github/PEASS-ng
1
Fork 0
mirror of https://github.com/carlospolop/PEASS-ng synced 2024-11-24 01:26:22 +01:00
Code Releases Activity

- refactoring & cleanup

Browse Source 
- updated Autorun checks
This commit is contained in:
makikvues 2021-01-19 23:56:26 +01:00
parent a27ad66892
commit e76e097627
18 changed files with 1403 additions and 1215 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
winPEAS/winPEASexe/winPEAS/Checks/ApplicationsInfo.cs
View File

@ -103,7 +103,7 @@ namespace winPEAS.Checks
{
Beaprint.MainPrint("Autorun Applications");
Beaprint.LinkPrint("https://book.hacktricks.xyz/windows/windows-local-privilege-escalation/privilege-escalation-with-autorun-binaries", "Check if you can modify other users AutoRuns binaries (Note that is normal that you can modify HKCU registry and binaries indicated there)");
List<Dictionary<string, string>> apps = AutoRuns.GetAutoRuns(winPEAS.Checks.Checks.CurrentUserSiDs);
List<Dictionary<string, string>> apps = AutoRuns.GetAutoRuns(Checks.CurrentUserSiDs);
foreach (Dictionary<string, string> app in apps)
{

425
winPEAS/winPEASexe/winPEAS/Info/ApplicationInfo/AutoRuns.cs
View File

@ -16,17 +16,164 @@ namespace winPEAS.Info.ApplicationInfo
var result = new List<Dictionary<string, string>>();
var regAutoRuns = GetRegistryAutoRuns(NtAccountNames);
var folderAutoRuns = GetAutoRunsFolder();
//var fileAutoRuns = GetAutoRunsFiles();
var fileAutoRuns = GetAutoRunsFiles();
var wmicAutoRuns = GetAutoRunsWMIC();
result.AddRange(regAutoRuns);
result.AddRange(folderAutoRuns);
//result.AddRange(fileAutoRuns);
result.AddRange(fileAutoRuns);
result.AddRange(wmicAutoRuns);
return result;
}
private static List<List<string>> autorunLocations = new List<List<string>>()
{
//Common Autoruns
new List<string> {"HKLM", @"Software\Microsoft\Windows\CurrentVersion\Run"},
new List<string> {"HKLM", @"Software\Microsoft\Windows\CurrentVersion\RunOnce"},
new List<string> {"HKLM", @"Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run"},
new List<string> {"HKLM", @"Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce"},
new List<string> {"HKLM", @"Software\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run"},
new List<string> {"HKLM", @"Software\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Runonce"},
new List<string> {"HKLM", @"Software\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\RunEx"},
new List<string> {"HKCU", @"Software\Microsoft\Windows\CurrentVersion\Run"},
new List<string> {"HKCU", @"Software\Microsoft\Windows NT\CurrentVersion\Windows\Run"},
new List<string> {"HKCU", @"Software\Microsoft\Windows\CurrentVersion\RunOnce"},
new List<string> {"HKCU", @"Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run"},
new List<string> {"HKCU", @"Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce"},
//Service Autoruns
new List<string> {"HKLM", @"Software\Microsoft\Windows\CurrentVersion\RunService"},
new List<string> {"HKLM", @"Software\Microsoft\Windows\CurrentVersion\RunOnceService"},
new List<string> {"HKLM", @"Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunService"},
new List<string> {"HKLM", @"Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnceService"},
new List<string> {"HKLM", @"System\CurrentControlSet\Services"},
new List<string> {"HKCU", @"Software\Microsoft\Windows\CurrentVersion\RunService"},
new List<string> {"HKCU", @"Software\Microsoft\Windows\CurrentVersion\RunOnceService"},
new List<string> {"HKCU", @"Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunService"},
new List<string> {"HKCU", @"Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnceService"},
//Special Autorun
new List<string> {"HKLM", @"Software\Microsoft\Windows\CurrentVersion\RunOnceEx"},
new List<string> {"HKLM", @"Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnceEx"},
new List<string> {"HKCU", @"Software\Microsoft\Windows\CurrentVersion\RunOnceEx"},
new List<string> {"HKCU", @"Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnceEx"},
//RunServices
new List<string> {"HKLM", @"Software\Microsoft\Windows\CurrentVersion\RunServices"},
new List<string> {"HKCU", @"Software\Microsoft\Windows\CurrentVersion\RunServices"},
//RunServicesOnce
new List<string> {"HKLM", @"Software\Microsoft\Windows\CurrentVersion\RunServicesOnce"},
new List<string> {"HKCU", @"Software\Microsoft\Windows\CurrentVersion\RunServicesOnce"},
//Startup Path
new List<string> {"HKLM", @"Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders", "Common Startup"},
new List<string> {"HKLM", @"Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders", "Common Startup"},
new List<string> {"HKCU", @"Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders", "Common Startup"},
new List<string> {"HKCU", @"Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders", "Common Startup"},
//Winlogon
new List<string> {"HKLM", @"Software\Microsoft\Windows NT\CurrentVersion\Winlogon", "Userinit"}, // key = Winlogo, Value = Userinit
new List<string> {"HKLM", @"Software\Microsoft\Windows NT\CurrentVersion\Winlogon", "Shell"},
new List<string> {"HKCU", @"Software\Microsoft\Windows NT\CurrentVersion\Windows", "load"},
//Policy Settings
new List<string> {"HKLM", @"Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "Run"}, // key = Explorer, Value = Run
new List<string> {"HKCU", @"Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "Run"},
//AlternateShell in SafeBoot
new List<string> {"HKLM", @"SYSTEM\CurrentControlSet\Control\SafeBoot", "AlternateShell"},
//Font Drivers
new List<string> {"HKLM", @"Software\Microsoft\Windows NT\CurrentVersion\Font Drivers"},
new List<string> {"HKLM", @"Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Font Drivers"},
new List<string> {"HKLM", @"Software\Microsoft\Windows NT\CurrentVersion\Drivers32"},
new List<string> {"HKLM", @"Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32"},
//Open Command
new List<string> {"HKLM", @"Software\Classes\htmlfile\shell\open\command", ""}, //Get (Default) value with empty string
new List<string> {"HKLM", @"Software\Wow6432Node\Classes\htmlfile\shell\open\command", ""}, //Get (Default) value with empty string
// undocumented
new List<string> { "HKLM", @"SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler"},
new List<string> { "HKLM", @"SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler"},
// Misc Startup keys
new List<string> { "HKLM", @"System\CurrentControlSet\Control\Session Manager\KnownDlls" },
//new List<string> { "HKCU", @"Control Panel\Desktop\scrnsave.exe" }, ???
};
private static List<List<string>> autorunLocationsKeys = new List<List<string>>
{
//Installed Components
new List<string> { "HKLM", @"Software\Microsoft\Active Setup\Installed Components", "StubPath"},
new List<string> { "HKLM", @"Software\Wow6432Node\Microsoft\Active Setup\Installed Components", "StubPath"},
new List<string> { "HKCU", @"Software\Microsoft\Active Setup\Installed Components", "StubPath"},
new List<string> { "HKCU", @"Software\Wow6432Node\Microsoft\Active Setup\Installed Components", "StubPath"},
// Shell related autostart entries, e.g. items displayed when you right-click on files or folders.
new List<string> { "HKLM", @"SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects", "StubPath"},
new List<string> { "HKLM", @"SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects", "StubPath"},
new List<string> { "HKLM", @"SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad", "StubPath"},
new List<string> { "HKLM", @"SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad", "StubPath"},
new List<string> { "HKCU", @"Software\Classes\*\ShellEx\ContextMenuHandlers", "StubPath"},
new List<string> { "HKLM", @"Software\Wow6432Node\Classes\*\ShellEx\ContextMenuHandlers", "StubPath"},
new List<string> { "HKCU", @"Software\Classes\Drive\ShellEx\ContextMenuHandlers", "StubPath"},
new List<string> { "HKLM", @"Software\Wow6432Node\Classes\Drive\ShellEx\ContextMenuHandlers", "StubPath"},
new List<string> { "HKLM", @"Software\Classes\*\ShellEx\PropertySheetHandlers", "StubPath"},
new List<string> { "HKLM", @"Software\Wow6432Node\Classes\*\ShellEx\PropertySheetHandlers", "StubPath"},
new List<string> { "HKCU", @"Software\Classes\Directory\ShellEx\ContextMenuHandlers", "StubPath"},
new List<string> { "HKLM", @"Software\Classes\Directory\ShellEx\ContextMenuHandlers", "StubPath"},
new List<string> { "HKLM", @"Software\Wow6432Node\Classes\Directory\ShellEx\ContextMenuHandlers", "StubPath"},
new List<string> { "HKCU", @"Software\Classes\Directory\Shellex\DragDropHandlers", "StubPath"},
new List<string> { "HKLM", @"Software\Classes\Directory\Shellex\DragDropHandlers", "StubPath"},
new List<string> { "HKLM", @"Software\Wow6432Node\Classes\Directory\Shellex\DragDropHandlers", "StubPath"},
new List<string> { "HKLM", @"Software\Classes\Directory\Shellex\CopyHookHandlers", "StubPath"},
new List<string> { "HKCU", @"Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers", "StubPath"},
new List<string> { "HKLM", @"Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers", "StubPath"},
new List<string> { "HKLM", @"Software\Wow6432Node\Classes\Directory\Background\ShellEx\ContextMenuHandlers", "StubPath"},
new List<string> { "HKLM", @"Software\Classes\Folder\ShellEx\ContextMenuHandlers", "StubPath"},
new List<string> { "HKLM", @"Software\Wow6432Node\Classes\Folder\ShellEx\ContextMenuHandlers", "StubPath"},
new List<string> { "HKLM", @"Software\Classes\Folder\ShellEx\DragDropHandlers", "StubPath"},
new List<string> { "HKLM", @"Software\Wow6432Node\Classes\Folder\ShellEx\DragDropHandlers", "StubPath"},
new List<string> { "HKLM", @"Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers", "StubPath"},
new List<string> { "HKLM", @"Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers", "StubPath"},
// Misc Startup keys
new List<string> { "HKLM", @"Software\Classes\Filter", "StubPath"},
new List<string> { "HKLM", @"Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance", "StubPath"},
new List<string> { "HKLM", @"Software\Wow6432Node\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance", "StubPath"},
new List<string> { "HKLM", @"Software\Classes\CLSID\{7ED96837-96F0-4812-B211-F13C24117ED3}\Instance", "StubPath"},
new List<string> { "HKLM", @"Software\Wow6432Node\Classes\CLSID\{7ED96837-96F0-4812-B211-F13C24117ED3}\Instance", "StubPath"},
new List<string> { "HKLM", @"System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries", "StubPath"},
new List<string> { "HKLM", @"System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64", "StubPath"},
};
//This registry expect subkeys with the CLSID name
private static List<List<string>> autorunLocationsKeysCLSIDs = new List<List<string>>
{
//Browser Helper Objects
new List<string> { "HKLM", @"Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" },
new List<string> { "HKLM", @"Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" },
//Internet Explorer Extensions
new List<string> { "HKLM", @"Software\Microsoft\Internet Explorer\Extensions" },
new List<string> { "HKLM", @"Software\Wow6432Node\Microsoft\Internet Explorer\Extensions" },
};
//////////////////////////////////////
/////// Get Autorun Registry ////////
//////////////////////////////////////
@ -36,92 +183,6 @@ namespace winPEAS.Info.ApplicationInfo
List<Dictionary<string, string>> results = new List<Dictionary<string, string>>();
try
{
List<List<string>> autorunLocations = new List<List<string>>()
{
//Common Autoruns
new List<string> {"HKLM","SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"},
new List<string> {"HKLM","SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnce"},
new List<string> {"HKLM","SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"},
new List<string> {"HKLM","SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\RunOnce"},
new List<string> {"HKCU","SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"},
new List<string> {"HKCU","SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnce"},
new List<string> {"HKCU","SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"},
new List<string> {"HKCU","SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\RunOnce"},
new List<string> {"HKLM",@"Software\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run"},
new List<string> {"HKLM",@"Software\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Runonce"},
new List<string> {"HKLM",@"Software\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\RunEx"},
//Service Autoruns
new List<string> {"HKLM","SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunService"},
new List<string> {"HKLM","SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnceService"},
new List<string> {"HKLM","SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\RunService"},
new List<string> {"HKLM","SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\RunOnceService"},
new List<string> {"HKCU", "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunService"},
new List<string> {"HKCU", "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnceService"},
new List<string> {"HKCU", "SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\RunService"},
new List<string> {"HKCU", "SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\RunOnceService"},
//Special Autorun
new List<string> {"HKLM","Software\\Microsoft\\Windows\\CurrentVersion\\RunOnceEx"},
new List<string> {"HKLM","Software\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\RunOnceEx"},
new List<string> {"HKCU","Software\\Microsoft\\Windows\\CurrentVersion\\RunOnceEx"},
new List<string> {"HKCU","Software\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\RunOnceEx"},
//RunServicesOnce
new List<string> {"HKCU","Software\\Microsoft\\Windows\\CurrentVersion\\RunServicesOnce"},
new List<string> {"HKLM","SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunServicesOnce"},
//Startup Path
new List<string> {"HKCU", @"Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders", "Common Startup"},
new List<string> {"HKCU", @"Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders", "Common Startup"},
new List<string> {"HKLM", @"SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders", "Common Startup"},
new List<string> {"HKLM", @"SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders", "Common Startup"},
//Winlogon
new List<string> {"HKLM", @"SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon", "Userinit"},
new List<string> {"HKLM", @"SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon", "Shell"},
new List<string> { "HKCU", @"SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows", "load"},
//Policy Settings
new List<string> {"HKLM", @"Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "Run"},
new List<string> {"HKCU", @"Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "Run"},
//AlternateShell in SafeBoot
new List<string> {"HKLM","SYSTEM\\CurrentControlSet\\Control\\SafeBoot", "AlternateShell"},
//Font Drivers
new List<string> {"HKLM", @"SOFTWARE\Microsoft\Windows NT\CurrentVersion\Font Drivers"},
new List<string> {"HKLM", @"SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Font Drivers"},
//Open Command
new List<string> {"HKLM", @"SOFTWARE\Classes\htmlfile\shell\open\command", ""}, //Get (Default) value with empty string
new List<string> {"HKLM", @"SOFTWARE\Wow6432Node\Classes\htmlfile\shell\open\command", ""}, //Get (Default) value with empty string
};
List<List<string>> autorunLocationsKeys = new List<List<string>>
{
//Installed Components
new List<string> { "HKLM","SOFTWARE\\Microsoft\\Active Setup\\Installed Components", "StubPath"},
new List<string> { "HKLM","SOFTWARE\\Wow6432Node\\Microsoft\\Active Setup\\Installed Components", "StubPath"},
new List<string> { "HKCU","SOFTWARE\\Microsoft\\Active Setup\\Installed Components", "StubPath"},
new List<string> { "HKCU","SOFTWARE\\Wow6432Node\\Microsoft\\Active Setup\\Installed Components", "StubPath"},
};
//This registry expect subkeys with the CLSID name
List<List<string>> autorunLocationsKeysCLSIDs = new List<List<string>>
{
//Browser Helper Objects
new List<string> { "HKLM", @"Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" },
new List<string> { "HKLM", @"Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" },
//Internet Explorer Extensions
new List<string> { "HKLM", @"Software\Microsoft\Internet Explorer\Extensions" },
new List<string> { "HKLM", @"Software\Wow6432Node\Microsoft\Internet Explorer\Extensions" },
};
//Add the keyvalues inside autorunLocationsKeys to autorunLocations
foreach (List<string> autorunLocationKey in autorunLocationsKeys)
{
@ -154,25 +215,36 @@ namespace winPEAS.Info.ApplicationInfo
{
RegistryKey key = null;
if ("HKLM" == autorunLocation[0])
{
key = Registry.LocalMachine.OpenSubKey(autorunLocation[1]);
}
else
{
key = Registry.CurrentUser.OpenSubKey(autorunLocation[1]);
}
if (autorunLocation.Count > 2 && kvp.Key != autorunLocation[2])
{
continue; //If only interested on 1 key of the registry and it's that one, continue
}
string orig_filepath = Environment.ExpandEnvironmentVariables(string.Format("{0}", kvp.Value));
string filepath = orig_filepath;
if (MyUtils.GetExecutableFromPath(Environment.ExpandEnvironmentVariables(string.Format("{0}", kvp.Value))).Length > 0)
filepath = MyUtils.GetExecutableFromPath(filepath);
string filepath_cleaned = filepath.Replace("'", "").Replace("\"", "");
string folder = System.IO.Path.GetDirectoryName(filepath_cleaned);
if (MyUtils.GetExecutableFromPath(Environment.ExpandEnvironmentVariables(string.Format("{0}", kvp.Value))).Length > 0)
{
filepath = MyUtils.GetExecutableFromPath(filepath);
}
string filepath_cleaned = filepath.Replace("'", "").Replace("\"", "");
string folder = Path.GetDirectoryName(filepath_cleaned);
try
{ //If the path doesn't exist, pass
{
//If the path doesn't exist, pass
if (File.GetAttributes(filepath_cleaned).HasFlag(FileAttributes.Directory))
{ //If the path is already a folder, change the values of the params
{
//If the path is already a folder, change the values of the params
orig_filepath = "";
folder = filepath_cleaned;
}
@ -222,7 +294,7 @@ namespace winPEAS.Info.ApplicationInfo
if (string.IsNullOrEmpty(orig_filepath))
continue;
orig_filepath = Environment.ExpandEnvironmentVariables(orig_filepath).Replace("'", "").Replace("\"", "");
string folder = System.IO.Path.GetDirectoryName(orig_filepath);
string folder = Path.GetDirectoryName(orig_filepath);
results.Add(new Dictionary<string, string>()
{
@ -257,14 +329,16 @@ namespace winPEAS.Info.ApplicationInfo
private static IEnumerable<Dictionary<string, string>> GetAutoRunsFolder()
{
List<Dictionary<string, string>> results = new List<Dictionary<string, string>>();
List<string> autorunLocations = new List<string>();
// displays startup for current user
//autorunLocations.Add(Environment.ExpandEnvironmentVariables(@"%appdata%\Microsoft\Windows\Start Menu\Programs\Startup"));
autorunLocations.Add(Environment.ExpandEnvironmentVariables(@"%programdata%\Microsoft\Windows\Start Menu\Programs\Startup"));
//string usersPath = Environment.GetEnvironmentVariable("USERPROFILE") + "\\..\\";
var systemDrive = Environment.GetEnvironmentVariable("SystemDrive");
var autorunLocations = new List<string>
{
Environment.ExpandEnvironmentVariables(@"%programdata%\Microsoft\Windows\Start Menu\Programs\Startup"),
};
string usersPath = Path.Combine(Environment.GetEnvironmentVariable(@"USERPROFILE"));
usersPath = Directory.GetParent(usersPath).FullName;
try
{
var userDirs = Directory.GetDirectories(usersPath);
@ -285,10 +359,14 @@ namespace winPEAS.Info.ApplicationInfo
foreach (string path in autorunLocations)
{
foreach (string filepath in Directory.GetFiles(path, "*", SearchOption.TopDirectoryOnly))
try
{
string folder = Path.GetDirectoryName(filepath);
results.Add(new Dictionary<string, string>() {
var files = Directory.GetFiles(path, "*", SearchOption.TopDirectoryOnly);
foreach (string filepath in files)
{
string folder = Path.GetDirectoryName(filepath);
results.Add(new Dictionary<string, string>() {
{ "Reg", "" },
{ "RegKey", "" },
{ "RegPermissions", "" },
@ -298,46 +376,91 @@ namespace winPEAS.Info.ApplicationInfo
{ "interestingFolderRights", string.Join(", ", PermissionsHelper.GetPermissionsFolder(folder, Checks.Checks.CurrentUserSiDs))},
{ "interestingFileRights", string.Join(", ", PermissionsHelper.GetPermissionsFile(filepath, Checks.Checks.CurrentUserSiDs))},
{ "isUnquotedSpaced", "" }
});
});
}
}
catch (Exception e)
{
}
}
var taskAutorunLocations = new HashSet<string>()
{
$"{systemDrive}\\windows\\tasks",
$"{systemDrive}\\windows\\system32\\tasks",
};
foreach (string folder in taskAutorunLocations)
{
try
{
results.Add(new Dictionary<string, string>() {
{ "Reg", "" },
{ "RegKey", "" },
{ "RegPermissions", "" },
{ "Folder", folder },
{ "File", "" },
{ "isWritableReg", ""},
{ "interestingFolderRights", string.Join(", ", PermissionsHelper.GetPermissionsFolder(folder, Checks.Checks.CurrentUserSiDs))},
{ "interestingFileRights", ""},
{ "isUnquotedSpaced", "" }
});
}
catch (Exception e)
{
}
}
return results;
}
private static IEnumerable<Dictionary<string, string>> GetAutoRunsWMIC()
{
var results = new List<Dictionary<string, string>>();
try
{
SelectQuery query = new SelectQuery("Win32_StartupCommand");
ManagementObjectSearcher searcher = new ManagementObjectSearcher(query);
ManagementObjectCollection win32_startup = searcher.Get();
foreach (ManagementObject startup in win32_startup)
using (ManagementObjectCollection win32_startup = searcher.Get())
{
string command = startup["command"].ToString();
command = Environment.ExpandEnvironmentVariables(string.Format("{0}", command));
string filepath = MyUtils.GetExecutableFromPath(command);
string filepath_cleaned = filepath.Replace("'", "").Replace("\"", "");
string folder = System.IO.Path.GetDirectoryName(filepath_cleaned);
results.Add(new Dictionary<string, string>()
foreach (ManagementObject startup in win32_startup)
{
{"Reg", ""},
{"RegKey", "From WMIC"},
{"RegPermissions", ""},
{"Folder", folder},
{"File", command},
{"isWritableReg", ""},
string command = startup["command"].ToString();
command = Environment.ExpandEnvironmentVariables(string.Format("{0}", command));
string filepath = MyUtils.GetExecutableFromPath(command);
if (!string.IsNullOrEmpty(filepath))
{
"interestingFolderRights",
string.Join(", ", PermissionsHelper.GetPermissionsFolder(folder, Checks.Checks.CurrentUserSiDs))
},
{
"interestingFileRights",
string.Join(", ", PermissionsHelper.GetPermissionsFile(filepath, Checks.Checks.CurrentUserSiDs))
},
{"isUnquotedSpaced", MyUtils.CheckQuoteAndSpace(command).ToString()}
});
string filepathCleaned = filepath.Replace("'", "").Replace("\"", "");
try
{
string folder = Path.GetDirectoryName(filepathCleaned);
results.Add(new Dictionary<string, string>()
{
{"Reg", ""},
{"RegKey", "From WMIC"},
{"RegPermissions", ""},
{"Folder", folder},
{"File", command},
{"isWritableReg", ""},
{
"interestingFolderRights",
string.Join(", ", PermissionsHelper.GetPermissionsFolder(folder, Checks.Checks.CurrentUserSiDs))
},
{
"interestingFileRights",
string.Join(", ", PermissionsHelper.GetPermissionsFile(filepath, Checks.Checks.CurrentUserSiDs))
},
{"isUnquotedSpaced", MyUtils.CheckQuoteAndSpace(command).ToString()}
});
}
catch (Exception)
{
}
}
}
}
}
catch (Exception e)
@ -349,7 +472,49 @@ namespace winPEAS.Info.ApplicationInfo
private static IEnumerable<Dictionary<string, string>> GetAutoRunsFiles()
{
throw new NotImplementedException();
var results = new List<Dictionary<string, string>>();
var systemDrive = Environment.GetEnvironmentVariable("SystemDrive");
var autostartFiles = new HashSet<string>
{
$"{systemDrive}\\autoexec.bat",
$"{systemDrive}\\config.sys",
$"{systemDrive}\\windows\\winstart.bat",
$"{systemDrive}\\windows\\wininit.ini",
$"{systemDrive}\\windows\\dosstart.bat",
$"{systemDrive}\\windows\\system.ini",
$"{systemDrive}\\windows\\win.ini",
$"{systemDrive}\\windows\\system\\autoexec.nt",
$"{systemDrive}\\windows\\system\\config.nt"
};
foreach (string path in autostartFiles)
{
try
{
if (File.Exists(path))
{
string folder = Path.GetDirectoryName(path);
results.Add(new Dictionary<string, string>
{
{ "Reg", "" },
{ "RegKey", "" },
{ "RegPermissions", "" },
{ "Folder", folder },
{ "File", path },
{ "isWritableReg", ""},
{ "interestingFolderRights", string.Join(", ", PermissionsHelper.GetPermissionsFolder(folder, Checks.Checks.CurrentUserSiDs))},
{ "interestingFileRights", string.Join(", ", PermissionsHelper.GetPermissionsFile(path, Checks.Checks.CurrentUserSiDs))},
{ "isUnquotedSpaced", "" }
});
}
}
catch (Exception e)
{
}
}
return results;
}
}
}

2
winPEAS/winPEASexe/winPEAS/KnownFileCreds/Vault/VaultCli.cs
View File

@ -3,7 +3,7 @@ using System.Collections.Generic;
using System.Reflection;
using System.Runtime.InteropServices;
using winPEAS.Helpers;
using winPEAS.KnownFileCreds.Vault.structs;
using winPEAS.KnownFileCreds.Vault.Structs;
namespace winPEAS.KnownFileCreds.Vault
{

2
winPEAS/winPEASexe/winPEAS/KnownFileCreds/Vault/structs/VAULT_ITEM_ELEMENT.cs
View File

@ -1,7 +1,7 @@
using System.Runtime.InteropServices;
using winPEAS.KnownFileCreds.Vault.Enums;
namespace winPEAS.KnownFileCreds.Vault.structs
namespace winPEAS.KnownFileCreds.Vault.Structs
{
[StructLayout(LayoutKind.Explicit, CharSet = CharSet.Ansi)]
public struct VAULT_ITEM_ELEMENT

2
winPEAS/winPEASexe/winPEAS/KnownFileCreds/Vault/structs/VAULT_ITEM_WIN7.cs
View File

@ -1,7 +1,7 @@
using System;
using System.Runtime.InteropServices;
namespace winPEAS.KnownFileCreds.Vault.structs
namespace winPEAS.KnownFileCreds.Vault.Structs
{
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Ansi)]
public struct VAULT_ITEM_WIN7

2
winPEAS/winPEASexe/winPEAS/KnownFileCreds/Vault/structs/VAULT_ITEM_WIN8.cs
View File

@ -1,7 +1,7 @@
using System;
using System.Runtime.InteropServices;
namespace winPEAS.KnownFileCreds.Vault.structs
namespace winPEAS.KnownFileCreds.Vault.Structs
{
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Ansi)]
public struct VAULT_ITEM_WIN8

1924
winPEAS/winPEASexe/winPEAS/TaskScheduler/Action.cs
View File

File diff suppressed because it is too large Load Diff

60
winPEAS/winPEASexe/winPEAS/TaskScheduler/ActionCollection.cs
View File

@ -10,6 +10,8 @@ using System.Text;
using System.Threading.Tasks;
using System.Xml.Serialization;
using winPEAS.TaskScheduler.TaskEditor.Native;
using winPEAS.TaskScheduler.V1;
using winPEAS.TaskScheduler.V2;
namespace winPEAS.TaskScheduler
{
@ -25,13 +27,13 @@ namespace winPEAS.TaskScheduler
/// <summary>
/// Convert actions under Version 1 of the library (Windows XP or Windows Server 2003 and earlier). This option supports multiple
/// actions of all types. If not specified, only a single <see cref="ExecAction"/> is supported. Developer must ensure that
/// actions of all types. If not specified, only a single <see cref="Action.ExecAction"/> is supported. Developer must ensure that
/// PowerShell v2 or higher is installed on the target computer.
/// </summary>
Version1 = 1,
/// <summary>
/// Convert all <see cref="ShowMessageAction"/> and <see cref="EmailAction"/> references to their PowerShell equivalents on systems
/// Convert all <see cref="Action.ShowMessageAction"/> and <see cref="Action.EmailAction"/> references to their PowerShell equivalents on systems
/// on or after Windows 8 / Server 2012.
/// </summary>
Version2 = 2,
@ -51,18 +53,18 @@ namespace winPEAS.TaskScheduler
private bool inV2set;
private PowerShellActionPlatformOption psConvert = PowerShellActionPlatformOption.Version2;
private readonly List<Action> v1Actions;
private V1Interop.ITask v1Task;
private readonly V2Interop.IActionCollection v2Coll;
private V2Interop.ITaskDefinition v2Def;
private ITask v1Task;
private readonly IActionCollection v2Coll;
private ITaskDefinition v2Def;
internal ActionCollection([NotNull] V1Interop.ITask task)
internal ActionCollection([NotNull] ITask task)
{
v1Task = task;
v1Actions = GetV1Actions();
PowerShellConversion = Action.TryParse(v1Task.GetDataItem(nameof(PowerShellConversion)), psConvert | PowerShellActionPlatformOption.Version2);
}
internal ActionCollection([NotNull] V2Interop.ITaskDefinition iTaskDef)
internal ActionCollection([NotNull] ITaskDefinition iTaskDef)
{
v2Def = iTaskDef;
v2Coll = iTaskDef.Actions;
@ -108,7 +110,7 @@ namespace winPEAS.TaskScheduler
}
/// <summary>
/// Gets or sets the systems under which unsupported actions will be converted to PowerShell <see cref="ExecAction"/> instances.
/// Gets or sets the systems under which unsupported actions will be converted to PowerShell <see cref="Action.ExecAction"/> instances.
/// </summary>
/// <value>The PowerShell platform options.</value>
/// <remarks>
@ -120,12 +122,12 @@ namespace winPEAS.TaskScheduler
/// <para>
/// If set to <see cref="PowerShellActionPlatformOption.Version1"/>, then actions will be converted only under Version 1 of the
/// library (Windows XP or Windows Server 2003 and earlier). This option supports multiple actions of all types. If not specified,
/// only a single <see cref="ExecAction"/> is supported. Developer must ensure that PowerShell v2 or higher is installed on the
/// only a single <see cref="Action.ExecAction"/> is supported. Developer must ensure that PowerShell v2 or higher is installed on the
/// target computer.
/// </para>
/// <para>
/// If set to <see cref="PowerShellActionPlatformOption.Version2"/> (which is the default value), then <see
/// cref="ShowMessageAction"/> and <see cref="EmailAction"/> references will be converted to their PowerShell equivalents on systems
/// cref="Action.ShowMessageAction"/> and <see cref="Action.EmailAction"/> references will be converted to their PowerShell equivalents on systems
/// on or after Windows 8 / Server 2012.
/// </para>
/// <para>
@ -291,8 +293,8 @@ namespace winPEAS.TaskScheduler
action.Bind(v2Def);
else
{
if (!SupportV1Conversion && (v1Actions.Count >= 1 || !(action is ExecAction)))
throw new NotV1SupportedException($"Only a single {nameof(ExecAction)} is supported unless the {nameof(PowerShellConversion)} property includes the {nameof(PowerShellActionPlatformOption.Version1)} value.");
if (!SupportV1Conversion && (v1Actions.Count >= 1 || !(action is Action.ExecAction)))
throw new NotV1SupportedException($"Only a single {nameof(Action.ExecAction)} is supported unless the {nameof(PowerShellConversion)} property includes the {nameof(PowerShellActionPlatformOption.Version1)} value.");
v1Actions.Add(action);
SaveV1Actions();
}
@ -302,16 +304,16 @@ namespace winPEAS.TaskScheduler
return action;
}
/// <summary>Adds an <see cref="ExecAction"/> to the task.</summary>
/// <summary>Adds an <see cref="Action.ExecAction"/> to the task.</summary>
/// <param name="path">Path to an executable file.</param>
/// <param name="arguments">Arguments associated with the command-line operation. This value can be null.</param>
/// <param name="workingDirectory">
/// Directory that contains either the executable file or the files that are used by the executable file. This value can be null.
/// </param>
/// <returns>The bound <see cref="ExecAction"/> that was added to the collection.</returns>
/// <returns>The bound <see cref="Action.ExecAction"/> that was added to the collection.</returns>
[NotNull]
public ExecAction Add([NotNull] string path, [CanBeNull] string arguments = null, [CanBeNull] string workingDirectory = null) =>
Add(new ExecAction(path, arguments, workingDirectory));
public Action.ExecAction Add([NotNull] string path, [CanBeNull] string arguments = null, [CanBeNull] string workingDirectory = null) =>
Add(new Action.ExecAction(path, arguments, workingDirectory));
/// <summary>Adds a new <see cref="Action"/> instance to the task.</summary>
/// <param name="actionType">Type of task to be created</param>
@ -324,7 +326,7 @@ namespace winPEAS.TaskScheduler
if (v1Task != null)
{
if (!SupportV1Conversion && (v1Actions.Count >= 1 || actionType != TaskActionType.Execute))
throw new NotV1SupportedException($"Only a single {nameof(ExecAction)} is supported unless the {nameof(PowerShellConversion)} property includes the {nameof(PowerShellActionPlatformOption.Version1)} value.");
throw new NotV1SupportedException($"Only a single {nameof(Action.ExecAction)} is supported unless the {nameof(PowerShellConversion)} property includes the {nameof(PowerShellActionPlatformOption.Version1)} value.");
return Action.CreateAction(v1Task);
}
return Action.CreateAction(v2Coll.Create(actionType));
@ -345,7 +347,7 @@ namespace winPEAS.TaskScheduler
var list = new List<Action>(actions);
var at = list.Count == 1 && list[0].ActionType == TaskActionType.Execute;
if (!SupportV1Conversion && ((v1Actions.Count + list.Count) > 1 || !at))
throw new NotV1SupportedException($"Only a single {nameof(ExecAction)} is supported unless the {nameof(PowerShellConversion)} property includes the {nameof(PowerShellActionPlatformOption.Version1)} value.");
throw new NotV1SupportedException($"Only a single {nameof(Action.ExecAction)} is supported unless the {nameof(PowerShellConversion)} property includes the {nameof(PowerShellActionPlatformOption.Version1)} value.");
v1Actions.AddRange(actions);
SaveV1Actions();
}
@ -492,7 +494,7 @@ namespace winPEAS.TaskScheduler
public IEnumerator<Action> GetEnumerator()
{
if (v2Coll != null)
return new ComEnumerator<Action, V2Interop.IAction>(() => v2Coll.Count, i => v2Coll[i], Action.CreateAction);
return new ComEnumerator<Action, IAction>(() => v2Coll.Count, i => v2Coll[i], Action.CreateAction);
return v1Actions.GetEnumerator();
}
@ -537,8 +539,8 @@ namespace winPEAS.TaskScheduler
}
else
{
if (!SupportV1Conversion && (index > 0 || !(action is ExecAction)))
throw new NotV1SupportedException($"Only a single {nameof(ExecAction)} is supported unless the {nameof(PowerShellConversion)} property includes the {nameof(PowerShellActionPlatformOption.Version1)} value.");
if (!SupportV1Conversion && (index > 0 || !(action is Action.ExecAction)))
throw new NotV1SupportedException($"Only a single {nameof(Action.ExecAction)} is supported unless the {nameof(PowerShellConversion)} property includes the {nameof(PowerShellActionPlatformOption.Version1)} value.");
v1Actions.Insert(index, action);
SaveV1Actions();
}
@ -673,8 +675,8 @@ namespace winPEAS.TaskScheduler
{
var action = this[i];
var bindable = action as IBindAsExecAction;
if (bindable != null && !(action is ComHandlerAction))
this[i] = ExecAction.ConvertToPowerShellAction(action);
if (bindable != null && !(action is Action.ComHandlerAction))
this[i] = Action.ExecAction.ConvertToPowerShellAction(action);
}
}
}
@ -684,7 +686,7 @@ namespace winPEAS.TaskScheduler
var ret = new List<Action>();
if (v1Task != null && v1Task.GetDataItem("ActionType") != "EMPTY")
{
var exec = new ExecAction(v1Task);
var exec = new Action.ExecAction(v1Task);
var items = exec.ParsePowerShellItems();
if (items != null)
{
@ -704,7 +706,7 @@ namespace winPEAS.TaskScheduler
}
}
else
ret.Add(ExecAction.ConvertFromPowerShellAction(exec));
ret.Add(Action.ExecAction.ConvertFromPowerShellAction(exec));
}
else if (!string.IsNullOrEmpty(exec.Path))
{
@ -733,21 +735,21 @@ namespace winPEAS.TaskScheduler
else if (v1Actions.Count == 1)
{
if (!SupportV1Conversion && v1Actions[0].ActionType != TaskActionType.Execute)
throw new NotV1SupportedException($"Only a single {nameof(ExecAction)} is supported unless the {nameof(PowerShellConversion)} property includes the {nameof(PowerShellActionPlatformOption.Version1)} value.");
throw new NotV1SupportedException($"Only a single {nameof(Action.ExecAction)} is supported unless the {nameof(PowerShellConversion)} property includes the {nameof(PowerShellActionPlatformOption.Version1)} value.");
v1Task.SetDataItem("ActionType", null);
v1Actions[0].Bind(v1Task);
}
else
{
if (!SupportV1Conversion)
throw new NotV1SupportedException($"Only a single {nameof(ExecAction)} is supported unless the {nameof(PowerShellConversion)} property includes the {nameof(PowerShellActionPlatformOption.Version1)} value.");
throw new NotV1SupportedException($"Only a single {nameof(Action.ExecAction)} is supported unless the {nameof(PowerShellConversion)} property includes the {nameof(PowerShellActionPlatformOption.Version1)} value.");
// Build list of internal PowerShell scripts
var sb = new System.Text.StringBuilder();
foreach (var item in v1Actions)
sb.Append($"<# {item.Id ?? "NO_ID"}:{item.ActionType} #> {item.GetPowerShellCommand()} ");
// Build and save PS ExecAction
var ea = ExecAction.CreatePowerShellAction("MULTIPLE", sb.ToString());
var ea = Action.ExecAction.CreatePowerShellAction("MULTIPLE", sb.ToString());
ea.Bind(v1Task);
v1Task.SetDataItem("ActionId", null);
v1Task.SetDataItem("ActionType", "MULTIPLE");
@ -760,7 +762,7 @@ namespace winPEAS.TaskScheduler
{
for (var i = 0; i < Count; i++)
{
var action = this[i] as ExecAction;
var action = this[i] as Action.ExecAction;
if (action != null)
{
var newAction = Action.ConvertFromPowerShellAction(action);

