// C -> Shellcode using MSVC Example
private static IAttack CShellcodeMsvcExample()
{
var samplesOutput = new SamplesOutput();
var attackName = "CShellcodeMsvc";
var attack = new Attack(new IOutput[] {
samplesOutput,
}, name: attackName);
// Uses a technique from 2010/2013 to use MSVC to compile C code into Shellcode
// http://www.exploit-monday.com/2013/08/writing-optimized-windows-shellcode-in-c.html
// https://nickharbour.wordpress.com/2010/07/01/writing-shellcode-with-a-c-compiler/
// Metasploit started doing the same thing at the end of 2019 (But with the Mingw-w64 toolchain instead of MSVC)
// https://blog.rapid7.com/2019/11/21/metasploit-shellcode-grows-up-encrypted-and-authenticated-c-shells/
var createProcessSource = new CreateProcess("notepad");
// The first argument to CompileToShellcode must implement IShellcodeCCxxSourceIParameterlessCFunction
// For the most part the means it is a subclass of ShellcodeCCxxSource and implements IParameterlessCFunction
// See the note at the end of this method for the characteristics of "shellcodable" C source.
var shellcode = MyWarez.Plugins.Msvc.Utils.CompileToShellcode(createProcessSource, (StaticLibrary <Win64ObjectFile>)null, optimize: true);
// There's also a parameter to specify optimizations, The default is not optimized since there's a chance optimization will result in nonfunctional shellcode.
// shellcode -> exe wrapper from Sample12
var rawShellcodeAsm = new RawShellcodeYasmAssemblySource(shellcode, symbolName: "SheSellsShellCodesByTheSilkRoad");
var staticLibrary = ((IAssembler <YASM, Win64ObjectFile>) new MyWarez.Plugins.Yasm.Yasm()).Assemble(rawShellcodeAsm);
var entryPoint = ((ICFunction)rawShellcodeAsm).Name;
var linkerConfig = new MyWarez.Plugins.GoDevTool.Linker.Config(ENTRY: entryPoint);
var createProcessExe = ((ILinker <Win64ObjectFile, Executable>) new MyWarez.Plugins.GoDevTool.Linker(linkerConfig)).Link(staticLibrary);
samplesOutput.Add("CShellcodeMsvcNotepad.exe", createProcessExe); // Double click to confirm that notepad spawns
attack.Generate();
return(attack);
}
static void Main()
{
Application.EnableVisualStyles();
Application.SetCompatibleTextRenderingDefault(false);
NativeHelper.SetProcessDPIAware();
Environment.SetEnvironmentVariable("KrkrRunMode", "Local");
var args = Environment.GetCommandLineArgs();
if (args.Length == 2)
{
try
{
var pe = new PeHeaderReader(args[1]);
}
catch (Exception e)
{
Environment.Exit(0);
}
var Module = new CreateProcess(true);
Module.Run(args[1]);
Environment.Exit(0);
}
else
{
Application.Run(new Form1());
}
}
// C/C++ with cl.exe (MSVC) & GoLink.exe
private static IAttack CCxxClGoLinkExample()
{
var samplesOutput = new SamplesOutput();
var attackName = "CCxxClGoLink";
var attack = new Attack(new IOutput[] {
samplesOutput,
}, name: attackName);
var cmdline = "notepad";
var createProcessSource = new CreateProcess(cmdline);
// The CRT entry points (mainCRTStartup, wmainCRTStartup, WinMainCRTStartup, wWinMainCRTStartup, _DllMainCRTStartup) don't work GoLink
// So, we must define our own entrypoint
var entryPoint = ((ICFunction)createProcessSource).Name;
// GoLink is incompatiable with Whole Program Optimization (cl.exe's /GL option)
var compilerConfig = new MyWarez.Plugins.Msvc.Compiler.Config(GL: false);
var createProcessStaticLibrary = ((ICCxxCompiler <Win64ObjectFile>) new MyWarez.Plugins.Msvc.Compiler(compilerConfig)).Compile(createProcessSource);
// MSVC's /GS option needs code from libcmt.lib
// GoLink can't use static library files (.lib), so a workaround is to unpack the .lib into its individual object (.obj) files
var libraryObjectFiles = new StaticLibrary <Win64ObjectFile>(new[] { MyWarez.Plugins.Msvc.StaticLibraries.libcmtWin64() }).ObjectFiles;
//var libraryObjectFiles = new StaticLibrary<Win64ObjectFile>(new[] { MyWarez.Plugins.Msvc.StaticLibraries.libcmtWin64(), MyWarez.Plugins.Msvc.StaticLibraries.libucrtWin64(), MyWarez.Plugins.Msvc.StaticLibraries.libvcruntimeWin64() }).ObjectFiles;
// libucrt.lib and libvcruntime.lib are other parts of the MSVC C Run-Time static libraries
// they are omitted here, omitting them saves time since extract object files from .lib files takes a while.
