// *** Files *** static public bool IsFileBlocked(string path) { try { path = Environment.ExpandEnvironmentVariables(path); if (!File.Exists(path)) { return(true); } FileSecurity ac = File.GetAccessControl(path); AuthorizationRuleCollection rules = ac.GetAccessRules(true, true, typeof(System.Security.Principal.SecurityIdentifier)); // get as SID not string foreach (FileSystemAccessRule rule in rules) { if (rule.AccessControlType != AccessControlType.Deny) { continue; } if (!rule.IdentityReference.Value.Equals(FileOps.SID_World)) { continue; } if ((rule.FileSystemRights & FileSystemRights.ExecuteFile) != 0) { return(true); } } } catch (Exception err) { AppLog.Line("Error in {0}: {1}", MiscFunc.GetCurrentMethod(), err.Message); } return(false); }
static public bool BlockFile(string path, bool UnDo = false) { try { path = Environment.ExpandEnvironmentVariables(path); if (!FileOps.TakeOwn(path)) { return(false); } FileSecurity ac = File.GetAccessControl(path); if (UnDo) { AuthorizationRuleCollection rules = ac.GetAccessRules(true, true, typeof(System.Security.Principal.SecurityIdentifier)); // get as SID not string foreach (FileSystemAccessRule rule in rules) { ac.RemoveAccessRule(rule); } } else { ac.AddAccessRule(new FileSystemAccessRule(new SecurityIdentifier(FileOps.SID_World), FileSystemRights.ExecuteFile, AccessControlType.Deny)); } File.SetAccessControl(path, ac); return(true); } catch (Exception err) { AppLog.Line("Error in {0}: {1}", MiscFunc.GetCurrentMethod(), err.Message); } return(false); }
static public bool DisableService(string name, bool UnDo = false) { bool ret = false; ServiceController svc = new ServiceController(name); // Windows Update Service try { if (UnDo) { if (svc.Status != ServiceControllerStatus.Running) { ServiceHelper.ChangeStartMode(name, ServiceHelper.ServiceBootFlag.DemandStart); //svc.Start(); } } else { if (svc.Status == ServiceControllerStatus.Running) { svc.Stop(); } ServiceHelper.ChangeStartMode(name, ServiceHelper.ServiceBootFlag.Disabled); } ret = true; } catch (Exception err) { AppLog.Line("Error in {0}: {1}", MiscFunc.GetCurrentMethod(), err.Message); } svc.Close(); return(ret); }
static public bool DisableTask(string path, string name, bool UnDo = false) { if (name == "*") { List <string> names = EnumTasks(path); if (names == null) { return(false); } foreach (string found in names) { if (!DisableTask(path, found, UnDo)) { return(false); } } return(true); } try { TaskScheduler.TaskScheduler service = new TaskScheduler.TaskScheduler(); service.Connect(); ITaskFolder folder = service.GetFolder(path); IRegisteredTask task = folder.GetTask(name); task.Enabled = UnDo ? true : false; // todo have old state saved return(true); } catch (Exception err) { AppLog.Line("Error in {0}: {1}", MiscFunc.GetCurrentMethod(), err.Message); } return(false); }
public bool SetAuditPol(Auditing audit) { //MiscFunc.Exec("auditpol.exe", "/set /subcategory:{0CCE9226-69AE-11D9-BED3-505054503030} /failure:enable /success:enable"); try { AuditPol.AUDIT_POLICY_INFORMATION pol = AuditPol.GetSystemPolicy("0CCE9226-69AE-11D9-BED3-505054503030"); switch (audit) { case Auditing.All: pol.AuditingInformation = AuditPol.AUDIT_POLICY_INFORMATION_TYPE.Success | AuditPol.AUDIT_POLICY_INFORMATION_TYPE.Failure; break; case Auditing.Blocked: pol.AuditingInformation = AuditPol.AUDIT_POLICY_INFORMATION_TYPE.Failure; break; case Auditing.Allowed: pol.AuditingInformation = AuditPol.AUDIT_POLICY_INFORMATION_TYPE.Success; break; case Auditing.Off: pol.AuditingInformation = AuditPol.AUDIT_POLICY_INFORMATION_TYPE.None; break; } TokenManipulator.AddPrivilege(TokenManipulator.SE_SECURITY_NAME); // Note: without SeSecurityPrivilege this fails silently AuditPol.SetSystemPolicy(pol); TokenManipulator.RemovePrivilege(TokenManipulator.SE_SECURITY_NAME); } catch (Exception err) { AppLog.Line("Error in {0}: {1}", MiscFunc.GetCurrentMethod(), err.Message); return(false); } return(true); }
public static string parsePath(string path) { try { if (path.Contains(@"\device\mup\")) { return(@"\" + path.Substring(11, path.Length - 11)); } string[] strArray = path.Split(new char[1] { '\\' }, StringSplitOptions.RemoveEmptyEntries); string vol = @"\" + strArray[0] + @"\" + strArray[1]; path = path.Replace(vol, GetDriveLetter(vol)); if (path.Contains('~')) { path = Path.GetFullPath(path); } return(path); } catch (Exception err) { AppLog.Line("Error in {0}: {1}", MiscFunc.GetCurrentMethod(), err.Message); } return(""); }
private void OnConnection(object obj, EventRecordWrittenEventArgs arg) { if (arg.EventRecord == null) { return; } try { int processId = MiscFunc.parseInt(arg.EventRecord.Properties[0].Value.ToString()); string path = arg.EventRecord.Properties[1].Value.ToString(); Actions action = Actions.Undefined; if (arg.EventRecord.Id == (int)EventIDs.Blocked) { action = Actions.Block; } else if (arg.EventRecord.Id == (int)EventIDs.Allowed) { action = Actions.Allow; } string direction_str = arg.EventRecord.Properties[2].Value.ToString(); Directions direction = Directions.Unknown; if (direction_str == "%%14592") { direction = Directions.Inbound; } else if (direction_str == "%%14593") { direction = Directions.Outboun; } string src_ip = arg.EventRecord.Properties[3].Value.ToString(); int src_port = MiscFunc.parseInt(arg.EventRecord.Properties[4].Value.ToString()); string dest_ip = arg.EventRecord.Properties[5].Value.ToString(); int dest_port = MiscFunc.parseInt(arg.EventRecord.Properties[6].Value.ToString()); int protocol = MiscFunc.parseInt(arg.EventRecord.Properties[7].Value.ToString()); ProgramList.ID id = GetIDforEntry(path, processId); if (id == null) { return; } Program.LogEntry entry = new Program.LogEntry(id, action, direction, src_ip, src_port, dest_ip, dest_port, protocol, processId, DateTime.Now); entry.Profile = GetCurrentProfiles(); App.engine.LogActivity(entry); } catch (Exception err) { AppLog.Line("Error in {0}: {1}", MiscFunc.GetCurrentMethod(), err.Message); } }
static public bool SetRegistryTweak(string path, string name, object value, bool usrLevel = false) { try { var subKey = (usrLevel ? Registry.CurrentUser : Registry.LocalMachine).CreateSubKey(path, true); SetRegistryValue(subKey, name, value); return(true); } catch (Exception err) { AppLog.Line("Error in {0}: {1}", MiscFunc.GetCurrentMethod(), err.Message); } return(false); }
// *** GPO *** static public bool TestGPOTweak(string path, string name, object value, bool usrLevel = false) { try { var gpo = new ComputerGroupPolicyObject(new GroupPolicyObjectSettings(true, true)); // read only so it does not fail without admin rights var key = gpo.GetRootRegistryKey(usrLevel ? GroupPolicySection.User : GroupPolicySection.Machine); var subKey = key.CreateSubKey(path); return(CmpRegistryValue(subKey, name, value)); } catch (Exception err) { AppLog.Line("Error in {0}: {1}", MiscFunc.GetCurrentMethod(), err.Message); } return(false); }
// *** Services *** static public bool IsServiceEnabled(string name) { bool ret = false; ServiceController svc = new ServiceController(name); try { ret = svc.StartType != ServiceStartMode.Disabled; } catch (Exception err) { AppLog.Line("Error in {0}: {1}", MiscFunc.GetCurrentMethod(), err.Message); } svc.Close(); return(ret); }
