 0) { radUseDefault.Checked = true; HighlightProtSliderLevel(); return; } string proc = lvProtProc.SelectedItems[0].Text; string xmlFile = proc.Replace(".exe", "_config.xml"); if (!File.Exists(EventManager.InstallPath + xmlFile)) { File.Copy(EventManager.InstallPath + "config.xml", EventManager.InstallPath + xmlFile); } string uiProtLevel = XmlConfig.GetConfigString("configuration/defenseInDepth/property/uiProtLevel"); int level = int.Parse(uiProtLevel); tbProtLevel.Value = level; HighlightProtSliderLevel(); if (!LoadConfigOrShowError(xmlFile)) { radUseDefault.Checked = true; HighlightProtSliderLevel(); return; } tbProtLevel.Enabled = true; lblProtHigh.Enabled = true; lblProtMax.Enabled = true; lblProtMin.Enabled = true; lblProtMod.Enabled = true; } }
private void UpdateUI() { if (!LoadConfigOrShowError("config.xml")) { return; } radUseDefault.Checked = true; HighlightProtSliderLevel(); lvProtProc.Items.Clear(); string[] stringArray = XmlConfig.GetConfigStringArray("configuration/protectedProcessList/property/processList"); if (stringArray != null) { lvProtProc.BeginUpdate(); foreach (string name in stringArray) { lvProtProc.Items.Add(new ListViewItem(new string[] { name })); } lvProtProc.EndUpdate(); } bool checkedState = XmlConfig.GetConfigBool("configuration/apiMonitor/property/promptUserExeBlocked"); cbPromptUserExe.Checked = checkedState; checkedState = XmlConfig.GetConfigBool("configuration/apiMonitor/property/checkWhitelist"); cbExeWhitelist.Checked = checkedState; checkedState = XmlConfig.GetConfigBool("configuration/defenseInDepth/property/minimizeToTray"); cbMinimizeToTray.Checked = checkedState; checkedState = XmlConfig.GetConfigBool("configuration/apiMonitor/property/promptRelaxDotnet"); cbPromptOnDotNet.Checked = checkedState; }
private void MainUI_Load(object sender, EventArgs e) { RefEnableCF = cbEnableCF; RefEnableDiD = cbEnableDiD; CheckUniqueInstance(); EnsureProcTrackerRunning(); System.Threading.ParameterizedThreadStart param = new System.Threading.ParameterizedThreadStart(CheckForUpdatesAlertUser); System.Threading.Thread thdUpdateCheck = new System.Threading.Thread(param); thdUpdateCheck.Start(false); lvRealtime.Font = new Font("Calibri", 9f, FontStyle.Regular); lvRealtime.Scrollable = true; lvRealtime.View = View.Details; lvRealtime.ShowItemToolTips = true; lvRealtime.FullRowSelect = true; lvLatestAlerts.Font = new Font("Calibri", 9f, FontStyle.Regular); lvLatestAlerts.Scrollable = true; lvLatestAlerts.View = View.Details; lvLatestAlerts.ShowItemToolTips = true; lvLatestAlerts.FullRowSelect = true; EventManager.InitialSortCriterion = EEventSortCriteria.SortByDate; foreach (EventItem evt in EventManager.AllEvents) { DisplayNewEvent(evt.EventRepository.Value, evt, false); } tvMonProc.Font = new Font("Calibri", 9f, FontStyle.Regular); tvMonProc.ImageList = new ImageList(); tvMonProc.ShowNodeToolTips = true; refreshProcTimer.Tick += new EventHandler(RefreshProcesses); refreshProcTimer.Interval = 1000; refreshProcTimer.Start(); lvLatestAlerts.Columns[2].Width = lvLatestAlerts.Width - (lvLatestAlerts.Columns[0].Width + lvLatestAlerts.Columns[1].Width + 20); cbAntiSpray.CheckedChanged += new EventHandler(HandleCheckChangeAttempt); cbApiMonitor.CheckedChanged += new EventHandler(HandleCheckChangeAttempt); cbContentFilter.CheckedChanged += new EventHandler(HandleCheckChangeAttempt); cbHeapMonitor.CheckedChanged += new EventHandler(HandleCheckChangeAttempt); cbRopMonitor.CheckedChanged += new EventHandler(HandleCheckChangeAttempt); cbStackMonitor.CheckedChanged += new EventHandler(HandleCheckChangeAttempt); cbComMonitor.CheckedChanged += new