├── CHANGELOG.md ├── DNS ├── Client │ ├── ClientRequest.cs │ ├── ClientResponse.cs │ ├── DnsClient.cs │ ├── RequestResolver │ │ ├── IRequestResolver.cs │ │ ├── NullRequestResolver.cs │ │ ├── TcpRequestResolver.cs │ │ └── UdpRequestResolver.cs │ └── ResponseException.cs ├── DNS.csproj ├── Properties │ └── AssemblyInfo.cs ├── Protocol │ ├── Domain.cs │ ├── Header.cs │ ├── IMessage.cs │ ├── IMessageEntry.cs │ ├── IRequest.cs │ ├── IResponse.cs │ ├── Marshalling │ │ ├── EndianAttribute.cs │ │ ├── Endianness.cs │ │ └── Struct.cs │ ├── OperationCode.cs │ ├── Question.cs │ ├── RecordClass.cs │ ├── RecordType.cs │ ├── Request.cs │ ├── ResourceRecords │ │ ├── BaseResourceRecord.cs │ │ ├── CanonicalNameResourceRecord.cs │ │ ├── IPAddressResourceRecord.cs │ │ ├── IResourceRecord.cs │ │ ├── MailExchangeResourceRecord.cs │ │ ├── NameServerResourceRecord.cs │ │ ├── PointerResourceRecord.cs │ │ ├── ResourceRecord.cs │ │ ├── ResourceRecordFactory.cs │ │ └── StartOfAuthorityResourceRecord.cs │ ├── Response.cs │ ├── ResponseCode.cs │ └── Utils │ │ ├── ByteExtensions.cs │ │ ├── ByteStream.cs │ │ └── ObjectStringifier.cs ├── README.md └── Server │ ├── DnsServer.cs │ └── MasterFile.cs ├── ETW ├── .gitattributes ├── .gitignore ├── 35MSSharedLib1024.snk ├── CHANGELOG.md ├── CONTRIBUTING.md ├── LICENSE ├── O365.Security.Native.ETW.Debug.nuspec ├── O365.Security.Native.ETW.nuspec ├── O365.Security.Native.ETW │ ├── .gitattributes │ ├── .gitignore │ ├── .nuget │ │ ├── NuGet.Config │ │ ├── NuGet.exe │ │ └── NuGet.targets │ ├── App.config │ ├── AssemblyInfo.cpp │ ├── ETWLib.cpp │ ├── Errors.hpp │ ├── EventRecord.hpp │ ├── EventRecordError.hpp │ ├── EventRecordMetadata.hpp │ ├── Filtering │ │ ├── AnsiString.hpp │ │ ├── CountedString.hpp │ │ ├── EventFilter.hpp │ │ ├── Fluent.hpp │ │ ├── Predicate.hpp │ │ └── UnicodeString.hpp │ ├── Guid.hpp │ ├── IEventRecord.hpp │ ├── IEventRecordMetadata.hpp │ ├── ITrace.hpp │ ├── Kernel │ │ └── KernelProviders.hpp │ ├── KernelProvider.hpp │ ├── KernelTrace.hpp │ ├── NativePtr.hpp │ ├── O365.Security.Native.ETW-Documentation.shfbproj │ ├── O365.Security.Native.ETW.vcxproj │ ├── O365.Security.Native.ETW.vcxproj.filters │ ├── Property.hpp │ ├── Provider.hpp │ ├── README.md │ ├── RawProvider.hpp │ ├── Testing │ │ ├── EventHeader.hpp │ │ ├── Proxy.hpp │ │ ├── RecordBuilder.hpp │ │ └── SynthRecord.hpp │ ├── TraceStats.hpp │ ├── UserTrace.hpp │ └── packages.config ├── README.md ├── build │ └── native │ │ └── krabsetw.targets ├── docs │ ├── EtwPrimer.md │ ├── KrabsExample.md │ ├── LobstersExample.md │ ├── O365.Security.Native.ETW.chm │ ├── UsingMessageAnalyzerToFindETWSources.md │ └── img │ │ └── message-analyzer │ │ ├── 1.PNG │ │ ├── 2.PNG │ │ ├── 3.PNG │ │ ├── 4.PNG │ │ ├── 5.PNG │ │ ├── 6.PNG │ │ └── 7.PNG ├── examples │ ├── ManagedExamples │ │ ├── App.config │ │ ├── FakingEvents001.cs │ │ ├── KernelTrace001.cs │ │ ├── ManagedExamples.csproj │ │ ├── Program.cs │ │ ├── UserTrace001.cs │ │ └── UserTrace002.cs │ └── NativeExamples │ │ ├── NativeExamples.vcxproj │ │ ├── NativeExamples.vcxproj.filters │ │ ├── examples.h │ │ ├── kernel_and_user_trace_001.cpp │ │ ├── kernel_trace_001.cpp │ │ ├── main.cpp │ │ ├── multiple_providers_001.cpp │ │ ├── packages.config │ │ ├── testing_001.cpp │ │ ├── user_trace_001.cpp │ │ ├── user_trace_002.cpp │ │ ├── user_trace_003_no_predicates.cpp │ │ └── user_trace_004.cpp ├── krabs │ ├── .nuget │ │ ├── NuGet.Config │ │ ├── NuGet.exe │ │ └── NuGet.targets │ ├── MTA.testsettings │ ├── Readme.txt │ ├── krabs.cpp │ ├── krabs.hpp │ ├── krabs.runsettings │ ├── krabs.sln │ └── krabs │ │ ├── client.hpp │ │ ├── collection_view.hpp │ │ ├── compiler_check.hpp │ │ ├── errors.hpp │ │ ├── filtering │ │ ├── comparers.hpp │ │ ├── event_filter.hpp │ │ ├── predicates.hpp │ │ └── view_adapters.hpp │ │ ├── guid.hpp │ │ ├── kernel_guids.hpp │ │ ├── kernel_providers.hpp │ │ ├── kt.hpp │ │ ├── lock.hpp │ │ ├── nightmare.hpp │ │ ├── parse_types.hpp │ │ ├── parser.hpp │ │ ├── property.hpp │ │ ├── provider.hpp │ │ ├── schema.hpp │ │ ├── schema_locator.hpp │ │ ├── size_provider.hpp │ │ ├── tdh_helpers.hpp │ │ ├── testing │ │ ├── event_filter_proxy.hpp │ │ ├── filler.hpp │ │ ├── proxy.hpp │ │ ├── record_builder.hpp │ │ ├── record_property_thunk.hpp │ │ └── synth_record.hpp │ │ ├── trace.hpp │ │ ├── ut.hpp │ │ └── version_helpers.hpp ├── krabsetw.nuspec └── tests │ ├── ManagedETWTests │ ├── EtwTestsCS.csproj │ ├── EtwTestsCS.runsettings │ ├── Events │ │ ├── ImageLoadEvent.cs │ │ ├── LogonEvent.cs │ │ ├── PowerShellEvent.cs │ │ └── WinINetEvent.cs │ ├── Filtering │ │ ├── describe_AnsiString.cs │ │ ├── describe_Fluent.cs │ │ ├── describe_Predicate.cs │ │ └── describe_UnicodeString.cs │ ├── Properties │ │ └── AssemblyInfo.cs │ ├── describe_Asserts.cs │ ├── describe_EventRecord.cs │ ├── describe_InvalidParsing.cs │ ├── describe_OnError.cs │ └── describe_Proxy.cs │ └── krabstests │ ├── krabstests.vcxproj │ ├── krabstests.vcxproj.filters │ ├── packages.config │ ├── test_collection_view.cpp │ ├── test_event_callbacks.cpp │ ├── test_filter.cpp │ ├── test_kernel_providers.cpp │ ├── test_parse_types.cpp │ ├── test_parser.cpp │ ├── test_record_builder.cpp │ ├── test_record_property_thunk.cpp │ ├── test_symbol_clash.cpp │ ├── test_synth_record.cpp │ └── test_user_providers.cpp ├── FirewallCore ├── FirewallCore.vcxproj └── FirewallCore.vcxproj.filters ├── ICSharpCode.TreeView ├── Converters.cs ├── EditTextBox.cs ├── ExtensionMethods.cs ├── FlatListTreeNode.cs ├── GeneralAdorner.cs ├── ICSharpCode.TreeView.csproj ├── InsertMarker.cs ├── LinesRenderer.cs ├── Properties │ ├── AssemblyInfo.cs │ └── GlobalAssemblyInfo.cs ├── SharpGridView.cs ├── SharpTreeNode.cs ├── SharpTreeNodeCollection.cs ├── SharpTreeNodeView.cs ├── SharpTreeView.cs ├── SharpTreeViewItem.cs ├── Themes │ └── Generic.xaml ├── TreeFlattener.cs └── TreeTraversal.cs ├── LICENSE ├── LocalPolicy ├── ActiveDirectoryGroupPolicyObject.cs ├── AssemblyInfoHelper.cs ├── ComputerGroupPolicyObject.cs ├── GroupPolicyException.cs ├── GroupPolicyObject.cs ├── GroupPolicyObjectOptions.cs ├── GroupPolicyObjectSettings.cs ├── GroupPolicySection.cs ├── IGroupPolicy.cs ├── LocalPolicy - README.md ├── LocalPolicy - license.txt ├── LocalPolicy.csproj ├── Properties │ └── AssemblyInfo.cs └── RequiresSingleThreadedApartmentException.cs ├── MiscHelpers ├── API │ ├── AppManager.cs │ ├── AuditPolicy.cs │ ├── DnsApi.cs │ ├── DnsConfigurator.cs │ ├── FileOps.cs │ ├── IPHelper.cs │ ├── MiscStats.cs │ ├── NetFunc.cs │ ├── NtUtilities.cs │ ├── ProcFunc.cs │ ├── RegistryMonitor.cs │ ├── ServiceHelper.cs │ ├── TokenManipulator.cs │ ├── UwpFunc.cs │ └── WinVer.cs ├── Common │ ├── AppLog.cs │ ├── ClonableDictionary.cs │ ├── ClonableList.cs │ ├── DataGridExt.cs │ ├── HttpTask.cs │ ├── IconExtractor.cs │ ├── ImgFunc.cs │ ├── MiscFunc.cs │ ├── MultiValueDictionary.cs │ ├── TextHelpers.cs │ ├── WinConsole.cs │ └── WpfFunc.cs ├── MiscHelpers.csproj └── Properties │ └── AssemblyInfo.cs ├── PRIVACY_POLICY.md ├── PrivateAPI ├── Core │ ├── FirewallRuleEx.cs │ ├── ProgramConfig.cs │ └── ProgramID.cs ├── IPC │ ├── PipeClient.cs │ ├── PipeHost.cs │ ├── PipeIPC.cs │ ├── Priv10Conv.cs │ └── Priv10Logger.cs ├── PrivateAPI.csproj └── Properties │ └── AssemblyInfo.cs ├── PrivateService ├── API │ ├── EtwLogger.cs │ └── ProcessUtilities.cs ├── App.config ├── Common │ └── AdminFunc.cs ├── Core │ ├── DnsInspector.cs │ ├── DnsInspector │ │ ├── DnsCacheMonitor.cs │ │ ├── DnsQueryWatcher.cs │ │ └── HostNameResolver.cs │ ├── DnsProxy │ │ ├── DnsBlockList.cs │ │ └── DnsProxyServer.cs │ ├── FirewallManager.cs │ ├── NetworkMonitor.cs │ ├── NetworkSocket.cs │ ├── Priv10Engine.cs │ ├── Priv10Service.cs │ ├── ProcessMonitor.cs │ ├── Program.cs │ ├── ProgramList.cs │ └── ProgramSet.cs ├── IPC │ └── Priv10Host.cs ├── PrivateService.csproj ├── Properties │ └── AssemblyInfo.cs └── Service.cs ├── PrivateSetup ├── App.config ├── App.xaml ├── App.xaml.cs ├── Common │ ├── MiscFunc.cs │ └── WinConsole.cs ├── Packer.cs ├── PrivateSetup.csproj ├── Properties │ ├── AssemblyInfo.cs │ ├── Resources.Designer.cs │ ├── Resources.resx │ ├── Settings.Designer.cs │ └── Settings.settings ├── Resources │ ├── LICENSE.TXT │ └── icon.ico ├── SetupData.cs ├── SetupWindow.xaml ├── SetupWindow.xaml.cs ├── SetupWorker.cs ├── icon.ico └── packages.config ├── PrivateWin10.sln ├── PrivateWin10 ├── App.config ├── App.xaml ├── App.xaml.cs ├── Common │ ├── AdminFunc.cs │ └── MyLicense.cs ├── Controls │ ├── AddressControl.xaml │ ├── AddressControl.xaml.cs │ ├── ControlList.cs │ ├── Converters.cs │ ├── Dns │ │ ├── DnsBlockListsControl.xaml │ │ ├── DnsBlockListsControl.xaml.cs │ │ ├── DnsFilterListControl.xaml │ │ ├── DnsFilterListControl.xaml.cs │ │ ├── DnsLogList.xaml │ │ ├── DnsLogList.xaml.cs │ │ ├── DnsQueryLogControl.xaml │ │ └── DnsQueryLogControl.xaml.cs │ ├── FirewallLogList.xaml │ ├── FirewallLogList.xaml.cs │ ├── FirewallRuleList.xaml │ ├── FirewallRuleList.xaml.cs │ ├── GridViewRowPresenterWithGridLines.cs │ ├── MouseDownHelper.cs │ ├── NetworkSocketList.xaml │ ├── NetworkSocketList.xaml.cs │ ├── Notify │ │ ├── ConnectionNotify.xaml │ │ ├── ConnectionNotify.xaml.cs │ │ ├── RuleNotify.xaml │ │ ├── RuleNotify.xaml.cs │ │ ├── TweakNotify.xaml │ │ └── TweakNotify.xaml.cs │ ├── Presets │ │ ├── PresetControl.xaml │ │ ├── PresetControl.xaml.cs │ │ ├── PresetCustom.xaml │ │ ├── PresetCustom.xaml.cs │ │ ├── PresetFirewall.xaml │ │ ├── PresetFirewall.xaml.cs │ │ ├── PresetItemControl.xaml │ │ ├── PresetItemControl.xaml.cs │ │ ├── PresetTweaks.xaml │ │ ├── PresetTweaks.xaml.cs │ │ ├── RuleItemControl.xaml │ │ ├── RuleItemControl.xaml.cs │ │ ├── TweakItemControl.xaml │ │ └── TweakItemControl.xaml.cs │ ├── ProgramControl.xaml │ ├── ProgramControl.xaml.cs │ ├── ProgramListControl.xaml │ ├── ProgramListControl.xaml.cs │ ├── ProgramTreeControl.xaml │ ├── ProgramTreeControl.xaml.cs │ ├── ProgramTreeControl │ │ ├── AbstractTreeItem.cs │ │ ├── ManualTreeSorter.cs │ │ ├── ProgSetTreeItem.cs │ │ ├── ProgTreeRoot.cs │ │ └── ProgramTreeItem.cs │ ├── SearchTextBox.cs │ ├── SplitButton.xaml │ ├── SplitButton.xaml.cs │ └── Tweaks │ │ ├── TweakControl.xaml │ │ ├── TweakControl.xaml.cs │ │ ├── TweakGroup.xaml │ │ └── TweakGroup.xaml.cs ├── Core │ ├── Presets │ │ ├── ControlPreset.cs │ │ ├── CustomPreset.cs │ │ ├── FirewallPreset.cs │ │ ├── PresetGroup.cs │ │ ├── PresetItem.cs │ │ ├── PresetManager.cs │ │ └── TweakPreset.cs │ ├── Priv10Service.cs │ └── TweakManager.cs ├── IPC │ ├── MiscObjects.cs │ ├── NetworkSocket.cs │ ├── Priv10Client.cs │ ├── Program.cs │ └── ProgramSet.cs ├── LicenseVerify.cer ├── MainWindow.xaml ├── MainWindow.xaml.cs ├── Models │ ├── AppModel.cs │ ├── CategoryModel.cs │ ├── GroupModel.cs │ └── ServiceModel.cs ├── Pages │ ├── AboutPage.xaml │ ├── AboutPage.xaml.cs │ ├── ControlPage.xaml │ ├── ControlPage.xaml.cs │ ├── DnsPage.xaml │ ├── DnsPage.xaml.cs │ ├── FirewallPage.xaml │ ├── FirewallPage.xaml.cs │ ├── IUserPage.cs │ ├── OverviewPage.xaml │ ├── OverviewPage.xaml.cs │ ├── PrivacyPage.xaml │ ├── PrivacyPage.xaml.cs │ ├── SettingsPage.xaml │ └── SettingsPage.xaml.cs ├── PrivateWin10.csproj ├── PrivateWin10.csproj.user ├── Properties │ ├── AssemblyInfo.cs │ ├── Resources.Designer.cs │ ├── Resources.resx │ ├── Settings.Designer.cs │ └── Settings.settings ├── Resources │ ├── ResourceDictionary.xaml │ ├── clear.png │ ├── full_height.png │ ├── full_screen.png │ ├── full_width.png │ ├── icon.ico │ ├── icons8-approval-16.png │ ├── icons8-baumstruktur-16-not.png │ ├── icons8-baumstruktur-16.png │ ├── icons8-broadcast-16-not.png │ ├── icons8-broadcast-16.png │ ├── icons8-checkbox-markiert-2-16.png │ ├── icons8-checkmark-16.png │ ├── icons8-cleanup-16.png │ ├── icons8-collapse-arrow-26.png │ ├── icons8-computer-16-not.png │ ├── icons8-computer-16.png │ ├── icons8-copy-16.png │ ├── icons8-data-merge-16.png │ ├── icons8-data-split-16.png │ ├── icons8-deny-16.png │ ├── icons8-edit-file-16.png │ ├── icons8-edit-file-32.png │ ├── icons8-expand-arrow-26.png │ ├── icons8-filter-16.png │ ├── icons8-filter-32.png │ ├── icons8-filter-löschen-32.png │ ├── icons8-firewall-16.png │ ├── icons8-geographie-16-not.png │ ├── icons8-geographie-16.png │ ├── icons8-hazard-warning-flasher-16.png │ ├── icons8-in-16.png │ ├── icons8-löschen-16.png │ ├── icons8-major.png │ ├── icons8-major_ex_red.png │ ├── icons8-minus-16.png │ ├── icons8-minus-mathe-16.png │ ├── icons8-ordner-öffnen-16.png │ ├── icons8-out-16.png │ ├── icons8-plus-16.png │ ├── icons8-plus-48.png │ ├── icons8-plus-mathe-16.png │ ├── icons8-radiergummi-16.png │ ├── icons8-redo-16.png │ ├── icons8-refresh-16.png │ ├── icons8-remove-16.png │ ├── icons8-road-closure-16.png │ ├── icons8-sortier-optionen-16.png │ ├── icons8-stift-16.png │ ├── icons8-stoppschild-16.png │ ├── icons8-suche-16.png │ ├── icons8-tabelle-16.png │ ├── icons8-tick-box-16.png │ ├── icons8-unchecked-checkbox-16-not.png │ ├── icons8-unchecked-checkbox-16.png │ ├── icons8-undefined-16.png │ ├── icons8-undo-16.png │ ├── icons8-xlarge-symbole-16.png │ ├── normal_view.png │ ├── search.png │ └── tree_view.png ├── Translate.cs ├── TrayIcon.cs ├── Windows │ ├── InputWnd.xaml │ ├── InputWnd.xaml.cs │ ├── NotificationWnd.xaml │ ├── NotificationWnd.xaml.cs │ ├── ProgramWnd.xaml │ ├── ProgramWnd.xaml.cs │ ├── RuleWindow.xaml │ ├── RuleWindow.xaml.cs │ ├── SetupWnd.xaml │ └── SetupWnd.xaml.cs └── app.manifest ├── QLicense ├── Core │ ├── ActivationControls4Win │ │ ├── ActivationControls4Win.csproj │ │ ├── ActivationControls4Win.snk │ │ ├── LicenseActivateControl.Designer.cs │ │ ├── LicenseActivateControl.cs │ │ ├── LicenseActivateControl.resx │ │ ├── LicenseActivateControl.zh-Hans.resx │ │ ├── LicenseGeneratedEventArgs.cs │ │ ├── LicenseInfoControl.Designer.cs │ │ ├── LicenseInfoControl.cs │ │ ├── LicenseInfoControl.resx │ │ ├── LicenseInfoControl.zh-Hans.resx │ │ ├── LicenseSettingsControl.Designer.cs │ │ ├── LicenseSettingsControl.cs │ │ ├── LicenseSettingsControl.resx │ │ ├── LicenseSettingsControl.zh-Hans.resx │ │ ├── LicenseSettingsValidatingEventArgs.cs │ │ ├── LicenseStringContainer.Designer.cs │ │ ├── LicenseStringContainer.cs │ │ ├── LicenseStringContainer.resx │ │ ├── LicenseStringContainer.zh-Hans.resx │ │ └── Properties │ │ │ └── AssemblyInfo.cs │ └── QLicense │ │ ├── BASE36.cs │ │ ├── HardwareInfo.cs │ │ ├── LicenseEntity.cs │ │ ├── LicenseHandler.cs │ │ ├── LicenseStatus.cs │ │ ├── LicenseTypes.cs │ │ ├── Properties │ │ └── AssemblyInfo.cs │ │ ├── QLicense.csproj │ │ └── QLicense.snk └── QLicense - LICENSE.txt ├── README.md ├── TweakEngine ├── Properties │ └── AssemblyInfo.cs ├── TweakEngine.csproj ├── TweakList.cs ├── TweakPresets.cs └── TweakTools.cs └── WinFirewallAPI ├── API └── WindowsFirewall.cs ├── FirewallGuard.cs ├── FirewallInterface.cs ├── FirewallMonitor.cs ├── FirewallRule.cs ├── Properties └── AssemblyInfo.cs └── WinFirewallAPI.csproj /DNS/Client/RequestResolver/IRequestResolver.cs: -------------------------------------------------------------------------------- 1 | namespace DNS.Client.RequestResolver { 2 | public interface IRequestResolver { 3 | ClientResponse Request(ClientRequest request); 4 | } 5 | } 6 | -------------------------------------------------------------------------------- /DNS/Client/RequestResolver/NullRequestResolver.cs: -------------------------------------------------------------------------------- 1 | namespace DNS.Client.RequestResolver { 2 | public class NullRequestResolver : IRequestResolver { 3 | public ClientResponse Request(ClientRequest request) { 4 | throw new ResponseException("Request failed"); 5 | } 6 | } 7 | } 8 | -------------------------------------------------------------------------------- /DNS/Client/RequestResolver/TcpRequestResolver.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.IO; 3 | using System.Net.Sockets; 4 | using DNS.Protocol; 5 | 6 | namespace DNS.Client.RequestResolver { 7 | public class TcpRequestResolver : IRequestResolver { 8 | public ClientResponse Request(ClientRequest request) { 9 | TcpClient tcp = new TcpClient(); 10 | 11 | try { 12 | tcp.Connect(request.Dns); 13 | 14 | Stream stream = tcp.GetStream(); 15 | byte[] buffer = request.ToArray(); 16 | byte[] length = BitConverter.GetBytes((ushort) buffer.Length); 17 | 18 | if (BitConverter.IsLittleEndian) { 19 | Array.Reverse(length); 20 | } 21 | 22 | stream.Write(length, 0, length.Length); 23 | stream.Write(buffer, 0, buffer.Length); 24 | 25 | buffer = new byte[2]; 26 | Read(stream, buffer); 27 | 28 | if (BitConverter.IsLittleEndian) { 29 | Array.Reverse(buffer); 30 | } 31 | 32 | buffer = new byte[BitConverter.ToUInt16(buffer, 0)]; 33 | Read(stream, buffer); 34 | 35 | Response response = Response.FromArray(buffer); 36 | 37 | return new ClientResponse(request, response, buffer); 38 | } finally { 39 | tcp.Close(); 40 | } 41 | } 42 | 43 | private static void Read(Stream stream, byte[] buffer) { 44 | int length = buffer.Length; 45 | int offset = 0; 46 | int size = 0; 47 | 48 | while (length > 0 && (size = stream.Read(buffer, offset, length)) > 0) { 49 | offset += size; 50 | length -= size; 51 | } 52 | 53 | if (length > 0) { 54 | throw new IOException("Unexpected end of stream"); 55 | } 56 | } 57 | } 58 | } 59 | -------------------------------------------------------------------------------- /DNS/Client/RequestResolver/UdpRequestResolver.cs: -------------------------------------------------------------------------------- 1 | using System.Net; 2 | using System.Net.Sockets; 3 | using DNS.Protocol; 4 | 5 | namespace DNS.Client.RequestResolver { 6 | public class UdpRequestResolver : IRequestResolver { 7 | private IRequestResolver fallback; 8 | 9 | public UdpRequestResolver(IRequestResolver fallback) { 10 | this.fallback = fallback; 11 | } 12 | 13 | public UdpRequestResolver() { 14 | this.fallback = new NullRequestResolver(); 15 | } 16 | 17 | public ClientResponse Request(ClientRequest request) { 18 | UdpClient udp = new UdpClient(); 19 | IPEndPoint dns = request.Dns; 20 | 21 | try { 22 | udp.Client.SendTimeout = 5000; 23 | udp.Client.ReceiveTimeout = 5000; 24 | 25 | udp.Connect(dns); 26 | udp.Send(request.ToArray(), request.Size); 27 | 28 | byte[] buffer = udp.Receive(ref dns); 29 | Response response = Response.FromArray(buffer); //null; 30 | 31 | if (response.Truncated) { 32 | return fallback.Request(request); 33 | } 34 | 35 | return new ClientResponse(request, response, buffer); 36 | } finally { 37 | udp.Close(); 38 | } 39 | } 40 | } 41 | } 42 | -------------------------------------------------------------------------------- /DNS/Client/ResponseException.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using DNS.Protocol; 3 | 4 | namespace DNS.Client { 5 | public class ResponseException : Exception { 6 | private static string Format(IResponse response) { 7 | return string.Format("Invalid response received with code {0}", response.ResponseCode); 8 | } 9 | 10 | public ResponseException() { } 11 | public ResponseException(string message) : base(message) { } 12 | public ResponseException(string message, Exception e) : base(message, e) { } 13 | 14 | public ResponseException(IResponse response) : this(response, Format(response)) { } 15 | 16 | public ResponseException(IResponse response, Exception e) 17 | : base(Format(response), e) { 18 | Response = response; 19 | } 20 | 21 | public ResponseException(IResponse response, string message) 22 | : base(message) { 23 | Response = response; 24 | } 25 | 26 | public IResponse Response { 27 | get; 28 | private set; 29 | } 30 | } 31 | } 32 | -------------------------------------------------------------------------------- /DNS/Properties/AssemblyInfo.cs: -------------------------------------------------------------------------------- 1 | using System.Reflection; 2 | using System.Runtime.CompilerServices; 3 | using System.Runtime.InteropServices; 4 | 5 | // General Information about an assembly is controlled through the following 6 | // set of attributes. Change these attribute values to modify the information 7 | // associated with an assembly. 8 | [assembly: AssemblyTitle("DNS")] 9 | [assembly: AssemblyDescription("Library for parsing and serializing DNS messages. Includes a basic DNS client and server.")] 10 | [assembly: AssemblyConfiguration("")] 11 | [assembly: AssemblyCompany("Mirza Kapetanovic")] 12 | [assembly: AssemblyProduct("DNS")] 13 | [assembly: AssemblyCopyright("Copyright © 2013")] 14 | [assembly: AssemblyTrademark("")] 15 | [assembly: AssemblyCulture("")] 16 | 17 | // Setting ComVisible to false makes the types in this assembly not visible 18 | // to COM components. If you need to access a type in this assembly from 19 | // COM, set the ComVisible attribute to true on that type. 20 | [assembly: ComVisible(false)] 21 | 22 | // The following GUID is for the ID of the typelib if this project is exposed to COM 23 | [assembly: Guid("1c434eee-b74c-4ff5-b779-ed83f12b646d")] 24 | 25 | // Version information for an assembly consists of the following four values: 26 | // 27 | // Major Version 28 | // Minor Version 29 | // Build Number 30 | // Revision 31 | // 32 | // You can specify all the values or you can default the Build and Revision Numbers 33 | // by using the '*' as shown below: 34 | // [assembly: AssemblyVersion("1.0.*")] 35 | [assembly: AssemblyVersion("1.0.0.0")] 36 | [assembly: AssemblyFileVersion("1.0.0.0")] 37 | -------------------------------------------------------------------------------- /DNS/Protocol/IMessage.cs: -------------------------------------------------------------------------------- 1 | using System.Collections.Generic; 2 | 3 | namespace DNS.Protocol { 4 | public interface IMessage { 5 | IList Questions { get; } 6 | 7 | int Size { get; } 8 | byte[] ToArray(); 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /DNS/Protocol/IMessageEntry.cs: -------------------------------------------------------------------------------- 1 | namespace DNS.Protocol { 2 | public interface IMessageEntry { 3 | Domain Name { get; } 4 | RecordType Type { get; } 5 | RecordClass Class { get; } 6 | 7 | int Size { get; } 8 | byte[] ToArray(); 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /DNS/Protocol/IRequest.cs: -------------------------------------------------------------------------------- 1 | namespace DNS.Protocol { 2 | public interface IRequest : IMessage { 3 | int Id { get; set; } 4 | OperationCode OperationCode { get; set; } 5 | bool RecursionDesired { get; set; } 6 | } 7 | } 8 | -------------------------------------------------------------------------------- /DNS/Protocol/IResponse.cs: -------------------------------------------------------------------------------- 1 | using System.Collections.Generic; 2 | using DNS.Protocol.ResourceRecords; 3 | 4 | namespace DNS.Protocol { 5 | public interface IResponse : IMessage { 6 | int Id { get; set; } 7 | IList AnswerRecords { get; } 8 | IList AuthorityRecords { get; } 9 | IList AdditionalRecords { get; } 10 | bool RecursionAvailable { get; set; } 11 | bool AuthorativeServer { get; set; } 12 | bool Truncated { get; set; } 13 | OperationCode OperationCode { get; set; } 14 | ResponseCode ResponseCode { get; set; } 15 | } 16 | } 17 | -------------------------------------------------------------------------------- /DNS/Protocol/Marshalling/EndianAttribute.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | 3 | namespace DNS.Protocol.Marshalling { 4 | [AttributeUsage(AttributeTargets.Field | AttributeTargets.Struct)] 5 | public class EndianAttribute : Attribute { 6 | public EndianAttribute(Endianness endianness) { 7 | this.Endianness = endianness; 8 | } 9 | 10 | public Endianness Endianness { 11 | get; 12 | private set; 13 | } 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /DNS/Protocol/Marshalling/Endianness.cs: -------------------------------------------------------------------------------- 1 | namespace DNS.Protocol.Marshalling { 2 | public enum Endianness { 3 | Big, 4 | Little, 5 | } 6 | } 7 | -------------------------------------------------------------------------------- /DNS/Protocol/Marshalling/Struct.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Runtime.InteropServices; 3 | using System.Reflection; 4 | 5 | namespace DNS.Protocol.Marshalling { 6 | public static class Struct { 7 | private static byte[] ConvertEndian(Type type, byte[] data) { 8 | var fields = type.GetFields(BindingFlags.Public | BindingFlags.NonPublic | BindingFlags.Instance); 9 | EndianAttribute endian = null; 10 | 11 | if (type.IsDefined(typeof(EndianAttribute), false)) { 12 | endian = (EndianAttribute) type.GetCustomAttributes(typeof(EndianAttribute), false)[0]; 13 | } 14 | 15 | foreach (FieldInfo field in fields) { 16 | if (endian == null && !field.IsDefined(typeof(EndianAttribute), false)) { 17 | continue; 18 | } 19 | 20 | int offset = Marshal.OffsetOf(type, field.Name).ToInt32(); 21 | int length = Marshal.SizeOf(field.FieldType); 22 | endian = endian ?? (EndianAttribute) field.GetCustomAttributes(typeof(EndianAttribute), false)[0]; 23 | 24 | if (endian.Endianness == Endianness.Big && BitConverter.IsLittleEndian || 25 | endian.Endianness == Endianness.Little && !BitConverter.IsLittleEndian) { 26 | Array.Reverse(data, offset, length); 27 | } 28 | } 29 | 30 | return data; 31 | } 32 | 33 | public static T GetStruct(byte[] data) where T : struct { 34 | return GetStruct(data, 0, data.Length); 35 | } 36 | 37 | public static T GetStruct(byte[] data, int offset, int length) where T : struct { 38 | byte[] buffer = new byte[length]; 39 | Array.Copy(data, offset, buffer, 0, buffer.Length); 40 | 41 | GCHandle handle = GCHandle.Alloc(ConvertEndian(typeof(T), buffer), GCHandleType.Pinned); 42 | 43 | try { 44 | return (T) Marshal.PtrToStructure(handle.AddrOfPinnedObject(), typeof(T)); 45 | } finally { 46 | handle.Free(); 47 | } 48 | } 49 | 50 | public static byte[] GetBytes(T obj) where T : struct { 51 | byte[] data = new byte[Marshal.SizeOf(obj)]; 52 | GCHandle handle = GCHandle.Alloc(data, GCHandleType.Pinned); 53 | 54 | try { 55 | Marshal.StructureToPtr(obj, handle.AddrOfPinnedObject(), false); 56 | return ConvertEndian(typeof(T), data); 57 | } finally { 58 | handle.Free(); 59 | } 60 | } 61 | } 62 | } 63 | -------------------------------------------------------------------------------- /DNS/Protocol/OperationCode.