private void LoadLowRights(COMRegistryMode mode, Sid user) { m_lowrights = new List <COMIELowRightsElevationPolicy>(); if (mode == COMRegistryMode.Merged || mode == COMRegistryMode.MachineOnly) { LoadLowRightsKey(Registry.LocalMachine); } if (mode == COMRegistryMode.Merged || mode == COMRegistryMode.UserOnly) { using (RegistryKey key = Registry.Users.OpenSubKey(user.ToString())) { if (key != null) { LoadLowRightsKey(key); } } } m_lowrights.Sort(); }
private static RegistryKey OpenClassesKey(COMRegistryMode mode, Sid user) { if (user == null) { throw new ArgumentNullException("user"); } switch (mode) { case COMRegistryMode.Merged: return(Registry.ClassesRoot); case COMRegistryMode.MachineOnly: return(Registry.LocalMachine.OpenSubKey(@"SOFTWARE\Classes")); case COMRegistryMode.UserOnly: return(Registry.Users.OpenSubKey(String.Format(@"{0}\SOFTWARE\Classes", user))); default: throw new ArgumentException("Invalid mode", "mode"); } }
/// <summary> /// Default constructor /// </summary> private COMRegistry(COMRegistryMode mode, Sid user, IProgress <Tuple <string, int> > progress) : this(mode) { using (RegistryKey classes_key = OpenClassesKey(mode, user)) { const int total_count = 9; LoadDefaultSecurity(); Report(progress, "CLSIDs", 1, total_count); LoadCLSIDs(classes_key); Report(progress, "AppIDs", 2, total_count); LoadAppIDs(classes_key); Report(progress, "ProgIDs", 3, total_count); LoadProgIDs(classes_key); Report(progress, "Interfaces", 4, total_count); LoadInterfaces(classes_key); Report(progress, "MIME Types", 5, total_count); LoadMimeTypes(classes_key); Report(progress, "PreApproved", 6, total_count); LoadPreApproved(mode, user); Report(progress, "LowRights", 7, total_count); LoadLowRights(mode, user); Report(progress, "TypeLibs", 8, total_count); LoadTypelibs(classes_key); Report(progress, "Runtime Classes", 9, total_count); LoadWindowsRuntime(classes_key, mode); } try { CreatedUser = user.Name; } catch { CreatedUser = user.ToString(); } }
/// <summary> /// The main entry point for the application. /// </summary> public static void Main(string[] args) { string database_file = null; string save_file = null; bool do_enum = false; bool enum_clsid = false; bool enum_runtime = false; bool show_help = false; bool query_interfaces = false; int concurrent_queries = Environment.ProcessorCount; bool refresh_interfaces = false; bool enable_activation_filter = false; string symbol_dir = null; bool delete_database = false; string view_access_sd = null; string view_launch_sd = null; string view_name = null; COMRegistryMode mode = COMRegistryMode.Merged; IEnumerable <COMServerType> server_types = new COMServerType[] { COMServerType.InProcHandler32, COMServerType.InProcServer32, COMServerType.LocalServer32 }; OptionSet opts = new OptionSet() { { "i|in=", "Open a database file.", v => database_file = v }, { "o|out=", "Save database and exit.", v => save_file = v }, { "e|enum", "Enumerate the provided CLSID (GUID).", v => enum_clsid = v != null }, { "r|rt", "Enumerate the provided Runtime Class.", v => enum_runtime = v != null }, { "q|query", "Query all interfaces for database", v => query_interfaces = v != null }, { "c|conn=", "Number of concurrent interface queries", v => concurrent_queries = int.Parse(v) }, { "s|server=", "Specify server types for query", v => server_types = ParseServerTypes(v) }, { "refresh", "Refresh interfaces in query", v => refresh_interfaces = v != null }, { "m", "Loading mode is machine only.", v => mode = COMRegistryMode.MachineOnly }, { "u", "Loading mode is user only.", v => mode = COMRegistryMode.UserOnly }, { "a", "Enable activation filter.", v => enable_activation_filter = v != null }, { "g=", "Generate a symbol file in the specified directory.", v => symbol_dir = v }, { "d", "Delete the input database once loaded", v => delete_database = v != null }, { "v=", "View a COM access security descriptor (specify the SDDL)", v => view_access_sd = v }, { "l=", "View a COM launch security descriptor (specify the SDDL)", v => view_launch_sd = v }, { "n=", "Name any simple form display such as security descriptor", v => view_name = v }, { "h|help", "Show this message and exit.", v => show_help = v != null }, }; List <string> additional_args = new List <string>(); try { additional_args = opts.Parse(args); } catch { show_help = true; } do_enum = enum_clsid || enum_runtime; if (show_help || (do_enum && additional_args.Count < 4) || (symbol_dir != null && !Directory.Exists(symbol_dir))) { StringWriter writer = new StringWriter(); writer.WriteLine("Usage: OleViewDotNet [options] [enum args]"); writer.WriteLine(); writer.WriteLine("Options:"); opts.WriteOptionDescriptions(writer); MessageBox.Show(writer.ToString(), "Help", MessageBoxButtons.OK, MessageBoxIcon.Information); Environment.Exit(1); } if (do_enum) { try { Environment.Exit(EnumInterfaces(new Queue <string>(additional_args), enum_runtime)); } catch { Environment.Exit(42); } } else if (symbol_dir != null) { try { COMUtilities.GenerateSymbolFile(symbol_dir, Environment.Is64BitProcess ? Properties.Settings.Default.DbgHelpPath64 : Properties.Settings.Default.DbgHelpPath32, Properties.Settings.Default.SymbolPath); Environment.Exit(0); } catch (Exception) { Environment.Exit(1); } } else { AppDomain.CurrentDomain.UnhandledException += UnhandledExceptionHandler; Application.EnableVisualStyles(); Application.SetCompatibleTextRenderingDefault(false); try { if (view_access_sd != null || view_launch_sd != null) { bool access = view_access_sd != null; SecurityDescriptor sd = new SecurityDescriptor(view_access_sd ?? view_launch_sd); AccessMask valid_access = access ? 