Exemplo n.º 1
0
        private bool createAllowRule(CurrentConn activeConn, string[] services, bool isTemp)
        {
            int Profiles = _optionsView.IsCurrentProfileChecked ? FirewallHelper.GetCurrentProfile() : FirewallHelper.GetGlobalProfile();

            FirewallHelper.CustomRule newRule = new FirewallHelper.CustomRule(activeConn.RuleName, activeConn.CurrentPath, _optionsView.IsAppChecked? activeConn.CurrentAppPkgId : null, activeConn.CurrentLocalUserOwner, services, _optionsView.IsProtocolChecked? activeConn.Protocol : -1, _optionsView.IsTargetIPChecked? activeConn.Target: null, _optionsView.IsTargetPortChecked? activeConn.TargetPort: null, _optionsView.IsLocalPortChecked? activeConn.LocalPort: null, Profiles, "A");
            return(newRule.ApplyIndirect(isTemp));
        }
Exemplo n.º 2
0
        private bool createBlockRule(CurrentConn activeConn, string[] services, bool isTemp)
        {
            bool success = false;

            if (!isTemp)
            {
                if (Settings.Default.UseBlockRules)
                {
                    int Profiles = _optionsView.IsCurrentProfileChecked ? FirewallHelper.GetCurrentProfile() : FirewallHelper.GetGlobalProfile();
                    FirewallHelper.CustomRule newRule = new FirewallHelper.CustomRule(activeConn.RuleName, activeConn.CurrentPath, _optionsView.IsAppChecked ? activeConn.CurrentAppPkgId : null, activeConn.CurrentLocalUserOwner, services, _optionsView.IsProtocolChecked ? activeConn.Protocol : -1, _optionsView.IsTargetIPChecked ? activeConn.Target : null, _optionsView.IsTargetPortChecked ? activeConn.TargetPort : null, _optionsView.IsLocalPortChecked ? activeConn.LocalPort : null, Profiles, "B");
                    success = newRule.ApplyIndirect(isTemp);
                    if (!success)
                    {
                        MessageBox.Show(Common.Properties.Resources.MSG_RULE_FAILED, Common.Properties.Resources.MSG_DLG_ERR_TITLE, MessageBoxButton.OK, MessageBoxImage.Error);
                    }
                }
                else
                {
                    string entry = (!_optionsView.IsServiceRuleChecked || String.IsNullOrEmpty(activeConn.CurrentService) ? activeConn.CurrentPath : activeConn.CurrentService) +
                                   (_optionsView.IsLocalPortChecked ? ";" + activeConn.LocalPort : ";") +
                                   (_optionsView.IsTargetIPChecked ? ";" + activeConn.Target : ";") +
                                   (_optionsView.IsTargetPortChecked ? ";" + activeConn.TargetPort : ";"); //FIXME: Need to add more?
                    using (StreamWriter sw = new StreamWriter(Path.Combine(AppDomain.CurrentDomain.BaseDirectory, "exclusions.set"), true))
                    {
                        sw.WriteLine(entry);
                    }

                    success = true;
                }
            }
            return(success);
        }
Exemplo n.º 3
0
        private bool createAllowRule(CurrentConn activeConn, string[] services, bool createWithAdvancedOptions, bool createTempRule, string ruleName)
        {
            int    Profiles      = OptionsView.IsCurrentProfileChecked ? FirewallHelper.GetCurrentProfile() : FirewallHelper.GetGlobalProfile();
            string finalRuleName = createTempRule ? Messages.RULE_TEMP_PREFIX + ruleName : ruleName;
            var    newRule       = new CustomRule(finalRuleName,
                                                  createWithAdvancedOptions || OptionsView.IsPathChecked ? activeConn.Path : null,
                                                  !createWithAdvancedOptions && OptionsView.IsAppChecked ? activeConn.CurrentAppPkgId : null,
                                                  activeConn.CurrentLocalUserOwner,
                                                  services,
                                                  !createWithAdvancedOptions && OptionsView.IsProtocolChecked ? activeConn.RawProtocol : -1,
                                                  !createWithAdvancedOptions && OptionsView.IsTargetIPChecked ? activeConn.TargetIP : null,
                                                  !createWithAdvancedOptions && OptionsView.IsTargetPortChecked ? activeConn.TargetPort : null,
                                                  !createWithAdvancedOptions && OptionsView.IsLocalPortChecked ? activeConn.SourcePort : null,
                                                  Profiles,
                                                  CustomRule.CustomRuleAction.Allow);

            bool success = FirewallHelper.AddRule(newRule.GetPreparedRule(createTempRule)); // does not use RuleManager

