├── .vs
├── ProjectSettings.json
├── SysvolExplorer
│ └── v16
│ │ ├── .suo
│ │ └── Browse.VC.db
├── VSWorkspaceState.json
└── slnx.sqlite
├── README.md
└── sysvolcrawler
├── .vs
└── SysvolCrawler
│ └── v16
│ ├── .suo
│ ├── Browse.VC.db
│ └── ipch
│ └── AutoPCH
│ └── 7e26579d7dae2400
│ └── MAIN.ipch
├── SysvolCrawler.sln
├── SysvolCrawler
├── AASParser.cpp
├── AASParser.h
├── AASPrinter.cpp
├── AASPrinter.h
├── ADMFILESiniParser.cpp
├── ADMFILESiniParser.h
├── ADMFILESiniPrinter.cpp
├── ADMFILESiniPrinter.h
├── ADMParser.cpp
├── ADMParser.h
├── ADMPrinter.cpp
├── ADMPrinter.h
├── Common.cpp
├── Common.h
├── DACLParser.cpp
├── DACLParser.h
├── DACLPrinter.cpp
├── DACLPrinter.h
├── DENIEDParser.cpp
├── DENIEDParser.h
├── DENIEDPrinter.cpp
├── DENIEDPrinter.h
├── Dispatcher.cpp
├── Dispatcher.h
├── FDEPLOYiniParser.cpp
├── FDEPLOYiniParser.h
├── FDEPLOYiniPrinter.cpp
├── FDEPLOYiniPrinter.h
├── GPEiniParser.cpp
├── GPEiniParser.h
├── GPEiniPrinter.cpp
├── GPEiniPrinter.h
├── GPTiniParser.cpp
├── GPTiniParser.h
├── GPTiniPrinter.cpp
├── GPTiniPrinter.h
├── IEAKParser.cpp
├── IEAKParser.h
├── IEAKPrinter.cpp
├── IEAKPrinter.h
├── INFParser.cpp
├── INFParser.h
├── INFPrinter.cpp
├── INFPrinter.h
├── INIGenericParser.cpp
├── INIGenericParser.h
├── INIGenericPrinter.cpp
├── INIGenericPrinter.h
├── LDAPCrawler.cpp
├── LDAPCrawler.h
├── LDAPPrinter.cpp
├── LDAPPrinter.h
├── MISCParser.cpp
├── MISCParser.h
├── MISCPrinter.cpp
├── MISCPrinter.h
├── Main.cpp
├── Main.h
├── POLParser.cpp
├── POLParser.h
├── POLPrinter.cpp
├── POLPrinter.h
├── PREFERENCESParser.cpp
├── PREFERENCESParser.h
├── PREFERENCESPrinter.cpp
├── PREFERENCESPrinter.h
├── PrinterCommon.cpp
├── PrinterCommon.h
├── SCRIPTSiniParser.cpp
├── SCRIPTSiniParser.h
├── SCRIPTSiniPrinter.cpp
├── SCRIPTSiniPrinter.h
├── SysvolCrawler.vcxproj
├── SysvolCrawler.vcxproj.filters
└── x64
│ └── Debug
│ ├── AASParser.obj
│ ├── AASPrinter.obj
│ ├── ADMFILESiniParser.obj
│ ├── ADMFILESiniPrinter.obj
│ ├── ADMParser.obj
│ ├── ADMPrinter.obj
│ ├── Common.obj
│ ├── DACLParser.obj
│ ├── DACLPrinter.obj
│ ├── DENIEDParser.obj
│ ├── DENIEDPrinter.obj
│ ├── Dispatcher.obj
│ ├── FDEPLOYiniParser.obj
│ ├── FDEPLOYiniPrinter.obj
│ ├── GPEiniParser.obj
│ ├── GPEiniPrinter.obj
│ ├── GPTiniParser.obj
│ ├── GPTiniPrinter.obj
│ ├── IEAKParser.obj
│ ├── IEAKPrinter.obj
│ ├── INFParser.obj
│ ├── INFPrinter.obj
│ ├── INIGenericParser.obj
│ ├── INIGenericPrinter.obj
│ ├── LDAPCrawler.obj
│ ├── LDAPPrinter.obj
│ ├── MISCParser.obj
│ ├── MISCPrinter.obj
│ ├── Main.obj
│ ├── POLParser.obj
│ ├── POLPrinter.obj
│ ├── PREFERENCESParser.obj
│ ├── PREFERENCESPrinter.obj
│ ├── PrinterCommon.obj
│ ├── SCRIPTSiniParser.obj
│ ├── SCRIPTSiniPrinter.obj
│ ├── SysvolCrawler.log
│ ├── SysvolCrawler.tlog
│ ├── CL.command.1.tlog
│ ├── CL.read.1.tlog
│ ├── CL.write.1.tlog
│ ├── SysvolCrawler.lastbuildstate
│ ├── link.command.1.tlog
│ ├── link.read.1.tlog
│ └── link.write.1.tlog
│ ├── vc142.idb
│ └── vc142.pdb
├── bin
├── x64
│ └── SysvolCrawler.exe
└── x86