0x7 : 0x1F; SecurityDescriptorViewerControl control = new SecurityDescriptorViewerControl(); DocumentForm frm = new DocumentForm(control); string title = $"{(access ? "Access Security" : "Launch Security")}"; if (!string.IsNullOrWhiteSpace(view_name)) { title = $"{view_name} {title}"; } frm.Text = title; control.SetSecurityDescriptor(sd, typeof(COMAccessRights), new GenericMapping() { GenericExecute = valid_access, GenericRead = valid_access, GenericWrite = valid_access, GenericAll = valid_access }, valid_access); Application.Run(frm); return; } COMRegistry registry = database_file != null?COMUtilities.LoadRegistry(null, database_file) : COMUtilities.LoadRegistry(null, mode); if (delete_database && database_file != null) { File.Delete(database_file); } if (query_interfaces) { if (!COMUtilities.QueryAllInterfaces(null, registry.Clsids.Values, server_types, concurrent_queries, refresh_interfaces)) { Environment.Exit(1); } } if (save_file != null) { registry.Save(save_file); Environment.Exit(0); } _appContext = new MultiApplicationContext(new MainForm(registry)); if (enable_activation_filter) { COMUtilities.CoRegisterActivationFilter(new ActivationFilter()); } Application.Run(_appContext); } catch (Exception ex) { if (!(ex is OperationCanceledException)) { ShowError(null, ex); } } } }
public static COMRegistry Load(COMRegistryMode mode) { return(Load(mode, null, new DummyProgress())); }
public static void Main(string[] args) { string database_file = null; string save_file = null; bool enum_clsid = false; bool enum_runtime = false; bool show_help = false; bool query_interfaces = false; int concurrent_queries = Environment.ProcessorCount; bool refresh_interfaces = false; bool enable_activation_filter = false; COMRegistryMode mode = COMRegistryMode.Merged; IEnumerable <COMServerType> server_types = new COMServerType[] { COMServerType.InProcHandler32, COMServerType.InProcServer32, COMServerType.LocalServer32 }; OptionSet opts = new OptionSet() { { "i|in=", "Open a database file.", v => database_file = v }, { "o|out=", "Save database and exit.", v => save_file = v }, { "e|enum", "Enumerate the provided CLSID (GUID).", v => enum_clsid = v != null }, { "r|rt", "Enumerate the provided Runtime Class.", v => enum_runtime = v != null }, { "q|query", "Query all interfaces for database", v => query_interfaces = v != null }, { "c|conn=", "Number of concurrent interface queries", v => concurrent_queries = int.Parse(v) }, { "s|server=", "Specify server types for query", v => server_types = ParseServerTypes(v) }, { "refresh", "Refresh interfaces in query", v => refresh_interfaces = v != null }, { "m", "Loading mode is machine only.", v => mode = COMRegistryMode.MachineOnly }, { "u", "Loading mode is user only.", v => mode = COMRegistryMode.UserOnly }, { "a", "Enable activation filter.", v => enable_activation_filter = v != null }, { "h|help", "Show this message and exit.", v => show_help = v != null }, }; List <string> additional_args = new List <string>(); try { additional_args = opts.Parse(args); } catch { show_help = true; } if (show_help || (enum_clsid && additional_args.Count < 4) || (enum_runtime && additional_args.Count < 3)) { StringWriter writer = new StringWriter(); writer.WriteLine("Usage: OleViewDotNet [options] [enum args]"); writer.WriteLine(); writer.WriteLine("Options:"); opts.WriteOptionDescriptions(writer); MessageBox.Show(writer.ToString(), "Help", MessageBoxButtons.OK, MessageBoxIcon.Information); Environment.Exit(1); } if (enum_clsid || enum_runtime) { try { Environment.Exit(EnumInterfaces(new Queue <string>(additional_args), enum_runtime)); } catch { Environment.Exit(42); } } else { AppDomain.CurrentDomain.UnhandledException += UnhandledExceptionHandler; Application.EnableVisualStyles(); Application.SetCompatibleTextRenderingDefault(false); try { COMRegistry registry = database_file != null?COMUtilities.LoadRegistry(null, database_file) : COMUtilities.LoadRegistry(null, mode); if (query_interfaces) { if (!COMUtilities.QueryAllInterfaces(null, registry.Clsids.Values, server_types, concurrent_queries, refresh_interfaces)) { Environment.Exit(1); } } if (save_file != null) { registry.Save(save_file); Environment.Exit(0); } _appContext = new MultiApplicationContext(new MainForm(registry)); if (enable_activation_filter) { COMUtilities.CoRegisterActivationFilter(new ActivationFilter()); } Application.Run(_appContext); } catch (Exception ex) { if (!(ex is OperationCanceledException)) { ShowError(null, ex); } } } }