コード例 #1
0
        private void SubmitQuery(object sender, DoWorkEventArgs e)
        {
            // Parse input argument object
            string query = (string)e.Argument;
            string path  = query.Split('\n')[0];

            query = string.Join("", query.Split('\n').Skip(1));

            // Simulate Thread Actions
            //Random random = new Random();
            //Thread.Sleep(random.Next(1000,10000));

            // Grab the channel path from the query
            string channel = query.Split('"')[3];
            string id      = query.Split('"')[1];

            mutex.WaitOne();
            Backbone.LogEvent("INFO", "Attempting to write to " + path + "\\" + channel + "\\Query_" + id);


            // Ensure directory path exists
            if (!Directory.Exists(path + "\\" + channel))
            {
                Backbone.LogEvent("WARNING", "Log directory " + channel + " does not exist, attempting to create.");

                try {
                    Directory.CreateDirectory(path + "\\" + channel);
                } catch (UnauthorizedAccessException) {
                    Backbone.LogEvent("ERROR", "You do not have the required permission to create this directory.");
                    return;
                } catch (PathTooLongException) {
                    Backbone.LogEvent("ERROR", "The path entered exceeds the system-defined limit.");
                    return;
                } catch (DirectoryNotFoundException) {
                    Backbone.LogEvent("ERROR", "Invalid directory path. Perhaps the drive is unmapped?");
                    return;
                } catch (Exception) {
                    Backbone.LogEvent("ERROR", "Unspecified IO Error when creating " + channel);
                    return;
                }

                Backbone.LogEvent("INFO", "Log directory " + channel + " created successfully.");
            }

            mutex.ReleaseMutex();

            WevtapiHandler.ExportChannel(IntPtr.Zero, channel, path + "\\" + channel + "\\Query_" + id + ".evtx", query);
        }
コード例 #2
0
        private void GetSystemConfiguration()
        {
            Backbone.LogEvent("INFO", "---- Gathering System Information ----");

            // Gather all event log channels
            EventLog[] channels_raw = WevtapiHandler.EnumerateChannels();
            Channels = new List <SelectableChannelItem>();

            Backbone.LogEvent("INFO", "---- Attempting to Enumerate Log Channels ----");

            // Configure SelectableChannelItem and add to list
            foreach (EventLog channel in channels_raw)
            {
                SelectableChannelItem NewChannel = new SelectableChannelItem {
                    Selected    = false,
                    Channel     = channel,
                    ChannelName = channel.LogDisplayName
                };
                Backbone.LogEvent("INFO", "Found Log Channel: " + channel.LogDisplayName);
                Channels.Add(NewChannel);
            }

            if (Channels.Count == 0)
            {
                Backbone.LogEvent("WARNING", "No Open Log Channels Found");
            }

            // Set the display datagrid
            Backbone.LogEvent("INFO", "Setting Channel Display");
            ChannelsDisplay.ItemsSource = Channels;



            Backbone.LogEvent("INFO", "---- Attempting to Enumerate User Accounts ----");

            // Gather all usernames
            SelectQuery query = new SelectQuery("Win32_UserAccount");
            ManagementObjectSearcher searcher = new ManagementObjectSearcher(query);

            // Init Users List
            Users = new List <SelectableUserItem>();

            // Configure and add users to list
            foreach (ManagementObject user in searcher.Get())
            {
                SelectableUserItem userItem = new SelectableUserItem {
                    Selected = false,
                    Username = user["Name"].ToString()
                };

                Backbone.LogEvent("INFO", "User Account Found: " + user["Name"]);
                Users.Add(userItem);
            }


            if (Users.Count == 0)
            {
                Backbone.LogEvent("ERROR", "Failed to Enumerate User Accounts");
            }

            Backbone.LogEvent("INFO", "Setting User Display");
            UserDisplay.ItemsSource = Users;
            Backbone.LogEvent("INFO", "---- Finished Gathering System Information ----");
        }
コード例 #3
0
        private void PumpAndDump_Click(object sender, RoutedEventArgs e)
        {
            PumpAndDump.IsEnabled = false;


