private static void PrintProcessCreationEvents()
{
try
{
Beaprint.MainPrint("Process creation events - searching logs (EID 4688) for sensitive data.\n");
if (!MyUtils.IsHighIntegrity())
{
Beaprint.NoColorPrint(" You must be an administrator to run this check");
return;
}
foreach (var eventInfo in ProcessCreation.GetProcessCreationEventInfos())
{
Beaprint.BadPrint($" Created (UTC) : {eventInfo.CreatedAtUtc}\n" +
$" Event Id : {eventInfo.EventId}\n" +
$" User : {eventInfo.User}\n" +
$" Command Line : {eventInfo.Match}\n");
Beaprint.PrintLineSeparator();
}
}
catch (Exception ex)
{
Beaprint.PrintException(ex.Message);
}
}
private void beginInstallUpdateExe(ApplicationUpdate update, bool restartApplication = true)
{
if (!File.Exists(update.UpdateFileLocalPath))
{
throw new Exception("Target update installer does not exist at the expected location.");
}
var systemFolder = Environment.GetFolderPath(Environment.SpecialFolder.System);
string filename, args;
if (restartApplication)
{
string executingProcess = Process.GetCurrentProcess().MainModule.FileName;
filename = update.UpdateFileLocalPath;
args = $"\"{filename}\" /passive /waitforexit"; // The /waitforexit argument makes sure FilterServiceProvider.exe is stopped before displaying its UI.
}
else
{
filename = update.UpdateFileLocalPath;
args = $"\"{filename}\" /passive /waitforexit";
}
try
{
if (!ProcessCreation.CreateElevatedProcessInCurrentSession(filename, args))
{
logger.Error($"Failed to create elevated process with {System.Runtime.InteropServices.Marshal.GetLastWin32Error()}");
}
} catch (Exception ex)
{
logger.Error(ex);
}
}
public override Task <StartClientResponse> startClient(StartClientRequest request,
ServerCallContext context)
{
ProcessCreation.StartClient(request.Username, request.URL, request.ScriptFile, request.DefaultServerUrl,
request.Partitions);
return(Task.FromResult(new StartClientResponse()));
}
public override Task <StartServerResponse> startServer(StartServerRequest request,
ServerCallContext context)
{
var partitions = new List <Partition>();
foreach (var p in request.Partitions)
{
partitions.Add(new Partition {
id = p.Id, masterUrl = p.MasterURL
});
}
ProcessCreation.StartServer(request.ServerId, request.URL, request.MinDelay, request.MaxDelay, partitions);
return(Task.FromResult(new StartServerResponse()));
}
private void beginInstallUpdateExe(ApplicationUpdate update, bool restartApplication = true)
{
if (!File.Exists(update.UpdateFileLocalPath))
{
throw new Exception("Target update installer does not exist at the expected location.");
}
var systemFolder = Environment.GetFolderPath(Environment.SpecialFolder.System);
var email = PlatformTypes.New <IAuthenticationStorage>().UserEmail;
var fingerPrint = FingerprintService.Default.Value;
var userId = email + ":" + fingerPrint;
string filename, args;
if (restartApplication)
{
string executingProcess = Process.GetCurrentProcess().MainModule.FileName;
filename = update.UpdateFileLocalPath;
args = $"\"{filename}\" /upgrade /passive /waitforexit /userid={userId}"; // The /waitforexit argument makes sure FilterServiceProvider.exe is stopped before displaying its UI.
}
else
{
filename = update.UpdateFileLocalPath;
args = $"\"{filename}\" /upgrade /passive /waitforexit /userid={userId}";
}
try
{
logger.Info("Starting update process " + filename + " " + args);
if (!ProcessCreation.CreateElevatedProcessInCurrentSession(filename, args))
{
logger.Error($"Failed to create elevated process with {System.Runtime.InteropServices.Marshal.GetLastWin32Error()}");
}
} catch (Exception ex)
{
logger.Error(ex);
}
}
