private static void Main(string[] args) { var thisProc = Process.GetCurrentProcess(); _appPath = thisProc.MainModule.FileName; _appArgs = args.Select(s => s.TrimStart('/', '-').ToLower().Trim()).ToArray(); Application.ThreadException += Application_ThreadException; Application.EnableVisualStyles(); Application.SetCompatibleTextRenderingDefault(false); // ensure we can start this instance if (!CanStartThisInstance()) { MessageBox.Show("Another instance of " + Program.Name + " is already running.\n\n" + "Only one instance can run at a time.", "Previous Instance Detected", MessageBoxButtons.OK, MessageBoxIcon.Information); return; // terminate program execution } // prompt to enable auto-start on boot if the noAutorun flag is absent (main process only) if (!IsChildProcess && !Program.Arguments.Contains(ValidArgs.NoAutorun)) { SetAutoStart(); } /* Start child process in the following conditions * 1. This is not a child process * 2. There is no debugger attached * 3. The singleProcess argument was not passed * 4. Parent process exited before this one is completely initialized */ if (CanStartChildProcess()) { childExitTimes = new List <DateTime>(); // recursively start new child processes if exit code is not 0 (successful exit) do { var childProcArgs = ValidArgs.ParentProcId + thisProc.Id.ToString(); _childProc = Process.Start(AppPath.Replace(".vshost.exe", ".exe"), childProcArgs); _childProc.WaitForExit(); System.Threading.Thread.Sleep(1000); } while (ShouldRestartChildProc(_childProc.ExitCode)); return; // terminate program execution } //!+ Only child process can get here. // add event handler to exit this instance when the parent process exits if (ParentProcess != null && !ParentProcess.HasExited) { ParentProcess.EnableRaisingEvents = true; ParentProcess.Exited += ParentProcess_Exited; } // initialize data directories and data files var netConfigRegPath = @"HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings"; _appDataPath = GetAppDataPath(); LoadNetworkSettings(); // initialize the network and registry watchers _netWatcher = new NetworkWatcher(); _regWatcher = new RegistryUtils.RegistryMonitor(netConfigRegPath); _regWatcher.RegChangeNotifyFilter = RegistryUtils.RegChangeNotifyFilter.Value; Application.Run(new frmMain()); // stop watchers NetworkWatcher.Stop(); RegistryWatcher.Stop(); SaveNetworkSettings(); // save settings before exiting }
public void Config(BeSafeConfig config, PipeServer pipeServer, bool stoppingService) { _config = config; _pipeServer = pipeServer; bool stateResult; if ((config?.ComponentsState.RegistryWatcher == true) && (stoppingService == false)) { string userSID = config.UserSID; _registryWatcher = new RegistryWatcher(new List <RegistryMonitorPath> { // CurrentUser keys new RegistryMonitorPath { RegistryHive = RegistryHive.Users, RegistryKeyPath = $@"{userSID}\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders" }, new RegistryMonitorPath { RegistryHive = RegistryHive.Users, RegistryKeyPath = $@"{userSID}\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders" }, new RegistryMonitorPath { RegistryHive = RegistryHive.Users, RegistryKeyPath = $@"{userSID}\Software\Microsoft\Windows\CurrentVersion\RunServices" }, new RegistryMonitorPath { RegistryHive = RegistryHive.Users, RegistryKeyPath = $@"{userSID}\Software\Microsoft\Windows\CurrentVersion\Run" }, new RegistryMonitorPath { RegistryHive = RegistryHive.Users, RegistryKeyPath = $@"{userSID}\Software\Microsoft\Windows\CurrentVersion\RunOnce" }, // LocalMachine keys new RegistryMonitorPath { RegistryHive = RegistryHive.LocalMachine, RegistryKeyPath = @"Software\Microsoft\Windows\CurrentVersion\explorer\Shell Folders" }, new RegistryMonitorPath { RegistryHive = RegistryHive.LocalMachine, RegistryKeyPath = @"Software\Microsoft\Windows\CurrentVersion\explorer\User Shell Folders" }, new RegistryMonitorPath { RegistryHive = RegistryHive.LocalMachine, RegistryKeyPath = @"Software\Microsoft\Windows\CurrentVersion\RunServices" }, new RegistryMonitorPath { RegistryHive = RegistryHive.LocalMachine, RegistryKeyPath = @"Software\Microsoft\Windows\CurrentVersion\RunServicesOnce" }, new RegistryMonitorPath { RegistryHive = RegistryHive.LocalMachine, RegistryKeyPath = @"Software\Microsoft\Windows\CurrentVersion\Run" }, new RegistryMonitorPath { RegistryHive = RegistryHive.LocalMachine, RegistryKeyPath = @"Software\Microsoft\Windows\CurrentVersion\RunOnce" }, new RegistryMonitorPath { RegistryHive = RegistryHive.LocalMachine, RegistryKeyPath = @"SOFTWARE\Classes\cplfile\shell\cplopen\command" }, new RegistryMonitorPath { RegistryHive = RegistryHive.LocalMachine, RegistryKeyPath = @"SOFTWARE\Classes\batfile\shell\open\command" }, new RegistryMonitorPath { RegistryHive = RegistryHive.LocalMachine, RegistryKeyPath = @"Software\CLASSES\comfile\shell\open\command" }, new RegistryMonitorPath { RegistryHive = RegistryHive.LocalMachine, RegistryKeyPath = @"Software\CLASSES\exefile\shell\open\command" }, new RegistryMonitorPath { RegistryHive = RegistryHive.LocalMachine, RegistryKeyPath = @"Software\CLASSES\htafile\Shell\Open\Command" }, new RegistryMonitorPath { RegistryHive = RegistryHive.LocalMachine, RegistryKeyPath = @"Software\CLASSES\piffile\shell\open\command" }, new RegistryMonitorPath { RegistryHive = RegistryHive.LocalMachine, RegistryKeyPath = @"SOFTWARE\Classes\scrfile\shell\open\command" }, }); _registryWatcher.ValueChanged += ValueChangedArrived; stateResult = _registryWatcher.Start(); Task.Run(() => StackScanner(_changedValuesStack)); return; } stateResult = _registryWatcher?.Stop() ?? false; }