// Use GoLink as the linker instead of MSVC's linker (link.exe)
// We must specify an entrypoint with GoLink since the default entrypoint is always "START"
// Meanwhile MSVC would default to the appropriate CRT entrypoint
var linkerConfig = new MyWarez.Plugins.GoDevTool.Linker.Config(ENTRY: entryPoint);
var createProcessExe = ((ILinker <Win64ObjectFile, Executable>) new MyWarez.Plugins.GoDevTool.Linker(linkerConfig, importStaticLibraryObjects: libraryObjectFiles)).Link(createProcessStaticLibrary);
samplesOutput.Add("CCxxClGoLinkNotepad.exe", createProcessExe); // Double click to confirm that notepad spawns
attack.Generate();
return(attack);
}
////////////////////////////////////////////////////////////////////////////////
//https://github.com/FuzzySecurity/PowerShell-Suite/blob/master/UAC-TokenMagic.ps1
////////////////////////////////////////////////////////////////////////////////
public bool BypassUAC(int processId, string command)
{
if (!_GetPrimaryToken((uint)processId))
{
return(false);
}
if (!_SetTokenInformation())
{
return(false);
}
if (!_DuplicateToken())
{
return(false);
}
string arguments = string.Empty;
Misc.FindExe(ref command, out arguments);
if (!CreateProcess.CreateProcessWithLogonW(phNewToken, command, arguments))
{
return(false);
}
advapi32.RevertToSelf();
return(true);
}
////////////////////////////////////////////////////////////////////////////////
// Return the full path to binary file
////////////////////////////////////////////////////////////////////////////////
public static bool FindFullPath(string input, out string fullpath)
{
fullpath = string.Empty;
try
{
fullpath = Path.GetFullPath(input);
return(true);
}
catch (Exception ex)
{
if (ex is ArgumentException)
{
//I don't like calling CreateProcess here
fullpath = CreateProcess.FindFilePath(input);
if (string.IsNullOrEmpty(fullpath))
{
Console.WriteLine("[-] Unable to locate full binary path");
return(false);
}
return(true);
}
else
{
return(false);
}
}
}
public async Task <ApiResult <bool> > Create(CreateProcess bundle)
{
var json = JsonConvert.SerializeObject(bundle);
var httpContent = new StringContent(json, Encoding.UTF8, "application/json");
var url = $"/api/ProcessingDetail";
var result = await Create <bool>(url, httpContent);
return(result);
}
public int Insert()
{
int nProcessId;
CreateProcess createProcess = new CreateProcess();
createProcess.Process = this.m_Process;
nProcessId = createProcess.Insert();
this.m_Process = createProcess.Process;
return(nProcessId);
}
// Constructing a large C/C++ Example
private static IAttack LargeCCxxExample()
{
var samplesOutput = new SamplesOutput();
var attackName = "LargeCCxx";
var attack = new Attack(new IOutput[] {
samplesOutput,
}, name: attackName);
// spawn notepad
var createProcessSource1 = new CreateProcess("notepad");
// spawn calc
var createProcessSource2 = new CreateProcess("calc");
// returns the we specified path
var targetPathSource = new StaticTargetPathCCxxSource(@"C:\Users\Public\baby.txt");
// returns the data we specified
var fileResourceSource = new StaticFileResourceCCxxSource(new byte[] { 0x65, 0x65, 0x65, 0x65 });
// Drop a file to disk (drop the file "C:\Users\Public\baby.txt" to disk with contents "AAAA")