│ └── SysvolCrawler.exe
└── x64
└── Debug
├── SysvolCrawler.exe
├── SysvolCrawler.ilk
└── SysvolCrawler.pdb
/.vs/ProjectSettings.json:
--------------------------------------------------------------------------------
1 | {
2 | "CurrentProjectSetting": "No Configurations"
3 | }
--------------------------------------------------------------------------------
/.vs/SysvolExplorer/v16/.suo:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gtworek/SysvolExplorer/aa2d809d0390aa07f137aca08fa9a39998e6ef5f/.vs/SysvolExplorer/v16/.suo
--------------------------------------------------------------------------------
/.vs/SysvolExplorer/v16/Browse.VC.db:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gtworek/SysvolExplorer/aa2d809d0390aa07f137aca08fa9a39998e6ef5f/.vs/SysvolExplorer/v16/Browse.VC.db
--------------------------------------------------------------------------------
/.vs/VSWorkspaceState.json:
--------------------------------------------------------------------------------
1 | {
2 | "ExpandedNodes": [
3 | ""
4 | ],
5 | "PreviewInSolutionExplorer": false
6 | }
--------------------------------------------------------------------------------
/.vs/slnx.sqlite:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gtworek/SysvolExplorer/aa2d809d0390aa07f137aca08fa9a39998e6ef5f/.vs/slnx.sqlite
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | SysvolExplorer
2 | ==============
3 |
4 | SysvolExplorer is a collection of tools designed to help security auditors to evaluate the group policy objects of an MS Active Directory architecture.
5 |
6 | A technical study of the group policy engine has been discussed in the press article published in issue #73 of "MISC" magazine (http://www.miscmag.com/).
7 |
8 | ## SysvolCrawler
9 |
10 | The purpose of this software is to gather and store heterogeneous GPO information in one single place, using an easily-parsable format.
11 |
12 | SysvolCrawler implements multiple file parsers to extract GPO data:
13 |
14 | * AAS files
15 | * ADM files
16 | * INF files
17 | * INI files
18 | * POL files
19 | * ...
20 |
21 | The project also includes an LDAP client library in order to extract GPO application policy.
22 |
23 | SysvolCrawler outputs CSV, XML or greapable files.
24 |
25 | This software has been written in C using Microsoft embedded libraries. It has been tested on Active Directory architectures from 2003 to 2012 R2 edition.
26 |
27 | ### How to use it
28 |
29 | SysvolCrawler provides several options to customize your GPO crawling but you can give it a try using:
30 |
31 | SysvolCrawler.exe -d 127.0.0.1 C:\crawler\ \\127.0.0.1\sysvol\domain\policies
32 |
33 | ## SysvolBrowser
34 |
35 | In order to assess the security of AD domains, technical auditors need a way to quickly review GPO policies. SysvolBrowser has been designed to process the huge amount of data collected with SysvolCrawler to highlight potential GPO vulnerabilities.
36 |
37 | The development of the software is currently at an early stage and will be released as soon as possible.
