예제 #1
0
        /// <summary>
        /// This is the main detection function called to recover the OS
        /// </summary>
        /// <param name="remoteCredentials"></param>
        /// <returns></returns>
        public int Detect(RemoteCredentials remoteCredentials)
        {
            Layton.Common.Controls.Impersonator impersonator = null;
            String remoteHost = remoteCredentials.RemoteHost;

            try
            {
                // We may want to impersonate a different user so that we can audit remote computers - if so
                // start the impersonation here
                if (remoteCredentials.Username != null && remoteCredentials.Username != "")
                {
                    impersonator = new Impersonator(remoteCredentials.Username, remoteCredentials.Domain, remoteCredentials.Password);
                }

                // Pickup and format the remote host name for WMI
                if (remoteCredentials.IsLocalComputer())
                {
                    remoteHost = @"\\localhost";
                }
                else
                {
                    remoteHost = @"\\" + remoteCredentials.RemoteHost;
                }

                //Connection credentials to the remote computer - not needed if the logged in account has access
                ConnectionOptions oConn = null;

                // Construct the path to the WMI node we are interested in
                String          path = remoteHost + @"\root\cimv2";
                ManagementScope scope;
                if (oConn == null)
                {
                    scope = new ManagementScope(path);
                }
                else
                {
                    scope = new ManagementScope(path, oConn);
                }

                // ...and connect
                scope.Connect();

                // Query the Operating System
                ObjectQuery query = new ObjectQuery("SELECT * FROM Win32_OperatingSystem");
                ManagementObjectSearcher   searcher        = new ManagementObjectSearcher(scope, query);
                ManagementObjectCollection queryCollection = searcher.Get();
                foreach (ManagementObject managementObject in queryCollection)
                {
                    _name             = managementObject["Caption"].ToString();
                    _name             = RationalizeOS(_name);
                    _serial           = new ApplicationSerial();
                    _serial.ProductId = managementObject["SerialNumber"].ToString();
                    managementObject.Dispose();
                    break;
                }

                // The above WMI call works as far as it goes however it cannot recover the CD Key
                // for this we will need to use registry access - we may as well use WMI for this as
                // well as if the above fails we stuck anyway
                DetectOSCdKey(remoteHost);
            }
            catch (Exception)
            {
                return(-1);
            }

            finally
            {
                if (impersonator != null)
                {
                    impersonator.Dispose();
                }
            }

            return(0);
        }
예제 #2
0
        /// <summary>
        /// Main Detection function.  The main cause of an error here is the inability to connect to the remote
        /// systems registry.  This will most often be down to either the remote registry service not running
        /// or the user having insufficient privilege to access the remote registry
        /// </summary>
        /// <param name="remoteCredentials"></param>
        /// <param name="onlyMicrosoft"></param>
        /// <returns></returns>
        public int Detect(RemoteCredentials remoteCredentials, ref String errorText)
        {
            Layton.Common.Controls.Impersonator impersonator = null;
            String remoteHost            = remoteCredentials.RemoteHost;
            int    status                = 0;
            bool   existingServiceStatus = false;

            try
            {
                // We may want to impersonate a different user so that we can audit remote computers - if so
                // start the impersonation here
                if (remoteCredentials.Username != null && remoteCredentials.Username != "")
                {
                    impersonator = new Impersonator(remoteCredentials.Username, remoteCredentials.Domain, remoteCredentials.Password);
                }

                // Ensure that the remote registry service is running on the remote Asset and that we can
                // connect.  If the service is not active we may start it
                status = ValidateRemoteRegistryService(remoteCredentials, out existingServiceStatus);
                if (status != 0)
                {
                    errorText = "The Remote Registry Service was not active and could not be started";
                    return(status);
                }

                // Now begin the audit
                this.ReadPublisherMappings();
                this._applicationSerials.Detect(remoteHost);
                RegistryKey    rootCUKey;
                RegistryAccess registryAccess = new RegistryAccess();
                RegistryKey    rootLMKey      = null;

                // Attempt to connect to the remote registry and open the HKEY_LOCAL_MACHINE key
                status = registryAccess.OpenRegistry(Registry.LocalMachine, remoteHost, out rootLMKey);
                if (status != 0)
                {
                    errorText = registryAccess.LastErrorText;
                    return(status);
                }

                // Attempt to connect to the remote registry and open the HKEY_CURRENT_USER key
                status = registryAccess.OpenRegistry(Registry.CurrentUser, remoteHost, out rootCUKey);
                if (status != 0)
                {
                    errorText = registryAccess.LastErrorText;
                    return(status);
                }

                // Open the Softare uninstall key under HKLM and scan it
                RegistryKey uninstallKey = rootLMKey.OpenSubKey(UNINSTALLKEY);
                if (uninstallKey != null)
                {
                    this.ScanUninstallKey(uninstallKey);
                    uninstallKey.Close();
                }

                // Open the software uninstall key under HKCU and scan it
                uninstallKey = rootCUKey.OpenSubKey(UNINSTALLKEY);
                if (uninstallKey != null)
                {
                    this.ScanUninstallKey(uninstallKey);
                    uninstallKey.Close();
                }

                // Scan the Windows installer key
                this.ScanWindowsInstaller(rootLMKey);

                // close all open keys
                rootLMKey.Close();
                rootCUKey.Close();
            }
            catch (Exception ex)
            {
                errorText = "An exception occurred while trying to connect to the system registry on Asset [" + remoteHost + "] - The error was [" + ex.Message + "]";
                return(-1);
            }

            finally
            {
                // Ensure that we restore the initial status of the remote registry service on the target computer
                RestoreRemoteRegistyStatus(remoteCredentials, existingServiceStatus);

                // Displose of any impersonator object if created
                if (impersonator != null)
                {
                    impersonator.Dispose();
                }
            }

            // Iterate through the applications detected by the above and attempt to recover any serial number
            foreach (ApplicationInstance thisApplication in this)
            {
                ApplicationSerial thisSerial = null;
                if (thisApplication.Guid != "")
                {
                    thisSerial = this._applicationSerials.ContainsApplication(thisApplication.Guid);
                }

                if ((thisSerial == null) && (thisApplication.Name != ""))
                {
                    thisSerial = this._applicationSerials.ContainsApplication(thisApplication.Name);
                }

                if (thisSerial != null)
                {
                    thisApplication.Serial = thisSerial;
                    thisSerial.Matched     = true;
                }
            }

            errorText = "";
            return(0);
        }