public bool RemoveProgram(Guid guid, ProgramList.ID id = null)
{
if (id != null)
{
return(SplitPrograms(guid, id, false));
}
Program prog;
if (!Progs.TryGetValue(guid, out prog) || IsSpecialProgram(prog))
{
return(true); // already gone - or cant be removed
}
Progs.Remove(guid);
foreach (ID _id in prog.IDs)
{
byID.Remove(_id);
}
foreach (FirewallRule rule in prog.Rules.Values.ToList())
{
App.engine.firewall.RemoveRule(rule, true);
}
App.engine.NotifyChange(null);
return(true);
}
public Program(ProgramList.ID id)
{
guid = Guid.NewGuid();
IDs.Add(id);
config.Name = id.GetDisplayName();
}
private void OnConnection(object obj, EventRecordWrittenEventArgs arg)
{
if (arg.EventRecord == null)
{
return;
}
try
{
int processId = MiscFunc.parseInt(arg.EventRecord.Properties[0].Value.ToString());
string path = arg.EventRecord.Properties[1].Value.ToString();
Actions action = Actions.Undefined;
if (arg.EventRecord.Id == (int)EventIDs.Blocked)
{
action = Actions.Block;
}
else if (arg.EventRecord.Id == (int)EventIDs.Allowed)
{
action = Actions.Allow;
}
string direction_str = arg.EventRecord.Properties[2].Value.ToString();
Directions direction = Directions.Unknown;
if (direction_str == "%%14592")
{
direction = Directions.Inbound;
}
else if (direction_str == "%%14593")
{
direction = Directions.Outboun;
}
string src_ip = arg.EventRecord.Properties[3].Value.ToString();
int src_port = MiscFunc.parseInt(arg.EventRecord.Properties[4].Value.ToString());
string dest_ip = arg.EventRecord.Properties[5].Value.ToString();
int dest_port = MiscFunc.parseInt(arg.EventRecord.Properties[6].Value.ToString());
int protocol = MiscFunc.parseInt(arg.EventRecord.Properties[7].Value.ToString());
ProgramList.ID id = GetIDforEntry(path, processId);
if (id == null)
{
return;
}
Program.LogEntry entry = new Program.LogEntry(id, action, direction, src_ip, src_port, dest_ip, dest_port, protocol, processId, DateTime.Now);
entry.Profile = GetCurrentProfiles();
App.engine.LogActivity(entry);
}
catch (Exception err)
{
AppLog.Line("Error in {0}: {1}", MiscFunc.GetCurrentMethod(), err.Message);
}
}
public bool ClearRules(ProgramList.ID id, bool bDisable)
{
return(mDispatcher.Invoke(new Func <bool>(() => {
Program prog = programs.GetProgram(id);
if (prog == null)
{
return false;
}
firewall.ClearRules(prog, bDisable);
return true;
})));
}
public static FirewallRule MakeBlockRule(ProgramList.ID id, Firewall.Directions direction, long expiration = 0)
{
FirewallRule rule = new FirewallRule(id);
rule.Name = MakeRuleName(BlockAllName, expiration != 0);
rule.Grouping = RuleGroup;
rule.Action = Firewall.Actions.Block;
rule.Direction = direction;
rule.Enabled = true;
rule.Expiration = expiration;
return(rule);
}
public static FirewallRule MakeBlockInetRule(ProgramList.ID id, Firewall.Directions direction, long expiration = 0)
{
FirewallRule rule = new FirewallRule(id);
rule.Name = MakeRuleName(BlockInet, expiration != 0);
rule.Grouping = RuleGroup;
rule.Action = Firewall.Actions.Block;
rule.Direction = direction;
rule.Enabled = true;
rule.RemoteAddresses = NetFunc.GetNonLocalNet();
rule.Expiration = expiration;
return(rule);
}
public static FirewallRule MakeAllowLanRule(ProgramList.ID id, Firewall.Directions direction, long expiration = 0)
{
FirewallRule rule = new FirewallRule(id);
rule.Name = MakeRuleName(AllowLan, expiration != 0);
rule.Grouping = RuleGroup;
rule.Action = Firewall.Actions.Allow;
rule.Direction = direction;
rule.Enabled = true;
rule.RemoteAddresses = "LocalSubnet";
rule.Expiration = expiration;
return(rule);
}
private ProgramList.ID GetIDforEntry(string path, int processId)
{
ProgramList.Types type = ProgramList.Types.Global;
string name = null;
if (path.Equals("System", StringComparison.OrdinalIgnoreCase))
{
type = ProgramList.Types.System;
}
else
{
path = MiscFunc.parsePath(path);
if (path.Length == 0) // fallback
{
path = ProgramList.GetProcessPathById(processId);
if (path == null)
{
return(null);
}
}
//if (Path.GetFileName(path).Equals("svchost.exe", StringComparison.OrdinalIgnoreCase))
List <ServiceHelper.ServiceInfo> Services = ServiceHelper.GetServicesByPID(processId);
if (Services != null)
{
type = ProgramList.Types.Service;
if (Services.Count > 1)
{
// ToDo: handle teh case Services.length > 1 !!!!