var writeFileSource = new WriteFileResourceCCxxSource <StaticTargetPathCCxxSource, StaticFileResourceCCxxSource>(targetPathSource, fileResourceSource);
// Call a series C functions in order
var functionCallsSource = new SequentialFunctionCallCCxxSource(new IParameterlessCFunction[] { createProcessSource1, writeFileSource });
// Limit to at most 1 running instance of this code at a time by creating a Global mutex. Only 1 process can have an open handle to a global mutex at a time
var mutexSource = new MutexSingletonCCxxSource(functionCallsSource, mutexName: @"Global\SomeMutexName");
// Check a conditional statement, (check if a debugger is attached)
var antidebuggerSource1 = new NotIsDebuggerPresentCCxxSource(); // Returns true if it's safe to execute (No debugger is attached)
var antidebuggerSource2 = new RemoteDebuggerCCxxSource(); // Retruns true if it's safe to execute (No debugger is attached)
var ifElseSource = new IfElseFunctionCallCCxxSource(
"{0} && {1}", // If this boolean expression is true
new IParameterlessCFunction[] { antidebuggerSource1, antidebuggerSource2 },
trueCaseFunction: mutexSource, // Then execute this
falseCaseFunction: createProcessSource2); // Otherwise execute this
var createThreadSource = new CreateThreadCCxxSource(ifElseSource); // Create a new thread and execute this
var exeWinMainSource = new FunctionCallExeWinMainCCxxSource(createThreadSource);
var exeSource = exeWinMainSource;
// Summary,
// In the main function (WinMain),
// Create a thread
// In the new thread, Check if a debugger is present using the IsDebuggerPresent technique and the CheckRemoteDebuggerPresent technique
// If a debugger is attached,
// spawn calc
// Else // debuger is not attached
// create a mutex. If the mutex is free,
// Spawn notepad
// Drop C:\Users\Public\baby.txt to disk
var createProcessExeStaticLibrary = ((ICCxxCompiler <Win64ObjectFile>) new MyWarez.Plugins.Msvc.Compiler()).Compile(exeSource);
var createProcessExe = ((ILinker <Win64ObjectFile, Executable>) new MyWarez.Plugins.Msvc.Linker()).Link(createProcessExeStaticLibrary);
samplesOutput.Add("LargeCCxx.exe", createProcessExe);
// Double click the to confirm that notepad spawns.
// Open the sample in WinDbg to confirm that calc spawns when a debugger is attached
attack.Generate();
return(attack);
}
// Steps for writing C code that can be turned into shellcode:
// Code must be in C (and have a file extension of ".c")
// Declare (and don't initilize) all variables that the start of functions
// Initialze variables, if any.
// For strings, don't use string constants (qoute notation) to initialize, use arrays instead.
// Write Win32 API calls as you normally would, ShellcodeCCxxSource will automagically swap out the calls for dynamically loaded versions
// Make sure there is no space between the API name and "("
// Don't use the C runtime library
// Use compiler intrinsics where possible
// Otherwise copy and paste the implementation of needed C runtime functions from GCC's or ucrt's source code. Or roll your own.
// Declare helper functions as static and change the name so that they don't conflict with functions in the CRT
// Have at most 1 (nonstatic) function per file.
