public void Config(BeSafeConfig config, PipeServer pipeServer, bool stoppingService)
{
bool stateResult =
(((config?.ComponentsState.ProcessWatcher == true) && (stoppingService == false))
? _processWatcher.Start()
: _processWatcher.Stop());
}
public void Config(BeSafeConfig config, PipeServer pipeServer, bool stoppingService)
{
_config = config;
_pipeServer = pipeServer;
if ((config != null) && (config.ComponentsState.SecureVolume) && (stoppingService == false))
{
_secureDrive.FileAccessRequestEvent += OnFileAccessRequestEvent;
string mappedDriveLetter = _secureDrive.MapDrive(config.SecureVolumePath);
_driveView = new DriveView(mappedDriveLetter);
_driveView.SetDriveIcon($"{System.Reflection.Assembly.GetEntryAssembly().Location}");
}
else
{
DriveInfo beSafeDriveInfo = ServiceUtils.GetBeSafeDriveLetter();
if (beSafeDriveInfo == null)
{
return;
}
_secureDrive.UnmapDrive(beSafeDriveInfo.Name);
new DriveView(beSafeDriveInfo.Name).RemoveDriveView();
}
}
public static bool LoadConfigToFile(Setting settingForm)
{
BeSafeConfig beSafeConfig = new BeSafeConfig(PathUtils.ConfigFilePath);
bool loadConfigResult = beSafeConfig.Load();
if (!loadConfigResult)
{
return(false);
}
beSafeConfig.ComponentsState.ProcessWatcher = settingForm.chbProcessWatcher.Checked;
beSafeConfig.ComponentsState.ModuleWatcher = settingForm.chbmoduleWatcher.Checked;
beSafeConfig.ComponentsState.DirectoryWatcher = settingForm.chbDirectoryWatcher.Checked;
beSafeConfig.ComponentsState.RegistryWatcher = settingForm.chbRegistryWatcher.Checked;
beSafeConfig.ComponentsState.YaraEngine = settingForm.chbYaraEngine.Checked;
beSafeConfig.ComponentsState.SecureVolume = settingForm.chbSecureVolume.Checked;
beSafeConfig.ComponentsState.StaticScanEngine = settingForm.chbStaticEngine.Checked;
beSafeConfig.ComponentsState.DynamicScanEngine = settingForm.chbDynamicEngine.Checked;
beSafeConfig.ComponentsState.FightWithThreats = settingForm.chbFightWithThreats.Checked;
beSafeConfig.ComponentsState.VirusTotalEngine = settingForm.chbVirusTotalEngine.Checked;
beSafeConfig.Save();
return(true);
}
public static void ManageComponentsState(BeSafeConfig configuration, PipeServer pipeServer, bool stoppingService)
{
ProcessRegulator.Instance().Config(configuration, pipeServer, stoppingService);
ModuleRegulator.Instance().Config(configuration, pipeServer, stoppingService);
DirectoryRegulator.Instance().Config(configuration, pipeServer, stoppingService);
RegistryRegulator.Instance().Config(configuration, pipeServer, stoppingService);
SecureVolumeRegulator.Instance().Config(configuration, pipeServer, stoppingService);
}
private bool ConfigApplier()
{
BeSafeConfig configiguration = ConfigLoader.Instance().LoadConfig();
if (configiguration != null)
{
ServiceUtils.SystemHiddenDirectory(configiguration.SecureVolumePath);
ComponentRegulator.ManageComponentsState(configiguration, pipeServer, false);
return(true);
}
return(false);
}
public BeSafeConfig LoadConfig()
{
if (_beSafeConfig == null)
{
string settingFilePath = new ServiceSetting().RetriveConfigFilePath();
if (!File.Exists(settingFilePath))
{
return(null);
}
_beSafeConfig = new BeSafeConfig(settingFilePath);
}
_beSafeConfig.Load();
return(_beSafeConfig);
}
public void Config(BeSafeConfig config, PipeServer pipeServer, bool stoppingService)
{
_config = config;
_pipeServer = pipeServer;
bool stateResult;
if ((config?.ComponentsState.RegistryWatcher == true) && (stoppingService == false))
{
_directoryWatcher = new DirectoryWatcher(new List <string>
{
});
_directoryWatcher.DirectoryChanged += DirectoryChanged;
stateResult = _directoryWatcher.Start();
Task.Run(() => StackScanner(_changedDirectoryQueue));
return;
}
stateResult = _directoryWatcher?.Stop() ?? false;
}
public string MapDrive(string virtualPath)
{
if (string.IsNullOrEmpty(virtualPath))
{
throw new ArgumentNullException(nameof(virtualPath));
}
try
{
string beSafeDriveLetter = CheckPathAlreadyMapped(virtualPath);
if (!string.IsNullOrEmpty(beSafeDriveLetter))
{
return(beSafeDriveLetter);
}