--------------------------------------------------------------------------------
/sysvolcrawler/.vs/SysvolCrawler/v16/.suo:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gtworek/SysvolExplorer/aa2d809d0390aa07f137aca08fa9a39998e6ef5f/sysvolcrawler/.vs/SysvolCrawler/v16/.suo
--------------------------------------------------------------------------------
/sysvolcrawler/.vs/SysvolCrawler/v16/Browse.VC.db:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gtworek/SysvolExplorer/aa2d809d0390aa07f137aca08fa9a39998e6ef5f/sysvolcrawler/.vs/SysvolCrawler/v16/Browse.VC.db
--------------------------------------------------------------------------------
/sysvolcrawler/.vs/SysvolCrawler/v16/ipch/AutoPCH/7e26579d7dae2400/MAIN.ipch:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gtworek/SysvolExplorer/aa2d809d0390aa07f137aca08fa9a39998e6ef5f/sysvolcrawler/.vs/SysvolCrawler/v16/ipch/AutoPCH/7e26579d7dae2400/MAIN.ipch
--------------------------------------------------------------------------------
/sysvolcrawler/SysvolCrawler.sln:
--------------------------------------------------------------------------------
1 |
2 | Microsoft Visual Studio Solution File, Format Version 12.00
3 | # Visual Studio 2013
4 | VisualStudioVersion = 12.0.21005.1
5 | MinimumVisualStudioVersion = 10.0.40219.1
6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "SysvolCrawler", "SysvolCrawler\SysvolCrawler.vcxproj", "{E43D8F5D-7968-4BE7-A1B6-92538ADD857B}"
7 | EndProject
8 | Global
9 | GlobalSection(SolutionConfigurationPlatforms) = preSolution
10 | Debug|Win32 = Debug|Win32
11 | Debug|x64 = Debug|x64
12 | Release|Win32 = Release|Win32
13 | Release|x64 = Release|x64
14 | EndGlobalSection
15 | GlobalSection(ProjectConfigurationPlatforms) = postSolution
16 | {E43D8F5D-7968-4BE7-A1B6-92538ADD857B}.Debug|Win32.ActiveCfg = Debug|x64
17 | {E43D8F5D-7968-4BE7-A1B6-92538ADD857B}.Debug|Win32.Build.0 = Debug|x64
18 | {E43D8F5D-7968-4BE7-A1B6-92538ADD857B}.Debug|x64.ActiveCfg = Debug|x64
19 | {E43D8F5D-7968-4BE7-A1B6-92538ADD857B}.Debug|x64.Build.0 = Debug|x64
20 | {E43D8F5D-7968-4BE7-A1B6-92538ADD857B}.Release|Win32.ActiveCfg = Release|x64
21 | {E43D8F5D-7968-4BE7-A1B6-92538ADD857B}.Release|Win32.Build.0 = Release|x64
22 | {E43D8F5D-7968-4BE7-A1B6-92538ADD857B}.Release|x64.ActiveCfg = Release|Win32
23 | {E43D8F5D-7968-4BE7-A1B6-92538ADD857B}.Release|x64.Build.0 = Release|Win32
24 | EndGlobalSection
25 | GlobalSection(SolutionProperties) = preSolution
26 | HideSolutionNode = FALSE
27 | EndGlobalSection
28 | EndGlobal
29 |
--------------------------------------------------------------------------------
/sysvolcrawler/SysvolCrawler/AASParser.h:
--------------------------------------------------------------------------------
1 | /**************************************************
2 | * SysvolCrawler - AASParser.h
3 | * AUTHOR: Luc Delsalle
4 | *
5 | * Parsing engine for .aas file
6 | * (Application Advertise Script)
7 | *
8 | * ANSSI/COSSI/DTO/BAI - 2014
9 | ***************************************************/
10 |
11 | #ifndef __AAS_PARSER_H__
12 | #define __AAS_PARSER_H__
13 |
14 | #include "Common.h"
15 |
16 | //************** *********************
17 | #define AAS_PARSER_NAME TEXT("AAS parser")
18 | #define AAS_MATCHING_FILE_REGEXP TEXT("*.aas")
19 | #define AAS_MATCHING_FOLDER_REGEXP TEXT("[NON SUPPORTED]")
20 | //************** ********************
21 |
22 | // AAS file signature
23 | #define AAS_FILE_SIGNATURE 1397708873
24 | #define AAS_ARG_NUMBER_MAX 8048
25 | #define AAS_SRC_LST_PUB_MAX_DISK 256
26 |
27 | // Opcode number for AAS data block
28 | #define AAS_OPCODE_HEADER 2
29 | #define AAS_OPCODE_PRODUCTINFO 4
30 | #define AAS_OPCODE_SRCLISTPUB 9
31 | #define AAS_OPCODE_PRODUCTPUB 16
32 | #define AAS_OPCODE_END 3
33 |
34 | // Define argument type for AAS data bloc
35 | typedef WORD AAS_BLOCK_DATATYPE;
36 | #define AAS_DATATYPE_NULLSTRING 0x0000
37 | #define AAS_DATATYPE_32BITSINT 0x4000
38 | #define AAS_DATATYPE_NULLARG 0x8000
39 | #define AAS_DATATYPE_EXTDEDSIZE 0xc000
40 | #define AAS_DATATYPE_ASCIICHAR 0x0000
41 | #define AAS_DATATYPE_BINARYSTRM 0x8000
42 | #define AAS_DATATYPE_UNICODESTR 0xc000
43 |
44 | // Define expected size AAS for data block
45 | #define AAS_BLOCK_HEADER_SIZE 0x24
46 | #define AAS_BLOCK_PRODUCT_INFO_SIZE 0x4c
47 | #define AAS_BLOCK_SOURCE_LIST_PUBLISH_SIZE 0x1424
48 | #define AAS_BLOCK_PRODUCT_PUBLISH_SIZE 0x4
49 | #define AAS_BLOCK_END_SIZE 0xc
50 |
51 | //******* ******
52 | typedef struct _AAS_DATA_UNKNOWN
53 | {
54 | AAS_BLOCK_DATATYPE wDataType;
55 | DWORD wDataLen;
56 | PBYTE pbData;
57 | } AAS_DATA_UNKNOWN, *PAAS_DATA_UNKNOWN;
58 |
59 | typedef struct _AAS_BLOCK_UNKNOWN
60 | {
61 | BYTE bOpcodeNumber;
62 | BYTE bArgumentNumber;
63 |
64 | AAS_DATA_UNKNOWN sDataUnkwnown[AAS_ARG_NUMBER_MAX];
65 | } AAS_BLOCK_UNKNOWN, *PAAS_BLOCK_UNKNOWN;
66 |
67 | // Store HEADER data block
68 | typedef struct _AAS_BLOCK_HEADER
69 | {
70 | PDWORD pdwSignature;
71 | PDWORD pdwVersion;
72 | PDWORD pdwDosTimeStamp;
73 |
74 | PLCID pdwLangID;
75 | PDWORD pdwPlatform;
76 |
77 | PDWORD pdwScriptType;
78 | PDWORD pdwScriptMajorVersion;
79 | PDWORD pdwScriptMinorVersion;
80 | PDWORD pdwScriptAttributes;
81 |
82 | } AAS_BLOCK_HEADER, *PAAS_BLOCK_HEADER;
83 |
84 | // Store PRODUCT_INFO
85 | typedef struct _AAS_BLOCK_PRODUCT_INFO
86 | {
87 | PWCHAR pwProductKey;
88 |
89 | BOOL isProductNameUNICODE;
90 | PWCHAR pwProductName;
91 |
92 | BOOL isPackageNameUNICODE;
93 | PWCHAR pwPackageName;
94 |
95 | PLCID pdwLanguage;
96 | PDWORD pdwVersion;
97 | PDWORD pdwAssignment;
98 | PDWORD pdwObsoleteArg;
99 |
100 | PWCHAR pwProductIcon;
101 |
102 | BOOL isPackageMediaPathUNICODE;
103 | PWCHAR pwPackageMediaPath;
104 |
105 | PWCHAR pwPackageCode;
106 |
107 | PBYTE pbNullArgument1;
108 | PBYTE pbNullArgument2;
109 |
110 | PDWORD pdwInstanceType;
111 | PDWORD pdwLUASetting;
112 | PDWORD pdwRemoteURTInstalls;
113 | PDWORD pdwProductDeploymentFlags;
114 | } AAS_BLOCK_PRODUCT_INFO, *PAAS_BLOCK_PRODUCT_INFO;
115 |
116 | // Store SOURCE_LIST_PUBLISH data block
117 | typedef struct _AAS_BLOCK_SOURCE_LIST_PUBLISH_DISK
118 | {
119 | PDWORD pdwDiskId;
120 |
121 | BOOL isVolumeNameUNICODE;
122 | PWCHAR pwVolumeName;
123 |
124 | BOOL isDiskPromptUNICODE;
125 | PWCHAR pwDiskPrompt;
126 | } AAS_BLOCK_SOURCE_LIST_PUBLISH_DISK, *PAAS_BLOCK_SOURCE_LIST_PUBLISH_DISK;
127 |
128 | typedef struct _AAS_BLOCK_SOURCE_LIST_PUBLISH
129 | {
130 | PWCHAR pwPatchCode;
131 | PWCHAR pwPatchPackageName;
132 |
133 | BOOL isDiskPromptTemplateUNICODE;
134 | PWCHAR pwDiskPromptTemplate;
135 |
136 | BOOL isPackagePathUNICODE;
137 | PWCHAR pwPackagePath;
138 |
139 | PDWORD pdwNumberOfDisks;
140 | AAS_BLOCK_SOURCE_LIST_PUBLISH_DISK sDisks[AAS_SRC_LST_PUB_MAX_DISK];
141 |
142 | BOOL isLaunchPathUNICODE;
143 | PWCHAR pwLaunchPath;
144 |
145 | } AAS_BLOCK_SOURCE_LIST_PUBLISH, *PAAS_BLOCK_SOURCE_LIST_PUBLISH;
146 |
147 | // Store PRODUCT_PUBLISH data block
148 | typedef struct _AAS_BLOCK_PRODUCT_PUBLISH
149 | {
150 | PWCHAR pwProductPublish;
151 | } AAS_BLOCK_PRODUCT_PUBLISH, *PAAS_BLOCK_PRODUCT_PUBLISH;
152 |
153 | // Store END data block
154 | typedef struct _AAS_BLOCK_END
155 | {
156 | PDWORD pdwChecksum;
157 | PDWORD pdwProgressTotalHDWord;
158 | PDWORD pdwProgressTotalLDWord;
159 | } AAS_BLOCK_END, *PAAS_BLOCK_END;
160 |
161 | // Gather AAS data
162 | typedef struct _AAS_FILE_DATA
163 | {
164 | PWCHAR tFilePath;
165 |
166 | PAAS_BLOCK_HEADER pAasHeader;
167 | PAAS_BLOCK_PRODUCT_INFO pAasProductInfo;
168 | PAAS_BLOCK_SOURCE_LIST_PUBLISH pAasSourceListPublish;
169 | PAAS_BLOCK_PRODUCT_PUBLISH pAasProductPublish;
170 | PAAS_BLOCK_END pAasEnd;
171 |
172 | DWORD dwNumberOfUnknwownBlock;
173 | PAAS_BLOCK_UNKNOWN sBlockUnkwnown[AAS_ARG_NUMBER_MAX];
174 | } AAS_FILE_DATA, *PAAS_FILE_DATA;
175 |
176 | //****** ******
177 |
178 | // Forward declaration for printers
179 | extern BOOL PrintData(_In_ PAAS_FILE_DATA pAasData);
180 | extern BOOL PrintAasDataHeader(_In_ PTCHAR tFilePath);
181 | extern BOOL PrintAasDataFooter(_In_ PTCHAR tFilePath);
182 |
183 | // Parser registration
184 | VOID RegisterAasParser(_Inout_ PPARSER_IDENTIFIER *pParserID);
