private void btnRemoveProc_Click(object sender, EventArgs e)
{
if (!LoadConfigOrShowError("config.xml"))
{
return;
}
string newList = "";
if (lvProtProc.SelectedItems.Count == 0)
{
return;
}
for (int i = 0; i < lvProtProc.Items.Count; i++)
{
if (lvProtProc.SelectedItems[0].Index != i)
{
newList += lvProtProc.Items[i].Text;
if (i + 1 < lvProtProc.Items.Count)
{
newList += "|";
}
}
}
newList = newList.Trim('|');
string procName = (string)lvProtProc.SelectedItems[0].Text;
lvProtProc.Items.RemoveAt(lvProtProc.SelectedItems[0].Index);
XmlConfig.SetConfigString("configuration/protectedProcessList/property/processList", newList);
if (procName != null)
{
string configXml = procName.Replace(".exe", "_config.xml");
if (File.Exists(EventManager.InstallPath + configXml))
{
DialogResult dlgResult = MessageBox.Show(
"Delete custom configuration for \"" + procName + "\"?",
"Delete Configuration",
MessageBoxButtons.YesNo,
MessageBoxIcon.Question);
if (dlgResult == System.Windows.Forms.DialogResult.Yes)
{
File.Delete(EventManager.InstallPath + configXml);
}
}
}
}
private void cbEnableDiD_CheckedChanged(object sender, EventArgs e)
{
if (undergoingUIUpdate)
{
return;
}
XmlConfig.SetConfigString("configuration/defenseInDepth/property/enabled", cbEnableDiD.Checked ? "true" : "false");
if (ExpertOptions.RefEnableDiDCore != null)
{
ExpertOptions.RefEnableDiDCore.Checked = cbEnableDiD.Checked;
}
}
private void cbEnableCF_CheckedChanged(object sender, EventArgs e)
{
if (undergoingUIUpdate)
{
return;
}
XmlConfig.SetConfigString("configuration/browserProtection/property/enabled", cbEnableCF.Checked ? "true" : "false");
if (ExpertOptions.RefEnableBpCore != null)
{
ExpertOptions.RefEnableBpCore.Checked = cbEnableCF.Checked;
}
}
public static void SetProtectionLevelInConfig(EProtectionLevel protLevel)
{
if (XmlConfig.Path == null)
{
throw new Exception("XmlConfig needs to have been initialised before calling");
}
Dictionary <string, string> settings = protLevelPresets[(int)protLevel];
foreach (KeyValuePair <string, string> kvp in settings)
{
XmlConfig.SetConfigString(kvp.Key, kvp.Value);
}
}
private bool LoadConfigOrShowError(string configFileName)
{
if (!XmlConfig.OpenConfig(EventManager.InstallPath + configFileName))
{
ShowConfigLoadError(configFileName);
return(false);
}
if (!XmlConfig.ReadConfig())
{
ShowConfigLoadError(configFileName);
return(false);
}
XmlConfig.Close();
return(true);
}
private void lvProtProc_SelectedIndexChanged(object sender, EventArgs e)
{
if (lvProtProc.SelectedItems.Count == 0)
{
lblAEPLevel.Text = "Anti-Exploit Protection Level (<select a process>):";
return;
}
string proc = lvProtProc.SelectedItems[0].Text;
string xmlFile = proc.Replace(".exe", "_config.xml");
lblAEPLevel.Text = "Anti-Exploit Protection Level (" + proc + "):";
if (File.Exists(EventManager.InstallPath + xmlFile))
{
if (!LoadConfigOrShowError(xmlFile))
{
return;
}
string uiProtLevel = XmlConfig.GetConfigString("configuration/defenseInDepth/property/uiProtLevel");
int level = int.Parse(uiProtLevel);
tbProtLevel.Value = level;
HighlightProtSliderLevel();
radUseCustom.Checked = true;
}
else
{
if (XmlConfig.Path == null || XmlConfig.Path.EndsWith("_config.xml"))
{
if (!LoadConfigOrShowError("config.xml"))
{
return;
}
}
radUseDefault.Checked = true;
HighlightProtSliderLevel();
}
}
private void cbPromptUserExe_CheckedChanged(object sender, EventArgs e)
{