EventHandler(HandleCheckChangeAttempt); if (!XmlConfig.OpenConfig(EventManager.InstallPath + "config.xml")) { ShowConfigLoadError("config.xml"); return; } else { if (!XmlConfig.ReadConfig()) { ShowConfigLoadError("config.xml"); return; } else { string uiProtLevel = XmlConfig.GetConfigString("configuration/defenseInDepth/property/uiProtLevel"); if (uiProtLevel != null) { int tmp = 0; if (!int.TryParse(uiProtLevel, out tmp)) { tbProtLevel.Value = 2; } tbProtLevel.Value = tmp; } else { tbProtLevel.Value = 2; } tbProtLevel.Tag = tbProtLevel.Value; undergoingUIUpdate = true; cbEnableCF.Checked = XmlConfig.GetConfigBool("configuration/browserProtection/property/enabled"); cbEnableDiD.Checked = XmlConfig.GetConfigBool("configuration/defenseInDepth/property/enabled"); undergoingUIUpdate = false; // IE + ProtectedMode + UAC does not work // nb: fixed in didcore.dll (it elevates IE if elevation is enabled) // CheckUACAndIECompat(); } } XmlConfig.Close(); HighlightProtSliderLevel(); if (CheckAndQueryAppInitKey(false, false) == true) { RenderDisableAllButton(false); minUi.SetEnableStatePicture(true); } else { RenderDisableAllButton(true); minUi.SetEnableStatePicture(false); } this.Size = new Size(0, 0); this.FormBorderStyle = System.Windows.Forms.FormBorderStyle.None; MinimizeToTray = XmlConfig.GetConfigBool("configuration/defenseInDepth/property/minimizeToTray"); CheckAndDisplayTutorialFirstLaunch(); }
private bool SavePendingSettings() { bool allSaved = true; foreach (KeyValuePair <string, string> kvp in pendingSettings) { if (XmlConfig.GetConfigString(kvp.Key) == null) { string keyAlternate = null; if (kvp.Key.Contains("/Enabled:")) { // the entry may exist in the xml config as Disabled ... keyAlternate = kvp.Key.Replace("/Enabled:", "/Disabled:"); } else if (kvp.Key.Contains("/Disabled:")) { // as may the opposite occur ... keyAlternate = kvp.Key.Replace("/Disabled:", "/Enabled:"); } NaiveConfigWriter writer = new NaiveConfigWriter(XmlConfig.Path); if (keyAlternate != null) { if (XmlConfig.GetConfigString(keyAlternate) != null) { // remove keyAlternate and continue writer.RemoveXmlPropertyWithPath(keyAlternate); } } // this config entry doesn't exist (i.e. a new imported filter) // add new entry to config file before proceeding. int idx = kvp.Key.LastIndexOf('/'); // this code should be tested later string xmlPropertyPath = kvp.Key.Substring(0, idx); string xmlPropertyName = kvp.Key.Substring(idx + 1); writer.AddXmlPropertyAtPath(xmlPropertyPath, xmlPropertyName, kvp.Value); // then update config if (!XmlConfig.RefreshConfig()) { ShowConfigLoadError(); return(false); } } else { if (!XmlConfig.SetConfigString(kvp.Key, kvp.Value)) { allSaved = false; } } } pendingSettings.Clear(); return(allSaved); }
bool UpdateUIFromConfig() { if (!XmlConfig.RefreshConfig()) { return(false); } XmlConfig.NameValuePair[] nvpArray = XmlConfig.GetNameValuePairArray("configuration/connectFilters/property/"); if (nvpArray != null) { lbConnEnabledFilters.Items.Clear(); lbConnEnabledFilters.BeginUpdate(); lbConnEnabledFilters.HorizontalScrollbar = true; foreach (XmlConfig.NameValuePair nvpair in nvpArray) { string name = XmlConfig.GetNameFromPath(nvpair.Name); if (name.StartsWith("Enabled:", true, null)) { lbConnEnabledFilters.Items.Add(name.Substring(8) + " => " + nvpair.Value); } else if (name.StartsWith("Disabled:", true, null)) { lbConnDisabledFilters.Items.Add(name.Substring(9) + " => " + nvpair.Value); } } lbConnEnabledFilters.EndUpdate(); } nvpArray = XmlConfig.GetNameValuePairArray("configuration/requestFilters/property/"); if (nvpArray != null) { lbOutEnabledFilters.Items.Clear(); lbOutEnabledFilters.BeginUpdate(); lbOutEnabledFilters.HorizontalScrollbar = true; foreach (XmlConfig.NameValuePair nvpair in nvpArray) { string name = XmlConfig.GetNameFromPath(nvpair.Name); if (name.StartsWith("Enabled:", true, null)) { lbOutEnabledFilters.Items.Add(name.Substring(8) + " => " + nvpair.Value); } else if (name.StartsWith("Disabled:", true, null)) { lbOutDisabledFilters.Items.Add(name.Substring(9) + " => " + nvpair.Value); } } lbOutEnabledFilters.EndUpdate(); } nvpArray = XmlConfig.GetNameValuePairArray("configuration/responseFilters/property/"); if (nvpArray != null) { lbInEnabledFilters.Items.Clear(); lbInEnabledFilters.BeginUpdate(); lbInEnabledFilters.HorizontalScrollbar = true; foreach (XmlConfig.NameValuePair nvpair in nvpArray) { string name = XmlConfig.GetNameFromPath(nvpair.Name); if (name.StartsWith("Enabled:", true, null)) { lbInEnabledFilters.Items.Add(name.Substring(8) + " => " + nvpair.Value); } else if (name.StartsWith("Disabled:", true, null)) { lbInDisabledFilters.Items.Add(name.Substring(9) + " => " + nvpair.Value); } } lbInEnabledFilters.EndUpdate(); } return(true); }
private bool AddFilterModule(string filterFile) { // ensure DLL file // // pinvoke: BOOL filter!QueryFilters( // char ***pppszConnectExports, int *pnConnectExports, // char ***pppszRequestExports, int *pnRequestExports, // char ***pppszResponseExports, int *pnResponseExports // ); // // if(BOOL result == true) add exports to XML config, update UI (and update options dialog UI) // // return BOOL result string[] connectFilters = null, requestFilters = null, responseFilters = null; bool result = FilterNativeMethods.QueryFilters(filterFile, out connectFilters, out requestFilters, out responseFilters ); if (!result) { return(false); } // we can add the filters NaiveConfigWriter writer = new NaiveConfigWriter(XmlConfig.Path); if (connectFilters != null) { foreach (string filter in connectFilters) { if (XmlConfig.GetConfigString("configuration/connectFilters/property/Enabled:" + filter) == null) { writer.AddXmlPropertyAtPath("configuration/connectFilters/property", "Enabled:" + filter, filterFile); } else { XmlConfig.SetConfigString("configuration/connectFilters/property/Enabled:" + filter, filterFile); } if (XmlConfig.GetConfigString("configuration/connectFilters/property/Disabled:" + filter) != null) { writer.RemoveXmlPropertyWithPath("configuration/connectFilters/property/Disabled:" + filter); } } } if (requestFilters != null) { foreach (string filter in requestFilters) { if (XmlConfig.GetConfigString("configuration/requestFilters/property/Enabled:" + filter) == null) { writer.AddXmlPropertyAtPath("configuration/requestFilters/property", "Enabled:" + filter, filterFile); } else { XmlConfig.SetConfigString("configuration/requestFilters/property/Enabled:" + filter, filterFile); } if (XmlConfig.GetConfigString("configuration/requestFilters/property/Disabled:" + filter) != null) { writer.RemoveXmlPropertyWithPath("configuration/requestFilters/property/Disabled:" + filter); } } } if (responseFilters != null) { foreach (string filter in responseFilters) { if (XmlConfig.GetConfigString("configuration/responseFilters/property/Enabled:" + filter) == null) { writer.AddXmlPropertyAtPath("configuration/responseFilters/property", "Enabled:" + filter, filterFile); } else { XmlConfig.SetConfigString("configuration/responseFilters/property/Enabled:" + filter, filterFile); } if (XmlConfig.GetConfigString("configuration/responseFilters/property/Disabled:" + filter) != null) { writer.RemoveXmlPropertyWithPath("configuration/responseFilters/property/Disabled:" + filter); } } } return(true); }