/// <summary> /// This is the main detection function called to recover the OS /// </summary> /// <param name="remoteCredentials"></param> /// <returns></returns> public int Detect(RemoteCredentials remoteCredentials) { Layton.Common.Controls.Impersonator impersonator = null; String remoteHost = remoteCredentials.RemoteHost; try { // We may want to impersonate a different user so that we can audit remote computers - if so // start the impersonation here if (remoteCredentials.Username != null && remoteCredentials.Username != "") { impersonator = new Impersonator(remoteCredentials.Username, remoteCredentials.Domain, remoteCredentials.Password); } // Pickup and format the remote host name for WMI if (remoteCredentials.IsLocalComputer()) { remoteHost = @"\\localhost"; } else { remoteHost = @"\\" + remoteCredentials.RemoteHost; } //Connection credentials to the remote computer - not needed if the logged in account has access ConnectionOptions oConn = null; // Construct the path to the WMI node we are interested in String path = remoteHost + @"\root\cimv2"; ManagementScope scope; if (oConn == null) { scope = new ManagementScope(path); } else { scope = new ManagementScope(path, oConn); } // ...and connect scope.Connect(); // Query the Operating System ObjectQuery query = new ObjectQuery("SELECT * FROM Win32_OperatingSystem"); ManagementObjectSearcher searcher = new ManagementObjectSearcher(scope, query); ManagementObjectCollection queryCollection = searcher.Get(); foreach (ManagementObject managementObject in queryCollection) { _name = managementObject["Caption"].ToString(); _name = RationalizeOS(_name); _serial = new ApplicationSerial(); _serial.ProductId = managementObject["SerialNumber"].ToString(); managementObject.Dispose(); break; } // The above WMI call works as far as it goes however it cannot recover the CD Key // for this we will need to use registry access - we may as well use WMI for this as // well as if the above fails we stuck anyway DetectOSCdKey(remoteHost); } catch (Exception) { return(-1); } finally { if (impersonator != null) { impersonator.Dispose(); } } return(0); }
/// <summary> /// Main Detection function. The main cause of an error here is the inability to connect to the remote /// systems registry. This will most often be down to either the remote registry service not running /// or the user having insufficient privilege to access the remote registry /// </summary> /// <param name="remoteCredentials"></param> /// <param name="onlyMicrosoft"></param> /// <returns></returns> public int Detect(RemoteCredentials remoteCredentials, ref String errorText) { Layton.Common.Controls.Impersonator impersonator = null; String remoteHost = remoteCredentials.RemoteHost; int status = 0; bool existingServiceStatus = false; try { // We may want to impersonate a different user so that we can audit remote computers - if so // start the impersonation here if (remoteCredentials.Username != null && remoteCredentials.Username != "") { impersonator = new Impersonator(remoteCredentials.Username, remoteCredentials.Domain, remoteCredentials.Password); } // Ensure that the remote registry service is running on the remote Asset and that we can // connect. If the service is not active we may start it status = ValidateRemoteRegistryService(remoteCredentials, out existingServiceStatus); if (status != 0) { errorText = "The Remote Registry Service was not active and could not be started"; return(status); } // Now begin the audit this.ReadPublisherMappings(); this._applicationSerials.Detect(remoteHost); RegistryKey rootCUKey; RegistryAccess registryAccess = new RegistryAccess(); RegistryKey rootLMKey = null; // Attempt to connect to the remote registry and open the HKEY_LOCAL_MACHINE key status = registryAccess.OpenRegistry(Registry.LocalMachine, remoteHost, out rootLMKey); if (status != 0) { errorText = registryAccess.LastErrorText; return(status); } // Attempt to connect to the remote registry and open the HKEY_CURRENT_USER key status = registryAccess.OpenRegistry(Registry.CurrentUser, remoteHost, out rootCUKey); if (status != 0) { errorText = registryAccess.LastErrorText; return(status); } // Open the Softare uninstall key under HKLM and scan it RegistryKey uninstallKey = rootLMKey.OpenSubKey(UNINSTALLKEY); if (uninstallKey != null) { this.ScanUninstallKey(uninstallKey); uninstallKey.Close(); } // Open the software uninstall key under HKCU and scan it uninstallKey = rootCUKey.OpenSubKey(UNINSTALLKEY); if (uninstallKey != null) { this.ScanUninstallKey(uninstallKey); uninstallKey.Close(); } // Scan the Windows installer key this.ScanWindowsInstaller(rootLMKey); // close all open keys rootLMKey.Close(); rootCUKey.Close(); } catch (Exception ex) { errorText = "An exception occurred while trying to connect to the system registry on Asset [" + remoteHost + "] - The error was [" + ex.Message + "]"; return(-1); } finally { // Ensure that we restore the initial status of the remote registry service on the target computer RestoreRemoteRegistyStatus(remoteCredentials, existingServiceStatus); // Displose of any impersonator object if created if (impersonator != null) { impersonator.Dispose(); } } // Iterate through the applications detected by the above and attempt to recover any serial number foreach (ApplicationInstance thisApplication in this) { ApplicationSerial thisSerial = null; if (thisApplication.Guid != "") { thisSerial = this._applicationSerials.ContainsApplication(thisApplication.Guid); } if ((thisSerial == null) && (thisApplication.Name != "")) { thisSerial = this._applicationSerials.ContainsApplication(thisApplication.Name); } if (thisSerial != null) { thisApplication.Serial = thisSerial; thisSerial.Matched = true; } } errorText = ""; return(0); }