Console.WriteLine("Non unique service " + Services.Count);
}
name = Services[0].ServiceName;
}
else
{
name = App.engine.appMgr != null?App.engine.appMgr.GetAppPackage(path) : null;
if (name != null)
{
type = ProgramList.Types.App;
}
else
{
type = ProgramList.Types.Program;
}
}
}
ProgramList.ID id = new ProgramList.ID(type, path, name);
id.MakeDisplayName();
return(id);
}
public LogEntry(ProgramList.ID id, Firewall.Actions action, Firewall.Directions direction, string localAddress, int localPort, string remoteAddress, int remotePort, int protocol, int processId, DateTime timeStamp)
{
guid = Guid.NewGuid();
mID = id;
Action = action;
Direction = direction;
LocalAddress = localAddress;
LocalPort = localPort;
RemoteAddress = remoteAddress;
RemotePort = remotePort;
Protocol = protocol;
PID = processId;
TimeStamp = timeStamp;
}
public TrayIcon()
{
this.components = new Container();
this.contextMenu = new ContextMenu();
// Initialize menuItem1
this.menuBlock = new MenuItem();
this.menuBlock.Index = 0;
this.menuBlock.Text = Translate.fmt("mnu_block");
ProgramList.ID id = new ProgramList.ID(ProgramList.Types.Global);
Program prog = App.itf.GetProgram(id, true);
this.menuBlock.Checked = (prog.config.CurAccess == Program.Config.AccessLevels.BlockAccess);
this.menuBlock.Click += new System.EventHandler(this.menuBlock_Click);
// Initialize menuItem1
this.menuExit = new MenuItem();
this.menuExit.Index = 0;
this.menuExit.Text = Translate.fmt("mnu_exit");
this.menuExit.Click += new System.EventHandler(this.menuExit_Click);
// Initialize contextMenu1
this.contextMenu.MenuItems.AddRange(new MenuItem[] { this.menuBlock, new MenuItem("-"), this.menuExit });
// Create the NotifyIcon.
this.notifyIcon = new NotifyIcon(this.components);
string exePath = System.Reflection.Assembly.GetExecutingAssembly().Location;
// The Icon property sets the icon that will appear
// in the systray for this application.
//notifyIcon1.Icon = new Icon("wu.ico");
notifyIcon.Icon = System.Drawing.Icon.ExtractAssociatedIcon(exePath);
// The ContextMenu property sets the menu that will
// appear when the systray icon is right clicked.
notifyIcon.ContextMenu = this.contextMenu;
// The Text property sets the text that will be displayed,
// in a tooltip, when the mouse hovers over the systray icon.
notifyIcon.Text = FileVersionInfo.GetVersionInfo(exePath).FileDescription;
// Handle the DoubleClick event to activate the form.