public T RemoteExec <T>(string fx, object args, T defRet) { try { if (clientPipe == null && !Connect()) { throw new Exception("Connection Failed"); } return((T)(clientPipe.RemoteExec(fx, args))); } catch (Exception err) { AppLog.Line("Error in {0}: {1}", MiscFunc.GetCurrentMethod(), err.Message); return(defRet); } }
static public bool SetGPOTweak(string path, string name, object value, bool usrLevel = false) { try { var gpo = new ComputerGroupPolicyObject(); var key = gpo.GetRootRegistryKey(usrLevel ? GroupPolicySection.User : GroupPolicySection.Machine); var subKey = key.CreateSubKey(path); SetRegistryValue(subKey, name, value); gpo.Save(); return(true); } catch (Exception err) { AppLog.Line("Error in {0}: {1}", MiscFunc.GetCurrentMethod(), err.Message); } return(false); }
public bool Uninstall() { try { if (ServiceHelper.ServiceIsInstalled(ServiceName)) { if (ServiceHelper.GetServiceStatus(ServiceName) == ServiceHelper.ServiceState.Running) { ServiceHelper.StopService(ServiceName); } ServiceHelper.Uninstall(ServiceName); } return(true); } catch (Exception err) { AppLog.Line("Error in {0}: {1}", MiscFunc.GetCurrentMethod(), err.Message); } return(false); }
// *** Tasks *** static public List <string> EnumTasks(string path) { List <string> list = new List <string>(); try { TaskScheduler.TaskScheduler service = new TaskScheduler.TaskScheduler(); service.Connect(); ITaskFolder folder = service.GetFolder(path); foreach (IRegisteredTask task in folder.GetTasks((int)_TASK_ENUM_FLAGS.TASK_ENUM_HIDDEN)) { list.Add(task.Name); } } catch (Exception err) { AppLog.Line("Error in {0}: {1}", MiscFunc.GetCurrentMethod(), err.Message); return(null); } return(list); }
public void HandlePushNotification(string func, object args) { try { if (func == "ActivityNotification") { NotifyActivity(GetArg <Guid>(args, 0), GetArg <Program.LogEntry>(args, 1)); } else if (func == "ChangeNotification") { NotifyChange(GetArg <Guid>(args, 0)); } else { throw new Exception("Unknown Notificacion"); } } catch (Exception err) { AppLog.Line("Error in {0}: {1}", MiscFunc.GetCurrentMethod(), err.Message); } }
static public bool IsTaskEnabled(string path, string name) { if (name == "*") { List <string> names = EnumTasks(path); if (names == null) { return(true); // we dont know so just in case } foreach (string found in names) { if (IsTaskEnabled(path, found)) { return(true); } } return(false); } try { TaskScheduler.TaskScheduler service = new TaskScheduler.TaskScheduler(); service.Connect(); ITaskFolder folder = service.GetFolder(path); IRegisteredTask task = folder.GetTask(name); return(task.Enabled); } catch (FileNotFoundException) { return(false); } catch (Exception err) { AppLog.Line("Error in {0}: {1}", MiscFunc.GetCurrentMethod(), err.Message); } return(true); // we dont know so just in case }
public bool Install(bool start = false) { try { if (!ServiceHelper.ServiceIsInstalled(ServiceName)) { ServiceHelper.Install(ServiceName, App.mName, "\"" + App.exePath + "\" -svc"); } ServiceHelper.ChangeStartMode(ServiceName, ServiceHelper.ServiceBootFlag.AutoStart); if (start) { ServiceHelper.StartService(ServiceName); } return(true); } catch (Exception err) { AppLog.Line("Error in {0}: {1}", MiscFunc.GetCurrentMethod(), err.Message); } return(false); }