string unusedDriveLetter = FirstUnusedDriveLetter();
string normalizedDriveLetter = NormalizeDriveLetter(unusedDriveLetter);
Task.Run(() =>
{
BeSafeConfig config = ConfigLoader.Instance().LoadConfig();
IPluginProxy pluginRegulator = new PluginProxy(config);
_virtualDriveImpl = new BeSafeFileSystemImpl(virtualPath, pluginRegulator);
_virtualDriveImpl.FileAccessRequest += FileAccessRequestEvent;
_virtualDriveImpl.Mount(normalizedDriveLetter, DokanOptions.FixedDrive, NumberOfThradsToManageFileSystem);
});
return(normalizedDriveLetter);
}
catch (Exception ex)
{
ex.Log(ExceptionType.SecureVolume, "Can not mount virtual drive");
return(null);
}
}
public PluginProxy(BeSafeConfig config)
{
_config = config;
}
public static PluginProxy Instance(BeSafeConfig config) => (SingletonInstance ?? (SingletonInstance = new PluginProxy(config)));
public void Config(BeSafeConfig config, PipeServer pipeServer, bool stoppingService)
{
_config = config;
_pipeServer = pipeServer;
bool stateResult;
if ((config?.ComponentsState.RegistryWatcher == true) && (stoppingService == false))
{
string userSID = config.UserSID;
_registryWatcher = new RegistryWatcher(new List <RegistryMonitorPath>
{
// CurrentUser keys
new RegistryMonitorPath {
RegistryHive = RegistryHive.Users, RegistryKeyPath = $@"{userSID}\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
},
new RegistryMonitorPath {
RegistryHive = RegistryHive.Users, RegistryKeyPath = $@"{userSID}\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
},
new RegistryMonitorPath {
RegistryHive = RegistryHive.Users, RegistryKeyPath = $@"{userSID}\Software\Microsoft\Windows\CurrentVersion\RunServices"
},
new RegistryMonitorPath {
RegistryHive = RegistryHive.Users, RegistryKeyPath = $@"{userSID}\Software\Microsoft\Windows\CurrentVersion\Run"
},
new RegistryMonitorPath {
RegistryHive = RegistryHive.Users, RegistryKeyPath = $@"{userSID}\Software\Microsoft\Windows\CurrentVersion\RunOnce"
},
// LocalMachine keys
new RegistryMonitorPath {
RegistryHive = RegistryHive.LocalMachine, RegistryKeyPath = @"Software\Microsoft\Windows\CurrentVersion\explorer\Shell Folders"
},
new RegistryMonitorPath {
RegistryHive = RegistryHive.LocalMachine, RegistryKeyPath = @"Software\Microsoft\Windows\CurrentVersion\explorer\User Shell Folders"
},
new RegistryMonitorPath {
RegistryHive = RegistryHive.LocalMachine, RegistryKeyPath = @"Software\Microsoft\Windows\CurrentVersion\RunServices"
},
new RegistryMonitorPath {
RegistryHive = RegistryHive.LocalMachine, RegistryKeyPath = @"Software\Microsoft\Windows\CurrentVersion\RunServicesOnce"
},
new RegistryMonitorPath {
RegistryHive = RegistryHive.LocalMachine, RegistryKeyPath = @"Software\Microsoft\Windows\CurrentVersion\Run"
},
new RegistryMonitorPath {
RegistryHive = RegistryHive.LocalMachine, RegistryKeyPath = @"Software\Microsoft\Windows\CurrentVersion\RunOnce"
},
new RegistryMonitorPath {
RegistryHive = RegistryHive.LocalMachine, RegistryKeyPath = @"SOFTWARE\Classes\cplfile\shell\cplopen\command"
},
new RegistryMonitorPath {
RegistryHive = RegistryHive.LocalMachine, RegistryKeyPath = @"SOFTWARE\Classes\batfile\shell\open\command"
},
new RegistryMonitorPath {
RegistryHive = RegistryHive.LocalMachine, RegistryKeyPath = @"Software\CLASSES\comfile\shell\open\command"
},
new RegistryMonitorPath {
RegistryHive = RegistryHive.LocalMachine, RegistryKeyPath = @"Software\CLASSES\exefile\shell\open\command"
},
new RegistryMonitorPath {
RegistryHive = RegistryHive.LocalMachine, RegistryKeyPath = @"Software\CLASSES\htafile\Shell\Open\Command"
},
new RegistryMonitorPath {
RegistryHive = RegistryHive.LocalMachine, RegistryKeyPath = @"Software\CLASSES\piffile\shell\open\command"
},
new RegistryMonitorPath {
RegistryHive = RegistryHive.LocalMachine, RegistryKeyPath = @"SOFTWARE\Classes\scrfile\shell\open\command"
},
});
_registryWatcher.ValueChanged += ValueChangedArrived;
stateResult = _registryWatcher.Start();
Task.Run(() => StackScanner(_changedValuesStack));
return;
}
stateResult = _registryWatcher?.Stop() ?? false;
}