            if (success && createTempRule)
            {
                CreateTempRuleNotifyIcon(newRule);
            }

            return(success);
        }
Exemplo n.º 4
0
        private bool createBlockRule(CurrentConn activeConn, string[] services, bool createWithAdvancedOptions, bool createTempRule, string ruleName)
        {
            bool success;

            if (Settings.Default.UseBlockRules)
            {
                int    Profiles      = OptionsView.IsCurrentProfileChecked ? FirewallHelper.GetCurrentProfile() : FirewallHelper.GetGlobalProfile();
                string finalRuleName = (createTempRule) ? Messages.RULE_TEMP_PREFIX + ruleName : ruleName;
                var    newRule       = new CustomRule(finalRuleName,
                                                      createWithAdvancedOptions || OptionsView.IsPathChecked ? activeConn.Path : null,
                                                      !createWithAdvancedOptions && OptionsView.IsAppChecked ? activeConn.CurrentAppPkgId : null,
                                                      activeConn.CurrentLocalUserOwner,
                                                      services,
                                                      !createWithAdvancedOptions && OptionsView.IsProtocolChecked ? activeConn.RawProtocol : -1,
                                                      !createWithAdvancedOptions && OptionsView.IsTargetIPChecked ? activeConn.TargetIP : null,
                                                      !createWithAdvancedOptions && OptionsView.IsTargetPortChecked ? activeConn.TargetPort : null,
                                                      !createWithAdvancedOptions && OptionsView.IsLocalPortChecked ? activeConn.SourcePort : null,
                                                      Profiles,
                                                      CustomRule.CustomRuleAction.Block);
                success = FirewallHelper.AddRule(newRule.GetPreparedRule(createTempRule)); // does not use RuleManager
                if (success && createTempRule)
                {
                    CreateTempRuleNotifyIcon(newRule);
                }
                if (!success)
                {
                    MessageBox.Show(Messages.MSG_RULE_FAILED, Messages.MSG_DLG_ERR_TITLE, MessageBoxButton.OK, MessageBoxImage.Error);
                }
            }
            else
            {
                // FIXME: Remove and always use Global Rules?
                throw new ArgumentException("Only global block rules can be used - check options");

                string entry = (!OptionsView.IsServiceRuleChecked || String.IsNullOrEmpty(activeConn.CurrentService) ? activeConn.Path : activeConn.CurrentService) +
                               (OptionsView.IsLocalPortChecked ? ";" + activeConn.SourcePort : ";") +
                               (OptionsView.IsTargetIPChecked ? ";" + activeConn.TargetIP : ";") +
                               (OptionsView.IsTargetPortChecked ? ";" + activeConn.TargetPort : ";"); //FIXME: Need to add more?
                using (StreamWriter sw = new StreamWriter(Path.Combine(AppDomain.CurrentDomain.BaseDirectory, "exclusions.set"), true))
                {
                    sw.WriteLine(entry);
                }

                success = true;
            }

            return(success);
        }
Exemplo n.º 5
0
        private bool createAllowRule(CurrentConn activeConn, string[] services, bool isTemp)
        {
            int        Profiles = OptionsView.IsCurrentProfileChecked ? FirewallHelper.GetCurrentProfile() : FirewallHelper.GetGlobalProfile();
            string     ruleName = isTemp ? Messages.RULE_TEMP_PREFIX + activeConn.RuleName : activeConn.RuleName;
            CustomRule newRule  = new CustomRule(ruleName, activeConn.CurrentPath, OptionsView.IsAppChecked ? activeConn.CurrentAppPkgId : null
                                                 , activeConn.CurrentLocalUserOwner, services, OptionsView.IsProtocolChecked ? activeConn.Protocol : -1, OptionsView.IsTargetIPChecked ? activeConn.Target : null
                                                 , OptionsView.IsTargetPortChecked ? activeConn.TargetPort : null, OptionsView.IsLocalPortChecked ? activeConn.LocalPort : null, Profiles
                                                 , CustomRule.CustomRuleAction.A);

            bool success = FirewallHelper.AddRule(newRule.GetPreparedRule(isTemp)); // does not use RuleManager

            if (success && isTemp)
            {
                CreateTempRuleNotifyIcon(newRule);
            }

            return(success);
        }
Exemplo n.º 6
0
        public static void GetService(int pid, int threadid, string path, int protocol, int localport, string target, int remoteport, out string[] svc, out string[] svcdsc, out bool unsure)
        {
            // Try to lookup details about connection to localport.
            //@wokhan: how is this supposed to work since connection is blocked by firewall??
            LogHelper.Info("Trying to retrieve service name through connection information.");
            var ret = IPHelper.GetOwner(pid, localport);