public Auditing GetAuditPol() { try { AuditPol.AUDIT_POLICY_INFORMATION pol = AuditPol.GetSystemPolicy("0CCE9226-69AE-11D9-BED3-505054503030"); if ((pol.AuditingInformation & AuditPol.AUDIT_POLICY_INFORMATION_TYPE.Success) != 0 && (pol.AuditingInformation & AuditPol.AUDIT_POLICY_INFORMATION_TYPE.Failure) != 0) { return(Auditing.All); } if ((pol.AuditingInformation & AuditPol.AUDIT_POLICY_INFORMATION_TYPE.Success) != 0) { return(Auditing.Allowed); } if ((pol.AuditingInformation & AuditPol.AUDIT_POLICY_INFORMATION_TYPE.Failure) != 0) { return(Auditing.Blocked); } } catch (Exception err) { AppLog.Line("Error in {0}: {1}", MiscFunc.GetCurrentMethod(), err.Message); } return(Auditing.Off); }
public bool WatchConnections(bool enable = true) { try { if (enable) { mEventWatcher = new EventLogWatcher(new EventLogQuery("Security", PathType.LogName, "*[System[(Level=4 or Level=0) and (EventID=" + (int)EventIDs.Blocked + " or EventID=" + (int)EventIDs.Allowed + ")]] and *[EventData[Data[@Name='LayerRTID']>='48']]")); mEventWatcher.EventRecordWritten += new EventHandler <EventRecordWrittenEventArgs>(OnConnection); mEventWatcher.Enabled = true; } else { mEventWatcher.EventRecordWritten -= new EventHandler <EventRecordWrittenEventArgs>(OnConnection); mEventWatcher.Dispose(); mEventWatcher = null; } } catch (Exception err) { AppLog.Line("Error in {0}: {1}", MiscFunc.GetCurrentMethod(), err.Message); return(false); } return(true); }
public static bool Exec(string cmd, string args, bool hidden = true) { try { Process process = new Process(); process.StartInfo.UseShellExecute = false; if (hidden) { process.StartInfo.WindowStyle = ProcessWindowStyle.Hidden; process.StartInfo.CreateNoWindow = true; } process.StartInfo.FileName = cmd; process.StartInfo.Arguments = args; process.StartInfo.Verb = "runas"; // run as admin process.Start(); process.WaitForExit(); return(true); } catch (Exception err) { AppLog.Line("Error in {0}: {1}", MiscFunc.GetCurrentMethod(), err.Message); } return(false); }
public void LoadLog() { EventLog eventLog = new EventLog("Security"); try { //for (int i = eventLog.Entries.Count-1; i > 0; i--) foreach (EventLogEntry logEntry in eventLog.Entries) { //EventLogEntry entry = eventLog.Entries[i]; if (logEntry.InstanceId != (long)EventIDs.Allowed && logEntry.InstanceId != (long)EventIDs.Blocked) { continue; } string[] ReplacementStrings = logEntry.ReplacementStrings; string direction_str = ReplacementStrings[2]; Directions direction = Directions.Unknown; if (direction_str == "%%14592") { direction = Directions.Inbound; } else if (direction_str == "%%14593") { direction = Directions.Outboun; } int processId = MiscFunc.parseInt(ReplacementStrings[0]); string path = ReplacementStrings[1]; ProgramList.ID id = GetIDforEntry(path, processId); if (id == null) { return; } Actions action = Actions.Undefined; if (logEntry.InstanceId == (int)EventIDs.Blocked) { action = Actions.Block; } else if (logEntry.InstanceId == (int)EventIDs.Allowed) { action = Actions.Allow; } string src_ip = ReplacementStrings[3]; int src_port = MiscFunc.parseInt(ReplacementStrings[4]); string dest_ip = ReplacementStrings[5]; int dest_port = MiscFunc.parseInt(ReplacementStrings[6]); int protocol = MiscFunc.parseInt(ReplacementStrings[7]); Program.LogEntry entry = new Program.LogEntry(id, action, direction, src_ip, src_port, dest_ip, dest_port, protocol, processId, logEntry.TimeGenerated); App.engine.LogActivity(entry, true); } } catch (Exception err) { AppLog.Line("Error in {0}: {1}", MiscFunc.GetCurrentMethod(), err.Message); } eventLog.Dispose(); }
