private static void Main(string[] args)
{
var thisProc = Process.GetCurrentProcess();
_appPath = thisProc.MainModule.FileName;
_appArgs = args.Select(s => s.TrimStart('/', '-').ToLower().Trim()).ToArray();
Application.ThreadException += Application_ThreadException;
Application.EnableVisualStyles();
Application.SetCompatibleTextRenderingDefault(false);
// ensure we can start this instance
if (!CanStartThisInstance())
{
MessageBox.Show("Another instance of " + Program.Name + " is already running.\n\n" +
"Only one instance can run at a time.", "Previous Instance Detected",
MessageBoxButtons.OK, MessageBoxIcon.Information);
return; // terminate program execution
}
// prompt to enable auto-start on boot if the noAutorun flag is absent (main process only)
if (!IsChildProcess && !Program.Arguments.Contains(ValidArgs.NoAutorun))
{
SetAutoStart();
}
/* Start child process in the following conditions
* 1. This is not a child process
* 2. There is no debugger attached
* 3. The singleProcess argument was not passed
* 4. Parent process exited before this one is completely initialized
*/
if (CanStartChildProcess())
{
childExitTimes = new List <DateTime>();
// recursively start new child processes if exit code is not 0 (successful exit)
do
{
var childProcArgs = ValidArgs.ParentProcId + thisProc.Id.ToString();
_childProc = Process.Start(AppPath.Replace(".vshost.exe", ".exe"), childProcArgs);
_childProc.WaitForExit();
System.Threading.Thread.Sleep(1000);
} while (ShouldRestartChildProc(_childProc.ExitCode));
return; // terminate program execution
}
//!+ Only child process can get here.
// add event handler to exit this instance when the parent process exits
if (ParentProcess != null && !ParentProcess.HasExited)
{
ParentProcess.EnableRaisingEvents = true;
ParentProcess.Exited += ParentProcess_Exited;
}
// initialize data directories and data files
var netConfigRegPath = @"HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings";
_appDataPath = GetAppDataPath();
LoadNetworkSettings();
// initialize the network and registry watchers
_netWatcher = new NetworkWatcher();
_regWatcher = new RegistryUtils.RegistryMonitor(netConfigRegPath);
_regWatcher.RegChangeNotifyFilter = RegistryUtils.RegChangeNotifyFilter.Value;
Application.Run(new frmMain());
// stop watchers
NetworkWatcher.Stop();
RegistryWatcher.Stop();
SaveNetworkSettings(); // save settings before exiting
}
public void Config(BeSafeConfig config, PipeServer pipeServer, bool stoppingService)
{
_config = config;
_pipeServer = pipeServer;
bool stateResult;
if ((config?.ComponentsState.RegistryWatcher == true) && (stoppingService == false))
{
string userSID = config.UserSID;
_registryWatcher = new RegistryWatcher(new List <RegistryMonitorPath>
{
// CurrentUser keys
new RegistryMonitorPath {
RegistryHive = RegistryHive.Users, RegistryKeyPath = $@"{userSID}\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
},
new RegistryMonitorPath {
RegistryHive = RegistryHive.Users, RegistryKeyPath = $@"{userSID}\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
},
new RegistryMonitorPath {
RegistryHive = RegistryHive.Users, RegistryKeyPath = $@"{userSID}\Software\Microsoft\Windows\CurrentVersion\RunServices"
},
new RegistryMonitorPath {
RegistryHive = RegistryHive.Users, RegistryKeyPath = $@"{userSID}\Software\Microsoft\Windows\CurrentVersion\Run"
},
new RegistryMonitorPath {
RegistryHive = RegistryHive.Users, RegistryKeyPath = $@"{userSID}\Software\Microsoft\Windows\CurrentVersion\RunOnce"
},
// LocalMachine keys
new RegistryMonitorPath {
RegistryHive = RegistryHive.LocalMachine, RegistryKeyPath = @"Software\Microsoft\Windows\CurrentVersion\explorer\Shell Folders"
},
new RegistryMonitorPath {
RegistryHive = RegistryHive.LocalMachine, RegistryKeyPath = @"Software\Microsoft\Windows\CurrentVersion\explorer\User Shell Folders"
},
new RegistryMonitorPath {
RegistryHive = RegistryHive.LocalMachine, RegistryKeyPath = @"Software\Microsoft\Windows\CurrentVersion\RunServices"
},
new RegistryMonitorPath {
RegistryHive = RegistryHive.LocalMachine, RegistryKeyPath = @"Software\Microsoft\Windows\CurrentVersion\RunServicesOnce"
},
new RegistryMonitorPath {
RegistryHive = RegistryHive.LocalMachine, RegistryKeyPath = @"Software\Microsoft\Windows\CurrentVersion\Run"
},
new RegistryMonitorPath {
RegistryHive = RegistryHive.LocalMachine, RegistryKeyPath = @"Software\Microsoft\Windows\CurrentVersion\RunOnce"
},
new RegistryMonitorPath {
RegistryHive = RegistryHive.LocalMachine, RegistryKeyPath = @"SOFTWARE\Classes\cplfile\shell\cplopen\command"
},
new RegistryMonitorPath {
RegistryHive = RegistryHive.LocalMachine, RegistryKeyPath = @"SOFTWARE\Classes\batfile\shell\open\command"
},
new RegistryMonitorPath {
RegistryHive = RegistryHive.LocalMachine, RegistryKeyPath = @"Software\CLASSES\comfile\shell\open\command"
},
new RegistryMonitorPath {
RegistryHive = RegistryHive.LocalMachine, RegistryKeyPath = @"Software\CLASSES\exefile\shell\open\command"
},
new RegistryMonitorPath {
RegistryHive = RegistryHive.LocalMachine, RegistryKeyPath = @"Software\CLASSES\htafile\Shell\Open\Command"
},
new RegistryMonitorPath {
RegistryHive = RegistryHive.LocalMachine, RegistryKeyPath = @"Software\CLASSES\piffile\shell\open\command"
},
new RegistryMonitorPath {
RegistryHive = RegistryHive.LocalMachine, RegistryKeyPath = @"SOFTWARE\Classes\scrfile\shell\open\command"
},
});
_registryWatcher.ValueChanged += ValueChangedArrived;
stateResult = _registryWatcher.Start();
Task.Run(() => StackScanner(_changedValuesStack));
return;
}
stateResult = _registryWatcher?.Stop() ?? false;
}