            //
            // Collect Information on Selected Channels
            //
            Backbone.LogEvent("INFO", "---- Attempting to Collect Log Channels ----");
            List <string> channels = new List <string>();

            foreach (SelectableChannelItem channel in Channels)
            {
                if (channel.Selected)
                {
                    channels.Add(channel.ChannelName);
                    Backbone.LogEvent("INFO", "Added Channel: " + channel.ChannelName);
                }
            }

            // Prevent User Stupidity
            if (channels.Count == 0)
            {
                Backbone.LogEvent("WARNING", "No Channels Selected, Selecting All Channels.");
                foreach (SelectableChannelItem channel in Channels)
                {
                    channels.Add(channel.ChannelName);
                    Backbone.LogEvent("INFO", "Added Channel: " + channel.ChannelName);
                }
            }


            //
            // Collect Information on Selected Users
            //
            Backbone.LogEvent("INFO", "---- Attempting to Collect Users ----");

            // Compile a list of all selected users
            List <string> users = new List <string>();

            foreach (SelectableUserItem user in Users)
            {
                if (user.Selected)
                {
                    users.Add(user.Username);
                    Backbone.LogEvent("INFO", "Added User: "******"WARNING", "No Users Selected, Selecting All Users.");
                foreach (SelectableUserItem user in Users)
                {
                    users.Add(user.Username);
                    Backbone.LogEvent("INFO", "Added User: "******"INFO", "---- Attempting to Collect Severities ----");

            // Compile a list of all selected severities
            List <string> severities = new List <string>();

            CheckBox[] boxes = { ErrorCB, WarningCB, InformationCB, FailureAuditCB, SuccessAuditCB };

            foreach (CheckBox item in  boxes)
            {
                if (!item.IsChecked.Value)
                {
                    severities.Add(item.Content.ToString());
                    Backbone.LogEvent("INFO", "Blocked Severity: " + item.Content.ToString());
                }
                else
                {
                    Backbone.LogEvent("INFO", "Added Severity: " + item.Content.ToString());
                }
            }

            // Prevent User Stupidity
            if (severities.Count == 5)
            {
                Backbone.LogEvent("WARNING", "All Severities Blocked, Unblocking All Severities.");
                severities.Clear();
                Backbone.LogEvent("INFO", "Unblocked all severity levels");
            }



            //
            // Validate Parent Directory
            //
            string path = OutputDirectory.Text + "\\" + DateTime.Now.ToString("dd-MM-yyy") + "\\" + DateTime.Now.ToString("HH.mm.ss");

            if (!Directory.Exists(path))
            {
                mutex.WaitOne();
                Backbone.LogEvent("WARNING", "Parent directory " + path + " does not exist, attempting to create.");

                try {
                    Directory.CreateDirectory(path);
                } catch (UnauthorizedAccessException) {
                    Backbone.LogEvent("ERROR", "You do not have the required permission to create this directory.");
                    mutex.ReleaseMutex();
                    return;
                } catch (PathTooLongException) {
                    Backbone.LogEvent("ERROR", "The path entered exceeds the system-defined limit.");
                    mutex.ReleaseMutex();
                    return;
                } catch (DirectoryNotFoundException) {
                    Backbone.LogEvent("ERROR", "Invalid directory path. Perhaps the drive is unmapped?");
                    mutex.ReleaseMutex();
                    return;
                } catch (Exception) {
                    Backbone.LogEvent("ERROR", "Unspecified IO Error when creating " + path);
                    mutex.ReleaseMutex();
                    return;
                }

                Backbone.LogEvent("INFO", "Parent directory " + path + " created successfully.");
                mutex.ReleaseMutex();
            }


            List <string> queryList = WevtapiHandler.GenerateQueryList(channels, users, severities, StartDayPicker, StartTimePicker, EndDayPicker, EndTimePicker);

            progress.Value   = 0;
            progress.Maximum = queryList.Count;
            progress.Minimum = 0;

            queryList.Add(path);


            BackgroundWorker worker = new BackgroundWorker();

            worker.WorkerReportsProgress = true;

            worker.DoWork             += new DoWorkEventHandler(SubmitQueries);
            worker.RunWorkerCompleted += new RunWorkerCompletedEventHandler(QueriesComplete);

            worker.RunWorkerAsync(argument: queryList);

            mutex.WaitOne();
            Backbone.LogEvent("ERROR", "END OF IMPLEMENTATION");
            mutex.ReleaseMutex();
        }