Exemplo n.º 1
0
        public virtual void Serialization()
        {
            var items = Enumerable.Range(0, 100).Select(_ =>
            {
                var key    = NextKey();
                var values = Enumerable.Range(0, 100).Select(__ => NextValue()).ToArray();
                return(new KeyValuePair <TKey, TValue[]>(key, values));
            }).ToDictionary(kv => kv.Key, kv => kv.Value);
            var data0 = new MultiValueDictionary <TKey, TValue>();

            foreach (var kv in items)
            {
                data0.Add(kv.Key, kv.Value);
            }
            var binaryFormatter = new BinaryFormatter();

            byte[] bin;
            using (var buffer = new MemoryStream())
            {
                binaryFormatter.Serialize(buffer, data0);
                bin = buffer.ToArray();
            }
            MultiValueDictionary <TKey, TValue> data1;

            using (var buffer = new MemoryStream(bin, false))
            {
                data1 = (MultiValueDictionary <TKey, TValue>)binaryFormatter.Deserialize(buffer);
            }
            Assert.Equal(data0, data1);
            Assert.Equal(data0.GetHashCode(), data1.GetHashCode());
            var data2 = data0.Clone();

            Assert.True(((object)data0).Equals(data2));
            Assert.False(((object)data0).Equals(null));
            Assert.False(((object)data0).Equals(2));
        }
Exemplo n.º 2
0
        public void UpdateSockets()
        {
            UInt64 curTick  = MiscFunc.GetTickCount64();
            UInt64 Interval = curTick - LastUpdate;

            LastUpdate = curTick;

            List <IPHelper.I_SOCKET_ROW> Sockets = new List <IPHelper.I_SOCKET_ROW>();

            // enum all ockets
            IntPtr tcp4Table = IPHelper.GetTcpSockets(ref Sockets);
            IntPtr tcp6Table = IPHelper.GetTcp6Sockets(ref Sockets);
            IntPtr udp4Table = IPHelper.GetUdpSockets(ref Sockets);
            IntPtr udp6Table = IPHelper.GetUdp6Sockets(ref Sockets);

            MultiValueDictionary <UInt64, NetworkSocket> OldSocketList = SocketList.Clone();

            for (int i = 0; i < Sockets.Count; i++)
            {
                IPHelper.I_SOCKET_ROW SocketRow = Sockets[i];

                NetworkSocket Socket = FindSocket(OldSocketList, SocketRow.ProcessId, SocketRow.ProtocolType, SocketRow.LocalAddress, SocketRow.LocalPort, SocketRow.RemoteAddress, SocketRow.RemotePort, NetworkSocket.MatchMode.Strict);
                if (Socket != null)
                {
                    //AppLog.Debug("Found Socket {0}:{1} {2}:{3}", Socket.LocalAddress, Socket.LocalPort, Socket.RemoteAddress, Socket.RemotePort);
                    OldSocketList.Remove(Socket.HashID, Socket);
                }
                else
                {
                    Socket = new NetworkSocket(SocketRow.ProcessId, SocketRow.ProtocolType, SocketRow.LocalAddress, SocketRow.LocalPort, SocketRow.RemoteAddress, SocketRow.RemotePort);
                    //AppLog.Debug("Added Socket {0}:{1} {2}:{3}", Socket.LocalAddress, Socket.LocalPort, Socket.RemoteAddress, Socket.RemotePort);
                    SocketList.Add(Socket.HashID, Socket);
                }

                // Note: sockets observed using ETW are not yet initialized as we are missing owner informations there
                if (Socket.ProgID == null)
                {
                    Socket.CreationTime = SocketRow.CreationTime;

                    if (App.engine.DnsInspector != null && Socket.RemoteAddress != null)
                    {
                        App.engine.DnsInspector.GetHostName(Socket.ProcessId, Socket.RemoteAddress, Socket, NetworkSocket.HostSetter);
                    }

                    var moduleInfo = SocketRow.Module;
                    if (moduleInfo == null || moduleInfo.ModulePath.Equals("System", StringComparison.OrdinalIgnoreCase))
                    {
                        Socket.ProgID = ProgramID.NewID(ProgramID.Types.System);
                    }
                    else
                    {
                        string fileName   = moduleInfo.ModulePath;
                        string serviceTag = moduleInfo.ModuleName;

                        // Note: for services and system TCPIP_OWNER_MODULE_BASIC_INFO.pModuleName is the same TCPIP_OWNER_MODULE_BASIC_INFO.pModulePath
                        // hence we don't have the actuall exe path and we will have to resolve it.
                        if (serviceTag.Equals(fileName))
                        {
                            fileName = null; // filename not valid
                        }
                        else
                        {
                            serviceTag = null; // service tag not valid
                        }
                        Socket.ProgID = App.engine.GetProgIDbyPID(Socket.ProcessId, serviceTag, fileName);
                    }
                }