notifyIcon.DoubleClick += new System.EventHandler(this.notifyIcon1_DoubleClick);
notifyIcon.Click += new System.EventHandler(this.notifyIcon1_Click);
}
public bool BlockInternet(bool bBlock)
{
bool ret = true;
ProgramList.ID id = new ProgramList.ID(ProgramList.Types.Global);
Program prog = App.engine.programs.GetProgram(id, true);
if (bBlock)
{
ret &= UpdateRule(FirewallRule.MakeBlockRule(prog.GetMainID(), Directions.Inbound), true);
ret &= UpdateRule(FirewallRule.MakeBlockRule(prog.GetMainID(), Directions.Outboun), true);
}
else
{
ClearRules(prog, false);
}
return(ret);
}
public bool Load(XmlNode entryNode)
{
foreach (XmlNode node in entryNode.ChildNodes)
{
if (node.Name == "id")
{
ProgramList.ID id = new ProgramList.ID();
if (id.Load(node))
{
id.MakeDisplayName();
IDs.Add(id);
}
}
else if (node.Name == "Name")
{
config.Name = node.InnerText;
}
else if (node.Name == "Category")
{
config.Category = node.InnerText;
}
else if (node.Name == "Icon")
{
config.Icon = node.InnerText;
}
else if (node.Name == "NetAccess")
{
Enum.TryParse(node.InnerText, out config.NetAccess);
}
else if (node.Name == "Notify")
{
config.Notify = MiscFunc.parseBool(node.InnerText, null);
}
else
{
AppLog.Line("Unknown Program Value, '{0}':{1}", node.Name, node.InnerText);
}
}
return(IDs.Count > 0 && config.Name != null);
}
public bool AddProgram(ProgramList.ID id, Guid guid)
{
if (byID.ContainsKey(id))
{
return(false); // already exist
}
if (guid == Guid.Empty)
{
GetProgram(id, true);
}
else // add id to existing program
{
Program prog;
if (!Progs.TryGetValue(guid, out prog))
{
return(false);
}
prog.IDs.Add(id);
byID.Add(id, prog);
}
return(true);
}
public void LoadLog()
{
EventLog eventLog = new EventLog("Security");
try
{
//for (int i = eventLog.Entries.Count-1; i > 0; i--)
foreach (EventLogEntry logEntry in eventLog.Entries)
{
//EventLogEntry entry = eventLog.Entries[i];
if (logEntry.InstanceId != (long)EventIDs.Allowed && logEntry.InstanceId != (long)EventIDs.Blocked)
{
continue;
}
string[] ReplacementStrings = logEntry.ReplacementStrings;
string direction_str = ReplacementStrings[2];
Directions direction = Directions.Unknown;
if (direction_str == "%%14592")
{
direction = Directions.Inbound;
}
else if (direction_str == "%%14593")
{
direction = Directions.Outboun;
}
int processId = MiscFunc.parseInt(ReplacementStrings[0]);
string path = ReplacementStrings[1];
ProgramList.ID id = GetIDforEntry(path, processId);
if (id == null)
{
return;
}
Actions action = Actions.Undefined;
if (logEntry.InstanceId == (int)EventIDs.Blocked)
{
action = Actions.Block;
}
else if (logEntry.InstanceId == (int)EventIDs.Allowed)
{
action = Actions.Allow;
}
string src_ip = ReplacementStrings[3];
int src_port = MiscFunc.parseInt(ReplacementStrings[4]);
string dest_ip = ReplacementStrings[5];
int dest_port = MiscFunc.parseInt(ReplacementStrings[6]);
int protocol = MiscFunc.parseInt(ReplacementStrings[7]);
Program.LogEntry entry = new Program.LogEntry(id, action, direction, src_ip, src_port, dest_ip, dest_port, protocol, processId, logEntry.TimeGenerated);
App.engine.LogActivity(entry, true);
}
}
catch (Exception err)
{
AppLog.Line("Error in {0}: {1}", MiscFunc.GetCurrentMethod(), err.Message);
}
eventLog.Dispose();
}
public bool RemoveProgram(Guid guid, ProgramList.ID id = null)
{
return(mDispatcher.Invoke(new Func <bool>(() => {
return programs.RemoveProgram(guid, id);
})));
}
public bool SplitPrograms(Guid from, ProgramList.ID id)
{
return(mDispatcher.Invoke(new Func <bool>(() => {
return programs.SplitPrograms(from, id);
})));
}
public bool AddProgram(ProgramList.ID id, Guid guid)
{
return(mDispatcher.Invoke(new Func <bool>(() => {
return programs.AddProgram(id, guid);
})));
}
public Program GetProgram(ProgramList.ID id, bool canAdd = false)
{
return(mDispatcher.Invoke(new Func <Program>(() => {
return programs.GetProgram(id, canAdd);
})));
}
public FirewallRule(ProgramList.ID id)
{
guid = Guid.Empty;
mID = id;
}