string xmlPathLast = new FileInfo(XmlConfig.Path).Name;
if (string.IsNullOrEmpty(xmlPathLast))
{
return;
}
if (!LoadConfigOrShowError("config.xml"))
{
return;
}
XmlConfig.SetConfigString("configuration/apiMonitor/property/promptUserExeBlocked", cbPromptUserExe.Checked ? "true" : "false");
if (!LoadConfigOrShowError(xmlPathLast))
{
return;
}
}
private void cbPromptOnDotNet_CheckedChanged(object sender, EventArgs e)
{
string xmlPathLast = new FileInfo(XmlConfig.Path).Name;
if (string.IsNullOrEmpty(xmlPathLast))
{
return;
}
if (!LoadConfigOrShowError("config.xml"))
{
return;
}
XmlConfig.SetConfigString("configuration/apiMonitor/property/promptRelaxDotnet", cbPromptOnDotNet.Checked ? "true" : "false");
MainUI.MinimizeToTray = cbMinimizeToTray.Checked;
if (!LoadConfigOrShowError(xmlPathLast))
{
return;
}
}
private void cbMinimizeToTray_CheckedChanged(object sender, EventArgs e)
{
string xmlPathLast = new FileInfo(XmlConfig.Path).Name;
if (string.IsNullOrEmpty(xmlPathLast))
{
return;
}
if (!LoadConfigOrShowError("config.xml"))
{
return;
}
XmlConfig.SetConfigString("configuration/defenseInDepth/property/minimizeToTray", cbMinimizeToTray.Checked ? "true" : "false");
MainUI.MinimizeToTray = cbMinimizeToTray.Checked;
if (!LoadConfigOrShowError(xmlPathLast))
{
return;
}
}
private void radUseCustom_CheckedChanged(object sender, EventArgs e)
{
if (radUseCustom.Checked)
{
if (lvProtProc.SelectedItems.Count == 0)
{
radUseDefault.Checked = true;
HighlightProtSliderLevel();
return;
}
string proc = lvProtProc.SelectedItems[0].Text;
string xmlFile = proc.Replace(".exe", "_config.xml");
if (!File.Exists(EventManager.InstallPath + xmlFile))
{
File.Copy(EventManager.InstallPath + "config.xml", EventManager.InstallPath + xmlFile);
}
string uiProtLevel = XmlConfig.GetConfigString("configuration/defenseInDepth/property/uiProtLevel");
int level = int.Parse(uiProtLevel);
tbProtLevel.Value = level;
HighlightProtSliderLevel();
if (!LoadConfigOrShowError(xmlFile))
{
radUseDefault.Checked = true;
HighlightProtSliderLevel();
return;
}
tbProtLevel.Enabled = true;
lblProtHigh.Enabled = true;
lblProtMax.Enabled = true;
lblProtMin.Enabled = true;
lblProtMod.Enabled = true;
}
}
private void UpdateUI()
{
if (!LoadConfigOrShowError("config.xml"))
{
return;
}
radUseDefault.Checked = true;
HighlightProtSliderLevel();
lvProtProc.Items.Clear();
string[] stringArray = XmlConfig.GetConfigStringArray("configuration/protectedProcessList/property/processList");
if (stringArray != null)
{
lvProtProc.BeginUpdate();
foreach (string name in stringArray)
{
lvProtProc.Items.Add(new ListViewItem(new string[] { name }));
}
lvProtProc.EndUpdate();
}
bool checkedState = XmlConfig.GetConfigBool("configuration/apiMonitor/property/promptUserExeBlocked");
cbPromptUserExe.Checked = checkedState;
checkedState = XmlConfig.GetConfigBool("configuration/apiMonitor/property/checkWhitelist");
cbExeWhitelist.Checked = checkedState;
checkedState = XmlConfig.GetConfigBool("configuration/defenseInDepth/property/minimizeToTray");
cbMinimizeToTray.Checked = checkedState;
checkedState = XmlConfig.GetConfigBool("configuration/apiMonitor/property/promptRelaxDotnet");
cbPromptOnDotNet.Checked = checkedState;
}
private void MainUI_Load(object sender, EventArgs e)
{
RefEnableCF = cbEnableCF;
RefEnableDiD = cbEnableDiD;
CheckUniqueInstance();
EnsureProcTrackerRunning();