                Socket.Update(SocketRow, Interval);

                //IPHelper.ModuleInfo Info = SocketRow.Module;
                //AppLog.Debug("Socket {0}:{1} {2}:{3} {4}", Socket.LocalAddress, Socket.LocalPort, Socket.RemoteAddress, Socket.RemotePort, (Info != null ? (Info.ModulePath + " (" + Info.ModuleName + ")") : "") + " [PID: " + Socket.ProcessId + "]");
            }

            foreach (NetworkSocket Socket in OldSocketList.GetAllValues())
            {
                bool bIsUDPPseudoCon = (Socket.ProtocolType & (UInt32)IPHelper.AF_PROT.UDP) == (UInt32)IPHelper.AF_PROT.UDP && Socket.RemotePort != 0;

                // Note: sockets observed using ETW are not yet initialized as we are missing owner informations there
                if (Socket.ProgID == null)
                {
                    Socket.CreationTime = DateTime.Now;

                    if (App.engine.DnsInspector != null && Socket.RemoteAddress != null)
                    {
                        App.engine.DnsInspector.GetHostName(Socket.ProcessId, Socket.RemoteAddress, Socket, NetworkSocket.HostSetter);
                    }

                    // Note: etw captured connections does not handle services to well :/
                    Socket.ProgID = App.engine.GetProgIDbyPID(Socket.ProcessId, null, null);
                }

                Socket.Update(null, Interval);

                if (bIsUDPPseudoCon && (DateTime.Now - Socket.LastActivity).TotalMilliseconds < 5000) // 5 sec // todo: customize udp pseudo con time
                {
                    OldSocketList.Remove(Socket.HashID, Socket);

                    if (Socket.RemovedTimeStamp != 0)
                    {
                        Socket.RemovedTimeStamp = 0;
                    }
                }
                else
                {
                    Socket.State = (int)IPHelper.MIB_TCP_STATE.CLOSED;
                }
            }

            UInt64 CurTick = MiscFunc.GetCurTick();

            foreach (NetworkSocket Socket in OldSocketList.GetAllValues())
            {
                if (Socket.RemovedTimeStamp == 0)
                {
                    Socket.RemovedTimeStamp = CurTick;
                }
                else if (Socket.RemovedTimeStamp < CurTick + 3000) // todo: customize retention time
                {
                    SocketList.Remove(Socket.HashID, Socket);

                    Socket.Program?.RemoveSocket(Socket);
                }

                //AppLog.Debug("Removed Socket {0}:{1} {2}:{3}", CurSocket.LocalAddress, CurSocket.LocalPort, CurSocket.RemoteAddress, CurSocket.RemotePort);
            }

            // cleanup
            if (tcp4Table != IntPtr.Zero)
            {
                Marshal.FreeHGlobal(tcp4Table);
            }
            if (tcp6Table != IntPtr.Zero)
            {
                Marshal.FreeHGlobal(tcp6Table);
            }
            if (udp4Table != IntPtr.Zero)
            {
                Marshal.FreeHGlobal(udp4Table);
            }
            if (udp6Table != IntPtr.Zero)
            {
                Marshal.FreeHGlobal(udp6Table);
            }
        }
Exemplo n.º 3
0
        public void UpdateSockets()
        {
            UInt64 curTick  = MiscFunc.GetTickCount64();
            UInt64 Interval = curTick - LastUpdate;

            LastUpdate = curTick;

            List <IPHelper.I_SOCKET_ROW> Sockets = new List <IPHelper.I_SOCKET_ROW>();

            // enum all ockets
            IntPtr tcp4Table = IPHelper.GetTcpSockets(ref Sockets);
            IntPtr tcp6Table = IPHelper.GetTcp6Sockets(ref Sockets);
            IntPtr udp4Table = IPHelper.GetUdpSockets(ref Sockets);
            IntPtr udp6Table = IPHelper.GetUdp6Sockets(ref Sockets);

            MultiValueDictionary <UInt64, NetworkSocket> OldSocketList = SocketList.Clone();

            for (int i = 0; i < Sockets.Count; i++)
            {
                IPHelper.I_SOCKET_ROW SocketRow = Sockets[i];

                NetworkSocket Socket = FindSocket(OldSocketList, SocketRow.ProcessId, SocketRow.ProtocolType, SocketRow.LocalAddress, SocketRow.LocalPort, SocketRow.RemoteAddress, SocketRow.RemotePort, NetworkSocket.MatchMode.Strict);
                if (Socket != null)
                {
                    //AppLog.Debug("Found Socket {0}:{1} {2}:{3}", Socket.LocalAddress, Socket.LocalPort, Socket.RemoteAddress, Socket.RemotePort);
                    OldSocketList.Remove(Socket.HashID, Socket);
                }
                else
                {
                    Socket = new NetworkSocket(SocketRow.ProcessId, SocketRow.ProtocolType, SocketRow.LocalAddress, SocketRow.LocalPort, SocketRow.RemoteAddress, SocketRow.RemotePort);
                    //AppLog.Debug("Added Socket {0}:{1} {2}:{3}", Socket.LocalAddress, Socket.LocalPort, Socket.RemoteAddress, Socket.RemotePort);
                    SocketList.Add(Socket.HashID, Socket);
                }

                // Note: sockets observed using ETW are not yet initialized as we are missing owner informations there
                if (Socket.ProgID == null)
                {
                    Socket.CreationTime = SocketRow.CreationTime;

                    if (Socket.RemoteAddress != null)
                    {
                        App.engine.DnsInspector.GetHostName(Socket.ProcessId, Socket.RemoteAddress, Socket, NetworkSocket.HostSetter);
                    }

                    var moduleInfo = SocketRow.Module;
                    if (moduleInfo == null || moduleInfo.ModulePath.Equals("System", StringComparison.OrdinalIgnoreCase))
                    {
                        Socket.ProgID = ProgramID.NewID(ProgramID.Types.System);
                    }
                    else
                    {
                        string fileName   = moduleInfo.ModulePath;
                        string serviceTag = moduleInfo.ModuleName;

                        // Note: for services and system TCPIP_OWNER_MODULE_BASIC_INFO.pModuleName is the same TCPIP_OWNER_MODULE_BASIC_INFO.pModulePath
                        // hence we don't have the actuall exe path and we will have to resolve it.
                        if (serviceTag.Equals(fileName))
                        {
                            fileName = null; // filename not valid
                        }
                        else
                        {
                            serviceTag = null; // service tag not valid
                        }
                        Socket.ProgID = App.engine.GetProgIDbyPID(Socket.ProcessId, serviceTag, fileName);
                    }
                }

                // a program may have been removed than the sockets get unasigned and has to be re asigned
                if (Socket.Assigned == false)
                {
                    Program prog = Socket.ProgID == null ? null : App.engine.ProgramList.GetProgram(Socket.ProgID, true, ProgramList.FuzzyModes.Any);
                    prog?.AddSocket(Socket);
                    if (prog != null)
                    {
                        Socket.Access = prog.LookupRuleAccess(Socket);
                    }
                }

                Socket.Update(SocketRow, Interval);

                //IPHelper.ModuleInfo Info = SocketRow.Module;
                //AppLog.Debug("Socket {0}:{1} {2}:{3} {4}", Socket.LocalAddress, Socket.LocalPort, Socket.RemoteAddress, Socket.RemotePort, (Info != null ? (Info.ModulePath + " (" + Info.ModuleName + ")") : "") + " [PID: " + Socket.ProcessId + "]");
            }

            UInt64 CurTick = MiscFunc.GetCurTick();

            foreach (NetworkSocket Socket in OldSocketList.GetAllValues())
            {
                if (Socket.RemovedTimeStamp == 0)
                {
                    Socket.RemovedTimeStamp = CurTick;
                }
                else if (Socket.RemovedTimeStamp < CurTick + 3000) // todo: customize retention time
                {
                    SocketList.Remove(Socket.HashID, Socket);

                    Program prog = Socket.ProgID == null ? null : App.engine.ProgramList.GetProgram(Socket.ProgID);
                    prog?.RemoveSocket(Socket);
                }

                //AppLog.Debug("Removed Socket {0}:{1} {2}:{3}", CurSocket.LocalAddress, CurSocket.LocalPort, CurSocket.RemoteAddress, CurSocket.RemotePort);
            }

            // cleanup
            if (tcp4Table != IntPtr.Zero)
            {
                Marshal.FreeHGlobal(tcp4Table);
            }
            if (tcp6Table != IntPtr.Zero)
            {
                Marshal.FreeHGlobal(tcp6Table);
            }
            if (udp4Table != IntPtr.Zero)
            {
                Marshal.FreeHGlobal(udp4Table);
            }
            if (udp6Table != IntPtr.Zero)
            {
                Marshal.FreeHGlobal(udp6Table);
            }
        }