// Place "//HEADERS" near the top of the source file(s)
// At the top of every function body, place "//DECLARATIONS"
// After the declarations in a function body, place "//INITIALIZATIONS"
// For an example, see Resources/Payloads/Windows/Execution/NativeAPI/CreateProcess/CreateProcess.c
// Also, prototypes for the Win32 API functions used need to be added to Resources\Base\CCxxSource\ShellodeCCxxSource\DynamicallyLoadedFunctionSignatures.h
// Constructing a large C -> Shellcode with MSVC Example
private static IAttack LargeCShellcodeMsvcExample()
{
var samplesOutput = new SamplesOutput();
var attackName = "LargeCShellcodeMsvc";
var attack = new Attack(new IOutput[] {
samplesOutput,
}, name: attackName);
// Same code from LargeCCxx (Some classes changed to their ShellcodeCCxxSource versions)
// The CCxxSource and ShellcodeCCxxSource of class should be identical except some implented interfaces, some types, and the different parent class
var createProcessSource1 = new CreateProcess("notepad");
var createProcessSource2 = new CreateProcess("calc");
var targetPathSource = new StaticTargetPathCCxxSource(@"C:\Users\Public\baby.txt");
var fileResourceSource = new StaticFileResourceCCxxSource(new byte[] { 0x65, 0x65, 0x65, 0x65 });
var writeFileSource = new WriteFileResourceCCxxSource <StaticTargetPathCCxxSource, StaticFileResourceCCxxSource>(targetPathSource, fileResourceSource);
var functionCallsSource = new SequentialFunctionCallShellcodeCCxxSource(new IShellcodeParameterlessCFunction[] { createProcessSource1, writeFileSource });
var mutexSource = new MutexSingletonShellcodeCCxxSource(functionCallsSource, mutexName: @"Global\SomeMutexName");
var antidebuggerSource1 = new NotIsDebuggerPresentCCxxSource();
var antidebuggerSource2 = new RemoteDebuggerCCxxSource();
var ifElseSource = new IfElseFunctionCallShellcodeCCxxSource(
"{0} && {1}",
new IShellcodeParameterlessCFunction[] { antidebuggerSource1, antidebuggerSource2 },
trueCaseFunction: mutexSource,
falseCaseFunction: createProcessSource2);
var createThreadSource = new CreateThreadShellcodeCCxxSource(ifElseSource);
var shellcodeSource = createThreadSource;
// Summary, Same summary as the one from LargeCCxx (minus WinMain)
var shellcode = MyWarez.Plugins.Msvc.Utils.CompileToShellcode(shellcodeSource, (StaticLibrary <Win64ObjectFile>)null, optimize: true);
// shellcode -> exe wrapper from AssemblyShellcodeYasmGoLink
var rawShellcodeAsm = new RawShellcodeYasmAssemblySource(shellcode, symbolName: "SheSellsShellCodesByTheSilkRoad");
var staticLibrary = ((IAssembler <YASM, Win64ObjectFile>) new MyWarez.Plugins.Yasm.Yasm()).Assemble(rawShellcodeAsm);
var entryPoint = ((ICFunction)rawShellcodeAsm).Name;
var linkerConfig = new MyWarez.Plugins.GoDevTool.Linker.Config(ENTRY: entryPoint);
var createProcessExe = ((ILinker <Win64ObjectFile, Executable>) new MyWarez.Plugins.GoDevTool.Linker(linkerConfig)).Link(staticLibrary);
// Note: MSVC could also be used for the linker if desired
samplesOutput.Add("LargeCShellcodeMsvcNotepad.exe", createProcessExe);
// Double click the to confirm that notepad spawns.
// Open the sample in WinDbg to confirm that calc spawns when a debugger is attached
attack.Generate();
return(attack);
}
public static void CheckRiskTypes(CreateProcess process, RAAPEntities db)
{
db.RiskTypes.ForEach((Database.RiskType riskType) =>
{
if (!process.Risks.Any(r => r.Type == riskType.RiskTypeId))
{
process.Risks.Add(new Risk()
{
Type = riskType.RiskTypeId,
Name = riskType.Name,
});
}
}
);
process.Assets.ForEach(p => CheckRiskTypes(p, db));
}
// C/C++ with MSVC Example
private static IAttack CCxxMsvcExample()
{