2
winPEAS/winPEASexe/winPEAS/TaskScheduler/NamedValueCollection.cs
View File

@ -8,7 +8,7 @@ using System.Text;
using System.Threading.Tasks;
using System.Xml.Serialization;
using winPEAS.TaskScheduler.TaskEditor.Native;
using winPEAS.TaskScheduler.V2Interop;
using winPEAS.TaskScheduler.V2;
namespace winPEAS.TaskScheduler
{

31
winPEAS/winPEASexe/winPEAS/TaskScheduler/Task.cs
View File

@ -20,9 +20,10 @@ using System.Xml;
using System.Xml.Schema;
using System.Xml.Serialization;
using winPEAS.TaskScheduler.TaskEditor.Native;
using winPEAS.TaskScheduler.V1Interop;
using winPEAS.TaskScheduler.V2Interop;
using TaskStatus = winPEAS.TaskScheduler.V1Interop.TaskStatus;
using winPEAS.TaskScheduler.V1;
using winPEAS.TaskScheduler.V2;
using IPrincipal = winPEAS.TaskScheduler.V2.IPrincipal;
using TaskStatus = winPEAS.TaskScheduler.V1.TaskStatus;
namespace winPEAS.TaskScheduler
{
@ -1125,7 +1126,7 @@ namespace winPEAS.TaskScheduler
}
/// <summary>Gets the results that were returned the last time the registered task was run.</summary>
/// <remarks>The value returned is the last exit code of the last program run via an <see cref="ExecAction"/>.</remarks>
/// <remarks>The value returned is the last exit code of the last program run via an <see cref="Action.ExecAction"/>.</remarks>
/// <example>
/// <code lang="cs">
///<![CDATA[
@ -1168,7 +1169,7 @@ namespace winPEAS.TaskScheduler
/// <summary>
/// Gets a value indicating whether this task is read only. Only available if <see
/// cref="Microsoft.Win32.TaskScheduler.TaskService.AllowReadOnlyTasks"/> is <c>true</c>.
/// cref="TaskScheduler.TaskService.AllowReadOnlyTasks"/> is <c>true</c>.
/// </summary>
/// <value><c>true</c> if read only; otherwise, <c>false</c>.</value>
public bool ReadOnly { get; internal set; }
@ -1862,10 +1863,10 @@ namespace winPEAS.TaskScheduler
public event PropertyChangedEventHandler PropertyChanged;
/// <summary>Gets a collection of actions that are performed by the task.</summary>
[XmlArrayItem(ElementName = "Exec", IsNullable = true, Type = typeof(ExecAction))]
[XmlArrayItem(ElementName = "ShowMessage", IsNullable = true, Type = typeof(ShowMessageAction))]
[XmlArrayItem(ElementName = "ComHandler", IsNullable = true, Type = typeof(ComHandlerAction))]
[XmlArrayItem(ElementName = "SendEmail", IsNullable = true, Type = typeof(EmailAction))]
[XmlArrayItem(ElementName = "Exec", IsNullable = true, Type = typeof(Action.ExecAction))]
[XmlArrayItem(ElementName = "ShowMessage", IsNullable = true, Type = typeof(Action.ShowMessageAction))]
[XmlArrayItem(ElementName = "ComHandler", IsNullable = true, Type = typeof(Action.ComHandlerAction))]
[XmlArrayItem(ElementName = "SendEmail", IsNullable = true, Type = typeof(Action.EmailAction))]
[XmlArray]
[NotNull, ItemNotNull]
public ActionCollection Actions => actions ??= v2Def != null ? new ActionCollection(v2Def) : new ActionCollection(v1Task);
@ -2006,13 +2007,13 @@ namespace winPEAS.TaskScheduler
var a = Actions[i];
switch (a)
{
case EmailAction _:
case Action.EmailAction _:
bad = true;
if (!throwExceptionWithDetails) return false;
TryAdd(ex.Data, $"Actions[{i}]", "== typeof(EmailAction)");
break;
case ShowMessageAction _:
case Action.ShowMessageAction _:
bad = true;
if (!throwExceptionWithDetails) return false;
TryAdd(ex.Data, $"Actions[{i}]", "== typeof(ShowMessageAction)");
@ -2271,9 +2272,9 @@ namespace winPEAS.TaskScheduler
if (Settings.StartWhenAvailable)
{ list.Add(new TaskCompatibilityEntry(TaskCompatibility.V2, "Settings.StartWhenAvailable", "must be false.")); }
if ((Actions.PowerShellConversion & PowerShellActionPlatformOption.Version1) != PowerShellActionPlatformOption.Version1 && (Actions.ContainsType(typeof(EmailAction)) || Actions.ContainsType(typeof(ShowMessageAction)) || Actions.ContainsType(typeof(ComHandlerAction))))
if ((Actions.PowerShellConversion & PowerShellActionPlatformOption.Version1) != PowerShellActionPlatformOption.Version1 && (Actions.ContainsType(typeof(Action.EmailAction)) || Actions.ContainsType(typeof(Action.ShowMessageAction)) || Actions.ContainsType(typeof(Action.ComHandlerAction))))
{ list.Add(new TaskCompatibilityEntry(TaskCompatibility.V2, "Actions", "may only contain ExecAction types unless Actions.PowerShellConversion includes Version1.")); }
if ((Actions.PowerShellConversion & PowerShellActionPlatformOption.Version2) != PowerShellActionPlatformOption.Version2 && (Actions.ContainsType(typeof(EmailAction)) || Actions.ContainsType(typeof(ShowMessageAction))))
if ((Actions.PowerShellConversion & PowerShellActionPlatformOption.Version2) != PowerShellActionPlatformOption.Version2 && (Actions.ContainsType(typeof(Action.EmailAction)) || Actions.ContainsType(typeof(Action.ShowMessageAction))))
{ list.Add(new TaskCompatibilityEntry(TaskCompatibility.V2_1, "Actions", "may only contain ExecAction and ComHanlderAction types unless Actions.PowerShellConversion includes Version2.")); }
try
@ -2332,14 +2333,14 @@ namespace winPEAS.TaskScheduler
public sealed class TaskPrincipal : IDisposable, IXmlSerializable, INotifyPropertyChanged
{
private const string localSystemAcct = "SYSTEM";
private readonly V2Interop.IPrincipal v2Principal;
private readonly IPrincipal v2Principal;
private readonly IPrincipal2 v2Principal2;
private readonly Func<string> xmlFunc;
private TaskPrincipalPrivileges reqPriv;
private string v1CachedAcctInfo;
private ITask v1Task;
internal TaskPrincipal([NotNull] V2Interop.IPrincipal iPrincipal, Func<string> defXml)
internal TaskPrincipal([NotNull] IPrincipal iPrincipal, Func<string> defXml)
{
xmlFunc = defXml;
v2Principal = iPrincipal;

30
winPEAS/winPEASexe/winPEAS/TaskScheduler/TaskCollection.cs
View File

@ -4,6 +4,8 @@ using System.Runtime.InteropServices;
using System.Text.RegularExpressions;
using winPEAS.TaskScheduler.TaskEditor.Native;
using winPEAS.TaskScheduler.V1;
using winPEAS.TaskScheduler.V2;
namespace winPEAS.TaskScheduler
{
@ -14,11 +16,11 @@ namespace winPEAS.TaskScheduler
public sealed class RunningTaskCollection : IReadOnlyList<RunningTask>, IDisposable
{
private readonly TaskService svc;
private readonly V2Interop.IRunningTaskCollection v2Coll;
private readonly IRunningTaskCollection v2Coll;
internal RunningTaskCollection([NotNull] TaskService svc) => this.svc = svc;
internal RunningTaskCollection([NotNull] TaskService svc, [NotNull] V2Interop.IRunningTaskCollection iTaskColl)
internal RunningTaskCollection([NotNull] TaskService svc, [NotNull] IRunningTaskCollection iTaskColl)
{
this.svc = svc;
v2Coll = iTaskColl;
@ -73,9 +75,9 @@ namespace winPEAS.TaskScheduler
public IEnumerator<RunningTask> GetEnumerator()
{
if (v2Coll != null)
return new ComEnumerator<RunningTask, V2Interop.IRunningTask>(() => v2Coll.Count, (object o) => v2Coll[o], o =>
return new ComEnumerator<RunningTask, IRunningTask>(() => v2Coll.Count, (object o) => v2Coll[o], o =>
{
V2Interop.IRegisteredTask task = null;
IRegisteredTask task = null;
try { task = TaskService.GetTask(svc.v2TaskService, o.Path); } catch { }
return task == null ? null : new RunningTask(svc, task, o);
});
@ -151,9 +153,9 @@ namespace winPEAS.TaskScheduler
{
private readonly TaskFolder fld;
private readonly TaskService svc;
private readonly V2Interop.IRegisteredTaskCollection v2Coll;
private readonly IRegisteredTaskCollection v2Coll;
private Regex filter;
private V1Interop.ITaskScheduler v1TS;
private ITaskScheduler v1TS;
internal TaskCollection([NotNull] TaskService svc, Regex filter = null)
{
@ -162,7 +164,7 @@ namespace winPEAS.TaskScheduler
v1TS = svc.v1TaskScheduler;
}
internal TaskCollection([NotNull] TaskFolder folder, [NotNull] V2Interop.IRegisteredTaskCollection iTaskColl, Regex filter = null)
internal TaskCollection([NotNull] TaskFolder folder, [NotNull] IRegisteredTaskCollection iTaskColl, Regex filter = null)
{
svc = folder.TaskService;
Filter = filter;
@ -288,9 +290,9 @@ namespace winPEAS.TaskScheduler
{
private readonly Regex filter;
private readonly TaskService svc;
private readonly V1Interop.IEnumWorkItems wienum;
private readonly IEnumWorkItems wienum;
private string curItem;
private V1Interop.ITaskScheduler ts;
private ITaskScheduler ts;
/// <summary>Internal constructor</summary>
/// <param name="svc">TaskService instance</param>
@ -322,7 +324,7 @@ namespace winPEAS.TaskScheduler
}
}
internal V1Interop.ITask ICurrent => TaskService.GetTask(ts, curItem);
internal ITask ICurrent => TaskService.GetTask(ts, curItem);
/// <summary>Releases all resources used by this class.</summary>
public void Dispose()
@ -346,7 +348,7 @@ namespace winPEAS.TaskScheduler
wienum?.Next(1, out names, out uFetched);
if (uFetched != 1)
break;
using (var name = new V1Interop.CoTaskMemString(Marshal.ReadIntPtr(names)))
using (var name = new CoTaskMemString(Marshal.ReadIntPtr(names)))
curItem = name.ToString();
if (curItem != null && curItem.EndsWith(".job", StringComparison.InvariantCultureIgnoreCase))
curItem = curItem.Remove(curItem.Length - 4);
@ -361,7 +363,7 @@ namespace winPEAS.TaskScheduler
continue;
}
V1Interop.ITask itask = null;
ITask itask = null;
try { itask = ICurrent; valid = true; }
catch { valid = false; }
finally { Marshal.ReleaseComObject(itask); }
@ -378,11 +380,11 @@ namespace winPEAS.TaskScheduler
}
}
private class V2TaskEnumerator : ComEnumerator<Task, V2Interop.IRegisteredTask>
private class V2TaskEnumerator : ComEnumerator<Task, IRegisteredTask>
{
private readonly Regex filter;
internal V2TaskEnumerator(TaskFolder folder, V2Interop.IRegisteredTaskCollection iTaskColl, Regex filter = null) :
internal V2TaskEnumerator(TaskFolder folder, IRegisteredTaskCollection iTaskColl, Regex filter = null) :
base(() => iTaskColl.Count, (object o) => iTaskColl[o], o => Task.CreateTask(folder.TaskService, o)) => this.filter = filter;
public override bool MoveNext()

4
winPEAS/winPEASexe/winPEAS/TaskScheduler/TaskFolder.cs
View File

@ -8,8 +8,8 @@ using System.Security.AccessControl;
using System.Text;
using System.Text.RegularExpressions;
using System.Threading.Tasks;
using winPEAS.TaskScheduler.V1Interop;
using winPEAS.TaskScheduler.V2Interop;
using winPEAS.TaskScheduler.V1;
using winPEAS.TaskScheduler.V2;
namespace winPEAS.TaskScheduler
{

7
winPEAS/winPEASexe/winPEAS/TaskScheduler/TaskFolderCollection.cs
View File

@ -7,6 +7,7 @@ using System.Runtime.CompilerServices;
using System.Text;
using System.Threading.Tasks;
using winPEAS.TaskScheduler.TaskEditor.Native;
using winPEAS.TaskScheduler.V2;
namespace winPEAS.TaskScheduler
{
@ -16,11 +17,11 @@ namespace winPEAS.TaskScheduler
private const string IndexerName = "Item[]";
private readonly TaskFolder parent;
private readonly TaskFolder[] v1FolderList;
private readonly V2Interop.ITaskFolderCollection v2FolderList;
private readonly ITaskFolderCollection v2FolderList;
internal TaskFolderCollection() => v1FolderList = new TaskFolder[0];
internal TaskFolderCollection([NotNull] TaskFolder folder, [NotNull] V2Interop.ITaskFolderCollection iCollection)
internal TaskFolderCollection([NotNull] TaskFolder folder, [NotNull] ITaskFolderCollection iCollection)
{
parent = folder;
v2FolderList = iCollection;
@ -163,7 +164,7 @@ namespace winPEAS.TaskScheduler
public IEnumerator<TaskFolder> GetEnumerator()
{
if (v2FolderList != null)
return new ComEnumerator<TaskFolder, V2Interop.ITaskFolder>(() => v2FolderList.Count, (object o) => v2FolderList[o], o => new TaskFolder(parent.TaskService, o));
return new ComEnumerator<TaskFolder, ITaskFolder>(() => v2FolderList.Count, (object o) => v2FolderList[o], o => new TaskFolder(parent.TaskService, o));
return Array.AsReadOnly(v1FolderList).GetEnumerator();
}

24
winPEAS/winPEASexe/winPEAS/TaskScheduler/TaskService.cs
View File

@ -6,12 +6,14 @@ using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading.Tasks;
using winPEAS.TaskScheduler.V1;
using winPEAS.TaskScheduler.V2;
namespace winPEAS.TaskScheduler
{
/// <summary>
/// Quick simple trigger types for the
/// <see cref="TaskService.AddTask(string,Microsoft.Win32.TaskScheduler.Trigger,Microsoft.Win32.TaskScheduler.Action,string,string,Microsoft.Win32.TaskScheduler.TaskLogonType,string)"/> method.
/// <see cref="TaskService.AddTask(string,Trigger,TaskScheduler.Action,string,string,TaskLogonType,string)"/> method.
/// </summary>
public enum QuickTriggerType
{
@ -78,14 +80,14 @@ namespace winPEAS.TaskScheduler
{
internal static readonly bool LibraryIsV2 = Environment.OSVersion.Version.Major >= 6;
internal static readonly Guid PowerShellActionGuid = new Guid("dab4c1e3-cd12-46f1-96fc-3981143c9bab");
private static Guid CLSID_Ctask = typeof(V1Interop.CTask).GUID;
private static Guid IID_ITask = typeof(V1Interop.ITask).GUID;
private static Guid CLSID_Ctask = typeof(CTask).GUID;
private static Guid IID_ITask = typeof(ITask).GUID;
[ThreadStatic]
private static TaskService instance;
private static Version osLibVer;
internal V1Interop.ITaskScheduler v1TaskScheduler;
internal V2Interop.ITaskService v2TaskService;
internal ITaskScheduler v1TaskScheduler;
internal ITaskService v2TaskService;
private bool connecting;
private bool forceV1;
private bool initializing;
@ -586,7 +588,7 @@ namespace winPEAS.TaskScheduler
throw new ArgumentOutOfRangeException(nameof(trigger), trigger, null);
}
return AddTask(path, newTrigger, new ExecAction(exePath, arguments), userId, password, logonType, description);
return AddTask(path, newTrigger, new Action.ExecAction(exePath, arguments), userId, password, logonType, description);
}
/// <summary>Signals the object that initialization is starting.</summary>
@ -765,9 +767,9 @@ namespace winPEAS.TaskScheduler
info.AddValue("forceV1", forceV1, typeof(bool));
}
internal static V2Interop.IRegisteredTask GetTask([NotNull] V2Interop.ITaskService iSvc, [NotNull] string name)
internal static IRegisteredTask GetTask([NotNull] ITaskService iSvc, [NotNull] string name)
{
V2Interop.ITaskFolder fld = null;
ITaskFolder fld = null;
try
{
fld = iSvc.GetFolder("\\");
@ -783,7 +785,7 @@ namespace winPEAS.TaskScheduler
}
}
internal static V1Interop.ITask GetTask([NotNull] V1Interop.ITaskScheduler iSvc, [NotNull] string name)
internal static ITask GetTask([NotNull] ITaskScheduler iSvc, [NotNull] string name)
{
if (string.IsNullOrEmpty(name))
throw new ArgumentNullException(nameof(name));
@ -891,7 +893,7 @@ namespace winPEAS.TaskScheduler
if (LibraryIsV2 && !forceV1)
{
v2TaskService = new V2Interop.ITaskService();
v2TaskService = new ITaskService();
if (!string.IsNullOrEmpty(targetServer))
{
// Check to ensure character only server name. (Suggested by bigsan)
@ -912,7 +914,7 @@ namespace winPEAS.TaskScheduler
else
{
v1Impersonation = new WindowsImpersonatedIdentity(userName, userDomain, userPassword);
v1TaskScheduler = new V1Interop.ITaskScheduler();
v1TaskScheduler = new ITaskScheduler();
if (!string.IsNullOrEmpty(targetServer))
{
// Check to ensure UNC format for server name. (Suggested by bigsan)

69
winPEAS/winPEASexe/winPEAS/TaskScheduler/Trigger.cs
View File

@ -9,7 +9,8 @@ using System.Text;
using System.Threading.Tasks;
using System.Xml.Serialization;
using winPEAS.Properties;
using winPEAS.TaskScheduler.V2Interop;
using winPEAS.TaskScheduler.V1;
using winPEAS.TaskScheduler.V2;
namespace winPEAS.TaskScheduler
{
@ -187,7 +188,7 @@ namespace winPEAS.TaskScheduler
/// <summary>Creates an unbound instance of a <see cref="BootTrigger"/>.</summary>
public BootTrigger() : base(TaskTriggerType.Boot) { }
internal BootTrigger([NotNull] V1Interop.ITaskTrigger iTrigger) : base(iTrigger, V1Interop.TaskTriggerType.OnSystemStart)
internal BootTrigger([NotNull] ITaskTrigger iTrigger) : base(iTrigger, V1.TaskTriggerType.OnSystemStart)
{
}
@ -327,7 +328,7 @@ namespace winPEAS.TaskScheduler
/// <param name="daysInterval">Interval between the days in the schedule.</param>
public DailyTrigger(short daysInterval = 1) : base(TaskTriggerType.Daily) => DaysInterval = daysInterval;
internal DailyTrigger([NotNull] V1Interop.ITaskTrigger iTrigger) : base(iTrigger, V1Interop.TaskTriggerType.RunDaily)
internal DailyTrigger([NotNull] ITaskTrigger iTrigger) : base(iTrigger, V1.TaskTriggerType.RunDaily)
{
if (v1TriggerData.Data.daily.DaysInterval == 0)
v1TriggerData.Data.daily.DaysInterval = 1;
@ -663,7 +664,7 @@ namespace winPEAS.TaskScheduler
/// <summary>Creates an unbound instance of a <see cref="IdleTrigger"/>.</summary>
public IdleTrigger() : base(TaskTriggerType.Idle) { }
internal IdleTrigger([NotNull] V1Interop.ITaskTrigger iTrigger) : base(iTrigger, V1Interop.TaskTriggerType.OnIdle)
internal IdleTrigger([NotNull] ITaskTrigger iTrigger) : base(iTrigger, V1.TaskTriggerType.OnIdle)
{
}
@ -700,7 +701,7 @@ namespace winPEAS.TaskScheduler
/// <summary>Creates an unbound instance of a <see cref="LogonTrigger"/>.</summary>
public LogonTrigger() : base(TaskTriggerType.Logon) { }
internal LogonTrigger([NotNull] V1Interop.ITaskTrigger iTrigger) : base(iTrigger, V1Interop.TaskTriggerType.OnLogon)
internal LogonTrigger([NotNull] ITaskTrigger iTrigger) : base(iTrigger, V1.TaskTriggerType.OnLogon)
{
}
@ -783,7 +784,7 @@ namespace winPEAS.TaskScheduler
WeeksOfMonth = weeksOfMonth;
}
internal MonthlyDOWTrigger([NotNull] V1Interop.ITaskTrigger iTrigger) : base(iTrigger, V1Interop.TaskTriggerType.RunMonthlyDOW)
internal MonthlyDOWTrigger([NotNull] ITaskTrigger iTrigger) : base(iTrigger, V1.TaskTriggerType.RunMonthlyDOW)
{
if (v1TriggerData.Data.monthlyDOW.Months == 0)
v1TriggerData.Data.monthlyDOW.Months = MonthsOfTheYear.AllMonths;
@ -1112,7 +1113,7 @@ namespace winPEAS.TaskScheduler
MonthsOfYear = monthsOfYear;
}
internal MonthlyTrigger([NotNull] V1Interop.ITaskTrigger iTrigger) : base(iTrigger, V1Interop.TaskTriggerType.RunMonthly)
internal MonthlyTrigger([NotNull] ITaskTrigger iTrigger) : base(iTrigger, V1.TaskTriggerType.RunMonthly)
{
if (v1TriggerData.Data.monthlyDate.Months == 0)
v1TriggerData.Data.monthlyDate.Months = MonthsOfTheYear.AllMonths;
@ -1563,7 +1564,7 @@ namespace winPEAS.TaskScheduler
if (v2Pattern != null)
return v2Pattern.StopAtDurationEnd;
if (pTrigger != null)
return (pTrigger.v1TriggerData.Flags & V1Interop.TaskTriggerFlags.KillAtDurationEnd) == V1Interop.TaskTriggerFlags.KillAtDurationEnd;
return (pTrigger.v1TriggerData.Flags & TaskTriggerFlags.KillAtDurationEnd) == TaskTriggerFlags.KillAtDurationEnd;
return unboundStopAtDurationEnd;
}
set
@ -1573,9 +1574,9 @@ namespace winPEAS.TaskScheduler
else if (pTrigger != null)
{
if (value)
pTrigger.v1TriggerData.Flags |= V1Interop.TaskTriggerFlags.KillAtDurationEnd;
pTrigger.v1TriggerData.Flags |= TaskTriggerFlags.KillAtDurationEnd;
else
pTrigger.v1TriggerData.Flags &= ~V1Interop.TaskTriggerFlags.KillAtDurationEnd;
pTrigger.v1TriggerData.Flags &= ~TaskTriggerFlags.KillAtDurationEnd;
Bind();
}
else
@ -1612,7 +1613,7 @@ namespace winPEAS.TaskScheduler
if (v2Pattern != null)
return v2Pattern.StopAtDurationEnd || !string.IsNullOrEmpty(v2Pattern.Duration) || !string.IsNullOrEmpty(v2Pattern.Interval);
if (pTrigger != null)
return (pTrigger.v1TriggerData.Flags & V1Interop.TaskTriggerFlags.KillAtDurationEnd) == V1Interop.TaskTriggerFlags.KillAtDurationEnd || pTrigger.v1TriggerData.MinutesDuration > 0 || pTrigger.v1TriggerData.MinutesInterval > 0;
return (pTrigger.v1TriggerData.Flags & TaskTriggerFlags.KillAtDurationEnd) == TaskTriggerFlags.KillAtDurationEnd || pTrigger.v1TriggerData.MinutesDuration > 0 || pTrigger.v1TriggerData.MinutesInterval > 0;
return false;
}
@ -1642,7 +1643,7 @@ namespace winPEAS.TaskScheduler
v2Pattern.Interval = $"PT{pTrigger.v1TriggerData.MinutesInterval}M";
if (pTrigger.v1TriggerData.MinutesDuration != 0)
v2Pattern.Duration = $"PT{pTrigger.v1TriggerData.MinutesDuration}M";
v2Pattern.StopAtDurationEnd = (pTrigger.v1TriggerData.Flags & V1Interop.TaskTriggerFlags.KillAtDurationEnd) == V1Interop.TaskTriggerFlags.KillAtDurationEnd;
v2Pattern.StopAtDurationEnd = (pTrigger.v1TriggerData.Flags & TaskTriggerFlags.KillAtDurationEnd) == TaskTriggerFlags.KillAtDurationEnd;
}
}
@ -1801,7 +1802,7 @@ namespace winPEAS.TaskScheduler
/// <param name="startBoundary">Date and time for the trigger to fire.</param>
public TimeTrigger(DateTime startBoundary) : base(TaskTriggerType.Time) => StartBoundary = startBoundary;
internal TimeTrigger([NotNull] V1Interop.ITaskTrigger iTrigger) : base(iTrigger, V1Interop.TaskTriggerType.RunOnce)
internal TimeTrigger([NotNull] ITaskTrigger iTrigger) : base(iTrigger, V1.TaskTriggerType.RunOnce)
{
}
@ -1850,8 +1851,8 @@ namespace winPEAS.TaskScheduler
internal const string V2BoundaryDateFormat = "yyyy'-'MM'-'dd'T'HH':'mm':'ss'.'FFFK";
internal static readonly CultureInfo DefaultDateCulture = CultureInfo.CreateSpecificCulture("en-US");
internal V1Interop.ITaskTrigger v1Trigger;
internal V1Interop.TaskTrigger v1TriggerData;
internal ITaskTrigger v1Trigger;
internal TaskTrigger v1TriggerData;
internal ITrigger v2Trigger;
/// <summary>In testing and may change. Do not use until officially introduced into library.</summary>
@ -1862,7 +1863,7 @@ namespace winPEAS.TaskScheduler
private readonly TaskTriggerType ttype;
private RepetitionPattern repititionPattern;
internal Trigger([NotNull] V1Interop.ITaskTrigger trigger, V1Interop.TaskTriggerType type)
internal Trigger([NotNull] ITaskTrigger trigger, V1.TaskTriggerType type)
{
v1Trigger = trigger;
v1TriggerData = trigger.GetTrigger();
@ -1882,7 +1883,7 @@ namespace winPEAS.TaskScheduler
{
ttype = triggerType;
v1TriggerData.TriggerSize = (ushort)Marshal.SizeOf(typeof(V1Interop.TaskTrigger));
v1TriggerData.TriggerSize = (ushort)Marshal.SizeOf(typeof(TaskTrigger));
if (ttype != TaskTriggerType.Registration && ttype != TaskTriggerType.Event && ttype != TaskTriggerType.SessionStateChange)
v1TriggerData.Type = ConvertToV1TriggerType(ttype);
@ -1896,14 +1897,14 @@ namespace winPEAS.TaskScheduler
/// <summary>Gets or sets a Boolean value that indicates whether the trigger is enabled.</summary>
public bool Enabled
{
get => v2Trigger?.Enabled ?? GetUnboundValueOrDefault(nameof(Enabled), !v1TriggerData.Flags.IsFlagSet(V1Interop.TaskTriggerFlags.Disabled));
get => v2Trigger?.Enabled ?? GetUnboundValueOrDefault(nameof(Enabled), !v1TriggerData.Flags.IsFlagSet(TaskTriggerFlags.Disabled));
set
{
if (v2Trigger != null)
v2Trigger.Enabled = value;
else
{
v1TriggerData.Flags = v1TriggerData.Flags.SetFlags(V1Interop.TaskTriggerFlags.Disabled, !value);
v1TriggerData.Flags = v1TriggerData.Flags.SetFlags(TaskTriggerFlags.Disabled, !value);
if (v1Trigger != null)
SetV1TriggerData();
else
@ -2258,29 +2259,29 @@ namespace winPEAS.TaskScheduler
internal static DateTime AdjustToLocal(DateTime dt) => dt.Kind == DateTimeKind.Utc ? dt.ToLocalTime() : dt;
internal static V1Interop.TaskTriggerType ConvertToV1TriggerType(TaskTriggerType type)
internal static V1.TaskTriggerType ConvertToV1TriggerType(TaskTriggerType type)
{
if (type == TaskTriggerType.Registration || type == TaskTriggerType.Event || type == TaskTriggerType.SessionStateChange)
throw new NotV1SupportedException();
var tv1 = (int)type - 1;
if (tv1 >= 7) tv1--;
return (V1Interop.TaskTriggerType)tv1;
return (V1.TaskTriggerType)tv1;
}
internal static Trigger CreateTrigger([NotNull] V1Interop.ITaskTrigger trigger) => CreateTrigger(trigger, trigger.GetTrigger().Type);
internal static Trigger CreateTrigger([NotNull] ITaskTrigger trigger) => CreateTrigger(trigger, trigger.GetTrigger().Type);
internal static Trigger CreateTrigger([NotNull] V1Interop.ITaskTrigger trigger, V1Interop.TaskTriggerType triggerType)
internal static Trigger CreateTrigger([NotNull] ITaskTrigger trigger, V1.TaskTriggerType triggerType)
{
Trigger t = triggerType switch
{
V1Interop.TaskTriggerType.RunOnce => new TimeTrigger(trigger),
V1Interop.TaskTriggerType.RunDaily => new DailyTrigger(trigger),
V1Interop.TaskTriggerType.RunWeekly => new WeeklyTrigger(trigger),
V1Interop.TaskTriggerType.RunMonthly => new MonthlyTrigger(trigger),
V1Interop.TaskTriggerType.RunMonthlyDOW => new MonthlyDOWTrigger(trigger),
V1Interop.TaskTriggerType.OnIdle => new IdleTrigger(trigger),
V1Interop.TaskTriggerType.OnSystemStart => new BootTrigger(trigger),
V1Interop.TaskTriggerType.OnLogon => new LogonTrigger(trigger),
V1.TaskTriggerType.RunOnce => new TimeTrigger(trigger),
V1.TaskTriggerType.RunDaily => new DailyTrigger(trigger),
V1.TaskTriggerType.RunWeekly => new WeeklyTrigger(trigger),
V1.TaskTriggerType.RunMonthly => new MonthlyTrigger(trigger),
V1.TaskTriggerType.RunMonthlyDOW => new MonthlyDOWTrigger(trigger),
V1.TaskTriggerType.OnIdle => new IdleTrigger(trigger),
V1.TaskTriggerType.OnSystemStart => new BootTrigger(trigger),
V1.TaskTriggerType.OnLogon => new LogonTrigger(trigger),
_ => throw new ArgumentOutOfRangeException(nameof(triggerType), triggerType, null),
};
return t;
@ -2365,7 +2366,7 @@ namespace winPEAS.TaskScheduler
return span.ToString();
}
internal virtual void Bind([NotNull] V1Interop.ITask iTask)
internal virtual void Bind([NotNull] ITask iTask)
{
if (v1Trigger == null)
{
@ -2443,7 +2444,7 @@ namespace winPEAS.TaskScheduler
/// <returns>String describing the trigger.</returns>
protected virtual string V2GetTriggerString() => string.Empty;
private static TaskTriggerType ConvertFromV1TriggerType(V1Interop.TaskTriggerType v1Type)
private static TaskTriggerType ConvertFromV1TriggerType(V1.TaskTriggerType v1Type)
{
var tv2 = (int)v1Type + 1;
if (tv2 > 6) tv2++;
@ -2494,7 +2495,7 @@ namespace winPEAS.TaskScheduler
WeeksInterval = weeksInterval;
}
internal WeeklyTrigger([NotNull] V1Interop.ITaskTrigger iTrigger) : base(iTrigger, V1Interop.TaskTriggerType.RunWeekly)
internal WeeklyTrigger([NotNull] ITaskTrigger iTrigger) : base(iTrigger, V1.TaskTriggerType.RunWeekly)
{
if (v1TriggerData.Data.weekly.DaysOfTheWeek == 0)
v1TriggerData.Data.weekly.DaysOfTheWeek = DaysOfTheWeek.Sunday;