System.Threading.ParameterizedThreadStart param = new System.Threading.ParameterizedThreadStart(CheckForUpdatesAlertUser);
System.Threading.Thread thdUpdateCheck = new System.Threading.Thread(param);
thdUpdateCheck.Start(false);
lvRealtime.Font = new Font("Calibri", 9f, FontStyle.Regular);
lvRealtime.Scrollable = true;
lvRealtime.View = View.Details;
lvRealtime.ShowItemToolTips = true;
lvRealtime.FullRowSelect = true;
lvLatestAlerts.Font = new Font("Calibri", 9f, FontStyle.Regular);
lvLatestAlerts.Scrollable = true;
lvLatestAlerts.View = View.Details;
lvLatestAlerts.ShowItemToolTips = true;
lvLatestAlerts.FullRowSelect = true;
EventManager.InitialSortCriterion = EEventSortCriteria.SortByDate;
foreach (EventItem evt in EventManager.AllEvents)
{
DisplayNewEvent(evt.EventRepository.Value, evt, false);
}
tvMonProc.Font = new Font("Calibri", 9f, FontStyle.Regular);
tvMonProc.ImageList = new ImageList();
tvMonProc.ShowNodeToolTips = true;
refreshProcTimer.Tick += new EventHandler(RefreshProcesses);
refreshProcTimer.Interval = 1000;
refreshProcTimer.Start();
lvLatestAlerts.Columns[2].Width = lvLatestAlerts.Width - (lvLatestAlerts.Columns[0].Width + lvLatestAlerts.Columns[1].Width + 20);
cbAntiSpray.CheckedChanged += new EventHandler(HandleCheckChangeAttempt);
cbApiMonitor.CheckedChanged += new EventHandler(HandleCheckChangeAttempt);
cbContentFilter.CheckedChanged += new EventHandler(HandleCheckChangeAttempt);
cbHeapMonitor.CheckedChanged += new EventHandler(HandleCheckChangeAttempt);
cbRopMonitor.CheckedChanged += new EventHandler(HandleCheckChangeAttempt);
cbStackMonitor.CheckedChanged += new EventHandler(HandleCheckChangeAttempt);
cbComMonitor.CheckedChanged += new EventHandler(HandleCheckChangeAttempt);
if (!XmlConfig.OpenConfig(EventManager.InstallPath + "config.xml"))
{
ShowConfigLoadError("config.xml");
return;
}
else
{
if (!XmlConfig.ReadConfig())
{
ShowConfigLoadError("config.xml");
return;
}
else
{
string uiProtLevel = XmlConfig.GetConfigString("configuration/defenseInDepth/property/uiProtLevel");
if (uiProtLevel != null)
{
int tmp = 0;
if (!int.TryParse(uiProtLevel, out tmp))
{
tbProtLevel.Value = 2;
}
tbProtLevel.Value = tmp;
}
else
{
tbProtLevel.Value = 2;
}
tbProtLevel.Tag = tbProtLevel.Value;
undergoingUIUpdate = true;
cbEnableCF.Checked = XmlConfig.GetConfigBool("configuration/browserProtection/property/enabled");
cbEnableDiD.Checked = XmlConfig.GetConfigBool("configuration/defenseInDepth/property/enabled");
undergoingUIUpdate = false;
// IE + ProtectedMode + UAC does not work
// nb: fixed in didcore.dll (it elevates IE if elevation is enabled)
// CheckUACAndIECompat();
}
}
XmlConfig.Close();
HighlightProtSliderLevel();
if (CheckAndQueryAppInitKey(false, false) == true)
{
RenderDisableAllButton(false);
minUi.SetEnableStatePicture(true);
}
else
{
RenderDisableAllButton(true);
minUi.SetEnableStatePicture(false);
}
this.Size = new Size(0, 0);
this.FormBorderStyle = System.Windows.Forms.FormBorderStyle.None;
MinimizeToTray = XmlConfig.GetConfigBool("configuration/defenseInDepth/property/minimizeToTray");
CheckAndDisplayTutorialFirstLaunch();
}
private bool SavePendingSettings()
{
bool allSaved = true;
foreach (KeyValuePair <string, string> kvp in pendingSettings)
{
if (XmlConfig.GetConfigString(kvp.Key) == null)
{
string keyAlternate = null;
if (kvp.Key.Contains("/Enabled:"))
{
// the entry may exist in the xml config as Disabled ...
keyAlternate = kvp.Key.Replace("/Enabled:", "/Disabled:");
}
else if (kvp.Key.Contains("/Disabled:"))
{
// as may the opposite occur ...
keyAlternate = kvp.Key.Replace("/Disabled:", "/Enabled:");
}
NaiveConfigWriter writer = new NaiveConfigWriter(XmlConfig.Path);
if (keyAlternate != null)
{
if (XmlConfig.GetConfigString(keyAlternate) != null)
{
// remove keyAlternate and continue
writer.RemoveXmlPropertyWithPath(keyAlternate);
}
}
// this config entry doesn't exist (i.e. a new imported filter)
// add new entry to config file before proceeding.
int idx = kvp.Key.LastIndexOf('/');
// this code should be tested later
string xmlPropertyPath = kvp.Key.Substring(0, idx);
string xmlPropertyName = kvp.Key.Substring(idx + 1);
writer.AddXmlPropertyAtPath(xmlPropertyPath, xmlPropertyName, kvp.Value);
// then update config
if (!XmlConfig.RefreshConfig())
{
ShowConfigLoadError();
return(false);
}
}
else
{
if (!XmlConfig.SetConfigString(kvp.Key, kvp.Value))
{
allSaved = false;
}
}
}
pendingSettings.Clear();
return(allSaved);
}
bool UpdateUIFromConfig()
{
if (!XmlConfig.RefreshConfig())
{
return(false);
}
XmlConfig.NameValuePair[] nvpArray = XmlConfig.GetNameValuePairArray("configuration/connectFilters/property/");
if (nvpArray != null)
{
lbConnEnabledFilters.Items.Clear();
lbConnEnabledFilters.BeginUpdate();
lbConnEnabledFilters.HorizontalScrollbar = true;
foreach (XmlConfig.NameValuePair nvpair in nvpArray)
{
string name = XmlConfig.GetNameFromPath(nvpair.Name);
if (name.StartsWith("Enabled:", true, null))
{
lbConnEnabledFilters.Items.Add(name.Substring(8) + " => " + nvpair.Value);
}
else if (name.StartsWith("Disabled:", true, null))
{
lbConnDisabledFilters.Items.Add(name.Substring(9) + " => " + nvpair.Value);
}
}
lbConnEnabledFilters.EndUpdate();
}
nvpArray = XmlConfig.GetNameValuePairArray("configuration/requestFilters/property/");
if (nvpArray != null)
{
lbOutEnabledFilters.Items.Clear();
lbOutEnabledFilters.BeginUpdate();
lbOutEnabledFilters.HorizontalScrollbar = true;
foreach (XmlConfig.NameValuePair nvpair in nvpArray)
{
string name = XmlConfig.GetNameFromPath(nvpair.Name);
if (name.StartsWith("Enabled:", true, null))
{
lbOutEnabledFilters.Items.Add(name.Substring(8) + " => " + nvpair.Value);
}
else if (name.StartsWith("Disabled:", true, null))
{
lbOutDisabledFilters.Items.Add(name.Substring(9) + " => " + nvpair.Value);
}
}
lbOutEnabledFilters.EndUpdate();
}
nvpArray = XmlConfig.GetNameValuePairArray("configuration/responseFilters/property/");
if (nvpArray != null)
{
lbInEnabledFilters.Items.Clear();
lbInEnabledFilters.BeginUpdate();
lbInEnabledFilters.HorizontalScrollbar = true;
foreach (XmlConfig.NameValuePair nvpair in nvpArray)
{
string name = XmlConfig.GetNameFromPath(nvpair.Name);
if (name.StartsWith("Enabled:", true, null))