var samplesOutput = new SamplesOutput();
var attackName = "CCxxMsvc";
var attack = new Attack(new IOutput[] {
samplesOutput,
}, name: attackName);
var cmdline = "notepad"; // any commandline
// CreateProcess is C/C++ code that will create a process using Kernel32!CreateProcessA
var createProcessSource = new CreateProcess(cmdline);
// FunctionCallExeWinMainCCxxSource is C/C++ code containing a template WinMain implentation that calls the inputs entry point function
var createProcessExeSource = new FunctionCallExeWinMainCCxxSource(createProcessSource);
// createProcessExeSource contains the code for WinMain AND the code to create a process from createProcessSource
// C/C++ code can be compiled using the MSVC toolchain
// StaticLibrary represents compiled code
// Msvc.Compiler accepts Msvc.Compiler.Config as an argument. If None is specifed, then the default is used. The default is good for the majority of cases
// (ICCxxCompiler<Win64ObjectFile>) means that this is a C/C++ Compiler that produces object files of type Win64ObjectFile (MSVC's object format for 64-bit code)
var createProcessExeStaticLibrary = ((ICCxxCompiler <Win64ObjectFile>) new MyWarez.Plugins.Msvc.Compiler()).Compile(createProcessExeSource);
// The Linker is used to create an executable using the compiled code from the compilation step
// Msvc.Linker accepts Msvc.Linker.Config as an argument. If None is specifed, then the default is used. The default is good for the majority of cases
// (ILinker<Win64ObjectFile, Executable>) means that this is a Linker that access object files of type Win64ObjectFile and produces executables of type Executable (.exe)
var createProcessExe = ((ILinker <Win64ObjectFile, Executable>) new MyWarez.Plugins.Msvc.Linker()).Link(createProcessExeStaticLibrary);
// The MSVC toolchain can also be used to create a DLL from C/C++ source
// CreateProcess implements the interface ICFunction. ICFunction represents a callable (using the C calling convention) function. The property "Name" of ICFunction is representative of the function's (unmangled) symbol name
var exportedFunctionName = ((ICFunction)createProcessSource).Name;
// DLLs can export functions for other programs to call
var createProcessDllSource = new SkeletonDllMainCCxxSource(createProcessSource, exportedFunctions: new[] { exportedFunctionName });
var createProcessDllStaticLibrary = ((ICCxxCompiler <Win64ObjectFile>) new MyWarez.Plugins.Msvc.Compiler()).Compile(createProcessDllSource);
// Msvc.Linker must be explictly told what function(s) to export
// (ILinker<Win64ObjectFile, Executable>) means that this is a Linker that access object files of type Win64ObjectFile and produces executables of type DynamicLinkLibrary (.dll)
var createProcessLinkerConfig = new MyWarez.Plugins.Msvc.Linker.Config(exportedFunctions: createProcessDllSource.ExportedFunctions);
var createProcessDll = ((ILinker <Win64ObjectFile, DynamicLinkLibrary>) new MyWarez.Plugins.Msvc.Linker(createProcessLinkerConfig)).Link(createProcessDllStaticLibrary);
samplesOutput.Add("CCxxMsvcNotepad.exe", createProcessExe); // Double click to confirm that notepad spawns
samplesOutput.Add("CCxxMsvcNotepad.dll", createProcessDll); // run: "rundll32 Sample8Notepad.dll,CreateProcessFunction" to confirm that notepad spawns
attack.Generate();
return(attack);
}
//------------------<Helper Function to demp req>---------------
private void demoReq()
{
TestUtilities.title("Project 4 - Remote Build Server", '=');
demoReq3_4_5_6();
CreateProcess.RaiseEvent(new RoutedEventArgs(ButtonBase.ClickEvent));
CommMessage connectMsg = new CommMessage(CommMessage.MessageType.connect);
connectMsg.from = ClientEnvironment.endPoint;
