Monitor.cpp

Revision 823, 6.7 kB (checked in by xkovah, 1 year ago)
adding the files finally

Line
1	#include "Monitor.h"
2
3	Monitor::Monitor()
4	{
5	hService = NULL;
6	}
7
8	Monitor::~Monitor()
9	{
10	stdext::hash_map<wstring, std::list<Permission>>::iterator it;
11	for(it = permissionMap.begin(); it != permissionMap.end(); it++)
12	{
13	std::list<Permission*>::iterator lit;
14	for(lit = it->second->begin(); lit != it->second->end(); lit++)
15	{
16	delete (*lit);
17	}
18	it->second->clear();
19	}
20	permissionMap.clear();
21	unInstallKernelDriver();
22	}
23
24	bool
25	Monitor::isEventAllowed(std::wstring eventType, std::wstring subject, std::wstring object)
26	{
27	stdext::hash_map<wstring, std::list<Permission>>::iterator it;
28	std::transform(eventType.begin(),eventType.end(),eventType.begin(),std::towlower);
29	it = permissionMap.find(eventType);
30	PERMISSION_CLASSIFICATION excluded = NO_MATCH;
31	if(it != permissionMap.end())
32	{
33	std::list<Permission> lp = it->second;
34	std::list<Permission*>::iterator lit;
35
36	for(lit = lp->begin(); lit != lp->end(); lit++)
37	{
38	PERMISSION_CLASSIFICATION newExcluded = (*lit)->Check(subject,object);
39	if( newExcluded == ALLOWED)
40	{
41	if(excluded != DISALLOWED)
42	excluded = ALLOWED;
43	} else if(newExcluded == DISALLOWED) {
44	excluded = DISALLOWED;
45	}
46	}
47	}
48	if(excluded == ALLOWED)
49	{
50	return true;
51	} else {
52	return false;
53	}
54	}
55
56	void
57	Monitor::clearExclusionList()
58	{
59	stdext::hash_map<wstring, std::list<Permission>>::iterator it;
60	for(it = permissionMap.begin(); it != permissionMap.end(); it++)
61	{
62	std::list<Permission> lp = it->second;
63	std::list<Permission*>::iterator lit;
64	for(lit = lp->begin(); lit != lp->end(); lit++)
65	{
66	Permission* p = *lit;
67	if(!p->permaneant)
68	{
69	lp->remove(p);
70	delete (p);
71	}
72	}
73	}
74	}
75
76	bool
77	Monitor::installKernelDriver(wstring driverPath, wstring driverName, wstring driverDescription)
78	{
79	SC_HANDLE hSCManager;
80
81	hSCManager = OpenSCManager(NULL, NULL, SC_MANAGER_CREATE_SERVICE);
82
83	if(hSCManager)
84	{
85	//printf("%ls: Kernel driver path: %ls\n", driverName.c_str(), driverPath.c_str());
86	hService = CreateService(hSCManager, driverName.c_str(),
87	driverDescription.c_str(),
88	SERVICE_START \| DELETE \| SERVICE_STOP,
89	SERVICE_KERNEL_DRIVER,
90	SERVICE_DEMAND_START,
91	SERVICE_ERROR_IGNORE,
92	driverPath.c_str(),
93	NULL, NULL, NULL, NULL, NULL);
94
95	if(!hService)
96	{
97	hService = OpenService(hSCManager, driverName.c_str(),
98	SERVICE_START \| DELETE \| SERVICE_STOP);
99	}
100
101	if(hService)
102	{
103	if(StartService(hService, 0, NULL))
104	{
105	printf("Loaded kernel driver: %ls\n", driverName.c_str());
106	} else {
107	DWORD err = GetLastError();
108	if(err == ERROR_SERVICE_ALREADY_RUNNING)
109	{
110	printf("Driver already loaded: %ls\n", driverName.c_str());
111	} else {
112	printf("Error loading kernel driver: %ls - 0x%08x\n", driverName.c_str(), err);
113	CloseServiceHandle(hSCManager);
114	return false;
115	}
116	}
117	} else {
118	printf("Error loading kernel driver: %ls - 0x%08x\n", driverName.c_str(), GetLastError());
119	CloseServiceHandle(hSCManager);
120	return false;
121	}
122	CloseServiceHandle(hSCManager);
123	return true;
124	}
125	printf("Error loading kernel driver: %ls - OpenSCManager 0x%08x\n", driverName.c_str(), GetLastError());
126	return false;
127	}
128
129	void
130	Monitor::unInstallKernelDriver()
131	{