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.Linq; 4 | using System.Text; 5 | 6 | namespace DNS.Protocol { 7 | public enum OperationCode { 8 | Query = 0, 9 | IQuery, 10 | Status, 11 | // Reserved = 3 12 | Notify = 4, 13 | Update, 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /DNS/Protocol/RecordClass.cs: -------------------------------------------------------------------------------- 1 | namespace DNS.Protocol { 2 | public enum RecordClass { 3 | IN = 1, 4 | ANY = 255, 5 | } 6 | } 7 | -------------------------------------------------------------------------------- /DNS/Protocol/RecordType.cs: -------------------------------------------------------------------------------- 1 | namespace DNS.Protocol { 2 | public enum RecordType { 3 | A = 1, 4 | NS = 2, 5 | CNAME = 5, 6 | SOA = 6, 7 | WKS = 11, 8 | PTR = 12, 9 | MX = 15, 10 | TXT = 16, 11 | AAAA = 28, 12 | SRV = 33, 13 | ANY = 255, 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /DNS/Protocol/ResourceRecords/BaseResourceRecord.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using DNS.Protocol.Utils; 3 | 4 | namespace DNS.Protocol.ResourceRecords { 5 | public abstract class BaseResourceRecord : IResourceRecord { 6 | private IResourceRecord record; 7 | 8 | public BaseResourceRecord(IResourceRecord record) { 9 | this.record = record; 10 | } 11 | 12 | public Domain Name { 13 | get { return record.Name; } 14 | } 15 | 16 | public RecordType Type { 17 | get { return record.Type; } 18 | } 19 | 20 | public RecordClass Class { 21 | get { return record.Class; } 22 | } 23 | 24 | public TimeSpan TimeToLive { 25 | get { return record.TimeToLive; } 26 | } 27 | 28 | public int DataLength { 29 | get { return record.DataLength; } 30 | } 31 | 32 | public byte[] Data { 33 | get { return record.Data; } 34 | } 35 | 36 | public int Size { 37 | get { return record.Size; } 38 | } 39 | 40 | public byte[] ToArray() { 41 | return record.ToArray(); 42 | } 43 | 44 | internal ObjectStringifier Stringify() { 45 | return ObjectStringifier.New(this) 46 | .Add("Name", "Type", "Class", "TimeToLive", "DataLength"); 47 | } 48 | } 49 | } 50 | -------------------------------------------------------------------------------- /DNS/Protocol/ResourceRecords/CanonicalNameResourceRecord.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | 3 | namespace DNS.Protocol.ResourceRecords { 4 | public class CanonicalNameResourceRecord : BaseResourceRecord { 5 | public CanonicalNameResourceRecord(IResourceRecord record, byte[] message, int dataOffset) 6 | : base(record) { 7 | CanonicalDomainName = Domain.FromArray(message, dataOffset); 8 | } 9 | 10 | public CanonicalNameResourceRecord(Domain domain, Domain cname, TimeSpan ttl = default(TimeSpan)) : 11 | base(new ResourceRecord(domain, cname.ToArray(), RecordType.CNAME, RecordClass.IN, ttl)) { 12 | CanonicalDomainName = cname; 13 | } 14 | 15 | public Domain CanonicalDomainName { 16 | get; 17 | private set; 18 | } 19 | 20 | public override string ToString() { 21 | return Stringify().Add("CanonicalDomainName").ToString(); 22 | } 23 | } 24 | } 25 | -------------------------------------------------------------------------------- /DNS/Protocol/ResourceRecords/IPAddressResourceRecord.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Net; 3 | 4 | namespace DNS.Protocol.ResourceRecords { 5 | public class IPAddressResourceRecord : BaseResourceRecord { 6 | private static IResourceRecord Create(Domain domain, IPAddress ip, TimeSpan ttl) { 7 | byte[] data = ip.GetAddressBytes(); 8 | RecordType type = data.Length == 4 ? RecordType.A : RecordType.AAAA; 9 | 10 | return new ResourceRecord(domain, data, type, RecordClass.IN, ttl); 11 | } 12 | 13 | public IPAddressResourceRecord(IResourceRecord record) 14 | : base(record) { 15 | IPAddress = new IPAddress(Data); 16 | } 17 | 18 | public IPAddressResourceRecord(Domain domain, IPAddress ip, TimeSpan ttl = default(TimeSpan)) : 19 | base(Create(domain, ip, ttl)) { 20 | IPAddress = ip; 21 | } 22 | 23 | public IPAddress IPAddress { 24 | get; 25 | private set; 26 | } 27 | 28 | public override string ToString() { 29 | return Stringify().Add("IPAddress").ToString(); 30 | } 31 | } 32 | } 33 | -------------------------------------------------------------------------------- /DNS/Protocol/ResourceRecords/IResourceRecord.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | 3 | namespace DNS.Protocol.ResourceRecords { 4 | public interface IResourceRecord : IMessageEntry { 5 | TimeSpan TimeToLive { get; } 6 | int DataLength { get; } 7 | byte[] Data { get; } 8 | } 9 | } 10 | -------------------------------------------------------------------------------- /DNS/Protocol/ResourceRecords/MailExchangeResourceRecord.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | 3 | namespace DNS.Protocol.ResourceRecords { 4 | public class MailExchangeResourceRecord : BaseResourceRecord { 5 | private const int PREFERENCE_SIZE = 2; 6 | 7 | private static IResourceRecord Create(Domain domain, int preference, Domain exchange, TimeSpan ttl) { 8 | byte[] pref = BitConverter.GetBytes((ushort) preference); 9 | byte[] data = new byte[pref.Length + exchange.Size]; 10 | 11 | if (BitConverter.IsLittleEndian) { 12 | Array.Reverse(pref); 13 | } 14 | 15 | pref.CopyTo(data, 0); 16 | exchange.ToArray().CopyTo(data, pref.Length); 17 | 18 | return new ResourceRecord(domain, data, RecordType.MX, RecordClass.IN, ttl); 19 | } 20 | 21 | public MailExchangeResourceRecord(IResourceRecord record, byte[] message, int dataOffset) 22 | : base(record) { 23 | byte[] preference = new byte[MailExchangeResourceRecord.PREFERENCE_SIZE]; 24 | Array.Copy(message, dataOffset, preference, 0, preference.Length); 25 | 26 | if (BitConverter.IsLittleEndian) { 27 | Array.Reverse(preference); 28 | } 29 | 30 | dataOffset += MailExchangeResourceRecord.PREFERENCE_SIZE; 31 | 32 | Preference = BitConverter.ToUInt16(preference, 0); 33 | ExchangeDomainName = Domain.FromArray(message, dataOffset); 34 | } 35 | 36 | public MailExchangeResourceRecord(Domain domain, int preference, Domain exchange, TimeSpan ttl = default(TimeSpan)) : 37 | base(Create(domain, preference, exchange, ttl)) { 38 | Preference = preference; 39 | ExchangeDomainName = exchange; 40 | } 41 | 42 | public int Preference { 43 | get; 44 | private set; 45 | } 46 | 47 | public Domain ExchangeDomainName { 48 | get; 49 | private set; 50 | } 51 | 52 | public override string ToString() { 53 | return Stringify().Add("Preference", "ExchangeDomainName").ToString(); 54 | } 55 | } 56 | } 57 | -------------------------------------------------------------------------------- /DNS/Protocol/ResourceRecords/NameServerResourceRecord.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | 3 | namespace DNS.Protocol.ResourceRecords { 4 | public class NameServerResourceRecord : BaseResourceRecord { 5 | public NameServerResourceRecord(IResourceRecord record, byte[] message, int dataOffset) 6 | : base(record) { 7 | NSDomainName = Domain.FromArray(message, dataOffset); 8 | } 9 | 10 | public NameServerResourceRecord(Domain domain, Domain nsDomain, TimeSpan ttl = default(TimeSpan)) : 11 | base(new ResourceRecord(domain, nsDomain.ToArray(), RecordType.NS, RecordClass.IN, ttl)) { 12 | NSDomainName = nsDomain; 13 | } 14 | 15 | public Domain NSDomainName { 16 | get; 17 | private set; 18 | } 19 | 20 | public override string ToString() { 21 | return Stringify().Add("NSDomainName").ToString(); 22 | } 23 | } 24 | } 25 | -------------------------------------------------------------------------------- /DNS/Protocol/ResourceRecords/PointerResourceRecord.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | 3 | namespace DNS.Protocol.ResourceRecords { 4 | public class PointerResourceRecord : BaseResourceRecord { 5 | public PointerResourceRecord(IResourceRecord record, byte[] message, int dataOffset) 6 | : base(record) { 7 | PointerDomainName = Domain.FromArray(message, dataOffset); 8 | } 9 | 10 | public PointerResourceRecord(Domain domain, Domain pointer, TimeSpan ttl = default(TimeSpan)) : 11 | base(new ResourceRecord(domain, pointer.ToArray(), RecordType.PTR, RecordClass.IN, ttl)) { 12 | PointerDomainName = pointer; 13 | } 14 | 15 | public Domain PointerDomainName { 16 | get; 17 | private set; 18 | } 19 | 20 | public override string ToString() { 21 | return Stringify().Add("PointerDomainName").ToString(); 22 | } 23 | } 24 | } 25 | -------------------------------------------------------------------------------- /DNS/Protocol/ResourceRecords/ResourceRecordFactory.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | 4 | namespace DNS.Protocol.ResourceRecords { 5 | public static class ResourceRecordFactory { 6 | public static IList GetAllFromArray(byte[] message, int offset, int count) { 7 | return GetAllFromArray(message, offset, count, out offset); 8 | } 9 | 10 | public static IList GetAllFromArray(byte[] message, int offset, int count, out int endOffset) { 11 | IList result = new List(count); 12 | 13 | for (int i = 0; i < count; i++) { 14 | result.Add(FromArray(message, offset, out offset)); 15 | } 16 | 17 | endOffset = offset; 18 | return result; 19 | } 20 | 21 | public static IResourceRecord FromArray(byte[] message, int offset) { 22 | return FromArray(message, offset, out offset); 23 | } 24 | 25 | public static IResourceRecord FromArray(byte[] message, int offset, out int endOffest) { 26 | ResourceRecord record = ResourceRecord.FromArray(message, offset, out endOffest); 27 | int dataOffset = endOffest - record.DataLength; 28 | 29 | switch (record.Type) { 30 | case RecordType.A: 31 | case RecordType.AAAA: 32 | return new IPAddressResourceRecord(record); 33 | case RecordType.NS: 34 | return new NameServerResourceRecord(record, message, dataOffset); 35 | case RecordType.CNAME: 36 | return new CanonicalNameResourceRecord(record, message, dataOffset); 37 | case RecordType.SOA: 38 | return new StartOfAuthorityResourceRecord(record, message, dataOffset); 39 | case RecordType.PTR: 40 | return new PointerResourceRecord(record, message, dataOffset); 41 | case RecordType.MX: 42 | return new MailExchangeResourceRecord(record, message, dataOffset); 43 | default: 44 | return record; 45 | } 46 | } 47 | } 48 | } 49 | -------------------------------------------------------------------------------- /DNS/Protocol/ResponseCode.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.Linq; 4 | using System.Text; 5 | 6 | namespace DNS.Protocol { 7 | public enum ResponseCode { 8 | NoError = 0, 9 | FormatError, 10 | ServerFailure, 11 | NameError, 12 | NotImplemented, 13 | Refused, 14 | YXDomain, 15 | YXRRSet, 16 | NXRRSet, 17 | NotAuth, 18 | NotZone, 19 | } 20 | } 21 | -------------------------------------------------------------------------------- /DNS/Protocol/Utils/ByteExtensions.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.Linq; 4 | using System.Text; 5 | 6 | namespace DNS.Protocol.Utils { 7 | public static class ByteExtensions { 8 | public static byte GetBitValueAt(this byte b, byte offset, byte length) { 9 | return (byte) ((b >> offset) & ~(0xff << length)); 10 | } 11 | 12 | public static byte GetBitValueAt(this byte b, byte offset) { 13 | return b.GetBitValueAt(offset, 1); 14 | } 15 | 16 | public static byte SetBitValueAt(this byte b, byte offset, byte length, byte value) { 17 | int mask = ~(0xff << length); 18 | value = (byte) (value & mask); 19 | 20 | return (byte) ((value << offset) | (b & ~(mask << offset))); 21 | } 22 | 23 | public static byte SetBitValueAt(this byte b, byte offset, byte value) { 24 | return b.SetBitValueAt(offset, 1, value); 25 | } 26 | } 27 | } 28 | -------------------------------------------------------------------------------- /DNS/Protocol/Utils/ByteStream.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.IO; 4 | 5 | namespace DNS.Protocol.Utils { 6 | public class ByteStream : Stream { 7 | private byte[] buffer; 8 | private int offset = 0; 9 | 10 | public ByteStream(int capacity) { 11 | buffer = new byte[capacity]; 12 | } 13 | 14 | public ByteStream Append(IEnumerable buffers) { 15 | foreach (byte[] buf in buffers) { 16 | Write(buf, 0, buf.Length); 17 | } 18 | 19 | return this; 20 | } 21 | 22 | public ByteStream Append(byte[] buf) { 23 | Write(buf, 0, buf.Length); 24 | return this; 25 | } 26 | 27 | public byte[] ToArray() { 28 | return buffer; 29 | } 30 | 31 | public void Reset() { 32 | this.offset = 0; 33 | } 34 | 35 | public override bool CanRead { 36 | get { return false; } 37 | } 38 | 39 | public override bool CanSeek { 40 | get { return false; } 41 | } 42 | 43 | public override bool CanWrite { 44 | get { return buffer.Length > 0 && offset < buffer.Length; } 45 | } 46 | 47 | public override void Flush() { } 48 | 49 | public override long Length { 50 | get { return offset; } 51 | } 52 | 53 | public override long Position { 54 | get { throw new NotImplementedException(); } 55 | set { throw new NotImplementedException(); } 56 | } 57 | 58 | public override int Read(byte[] buffer, int offset, int count) { 59 | throw new NotImplementedException(); 60 | } 61 | 62 | public override long Seek(long offset, System.IO.SeekOrigin origin) { 63 | throw new NotImplementedException(); 64 | } 65 | 66 | public override void SetLength(long value) { 67 | throw new NotImplementedException(); 68 | } 69 | 70 | public override void Write(byte[] buffer, int offset, int count) { 71 | Array.Copy(buffer, offset, this.buffer, this.offset, count); 72 | this.offset += count; 73 | } 74 | } 75 | } 76 | -------------------------------------------------------------------------------- /ETW/.gitignore: -------------------------------------------------------------------------------- 1 | # Good Reference 2 | # https://github.com/github/gitignore/blob/master/VisualStudio.gitignore 3 | 4 | bin 5 | obj 6 | *.user 7 | *.suo 8 | *.VC.opendb 9 | TestResults/ 10 | FakesAssemblies/ 11 | 12 | # Native Stuff 13 | *.sdf 14 | *.opensdf 15 | *.ipch 16 | *.aps 17 | [Dd]ebug/ 18 | [Rr]elease/ 19 | x64/ 20 | 21 | # NuGet Packages 22 | **/packages/* 23 | #!**/packages/repositories.config 24 | *.nupkg 25 | 26 | # githooks specific 27 | githooks/*.dll 28 | 29 | # VS2015 db poops 30 | *.VC.db 31 | 32 | # ignore cert files 33 | *.snk 34 | *.pfx 35 | 36 | # ignore Mac stuff 37 | .DS_Store 38 | 39 | # VS poops 40 | .vs/ 41 | -------------------------------------------------------------------------------- /ETW/35MSSharedLib1024.snk: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DavidXanatos/priv10/abf0ff5fa8a7332293f0bf42ae847ba38cd79d53/ETW/35MSSharedLib1024.snk -------------------------------------------------------------------------------- /ETW/CHANGELOG.md: -------------------------------------------------------------------------------- 1 | 2 | CHANGELOG 3 | ========= 4 | 5 | # v1.0.0 6 | * Initial release. 7 | 8 | -------------------------------------------------------------------------------- /ETW/CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | # Contributing to krabsetw 2 | This project welcomes contributions and suggestions. Most contributions require you to 3 | agree to a Contributor License Agreement (CLA) declaring that you have the right to, 4 | and actually do, grant us the rights to use your contribution. For details, visit 5 | https://cla.microsoft.com. 6 | 7 | When you submit a pull request, a CLA-bot will automatically determine whether you need 8 | to provide a CLA and decorate the PR appropriately (e.g., label, comment). Simply follow the 9 | instructions provided by the bot. You will only need to do this once across all repositories using our CLA. 10 | 11 | This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/). 12 | For more information see the [Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/) 13 | or contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with any additional questions or comments. 14 | 15 | ## Governance 16 | At this time, all technical decisions are made by a 3-person technical committee from the OneDrive/SharePoint Security team. Feature requests and bug fixes in the form of GitHub Issues will be reviewed by this group and prioritized with other existing work assuming they're approved. 17 | 18 | ## Questions? 19 | Please create GitHub issues for any questions you have and someone will get back to you. 20 | 21 | -------------------------------------------------------------------------------- /ETW/LICENSE: -------------------------------------------------------------------------------- 1 | krabsetw 2 | 3 | Copyright (c) Microsoft Corporation 4 | 5 | All rights reserved. 6 | 7 | MIT License 8 | 9 | Permission is hereby granted, free of charge, to any person obtaining a copy 10 | of this software and associated documentation files (the ""Software""), to deal 11 | in the Software without restriction, including without limitation the rights 12 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 13 | copies of the Software, and to permit persons to whom the Software is 14 | furnished to do so, subject to the following conditions: 15 | 16 | The above copyright notice and this permission notice shall be included in all 17 | copies or substantial portions of the Software. 18 | 19 | THE SOFTWARE IS PROVIDED *AS IS*, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 20 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 21 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 22 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 23 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 24 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 25 | SOFTWARE. 26 | -------------------------------------------------------------------------------- /ETW/O365.Security.Native.ETW.Debug.nuspec: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | Microsoft.O365.Security.Native.ETW.Debug 5 | 2.0.1 6 | Microsoft.O365.Security.Native.ETW Debug - managed wrappers for krabsetw 7 | Microsoft 8 | Microsoft 9 | https://opensource.org/licenses/MIT 10 | https://github.com/Microsoft/krabsetw 11 | false 12 | Microsoft.O365.Security.Native.ETW Debug is a managed wrapper around the krabsetw ETW library. Also known as "Lobsters." This is the Debug build. 13 | Microsoft.O365.Security.Native.ETW Debug is a managed wrapper around the krabsetw ETW library. Also known as "Lobsters." This is the Debug build. 14 | Support provider-based event filtering. 15 | © Microsoft Corporation. All rights reserved. 16 | 17 | ETW krabs lobsters managed cppcli 18 | 19 | 20 | 21 | 22 | 23 | 24 | -------------------------------------------------------------------------------- /ETW/O365.Security.Native.ETW.nuspec: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | Microsoft.O365.Security.Native.ETW 5 | 2.0.1 6 | Microsoft.O365.Security.Native.ETW - managed wrappers for krabsetw 7 | Microsoft 8 | Microsoft 9 | https://opensource.org/licenses/MIT 10 | https://github.com/Microsoft/krabsetw 11 | false 12 | Microsoft.O365.Security.Native.ETW is a managed wrapper around the krabsetw ETW library. Also known as "Lobsters." 13 | Microsoft.O365.Security.Native.ETW is a managed wrapper around the krabsetw ETW library. Also known as "Lobsters." 14 | Support provider-based event filtering. 15 | © Microsoft Corporation. All rights reserved. 16 | 17 | ETW krabs lobsters managed cppcli 18 | 19 | 20 | 21 | 22 | 23 | 24 | -------------------------------------------------------------------------------- /ETW/O365.Security.Native.ETW/.gitignore: -------------------------------------------------------------------------------- 1 | # Good Reference 2 | # https://github.com/github/gitignore/blob/master/VisualStudio.gitignore 3 | 4 | bin 5 | obj 6 | *.user 7 | *.suo 8 | TestResults/ 9 | FakesAssemblies/ 10 | 11 | # Native Stuff 12 | *.sdf 13 | *.opensdf 14 | *.ipch 15 | *.aps 16 | [Dd]ebug/ 17 | [Rr]elease/ 18 | x64/ 19 | 20 | # NuGet Packages 21 | **/packages/* 22 | #!**/packages/repositories.config 23 | 24 | # githooks specific 25 | githooks/*.dll -------------------------------------------------------------------------------- /ETW/O365.Security.Native.ETW/.nuget/NuGet.Config: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | -------------------------------------------------------------------------------- /ETW/O365.Security.Native.ETW/.nuget/NuGet.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DavidXanatos/priv10/abf0ff5fa8a7332293f0bf42ae847ba38cd79d53/ETW/O365.Security.Native.ETW/.nuget/NuGet.exe -------------------------------------------------------------------------------- /ETW/O365.Security.Native.ETW/App.config: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | 6 | -------------------------------------------------------------------------------- /ETW/O365.Security.Native.ETW/AssemblyInfo.cpp: -------------------------------------------------------------------------------- 1 | // Copyright (c) Microsoft. All rights reserved. 2 | // Licensed under the MIT license. See LICENSE file in the project root for full license information. 3 | 4 | using namespace System; 5 | using namespace System::Reflection; 6 | using namespace System::Runtime::CompilerServices; 7 | using namespace System::Runtime::InteropServices; 8 | using namespace System::Security::Permissions; 9 | 10 | // 11 | // General Information about an assembly is controlled through the following 12 | // set of attributes. Change these attribute values to modify the information 13 | // associated with an assembly. 14 | // 15 | [assembly:AssemblyTitleAttribute(L"Microsoft.O365.Security.Native.ETW")]; 16 | [assembly:AssemblyDescriptionAttribute(L"")]; 17 | [assembly:AssemblyConfigurationAttribute(L"")]; 18 | [assembly:AssemblyCompanyAttribute(L"Microsoft")]; 19 | [assembly:AssemblyProductAttribute(L"Microsoft.O365.Security.Native.ETW")]; 20 | [assembly:AssemblyCopyrightAttribute(L"Copyright (c) 2016")]; 21 | [assembly:AssemblyTrademarkAttribute(L"")]; 22 | [assembly:AssemblyCultureAttribute(L"")]; 23 | 24 | // 25 | // Version information for an assembly consists of the following four values: 26 | // 27 | // Major Version 28 | // Minor Version 29 | // Build Number 30 | // Revision 31 | // 32 | // You can specify all the value or you can default the Revision and Build Numbers 33 | // by using the '*' as shown below: 34 | 35 | [assembly:AssemblyVersionAttribute("1.0.*")]; 36 | 37 | [assembly:ComVisible(false)]; 38 | 39 | [assembly:CLSCompliantAttribute(true)]; -------------------------------------------------------------------------------- /ETW/O365.Security.Native.ETW/ETWLib.cpp: -------------------------------------------------------------------------------- 1 | // Copyright (c) Microsoft. All rights reserved. 2 | // Licensed under the MIT license. See LICENSE file in the project root for full license information. 3 | 4 | // This is the main DLL file. 5 | 6 | #include "Guid.hpp" 7 | #include "Errors.hpp" 8 | #include "UserTrace.hpp" 9 | #include "TraceStats.hpp" 10 | #include "Provider.hpp" 11 | #include "RawProvider.hpp" 12 | #include "KernelProvider.hpp" 13 | #include "ITrace.hpp" 14 | #include "IEventRecordMetadata.hpp" 15 | #include "IEventRecord.hpp" 16 | #include "EventRecordMetadata.hpp" 17 | #include "EventRecord.hpp" 18 | #include "EventRecordError.hpp" 19 | #include "Property.hpp" 20 | 21 | #include "Filtering/Predicate.hpp" 22 | #include "Filtering/EventFilter.hpp" 23 | #include "Filtering/Fluent.hpp" 24 | #include "Filtering/UnicodeString.hpp" 25 | #include "Filtering/AnsiString.hpp" 26 | #include "Filtering/CountedString.hpp" 27 | 28 | #include "KernelProvider.hpp" 29 | #include "KernelTrace.hpp" 30 | #include "Kernel/KernelProviders.hpp" 31 | 32 | #include "Testing/EventHeader.hpp" 33 | #include "Testing/SynthRecord.hpp" 34 | #include "Testing/RecordBuilder.hpp" 35 | #include "Testing/Proxy.hpp" 36 | -------------------------------------------------------------------------------- /ETW/O365.Security.Native.ETW/EventRecordError.hpp: -------------------------------------------------------------------------------- 1 | // Copyright (c) Microsoft. All rights reserved. 2 | // Licensed under the MIT license. See LICENSE file in the project root for full license information. 3 | 4 | #pragma once 5 | 6 | #include "IEventRecordMetadata.hpp" 7 | 8 | namespace Microsoft { namespace O365 { namespace Security { namespace ETW { 9 | 10 | /// 11 | /// Item passed to OnError handlers when an error is encountered 12 | /// handling an event on the worker thread. 13 | /// 14 | public ref struct EventRecordError 15 | { 16 | private: 17 | initonly System::String^ msg_; 18 | initonly IEventRecordMetadata^ record_; 19 | 20 | // TODO: additional info like provider, event id? 21 | 22 | public: 23 | /// 24 | /// Returns a string representing a message about the 25 | /// error that was encountered in the EventRecord. 26 | /// 27 | property System::String^ Message { 28 | System::String^ get() { 29 | return msg_; 30 | } 31 | } 32 | 33 | /// 34 | /// Returns an object representing metadata about the 35 | /// record that was being processed when the error was 36 | /// encountered. 37 | /// 38 | property IEventRecordMetadata^ Record { 39 | IEventRecordMetadata^ get() { 40 | return record_; 41 | } 42 | } 43 | 44 | internal: 45 | EventRecordError( 46 | System::String^ message, 47 | IEventRecordMetadata^ record) 48 | : msg_(message) 49 | , record_(record) 50 | { } 51 | }; 52 | 53 | } } } } -------------------------------------------------------------------------------- /ETW/O365.Security.Native.ETW/Guid.hpp: -------------------------------------------------------------------------------- 1 | // Copyright (c) Microsoft. All rights reserved. 2 | // Licensed under the MIT license. See LICENSE file in the project root for full license information. 3 | 4 | #pragma once 5 | 6 | #include 7 | 8 | namespace Microsoft { namespace O365 { namespace Security { namespace ETW { 9 | 10 | /// 11 | /// Converts a native GUID to a System::Guid 12 | /// 13 | inline System::Guid ConvertGuid(GUID guid) 14 | { 15 | return System::Guid( 16 | guid.Data1, guid.Data2, guid.Data3, 17 | guid.Data4[0], guid.Data4[1], 18 | guid.Data4[2], guid.Data4[3], 19 | guid.Data4[4], guid.Data4[5], 20 | guid.Data4[6], guid.Data4[7]); 21 | } 22 | 23 | /// 24 | /// Converts a System::Guid to a native GUID 25 | /// 26 | inline GUID ConvertGuid(System::Guid guid) 27 | { 28 | array^ bytes = guid.ToByteArray(); 29 | pin_ptr data = &(bytes[0]); 30 | return *((GUID*)data); 31 | } 32 | 33 | } } } } -------------------------------------------------------------------------------- /ETW/O365.Security.Native.ETW/ITrace.hpp: -------------------------------------------------------------------------------- 1 | // Copyright (c) Microsoft. All rights reserved. 2 | // Licensed under the MIT license. See LICENSE file in the project root for full license information. 3 | 4 | #pragma once 5 | 6 | #include "KernelProvider.hpp" 7 | #include "Provider.hpp" 8 | #include "RawProvider.hpp" 9 | #include "TraceStats.hpp" 10 | 11 | namespace Microsoft { namespace O365 { namespace Security { namespace ETW { 12 | 13 | /// 14 | /// Represents a instance of an ETW trace session. 15 | /// 16 | public interface class ITrace 17 | { 18 | public: 19 | /// 20 | /// Starts listening for events from the enabled providers. 21 | /// 22 | void Start(); 23 | 24 | /// 25 | /// Stops listening for events. 26 | /// 27 | void Stop(); 28 | 29 | /// 30 | /// Get stats about events handled by this trace 31 | /// 32 | /// a object representing the stats of the current trace 33 | TraceStats QueryStats(); 34 | }; 35 | 36 | /// 37 | /// User ETW trace specific interface of 38 | /// 39 | public interface class IUserTrace : public ITrace 40 | { 41 | public: 42 | /// 43 | /// Enables a provider for the given user trace. 44 | /// 45 | /// The to enable. 46 | void Enable(Provider^ provider); 47 | 48 | /// 49 | /// Enables a raw provider for the given user trace. 50 | /// 51 | /// The to enable. 52 | void Enable(RawProvider^ provider); 53 | }; 54 | 55 | /// 56 | /// Kernel ETW trace specific interface of 57 | /// 58 | public interface class IKernelTrace : public ITrace 59 | { 60 | public: 61 | /// 62 | /// Enables a provider for the given trace. 63 | /// 64 | /// The to enable. 65 | void Enable(KernelProvider^ provider); 66 | }; 67 | 68 | } } } } -------------------------------------------------------------------------------- /ETW/O365.Security.Native.ETW/README.md: -------------------------------------------------------------------------------- 1 | 2 | Overview 3 | ======== 4 | 5 | ETWLib is a C# library that simplifies interacting with ETW. It allows for any number of traces and providers to be enabled and for client code to register for event notifications from these traces. 6 | 7 | ETWLib also provides code to simplify parsing generic event data into strongly typed data types. 8 | 9 | Guided Example 10 | ============== 11 | 12 | ETW has the concept of a trace, where a trace essentially represents a stream of events that can be listened to. It distinguishes between kernel and user traces, where the source of events in a kernel trace comes from the Windows kernel. User trace event sources can be any regular application that is ETW-aware. 13 | 14 | ETWLib maintains the differentiation between user and kernel traces (kernel traces are not yet implemented) because their APIs are slightly different. 15 | 16 | A `UserTrace` can be named an arbitrary name or a name can be generated for you. 17 | 18 | UserTrace trace = new UserTrace(); // unnamed trace 19 | UserTrace namedTrace = new UserTrace("Muffins McGoo"); 20 | 21 | ETWLib represents different sources of ETW events with the concept of a `Provider`. Providers are identified by a GUID, as specified by ETW itself. Providers each have a pair of properties that represent bitflags named `Any` and `All` that are used to do event filtering. If an event meets any of the flags in the `Any` property, registered event callbacks are called. If an event meets all of the bits in the `All` property, registered event callbacks are likewise called. 22 | 23 | **NOTE:** The semantics of the `Any` and `All` flag are left to the discretion of the ETW provider. Many providers ignore the `All` flag if the `Any` flag is not set, for example. 24 | 25 | void MyCallbackFunction(EventRecord) 26 | {} 27 | 28 | Provider powershellProvider = new Provider(Guid.Parse("{A0C1853B-5C40-4B15-8766-3CF1C58F985A}")); 29 | powershellProvider.Any = 0x10; 30 | powershellProvider.OnEvent += MyCallbackFunction; 31 | 32 | Providers must be enabled for specific traces in order to have any effect on the event tracing system: 33 | 34 | namedTrace.Enable(powershellProvider); 35 | 36 | Once all the providers have been enabled for a trace, the trace must be started. The `UserTrace::start()` method will block while listening for events, so if a program is supposed to do other interesting things while listening for ETW events, the start method needs to called on another thread. 37 | 38 | var t = Task.Run(() => namedTrace.Start()); 39 | -------------------------------------------------------------------------------- /ETW/O365.Security.Native.ETW/Testing/EventHeader.hpp: -------------------------------------------------------------------------------- 1 | // Copyright (c) Microsoft. All rights reserved. 2 | // Licensed under the MIT license. See LICENSE file in the project root for full license information. 3 | 4 | namespace Microsoft { namespace O365 { namespace Security { namespace ETW { namespace Testing { 5 | 6 | public enum class EventHeaderFlags : uint16_t 7 | { 8 | EXTENDED_INFO = 0x0001, 9 | PRIVATE_SESSION = 0x0002, 10 | STRING_ONLY = 0x0004, 11 | TRACE_MESSAGE = 0x0008, 12 | NO_CPUTIME = 0x0010, 13 | HEADER_32_BIT = 0x0020, 14 | HEADER_64_BIT = 0x0040, 15 | CLASSIC_HEADER = 0x0100, 16 | PROCESSOR_INDEX = 0x0200 17 | }; 18 | 19 | /// 20 | /// Provides access to the EVENT_HEADER element of a synthetic 21 | /// event record. 22 | /// 23 | public ref class EventHeader { 24 | public: 25 | EventHeader(EVENT_HEADER *header); 26 | 27 | /// 28 | /// Provides access to the Flags field of the EventHeader. 29 | /// 30 | property unsigned short Flags { 31 | unsigned short get() { 32 | return header_->Flags; 33 | } 34 | 35 | void set(unsigned short val) { 36 | header_->Flags = val; 37 | } 38 | } 39 | 40 | internal: 41 | EVENT_HEADER *header_; 42 | }; 43 | 44 | // Implementation 45 | // ------------------------------------------------------------------------ 46 | 47 | inline EventHeader::EventHeader(EVENT_HEADER *header) 48 | : header_(header) 49 | { } 50 | 51 | 52 | 53 | 54 | } /* namespace Testing */ } /* namespace ETW */ } /* namespace Security */ } /* namespace O365 */ } /* namespace Microsoft */ -------------------------------------------------------------------------------- /ETW/O365.Security.Native.ETW/TraceStats.hpp: -------------------------------------------------------------------------------- 1 | // Copyright (c) Microsoft. All rights reserved. 2 | // Licensed under the MIT license. See LICENSE file in the project root for full license information. 3 | 4 | #pragma once 5 | 6 | #include 7 | 8 | namespace Microsoft { namespace O365 { namespace Security { namespace ETW { 9 | 10 | /// 11 | /// Selected statistics about an ETW trace 12 | /// 13 | public value class TraceStats 14 | { 15 | public: 16 | /// count of trace buffers 17 | initonly uint32_t BuffersCount; 18 | 19 | /// count of free buffers 20 | initonly uint32_t BuffersFree; 21 | 22 | /// count of buffers written 23 | initonly uint32_t BuffersWritten; 24 | 25 | /// count of buffers lost 26 | initonly uint32_t BuffersLost; 27 | 28 | /// count of total events 29 | initonly uint64_t EventsTotal; 30 | 31 | /// count of events handled 32 | initonly uint64_t EventsHandled; 33 | 34 | /// count of events lost 35 | initonly uint32_t EventsLost; 36 | 37 | internal: 38 | TraceStats(const krabs::trace_stats& stats) 39 | : BuffersCount(stats.buffersCount) 40 | , BuffersFree(stats.buffersFree) 41 | , BuffersWritten(stats.buffersWritten) 42 | , BuffersLost(stats.buffersLost) 43 | , EventsTotal(stats.eventsTotal) 44 | , EventsHandled(stats.eventsHandled) 45 | , EventsLost(stats.eventsLost) 46 | { } 47 | }; 48 | 49 | } } } } -------------------------------------------------------------------------------- /ETW/O365.Security.Native.ETW/packages.config: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | -------------------------------------------------------------------------------- /ETW/build/native/krabsetw.targets: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | ;%(PreprocessorDefinitions) 6 | $(MSBuildThisFileDirectory)..\..\lib\native\include\;%(AdditionalIncludeDirectories) 7 | 8 | 9 | 10 | 11 | NotUsing 12 | False 13 | Async 14 | ;%(PreprocessorDefinitions) 15 | $(MSBuildThisFileDirectory)..\..\lib\native\include\;%(AdditionalIncludeDirectories) 16 | 17 | 18 | 19 | -------------------------------------------------------------------------------- /ETW/docs/KrabsExample.md: -------------------------------------------------------------------------------- 1 | Guided Example 2 | ============== 3 | 4 | ETW has the concept of a trace, where a trace essentially represents a stream of events that can be listened to. It distinguishes between kernel and user traces, where the source of events in a kernel trace comes from the Windows kernel. User trace event sources can be any regular application that is ETW-aware. 5 | 6 | Krabs maintains the differentiation between user and kernel traces because their APIs are slightly different. 7 | 8 | A `user_trace` can be named an arbitrary name or a name can be generated for you. 9 | 10 | user_trace trace(); // unnamed trace 11 | user_trace namedTrace(L"Muffins McGoo"); 12 | 13 | Krabs represents different sources of ETW events with the concept of a `provider`. Providers are identified by a GUID, as specified by ETW itself. Providers each have a pair of bitflags named `any` and `all` that are used to do event filtering. If an event meets any of the flags in the `any` flag, registered event callbacks are called. If an event meets all of the flags in the `all` flag, registered event callbacks are likewise called. 14 | 15 | **NOTE:** The semantics of the `any` and `all` flag are left to the discretion of the ETW provider. Many providers ignore the `all` flag if the `any` flag is not set, for example. 16 | 17 | void mycallbackFunction(const EVENT_RECORD &) 18 | {} 19 | 20 | provider<> powershellProvider(L"{A0C1853B-5C40-4B15-8766-3CF1C58F985A}"); 21 | powershellProvider.any(0x10); 22 | powershellProvider.any(0x01); // augment the any flag 23 | powershellProvider.add_on_event_callback(mycallbackFunction); 24 | 25 | Providers must be enabled for specific traces in order to have any effect on the event tracing system: 26 | 27 | namedTrace.enable(powershellProvider); 28 | 29 | Once all the providers have been enabled for a trace, the trace must be started. The `user_trace::start()` method will block while listening for events, so if a program is supposed to do other interesting things while listening for ETW events, the start method needs to called on another thread. 30 | 31 | void startListening() 32 | { 33 | namedTrace.start(); 34 | } 35 | 36 | std::thread t(startListening); 37 | sleep(1000); 38 | namedTrace.stop(); 39 | t.join(); -------------------------------------------------------------------------------- /ETW/docs/LobstersExample.md: -------------------------------------------------------------------------------- 1 | Guided Example 2 | ============== 3 | 4 | *Note: This example is intentionally a carbon copy of the KrabsExample.md since krabs concepts map directly into O365.Security.Native.ETW functionality.* 5 | 6 | ETW has the concept of a trace, where a trace essentially represents a stream of events that can be listened to. It distinguishes between kernel and user traces, where the source of events in a kernel trace comes from the Windows kernel. User trace event sources can be any regular application that is ETW-aware. 7 | 8 | O365.Security.Native.ETW maintains the differentiation between user and kernel traces because their APIs are slightly different. 9 | 10 | A `UserTrace` can be named an arbitrary name or a name can be generated for you. 11 | 12 | var trace = new UserTrace(); // unnamed trace 13 | var namedTrace = new UserTrace("Muffins McGoo"); 14 | 15 | O365.Security.Native.ETW represents different sources of ETW events with the concept of a `Provider`. Providers are identified by a GUID, as specified by ETW itself. Providers each have a pair of bitflags named `Any` and `All` that are used to do event filtering. If an event meets any of the flags in the `Any` flag, registered event callbacks are called. If an event meets all of the flags in the `All` flag, registered event callbacks are likewise called. 16 | 17 | **NOTE:** The semantics of the `Any` and `All` flag are left to the discretion of the ETW provider. Many providers ignore the `All` flag if the `Any` flag is not set, for example. 18 | 19 | void OnEventRecord(IEventRecord record) 20 | {} 21 | 22 | var trace = new UserTrace(); 23 | var provider = new Provider(Guid.Parse("{A0C1853B-5C40-4B15-8766-3CF1C58F985A}")); 24 | provider.All = 0x10; 25 | provider.Any = 0x01; // augment the Any flag. 26 | provider.OnEvent += OnEventRecord; 27 | 28 | Providers must be enabled for specific traces in order to have any effect on the event tracing system: 29 | 30 | namedTrace.Enable(provider); 31 | 32 | Once all the providers have been enabled for a trace, the trace must be started. The `UserTrace.Start()` method **will block while listening for events**, so if a program is supposed to do other interesting things while listening for ETW events, the start method needs to called on another thread. 33 | 34 | void startListening() 35 | { 36 | namedTrace.Start(); 37 | } 38 | 39 | var task = await Task.Factory.StartNew(() => startListening(), TaskCreationOptions.LongRunning); 40 | sleep(1000); 41 | namedTrace.Stop(); 42 | task.Wait(); -------------------------------------------------------------------------------- /ETW/docs/O365.Security.Native.ETW.chm: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DavidXanatos/priv10/abf0ff5fa8a7332293f0bf42ae847ba38cd79d53/ETW/docs/O365.Security.Native.ETW.chm -------------------------------------------------------------------------------- /ETW/docs/img/message-analyzer/1.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DavidXanatos/priv10/abf0ff5fa8a7332293f0bf42ae847ba38cd79d53/ETW/docs/img/message-analyzer/1.PNG -------------------------------------------------------------------------------- /ETW/docs/img/message-analyzer/2.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DavidXanatos/priv10/abf0ff5fa8a7332293f0bf42ae847ba38cd79d53/ETW/docs/img/message-analyzer/2.PNG -------------------------------------------------------------------------------- /ETW/docs/img/message-analyzer/3.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DavidXanatos/priv10/abf0ff5fa8a7332293f0bf42ae847ba38cd79d53/ETW/docs/img/message-analyzer/3.PNG -------------------------------------------------------------------------------- /ETW/docs/img/message-analyzer/4.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DavidXanatos/priv10/abf0ff5fa8a7332293f0bf42ae847ba38cd79d53/ETW/docs/img/message-analyzer/4.PNG -------------------------------------------------------------------------------- /ETW/docs/img/message-analyzer/5.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DavidXanatos/priv10/abf0ff5fa8a7332293f0bf42ae847ba38cd79d53/ETW/docs/img/message-analyzer/5.PNG -------------------------------------------------------------------------------- /ETW/docs/img/message-analyzer/6.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DavidXanatos/priv10/abf0ff5fa8a7332293f0bf42ae847ba38cd79d53/ETW/docs/img/message-analyzer/6.PNG -------------------------------------------------------------------------------- /ETW/docs/img/message-analyzer/7.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DavidXanatos/priv10/abf0ff5fa8a7332293f0bf42ae847ba38cd79d53/ETW/docs/img/message-analyzer/7.PNG -------------------------------------------------------------------------------- /ETW/examples/ManagedExamples/App.config: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | 6 | -------------------------------------------------------------------------------- /ETW/examples/ManagedExamples/Program.cs: -------------------------------------------------------------------------------- 1 | // Copyright (c) Microsoft. All rights reserved. 2 | // Licensed under the MIT license. See LICENSE file in the project root for full license information. 3 | 4 | namespace ManagedExamples 5 | { 6 | class Program 7 | { 8 | static void Main(string[] args) 9 | { 10 | // Comment in/out the particular example you'd like to run. 11 | KernelTrace001.Start(); 12 | //UserTrace001.Start(); 13 | //UserTrace002.Start(); 14 | //FakingEvents001.Start(); 15 | } 16 | } 17 | } 18 | -------------------------------------------------------------------------------- /ETW/examples/NativeExamples/NativeExamples.vcxproj.filters: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {ed21b70b-78a2-4617-a02f-9b654e2bd586} 10 | 11 | 12 | 13 | 14 | Source Files 15 | 16 | 17 | Source Files 18 | 19 | 20 | Source Files 21 | 22 | 23 | Source Files 24 | 25 | 26 | Source Files 27 | 28 | 29 | Source Files 30 | 31 | 32 | Source Files 33 | 34 | 35 | Source Files 36 | 37 | 38 | Source Files 39 | 40 | 41 | Source Files 42 | 43 | 44 | 45 | 46 | Header Files 47 | 48 | 49 | 50 | 51 | 52 | -------------------------------------------------------------------------------- /ETW/examples/NativeExamples/examples.h: -------------------------------------------------------------------------------- 1 | // Copyright (c) Microsoft. All rights reserved. 2 | // Licensed under the MIT license. See LICENSE file in the project root for full license information. 3 | 4 | #pragma once 5 | 6 | struct kernel_and_user_trace_001 7 | { 8 | static void start(); 9 | }; 10 | 11 | struct kernel_trace_001 12 | { 13 | static void start(); 14 | }; 15 | 16 | struct multiple_providers_001 17 | { 18 | static void start(); 19 | }; 20 | 21 | struct testing_001 22 | { 23 | static void start(); 24 | }; 25 | 26 | struct user_trace_001 27 | { 28 | static void start(); 29 | }; 30 | 31 | struct user_trace_002 32 | { 33 | static void start(); 34 | }; 35 | 36 | struct user_trace_003_no_predicates 37 | { 38 | static void start(); 39 | }; 40 | 41 | struct user_trace_004 42 | { 43 | static void start(); 44 | }; 45 | -------------------------------------------------------------------------------- /ETW/examples/NativeExamples/kernel_trace_001.cpp: -------------------------------------------------------------------------------- 1 | // Copyright (c) Microsoft. All rights reserved. 2 | // Licensed under the MIT license. See LICENSE file in the project root for full license information. 3 | 4 | // This example shows how to quickly load up a kernel trace that prints out 5 | // a notice whenever a binary image (executable or DLL) is loaded. 6 | 7 | #include 8 | #include "..\..\krabs\krabs.hpp" 9 | #include "examples.h" 10 | 11 | void kernel_trace_001::start() 12 | { 13 | // Kernel traces use the kernel_trace class, which looks and acts a lot like the 14 | // user_trace class. 15 | krabs::kernel_trace trace(L"My magic trace"); 16 | 17 | // Krabs provides a bunch of convenience providers for kernel traces. The set of 18 | // providers that are allowed by kernel traces is hardcoded by Windows ETW, and 19 | // Krabs provides simple objects to represent these. If other providers were 20 | // enabled without krabs being updated, the same thing could be done like so: 21 | // krabs::kernel_provider provider(SOME_ULONG_VALUE, SOME_GUID); 22 | krabs::kernel::image_load_provider provider; 23 | 24 | // Kernel providers accept all the typical callback mechanisms. 25 | provider.add_on_event_callback([](const EVENT_RECORD &record) { 26 | krabs::schema schema(record); 27 | 28 | // To filter our events, we want to compare against the 29 | // event opcode. For kernel traces, you can consult this page 30 | // https://msdn.microsoft.com/en-us/library/windows/desktop/aa364083(v=vs.85).aspx 31 | // 32 | // The documentation specific to the image load provider is here: 33 | // https://msdn.microsoft.com/en-us/library/windows/desktop/aa364068(v=vs.85).aspx 34 | if (schema.event_opcode() == 10) { 35 | krabs::parser parser(schema); 36 | std::wstring filename = parser.parse(L"FileName"); 37 | std::wcout << L"Loaded image from file " << filename << std::endl; 38 | } 39 | }); 40 | 41 | // From here on out, a kernel_trace is indistinguishable from a user_trace in how 42 | // it is used. 43 | trace.enable(provider); 44 | trace.start(); 45 | } 46 | -------------------------------------------------------------------------------- /ETW/examples/NativeExamples/main.cpp: -------------------------------------------------------------------------------- 1 | // Copyright (c) Microsoft. All rights reserved. 2 | // Licensed under the MIT license. See LICENSE file in the project root for full license information. 3 | 4 | #include "examples.h" 5 | 6 | int main(void) 7 | { 8 | // Comment in/out the particular example you'd like to run. 9 | kernel_and_user_trace_001::start(); 10 | //kernel_trace_001::start(); 11 | //multiple_providers_001::start(); 12 | //testing_001::start(); 13 | //user_trace_001::start(); 14 | //user_trace_002::start(); 15 | //user_trace_003_no_predicates::start(); 16 | //user_trace_004::start(); 17 | } -------------------------------------------------------------------------------- /ETW/examples/NativeExamples/packages.config: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | -------------------------------------------------------------------------------- /ETW/examples/NativeExamples/user_trace_002.cpp: -------------------------------------------------------------------------------- 1 | // Copyright (c) Microsoft. All rights reserved. 2 | // Licensed under the MIT license. See LICENSE file in the project root for full license information. 3 | 4 | // This example shows how to use a user_trace to extract powershell command 5 | // invocations. It demonstrates provider-level filtering to make event handling 6 | // code a little simpler. 7 | 8 | #include 9 | #include 10 | 11 | #include "..\..\krabs\krabs.hpp" 12 | #include "examples.h" 13 | 14 | void user_trace_002::start() 15 | { 16 | // user_trace instances should be used for any non-kernel traces that are defined 17 | // by components or programs in Windows. They can optionally take a name -- if none 18 | // is provided, a random GUID is assigned as the name. 19 | krabs::user_trace trace(L"My Named Trace"); 20 | 21 | // A trace can have any number of providers, which are identified by GUID. These 22 | // GUIDs are defined by the components that emit events, and their GUIDs can 23 | // usually be found with various ETW tools (like wevutil). 24 | krabs::provider<> provider(krabs::guid(L"{A0C1853B-5C40-4B15-8766-3CF1C58F985A}")); 25 | provider.any(0xf0010000000003ff); 26 | 27 | // In user_trace_001.cpp, we manually filter events by checking the event information 28 | // in our callback functions. In this example, we're going to use a provider filter 29 | // to do this for us. 30 | 31 | // We instantiate an event_filter first. An event_filter is created with a 32 | // predicate -- literally just a function that does some check on an EVENT_RECORD 33 | // and returns a boolean -- true when the event should be passed on to callbacks, 34 | // and false otherwise. 35 | 36 | // krabs provides a few simple predicates to use to make this a little easier for 37 | // the standard cases. We'll use one of those to filter based on the event id. 38 | krabs::event_filter filter(krabs::predicates::id_is(7937)); 39 | 40 | // event_filters can have attached callbacks, just like a regular provider. 41 | filter.add_on_event_callback([](const EVENT_RECORD &record) { 42 | krabs::schema schema(record); 43 | assert(schema.event_id() == 7937); 44 | std::wcout << L"Event 7937 received!" << std::endl; 45 | }); 46 | 47 | // event_filters are attached to providers. Events that are attached to a filter will 48 | // only be called when the filter allows the event through. Any events attached to the 49 | // provider directly will be called for all events that are fired by the ETW producer. 50 | provider.add_filter(filter); 51 | trace.enable(provider); 52 | trace.start(); 53 | } 54 | -------------------------------------------------------------------------------- /ETW/examples/NativeExamples/user_trace_003_no_predicates.cpp: -------------------------------------------------------------------------------- 1 | // Copyright (c) Microsoft. All rights reserved. 2 | // Licensed under the MIT license. See LICENSE file in the project root for full license information. 3 | 4 | // Krabs supports provider filtering based on ETW API filtering features. 5 | // This example listening for file delete event. 6 | // 7 | 8 | #include 9 | #include 10 | 11 | #include "..\..\krabs\krabs.hpp" 12 | #include "examples.h" 13 | 14 | void user_trace_003_no_predicates::start() 15 | { 16 | // user_trace instances should be used for any non-kernel traces that are defined 17 | // by components or programs in Windows. They can optionally take a name -- if none 18 | // is provided, a random GUID is assigned as the name. 19 | krabs::user_trace trace(L"My Named Trace"); 20 | 21 | // A trace can have any number of providers, which are identified by GUID. These 22 | // GUIDs are defined by the components that emit events, and their GUIDs can 23 | // usually be found with various ETW tools (like wevutil). 24 | 25 | //listen for file events 26 | krabs::provider<> provider(krabs::guid(L"{EDD08927-9CC4-4E65-B970-C2560FB5C289}")); 27 | 28 | // In user_trace_001.cpp we manually filter events by checking the event information 29 | // In user_trace_002.cpp we filter events using provider predicates 30 | // In user_trace_003.cpp we filter with ETW filtering only without predicate 31 | // In this example, we're going to use a provider filter based on ETW filtering features 32 | // combined with predicate which does additional filtering 33 | 34 | // We instantiate an event_filter first. An event_filter is created with a 35 | // event id which will be forwarded as filter to etw tracing api 36 | krabs::event_filter filter(11); 37 | 38 | auto cb = [](const EVENT_RECORD &record) { 39 | krabs::schema schema(record); 40 | assert(schema.event_id() == 11); 41 | std::wcout << L"Event " + std::to_wstring(schema.event_id()) + L" received!" << std::endl; 42 | }; 43 | 44 | filter.add_on_event_callback(cb); 45 | 46 | // event_filters are attached to providers. Events that are attached to a filter will 47 | // only be called when the filter allows the event through. Any events attached to the 48 | // provider directly will be called for all events that are fired by the ETW producer. 49 | provider.add_filter(filter); 50 | trace.enable(provider); 51 | trace.start(); 52 | } 53 | -------------------------------------------------------------------------------- /ETW/krabs/.nuget/NuGet.Config: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | -------------------------------------------------------------------------------- /ETW/krabs/.nuget/NuGet.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DavidXanatos/priv10/abf0ff5fa8a7332293f0bf42ae847ba38cd79d53/ETW/krabs/.nuget/NuGet.exe -------------------------------------------------------------------------------- /ETW/krabs/MTA.testsettings: -------------------------------------------------------------------------------- 1 |  2 | 3 | These are default test settings for a local test run with threadmodel set to MTA. 4 | 5 | 6 | 7 | 8 | -------------------------------------------------------------------------------- /ETW/krabs/Readme.txt: -------------------------------------------------------------------------------- 1 | Krabs Readme.txt 2 | 3 | 4 | 5 | Important Preprocessor Definitions: 6 | 7 | * UNICODE - krabsetw expects the UNICODE preproessor definition to be defined. The code will 8 | not successfully compile without this flag. There is no plan to support non-UNICODE defined 9 | compilation. 10 | 11 | 12 | 13 | * NDEBUG - Set this varible in release builds to disable runtime type assertions. 14 | 15 | You'll still get a runtime error if the size type you're requesting is not the 16 | 17 | same size as the property in the event schema. 18 | 19 | 20 | 21 | * TYPEASSERT - Set this variable only in debug builds (not NDEBUG) to enable strict assertions. 22 | 23 | This means that if an explicit type check is not defined for a requested type, a static_assert 24 | 25 | is thrown and the code will not compile until one is added. This is mainly used for krabs 26 | 27 | development to ensure that we don't miss asserts for types that are supported. 28 | -------------------------------------------------------------------------------- /ETW/krabs/krabs.cpp: -------------------------------------------------------------------------------- 1 | // Copyright (c) Microsoft. All rights reserved. 2 | // Licensed under the MIT license. See LICENSE file in the project root for full license information. 3 | 4 | #include "krabs.hpp" 5 | 6 | // Note: This file exists to define the schema_locator 7 | // cache static variable. Due to issues with C++14 magic 8 | // static and C++/CLI, we're unable to rely solely on 9 | // using magic static. 10 | 11 | // DO NOT ADD THINGS TO THIS FILE 12 | 13 | namespace krabs { 14 | schema_locator schema_locator::singleton_; 15 | } -------------------------------------------------------------------------------- /ETW/krabs/krabs.hpp: -------------------------------------------------------------------------------- 1 | // Copyright (c) Microsoft. All rights reserved. 2 | // Licensed under the MIT license. See LICENSE file in the project root for full license information. 3 | 4 | #pragma once 5 | 6 | #pragma comment(lib, "advapi32.lib") 7 | #pragma comment(lib, "ole32.lib") 8 | 9 | 10 | // 11 | // /\ 12 | // ( / @ @ () 13 | // \ __| |__ / 14 | // -/ " \- 15 | // /-| |-\ 16 | // / /-\ /-\ \ 17 | // / /-`---'-\ \ 18 | // / \ 19 | // 20 | // Summary 21 | // ---------------------------------------------------------------------------- 22 | // Krabs is a wrapper around ETW because ETW is the worst API ever made. 23 | 24 | #pragma warning(push) 25 | #pragma warning(disable: 4512) // stupid spurious "can't generate assignment error" warning 26 | #pragma warning(disable: 4634) // DocXml comment warnings in native C++ 27 | #pragma warning(disable: 4635) // DocXml comment warnings in native C++ 28 | 29 | #include "krabs/compiler_check.hpp" 30 | #include "krabs/ut.hpp" 31 | #include "krabs/kt.hpp" 32 | #include "krabs/guid.hpp" 33 | #include "krabs/lock.hpp" 34 | #include "krabs/trace.hpp" 35 | #include "krabs/client.hpp" 36 | #include "krabs/errors.hpp" 37 | #include "krabs/schema.hpp" 38 | #include "krabs/schema_locator.hpp" 39 | #include "krabs/parse_types.hpp" 40 | #include "krabs/collection_view.hpp" 41 | #include "krabs/size_provider.hpp" 42 | #include "krabs/parser.hpp" 43 | #include "krabs/property.hpp" 44 | #include "krabs/provider.hpp" 45 | #include "krabs/nightmare.hpp" 46 | #include "krabs/tdh_helpers.hpp" 47 | #include "krabs/kernel_providers.hpp" 48 | 49 | #include "krabs/testing/proxy.hpp" 50 | #include "krabs/testing/filler.hpp" 51 | #include "krabs/testing/synth_record.hpp" 52 | #include "krabs/testing/record_builder.hpp" 53 | #include "krabs/testing/event_filter_proxy.hpp" 54 | #include "krabs/testing/record_property_thunk.hpp" 55 | 56 | #include "krabs/filtering/view_adapters.hpp" 57 | #include "krabs/filtering/comparers.hpp" 58 | #include "krabs/filtering/predicates.hpp" 59 | #include "krabs/filtering/event_filter.hpp" 60 | 61 | #pragma warning(pop) 62 | -------------------------------------------------------------------------------- /ETW/krabs/krabs.runsettings: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | x64 6 | 7 | 8 | .\MTA.testsettings 9 | 10 | -------------------------------------------------------------------------------- /ETW/krabs/krabs/client.hpp: -------------------------------------------------------------------------------- 1 | // Copyright (c) Microsoft. All rights reserved. 2 | // Licensed under the MIT license. See LICENSE file in the project root for full license information. 3 | 4 | #pragma once 5 | 6 | #include "compiler_check.hpp" 7 | #include "ut.hpp" 8 | #include "kt.hpp" 9 | #include "trace.hpp" 10 | 11 | namespace krabs { 12 | 13 | /** 14 | * 15 | * Specialization of the base trace class for user traces. 16 | * 17 | */ 18 | typedef krabs::trace user_trace; 19 | 20 | /** 21 | * 22 | * Specialization of the base trace class for kernel traces. 23 | * 24 | */ 25 | typedef krabs::trace kernel_trace; 26 | } 27 | -------------------------------------------------------------------------------- /ETW/krabs/krabs/collection_view.hpp: -------------------------------------------------------------------------------- 1 | // Copyright (c) Microsoft. All rights reserved. 2 | // Licensed under the MIT license. See LICENSE file in the project root for full license information. 3 | 4 | #pragma once 5 | 6 | #include 7 | 8 | #include "compiler_check.hpp" 9 | 10 | namespace krabs { 11 | 12 | /** 13 | * Wraps a range of a collection starting at the location 14 | * specified by the begin iterator and ending a the location 15 | * specified by the end iterator. The underlying items are 16 | * left in-place and should be considered const 17 | */ 18 | template 19 | struct collection_view 20 | { 21 | private: 22 | const T beg_; 23 | const T end_; 24 | 25 | public: 26 | /** 27 | * Construct a new view for the range specified by the 28 | * iterators 'begin' and 'end' 29 | */ 30 | collection_view(const T begin, const T end) 31 | : beg_(begin) 32 | , end_(end) 33 | { } 34 | 35 | /** 36 | * Get the iterator for the beginning of the view range 37 | */ 38 | const T begin() const 39 | { 40 | return beg_; 41 | } 42 | 43 | /** 44 | * Get the iterator for the end of the view range 45 | */ 46 | const T end() const 47 | { 48 | return end_; 49 | } 50 | }; 51 | 52 | /** 53 | * Create a view over the range specified by iterators 'begin' and 'end' 54 | */ 55 | template 56 | inline collection_view view(const T& begin, const T& end) 57 | { 58 | return{ begin, end }; 59 | } 60 | 61 | /** 62 | * Create a const_iterator view over the specified string 63 | */ 64 | template 65 | inline collection_view::const_iterator> view(const std::basic_string& string) 66 | { 67 | return{ string.cbegin(), string.cend() }; 68 | } 69 | 70 | /** 71 | * Create a const view over the range starting at 'begin' extending 'length' items 72 | */ 73 | template 74 | inline collection_view view(const T* begin, size_t length) 75 | { 76 | return{ begin, begin + length }; 77 | } 78 | 79 | /** 80 | * Create a const view over the specified array 81 | */ 82 | template 83 | inline collection_view view(const T(&arr)[n]) 84 | { 85 | return{ arr, arr + n }; 86 | } 87 | 88 | } /* namespace krabs */ -------------------------------------------------------------------------------- /ETW/krabs/krabs/compiler_check.hpp: -------------------------------------------------------------------------------- 1 | // Copyright (c) Microsoft. All rights reserved. 2 | // Licensed under the MIT license. See LICENSE file in the project root for full license information. 3 | 4 | #pragma once 5 | 6 | #if (_MSC_VER < 1900) 7 | #error "krabsetw is only supported with Visual Studio 2015 and above (MSVC++ 14.0)" 8 | #endif 9 | -------------------------------------------------------------------------------- /ETW/krabs/krabs/filtering/view_adapters.hpp: -------------------------------------------------------------------------------- 1 | // Copyright (c) Microsoft. All rights reserved. 2 | // Licensed under the MIT license. See LICENSE file in the project root for full license information. 3 | 4 | #pragma once 5 | 6 | #include 7 | 8 | #include "../compiler_check.hpp" 9 | #include "../parser.hpp" 10 | 11 | namespace krabs { namespace predicates { 12 | 13 | namespace adapters { 14 | 15 | /** 16 | * View adapter for counted_string strings 17 | */ 18 | struct counted_string 19 | { 20 | using value_type = krabs::counted_string::value_type; 21 | using const_iterator = krabs::counted_string::const_iterator; 22 | 23 | collection_view operator()(const property_info& propInfo) 24 | { 25 | auto cs_ptr = reinterpret_cast(propInfo.pPropertyIndex_); 26 | return krabs::view(cs_ptr->string(), cs_ptr->length()); 27 | } 28 | }; 29 | 30 | /** 31 | * View adapter for fixed width and null-terminated strings 32 | */ 33 | template 34 | struct generic_string 35 | { 36 | using value_type = ElemT; 37 | using const_iterator = const value_type*; 38 | 39 | collection_view operator()(const property_info& propInfo) 40 | { 41 | auto pString = reinterpret_cast(propInfo.pPropertyIndex_); 42 | auto length = get_string_content_length(pString, propInfo.length_); 43 | 44 | return krabs::view(pString, length); 45 | } 46 | }; 47 | 48 | } /* namespace adapters */ 49 | 50 | } /* namespace predicates */ } /* namespace krabs */ -------------------------------------------------------------------------------- /ETW/krabs/krabs/lock.hpp: -------------------------------------------------------------------------------- 1 | // Copyright (c) Microsoft. All rights reserved. 2 | // Licensed under the MIT license. See LICENSE file in the project root for full license information. 3 | 4 | #pragma once 5 | 6 | #ifndef WIN32_LEAN_AND_MEAN 7 | #define WIN32_LEAN_AND_MEAN 8 | #endif 9 | 10 | #include 11 | 12 | #include "compiler_check.hpp" 13 | 14 | // Use: 15 | // static critical_section cs; 16 | // 17 | // scope_lock lock(cs); 18 | // ... /* code is synchronized in this scope */ 19 | 20 | namespace krabs { 21 | 22 | // Wraps a critical section for code synchronization 23 | class critical_section 24 | { 25 | private: 26 | mutable CRITICAL_SECTION critical; 27 | 28 | critical_section(const critical_section&) = delete; 29 | critical_section& operator=(const critical_section&) = delete; 30 | 31 | public: 32 | critical_section() 33 | { 34 | InitializeCriticalSection(&critical); 35 | } 36 | 37 | ~critical_section() 38 | { 39 | DeleteCriticalSection(&critical); 40 | } 41 | 42 | bool try_enter() const 43 | { 44 | return TryEnterCriticalSection(&critical) != FALSE; 45 | } 46 | 47 | void enter() const 48 | { 49 | EnterCriticalSection(&critical); 50 | } 51 | 52 | void leave() const 53 | { 54 | LeaveCriticalSection(&critical); 55 | } 56 | }; 57 | 58 | // RAII Wrapper for a entering and leaving a critical section 59 | class scope_lock 60 | { 61 | private: 62 | const critical_section& criticalInst; 63 | 64 | scope_lock& operator=(const scope_lock&) = delete; 65 | 66 | public: 67 | scope_lock(const critical_section& cs) : criticalInst(cs) 68 | { 69 | criticalInst.enter(); 70 | } 71 | 72 | scope_lock(const critical_section* cs) : criticalInst(*cs) 73 | { 74 | criticalInst.enter(); 75 | } 76 | 77 | ~scope_lock() 78 | { 79 | criticalInst.leave(); 80 | } 81 | }; 82 | } -------------------------------------------------------------------------------- /ETW/krabs/krabs/testing/event_filter_proxy.hpp: -------------------------------------------------------------------------------- 1 | // Copyright (c) Microsoft. All rights reserved. 2 | // Licensed under the MIT license. See LICENSE file in the project root for full license information. 3 | 4 | #pragma once 5 | 6 | #define INITGUID 7 | 8 | 9 | #include "../compiler_check.hpp" 10 | #include "../filtering/event_filter.hpp" 11 | #include "synth_record.hpp" 12 | 13 | namespace krabs { namespace testing { 14 | 15 | /** 16 | * 17 | * Serves as a fill-in for the event_filter class for testing purposes. 18 | * It acts as a liason for the actual filter instance and allows for forced event 19 | * testing. 20 | * 21 | */ 22 | class event_filter_proxy { 23 | public: 24 | 25 | /** 26 | * 27 | * Constructs a proxy for the given event_filter. 28 | * 29 | * 30 | * krabs::event_filter event_filter; 31 | * krabs::testing::event_filter_proxy proxy(event_filter); 32 | * 33 | */ 34 | event_filter_proxy(krabs::event_filter &filter); 35 | 36 | /** 37 | * 38 | * Pushes an event through to the proxied filter instance. 39 | * 40 | * 41 | * krabs::event_filter event_filter; 42 | * krabs::testing::event_filter_proxy proxy(event_filter); 43 | * 44 | * krabs::guid powershell(L"{A0C1853B-5C40-4B15-8766-3CF1C58F985A}"); 45 | * krabs::testing::record_builder builder(powershell, krabs::id(7942), krabs::version(1)); 46 | * 47 | * builder.add_properties() 48 | * (L"ClassName", L"FakeETWEventForRealz") 49 | * (L"Message", L"This message is completely faked"); 50 | * 51 | * auto record = builder.pack_incomplete(); 52 | * proxy.push_event(record); 53 | * 54 | */ 55 | void push_event(const synth_record &record); 56 | 57 | private: 58 | krabs::event_filter &event_filter_; 59 | }; 60 | 61 | // Implementation 62 | // ------------------------------------------------------------------------ 63 | 64 | inline event_filter_proxy::event_filter_proxy(krabs::event_filter &event_filter) 65 | : event_filter_(event_filter) 66 | { 67 | } 68 | 69 | inline void event_filter_proxy::push_event(const synth_record &record) 70 | { 71 | event_filter_.on_event(record); 72 | } 73 | 74 | } /* namespace testing */ } /* namespace krabs */ 75 | -------------------------------------------------------------------------------- /ETW/tests/ManagedETWTests/EtwTestsCS.runsettings: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | x64 5 | 6 | 7 | false 8 | 9 | -------------------------------------------------------------------------------- /ETW/tests/ManagedETWTests/Events/ImageLoadEvent.cs: -------------------------------------------------------------------------------- 1 | // Copyright (c) Microsoft. All rights reserved. 2 | // Licensed under the MIT license. See LICENSE file in the project root for full license information. 3 | 4 | using System; 5 | using Microsoft.O365.Security.ETW.Kernel; 6 | using Microsoft.O365.Security.ETW.Testing; 7 | 8 | namespace EtwTestsCS.Events 9 | { 10 | // For reference later: 11 | // https://msdn.microsoft.com/en-us/library/windows/desktop/aa364083(v=vs.85).aspx 12 | 13 | public class ImageLoadEvent 14 | { 15 | public readonly static string ProcessId = "ProcessId"; 16 | public readonly static string FileName = "FileName"; 17 | 18 | public readonly static Guid ProviderId = new ImageLoadProvider().Id; 19 | public readonly static int EventId = 0; 20 | public readonly static int Version = 3; 21 | public readonly static int OpCode = 2; 22 | 23 | public static SynthRecord CreateRecord( 24 | uint processId, 25 | string fileName) 26 | { 27 | using (var rb = new RecordBuilder(ProviderId, EventId, Version, OpCode)) 28 | { 29 | // NOTE: kernel events MUST have this flag set 30 | rb.Header.Flags = (ushort)EventHeaderFlags.TRACE_MESSAGE; 31 | 32 | rb.AddValue(ProcessId, processId); 33 | rb.AddUnicodeString(FileName, fileName); 34 | 35 | return rb.PackIncomplete(); 36 | } 37 | } 38 | } 39 | } 40 | -------------------------------------------------------------------------------- /ETW/tests/ManagedETWTests/Events/LogonEvent.cs: -------------------------------------------------------------------------------- 1 | // Copyright (c) Microsoft. All rights reserved. 2 | // Licensed under the MIT license. See LICENSE file in the project root for full license information. 3 | 4 | using System; 5 | using Microsoft.O365.Security.ETW.Testing; 6 | 7 | namespace EtwTestsCS.Events 8 | { 9 | public static class LogonEvent 10 | { 11 | public readonly static string TargetUserName = "TargetUserName"; 12 | public readonly static string LogonType = "LogonType"; 13 | 14 | public readonly static Guid ProviderId = Guid.Parse("199FE037-2B82-40A9-82AC-E1D46C792B99"); 15 | public readonly static int EventId = 301; 16 | public readonly static int Version = 0; 17 | 18 | public static SynthRecord CreateRecord( 19 | string username, 20 | uint logonType) 21 | { 22 | using (var rb = new RecordBuilder(ProviderId, EventId, Version)) 23 | { 24 | rb.AddUnicodeString(TargetUserName, username); 25 | rb.AddValue(LogonType, logonType); 26 | 27 | return rb.PackIncomplete(); 28 | } 29 | } 30 | } 31 | } 32 | -------------------------------------------------------------------------------- /ETW/tests/ManagedETWTests/Events/PowerShellEvent.cs: -------------------------------------------------------------------------------- 1 | // Copyright (c) Microsoft. All rights reserved. 2 | // Licensed under the MIT license. See LICENSE file in the project root for full license information. 3 | 4 | using System; 5 | using Microsoft.O365.Security.ETW.Testing; 6 | 7 | namespace EtwTestsCS.Events 8 | { 9 | public static class PowerShellEvent 10 | { 11 | public readonly static string UserData = "UserData"; 12 | public readonly static string ContextInfo = "ContextInfo"; 13 | public readonly static string Payload = "Payload"; 14 | 15 | public readonly static Guid ProviderId = Guid.Parse("a0c1853b-5c40-4b15-8766-3cf1c58f985a"); 16 | public readonly static int EventId = 7937; 17 | public readonly static int Version = 1; 18 | 19 | public static SynthRecord CreateRecord( 20 | string userData, 21 | string contextInfo, 22 | string payload) 23 | { 24 | using (var rb = new RecordBuilder(ProviderId, EventId, Version)) 25 | { 26 | rb.AddUnicodeString(UserData, userData); 27 | rb.AddUnicodeString(ContextInfo, contextInfo); 28 | rb.AddUnicodeString(Payload, payload); 29 | 30 | return rb.Pack(); 31 | } 32 | } 33 | } 34 | } 35 | -------------------------------------------------------------------------------- /ETW/tests/ManagedETWTests/Events/WinINetEvent.cs: -------------------------------------------------------------------------------- 1 | // Copyright (c) Microsoft. All rights reserved. 2 | // Licensed under the MIT license. See LICENSE file in the project root for full license information. 3 | 4 | using System; 5 | using Microsoft.O365.Security.ETW.Testing; 6 | 7 | namespace EtwTestsCS.Events 8 | { 9 | public static class WinINetEvent 10 | { 11 | public readonly static string URL = "URL"; 12 | public readonly static string Verb = "Verb"; 13 | public readonly static string Status = "Status"; 14 | 15 | public readonly static Guid ProviderId = Guid.Parse("43D1A55C-76D6-4F7E-995C-64C711E5CAFE"); 16 | public readonly static int EventId = 1057; 17 | public readonly static int Version = 0; 18 | 19 | public static SynthRecord CreateRecord( 20 | string url, 21 | string verb, 22 | uint status) 23 | { 24 | using (var rb = new RecordBuilder(ProviderId, EventId, Version)) 25 | { 26 | rb.AddAnsiString(URL, url); 27 | rb.AddAnsiString(Verb, verb); 28 | rb.AddValue(Status, status); 29 | 30 | return rb.PackIncomplete(); 31 | } 32 | } 33 | } 34 | } 35 | -------------------------------------------------------------------------------- /ETW/tests/ManagedETWTests/Filtering/describe_Fluent.cs: -------------------------------------------------------------------------------- 1 | // Copyright (c) Microsoft. All rights reserved. 2 | // Licensed under the MIT license. See LICENSE file in the project root for full license information. 3 | 4 | using System; 5 | using Microsoft.VisualStudio.TestTools.UnitTesting; 6 | 7 | using Microsoft.O365.Security.ETW; 8 | 9 | namespace EtwTestsCS.Filtering 10 | { 11 | using Events; 12 | 13 | [TestClass] 14 | public class describe_Fluent 15 | { 16 | // IsUInt32 17 | [TestMethod] 18 | public void when_int32_values_are_same_is_should_match() 19 | { 20 | UInt32 data = 5; 21 | var query = data; 22 | var record = LogonEvent.CreateRecord(String.Empty, data); 23 | var predicate = Filter.IsUInt32(LogonEvent.LogonType, query); 24 | 25 | Assert.IsTrue(predicate.Test(record)); 26 | } 27 | 28 | [TestMethod] 29 | public void when_int32_values_are_not_same_is_should_not_match() 30 | { 31 | UInt32 data = 0; 32 | UInt32 query = 1; 33 | var record = LogonEvent.CreateRecord(String.Empty, data); 34 | var predicate = Filter.IsUInt32(LogonEvent.LogonType, query); 35 | 36 | Assert.IsFalse(predicate.Test(record)); 37 | } 38 | } 39 | } 40 | -------------------------------------------------------------------------------- /ETW/tests/ManagedETWTests/Properties/AssemblyInfo.cs: -------------------------------------------------------------------------------- 1 | // Copyright (c) Microsoft. All rights reserved. 2 | // Licensed under the MIT license. See LICENSE file in the project root for full license information. 3 | 4 | using System.Reflection; 5 | using System.Runtime.CompilerServices; 6 | using System.Runtime.InteropServices; 7 | 8 | // General Information about an assembly is controlled through the following 9 | // set of attributes. Change these attribute values to modify the information 10 | // associated with an assembly. 11 | [assembly: AssemblyTitle("EtwTestsCS")] 12 | [assembly: AssemblyDescription("")] 13 | [assembly: AssemblyConfiguration("")] 14 | [assembly: AssemblyCompany("Microsoft")] 15 | [assembly: AssemblyProduct("EtwTestsCS")] 16 | [assembly: AssemblyCopyright("Copyright © 2016")] 17 | [assembly: AssemblyTrademark("")] 18 | [assembly: AssemblyCulture("")] 19 | 20 | // Setting ComVisible to false makes the types in this assembly not visible 21 | // to COM components. If you need to access a type in this assembly from 22 | // COM, set the ComVisible attribute to true on that type. 23 | [assembly: ComVisible(false)] 24 | 25 | // The following GUID is for the ID of the typelib if this project is exposed to COM 26 | [assembly: Guid("600cfe03-fd84-4323-9439-839d81c31972")] 27 | 28 | // Version information for an assembly consists of the following four values: 29 | // 30 | // Major Version 31 | // Minor Version 32 | // Build Number 33 | // Revision 34 | // 35 | // You can specify all the values or you can default the Build and Revision Numbers 36 | // by using the '*' as shown below: 37 | // [assembly: AssemblyVersion("1.0.*")] 38 | [assembly: AssemblyVersion("1.0.*")] 39 | //[assembly: AssemblyFileVersion("1.0.0.0")] 40 | -------------------------------------------------------------------------------- /ETW/tests/krabstests/krabstests.vcxproj.filters: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {f487a0d7-a9bd-4312-9754-a48123abca21} 10 | 11 | 12 | 13 | 14 | Source Files 15 | 16 | 17 | Source Files 18 | 19 | 20 | Source Files 21 | 22 | 23 | Source Files 24 | 25 | 26 | Source Files 27 | 28 | 29 | Source Files 30 | 31 | 32 | Source Files 33 | 34 | 35 | Source Files 36 | 37 | 38 | Source Files 39 | 40 | 41 | Source Files 42 | 43 | 44 | Source Files 45 | 46 | 47 | Source Files 48 | 49 | 50 | 51 | 52 | 53 | -------------------------------------------------------------------------------- /ETW/tests/krabstests/packages.config: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | -------------------------------------------------------------------------------- /ETW/tests/krabstests/test_collection_view.cpp: -------------------------------------------------------------------------------- 1 | // Copyright (c) Microsoft. All rights reserved. 2 | // Licensed under the MIT license. See LICENSE file in the project root for full license information. 3 | 4 | #include "CppUnitTest.h" 5 | #include 6 | 7 | using namespace Microsoft::VisualStudio::CppUnitTestFramework; 8 | 9 | namespace krabstests 10 | { 11 | TEST_CLASS(test_collection_view) 12 | { 13 | public: 14 | 15 | TEST_METHOD(should_iterate_vector) 16 | { 17 | std::vector vect{ 1, 2, 3 }; 18 | auto v = krabs::view(vect.begin(), vect.end()); 19 | 20 | Assert::IsTrue(std::equal(v.begin(), v.end(), vect.begin())); 21 | } 22 | 23 | TEST_METHOD(should_iterate_std_string) 24 | { 25 | std::string s = "this is the std::string"; 26 | auto v = krabs::view(s); 27 | 28 | Assert::IsTrue(std::equal(v.begin(), v.end(), s.begin())); 29 | } 30 | 31 | TEST_METHOD(should_iterate_std_wstring) 32 | { 33 | std::wstring s = L"this is the std::wstring"; 34 | auto v = krabs::view(s); 35 | 36 | Assert::IsTrue(std::equal(v.begin(), v.end(), s.begin())); 37 | } 38 | 39 | TEST_METHOD(should_iterate_c_string) 40 | { 41 | const char* s = "this is the c string"; 42 | std::string str(s); 43 | auto v = krabs::view(s, strlen(s)); 44 | 45 | Assert::IsTrue(std::equal(v.begin(), v.end(), str.begin())); 46 | } 47 | 48 | TEST_METHOD(should_iterate_wide_c_string) 49 | { 50 | const wchar_t* s = L"this is the c wstring"; 51 | std::wstring str(s); 52 | auto v = krabs::view(s, wcslen(s)); 53 | 54 | Assert::IsTrue(std::equal(v.begin(), v.end(), str.begin())); 55 | } 56 | 57 | TEST_METHOD(should_iterate_char_array) 58 | { 59 | const char s[] = "this is the string array"; 60 | std::string str(s); 61 | auto v = krabs::view(s, strlen(s)); 62 | 63 | Assert::IsTrue(std::equal(v.begin(), v.end(), str.begin())); 64 | } 65 | 66 | TEST_METHOD(should_iterate_counted_string) 67 | { 68 | const wchar_t* data = L"\x34" L"this is the counted string"; 69 | auto cs = (krabs::counted_string*)data; 70 | std::wstring str(cs->string_, cs->length()); 71 | auto v = krabs::view(cs->string_, cs->length()); 72 | 73 | Assert::IsTrue(std::equal(v.begin(), v.end(), str.begin())); 74 | } 75 | }; 76 | } -------------------------------------------------------------------------------- /ETW/tests/krabstests/test_kernel_providers.cpp: -------------------------------------------------------------------------------- 1 | // Copyright (c) Microsoft. All rights reserved. 2 | // Licensed under the MIT license. See LICENSE file in the project root for full license information. 3 | 4 | #include "CppUnitTest.h" 5 | #include 6 | 7 | using namespace Microsoft::VisualStudio::CppUnitTestFramework; 8 | 9 | namespace krabstests 10 | { 11 | TEST_CLASS(test_kernel_providers) 12 | { 13 | public: 14 | 15 | TEST_METHOD(should_be_instantiatable_compilation_test) 16 | { 17 | krabs::kernel_provider provider(EVENT_TRACE_FLAG_ALPC, krabs::guids::alpc); 18 | krabs::kernel::thread_dispatch_provider cs; 19 | } 20 | 21 | TEST_METHOD(should_allow_event_registration) 22 | { 23 | krabs::kernel::thread_dispatch_provider cs; 24 | cs.add_on_event_callback([](const EVENT_RECORD &) {}); 25 | } 26 | 27 | TEST_METHOD(should_be_addable_to_a_kernel_trace) 28 | { 29 | krabs::kernel_trace trace; 30 | krabs::kernel::thread_dispatch_provider cs; 31 | trace.enable(cs); 32 | } 33 | 34 | TEST_METHOD(should_filter_kernel_events_by_guid) 35 | { 36 | bool calledAlpc = false; 37 | bool calledImageLoad = false; 38 | 39 | krabs::kernel_trace trace; 40 | krabs::kernel::image_load_provider cs; 41 | cs.add_on_event_callback([&](const EVENT_RECORD &) { 42 | calledImageLoad = true; 43 | }); 44 | trace.enable(cs); 45 | 46 | krabs::kernel::alpc_provider ap; 47 | ap.add_on_event_callback([&](const EVENT_RECORD &) { 48 | calledAlpc = true; 49 | }); 50 | trace.enable(ap); 51 | 52 | krabs::testing::record_builder builder( 53 | krabs::guids::image_load, 54 | krabs::id(0), 55 | krabs::version(3), 56 | krabs::opcode(10)); 57 | 58 | builder.header().Flags = EVENT_HEADER_FLAG_CLASSIC_HEADER 59 | | EVENT_HEADER_FLAG_64_BIT_HEADER 60 | | EVENT_HEADER_FLAG_PROCESSOR_INDEX; 61 | 62 | auto record = builder.pack_incomplete(); 63 | krabs::testing::kernel_trace_proxy proxy(trace); 64 | proxy.push_event(record); 65 | 66 | Assert::IsTrue(calledImageLoad); 67 | Assert::IsFalse(calledAlpc); 68 | } 69 | }; 70 | } -------------------------------------------------------------------------------- /ETW/tests/krabstests/test_parse_types.cpp: -------------------------------------------------------------------------------- 1 | // Copyright (c) Microsoft. All rights reserved. 2 | // Licensed under the MIT license. See LICENSE file in the project root for full license information. 3 | 4 | #include "CppUnitTest.h" 5 | #include 6 | 7 | using namespace Microsoft::VisualStudio::CppUnitTestFramework; 8 | 9 | namespace krabstests 10 | { 11 | TEST_CLASS(test_parse_types) 12 | { 13 | public: 14 | TEST_METHOD(counted_string) 15 | { 16 | // the counted string is len 5 (10 bytes), pack(1) and doesn't include ! chars 17 | const wchar_t* counted_string_data = L"\x0A" L"ABCDE!!!!!"; 18 | auto cs = reinterpret_cast(counted_string_data); 19 | 20 | Assert::IsTrue(cs->size_ == 0x0A); 21 | Assert::IsTrue(cs->string_[0] == 'A'); 22 | } 23 | }; 24 | } -------------------------------------------------------------------------------- /ETW/tests/krabstests/test_symbol_clash.cpp: -------------------------------------------------------------------------------- 1 | // Copyright (c) Microsoft. All rights reserved. 2 | // Licensed under the MIT license. See LICENSE file in the project root for full license information. 3 | 4 | #include 5 | 6 | // This file exists solely to cause a double-inclusion of krabs code into the same binary. 7 | // The reason we're doing this is that we want to make sure we've correctly inlined or 8 | // templated every function in krabs. 9 | // 10 | // Because krabs is a header-only library, multiple inclusion of krabs can cause symbols to 11 | // be defined multiple times in the compiled executable. This results in a compiler error. 12 | // It is hard to check for this manually, so we force the issue. 13 | // 14 | // NOTE: Making sure the files are all #pragma once'd is a good first step, but that does 15 | // not prevent symbol errors. We need to make sure all functions are inlined or 16 | // templated in order to fix linker errors. 17 | -------------------------------------------------------------------------------- /ETW/tests/krabstests/test_synth_record.cpp: -------------------------------------------------------------------------------- 1 | // Copyright (c) Microsoft. All rights reserved. 2 | // Licensed under the MIT license. See LICENSE file in the project root for full license information. 3 | 4 | #include "CppUnitTest.h" 5 | #include 6 | 7 | using namespace Microsoft::VisualStudio::CppUnitTestFramework; 8 | 9 | namespace krabstests 10 | { 11 | TEST_CLASS(test_synth_record) 12 | { 13 | public: 14 | 15 | TEST_METHOD(should_deep_copy) 16 | { 17 | EVENT_RECORD record; 18 | std::vector data{ 0 }; 19 | 20 | krabs::testing::synth_record first(record, data); 21 | krabs::testing::synth_record second(first); 22 | 23 | auto& first_rec = reinterpret_cast(first); 24 | auto& second_rec = reinterpret_cast(second); 25 | 26 | Assert::AreNotEqual(second_rec.UserData, first_rec.UserData); 27 | } 28 | 29 | TEST_METHOD(should_move) 30 | { 31 | EVENT_RECORD record; 32 | std::vector data{ 0 }; 33 | 34 | krabs::testing::synth_record first(record, data); 35 | 36 | auto first_data = reinterpret_cast(first).UserData; 37 | 38 | krabs::testing::synth_record second(std::move(first)); 39 | auto& second_rec = (EVENT_RECORD&)second; 40 | 41 | Assert::AreEqual(second_rec.UserData, first_data); 42 | } 43 | }; 44 | } -------------------------------------------------------------------------------- /ETW/tests/krabstests/test_user_providers.cpp: -------------------------------------------------------------------------------- 1 | // Copyright (c) Microsoft. All rights reserved. 2 | // Licensed under the MIT license. See LICENSE file in the project root for full license information. 3 | 4 | #include "CppUnitTest.h" 5 | #include 6 | 7 | using namespace Microsoft::VisualStudio::CppUnitTestFramework; 8 | 9 | namespace krabstests 10 | { 11 | static DWORD WINAPI threadproc(void*) 12 | { 13 | krabs::provider<> foo(L"Microsoft-Windows-WinINet"); 14 | return 0; 15 | } 16 | 17 | TEST_CLASS(test_user_providers) 18 | { 19 | public: 20 | 21 | TEST_METHOD(should_be_instantiatable_compilation_test) 22 | { 23 | krabs::provider<> foo(krabs::guid::random_guid()); 24 | } 25 | 26 | TEST_METHOD(should_be_instantiatable_by_name) 27 | { 28 | // Because of VS's goobiness, we need a new thread 29 | // to create this type in. VS Test Runner starts the current 30 | // thread and initializes the STA COM apartment but krabsetw 31 | // wants to initialize as a MTA COM apartment. 32 | DWORD thread_id = 0; 33 | 34 | HANDLE my_thread = CreateThread( 35 | nullptr, 36 | 0, 37 | reinterpret_cast(threadproc), 38 | nullptr, 39 | 0, 40 | &thread_id); 41 | 42 | Assert::IsFalse(my_thread == nullptr); 43 | 44 | // Infinite wait... which should actually be fine 45 | // since we are literally creating a type and returning. 46 | WaitForSingleObject(my_thread, INFINITE); 47 | 48 | if (my_thread != nullptr) CloseHandle(my_thread); 49 | } 50 | 51 | TEST_METHOD(should_allow_event_registration) 52 | { 53 | krabs::provider<> foo(krabs::guid::random_guid()); 54 | foo.add_on_event_callback([](const EVENT_RECORD &) {}); 55 | } 56 | 57 | TEST_METHOD(should_allow_any_all_level_flag_settings) 58 | { 59 | krabs::provider<> foo(krabs::guid::random_guid()); 60 | foo.any(0x23); 61 | foo.all(0xFF); 62 | foo.level(0x0); 63 | } 64 | 65 | TEST_METHOD(should_be_addable_to_user_trace) 66 | { 67 | krabs::user_trace trace; 68 | krabs::provider<> foo(krabs::guid::random_guid()); 69 | trace.enable(foo); 70 | } 71 | }; 72 | } -------------------------------------------------------------------------------- /FirewallCore/FirewallCore.vcxproj.filters: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {93995380-89BD-4b04-88EB-625FBE52EBFB} 10 | h;hh;hpp;hxx;hm;inl;inc;ipp;xsd 11 | 12 | 13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} 14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms 15 | 16 | 17 | 18 | 19 | Header Files 20 | 21 | 22 | Header Files 23 | 24 | 25 | Header Files 26 | 27 | 28 | 29 | 30 | Source Files 31 | 32 | 33 | Source Files 34 | 35 | 36 | Source Files 37 | 38 | 39 | 40 | 41 | Resource Files 42 | 43 | 44 | 45 | 46 | Resource Files 47 | 48 | 49 | -------------------------------------------------------------------------------- /ICSharpCode.TreeView/Converters.cs: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2014 AlphaSierraPapa for the SharpDevelop Team 2 | // 3 | // Permission is hereby granted, free of charge, to any person obtaining a copy of this 4 | // software and associated documentation files (the "Software"), to deal in the Software 5 | // without restriction, including without limitation the rights to use, copy, modify, merge, 6 | // publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons 7 | // to whom the Software is furnished to do so, subject to the following conditions: 8 | // 9 | // The above copyright notice and this permission notice shall be included in all copies or 10 | // substantial portions of the Software. 11 | // 12 | // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, 13 | // INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR 14 | // PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE 15 | // FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR 16 | // OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER 17 | // DEALINGS IN THE SOFTWARE. 18 | 19 | using System; 20 | using System.Collections.Generic; 21 | using System.Linq; 22 | using System.Text; 23 | using System.Windows; 24 | using System.Windows.Markup; 25 | using System.Windows.Data; 26 | using System.Globalization; 27 | 28 | namespace ICSharpCode.TreeView 29 | { 30 | public class CollapsedWhenFalse : MarkupExtension, IValueConverter 31 | { 32 | public static CollapsedWhenFalse Instance = new CollapsedWhenFalse(); 33 | 34 | public override object ProvideValue(IServiceProvider serviceProvider) 35 | { 36 | return Instance; 37 | } 38 | 39 | public object Convert(object value, Type targetType, object parameter, CultureInfo culture) 40 | { 41 | return (bool)value ? Visibility.Visible : Visibility.Collapsed; 42 | } 43 | 44 | public object ConvertBack(object value, Type targetType, object parameter, CultureInfo culture) 45 | { 46 | throw new NotImplementedException(); 47 | } 48 | } 49 | } 50 | -------------------------------------------------------------------------------- /ICSharpCode.TreeView/ExtensionMethods.cs: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2014 AlphaSierraPapa for the SharpDevelop Team 2 | // 3 | // Permission is hereby granted, free of charge, to any person obtaining a copy of this 4 | // software and associated documentation files (the "Software"), to deal in the Software 5 | // without restriction, including without limitation the rights to use, copy, modify, merge, 6 | // publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons 7 | // to whom the Software is furnished to do so, subject to the following conditions: 8 | // 9 | // The above copyright notice and this permission notice shall be included in all copies or 10 | // substantial portions of the Software. 11 | // 12 | // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, 13 | // INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR 14 | // PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE 15 | // FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR 16 | // OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER 17 | // DEALINGS IN THE SOFTWARE. 18 | 19 | using System; 20 | using System.Collections.Generic; 21 | using System.Linq; 22 | using System.Text; 23 | using System.Windows.Media; 24 | using System.Windows; 25 | using System.Collections; 26 | using System.Windows.Input; 27 | 28 | namespace ICSharpCode.TreeView 29 | { 30 | static class ExtensionMethods 31 | { 32 | public static T FindAncestor(this DependencyObject d) where T : class 33 | { 34 | return AncestorsAndSelf(d).OfType().FirstOrDefault(); 35 | } 36 | 37 | public static IEnumerable AncestorsAndSelf(this DependencyObject d) 38 | { 39 | while (d != null) { 40 | yield return d; 41 | d = VisualTreeHelper.GetParent(d); 42 | } 43 | } 44 | 45 | public static void AddOnce(this IList list, object item) 46 | { 47 | if (!list.Contains(item)) { 48 | list.Add(item); 49 | } 50 | } 51 | } 52 | } 53 | -------------------------------------------------------------------------------- /ICSharpCode.TreeView/GeneralAdorner.cs: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2014 AlphaSierraPapa for the SharpDevelop Team 2 | // 3 | // Permission is hereby granted, free of charge, to any person obtaining a copy of this 4 | // software and associated documentation files (the "Software"), to deal in the Software 5 | // without restriction, including without limitation the rights to use, copy, modify, merge, 6 | // publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons 7 | // to whom the Software is furnished to do so, subject to the following conditions: 8 | // 9 | // The above copyright notice and this permission notice shall be included in all copies or 10 | // substantial portions of the Software. 11 | // 12 | // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, 13 | // INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR 14 | // PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE 15 | // FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR 16 | // OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER 17 | // DEALINGS IN THE SOFTWARE. 18 | 19 | using System; 20 | using System.Collections.Generic; 21 | using System.Linq; 22 | using System.Text; 23 | using System.Windows.Documents; 24 | using System.Windows; 25 | using System.Windows.Media; 26 | 27 | namespace ICSharpCode.TreeView 28 | { 29 | public class GeneralAdorner : Adorner 30 | { 31 | public GeneralAdorner(UIElement target) 32 | : base(target) 33 | { 34 | } 35 | 36 | FrameworkElement child; 37 | 38 | public FrameworkElement Child 39 | { 40 | get 41 | { 42 | return child; 43 | } 44 | set 45 | { 46 | if (child != value) { 47 | RemoveVisualChild(child); 48 | RemoveLogicalChild(child); 49 | child = value; 50 | AddLogicalChild(value); 51 | AddVisualChild(value); 52 | InvalidateMeasure(); 53 | } 54 | } 55 | } 56 | 57 | protected override int VisualChildrenCount 58 | { 59 | get { return child == null ? 0 : 1; } 60 | } 61 | 62 | protected override Visual GetVisualChild(int index) 63 | { 64 | return child; 65 | } 66 | 67 | protected override Size MeasureOverride(Size constraint) 68 | { 69 | if (child != null) { 70 | child.Measure(constraint); 71 | return child.DesiredSize; 72 | } 73 | return new Size(); 74 | } 75 | 76 | protected override Size ArrangeOverride(Size finalSize) 77 | { 78 | if (child != null) { 79 | child.Arrange(new Rect(finalSize)); 80 | return finalSize; 81 | } 82 | return new Size(); 83 | } 84 | } 85 | } 86 | -------------------------------------------------------------------------------- /ICSharpCode.TreeView/InsertMarker.cs: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2014 AlphaSierraPapa for the SharpDevelop Team 2 | // 3 | // Permission is hereby granted, free of charge, to any person obtaining a copy of this 4 | // software and associated documentation files (the "Software"), to deal in the Software 5 | // without restriction, including without limitation the rights to use, copy, modify, merge, 6 | // publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons 7 | // to whom the Software is furnished to do so, subject to the following conditions: 8 | // 9 | // The above copyright notice and this permission notice shall be included in all copies or 10 | // substantial portions of the Software. 11 | // 12 | // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, 13 | // INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR 14 | // PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE 15 | // FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR 16 | // OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER 17 | // DEALINGS IN THE SOFTWARE. 18 | 19 | using System; 20 | using System.Collections.Generic; 21 | using System.Linq; 22 | using System.Text; 23 | using System.Windows.Controls; 24 | using System.Windows; 25 | 26 | namespace ICSharpCode.TreeView 27 | { 28 | public class InsertMarker : Control 29 | { 30 | static InsertMarker() 31 | { 32 | DefaultStyleKeyProperty.OverrideMetadata(typeof(InsertMarker), 33 | new FrameworkPropertyMetadata(typeof(InsertMarker))); 34 | } 35 | } 36 | } 37 | -------------------------------------------------------------------------------- /ICSharpCode.TreeView/LinesRenderer.cs: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2014 AlphaSierraPapa for the SharpDevelop Team 2 | // 3 | // Permission is hereby granted, free of charge, to any person obtaining a copy of this 4 | // software and associated documentation files (the "Software"), to deal in the Software 5 | // without restriction, including without limitation the rights to use, copy, modify, merge, 6 | // publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons 7 | // to whom the Software is furnished to do so, subject to the following conditions: 8 | // 9 | // The above copyright notice and this permission notice shall be included in all copies or 10 | // substantial portions of the Software. 11 | // 12 | // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, 13 | // INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR 14 | // PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE 15 | // FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR 16 | // OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER 17 | // DEALINGS IN THE SOFTWARE. 18 | 19 | using System; 20 | using System.Collections.Generic; 21 | using System.Linq; 22 | using System.Text; 23 | using System.Windows; 24 | using System.Windows.Media; 25 | 26 | namespace ICSharpCode.TreeView 27 | { 28 | class LinesRenderer : FrameworkElement 29 | { 30 | static LinesRenderer() 31 | { 32 | pen = new Pen(Brushes.LightGray, 1); 33 | pen.Freeze(); 34 | } 35 | 36 | static Pen pen; 37 | 38 | SharpTreeNodeView NodeView 39 | { 40 | get { return TemplatedParent as SharpTreeNodeView; } 41 | } 42 | 43 | protected override void OnRender(DrawingContext dc) 44 | { 45 | var indent = NodeView.CalculateIndent(); 46 | var p = new Point(indent + 4.5, 0); 47 | 48 | if (!NodeView.Node.IsRoot || NodeView.ParentTreeView.ShowRootExpander) { 49 | dc.DrawLine(pen, new Point(p.X, ActualHeight / 2), new Point(p.X + 10, ActualHeight / 2)); 50 | } 51 | 52 | if (NodeView.Node.IsRoot) return; 53 | 54 | if (NodeView.Node.IsLast) { 55 | dc.DrawLine(pen, p, new Point(p.X, ActualHeight / 2)); 56 | } 57 | else { 58 | dc.DrawLine(pen, p, new Point(p.X, ActualHeight)); 59 | } 60 | 61 | var current = NodeView.Node; 62 | while (true) { 63 | p.X -= 19; 64 | current = current.Parent; 65 | if (p.X < 0) break; 66 | if (!current.IsLast) { 67 | dc.DrawLine(pen, p, new Point(p.X, ActualHeight)); 68 | } 69 | } 70 | } 71 | } 72 | } 73 | -------------------------------------------------------------------------------- /ICSharpCode.TreeView/Properties/GlobalAssemblyInfo.cs: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2010-2013 AlphaSierraPapa for the SharpDevelop Team 2 | // 3 | // Permission is hereby granted, free of charge, to any person obtaining a copy of this 4 | // software and associated documentation files (the "Software"), to deal in the Software 5 | // without restriction, including without limitation the rights to use, copy, modify, merge, 6 | // publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons 7 | // to whom the Software is furnished to do so, subject to the following conditions: 8 | // 9 | // The above copyright notice and this permission notice shall be included in all copies or 10 | // substantial portions of the Software. 11 | // 12 | // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, 13 | // INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR 14 | // PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE 15 | // FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR 16 | // OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER 17 | // DEALINGS IN THE SOFTWARE. 18 | 19 | #region Using directives 20 | 21 | using System; 22 | using System.Reflection; 23 | using System.Runtime.InteropServices; 24 | 25 | #endregion 26 | 27 | // General Information about an assembly is controlled through the following 28 | // set of attributes. Change these attribute values to modify the information 29 | // associated with an assembly. 30 | [assembly: AssemblyCompany("ICSharpCode")] 31 | [assembly: AssemblyProduct("SharpDevelop/MonoDevelop")] 32 | [assembly: AssemblyCopyright("Copyright 2010-2014 AlphaSierraPapa and Xamarin Inc.")] 33 | 34 | // This sets the default COM visibility of types in the assembly to invisible. 35 | // If you need to expose a type to COM, use [ComVisible(true)] on that type. 36 | [assembly: ComVisible(false)] 37 | 38 | // We keep the AssemblyVersion at 5.0.0.0 for all versions of NRefactory 5. 39 | // This eliminates the need for binding redirects. 40 | [assembly: AssemblyVersion("5.0.0.0")] 41 | 42 | // [AssemblyFileVersion] is the version of the NuGet package, 43 | // Versions with breaking changes / new features should increment the 'minor' (2nd) number. 44 | // Bugfix releases should increment the 'build' (3rd) number. 45 | [assembly: AssemblyFileVersion("5.4.0")] 46 | -------------------------------------------------------------------------------- /ICSharpCode.TreeView/SharpGridView.cs: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2014 AlphaSierraPapa for the SharpDevelop Team 2 | // 3 | // Permission is hereby granted, free of charge, to any person obtaining a copy of this 4 | // software and associated documentation files (the "Software"), to deal in the Software 5 | // without restriction, including without limitation the rights to use, copy, modify, merge, 6 | // publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons 7 | // to whom the Software is furnished to do so, subject to the following conditions: 8 | // 9 | // The above copyright notice and this permission notice shall be included in all copies or 10 | // substantial portions of the Software. 11 | // 12 | // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, 13 | // INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR 14 | // PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE 15 | // FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR 16 | // OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER 17 | // DEALINGS IN THE SOFTWARE. 18 | 19 | using System; 20 | using System.Collections.Generic; 21 | using System.Linq; 22 | using System.Text; 23 | using System.Windows.Controls; 24 | using System.Windows; 25 | 26 | namespace ICSharpCode.TreeView 27 | { 28 | public class SharpGridView : GridView 29 | { 30 | static SharpGridView() 31 | { 32 | ItemContainerStyleKey = 33 | new ComponentResourceKey(typeof(SharpTreeView), "GridViewItemContainerStyleKey"); 34 | } 35 | 36 | public static ResourceKey ItemContainerStyleKey { get; private set; } 37 | 38 | protected override object ItemContainerDefaultStyleKey 39 | { 40 | get 41 | { 42 | return ItemContainerStyleKey; 43 | } 44 | } 45 | } 46 | } 47 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DavidXanatos/priv10/abf0ff5fa8a7332293f0bf42ae847ba38cd79d53/LICENSE -------------------------------------------------------------------------------- /LocalPolicy/AssemblyInfoHelper.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Linq; 3 | using System.Reflection; 4 | using System.Runtime.InteropServices; 5 | 6 | namespace LocalPolicy 7 | { 8 | internal class AssemblyInfoHelper 9 | { 10 | internal static T GetAssemblyAttribute() 11 | where T : Attribute 12 | { 13 | var assembly = Assembly.GetExecutingAssembly(); 14 | return GetAssemblyAttribute(assembly); 15 | } 16 | 17 | internal static T GetAssemblyAttribute(Assembly assembly) 18 | where T : Attribute 19 | { 20 | object[] attributes = assembly.GetCustomAttributes(typeof(T), true); 21 | if (attributes == null || attributes.Length == 0) 22 | return null; 23 | 24 | return (T)attributes.First(); 25 | } 26 | } 27 | } 28 | -------------------------------------------------------------------------------- /LocalPolicy/GroupPolicyException.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | 3 | namespace LocalPolicy 4 | { 5 | public class GroupPolicyException : Exception 6 | { 7 | internal GroupPolicyException(string message) 8 | : base(message) { } 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /LocalPolicy/GroupPolicyObjectOptions.cs: -------------------------------------------------------------------------------- 1 |  2 | namespace LocalPolicy 3 | { 4 | public struct GroupPolicyObjectOptions 5 | { 6 | public readonly bool UserEnabled; 7 | public readonly bool MachineEnabled; 8 | 9 | public GroupPolicyObjectOptions(bool userEnabled = true, bool machineEnabled = true) 10 | { 11 | UserEnabled = userEnabled; 12 | MachineEnabled = machineEnabled; 13 | } 14 | public GroupPolicyObjectOptions(uint flag) 15 | { 16 | UserEnabled = (flag & disableUserFlag) == 0; 17 | MachineEnabled = (flag & disableMachineFlag) == 0; 18 | } 19 | 20 | private const uint disableUserFlag = 0x00000001; 21 | private const uint disableMachineFlag = 0x00000002; 22 | 23 | internal uint Flag 24 | { 25 | get 26 | { 27 | uint flag = 0x00000000; 28 | if (!UserEnabled) 29 | flag |= disableUserFlag; 30 | if (!MachineEnabled) 31 | flag |= disableMachineFlag; 32 | return flag; 33 | } 34 | } 35 | 36 | internal uint Mask 37 | { 38 | get 39 | { 40 | // We always change everything 41 | return disableUserFlag 42 | | disableMachineFlag; 43 | } 44 | } 45 | } 46 | } 47 | -------------------------------------------------------------------------------- /LocalPolicy/GroupPolicyObjectSettings.cs: -------------------------------------------------------------------------------- 1 | namespace LocalPolicy 2 | { 3 | public class GroupPolicyObjectSettings 4 | { 5 | public readonly bool LoadRegistryInformation; 6 | public readonly bool Readonly; 7 | 8 | public GroupPolicyObjectSettings(bool loadRegistryInfo = true, bool readOnly = false) 9 | { 10 | LoadRegistryInformation = loadRegistryInfo; 11 | Readonly = readOnly; 12 | } 13 | 14 | private const uint registryFlag = 0x00000001; 15 | private const uint readonlyFlag = 0x00000002; 16 | 17 | internal uint Flag 18 | { 19 | get 20 | { 21 | uint flag = 0x00000000; 22 | if (LoadRegistryInformation) 23 | flag |= registryFlag; 24 | if (Readonly) 25 | flag |= readonlyFlag; 26 | return flag; 27 | } 28 | } 29 | } 30 | } 31 | -------------------------------------------------------------------------------- /LocalPolicy/GroupPolicySection.cs: -------------------------------------------------------------------------------- 1 |  2 | namespace LocalPolicy 3 | { 4 | public enum GroupPolicySection 5 | { 6 | Root = 0, 7 | User = 1, 8 | Machine = 2, 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /LocalPolicy/LocalPolicy - README.md: -------------------------------------------------------------------------------- 1 | # README # 2 | 3 | See [this blog post](http://www.lshift.net/blog/2013/03/25/programmatically-updating-local-policy-in-windows/) for an introduction to the library. 4 | 5 | Please note, when using this library your program needs to run 6 | 7 | * As a single-threaded apartment. This means decorating your Main method with the `[STAThread]` attribute. See [here](http://msdn.microsoft.com/en-gb/library/windows/desktop/ms680112(v=vs.85).aspx) for more documentation. 8 | * With administrator privileges -------------------------------------------------------------------------------- /LocalPolicy/LocalPolicy - license.txt: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2013 Martin Eden, LShift Ltd. 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: 6 | 7 | The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. 8 | 9 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. -------------------------------------------------------------------------------- /LocalPolicy/Properties/AssemblyInfo.cs: -------------------------------------------------------------------------------- 1 | using System.Reflection; 2 | using System.Runtime.InteropServices; 3 | 4 | [assembly: AssemblyTitle("LocalPolicy")] 5 | [assembly: AssemblyCompany("LShift")] 6 | [assembly: AssemblyProduct("LocalPolicy")] 7 | [assembly: AssemblyCopyright("Copyright LShift © 2014")] 8 | [assembly: ComVisible(false)] 9 | [assembly: Guid("871be5be-5b76-4ec1-800b-3d96758c2f18")] 10 | [assembly: AssemblyVersion("1.0.0.1")] 11 | [assembly: AssemblyFileVersion("1.0.0.1")] 12 | -------------------------------------------------------------------------------- /LocalPolicy/RequiresSingleThreadedApartmentException.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | 3 | namespace LocalPolicy 4 | { 5 | public class RequiresSingleThreadedApartmentException : Exception 6 | { 7 | const string message = "This library requires use of a single-threaded apartment. Decorate your main method with the [STAThread] attribute. See http://msdn.microsoft.com/en-gb/library/windows/desktop/ms680112(v=vs.85).aspx for more documentation"; 8 | 9 | public RequiresSingleThreadedApartmentException(Exception innerException) 10 | : base(message, innerException) { } 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /MiscHelpers/Common/ClonableDictionary.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.Linq; 4 | using System.Text; 5 | using System.Threading.Tasks; 6 | 7 | namespace MiscHelpers 8 | { 9 | public class CloneableDictionary : Dictionary 10 | { 11 | public CloneableDictionary Clone() // shallow copy! 12 | { 13 | CloneableDictionary clone = new CloneableDictionary(); 14 | foreach (KeyValuePair kvp in this) 15 | { 16 | clone.Add(kvp.Key, kvp.Value); 17 | } 18 | return clone; 19 | } 20 | } 21 | } -------------------------------------------------------------------------------- /MiscHelpers/Common/ClonableList.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.Linq; 4 | using System.Text; 5 | using System.Threading.Tasks; 6 | 7 | namespace MiscHelpers 8 | { 9 | public class CloneableList : List 10 | { 11 | public CloneableList Clone() // shallow copy! 12 | { 13 | CloneableList clone = new CloneableList(); 14 | foreach (TValue v in this) 15 | { 16 | clone.Add(v); 17 | } 18 | return clone; 19 | } 20 | } 21 | } -------------------------------------------------------------------------------- /MiscHelpers/Properties/AssemblyInfo.cs: -------------------------------------------------------------------------------- 1 | using System.Reflection; 2 | using System.Runtime.CompilerServices; 3 | using System.Runtime.InteropServices; 4 | 5 | // General Information about an assembly is controlled through the following 6 | // set of attributes. Change these attribute values to modify the information 7 | // associated with an assembly. 8 | [assembly: AssemblyTitle("MiscHelpers")] 9 | [assembly: AssemblyDescription("")] 10 | [assembly: AssemblyConfiguration("")] 11 | [assembly: AssemblyCompany("")] 12 | [assembly: AssemblyProduct("MiscHelpers")] 13 | [assembly: AssemblyCopyright("Copyright © 2020")] 14 | [assembly: AssemblyTrademark("")] 15 | [assembly: AssemblyCulture("")] 16 | 17 | // Setting ComVisible to false makes the types in this assembly not visible 18 | // to COM components. If you need to access a type in this assembly from 19 | // COM, set the ComVisible attribute to true on that type. 20 | [assembly: ComVisible(false)] 21 | 22 | // The following GUID is for the ID of the typelib if this project is exposed to COM 23 | [assembly: Guid("694c85c2-bb43-4525-a953-709050002631")] 24 | 25 | // Version information for an assembly consists of the following four values: 26 | // 27 | // Major Version 28 | // Minor Version 29 | // Build Number 30 | // Revision 31 | // 32 | // You can specify all the values or you can default the Build and Revision Numbers 33 | // by using the '*' as shown below: 34 | // [assembly: AssemblyVersion("1.0.*")] 35 | [assembly: AssemblyVersion("1.0.0.0")] 36 | [assembly: AssemblyFileVersion("1.0.0.0")] 37 | -------------------------------------------------------------------------------- /PRIVACY_POLICY.md: -------------------------------------------------------------------------------- 1 | All data are processed local on the users own device, no personal information's of any kind are send to the cloud. -------------------------------------------------------------------------------- /PrivateAPI/Core/ProgramConfig.cs: -------------------------------------------------------------------------------- 1 | using MiscHelpers; 2 | using System; 3 | using System.Collections.Generic; 4 | using System.Linq; 5 | using System.Runtime.Serialization; 6 | using System.Text; 7 | using System.Threading.Tasks; 8 | 9 | namespace PrivateAPI 10 | { 11 | 12 | [Serializable()] 13 | [DataContract(Name = "ProgramConfig", Namespace = "http://schemas.datacontract.org/")] 14 | public class ProgramConfig 15 | { 16 | [DataMember()] 17 | public string Name = ""; 18 | [DataMember()] 19 | public string Category = ""; 20 | [DataMember()] 21 | public string Icon = null; 22 | 23 | public enum AccessLevels 24 | { 25 | Unconfigured = 0, 26 | FullAccess, 27 | OutBoundAccess, 28 | InBoundAccess, 29 | CustomConfig, 30 | LocalOnly, 31 | BlockAccess, 32 | StopNotify, 33 | AnyValue, 34 | WarningState 35 | } 36 | 37 | [DataMember()] 38 | public bool? Notify = null; 39 | public bool? GetNotify() { return IsSilenced() ? (bool?)false : Notify; } 40 | public void SetNotify(bool? set) { SilenceUntill = 0; Notify = set; } 41 | [DataMember()] 42 | public UInt64 SilenceUntill = 0; 43 | public bool IsSilenced() { return SilenceUntill != 0 && SilenceUntill > MiscFunc.GetUTCTime(); } 44 | [DataMember()] 45 | public AccessLevels NetAccess = AccessLevels.Unconfigured; 46 | [DataMember()] 47 | public AccessLevels CurAccess = AccessLevels.Unconfigured; 48 | public AccessLevels GetAccess() 49 | { 50 | if (NetAccess == AccessLevels.Unconfigured) 51 | return CurAccess; 52 | else 53 | return NetAccess; 54 | } 55 | 56 | public ProgramConfig Clone() 57 | { 58 | var config = new ProgramConfig(); 59 | 60 | config.Name = this.Name; 61 | config.Category = this.Category; 62 | config.Icon = this.Icon; 63 | 64 | config.Notify = this.Notify; 65 | config.SilenceUntill = this.SilenceUntill; 66 | config.NetAccess = this.NetAccess; 67 | config.CurAccess = this.CurAccess; 68 | 69 | return config; 70 | } 71 | 72 | // Custom option 73 | // todo 74 | } 75 | } 76 | -------------------------------------------------------------------------------- /PrivateAPI/Properties/AssemblyInfo.cs: -------------------------------------------------------------------------------- 1 | using System.Reflection; 2 | using System.Runtime.CompilerServices; 3 | using System.Runtime.InteropServices; 4 | 5 | // General Information about an assembly is controlled through the following 6 | // set of attributes. Change these attribute values to modify the information 7 | // associated with an assembly. 8 | [assembly: AssemblyTitle("PrivateIPC")] 9 | [assembly: AssemblyDescription("")] 10 | [assembly: AssemblyConfiguration("")] 11 | [assembly: AssemblyCompany("")] 12 | [assembly: AssemblyProduct("PrivateIPC")] 13 | [assembly: AssemblyCopyright("Copyright © 2020")] 14 | [assembly: AssemblyTrademark("")] 15 | [assembly: AssemblyCulture("")] 16 | 17 | // Setting ComVisible to false makes the types in this assembly not visible 18 | // to COM components. If you need to access a type in this assembly from 19 | // COM, set the ComVisible attribute to true on that type. 20 | [assembly: ComVisible(false)] 21 | 22 | // The following GUID is for the ID of the typelib if this project is exposed to COM 23 | [assembly: Guid("2370ee89-9321-408d-9806-90720b6ddea4")] 24 | 25 | // Version information for an assembly consists of the following four values: 26 | // 27 | // Major Version 28 | // Minor Version 29 | // Build Number 30 | // Revision 31 | // 32 | // You can specify all the values or you can default the Build and Revision Numbers 33 | // by using the '*' as shown below: 34 | // [assembly: AssemblyVersion("1.0.*")] 35 | //[assembly: AssemblyVersion("1.0.0.0")] 36 | //[assembly: AssemblyFileVersion("1.0.0.0")] 37 | -------------------------------------------------------------------------------- /PrivateService/App.config: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | 6 | -------------------------------------------------------------------------------- /PrivateService/Common/AdminFunc.cs: -------------------------------------------------------------------------------- 1 |  2 | using MiscHelpers; 3 | using System; 4 | using System.Collections.Generic; 5 | using System.Diagnostics; 6 | using System.IO; 7 | using System.Linq; 8 | using System.Runtime.InteropServices; 9 | using System.Security.AccessControl; 10 | using System.Security.Principal; 11 | using System.Text; 12 | using System.Threading; 13 | using System.Threading.Tasks; 14 | 15 | public class AdminFunc 16 | { 17 | public static bool IsAdministrator() 18 | { 19 | WindowsIdentity identity = WindowsIdentity.GetCurrent(); 20 | WindowsPrincipal principal = new WindowsPrincipal(identity); 21 | return principal.IsInRole(WindowsBuiltInRole.Administrator); 22 | } 23 | 24 | [DllImport("kernel32.dll", SetLastError = true, ExactSpelling = true)] 25 | static extern bool CheckRemoteDebuggerPresent(IntPtr hProcess, ref bool isDebuggerPresent); 26 | 27 | static public bool IsDebugging() 28 | { 29 | bool isDebuggerPresent = false; 30 | CheckRemoteDebuggerPresent(Process.GetCurrentProcess().Handle, ref isDebuggerPresent); 31 | return isDebuggerPresent; 32 | } 33 | } 34 | 35 | -------------------------------------------------------------------------------- /PrivateService/Core/Priv10Service.cs: -------------------------------------------------------------------------------- 1 | using MiscHelpers; 2 | using System; 3 | using System.Collections.Generic; 4 | using System.Linq; 5 | using System.ServiceProcess; 6 | using System.Text; 7 | using System.Threading; 8 | using System.Threading.Tasks; 9 | using PrivateService; 10 | using PrivateAPI; 11 | 12 | namespace PrivateWin10 13 | { 14 | public class Priv10Service : ServiceBase 15 | { 16 | public Priv10Service() 17 | { 18 | CanHandlePowerEvent = true; 19 | CanHandleSessionChangeEvent = true; 20 | CanPauseAndContinue = true; 21 | CanShutdown = true; 22 | ServiceName = App.SvcName; 23 | 24 | CanHandleSessionChangeEvent = true; 25 | CanPauseAndContinue = false; 26 | } 27 | 28 | protected override void OnSessionChange(SessionChangeDescription sesionChangeDescription) 29 | { 30 | //com channel_.SessionChanged(sesionChangeDescription.SessionId); 31 | base.OnSessionChange(sesionChangeDescription); 32 | } 33 | 34 | protected override void OnStart(string[] args) 35 | { 36 | Priv10Logger.LogInfo("priv10 Service starting"); 37 | 38 | Thread thread = new Thread(new ThreadStart(Run)); 39 | thread.IsBackground = true; 40 | thread.SetApartmentState(ApartmentState.STA); // needed for tweaks 41 | thread.Start(); 42 | 43 | //Priv10Logger.LogInfo("priv10 Service started"); 44 | } 45 | 46 | private void Run() 47 | { 48 | try 49 | { 50 | App.engine.Run(); 51 | 52 | this.Stop(); 53 | } 54 | catch 55 | { 56 | ExitCode = -1; 57 | Environment.Exit(-1); 58 | } 59 | } 60 | 61 | protected override void OnStop() 62 | { 63 | try 64 | { 65 | Priv10Logger.LogInfo("priv10 Service stopping..."); 66 | 67 | App.engine.Stop(); 68 | 69 | Priv10Logger.LogInfo("priv10 Service stopped"); 70 | } 71 | catch { } 72 | base.OnStop(); 73 | } 74 | 75 | protected override void Dispose(bool disposing) 76 | { 77 | base.Dispose(disposing); 78 | } 79 | 80 | } 81 | } 82 | -------------------------------------------------------------------------------- /PrivateService/Properties/AssemblyInfo.cs: -------------------------------------------------------------------------------- 1 | using System.Reflection; 2 | using System.Runtime.CompilerServices; 3 | using System.Runtime.InteropServices; 4 | 5 | // General Information about an assembly is controlled through the following 6 | // set of attributes. Change these attribute values to modify the information 7 | // associated with an assembly. 8 | [assembly: AssemblyTitle("PrivateService")] 9 | [assembly: AssemblyDescription("")] 10 | [assembly: AssemblyConfiguration("")] 11 | [assembly: AssemblyCompany("")] 12 | [assembly: AssemblyProduct("PrivateService")] 13 | [assembly: AssemblyCopyright("Copyright © 2020")] 14 | [assembly: AssemblyTrademark("")] 15 | [assembly: AssemblyCulture("")] 16 | 17 | // Setting ComVisible to false makes the types in this assembly not visible 18 | // to COM components. If you need to access a type in this assembly from 19 | // COM, set the ComVisible attribute to true on that type. 20 | [assembly: ComVisible(false)] 21 | 22 | // The following GUID is for the ID of the typelib if this project is exposed to COM 23 | [assembly: Guid("8e993255-f2ef-4fd9-a0f9-e3143d16cbba")] 24 | 25 | // Version information for an assembly consists of the following four values: 26 | // 27 | // Major Version 28 | // Minor Version 29 | // Build Number 30 | // Revision 31 | // 32 | // You can specify all the values or you can default the Build and Revision Numbers 33 | // by using the '*' as shown below: 34 | // [assembly: AssemblyVersion("1.0.*")] 35 | //[assembly: AssemblyVersion("1.0.0.0")] 36 | //[assembly: AssemblyFileVersion("1.0.0.0")] 37 | -------------------------------------------------------------------------------- /PrivateSetup/App.config: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | 6 | -------------------------------------------------------------------------------- /PrivateSetup/App.xaml: -------------------------------------------------------------------------------- 1 |  6 | 7 | 8 | 9 | 10 | -------------------------------------------------------------------------------- /PrivateSetup/Properties/AssemblyInfo.cs: -------------------------------------------------------------------------------- 1 | using System.Reflection; 2 | using System.Resources; 3 | using System.Runtime.CompilerServices; 4 | using System.Runtime.InteropServices; 5 | using System.Windows; 6 | 7 | // General Information about an assembly is controlled through the following 8 | // set of attributes. Change these attribute values to modify the information 9 | // associated with an assembly. 10 | [assembly: AssemblyTitle("Private Win10 - Setup")] 11 | [assembly: AssemblyDescription("")] 12 | [assembly: AssemblyConfiguration("")] 13 | [assembly: AssemblyCompany("")] 14 | [assembly: AssemblyProduct("Private Win10")] 15 | [assembly: AssemblyCopyright("Copyright © 2019-2020")] 16 | [assembly: AssemblyTrademark("")] 17 | [assembly: AssemblyCulture("")] 18 | 19 | // Setting ComVisible to false makes the types in this assembly not visible 20 | // to COM components. If you need to access a type in this assembly from 21 | // COM, set the ComVisible attribute to true on that type. 22 | [assembly: ComVisible(false)] 23 | 24 | //In order to begin building localizable applications, set 25 | //CultureYouAreCodingWith in your .csproj file 26 | //inside a . For example, if you are using US english 27 | //in your source files, set the to en-US. Then uncomment 28 | //the NeutralResourceLanguage attribute below. Update the "en-US" in 29 | //the line below to match the UICulture setting in the project file. 30 | 31 | //[assembly: NeutralResourcesLanguage("en-US", UltimateResourceFallbackLocation.Satellite)] 32 | 33 | 34 | [assembly: ThemeInfo( 35 | ResourceDictionaryLocation.None, //where theme specific resource dictionaries are located 36 | //(used if a resource is not found in the page, 37 | // or application resource dictionaries) 38 | ResourceDictionaryLocation.SourceAssembly //where the generic resource dictionary is located 39 | //(used if a resource is not found in the page, 40 | // app, or any theme specific resource dictionaries) 41 | )] 42 | 43 | 44 | // Version information for an assembly consists of the following four values: 45 | // 46 | // Major Version 47 | // Minor Version 48 | // Build Number 49 | // Revision 50 | // 51 | // You can specify all the values or you can default the Build and Revision Numbers 52 | // by using the '*' as shown below: 53 | // [assembly: AssemblyVersion("1.0.*")] 54 | //[assembly: AssemblyVersion("1.0.0.0")] 55 | //[assembly: AssemblyFileVersion("1.0.0.0")] 56 | -------------------------------------------------------------------------------- /PrivateSetup/Properties/Settings.Designer.cs: -------------------------------------------------------------------------------- 1 | //------------------------------------------------------------------------------ 2 | // 3 | // This code was generated by a tool. 4 | // Runtime Version:4.0.30319.42000 5 | // 6 | // Changes to this file may cause incorrect behavior and will be lost if 7 | // the code is regenerated. 8 | // 9 | //------------------------------------------------------------------------------ 10 | 11 | namespace PrivateSetup.Properties 12 | { 13 | 14 | 15 | [global::System.Runtime.CompilerServices.CompilerGeneratedAttribute()] 16 | [global::System.CodeDom.Compiler.GeneratedCodeAttribute("Microsoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator", "11.0.0.0")] 17 | internal sealed partial class Settings : global::System.Configuration.ApplicationSettingsBase 18 | { 19 | 20 | private static Settings defaultInstance = ((Settings)(global::System.Configuration.ApplicationSettingsBase.Synchronized(new Settings()))); 21 | 22 | public static Settings Default 23 | { 24 | get 25 | { 26 | return defaultInstance; 27 | } 28 | } 29 | } 30 | } 31 | -------------------------------------------------------------------------------- /PrivateSetup/Properties/Settings.settings: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | 6 | 7 | -------------------------------------------------------------------------------- /PrivateSetup/Resources/LICENSE.TXT: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DavidXanatos/priv10/abf0ff5fa8a7332293f0bf42ae847ba38cd79d53/PrivateSetup/Resources/LICENSE.TXT -------------------------------------------------------------------------------- /PrivateSetup/Resources/icon.