connectMsg.to = RepoEnvironment.endPoint;
comm.postMessage(connectMsg);
Thread.Sleep(2000);
comm.postFile("BuildRequest1.xml");
CommMessage msg1 = new CommMessage(CommMessage.MessageType.request);
msg1.from = ClientEnvironment.endPoint;
msg1.to = RepoEnvironment.endPoint;
msg1.command = "BuildRequest";
msg1.arguments.Add("BuildRequest1.xml");
comm.postMessage(msg1);
demoReq7_8_9_11_12_13();
}
public async Task <ApiResult <bool> > Create(CreateProcess bundle)
{
List <ProcessingVoucherDetail> processVoucherDetilList = new List <ProcessingVoucherDetail>();
List <Material> materialsUpdate = new List <Material>();
List <ProcessingDetail> processingDetailUpdate = new List <ProcessingDetail>();
int i = 0;
foreach (var item in bundle.Amount)
{
if (item != 0)
{
var process = await _context.ProcessingDetails
.Include(x => x.Recipe).ThenInclude(x => x.RecipeDetails)
.Where(x => x.Id == bundle.IdProcess[i]).FirstOrDefaultAsync();
foreach (var it in process.Recipe.RecipeDetails)
{
var materials = await _context.Materials.Include(x => x.Packs)
.Where(x => x.Id == it.IdMaterials).FirstOrDefaultAsync();
var unit = materials.Packs.Where(x => x.Name == it.Unit).FirstOrDefault();
long recipesDetailsAmount = 0;
// tính số lượng vừa nhập,ý là số lượng sẽ phát
recipesDetailsAmount = item * it.Amount * unit.Value;
if (recipesDetailsAmount > materials.Amount || materials.Amount == 0)
{
string str = $"Không thể tạo, vì số lượng {materials.Name} không đủ.";
return(new ApiErrorResult <bool>(str));
}
// cập nhật lại số lượng trong nguyên vật liệu
var amountMaterialNew = materials.Amount - recipesDetailsAmount;
materials.Amount = amountMaterialNew < 0 ? 0 : amountMaterialNew;
materialsUpdate.Add(materials);
}
// thêm số lượng sản phẩm đã được dx nhận nguyên liệu để tạo phiếu
var processVD = new ProcessingVoucherDetail()
{
Amount = item,
IdRecipe = process.IdRecipe,
Unit = process.Unit
};
processVoucherDetilList.Add(processVD);
// cập nhật số lượng đã thêm trong kế hoạch chi tiết chế biến.
var enterOld = process.EnterAmount;
var enterNew = process.EnterAmount + item;
process.EnterAmount = enterNew;
var total = process.Amount - enterNew;
if (total <= 0)
{
process.Status = true;
}
else
{
process.Status = false;
}
processingDetailUpdate.Add(process);
}
i++;
}
// tìm id user
var user = await _userManager.FindByNameAsync(bundle.NameCreator);
if (user == null)
{
return(new ApiErrorResult <bool>());
}
// tạo code
var code = await _context.ManageCodes.FirstOrDefaultAsync(x => x.Name == bundle.Code);
var stt = 1;
Location:
var location = code.Location + stt;
var strCode = code.Name + location;
var checkCode = await _context.ProductTypes.AnyAsync(x => x.Code == strCode);
if (checkCode)
{
stt++;
goto Location;
}
code.Location = location;
_context.ManageCodes.Update(code);
await _context.SaveChangesAsync();
//cập nhật kế hoạch chế biến đã hoàn thành phát
var processVoucher = new ProcessingVoucher()
{
Code = strCode,
IdCreator = user.Id,
IdPlan = bundle.IdPlan,
ProcessingVoucherDetails = processVoucherDetilList
};
// cập nhật và khởi tạo
_context.Materials.UpdateRange(materialsUpdate);
_context.ProcessingDetails.UpdateRange(processingDetailUpdate);
_context.ProcessingVouchers.Add(processVoucher);
await _context.SaveChangesAsync();
var processNew = await _context.ProcessPlans.Include(x => x.ProcessingDetails)
.Where(x => x.Id == bundle.IdPlan).FirstOrDefaultAsync();
var status = true;
foreach (var p in processNew.ProcessingDetails)
{
if (!p.Status)
{
status = false;
break;
}
}
if (status)
{
processNew.Status = StatusProcessPlan.Processed;
_context.ProcessPlans.Update(processNew);
await _context.SaveChangesAsync();
}
return(new ApiSuccessResult <bool>());
}
protected override void OnExternalObjectsDropped(GoInputEventArgs evt)
{
PointF point;
switch (_dpiState)
{
case DpiState.TooSmall:
point = new PointF(evt.DocPoint.X / 2, evt.DocPoint.Y / 2);
break;
case DpiState.TooBig:
point = new PointF(evt.DocPoint.X * 2, evt.DocPoint.Y * 2);
break;
default:
point = evt.DocPoint;
break;
}
if (Selection.Primary is GoSimpleNode simpleNode)
{
var parent = GetParentGroup(point);
simpleNode.Remove();
switch (simpleNode.Text)
{
case "ExternalInteractor":
CreateExternalInteractor?.Invoke(point, parent);
break;
case "Process":
CreateProcess?.Invoke(point, parent);
break;
case "DataStore":
CreateDataStore?.Invoke(point, parent);
break;
case "TrustBoundary":
CreateTrustBoundary?.Invoke(point, parent);
break;
default:
if (Guid.TryParse(simpleNode.Text, out Guid id))
{
CreateIdentity?.Invoke(id, point, parent);
}
break;
}
}
else if (Selection.Primary is GraphThreatTypeNode threatTypeNode)
{
var threatType = threatTypeNode.ThreatType;
threatTypeNode.Remove();
var nodes = Document.PickObjects(point, false, null, 100);
foreach (var node in nodes)
{
var parent = node?.ParentNode;
if (parent is GraphEntity gnode)
{
var entity = _diagram.Model?.GetEntity(gnode.EntityShape.AssociatedId);
if (entity != null)
{
entity.AddThreatEvent(threatType);
gnode.ShowThreats(this);
}
}
else if (parent is GraphLink glink)
{
var dataFlow = _diagram.Model?.GetDataFlow(glink.Link.AssociatedId);
if (dataFlow != null)
{
dataFlow.AddThreatEvent(threatType);
glink.ShowThreats(this, point);
}
}
}
}
}
public Form1()
{
InitializeComponent();
m_Module = new CreateProcess(false);
}
public async Task <IActionResult> Create(CreateProcess bundle)
{
var result = await _processingDetailApiClient.Create(bundle);
return(Ok(result));
}
public async Task <IActionResult> Create([FromBody] CreateProcess bundle)
{
var result = await _processingDetailService.Create(bundle);
return(Ok(result));
}
protected override unsafe int OnCreateProcess(CorDebugProcess pProcess)
{
CreateProcess?.Invoke(this, pProcess);
return(Continue());
}
public static void CalculateRisk(CreateProcess process)
{
process.Risks.ForEach(r => process.Assets.SelectMany(a => a.Risks.Where(rr => rr.Type == r.Type)).ForEach(rr => AddRisk(r, rr)));
}
public void Main()
{
pInfo = NativeHelpers.CreateProcess(
applicationName: null,
commandLine: opt.Process,
//flags: CreateProcessFlags.DEBUG_ONLY_THIS_PROCESS | CreateProcessFlags.DETACHED_PROCESS
flags: CreateProcessFlags.DETACHED_PROCESS | CreateProcessFlags.DEBUG_PROCESS
);
if (pInfo.dwProcessId == decimal.Zero)
{
Environment.Exit(-1);
}
var _ = NativeMethods.DebugActiveProcess(pInfo.dwProcessId);
var code = Marshal.GetLastWin32Error();
NativeMethods.DebugSetProcessKillOnExit(false);
if (opt.LoadDLL)
{
LoadDLL += (IntPtr address) =>
{
Console.WriteLine($"ModLoad: {address.Address()} {LoadedDlls[address]}");
}
}
;
if (opt.UnloadDLL)
{
UnloadDLL += (IntPtr address) =>
{
Console.WriteLine($"ModUnLoad: {address.Address()} {LoadedDlls[address]}");
}
}
;
if (opt.CreateProcess)
{
CreateProcess += Console.WriteLine;
}
if (opt.ExitProcess)
{
ExitProcess += Console.WriteLine;
}
if (opt.CreateThread)
{
CreateThread += Console.WriteLine;
}
if (opt.ExitThread)
{
ExitThread += Console.WriteLine;
}
if (opt.Exception)
{
Exception += Console.WriteLine;
}
debuggee = Process.GetProcessById(pInfo.dwProcessId);
Console.WriteLine($@"{debuggee.ProcessName} started for debugging: PID: {pInfo.dwProcessId}");
Loop(debuggee);
}
public Form1()
{
InitializeComponent();
m_Module = new CreateProcess(false);
m_ImageListSmall = new ImageList();
}
