public TrayIcon() { this.components = new Container(); this.contextMenu = new ContextMenu(); // Initialize menuItem1 this.menuBlock = new MenuItem(); this.menuBlock.Index = 0; this.menuBlock.Text = Translate.fmt("mnu_block"); ProgramID id = ProgramID.NewID(ProgramID.Types.Global); ProgramSet prog = App.client.GetProgram(id, true); if (prog == null) { this.menuBlock.Enabled = false; } else { this.menuBlock.Checked = (prog.config.CurAccess == ProgramSet.Config.AccessLevels.BlockAccess); } this.menuBlock.Click += new System.EventHandler(this.menuBlock_Click); // Initialize menuItem1 this.menuExit = new MenuItem(); this.menuExit.Index = 0; this.menuExit.Text = Translate.fmt("mnu_exit"); this.menuExit.Click += new System.EventHandler(this.menuExit_Click); // Initialize contextMenu1 this.contextMenu.MenuItems.AddRange(new MenuItem[] { this.menuBlock, new MenuItem("-"), this.menuExit }); // Create the NotifyIcon. this.notifyIcon = new NotifyIcon(this.components); string exePath = System.Reflection.Assembly.GetExecutingAssembly().Location; // The Icon property sets the icon that will appear // in the systray for this application. //notifyIcon1.Icon = new Icon("wu.ico"); notifyIcon.Icon = System.Drawing.Icon.ExtractAssociatedIcon(exePath); // The ContextMenu property sets the menu that will // appear when the systray icon is right clicked. notifyIcon.ContextMenu = this.contextMenu; // The Text property sets the text that will be displayed, // in a tooltip, when the mouse hovers over the systray icon. notifyIcon.Text = FileVersionInfo.GetVersionInfo(exePath).FileDescription; // Handle the DoubleClick event to activate the form. notifyIcon.DoubleClick += new System.EventHandler(this.notifyIcon1_DoubleClick); notifyIcon.Click += new System.EventHandler(this.notifyIcon1_Click); mTimer.Tick += new EventHandler(OnTimerTick); mTimer.Interval = new TimeSpan(0, 0, 0, 0, 500); mTimer.Start(); }
private void UpdateFwMode() { ProgramID id = ProgramID.NewID(ProgramID.Types.Global); ProgramSet prog = App.client.GetProgram(id, true); if (prog == null) { this.menuBlock.Enabled = false; } else { this.menuBlock.Checked = prog.config.CurAccess == ProgramConfig.AccessLevels.BlockAccess; } UpdateMode(); }
public static bool LoadRule(FirewallRule rule, INetFwRule2 entry) { try { INetFwRule3 entry3 = entry as INetFwRule3; rule.BinaryPath = entry.ApplicationName; rule.ServiceTag = entry.serviceName; if (entry3 != null) { rule.AppSID = entry3.LocalAppPackageId; } // Note: while LocalAppPackageId and serviceName can be set at the same timea universall App can not be started as a service ProgramID progID; if (entry.ApplicationName != null && entry.ApplicationName.Equals("System", StringComparison.OrdinalIgnoreCase)) { progID = ProgramID.NewID(ProgramID.Types.System); } // Win10 else if (entry3 != null && entry3.LocalAppPackageId != null) { if (entry.serviceName != null) { throw new ArgumentException("Firewall paremeter conflict"); } progID = ProgramID.NewAppID(entry3.LocalAppPackageId, entry.ApplicationName); } // else if (entry.serviceName != null) { progID = ProgramID.NewSvcID(entry.serviceName, entry.ApplicationName); } else if (entry.ApplicationName != null) { progID = ProgramID.NewProgID(entry.ApplicationName); } else // if nothing is configured than its a global roule { progID = ProgramID.NewID(ProgramID.Types.Global); } rule.ProgID = Priv10Engine.AdjustProgID(progID); // https://docs.microsoft.com/en-us/windows/desktop/api/netfw/nn-netfw-inetfwrule rule.Name = entry.Name; rule.Grouping = entry.Grouping; rule.Description = entry.Description; //rule.ProgramPath = entry.ApplicationName; //rule.ServiceName = entry.serviceName; rule.Enabled = entry.Enabled; switch (entry.Direction) { case NET_FW_RULE_DIRECTION_.NET_FW_RULE_DIR_IN: rule.Direction = FirewallRule.Directions.Inbound; break; case NET_FW_RULE_DIRECTION_.NET_FW_RULE_DIR_OUT: rule.Direction = FirewallRule.Directions.Outboun; break; } switch (entry.Action) { case NET_FW_ACTION_.NET_FW_ACTION_ALLOW: rule.Action = FirewallRule.Actions.Allow; break; case NET_FW_ACTION_.NET_FW_ACTION_BLOCK: rule.Action = FirewallRule.Actions.Block; break; } rule.Profile = entry.Profiles; if (entry.InterfaceTypes.Equals("All", StringComparison.OrdinalIgnoreCase)) { rule.Interface = (int)FirewallRule.Interfaces.All; } else { rule.Interface = 0; if (entry.InterfaceTypes.IndexOf("Lan", StringComparison.OrdinalIgnoreCase) != -1) { rule.Interface |= (int)FirewallRule.Interfaces.Lan; } if (entry.InterfaceTypes.IndexOf("Wireless", StringComparison.OrdinalIgnoreCase) != -1) { rule.Interface |= (int)FirewallRule.Interfaces.Wireless; } if (entry.InterfaceTypes.IndexOf("RemoteAccess", StringComparison.OrdinalIgnoreCase) != -1) { rule.Interface |= (int)FirewallRule.Interfaces.RemoteAccess; } } rule.Protocol = entry.Protocol; /*The localAddrs parameter consists of one or more comma-delimited tokens specifying the local addresses from which the application can listen for traffic. "*" is the default value. Valid tokens include: * * "*" indicates any local address. If present, this must be the only token included. * "Defaultgateway" * "DHCP" * "WINS" * "LocalSubnet" indicates any local address on the local subnet. This token is not case-sensitive. * A subnet can be specified using either the subnet mask or network prefix notation. If neither a subnet mask not a network prefix is specified, the subnet mask defaults to 255.255.255.255. * A valid IPv6 address. * An IPv4 address range in the format of "start address - end address" with no spaces included. * An IPv6 address range in the format of "start address - end address" with no spaces included.*/ switch (rule.Protocol) { case (int)FirewallRule.KnownProtocols.ICMP: case (int)FirewallRule.KnownProtocols.ICMPv6: rule.SetIcmpTypesAndCodes(entry.IcmpTypesAndCodes); break; case (int)FirewallRule.KnownProtocols.TCP: case (int)FirewallRule.KnownProtocols.UDP: // , separated number or range 123-456 rule.LocalPorts = entry.LocalPorts; rule.RemotePorts = entry.RemotePorts; break; } rule.LocalAddresses = entry.LocalAddresses; rule.RemoteAddresses = entry.RemoteAddresses; // https://docs.microsoft.com/de-de/windows/desktop/api/icftypes/ne-icftypes-net_fw_edge_traversal_type_ //EdgeTraversal = (int)(Entry.EdgeTraversal ? NET_FW_EDGE_TRAVERSAL_TYPE_.NET_FW_EDGE_TRAVERSAL_TYPE_ALLOW : NET_FW_EDGE_TRAVERSAL_TYPE_.NET_FW_EDGE_TRAVERSAL_TYPE_DENY); rule.EdgeTraversal = entry.EdgeTraversalOptions; if (entry3 != null) { /* * string s0 = entry3.LocalAppPackageId // 8 * string s1 = entry3.RemoteUserAuthorizedList; // 7 * string s2 = entry3.RemoteMachineAuthorizedList; // 7 * string s3 = entry3.LocalUserAuthorizedList; // 8 * string s4 = entry3.LocalUserOwner; // 8 * int i1 = entry3.SecureFlags; // ?? */ } } catch (Exception err) { Priv10Logger.LogError("Reading Firewall Rule failed {0}", err.ToString()); return(false); } return(true); }
public void UpdateSockets() { UInt64 curTick = MiscFunc.GetTickCount64(); UInt64 Interval = curTick - LastUpdate; LastUpdate = curTick; List <IPHelper.I_SOCKET_ROW> Sockets = new List <IPHelper.I_SOCKET_ROW>(); // enum all ockets IntPtr tcp4Table = IPHelper.GetTcpSockets(ref Sockets); IntPtr tcp6Table = IPHelper.GetTcp6Sockets(ref Sockets); IntPtr udp4Table = IPHelper.GetUdpSockets(ref Sockets); IntPtr udp6Table = IPHelper.GetUdp6Sockets(ref Sockets); MultiValueDictionary <UInt64, NetworkSocket> OldSocketList = SocketList.Clone(); for (int i = 0; i < Sockets.Count; i++) { IPHelper.I_SOCKET_ROW SocketRow = Sockets[i]; NetworkSocket Socket = FindSocket(OldSocketList, SocketRow.ProcessId, SocketRow.ProtocolType, SocketRow.LocalAddress, SocketRow.LocalPort, SocketRow.RemoteAddress, SocketRow.RemotePort, NetworkSocket.MatchMode.Strict); if (Socket != null) { //AppLog.Debug("Found Socket {0}:{1} {2}:{3}", Socket.LocalAddress, Socket.LocalPort, Socket.RemoteAddress, Socket.RemotePort); OldSocketList.Remove(Socket.HashID, Socket); } else { Socket = new NetworkSocket(SocketRow.ProcessId, SocketRow.ProtocolType, SocketRow.LocalAddress, SocketRow.LocalPort, SocketRow.RemoteAddress, SocketRow.RemotePort); //AppLog.Debug("Added Socket {0}:{1} {2}:{3}", Socket.LocalAddress, Socket.LocalPort, Socket.RemoteAddress, Socket.RemotePort); SocketList.Add(Socket.HashID, Socket); } // Note: sockets observed using ETW are not yet initialized as we are missing owner informations there if (Socket.ProgID == null) { Socket.CreationTime = SocketRow.CreationTime; if (App.engine.DnsInspector != null && Socket.RemoteAddress != null) { App.engine.DnsInspector.GetHostName(Socket.ProcessId, Socket.RemoteAddress, Socket, NetworkSocket.HostSetter); } var moduleInfo = SocketRow.Module; if (moduleInfo == null || moduleInfo.ModulePath.Equals("System", StringComparison.OrdinalIgnoreCase)) { Socket.ProgID = ProgramID.NewID(ProgramID.Types.System); } else { string fileName = moduleInfo.ModulePath; string serviceTag = moduleInfo.ModuleName; // Note: for services and system TCPIP_OWNER_MODULE_BASIC_INFO.pModuleName is the same TCPIP_OWNER_MODULE_BASIC_INFO.pModulePath // hence we don't have the actuall exe path and we will have to resolve it. if (serviceTag.Equals(fileName)) { fileName = null; // filename not valid } else { serviceTag = null; // service tag not valid } Socket.ProgID = App.engine.GetProgIDbyPID(Socket.ProcessId, serviceTag, fileName); } } Socket.Update(SocketRow, Interval); //IPHelper.ModuleInfo Info = SocketRow.Module; //AppLog.Debug("Socket {0}:{1} {2}:{3} {4}", Socket.LocalAddress, Socket.LocalPort, Socket.RemoteAddress, Socket.RemotePort, (Info != null ? (Info.ModulePath + " (" + Info.ModuleName + ")") : "") + " [PID: " + Socket.ProcessId + "]"); } foreach (NetworkSocket Socket in OldSocketList.GetAllValues()) { bool bIsUDPPseudoCon = (Socket.ProtocolType & (UInt32)IPHelper.AF_PROT.UDP) == (UInt32)IPHelper.AF_PROT.UDP && Socket.RemotePort != 0; // Note: sockets observed using ETW are not yet initialized as we are missing owner informations there if (Socket.ProgID == null) { Socket.CreationTime = DateTime.Now; if (App.engine.DnsInspector != null && Socket.RemoteAddress != null) { App.engine.DnsInspector.GetHostName(Socket.ProcessId, Socket.RemoteAddress, Socket, NetworkSocket.HostSetter); } // Note: etw captured connections does not handle services to well :/ Socket.ProgID = App.engine.GetProgIDbyPID(Socket.ProcessId, null, null); } Socket.Update(null, Interval); if (bIsUDPPseudoCon && (DateTime.Now - Socket.LastActivity).TotalMilliseconds < 5000) // 5 sec // todo: customize udp pseudo con time { OldSocketList.Remove(Socket.HashID, Socket); if (Socket.RemovedTimeStamp != 0) { Socket.RemovedTimeStamp = 0; } } else { Socket.State = (int)IPHelper.MIB_TCP_STATE.CLOSED; } } UInt64 CurTick = MiscFunc.GetCurTick(); foreach (NetworkSocket Socket in OldSocketList.GetAllValues()) { if (Socket.RemovedTimeStamp == 0) { Socket.RemovedTimeStamp = CurTick; } else if (Socket.RemovedTimeStamp < CurTick + 3000) // todo: customize retention time { SocketList.Remove(Socket.HashID, Socket); Socket.Program?.RemoveSocket(Socket); } //AppLog.Debug("Removed Socket {0}:{1} {2}:{3}", CurSocket.LocalAddress, CurSocket.LocalPort, CurSocket.RemoteAddress, CurSocket.RemotePort); } // cleanup if (tcp4Table != IntPtr.Zero) { Marshal.FreeHGlobal(tcp4Table); } if (tcp6Table != IntPtr.Zero) { Marshal.FreeHGlobal(tcp6Table); } if (udp4Table != IntPtr.Zero) { Marshal.FreeHGlobal(udp4Table); } if (udp6Table != IntPtr.Zero) { Marshal.FreeHGlobal(udp6Table); } }
public void UpdateSockets() { UInt64 curTick = MiscFunc.GetTickCount64(); UInt64 Interval = curTick - LastUpdate; LastUpdate = curTick; List <IPHelper.I_SOCKET_ROW> Sockets = new List <IPHelper.I_SOCKET_ROW>(); // enum all ockets IntPtr tcp4Table = IPHelper.GetTcpSockets(ref Sockets); IntPtr tcp6Table = IPHelper.GetTcp6Sockets(ref Sockets); IntPtr udp4Table = IPHelper.GetUdpSockets(ref Sockets); IntPtr udp6Table = IPHelper.GetUdp6Sockets(ref Sockets); MultiValueDictionary <UInt64, NetworkSocket> OldSocketList = SocketList.Clone(); for (int i = 0; i < Sockets.Count; i++) { IPHelper.I_SOCKET_ROW SocketRow = Sockets[i]; NetworkSocket Socket = FindSocket(OldSocketList, SocketRow.ProcessId, SocketRow.ProtocolType, SocketRow.LocalAddress, SocketRow.LocalPort, SocketRow.RemoteAddress, SocketRow.RemotePort, NetworkSocket.MatchMode.Strict); if (Socket != null) { //AppLog.Debug("Found Socket {0}:{1} {2}:{3}", Socket.LocalAddress, Socket.LocalPort, Socket.RemoteAddress, Socket.RemotePort); OldSocketList.Remove(Socket.HashID, Socket); } else { Socket = new NetworkSocket(SocketRow.ProcessId, SocketRow.ProtocolType, SocketRow.LocalAddress, SocketRow.LocalPort, SocketRow.RemoteAddress, SocketRow.RemotePort); //AppLog.Debug("Added Socket {0}:{1} {2}:{3}", Socket.LocalAddress, Socket.LocalPort, Socket.RemoteAddress, Socket.RemotePort); SocketList.Add(Socket.HashID, Socket); } // Note: sockets observed using ETW are not yet initialized as we are missing owner informations there if (Socket.ProgID == null) { Socket.CreationTime = SocketRow.CreationTime; if (Socket.RemoteAddress != null) { App.engine.DnsInspector.GetHostName(Socket.ProcessId, Socket.RemoteAddress, Socket, NetworkSocket.HostSetter); } var moduleInfo = SocketRow.Module; if (moduleInfo == null || moduleInfo.ModulePath.Equals("System", StringComparison.OrdinalIgnoreCase)) { Socket.ProgID = ProgramID.NewID(ProgramID.Types.System); } else { string fileName = moduleInfo.ModulePath; string serviceTag = moduleInfo.ModuleName; // Note: for services and system TCPIP_OWNER_MODULE_BASIC_INFO.pModuleName is the same TCPIP_OWNER_MODULE_BASIC_INFO.pModulePath // hence we don't have the actuall exe path and we will have to resolve it. if (serviceTag.Equals(fileName)) { fileName = null; // filename not valid } else { serviceTag = null; // service tag not valid } Socket.ProgID = App.engine.GetProgIDbyPID(Socket.ProcessId, serviceTag, fileName); } } // a program may have been removed than the sockets get unasigned and has to be re asigned if (Socket.Assigned == false) { Program prog = Socket.ProgID == null ? null : App.engine.ProgramList.GetProgram(Socket.ProgID, true, ProgramList.FuzzyModes.Any); prog?.AddSocket(Socket); if (prog != null) { Socket.Access = prog.LookupRuleAccess(Socket); } } Socket.Update(SocketRow, Interval); //IPHelper.ModuleInfo Info = SocketRow.Module; //AppLog.Debug("Socket {0}:{1} {2}:{3} {4}", Socket.LocalAddress, Socket.LocalPort, Socket.RemoteAddress, Socket.RemotePort, (Info != null ? (Info.ModulePath + " (" + Info.ModuleName + ")") : "") + " [PID: " + Socket.ProcessId + "]"); } UInt64 CurTick = MiscFunc.GetCurTick(); foreach (NetworkSocket Socket in OldSocketList.GetAllValues()) { if (Socket.RemovedTimeStamp == 0) { Socket.RemovedTimeStamp = CurTick; } else if (Socket.RemovedTimeStamp < CurTick + 3000) // todo: customize retention time { SocketList.Remove(Socket.HashID, Socket); Program prog = Socket.ProgID == null ? null : App.engine.ProgramList.GetProgram(Socket.ProgID); prog?.RemoveSocket(Socket); } //AppLog.Debug("Removed Socket {0}:{1} {2}:{3}", CurSocket.LocalAddress, CurSocket.LocalPort, CurSocket.RemoteAddress, CurSocket.RemotePort); } // cleanup if (tcp4Table != IntPtr.Zero) { Marshal.FreeHGlobal(tcp4Table); } if (tcp6Table != IntPtr.Zero) { Marshal.FreeHGlobal(tcp6Table); } if (udp4Table != IntPtr.Zero) { Marshal.FreeHGlobal(udp4Table); } if (udp6Table != IntPtr.Zero) { Marshal.FreeHGlobal(udp6Table); } }