            if (ret != null && !String.IsNullOrEmpty(ret.ModuleName))
            {
                // Returns the owner only if it's indeed a service.
                string ServiceDesc = getServiceDesc(ret.ModuleName);

                if (String.IsNullOrEmpty(ServiceDesc))
                {
                    LogHelper.Debug("But no service description matches...");
                    svc    = new string[0];
                    svcdsc = new string[0];
                    unsure = false;
                }
                else
                {
                    svc    = new[] { ret.ModuleName };
                    svcdsc = new[] { getServiceDesc(ret.ModuleName) };
                    unsure = false;
                    LogHelper.Debug("Identified service as: " + String.Join(",", svcdsc));
                }
                return;
            }

            // Try to retrieve the module name from the calling thread id.
            LogHelper.Info("Trying to retrieve service name through thread information.");
            if (threadid != 0)
            {
                Process p;
                try
                {
                    p = Process.GetProcessById(pid);
                }
                catch (ArgumentException)
                {
                    p = null;
                }
                if (p != null)
                {
                    var thread = p.Threads.Cast <ProcessThread>().SingleOrDefault(t => t.Id == threadid);
                    if (thread == null)
                    {
                        LogHelper.Debug("The thread " + threadid + " has not been found for PID " + pid);
                    }
                    else
                    {
                        var thaddr = thread.StartAddress.ToInt64();
                        var module = p.Modules.Cast <ProcessModule>().FirstOrDefault(m => thaddr >= (m.BaseAddress.ToInt64() + m.ModuleMemorySize));
                        if (module == null)
                        {
                            LogHelper.Debug("The thread has been found, but no module matches.");
                        }
                        else
                        {
                            LogHelper.Debug("The thread has been found for module " + module.ModuleName);

                            string ServiceDesc = getServiceDesc(module.ModuleName);

                            if (String.IsNullOrEmpty(ServiceDesc))
                            {
                                LogHelper.Debug("But no service description matches...");
                                svc    = new string[0];
                                svcdsc = new string[0];
                                unsure = false;
                            }
                            else
                            {
                                svc    = new[] { module.ModuleName };
                                svcdsc = new[] { ServiceDesc };
                                unsure = false;
                                LogHelper.Debug("Identified service as: " + String.Join(",", svcdsc));
                            }
                            return;
                        }
                    }
                }
            }

            LogHelper.Info("Trying to retrieve service name through process information.");
            string[] svcs = GetAllServices(pid);
            //int protocol = (int)Enum.Parse(typeof(NET_FW_IP_PROTOCOL_), protocolStr);

            if (svcs == null)
            {
                LogHelper.Debug("No services running in process " + pid.ToString() + " found!");
                svc    = new string[0];
                svcdsc = new string[0];
                unsure = false;
                return;
            }

            //Only one service? Then we've probably found our guy!
            if (svcs.Length == 1)
            {
                svc    = svcs;
                svcdsc = svcs.Select(s => getServiceDesc(s)).ToArray();
                unsure = true;
                LogHelper.Debug("Identified service as: " + String.Join(",", svcdsc));
                return;
            }

            svc = new string[0];

            // And if it still fails, fall backs to the most ugly way ever I am not able to get rid of :-P
            // Retrieves corresponding existing rules
            LogHelper.Info("Trying to retrieve service name through rule information.");
            int profile = FirewallHelper.GetCurrentProfile();
            var cRules  = FirewallHelper.GetMatchingRules(path, getAppPkgId(pid), protocol, target, remoteport.ToString(), localport.ToString(), svc, getLocalUserOwner(pid), false, false)
                          .Select(r => r.ServiceName)
                          .Distinct()
                          .ToList();

            // Trying to guess the corresponding service if not found with the previous method and if not already filtered
            svcs = svcs.Except(cRules, StringComparer.CurrentCultureIgnoreCase)
                   .ToArray();

            LogHelper.Debug("Excluding " + String.Join(",", cRules) + " // Remains " + String.Join(",", svcs));

            if (svcs.Length > 0)
            {
                svc    = svcs;
                svcdsc = svcs.Select(s => getServiceDesc(s)).ToArray();
                unsure = true;
                LogHelper.Debug("Identified service as: " + String.Join(",", svcdsc) + " (unsure)");
            }
            else
            {
                svcdsc = new string[0];
                unsure = false;
                LogHelper.Debug("No service found!" + String.Join(",", svcdsc));
            }

            return;
        }