public static Exception UnlockWithNumericalPassword(ManagementObject encryptableVolume, string numericalPassword, out int returnValueUnlockWithNumericalPassword) { ManagementBaseObject outParams = null; int returnValue = -1; Exception ex = Util.HandleExceptions(delegate { string deviceId = BitlockerUtil.GetDeviceId(encryptableVolume); Exception ex2; if (!BitlockerLockUtil.IsVolumeLocked(encryptableVolume, out ex2)) { returnValue = 0; throw new VolumeLockedFindException(deviceId, ex2.Message, ex2); } returnValue = WMIUtil.CallWMIMethod(encryptableVolume, "UnlockWithNumericalPassword", new string[] { "NumericalPassword" }, new object[] { numericalPassword }, out outParams); }); returnValueUnlockWithNumericalPassword = returnValue; Util.AssertReturnValueExceptionInconsistency(returnValueUnlockWithNumericalPassword, "UnlockWithNumericalPassword", ex); return(Util.ReturnWMIErrorExceptionOnExceptionOrError(returnValueUnlockWithNumericalPassword, "UnlockWithNumericalPassword", ex)); }
public static Exception LockDataVolume(ManagementObject encryptableVolume, out int returnValueLock) { ManagementBaseObject outParams = null; int returnValue = -1; Exception ex = Util.HandleExceptions(delegate { string deviceId = BitlockerUtil.GetDeviceId(encryptableVolume); Exception ex2; if (BitlockerLockUtil.IsVolumeLocked(encryptableVolume, out ex2)) { if (ex2 != null) { throw new VolumeLockedFindException(deviceId, ex2.Message, ex2); } } else { returnValue = WMIUtil.CallWMIMethod(encryptableVolume, "Lock", null, null, out outParams); if (BitlockerLockUtil.IsVolumeLocked(encryptableVolume, out ex2) && ex2 != null) { throw new VolumeLockedFindException(deviceId, ex2.Message, ex2); } } }); returnValueLock = returnValue; Util.AssertReturnValueExceptionInconsistency(returnValueLock, "LockDataVolume", ex); return(Util.ReturnWMIErrorExceptionOnExceptionOrError(returnValueLock, "LockDataVolume", ex)); }
public static Dictionary <string, string> GetMountPointVolumeIDMappings(out Exception ex) { Dictionary <string, string> mountPointVolumeIdMappings = new Dictionary <string, string>(StringComparer.InvariantCultureIgnoreCase); ex = null; ManagementObjectCollection mountPointToVolumeMappings = WMIUtil.GetManagementObjectCollection("Win32_MountPoint", "\\ROOT\\CIMV2", out ex); if (mountPointToVolumeMappings == null) { return(null); } ex = Util.HandleExceptions(delegate { using (ManagementObjectCollection mountPointToVolumeMappings = mountPointToVolumeMappings) { foreach (ManagementBaseObject managementBaseObject in mountPointToVolumeMappings) { ManagementObject managementObject = (ManagementObject)managementBaseObject; using (managementObject) { string input = managementObject.GetPropertyValue("Volume").ToString(); string input2 = managementObject.GetPropertyValue("Directory").ToString(); string pattern = "\"(.*)\""; Match match = Regex.Match(input, pattern); Match match2 = Regex.Match(input2, pattern); if (match.Success && match2.Success) { mountPointVolumeIdMappings.Add(Util.RemoveEscapeCharacters(match2.Groups[1].Value), Util.RemoveEscapeCharacters(match.Groups[1].Value)); } } } } }); return(mountPointVolumeIdMappings); }
public static Exception Resume(ManagementObject encryptableVolume, out int returnValueResume) { Exception ex = null; int returnValue = -1; returnValueResume = -1; if (encryptableVolume == null) { return(new EncryptableVolumeArgNullException("Resume")); } string volume = encryptableVolume.GetPropertyValue("DeviceId").ToString(); if (BitlockerLockUtil.IsVolumeLocked(encryptableVolume, out ex)) { ex = new VolumeLockedException(volume); return(ex); } ex = Util.HandleExceptions(delegate { ManagementBaseObject managementBaseObject = null; returnValue = WMIUtil.CallWMIMethod(encryptableVolume, "ResumeConversion", null, null, out managementBaseObject); }); returnValueResume = returnValue; Util.AssertReturnValueExceptionInconsistency(returnValueResume, "Resume", ex); return(Util.ReturnWMIErrorExceptionOnExceptionOrError(returnValueResume, "Resume", ex)); }
public static Exception AddNumericalPassword(ManagementObject encryptableVolume, string numericalPassword, out int returnValueNumericalPassword) { Exception ex = null; if (BitlockerLockUtil.IsVolumeLocked(encryptableVolume, out ex)) { returnValueNumericalPassword = 0; return(ex); } int returnValue = -1; ManagementBaseObject outParams = null; ex = Util.HandleExceptions(delegate { returnValue = WMIUtil.CallWMIMethod(encryptableVolume, "ProtectKeyWithNumericalPassword", new string[] { "FriendlyName", "NumericalPassword" }, new object[] { "FriendlyName", numericalPassword }, out outParams); }); returnValueNumericalPassword = returnValue; Util.AssertReturnValueExceptionInconsistency(returnValueNumericalPassword, "AddNumericalPassword", ex); return(Util.ReturnWMIErrorExceptionOnExceptionOrError(returnValueNumericalPassword, "AddNumericalPassword", ex)); }
public static Exception AddCertificateBasedKeyProtectors(ManagementObject encryptableVolume, out int returnValueCertificate) { int returnValue = -1; returnValueCertificate = -1; Exception result = null; ArrayList bitlockerCertThumbPrints = BitlockerUtil.GetBitlockerCertThumbPrints(out result); if (bitlockerCertThumbPrints == null) { return(new BitlockerCertificatesNotFoundException()); } using (IEnumerator enumerator = bitlockerCertThumbPrints.GetEnumerator()) { while (enumerator.MoveNext()) { string bitlockerCertThumbPrint = (string)enumerator.Current; result = Util.HandleExceptions(delegate { ManagementBaseObject managementBaseObject = null; returnValue = WMIUtil.CallWMIMethod(encryptableVolume, "ProtectKeyWithCertificateThumbprint", new string[] { "FriendlyName", "CertThumbprint" }, new object[] { bitlockerCertThumbPrint, bitlockerCertThumbPrint }, out managementBaseObject); }); } } returnValueCertificate = returnValue; return(result); }
public static Exception Decrypt(ManagementObject encryptableVolume, out int returnValueDecrypt) { ManagementBaseObject outParams = null; int returnValue = -1; Exception ex = Util.HandleExceptions(delegate { returnValue = WMIUtil.CallWMIMethod(encryptableVolume, "Decrypt", null, null, out outParams); }); returnValueDecrypt = returnValue; Util.AssertReturnValueExceptionInconsistency(returnValueDecrypt, "Decrypt", ex); return(Util.ReturnWMIErrorExceptionOnExceptionOrError(returnValueDecrypt, "Decrypt", ex)); }
public Runtime(IOutputSink outputSink, IEnumerable <string> commands, IEnumerable <string> commandGroups, bool filter, string computerName, string userName, string password) { OutputSink = outputSink; Commands = commands; CommandGroups = commandGroups; FilterResults = filter; ComputerName = computerName; UserName = userName; Password = password; // test a remote connection first if a remote system is specified if (!string.IsNullOrEmpty(computerName)) { try { if (!string.IsNullOrEmpty(userName) && !string.IsNullOrEmpty(password)) { OutputSink.WriteHost($"[*] Running commands remotely against the host '{computerName}' with credentials -> user:{UserName} , password:{Password}\r\n"); var options = new ConnectionOptions(); options.Username = UserName; options.Password = Password; options.Impersonation = ImpersonationLevel.Impersonate; options.EnablePrivileges = true; var scope = new ManagementScope($"\\\\{computerName}\\root\\cimv2", options); scope.Connect(); } else { OutputSink.WriteHost($"[*] Running commands remotely against the host '{computerName}' with current user credentials\r\n"); var scope = new ManagementScope($"\\\\{computerName}\\root\\cimv2"); scope.Connect(); } InitializeCommands(); } catch (Exception e) { OutputSink.WriteError($"Error connecting to \"{computerName}\" : {e.Message}"); Environment.Exit(1); } wmiRegProv = WMIUtil.WMIRegConnection(computerName, userName, password); } else { InitializeCommands(); } }
private void AddTableRow(DataTable table, ManagementBaseObject entry) { DataRow row = table.NewRow(); row["EntryType"] = GetEventTypeString(((SmoothyInterface.Util.NTLogEvent.EventTypeValues)(System.Convert.ToInt32(entry["EventType"])))); row["TimeWritten"] = WMIUtil.ToDateTime(((string)(entry["TimeWritten"]))); row["Category"] = ((ushort)(entry["Category"])); row["Source"] = ((string)(entry["SourceName"])); row["EventID"] = ((uint)(entry["EventIdentifier"])); row["Index"] = ((uint)(entry["RecordNumber"])); row["Message"] = String.Empty; table.Rows.Add(row); UpdateCounters(entry); }
public static int GetBitlockerEncryptionPercentage(ManagementObject encryptableVolume, out int returnValueEncryptionPercentage, out Exception ex) { ManagementBaseObject outParams = null; int encryptionPercentageWMIReturnValue = -1; int returnValue = -1; ex = null; ex = Util.HandleExceptions(delegate { returnValue = WMIUtil.CallWMIMethod(encryptableVolume, "GetConversionStatus", null, null, out outParams); if (returnValue == 0) { int.TryParse(outParams["EncryptionPercentage"].ToString(), out encryptionPercentageWMIReturnValue); } }); returnValueEncryptionPercentage = returnValue; return(encryptionPercentageWMIReturnValue); }
public static bool IsVolumeLocked(ManagementObject encryptableVolume, out Exception ex) { ManagementBaseObject outParams = null; bool success = false; ex = Util.HandleExceptions(delegate { if (WMIUtil.CallWMIMethod(encryptableVolume, "GetLockStatus", null, null, out outParams) == 0) { int num = Convert.ToInt32(outParams["LockStatus"]); if (Enum.IsDefined(typeof(BitlockerLockUtil.LockStatus), num)) { BitlockerLockUtil.LockStatus lockStatus = (BitlockerLockUtil.LockStatus)num; success = (lockStatus == BitlockerLockUtil.LockStatus.Locked); } } }); Util.ThrowIfNotNull(ex); return(success); }
public static Exception Encrypt(ManagementObject encryptableVolume, bool usedOnly, out int returnValueEncrypt) { Exception ex = null; int returnValue = -1; if (BitlockerLockUtil.IsVolumeLocked(encryptableVolume, out ex)) { returnValueEncrypt = 0; return(ex); } ex = Util.HandleExceptions(delegate { ManagementBaseObject managementBaseObject = null; if (Util.IsOperatingSystemWin8OrHigher() && usedOnly) { returnValue = WMIUtil.CallWMIMethod(encryptableVolume, "Encrypt", new string[] { "EncryptionMethod", "EncryptionFlags" }, new object[] { 4, 1 }, out managementBaseObject); return; } returnValue = WMIUtil.CallWMIMethod(encryptableVolume, "Encrypt", new string[] { "EncryptionMethod" }, new object[] { 4 }, out managementBaseObject); }); returnValueEncrypt = returnValue; Util.AssertReturnValueExceptionInconsistency(returnValueEncrypt, "Encrypt", ex); return(Util.ReturnWMIErrorExceptionOnExceptionOrError(returnValueEncrypt, "Encrypt", ex)); }
public static BitlockerUtil.BitlockerConversionState GetBitlockerConversionState(ManagementObject encryptableVolume, out int returnValueConversionState, out Exception ex) { BitlockerUtil.BitlockerConversionState bitlockerConversionState = BitlockerUtil.BitlockerConversionState.Unknown; ManagementBaseObject outParams = null; ex = null; int returnValue = -1; ex = Util.HandleExceptions(delegate { returnValue = WMIUtil.CallWMIMethod(encryptableVolume, "GetConversionStatus", null, null, out outParams); if (returnValue == 0) { int num = Convert.ToInt32(outParams["ConversionStatus"]); if (Enum.IsDefined(typeof(BitlockerUtil.BitlockerConversionState), num)) { bitlockerConversionState = (BitlockerUtil.BitlockerConversionState)num; } } }); returnValueConversionState = returnValue; return(bitlockerConversionState); }
override public ExecuteResult Execute(HandlerStartInfo startInfo) { ExecuteResult result = null; if (startInfo.Parameters != null) { parameters = HandlerUtils.Deserialize <CommandHandlerParameters>(startInfo.Parameters); } try { OnLogMessage("Execute", $"Running Handler As User [{System.Security.Principal.WindowsIdentity.GetCurrent().Name}]"); Validate(); // Replace Any "Special" Handler Variables In Arguments or ReplaceWith elements variables = HandlerUtils.GatherVariables(this, startInfo); parameters.Arguments = HandlerUtils.ReplaceHandlerVariables(parameters.Arguments, variables); if (parameters.Expressions != null) { foreach (RegexArguments expression in parameters.Expressions) { expression.ReplaceWith = HandlerUtils.ReplaceHandlerVariables(expression.ReplaceWith, variables); } } String args = RegexArguments.Parse(parameters.Arguments, parameters.Expressions); bool isDryRun = startInfo.IsDryRun && !(config.SupportsDryRun); if (startInfo.IsDryRun && config.SupportsDryRun) { OnLogMessage("Execute", "DryRun Flag is set, but plan config indicates the command supports DryRun. Command will execute."); } if (String.IsNullOrEmpty(config.RunOn)) { SecurityContext runAs = startInfo.RunAs; if (runAs != null && runAs.HasCrypto) { runAs = startInfo.RunAs.GetCryptoValues(startInfo.RunAs.Crypto, false); } result = LocalProcess.RunCommand(config.Command, args, config.WorkingDirectory, config.TimeoutMills, config.TimeoutStatus, SynapseLogger, null, isDryRun, config.ReturnStdout, runAs?.Domain, runAs?.UserName, runAs?.Password); } else { result = WMIUtil.RunCommand(config.Command, args, config.RunOn, config.WorkingDirectory, config.TimeoutMills, config.TimeoutStatus, config.KillRemoteProcessOnTimeout, SynapseLogger, config.RunOn, isDryRun, config.ReturnStdout); } if (result.Status == StatusType.None) { result.Status = HandlerUtils.GetStatusType(result.ExitCode, config.ValidExitCodes); } } catch (Exception e) { Console.WriteLine(e.Message); Console.WriteLine(e.StackTrace); throw e; } OnLogMessage(config.RunOn, "Command finished with exit code = " + result.ExitCode + ". Returning status [" + result.Status + "]."); return(result); }
public static ManagementObjectCollection GetEncryptableVolumes() { Exception ex; return(WMIUtil.GetManagementObjectCollection("Win32_EncryptableVolume", "\\ROOT\\CIMV2\\Security\\MicrosoftVolumeEncryption", out ex)); }
override public ExecuteResult Execute(HandlerStartInfo startInfo) { ExecuteResult result = null; if (startInfo.Parameters != null) { parameters = HandlerUtils.Deserialize <ScriptHandlerParameters>(startInfo.Parameters); } String script = null; try { String command = null; String args = null; bool isTempScript = false; OnLogMessage("Execute", $"Running Handler As User [{System.Security.Principal.WindowsIdentity.GetCurrent().Name}]"); Validate(); // Replace Any "Special" Handler Variables In Arguments or ReplaceWith elements variables = HandlerUtils.GatherVariables(this, startInfo); parameters.Arguments = HandlerUtils.ReplaceHandlerVariables(parameters.Arguments, variables); if (parameters.Expressions != null) { foreach (RegexArguments expression in parameters.Expressions) { expression.ReplaceWith = HandlerUtils.ReplaceHandlerVariables(expression.ReplaceWith, variables); } } switch (config.Type) { case ScriptType.Powershell: command = "powershell.exe"; if (!String.IsNullOrWhiteSpace(parameters.Script)) { isTempScript = false; script = parameters.Script; } else { isTempScript = true; script = CreateTempScriptFile(parameters.ScriptBlock, "ps1"); } args = config.Arguments + @" -File """ + script + @""""; if (!String.IsNullOrWhiteSpace(parameters.Arguments)) { String scriptArgs = RegexArguments.Parse(parameters.Arguments, parameters.Expressions); args += " " + scriptArgs; } break; case ScriptType.Batch: command = "cmd.exe"; if (!String.IsNullOrWhiteSpace(parameters.Script)) { isTempScript = false; script = parameters.Script; } else { isTempScript = true; script = CreateTempScriptFile(parameters.ScriptBlock, "bat"); } args = config.Arguments + @" """ + script + @""""; if (!String.IsNullOrWhiteSpace(parameters.Arguments)) { String scriptArgs = RegexArguments.Parse(parameters.Arguments, parameters.Expressions); args += " " + scriptArgs; } break; default: throw new Exception("Unknown ScriptType [" + config.Type.ToString() + "] Received."); } bool isDryRun = startInfo.IsDryRun && !(config.SupportsDryRun); if (startInfo.IsDryRun && config.SupportsDryRun) { OnLogMessage("Execute", "DryRun Flag is set, but plan config indicates the script supports DryRun. Script will execute."); } if (String.IsNullOrEmpty(config.RunOn)) { SecurityContext runAs = startInfo.RunAs; if (runAs != null && runAs.HasCrypto) { runAs = startInfo.RunAs.GetCryptoValues(startInfo.RunAs.Crypto, false); } result = LocalProcess.RunCommand(command, args, config.WorkingDirectory, config.TimeoutMills, config.TimeoutStatus, SynapseLogger, null, isDryRun, config.ReturnStdout, runAs?.Domain, runAs?.UserName, runAs?.Password); } else { result = WMIUtil.RunCommand(command, args, config.RunOn, config.WorkingDirectory, config.TimeoutMills, config.TimeoutStatus, config.KillRemoteProcessOnTimeout, SynapseLogger, config.RunOn, isDryRun, config.ReturnStdout); } if (result.Status == StatusType.None) { result.Status = HandlerUtils.GetStatusType(result.ExitCode, config.ValidExitCodes); } if (File.Exists(script) && isTempScript) { File.Delete(script); } } catch (Exception e) { Console.WriteLine(e.Message); Console.WriteLine(e.StackTrace); if (File.Exists(script)) { File.Delete(script); } throw e; } OnLogMessage(config.RunOn, "Command finished with exit code = " + result.ExitCode + ". Returning status [" + result.Status + "]."); return(result); }