{
lbInEnabledFilters.Items.Add(name.Substring(8) + " => " + nvpair.Value);
}
else if (name.StartsWith("Disabled:", true, null))
{
lbInDisabledFilters.Items.Add(name.Substring(9) + " => " + nvpair.Value);
}
}
lbInEnabledFilters.EndUpdate();
}
return(true);
}
private bool AddFilterModule(string filterFile)
{
// ensure DLL file
//
// pinvoke: BOOL filter!QueryFilters(
// char ***pppszConnectExports, int *pnConnectExports,
// char ***pppszRequestExports, int *pnRequestExports,
// char ***pppszResponseExports, int *pnResponseExports
// );
//
// if(BOOL result == true) add exports to XML config, update UI (and update options dialog UI)
//
// return BOOL result
string[] connectFilters = null, requestFilters = null, responseFilters = null;
bool result = FilterNativeMethods.QueryFilters(filterFile,
out connectFilters, out requestFilters, out responseFilters
);
if (!result)
{
return(false);
}
// we can add the filters
NaiveConfigWriter writer = new NaiveConfigWriter(XmlConfig.Path);
if (connectFilters != null)
{
foreach (string filter in connectFilters)
{
if (XmlConfig.GetConfigString("configuration/connectFilters/property/Enabled:" + filter) == null)
{
writer.AddXmlPropertyAtPath("configuration/connectFilters/property", "Enabled:" + filter, filterFile);
}
else
{
XmlConfig.SetConfigString("configuration/connectFilters/property/Enabled:" + filter, filterFile);
}
if (XmlConfig.GetConfigString("configuration/connectFilters/property/Disabled:" + filter) != null)
{
writer.RemoveXmlPropertyWithPath("configuration/connectFilters/property/Disabled:" + filter);
}
}
}
if (requestFilters != null)
{
foreach (string filter in requestFilters)
{
if (XmlConfig.GetConfigString("configuration/requestFilters/property/Enabled:" + filter) == null)
{
writer.AddXmlPropertyAtPath("configuration/requestFilters/property", "Enabled:" + filter, filterFile);
}
else
{
XmlConfig.SetConfigString("configuration/requestFilters/property/Enabled:" + filter, filterFile);
}
if (XmlConfig.GetConfigString("configuration/requestFilters/property/Disabled:" + filter) != null)
{
writer.RemoveXmlPropertyWithPath("configuration/requestFilters/property/Disabled:" + filter);
}
}
}
if (responseFilters != null)
{
foreach (string filter in responseFilters)
{
if (XmlConfig.GetConfigString("configuration/responseFilters/property/Enabled:" + filter) == null)
{
writer.AddXmlPropertyAtPath("configuration/responseFilters/property", "Enabled:" + filter, filterFile);
}
else
{
XmlConfig.SetConfigString("configuration/responseFilters/property/Enabled:" + filter, filterFile);
}
if (XmlConfig.GetConfigString("configuration/responseFilters/property/Disabled:" + filter) != null)
{
writer.RemoveXmlPropertyWithPath("configuration/responseFilters/property/Disabled:" + filter);
}
}
}
return(true);
}