132	if(hService != NULL)
133	{
134	SERVICE_STATUS ss;
135	ControlService(hService, SERVICE_CONTROL_STOP, &ss);
136	DeleteService(hService);
137	CloseServiceHandle(hService);
138	}
139	hService = NULL;
140	}
141
142	void
143	Monitor::loadExclusionList(wstring file)
144	{
145	string line;
146	int lineNumber = 0;
147	DebugPrint(L"Monitor-loadExclusionList: Loading list - %ls\n", file.c_str());
148	ifstream exclusionList (file.c_str());
149	if (exclusionList.is_open())
150	{
151	while (! exclusionList.eof() )
152	{
153	getline (exclusionList,line);
154	lineNumber++;
155	if(line.length() > 0 && line.at(0) != '#') {
156
157	try {
158	if(line.at(0) == '+' \|\| line.at(0) == '-')
159	{
160	vector<std::wstring> splitLine;
161
162	typedef split_iterator<string::iterator> sf_it;
163	for(sf_it it=make_split_iterator(line, token_finder(is_any_of("\t")));
164	it!=sf_it(); ++it)
165	{
166	splitLine.push_back(copy_range<std::wstring>(*it));
167	}
168
169	if(splitLine.size() == 4)
170	{
171	if(splitLine[1] == L".*" \|\| splitLine[1] == L".+")
172	{
173	printf("%ls ERROR on line %i: The action type is not supposed to be a regular expression\n", file.c_str(), lineNumber);
174	} else {
175	addExclusion(splitLine[0], splitLine[1], splitLine[2], splitLine[3]);
176	}
177	} else {
178	printf("%ls token ERROR on line %i\n", file.c_str(), lineNumber);
179	}
180	} else {
181	printf("%ls ERROR no exclusion type (+,-) on line %i\n", file.c_str(), lineNumber);
182	}
183	} catch(boost::regex_error r) {
184	printf("%ls ERROR on line %i\n", file.c_str(), lineNumber);
185	printf("\t%s\n", r.what());
186	}
187	}
188	}
189	} else {
190	printf("Could not open file: %ls\n", file.c_str());
191	}
192	}
193
194	void
195	Monitor::prepareStringForExclusion(wstring* s)
196	{
197	wstring from = L"\\";
198	wstring to = L"\\\\";
199	size_t offset = 0;
200	while((offset = s->find(from, offset)) != wstring::npos)
201	{
202	s->replace(offset,
203	from.size(),
204	to);
205	offset += to.length();
206	}
207	from = L".";
208	to = L"\\.";
209	offset = 0;
210	while((offset = s->find(from, offset)) != wstring::npos)
211	{
212	s->replace(offset,
213	from.size(),
214	to);
215	offset += to.length();
216	}
217	}
218
219	void
220	Monitor::addExclusion(wstring excluded, wstring action, wstring subject, wstring object , bool permaneant)
221	{
222	//printf("Adding exclusion\n");
223	try {
224	Permission* p = new Permission();
225	if(excluded == L"yes" \|\| excluded == L"+")
226	{
227	p->allow = true;
228	} else if(excluded == L"no" \|\| excluded == L"-"){
229	p->allow = false;
230	}
231	p->permaneant = permaneant;
232	boost::wregex subjectRegex(subject.c_str(), boost::wregex::icase);
233	boost::wregex objectRegex(object.c_str(), boost::wregex::icase);
234	p->objects.push_back(objectRegex);
235	p->subjects.push_back(subjectRegex);
236	std::transform(action.begin(),action.end(),action.begin(),std::towlower);
237	stdext::hash_map<wstring, std::list<Permission>>::iterator it;
238	it = permissionMap.find(action);
239
240	if(it == permissionMap.end())
241	{
242	std::list<Permission>l = new list<Permission*>();
243	l->push_back(p);
244	permissionMap.insert(Permission_Pair(action, l));
245	} else {
246	std::list<Permission> lp = it->second;
247	lp->push_back(p);
248	}
249	} catch(boost::regex_error r) {
250	throw r;
251	}
252	}

Note: See TracBrowser for help on using the browser.

root/honeyclient/branches/rel/1.0/Capture2/capture-client-xeno-mod/Monitor.cpp

Download in other formats: