public static ManagementEventWatcher configure_watcher(string target, WMI_class resource, int event_type)
{
string operation = "";
switch (event_type)
{
case 0:
operation = "__InstanceCreationEvent";
break;
case 1:
operation = "__InstanceModificationEvent";
break;
case 2:
operation = "__InstanceDeletionEvent";
break;
}
ManagementScope ms = getScope(target, false);
if (ms == null)
{
return(null);
}
WqlEventQuery query = new WqlEventQuery(operation, new TimeSpan(0, 0, 5), resource.event_condition);
ManagementEventWatcher watcher = new ManagementEventWatcher();
watcher.Query = query;
watcher.Scope = ms;
return(watcher);
}
private void configure_watchers()
{
tabControl1.SelectedIndex = 1;
if (!check())
{
return;
}
events.Rows.Clear();
if (watchers != null)
{
foreach (Thread watcher in watchers)
{
watcher.Abort();
}
}
is_interrupted = false;
string[] tts = new string[targets.CheckedItems.Count];
for (int i = 0; i < targets.CheckedItems.Count; i++)
{
tts[i] = targets.CheckedItems[i].ToString();
}
Handler.setUser(login, password, impLevel, authLevel);
watchers = new Thread[tts.Length];
switch (info_type)
{
case 0:
fsd.ShowDialog();
if (path == null)
{
return;
}
wmicl = new WMI_FileInfo(ext, drive, path);
break;
case 1:
wmicl = new WMI_Process();
break;
case 2:
wmicl = new WMI_Services(0);
break;
case 3:
wmicl = new WMI_LogonInfo(0);
break;
case 6:
wmicl = new WMI_DriveInfo();
break;
}
wmicl.event_index = event_type;
for (int i = 0; i < tts.Length; i++)
{
watchers[i] = new Thread(watch);
watchers[i].Start(tts[i]);
}
}
public static string[] handle(string target, WMI_class wmicl, EventArrivedEventArgs args)
{
ManagementBaseObject obj = (ManagementBaseObject)args.NewEvent["TargetInstance"];
string[] evt = new string[3];
evt[0] = target;
evt[1] = obj["Name"].ToString();
evt[2] = ManagementDateTimeConverter.ToDateTime(obj["LastModified"].ToString()).ToString();
return(evt);
}
public static string[] create_consumer(string target, WMI_class resource, string logfile, int event_type)
{
ManagementScope ms = getScope(target, true);
if (ms == null)
{
return(null);
}
ManagementClass wmiEventFilter = new ManagementClass(ms, new ManagementPath("__EventFilter"), null);
string condition = resource.event_condition;
string operation = resource.event_types[resource.event_index];
switch (event_type)
{
case 0:
operation = "Creation";
break;
case 1:
operation = "Modification";
break;
case 2:
operation = "Deletion";
break;
}
Random rand = new Random();
int id = rand.Next(1024);
string name = operation + resource.consumer_name;
WqlEventQuery eventQuery = new WqlEventQuery("Select * FROM __Instance" + operation + "Event WITHIN 5 Where " + condition);
ManagementObject filter = wmiEventFilter.CreateInstance();
filter["Name"] = id + ":" + name + "Filter";
filter["Query"] = eventQuery.QueryString;
filter["QueryLanguage"] = eventQuery.QueryLanguage;
filter["EventNameSpace"] = "\\root\\cimv2";
filter.Put();
ManagementClass wmiEventConsumer = new ManagementClass(ms, new ManagementPath("LogFileEventConsumer"), null);
ManagementObject consumer = wmiEventConsumer.CreateInstance();
consumer["Name"] = id + ":" + name + "Consumer";
consumer["FileName"] = logfile;
consumer["Text"] = string.Format(resource.logging_stub, resource.event_stub[resource.event_index]);
consumer.Put();
ManagementObject binding = new ManagementClass(ms, new ManagementPath("__FilterToConsumerBinding"), null).CreateInstance();
binding["Filter"] = filter.Path.RelativePath;
binding["Consumer"] = consumer.Path.RelativePath;
binding.Put();
return(new string[] { target, id.ToString(), name + "Consumer" });
}
public static string[] collect_target_info(WMI_class wmicl, string target)
{
ManagementScope ms = getScope(target, false);
if (ms == null)
{
return(null);
}
ManagementObjectSearcher searcher = new ManagementObjectSearcher(wmicl.query);
searcher.Scope = ms;
return(wmicl.form_target_data(searcher.Get()));
}
public static TreeNode collect(WMI_class wmicl, string target)
{
ManagementScope ms = getScope(target, false);
if (ms == null)
{
return(null);
}
ManagementObjectSearcher searcher = new ManagementObjectSearcher(wmicl.query);
searcher.Scope = ms;
return(wmicl.form_output(searcher.Get()));
}
private void start_logging()
{
tabControl1.SelectedIndex = 2;
if (!check())
{
return;
}
lfsd.ShowDialog();
if (logfile == null)
{
return;
}
string[] tts = new string[targets.CheckedItems.Count];
for (int i = 0; i < targets.CheckedItems.Count; i++)
{
tts[i] = targets.CheckedItems[i].ToString();
}
Handler.setUser(login, password, impLevel, authLevel);
switch (info_type)
{
case 0:
fsd.ShowDialog();
if (path == null)
{
return;
}
wmicl = new WMI_FileInfo(ext, drive, path);
break;
case 1:
wmicl = new WMI_Process();
break;
case 2:
wmicl = new WMI_Services(0);
break;
case 6:
wmicl = new WMI_DriveInfo();
break;
}
wmicl.event_index = event_type;
foreach (string target in tts)
{
consumers.Rows.Add(Handler.create_consumer(target, wmicl, logfile, event_type));
}
serialize();
}
private void get_info()
{
tabControl1.SelectedIndex = 0;
if (!check())
{
return;
}
string[] tts = new string[targets.CheckedItems.Count];
for (int i = 0; i < targets.CheckedItems.Count; i++)
{
tts[i] = targets.CheckedItems[i].ToString();
}
WMI_class result_info = null;
switch (info_type)
{
case 0:
result_info = new WMI_FileInfo(ext, drive, path);
break;
case 1:
result_info = new WMI_Process();
break;
case 2:
result_info = new WMI_Services(service_type);
break;
case 3:
result_info = new WMI_LogonInfo(time_range);
break;
case 4:
result_info = new WMI_NetworkInfo();
break;
case 5:
result_info = new WMI_Device();
break;
case 6:
result_info = new WMI_DriveInfo();
break;
case 7:
result_info = new WMI_Startup();
break;
case 8:
result_info = new WMI_Apps();
break;
}
output.Nodes.Clear();
TreeNode result;
for (int i = 0; i < tts.Length; i++)
{
TreeNode node = new TreeNode(tts[i]);
Handler.setUser(login, password, impLevel, authLevel);
result = Handler.collect(result_info, tts[i]);
if (result == null)
{
node.Nodes.Add("Ошибка");
}
else
{
foreach (TreeNode n in result.Nodes)
{
switch (info_type)
{
case 0:
n.ContextMenuStrip = file_context;
break;
case 1:
n.ContextMenuStrip = process_context;
break;
}
}
node.Nodes.Add(result);
}
node.ContextMenuStrip = target_settings;
output.Nodes.Add(node);
}
}