19
winPEAS/winPEASexe/winPEAS/TaskScheduler/TriggerCollection.cs
View File

@ -10,7 +10,8 @@ using System.Text;
using System.Threading.Tasks;
using System.Xml.Serialization;
using winPEAS.TaskScheduler.TaskEditor.Native;
using winPEAS.TaskScheduler.V1Interop;
using winPEAS.TaskScheduler.V1;
using winPEAS.TaskScheduler.V2;
namespace winPEAS.TaskScheduler
{
@ -18,14 +19,14 @@ namespace winPEAS.TaskScheduler
public sealed class TriggerCollection : IList<Trigger>, IDisposable, IXmlSerializable, IList, INotifyCollectionChanged, INotifyPropertyChanged
{
private const string IndexerName = "Item[]";
private readonly V2Interop.ITriggerCollection v2Coll;
private readonly ITriggerCollection v2Coll;
private bool inV2set;
private V1Interop.ITask v1Task;
private V2Interop.ITaskDefinition v2Def;
private ITask v1Task;
private ITaskDefinition v2Def;
internal TriggerCollection([NotNull] V1Interop.ITask iTask) => v1Task = iTask;
internal TriggerCollection([NotNull] ITask iTask) => v1Task = iTask;
internal TriggerCollection([NotNull] V2Interop.ITaskDefinition iTaskDef)
internal TriggerCollection([NotNull] ITaskDefinition iTaskDef)
{
v2Def = iTaskDef;
v2Coll = v2Def.Triggers;
@ -337,7 +338,7 @@ namespace winPEAS.TaskScheduler
{
if (v1Task != null)
return new V1TriggerEnumerator(v1Task);
return new ComEnumerator<Trigger, V2Interop.ITrigger>(() => v2Coll.Count, i => v2Coll[i], o => Trigger.CreateTrigger(o, v2Def));
return new ComEnumerator<Trigger, ITrigger>(() => v2Coll.Count, i => v2Coll[i], o => Trigger.CreateTrigger(o, v2Def));
}
/// <summary>Determines the index of a specific item in the <see cref="IList{T}"/>.</summary>
@ -518,9 +519,9 @@ namespace winPEAS.TaskScheduler
private sealed class V1TriggerEnumerator : IEnumerator<Trigger>
{
private short curItem = -1;
private V1Interop.ITask iTask;
private ITask iTask;
internal V1TriggerEnumerator(V1Interop.ITask task) => iTask = task;
internal V1TriggerEnumerator(ITask task) => iTask = task;
public Trigger Current => Trigger.CreateTrigger(iTask.GetTrigger((ushort)curItem));

6
winPEAS/winPEASexe/winPEAS/TaskScheduler/V1/TaskSchedulerV1Interop.cs
View File

@ -1,12 +1,8 @@
using System;
using System.Collections.Generic;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading.Tasks;
using winPEAS.TaskScheduler.TaskEditor.Native;
namespace winPEAS.TaskScheduler.V1Interop
namespace winPEAS.TaskScheduler.V1
{
#pragma warning disable CS0618 // Type or member is obsolete

7
winPEAS/winPEASexe/winPEAS/TaskScheduler/V2/TaskSchedulerV2Interop.cs
View File

@ -1,16 +1,11 @@
using System;
using System.Collections;
using System.Collections.Generic;
using System.Linq;
using System.Reflection;
using System.Runtime.CompilerServices;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading.Tasks;
using winPEAS.TaskScheduler.TaskEditor.Native;
using winPEAS.TaskScheduler.V1Interop;
namespace winPEAS.TaskScheduler.V2Interop
namespace winPEAS.TaskScheduler.V2
{
internal enum TaskEnumFlags