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DavidXanatos/priv10/abf0ff5fa8a7332293f0bf42ae847ba38cd79d53/PrivateSetup/Resources/icon.ico -------------------------------------------------------------------------------- /PrivateSetup/icon.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DavidXanatos/priv10/abf0ff5fa8a7332293f0bf42ae847ba38cd79d53/PrivateSetup/icon.ico -------------------------------------------------------------------------------- /PrivateSetup/packages.config: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | -------------------------------------------------------------------------------- /PrivateWin10/App.config: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | -------------------------------------------------------------------------------- /PrivateWin10/App.xaml: -------------------------------------------------------------------------------- 1 |  6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | -------------------------------------------------------------------------------- /PrivateWin10/Controls/Presets/PresetCustom.xaml: -------------------------------------------------------------------------------- 1 |  9 | 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /PrivateWin10/Controls/Presets/PresetCustom.xaml.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.Linq; 4 | using System.Text; 5 | using System.Threading.Tasks; 6 | using System.Windows; 7 | using System.Windows.Controls; 8 | using System.Windows.Data; 9 | using System.Windows.Documents; 10 | using System.Windows.Input; 11 | using System.Windows.Media; 12 | using System.Windows.Media.Imaging; 13 | using System.Windows.Navigation; 14 | using System.Windows.Shapes; 15 | 16 | namespace PrivateWin10.Controls 17 | { 18 | /// 19 | /// Interaction logic for PresetCustom.xaml 20 | /// 21 | public partial class PresetCustom : UserControl 22 | { 23 | public PresetCustom() 24 | { 25 | InitializeComponent(); 26 | } 27 | 28 | public void SetItem(CustomPreset customPreset) 29 | { 30 | 31 | } 32 | } 33 | } 34 | -------------------------------------------------------------------------------- /PrivateWin10/Controls/Presets/PresetTweaks.xaml: -------------------------------------------------------------------------------- 1 |  9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | -------------------------------------------------------------------------------- /PrivateWin10/Controls/Presets/PresetTweaks.xaml.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.Linq; 4 | using System.Text; 5 | using System.Threading.Tasks; 6 | using System.Windows; 7 | using System.Windows.Controls; 8 | using System.Windows.Data; 9 | using System.Windows.Documents; 10 | using System.Windows.Input; 11 | using System.Windows.Media; 12 | using System.Windows.Media.Imaging; 13 | using System.Windows.Navigation; 14 | using System.Windows.Shapes; 15 | 16 | namespace PrivateWin10.Controls 17 | { 18 | /// 19 | /// Interaction logic for PresetTweaks.xaml 20 | /// 21 | public partial class PresetTweaks : UserControl 22 | { 23 | ControlList TweakList; 24 | 25 | TweakPreset TweakPreset; 26 | 27 | public PresetTweaks() 28 | { 29 | InitializeComponent(); 30 | 31 | TweakList = new ControlList(this.itemScroll, (item) => 32 | { 33 | var ctrl = new TweakItemControl(item); 34 | ctrl.ItemChanged += Ctrl_ItemChanged; 35 | return ctrl; 36 | }, (item) => item.TweakName); 37 | } 38 | 39 | private void Ctrl_ItemChanged(object sender, EventArgs e) 40 | { 41 | TweakItemControl ctrl = (TweakItemControl)sender; 42 | TweakPreset.Tweaks[ctrl.item.TweakName] = ctrl.item; 43 | } 44 | 45 | public void SetItem(TweakPreset tweakPreset) 46 | { 47 | TweakPreset = tweakPreset; 48 | 49 | groupName.Content = TweakPreset.TweakGroup; 50 | 51 | TweakList.UpdateItems(null); 52 | TweakList.UpdateItems(TweakPreset.Tweaks.Values.ToList()); 53 | } 54 | } 55 | } 56 | -------------------------------------------------------------------------------- /PrivateWin10/Controls/Presets/TweakItemControl.xaml: -------------------------------------------------------------------------------- 1 |  8 | 9 | 10 | 11 | 29 | 31 | 32 | 35 | 36 | -------------------------------------------------------------------------------- /PrivateWin10/Controls/SplitButton.xaml: -------------------------------------------------------------------------------- 1 |  8 | 9 | 10 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | -------------------------------------------------------------------------------- /PrivateWin10/Controls/Tweaks/TweakControl.xaml: -------------------------------------------------------------------------------- 1 |  10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 29 | 30 | 31 | 32 | 33 | 36 | 37 | 38 | -------------------------------------------------------------------------------- /PrivateWin10/Core/Presets/CustomPreset.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.Linq; 4 | using System.Text; 5 | using System.Threading.Tasks; 6 | using System.Xml; 7 | 8 | namespace PrivateWin10 9 | { 10 | public class CustomPreset: PresetItem 11 | { 12 | public string OnCommand; 13 | public string OffCommand; 14 | 15 | public CustomPreset() 16 | { 17 | Type = PresetType.Custom; 18 | } 19 | 20 | public override PresetItem Clone() 21 | { 22 | CustomPreset item = new CustomPreset(); 23 | 24 | Clone(item); 25 | item.OnCommand = this.OnCommand; 26 | item.OffCommand = this.OffCommand; 27 | 28 | return item; 29 | } 30 | 31 | public override bool SetState(bool State) 32 | { 33 | 34 | // todo y<<<<<<<<<<<<<<<<<< xxxxxxxxxxxxxxxx 35 | 36 | return true; 37 | } 38 | 39 | protected override void StoreNodes(XmlWriter writer) 40 | { 41 | writer.WriteElementString("OnCommand", OnCommand); 42 | writer.WriteElementString("OffCommand", OffCommand); 43 | } 44 | 45 | protected override bool LoadNode(XmlNode node) 46 | { 47 | if (node.Name == "OnCommand") 48 | OnCommand = node.InnerText; 49 | else if (node.Name == "OffCommand") 50 | OffCommand = node.InnerText; 51 | else if (!base.LoadNode(node)) 52 | return false; 53 | return true; 54 | } 55 | 56 | public override string GetIcon() 57 | { 58 | if (Icon != null && Icon.Length > 0) 59 | return Icon; 60 | return Environment.ExpandEnvironmentVariables(@"%SystemRoot%\System32\cmd.exe"); 61 | } 62 | } 63 | } 64 | -------------------------------------------------------------------------------- /PrivateWin10/LicenseVerify.cer: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIB7TCCAZugAwIBAgIQHhAp8jrfMIxMT2VqtpA+6jAJBgUrDgMCHQUAMBYxFDAS 3 | BgNVBAMTC1Jvb3QgQWdlbmN5MB4XDTE4MTIxODIxMjc1N1oXDTM5MTIzMTIzNTk1 4 | OVowFzEVMBMGA1UEAxMMRGF2aWRYYW5hdG9zMIGfMA0GCSqGSIb3DQEBAQUAA4GN 5 | ADCBiQKBgQC1r14m1eQkCdhmj8bjbUjnPxOB3gE/9Tq+1b2a5vgbXdMkqYx2fAWe 6 | Un0zqAnZo0qyeXGsMYVVgUmlcw4WWGha51i+NPFOF9XVpStEkO91LJ4TiEjt67sG 7 | sd+fArUXbRywCk8F4FY5P9dM/qtSpYIDSe45OZGVVE6O4tqUbx0jLQIDAQABo4GD 8 | MIGAMCAGA1UdBAEB/wQWMBQwDjAMBgorBgEEAYI3AgEWAwIHgDATBgNVHSUEDDAK 9 | BggrBgEFBQcDAzBHBgNVHQEEQDA+gBAS5AktBh0dTwCNYSHcFmRjoRgwFjEUMBIG 10 | A1UEAxMLUm9vdCBBZ2VuY3mCEAY3bACqAGSKEc+41KpcNfQwCQYFKw4DAh0FAANB 11 | AD4yrS9HdGEL+nt3v/7UU9w5le2mtBpxg7XW9Kaiik+4oKzHsbqqCZkv1KDd2jD0 12 | LS8IZEl79Z13YxKAz1UsB7o= 13 | -----END CERTIFICATE----- 14 | -------------------------------------------------------------------------------- /PrivateWin10/Models/CategoryModel.cs: -------------------------------------------------------------------------------- 1 | using PrivateWin10.Controls; 2 | using System; 3 | using System.Collections; 4 | using System.Collections.Generic; 5 | using System.Collections.ObjectModel; 6 | using System.ComponentModel; 7 | using System.Linq; 8 | using System.Text; 9 | using System.Threading.Tasks; 10 | using System.Windows; 11 | using System.Windows.Controls; 12 | using System.Windows.Data; 13 | 14 | namespace PrivateWin10 15 | { 16 | public class CategoryModel 17 | { 18 | public ObservableCollection Categorys { get; set; } 19 | 20 | public CategoryModel() 21 | { 22 | Categorys = new ObservableCollection(); 23 | 24 | HashSet knownCats = new HashSet(); 25 | foreach (ProgramSet entry in App.client.GetPrograms()) 26 | { 27 | if(entry.config.Category != null && entry.config.Category.Length > 0) 28 | knownCats.Add(entry.config.Category); 29 | } 30 | 31 | foreach (string cat in knownCats) 32 | Categorys.Add(new Category() { Content = cat, Tag = cat, Group = Translate.fmt("cat_cats") }); 33 | 34 | Categorys.Add(new Category() { SpecialCat = Category.Special.SetNone, Content = Translate.fmt("cat_none"), Tag = "", Group = Translate.fmt("cat_other") }); 35 | Categorys.Add(new Category() { SpecialCat = Category.Special.AddNew, Content = Translate.fmt("cat_new"), Tag = true, Group = Translate.fmt("cat_other") }); 36 | } 37 | 38 | public class Category : ContentControl 39 | { 40 | public enum Special 41 | { 42 | No = 0, 43 | AddNew, 44 | SetNone, 45 | Separator 46 | } 47 | public Special SpecialCat = Special.No; 48 | public string Group { get; set; } 49 | } 50 | 51 | public IEnumerable GetCategorys() 52 | { 53 | ListCollectionView lcv = new ListCollectionView(Categorys); 54 | lcv.GroupDescriptions.Add(new PropertyGroupDescription("Group")); 55 | lcv.SortDescriptions.Add(new SortDescription("Content", ListSortDirection.Ascending)); 56 | return lcv; 57 | } 58 | } 59 | } 60 | -------------------------------------------------------------------------------- /PrivateWin10/Models/GroupModel.cs: -------------------------------------------------------------------------------- 1 | using PrivateAPI; 2 | using PrivateWin10.Controls; 3 | using System; 4 | using System.Collections; 5 | using System.Collections.Generic; 6 | using System.Collections.ObjectModel; 7 | using System.ComponentModel; 8 | using System.Linq; 9 | using System.Runtime.InteropServices; 10 | using System.Text; 11 | using System.Threading.Tasks; 12 | using System.Windows; 13 | using System.Windows.Controls; 14 | using System.Windows.Data; 15 | 16 | namespace PrivateWin10 17 | { 18 | public class GroupModel 19 | { 20 | private static GroupModel mInstance = null; 21 | public static GroupModel GetInstance() 22 | { 23 | if (mInstance == null) 24 | mInstance = new GroupModel(); 25 | return mInstance; 26 | } 27 | 28 | public ObservableCollection Groups { get; set; } 29 | 30 | public GroupModel() 31 | { 32 | Groups = new ObservableCollection(); 33 | 34 | HashSet knownGroups = new HashSet(); 35 | Dictionary> rules = App.client.GetRules(); 36 | foreach (var ruleEntry in rules) 37 | { 38 | foreach (FirewallRuleEx rule in ruleEntry.Value) 39 | { 40 | if (rule.Grouping != null && rule.Grouping.Length > 0) 41 | { 42 | string temp = App.GetResourceStr(rule.Grouping); 43 | if (temp.Substring(0, 1) == "@") 44 | continue; // dont list unresolved names 45 | knownGroups.Add(temp); 46 | } 47 | } 48 | } 49 | 50 | foreach (string group in knownGroups) 51 | Groups.Add(new ContentControl() { Tag = group, Content = group}); 52 | } 53 | 54 | public IEnumerable GetGroups() 55 | { 56 | ListCollectionView lcv = new ListCollectionView(Groups); 57 | lcv.SortDescriptions.Add(new SortDescription("Content", ListSortDirection.Ascending)); 58 | return lcv; 59 | } 60 | } 61 | } 62 | -------------------------------------------------------------------------------- /PrivateWin10/Models/ServiceModel.cs: -------------------------------------------------------------------------------- 1 | using MiscHelpers; 2 | using PrivateWin10.Controls; 3 | using System; 4 | using System.Collections; 5 | using System.Collections.Generic; 6 | using System.Collections.ObjectModel; 7 | using System.ComponentModel; 8 | using System.Linq; 9 | using System.Runtime.InteropServices; 10 | using System.ServiceProcess; 11 | using System.Text; 12 | using System.Threading.Tasks; 13 | using System.Windows; 14 | using System.Windows.Controls; 15 | using System.Windows.Data; 16 | 17 | namespace PrivateWin10 18 | { 19 | public class ServiceModel 20 | { 21 | private static ServiceModel mInstance = null; 22 | public static ServiceModel GetInstance() 23 | { 24 | if (mInstance == null) 25 | mInstance = new ServiceModel(); 26 | return mInstance; 27 | } 28 | 29 | public ObservableCollection Services { get; set; } 30 | 31 | public ServiceModel() 32 | { 33 | Services = new ObservableCollection(); 34 | } 35 | 36 | public void Reload() 37 | { 38 | Services.Clear(); 39 | 40 | Services.Add(new Service() { Content = Translate.fmt("svc_all"), Value="*", Group = Translate.fmt("lbl_selec") }); 41 | 42 | foreach (ServiceController svc in ServiceController.GetServices()) 43 | { 44 | var ImagePath = ServiceHelper.GetServiceImagePath(svc.ServiceName); 45 | var ServicePath = ImagePath != null ? ProcFunc.GetPathFromCmdLine(ImagePath) : ""; 46 | 47 | Services.Add(new Service() { Value = svc.ServiceName, Path = ServicePath, Content = svc.DisplayName + " (" + svc.ServiceName + ")", Group = Translate.fmt("lbl_known") }); 48 | } 49 | } 50 | 51 | public class Service : ContentControl 52 | { 53 | public string Value { get; set; } 54 | public string Path { get; set; } 55 | public string Group { get; set; } 56 | } 57 | 58 | public IEnumerable GetServices() 59 | { 60 | Reload(); 61 | 62 | ListCollectionView lcv = new ListCollectionView(Services); 63 | lcv.GroupDescriptions.Add(new PropertyGroupDescription("Group")); 64 | lcv.SortDescriptions.Add(new SortDescription("Content", ListSortDirection.Ascending)); 65 | return lcv; 66 | } 67 | } 68 | } 69 | -------------------------------------------------------------------------------- /PrivateWin10/Pages/IUserPage.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.Linq; 4 | using System.Text; 5 | using System.Threading.Tasks; 6 | 7 | namespace PrivateWin10.Pages 8 | { 9 | public interface IUserPage 10 | { 11 | void OnShow(); 12 | 13 | void OnHide(); 14 | 15 | void OnClose(); 16 | } 17 | } 18 | -------------------------------------------------------------------------------- /PrivateWin10/PrivateWin10.csproj.user: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | publish\ 5 | 6 | 7 | 8 | 9 | 10 | en-US 11 | false 12 | 13 | 14 | 15 | 16 | true 17 | 18 | -------------------------------------------------------------------------------- /PrivateWin10/Properties/AssemblyInfo.cs: -------------------------------------------------------------------------------- 1 | using System.Reflection; 2 | using System.Resources; 3 | using System.Runtime.CompilerServices; 4 | using System.Runtime.InteropServices; 5 | using System.Windows; 6 | 7 | // General Information about an assembly is controlled through the following 8 | // set of attributes. Change these attribute values to modify the information 9 | // associated with an assembly. 10 | [assembly: AssemblyTitle("Private Win10")] 11 | [assembly: AssemblyDescription("")] 12 | [assembly: AssemblyConfiguration("")] 13 | [assembly: AssemblyCompany("")] 14 | [assembly: AssemblyProduct("Private Win10")] 15 | [assembly: AssemblyCopyright("Copyright © 2018-2020")] 16 | [assembly: AssemblyTrademark("")] 17 | [assembly: AssemblyCulture("")] 18 | 19 | // Setting ComVisible to false makes the types in this assembly not visible 20 | // to COM components. If you need to access a type in this assembly from 21 | // COM, set the ComVisible attribute to true on that type. 22 | [assembly: ComVisible(false)] 23 | 24 | //In order to begin building localizable applications, set 25 | //CultureYouAreCodingWith in your .csproj file 26 | //inside a . For example, if you are using US english 27 | //in your source files, set the to en-US. Then uncomment 28 | //the NeutralResourceLanguage attribute below. Update the "en-US" in 29 | //the line below to match the UICulture setting in the project file. 30 | 31 | //[assembly: NeutralResourcesLanguage("en-US", UltimateResourceFallbackLocation.Satellite)] 32 | 33 | 34 | [assembly: ThemeInfo( 35 | ResourceDictionaryLocation.None, //where theme specific resource dictionaries are located 36 | //(used if a resource is not found in the page, 37 | // or application resource dictionaries) 38 | ResourceDictionaryLocation.SourceAssembly //where the generic resource dictionary is located 39 | //(used if a resource is not found in the page, 40 | // app, or any theme specific resource dictionaries) 41 | )] 42 | 43 | 44 | // Version information for an assembly consists of the following four values: 45 | // 46 | // Major Version 47 | // Minor Version 48 | // Build Number 49 | // Revision 50 | // 51 | // You can specify all the values or you can default the Build and Revision Numbers 52 | // by using the '*' as shown below: 53 | // [assembly: AssemblyVersion("1.0.*")] 54 | //[assembly: AssemblyVersion("1.0.0.0")] 55 | //[assembly: AssemblyFileVersion("1.0.0.0")] 56 | -------------------------------------------------------------------------------- /PrivateWin10/Properties/Settings.Designer.cs: -------------------------------------------------------------------------------- 1 | //------------------------------------------------------------------------------ 2 | // 3 | // This code was generated by a tool. 4 | // Runtime Version:4.0.30319.42000 5 | // 6 | // Changes to this file may cause incorrect behavior and will be lost if 7 | // the code is regenerated. 8 | // 9 | //------------------------------------------------------------------------------ 10 | 11 | namespace PrivateWin10.Properties { 12 | 13 | 14 | [global::System.Runtime.CompilerServices.CompilerGeneratedAttribute()] 15 | [global::System.CodeDom.Compiler.GeneratedCodeAttribute("Microsoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator", "15.9.0.0")] 16 | internal sealed partial class Settings : global::System.Configuration.ApplicationSettingsBase { 17 | 18 | private static Settings defaultInstance = ((Settings)(global::System.Configuration.ApplicationSettingsBase.Synchronized(new Settings()))); 19 | 20 | public static Settings Default { 21 | get { 22 | return defaultInstance; 23 | } 24 | } 25 | } 26 | } 27 | -------------------------------------------------------------------------------- /PrivateWin10/Properties/Settings.settings: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | 6 | 7 | -------------------------------------------------------------------------------- /PrivateWin10/Resources/clear.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DavidXanatos/priv10/abf0ff5fa8a7332293f0bf42ae847ba38cd79d53/PrivateWin10/Resources/clear.png -------------------------------------------------------------------------------- /PrivateWin10/Resources/full_height.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DavidXanatos/priv10/abf0ff5fa8a7332293f0bf42ae847ba38cd79d53/PrivateWin10/Resources/full_height.png -------------------------------------------------------------------------------- /PrivateWin10/Resources/full_screen.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DavidXanatos/priv10/abf0ff5fa8a7332293f0bf42ae847ba38cd79d53/PrivateWin10/Resources/full_screen.png -------------------------------------------------------------------------------- /PrivateWin10/Resources/full_width.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DavidXanatos/priv10/abf0ff5fa8a7332293f0bf42ae847ba38cd79d53/PrivateWin10/Resources/full_width.png -------------------------------------------------------------------------------- /PrivateWin10/Resources/icon.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DavidXanatos/priv10/abf0ff5fa8a7332293f0bf42ae847ba38cd79d53/PrivateWin10/Resources/icon.ico -------------------------------------------------------------------------------- /PrivateWin10/Resources/icons8-approval-16.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DavidXanatos/priv10/abf0ff5fa8a7332293f0bf42ae847ba38cd79d53/PrivateWin10/Resources/icons8-approval-16.png -------------------------------------------------------------------------------- /PrivateWin10/Resources/icons8-baumstruktur-16-not.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DavidXanatos/priv10/abf0ff5fa8a7332293f0bf42ae847ba38cd79d53/PrivateWin10/Resources/icons8-baumstruktur-16-not.png -------------------------------------------------------------------------------- /PrivateWin10/Resources/icons8-baumstruktur-16.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DavidXanatos/priv10/abf0ff5fa8a7332293f0bf42ae847ba38cd79d53/PrivateWin10/Resources/icons8-baumstruktur-16.png -------------------------------------------------------------------------------- /PrivateWin10/Resources/icons8-broadcast-16-not.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DavidXanatos/priv10/abf0ff5fa8a7332293f0bf42ae847ba38cd79d53/PrivateWin10/Resources/icons8-broadcast-16-not.png -------------------------------------------------------------------------------- /PrivateWin10/Resources/icons8-broadcast-16.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DavidXanatos/priv10/abf0ff5fa8a7332293f0bf42ae847ba38cd79d53/PrivateWin10/Resources/icons8-broadcast-16.png -------------------------------------------------------------------------------- /PrivateWin10/Resources/icons8-checkbox-markiert-2-16.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DavidXanatos/priv10/abf0ff5fa8a7332293f0bf42ae847ba38cd79d53/PrivateWin10/Resources/icons8-checkbox-markiert-2-16.png -------------------------------------------------------------------------------- /PrivateWin10/Resources/icons8-checkmark-16.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DavidXanatos/priv10/abf0ff5fa8a7332293f0bf42ae847ba38cd79d53/PrivateWin10/Resources/icons8-checkmark-16.png -------------------------------------------------------------------------------- /PrivateWin10/Resources/icons8-cleanup-16.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DavidXanatos/priv10/abf0ff5fa8a7332293f0bf42ae847ba38cd79d53/PrivateWin10/Resources/icons8-cleanup-16.png -------------------------------------------------------------------------------- /PrivateWin10/Resources/icons8-collapse-arrow-26.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DavidXanatos/priv10/abf0ff5fa8a7332293f0bf42ae847ba38cd79d53/PrivateWin10/Resources/icons8-collapse-arrow-26.png -------------------------------------------------------------------------------- /PrivateWin10/Resources/icons8-computer-16-not.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DavidXanatos/priv10/abf0ff5fa8a7332293f0bf42ae847ba38cd79d53/PrivateWin10/Resources/icons8-computer-16-not.png -------------------------------------------------------------------------------- /PrivateWin10/Resources/icons8-computer-16.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DavidXanatos/priv10/abf0ff5fa8a7332293f0bf42ae847ba38cd79d53/PrivateWin10/Resources/icons8-computer-16.png -------------------------------------------------------------------------------- /PrivateWin10/Resources/icons8-copy-16.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DavidXanatos/priv10/abf0ff5fa8a7332293f0bf42ae847ba38cd79d53/PrivateWin10/Resources/icons8-copy-16.png -------------------------------------------------------------------------------- /PrivateWin10/Resources/icons8-data-merge-16.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DavidXanatos/priv10/abf0ff5fa8a7332293f0bf42ae847ba38cd79d53/PrivateWin10/Resources/icons8-data-merge-16.png -------------------------------------------------------------------------------- /PrivateWin10/Resources/icons8-data-split-16.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DavidXanatos/priv10/abf0ff5fa8a7332293f0bf42ae847ba38cd79d53/PrivateWin10/Resources/icons8-data-split-16.png -------------------------------------------------------------------------------- /PrivateWin10/Resources/icons8-deny-16.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DavidXanatos/priv10/abf0ff5fa8a7332293f0bf42ae847ba38cd79d53/PrivateWin10/Resources/icons8-deny-16.png -------------------------------------------------------------------------------- /PrivateWin10/Resources/icons8-edit-file-16.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DavidXanatos/priv10/abf0ff5fa8a7332293f0bf42ae847ba38cd79d53/PrivateWin10/Resources/icons8-edit-file-16.png -------------------------------------------------------------------------------- /PrivateWin10/Resources/icons8-edit-file-32.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DavidXanatos/priv10/abf0ff5fa8a7332293f0bf42ae847ba38cd79d53/PrivateWin10/Resources/icons8-edit-file-32.png -------------------------------------------------------------------------------- /PrivateWin10/Resources/icons8-expand-arrow-26.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DavidXanatos/priv10/abf0ff5fa8a7332293f0bf42ae847ba38cd79d53/PrivateWin10/Resources/icons8-expand-arrow-26.png -------------------------------------------------------------------------------- /PrivateWin10/Resources/icons8-filter-16.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DavidXanatos/priv10/abf0ff5fa8a7332293f0bf42ae847ba38cd79d53/PrivateWin10/Resources/icons8-filter-16.png -------------------------------------------------------------------------------- /PrivateWin10/Resources/icons8-filter-32.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DavidXanatos/priv10/abf0ff5fa8a7332293f0bf42ae847ba38cd79d53/PrivateWin10/Resources/icons8-filter-32.png -------------------------------------------------------------------------------- /PrivateWin10/Resources/icons8-filter-löschen-32.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DavidXanatos/priv10/abf0ff5fa8a7332293f0bf42ae847ba38cd79d53/PrivateWin10/Resources/icons8-filter-löschen-32.png -------------------------------------------------------------------------------- /PrivateWin10/Resources/icons8-firewall-16.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DavidXanatos/priv10/abf0ff5fa8a7332293f0bf42ae847ba38cd79d53/PrivateWin10/Resources/icons8-firewall-16.png -------------------------------------------------------------------------------- /PrivateWin10/Resources/icons8-geographie-16-not.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DavidXanatos/priv10/abf0ff5fa8a7332293f0bf42ae847ba38cd79d53/PrivateWin10/Resources/icons8-geographie-16-not.png -------------------------------------------------------------------------------- /PrivateWin10/Resources/icons8-geographie-16.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DavidXanatos/priv10/abf0ff5fa8a7332293f0bf42ae847ba38cd79d53/PrivateWin10/Resources/icons8-geographie-16.png -------------------------------------------------------------------------------- /PrivateWin10/Resources/icons8-hazard-warning-flasher-16.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DavidXanatos/priv10/abf0ff5fa8a7332293f0bf42ae847ba38cd79d53/PrivateWin10/Resources/icons8-hazard-warning-flasher-16.png -------------------------------------------------------------------------------- /PrivateWin10/Resources/icons8-in-16.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DavidXanatos/priv10/abf0ff5fa8a7332293f0bf42ae847ba38cd79d53/PrivateWin10/Resources/icons8-in-16.png -------------------------------------------------------------------------------- /PrivateWin10/Resources/icons8-löschen-16.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DavidXanatos/priv10/abf0ff5fa8a7332293f0bf42ae847ba38cd79d53/PrivateWin10/Resources/icons8-löschen-16.png -------------------------------------------------------------------------------- /PrivateWin10/Resources/icons8-major.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DavidXanatos/priv10/abf0ff5fa8a7332293f0bf42ae847ba38cd79d53/PrivateWin10/Resources/icons8-major.png -------------------------------------------------------------------------------- /PrivateWin10/Resources/icons8-major_ex_red.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DavidXanatos/priv10/abf0ff5fa8a7332293f0bf42ae847ba38cd79d53/PrivateWin10/Resources/icons8-major_ex_red.png -------------------------------------------------------------------------------- /PrivateWin10/Resources/icons8-minus-16.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DavidXanatos/priv10/abf0ff5fa8a7332293f0bf42ae847ba38cd79d53/PrivateWin10/Resources/icons8-minus-16.png -------------------------------------------------------------------------------- /PrivateWin10/Resources/icons8-minus-mathe-16.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DavidXanatos/priv10/abf0ff5fa8a7332293f0bf42ae847ba38cd79d53/PrivateWin10/Resources/icons8-minus-mathe-16.png -------------------------------------------------------------------------------- /PrivateWin10/Resources/icons8-ordner-öffnen-16.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DavidXanatos/priv10/abf0ff5fa8a7332293f0bf42ae847ba38cd79d53/PrivateWin10/Resources/icons8-ordner-öffnen-16.png -------------------------------------------------------------------------------- /PrivateWin10/Resources/icons8-out-16.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DavidXanatos/priv10/abf0ff5fa8a7332293f0bf42ae847ba38cd79d53/PrivateWin10/Resources/icons8-out-16.png -------------------------------------------------------------------------------- /PrivateWin10/Resources/icons8-plus-16.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DavidXanatos/priv10/abf0ff5fa8a7332293f0bf42ae847ba38cd79d53/PrivateWin10/Resources/icons8-plus-16.png -------------------------------------------------------------------------------- /PrivateWin10/Resources/icons8-plus-48.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DavidXanatos/priv10/abf0ff5fa8a7332293f0bf42ae847ba38cd79d53/PrivateWin10/Resources/icons8-plus-48.png -------------------------------------------------------------------------------- /PrivateWin10/Resources/icons8-plus-mathe-16.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DavidXanatos/priv10/abf0ff5fa8a7332293f0bf42ae847ba38cd79d53/PrivateWin10/Resources/icons8-plus-mathe-16.png -------------------------------------------------------------------------------- /PrivateWin10/Resources/icons8-radiergummi-16.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DavidXanatos/priv10/abf0ff5fa8a7332293f0bf42ae847ba38cd79d53/PrivateWin10/Resources/icons8-radiergummi-16.png -------------------------------------------------------------------------------- /PrivateWin10/Resources/icons8-redo-16.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DavidXanatos/priv10/abf0ff5fa8a7332293f0bf42ae847ba38cd79d53/PrivateWin10/Resources/icons8-redo-16.png -------------------------------------------------------------------------------- /PrivateWin10/Resources/icons8-refresh-16.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DavidXanatos/priv10/abf0ff5fa8a7332293f0bf42ae847ba38cd79d53/PrivateWin10/Resources/icons8-refresh-16.png -------------------------------------------------------------------------------- /PrivateWin10/Resources/icons8-remove-16.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DavidXanatos/priv10/abf0ff5fa8a7332293f0bf42ae847ba38cd79d53/PrivateWin10/Resources/icons8-remove-16.png -------------------------------------------------------------------------------- /PrivateWin10/Resources/icons8-road-closure-16.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DavidXanatos/priv10/abf0ff5fa8a7332293f0bf42ae847ba38cd79d53/PrivateWin10/Resources/icons8-road-closure-16.png -------------------------------------------------------------------------------- /PrivateWin10/Resources/icons8-sortier-optionen-16.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DavidXanatos/priv10/abf0ff5fa8a7332293f0bf42ae847ba38cd79d53/PrivateWin10/Resources/icons8-sortier-optionen-16.png -------------------------------------------------------------------------------- /PrivateWin10/Resources/icons8-stift-16.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DavidXanatos/priv10/abf0ff5fa8a7332293f0bf42ae847ba38cd79d53/PrivateWin10/Resources/icons8-stift-16.png -------------------------------------------------------------------------------- /PrivateWin10/Resources/icons8-stoppschild-16.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DavidXanatos/priv10/abf0ff5fa8a7332293f0bf42ae847ba38cd79d53/PrivateWin10/Resources/icons8-stoppschild-16.png -------------------------------------------------------------------------------- /PrivateWin10/Resources/icons8-suche-16.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DavidXanatos/priv10/abf0ff5fa8a7332293f0bf42ae847ba38cd79d53/PrivateWin10/Resources/icons8-suche-16.png -------------------------------------------------------------------------------- /PrivateWin10/Resources/icons8-tabelle-16.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DavidXanatos/priv10/abf0ff5fa8a7332293f0bf42ae847ba38cd79d53/PrivateWin10/Resources/icons8-tabelle-16.png -------------------------------------------------------------------------------- /PrivateWin10/Resources/icons8-tick-box-16.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DavidXanatos/priv10/abf0ff5fa8a7332293f0bf42ae847ba38cd79d53/PrivateWin10/Resources/icons8-tick-box-16.png -------------------------------------------------------------------------------- /PrivateWin10/Resources/icons8-unchecked-checkbox-16-not.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DavidXanatos/priv10/abf0ff5fa8a7332293f0bf42ae847ba38cd79d53/PrivateWin10/Resources/icons8-unchecked-checkbox-16-not.png -------------------------------------------------------------------------------- /PrivateWin10/Resources/icons8-unchecked-checkbox-16.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DavidXanatos/priv10/abf0ff5fa8a7332293f0bf42ae847ba38cd79d53/PrivateWin10/Resources/icons8-unchecked-checkbox-16.png -------------------------------------------------------------------------------- /PrivateWin10/Resources/icons8-undefined-16.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DavidXanatos/priv10/abf0ff5fa8a7332293f0bf42ae847ba38cd79d53/PrivateWin10/Resources/icons8-undefined-16.png -------------------------------------------------------------------------------- /PrivateWin10/Resources/icons8-undo-16.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DavidXanatos/priv10/abf0ff5fa8a7332293f0bf42ae847ba38cd79d53/PrivateWin10/Resources/icons8-undo-16.png -------------------------------------------------------------------------------- /PrivateWin10/Resources/icons8-xlarge-symbole-16.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DavidXanatos/priv10/abf0ff5fa8a7332293f0bf42ae847ba38cd79d53/PrivateWin10/Resources/icons8-xlarge-symbole-16.png -------------------------------------------------------------------------------- /PrivateWin10/Resources/normal_view.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DavidXanatos/priv10/abf0ff5fa8a7332293f0bf42ae847ba38cd79d53/PrivateWin10/Resources/normal_view.png -------------------------------------------------------------------------------- /PrivateWin10/Resources/search.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DavidXanatos/priv10/abf0ff5fa8a7332293f0bf42ae847ba38cd79d53/PrivateWin10/Resources/search.png -------------------------------------------------------------------------------- /PrivateWin10/Resources/tree_view.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DavidXanatos/priv10/abf0ff5fa8a7332293f0bf42ae847ba38cd79d53/PrivateWin10/Resources/tree_view.png -------------------------------------------------------------------------------- /PrivateWin10/Windows/InputWnd.xaml: -------------------------------------------------------------------------------- 1 |  8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | -------------------------------------------------------------------------------- /PrivateWin10/Windows/InputWnd.xaml.cs: -------------------------------------------------------------------------------- 1 | using MiscHelpers; 2 | using System; 3 | using System.Collections.Generic; 4 | using System.Linq; 5 | using System.Text; 6 | using System.Threading.Tasks; 7 | using System.Windows; 8 | using System.Windows.Controls; 9 | using System.Windows.Data; 10 | using System.Windows.Documents; 11 | using System.Windows.Input; 12 | using System.Windows.Media; 13 | using System.Windows.Media.Imaging; 14 | using System.Windows.Shapes; 15 | 16 | namespace PrivateWin10 17 | { 18 | /// 19 | /// Interaction logic for InputWnd.xaml 20 | /// 21 | public partial class InputWnd : Window 22 | { 23 | public InputWnd(string prompt, string defValue = "", string title = null) 24 | { 25 | InitializeComponent(); 26 | if (title != null) 27 | this.Title = title; 28 | lblPrompt.Content = prompt; 29 | txtValue.Text = defValue; 30 | } 31 | 32 | public InputWnd(string prompt, List items, string defValue = "", bool editable = true, string title = null) 33 | { 34 | InitializeComponent(); 35 | if (title != null) 36 | this.Title = title; 37 | lblPrompt.Content = prompt; 38 | txtValue.Visibility = Visibility.Collapsed; 39 | cmbValue.Visibility = Visibility.Visible; 40 | cmbValue.IsEditable = editable; 41 | foreach (var item in items) 42 | cmbValue.Items.Add(new ComboBoxItem() { Content = item, Tag = item }); 43 | if (!WpfFunc.CmbSelect(cmbValue, defValue)) 44 | cmbValue.Text = defValue; 45 | } 46 | 47 | private void btnOk_Click(object sender, RoutedEventArgs e) 48 | { 49 | this.DialogResult = true; 50 | } 51 | 52 | private void Window_ContentRendered(object sender, EventArgs e) 53 | { 54 | if (txtValue.Visibility == Visibility.Visible) 55 | { 56 | txtValue.SelectAll(); 57 | txtValue.Focus(); 58 | } 59 | else 60 | cmbValue.Focus(); 61 | } 62 | 63 | public string Value 64 | { 65 | get { 66 | if (txtValue.Visibility == Visibility.Visible) 67 | return txtValue.Text; 68 | return cmbValue.Text; 69 | } 70 | } 71 | } 72 | } 73 | -------------------------------------------------------------------------------- /QLicense/Core/ActivationControls4Win/ActivationControls4Win.snk: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DavidXanatos/priv10/abf0ff5fa8a7332293f0bf42ae847ba38cd79d53/QLicense/Core/ActivationControls4Win/ActivationControls4Win.snk -------------------------------------------------------------------------------- /QLicense/Core/ActivationControls4Win/LicenseGeneratedEventArgs.cs: -------------------------------------------------------------------------------- 1 | namespace QLicense.Windows.Controls 2 | { 3 | public class LicenseGeneratedEventArgs 4 | { 5 | public string LicenseBASE64String { get; set; } 6 | } 7 | } 8 | -------------------------------------------------------------------------------- /QLicense/Core/ActivationControls4Win/LicenseSettingsValidatingEventArgs.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | 3 | namespace QLicense.Windows.Controls 4 | { 5 | public class LicenseSettingsValidatingEventArgs:EventArgs 6 | { 7 | public LicenseEntity License { get; set; } 8 | public bool CancelGenerating { get; set; } 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /QLicense/Core/ActivationControls4Win/LicenseStringContainer.cs: -------------------------------------------------------------------------------- 1 | using System.Text; 2 | using System.Windows.Forms; 3 | using System.IO; 4 | 5 | namespace QLicense.Windows.Controls 6 | { 7 | public partial class LicenseStringContainer : UserControl 8 | { 9 | public string LicenseString 10 | { 11 | get 12 | { 13 | return txtLicense.Text; 14 | } 15 | set 16 | { 17 | txtLicense.Text = value; 18 | } 19 | } 20 | 21 | public LicenseStringContainer() 22 | { 23 | InitializeComponent(); 24 | } 25 | 26 | private void lnkCopy_LinkClicked(object sender, LinkLabelLinkClickedEventArgs e) 27 | { 28 | if (!string.IsNullOrWhiteSpace(txtLicense.Text)) 29 | { 30 | Clipboard.SetText(txtLicense.Text); 31 | } 32 | } 33 | 34 | private void lnkSaveToFile_LinkClicked(object sender, LinkLabelLinkClickedEventArgs e) 35 | { 36 | if (dlgSaveFile.ShowDialog() == DialogResult.OK) 37 | { 38 | //Save license data into local file 39 | File.WriteAllText(dlgSaveFile.FileName, txtLicense.Text.Trim(), Encoding.UTF8); 40 | } 41 | } 42 | } 43 | } 44 | -------------------------------------------------------------------------------- /QLicense/Core/ActivationControls4Win/Properties/AssemblyInfo.cs: -------------------------------------------------------------------------------- 1 | using System.Reflection; 2 | using System.Runtime.CompilerServices; 3 | using System.Runtime.InteropServices; 4 | 5 | // General Information about an assembly is controlled through the following 6 | // set of attributes. Change these attribute values to modify the information 7 | // associated with an assembly. 8 | [assembly: AssemblyTitle("ActivationControls4Win")] 9 | [assembly: AssemblyDescription("")] 10 | [assembly: AssemblyConfiguration("")] 11 | [assembly: AssemblyCompany("")] 12 | [assembly: AssemblyProduct("ActivationControls4Win")] 13 | [assembly: AssemblyCopyright("Copyright © 2015-2016")] 14 | [assembly: AssemblyTrademark("")] 15 | [assembly: AssemblyCulture("")] 16 | 17 | // Setting ComVisible to false makes the types in this assembly not visible 18 | // to COM components. If you need to access a type in this assembly from 19 | // COM, set the ComVisible attribute to true on that type. 20 | [assembly: ComVisible(false)] 21 | 22 | // The following GUID is for the ID of the typelib if this project is exposed to COM 23 | [assembly: Guid("7e16d9ce-4360-4c17-8fc2-73c83c5b2fa5")] 24 | 25 | // Version information for an assembly consists of the following four values: 26 | // 27 | // Major Version 28 | // Minor Version 29 | // Build Number 30 | // Revision 31 | // 32 | // You can specify all the values or you can default the Build and Revision Numbers 33 | // by using the '*' as shown below: 34 | // [assembly: AssemblyVersion("1.0.*")] 35 | [assembly: AssemblyVersion("1.1.0.0")] 36 | [assembly: AssemblyFileVersion("1.1.0.0")] 37 | -------------------------------------------------------------------------------- /QLicense/Core/QLicense/BASE36.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Text; 3 | 4 | namespace QLicense 5 | { 6 | class BASE36 7 | { 8 | private const string _charList = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ"; 9 | private static readonly char[] _charArray = _charList.ToCharArray(); 10 | 11 | public static long Decode(string input) 12 | { 13 | long _result = 0; 14 | double _pow = 0; 15 | for (int _i = input.Length - 1; _i >= 0; _i--) 16 | { 17 | char _c = input[_i]; 18 | int pos = _charList.IndexOf(_c); 19 | if (pos > -1) 20 | _result += pos * (long)Math.Pow(_charList.Length, _pow); 21 | else 22 | return -1; 23 | _pow++; 24 | } 25 | return _result; 26 | } 27 | 28 | public static string Encode(ulong input) 29 | { 30 | StringBuilder _sb = new StringBuilder(); 31 | do 32 | { 33 | _sb.Append(_charArray[input % (ulong)_charList.Length]); 34 | input /= (ulong)_charList.Length; 35 | } while (input != 0); 36 | 37 | return Reverse(_sb.ToString()); 38 | } 39 | 40 | private static string Reverse(string s) 41 | { 42 | var charArray = s.ToCharArray(); 43 | Array.Reverse(charArray); 44 | return new string(charArray); 45 | } 46 | } 47 | } 48 | -------------------------------------------------------------------------------- /QLicense/Core/QLicense/LicenseStatus.cs: -------------------------------------------------------------------------------- 1 | namespace QLicense 2 | { 3 | public enum LicenseStatus 4 | { 5 | UNDEFINED = 0, 6 | VALID = 1, 7 | INVALID = 2, 8 | CRACKED = 4 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /QLicense/Core/QLicense/LicenseTypes.cs: -------------------------------------------------------------------------------- 1 | using System.ComponentModel; 2 | 3 | namespace QLicense 4 | { 5 | public enum LicenseTypes 6 | { 7 | [Description("Unknown")] 8 | Unknown = 0, 9 | [Description("Single")] 10 | Single = 1, 11 | [Description("Volume")] 12 | Volume = 2 13 | } 14 | } 15 | -------------------------------------------------------------------------------- /QLicense/Core/QLicense/Properties/AssemblyInfo.cs: -------------------------------------------------------------------------------- 1 | using System.Reflection; 2 | using System.Runtime.CompilerServices; 3 | using System.Runtime.InteropServices; 4 | 5 | // General Information about an assembly is controlled through the following 6 | // set of attributes. Change these attribute values to modify the information 7 | // associated with an assembly. 8 | [assembly: AssemblyTitle("QLicense")] 9 | [assembly: AssemblyDescription("")] 10 | [assembly: AssemblyConfiguration("")] 11 | [assembly: AssemblyCompany("")] 12 | [assembly: AssemblyProduct("QLicense")] 13 | [assembly: AssemblyCopyright("Copyright © 2015-2016")] 14 | [assembly: AssemblyTrademark("")] 15 | [assembly: AssemblyCulture("")] 16 | 17 | // Setting ComVisible to false makes the types in this assembly not visible 18 | // to COM components. If you need to access a type in this assembly from 19 | // COM, set the ComVisible attribute to true on that type. 20 | [assembly: ComVisible(false)] 21 | 22 | // The following GUID is for the ID of the typelib if this project is exposed to COM 23 | [assembly: Guid("38832d8a-c528-4c89-a056-b0eebbcfe8ee")] 24 | 25 | // Version information for an assembly consists of the following four values: 26 | // 27 | // Major Version 28 | // Minor Version 29 | // Build Number 30 | // Revision 31 | // 32 | // You can specify all the values or you can default the Build and Revision Numbers 33 | // by using the '*' as shown below: 34 | // [assembly: AssemblyVersion("1.0.*")] 35 | [assembly: AssemblyVersion("1.1.0.0")] 36 | [assembly: AssemblyFileVersion("1.1.0.0")] 37 | -------------------------------------------------------------------------------- /QLicense/Core/QLicense/QLicense.snk: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DavidXanatos/priv10/abf0ff5fa8a7332293f0bf42ae847ba38cd79d53/QLicense/Core/QLicense/QLicense.snk -------------------------------------------------------------------------------- /QLicense/QLicense - LICENSE.txt: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2015-2016 TonyTonyQ 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Successor Project 2 | PrivateWin10 is no longer being developed, pelase use [Major Privacy](https://github.com/xanasoft/MajorPrivacy/) instead. 3 | 4 | 5 | # PrivateWin10 6 | PrivateWin10 is an advanced Privacy tool for windows it provides a simple and comprehensive UI for tweaking privacy settings, as well as options to block system access to files and registry keys in order to enforce privacy whenever Windows does not provide a satisfying setting for that. 7 | 8 | To solve privacy issues with other software the tool includes a powerful custom firewall frontend for the windows built in firewall. 9 | 10 | # Licensing 11 | This tool is open source; however the license is a bit more restrictive than typical open source licenses. If you want to publically distribute your self-compiled binaries review the LICENSE file for details. 12 | 13 | 14 | # Donations 15 | Patreon: https://www.patreon.com/DavidXanatos 16 | 17 | Monero: `46WUG1NqDsWEyydYdCftsN3t9GHK2S5Yr1tFHMiXfzNVFofiF2kdRhiiKqyho2zyH1cWmL1WkGekgaz3Xmob2SDa1SwrqFs` 18 | -------------------------------------------------------------------------------- /TweakEngine/Properties/AssemblyInfo.cs: -------------------------------------------------------------------------------- 1 | using System.Reflection; 2 | using System.Runtime.CompilerServices; 3 | using System.Runtime.InteropServices; 4 | 5 | // General Information about an assembly is controlled through the following 6 | // set of attributes. Change these attribute values to modify the information 7 | // associated with an assembly. 8 | [assembly: AssemblyTitle("TweakEngine")] 9 | [assembly: AssemblyDescription("")] 10 | [assembly: AssemblyConfiguration("")] 11 | [assembly: AssemblyCompany("")] 12 | [assembly: AssemblyProduct("TweakEngine")] 13 | [assembly: AssemblyCopyright("Copyright © 2020")] 14 | [assembly: AssemblyTrademark("")] 15 | [assembly: AssemblyCulture("")] 16 | 17 | // Setting ComVisible to false makes the types in this assembly not visible 18 | // to COM components. If you need to access a type in this assembly from 19 | // COM, set the ComVisible attribute to true on that type. 20 | [assembly: ComVisible(false)] 21 | 22 | // The following GUID is for the ID of the typelib if this project is exposed to COM 23 | [assembly: Guid("35fb284f-77e2-4336-b60d-2cd39522b014")] 24 | 25 | // Version information for an assembly consists of the following four values: 26 | // 27 | // Major Version 28 | // Minor Version 29 | // Build Number 30 | // Revision 31 | // 32 | // You can specify all the values or you can default the Build and Revision Numbers 33 | // by using the '*' as shown below: 34 | // [assembly: AssemblyVersion("1.0.*")] 35 | [assembly: AssemblyVersion("1.0.0.0")] 36 | [assembly: AssemblyFileVersion("1.0.0.0")] 37 | -------------------------------------------------------------------------------- /WinFirewallAPI/Properties/AssemblyInfo.cs: -------------------------------------------------------------------------------- 1 | using System.Reflection; 2 | using System.Runtime.CompilerServices; 3 | using System.Runtime.InteropServices; 4 | 5 | // General Information about an assembly is controlled through the following 6 | // set of attributes. Change these attribute values to modify the information 7 | // associated with an assembly. 8 | [assembly: AssemblyTitle("WinFirewallAPI")] 9 | [assembly: AssemblyDescription("")] 10 | [assembly: AssemblyConfiguration("")] 11 | [assembly: AssemblyCompany("")] 12 | [assembly: AssemblyProduct("WinFirewallAPI")] 13 | [assembly: AssemblyCopyright("Copyright © 2020")] 14 | [assembly: AssemblyTrademark("")] 15 | [assembly: AssemblyCulture("")] 16 | 17 | // Setting ComVisible to false makes the types in this assembly not visible 18 | // to COM components. If you need to access a type in this assembly from 19 | // COM, set the ComVisible attribute to true on that type. 20 | [assembly: ComVisible(false)] 21 | 22 | // The following GUID is for the ID of the typelib if this project is exposed to COM 23 | [assembly: Guid("3a5cbf66-2e66-4ce1-aa89-7af50d9db29b")] 24 | 25 | // Version information for an assembly consists of the following four values: 26 | // 27 | // Major Version 28 | // Minor Version 29 | // Build Number 30 | // Revision 31 | // 32 | // You can specify all the values or you can default the Build and Revision Numbers 33 | // by using the '*' as shown below: 34 | // [assembly: AssemblyVersion("1.0.*")] 35 | [assembly: AssemblyVersion("1.0.0.0")] 36 | [assembly: AssemblyFileVersion("1.0.0.0")] 37 | --------------------------------------------------------------------------------