public AppInfo?GetInfo(string path, string name, string id, string sid) { string manifest = Path.Combine(path, "AppxManifest.xml"); if (!File.Exists(manifest)) { return(null); } XElement xelement; try { string manifestXML = File.ReadAllText(manifest); int startIndex = manifestXML.IndexOf("<Properties>", StringComparison.Ordinal); int num = manifestXML.IndexOf("</Properties>", StringComparison.Ordinal); xelement = XElement.Parse(manifestXML.Substring(startIndex, num - startIndex + 13).Replace("uap:", string.Empty)); } catch (Exception err) { AppLog.Line("Error in {0}: {1}", MiscFunc.GetCurrentMethod(), err.Message); return(null); } string displayName = name; string logoPath = null; try { displayName = xelement.Element((XName)"DisplayName")?.Value; logoPath = xelement.Element((XName)"Logo")?.Value; } catch (Exception err) { AppLog.Line("Error in {0}: {1}", MiscFunc.GetCurrentMethod(), err.Message); } try { Uri result; if (Uri.TryCreate(displayName, UriKind.Absolute, out result)) { string pathToPri = Path.Combine(path, "resources.pri"); string resourceKey1 = "ms-resource://" + name + "/resources/" + ((IEnumerable <string>)result.Segments).Last <string>(); string stringFromPriFile = MiscFunc.GetResourceStr(pathToPri, resourceKey1); if (!string.IsNullOrEmpty(stringFromPriFile.Trim())) { displayName = stringFromPriFile; } else { string str = string.Concat(((IEnumerable <string>)result.Segments).Skip <string>(1)); string resourceKey2 = "ms-resource://" + name + "/" + str; stringFromPriFile = MiscFunc.GetResourceStr(pathToPri, resourceKey2); if (!string.IsNullOrEmpty(stringFromPriFile.Trim())) { displayName = stringFromPriFile; } } } if (logoPath != null) { string path1 = Path.Combine(path, logoPath); if (File.Exists(path1)) { logoPath = path1; } else { string path2 = Path.Combine(path, Path.ChangeExtension(path1, "scale-100.png")); if (File.Exists(path2)) { logoPath = path2; } else { string path3 = Path.Combine(Path.Combine(path, "en-us"), logoPath); string path4 = Path.Combine(path, Path.ChangeExtension(path3, "scale-100.png")); if (File.Exists(path4)) { logoPath = path4; } else { logoPath = null; } } } } } catch (Exception err) { AppLog.Line("Error in {0}: {1}", MiscFunc.GetCurrentMethod(), err.Message); } return(new AppInfo() { Name = displayName, Logo = logoPath, ID = id, SID = sid }); }
public void LoadApps() { Apps.Clear(); AppInfos.Clear(); //packageManager.RemovePackageAsync(package.Id.FullName); IEnumerable <Windows.ApplicationModel.Package> packages = (IEnumerable <Windows.ApplicationModel.Package>)packageManager.FindPackages(); // Todo: is there a better way to get this ? foreach (var package in packages) { string name; //string fullname; string path; string publisher; bool isFramework; try { name = package.Id.Name; //fullname = package.Id.FullName; publisher = package.Id.PublisherId; path = package.InstalledLocation.Path; isFramework = package.IsFramework; } catch (Exception err) { AppLog.Line("Error in {0}: {1}", MiscFunc.GetCurrentMethod(), err.Message); continue; } string appPackageID = name.ToLower() + "_" + publisher; string appSID = PackageIDToSid(appPackageID).ToLower(); if (Apps.ContainsKey(package.InstalledLocation.Path.ToLower())) { AppLog.Line("Warning an app with the path: {0} is already listed", package.InstalledLocation.Path.ToLower()); } else { Apps.Add(package.InstalledLocation.Path.ToLower(), appSID); } AppInfo?info = GetInfo(path, name, appPackageID, appSID); if (info != null) { AppInfo old_info; if (AppInfos.TryGetValue(appSID, out old_info)) { continue; } if (AppInfos.ContainsKey(appSID)) { AppLog.Line("Warning an app with the SID: {0} is already listed", appSID); } else { AppInfos.Add(appSID, info.Value); } } } }