public IEnumerable <ComponentGroup> Retrieve()
{
var cgs = new HashSet <ComponentGroup>();
ManagementObjectCollection col = RetrieverProxy.GetWmiInfo("Select * from Win32_PhysicalMemory");
foreach (ManagementObject mo in col)
{
string memoryType;
if (!_memoryTypes.TryGetValue(long.Parse(mo["MemoryType"].ToString()), out memoryType))
{
memoryType = _memoryTypes[0x00];
}
cgs.Add(new ComponentGroup("RAM",
new PayloadProperty[] {
new PayloadProperty("Size", long.Parse(mo["Capacity"].ToString()) / (1024 * 1024 * 1024), false, "GB"),
new PayloadProperty("Manufacturer", mo["Manufacturer"]),
new PayloadProperty("PartNumber", mo["PartNumber"]),
new PayloadProperty("SerialNumber", mo["SerialNumber"], true),
new PayloadProperty("Type", memoryType),
new PayloadProperty("Speed", mo["Speed"], false, "Mhz"),
})
);
}
return(cgs);
}
public IEnumerable <ComponentGroup> Retrieve()
{
var cgs = new HashSet <ComponentGroup>();
ManagementObjectCollection col =
RetrieverProxy.GetWmiInfo("SELECT InterfaceGuid, DriverDescription FROM MSFT_NetAdapter WHERE HardwareInterface = 'True' AND EndpointInterface = 'False'",
"root\\StandardCimv2");
foreach (ManagementObject mo in col)
{
string macAddress = "";
var col2 = RetrieverProxy.GetWmiInfo("SELECT MACAddress FROM Win32_NetworkAdapterConfiguration WHERE SettingID = '" + mo["InterfaceGuid"] + "'");
foreach (var mo2 in col2)
{
macAddress = mo2["MACAddress"].ToString().ToUpperInvariant();
}
cgs.Add(new ComponentGroup("NIC",
new PayloadProperty[] {
new PayloadProperty("Name", mo["DriverDescription"].ToString().Replace("(R) ", "").Replace("(TM)", "").Replace("(tm)", "")),
new PayloadProperty("MAC address", macAddress, true) //Can be spoofed, do not run in a VM!
})
);
}
return(cgs);
}
public IEnumerable <ComponentGroup> Retrieve()
{
var cgs = new HashSet <ComponentGroup>();
ManagementObjectCollection col = RetrieverProxy.GetWmiInfo("Select Name from Win32_Processor");
foreach (ManagementObject mo in col)
{
cgs.Add(new ComponentGroup("CPU",
new PayloadProperty[] { new PayloadProperty("Name", mo["Name"]) })
);
}
return(cgs);
}
public IEnumerable <ComponentGroup> Retrieve()
{
var cgs = new ComponentGroup[] { new ComponentGroup("Machine") };
var properties = new HashSet <PayloadProperty>();
string hostname = "";
ManagementObjectCollection col = RetrieverProxy.GetWmiInfo("Select CSName from Win32_OperatingSystem");
foreach (ManagementObject mo in col)
{
hostname = mo["CSName"].ToString();
}
col = RetrieverProxy.GetWmiInfo("Select Domain from Win32_ComputerSystem");
foreach (ManagementObject mo in col)
{
hostname += "." + mo["Domain"];
properties.Add(new PayloadProperty("Hostname", hostname.ToLowerInvariant(), true));
}
col = RetrieverProxy.GetWmiInfo("Select IPAddress from Win32_NetworkAdapterConfiguration where IPEnabled='True'");
var ips = new List <string>();
foreach (ManagementObject mo in col)
{
foreach (string ip in mo["IPAddress"] as string[])
{
ips.Add(ip);
}
}
properties.Add(new PayloadProperty("IPs", ips));
col = RetrieverProxy.GetWmiInfo("Select Version, Name, BuildNumber from Win32_OperatingSystem");
foreach (ManagementObject mo in col)
{
properties.Add(new PayloadProperty("OS",
string.Format("{0} {1} Build {2}", mo["Name"].ToString().Split("|".ToCharArray())[0], mo["Version"], mo["BuildNumber"])));
}
cgs[0].Properties = properties.ToArray();
return(cgs);
}
public IEnumerable <ComponentGroup> Retrieve()
{
var cgs = new HashSet <ComponentGroup>();
ManagementObjectCollection col = RetrieverProxy.GetWmiInfo("Select Model, SerialNumber from Win32_DiskDrive where InterfaceType != 'USB'");
foreach (ManagementObject mo in col)
{
cgs.Add(new ComponentGroup("Disk",
new PayloadProperty[] {
new PayloadProperty("Model", mo["Model"]),
new PayloadProperty("SerialNumber", mo["SerialNumber"], true)
})
);
}
return(cgs);
}
static void Main(string[] args)
{
if (!_namedMutex.WaitOne())
{
return;
}
Console.WriteLine("SIZING SERVERS LAB WINDOWS BEHOLDER AGENT");
Console.WriteLine(" Reporting system information every " + Config.GetInstance().reportEvery + " to " + Config.GetInstance().endpoint);
Console.WriteLine();
if (RetrieverProxy.IsVM())
{
Console.ForegroundColor = ConsoleColor.Red;
Console.WriteLine("Beholder does not work for VMs!");
}
else
{
PayloadReporter.RegisterRetrieverAndStartReporting(PayloadRetriever.GetInstance());
}
Console.ReadLine();
}
public IEnumerable <ComponentGroup> Retrieve()
{
var cgs = new ComponentGroup[] { new ComponentGroup("BaseBoard") };
var properties = new HashSet <PayloadProperty>();
ManagementObjectCollection col = RetrieverProxy.GetWmiInfo("Select Manufacturer, Product, SerialNumber from Win32_BaseBoard"); //Version?
foreach (ManagementObject mo in col)
{
properties.Add(new PayloadProperty("Manufacturer", mo["Manufacturer"]));
properties.Add(new PayloadProperty("Model", mo["Product"]));
properties.Add(new PayloadProperty("SerialNumber", mo["SerialNumber"], true));
}
col = RetrieverProxy.GetWmiInfo("Select Name from Win32_BIOS WHERE PrimaryBIOS='True'");
foreach (ManagementObject mo in col)
{
properties.Add(new PayloadProperty("BIOS", mo["Name"]));
}
cgs[0].Properties = properties.ToArray();
return(cgs);
}