185 | // Entry point for AAS file
186 | BOOL ParseAasFile(_In_ PTCHAR tFilePath);
187 | // Free AAS metastructure
188 | BOOL FreeAasFileData(_Inout_ PAAS_FILE_DATA pAasData);
189 |
190 | BOOL DispatchAASFile(_Inout_ PAAS_FILE_DATA pAasFileData, _In_ PBYTE pbRawData, _In_ PDWORD pdwIndex, _In_ DWORD dwRawDataSize);
191 | PAAS_BLOCK_HEADER FillAasHeader(_In_ PBYTE pbRawData, _In_ PDWORD pdwIndex, _In_ DWORD dwRawDataSize);
192 | PAAS_BLOCK_PRODUCT_INFO FillAasProductInfo(_In_ PBYTE pbRawData, _In_ PDWORD pdwIndex, _In_ DWORD dwRawDataSize);
193 | PAAS_BLOCK_SOURCE_LIST_PUBLISH FillAasSourceListPublish(_In_ PBYTE pbRawData, _In_ PDWORD pdwIndex, _In_ DWORD dwRawDataSize);
194 | PAAS_BLOCK_PRODUCT_PUBLISH FillAasProductPublish(_In_ PBYTE pbRawData, _In_ PDWORD pdwIndex, _In_ DWORD dwRawDataSize);
195 | PAAS_BLOCK_END FillAasEnd(_In_ PBYTE pbRawData, _In_ PDWORD pdwIndex, _In_ DWORD dwRawDataSize);
196 | PAAS_BLOCK_UNKNOWN FillAasUnknownBlock(_In_ PBYTE pbRawData, _In_ PDWORD pdwIndex, _In_ DWORD dwRawDataSize);
197 |
198 | BOOL FreeAasHeaderBlock(_Inout_ PAAS_BLOCK_HEADER pAasHeaderBlock);
199 | BOOL FreeAasProductInfoBlock(_Inout_ PAAS_BLOCK_PRODUCT_INFO pAasProductInfoBlock);
200 | BOOL FreeAasSourceListPublishBlock(_Inout_ PAAS_BLOCK_SOURCE_LIST_PUBLISH pAasSourceListPublishBlock);
201 | BOOL FreeAasProductPublishBlock(_Inout_ PAAS_BLOCK_PRODUCT_PUBLISH pAasProductPublishBlock);
202 | BOOL FreeAasEndBlock(_Inout_ PAAS_BLOCK_END pAasEndBlock);
203 | BOOL FreeAasUnknownBlock(_Inout_ PAAS_BLOCK_UNKNOWN pAasUnkwnownBlock);
204 |
205 | DWORD GetDataSize(_In_ PBYTE pbRawData, _In_ PDWORD pdwIndex, _In_ DWORD dwRawDataSize);
206 | VOID SetDataAttributes(_Inout_ PVOID *pvAttribute, _In_ AAS_BLOCK_DATATYPE wDataType, _In_ PBYTE pbRawData, _In_ PDWORD pdwIndex, _In_ DWORD dwDatalen, _In_ DWORD dwRealDataType);
207 | DWORD VerifyDataTypeAndGetDataSize(_In_ PBYTE pbRawData, _In_ PDWORD pdwIndex, _In_ DWORD dwRawDataSize, _In_ AAS_BLOCK_DATATYPE dwRequiredBlockDataType);
208 |
209 | #endif
--------------------------------------------------------------------------------
/sysvolcrawler/SysvolCrawler/AASPrinter.h:
--------------------------------------------------------------------------------
1 | /**************************************************
2 | * SysvolCrawler - AASPrinter.h
3 | * AUTHOR: Luc Delsalle
4 | *
5 | * Display or export AAS data
6 | *
7 | * ANSSI/COSSI/DTO/BAI - 2014
8 | ***************************************************/
9 |
10 | #ifndef __AASPRINTER_H__
11 | #define __AASPRINTER_H__
12 |
13 | #include "AASParser.h"
14 | #include "PrinterCommon.h"
15 |
16 | //************** *********************
17 | #define OUTPUT_NAME_AAS_FILE TEXT("AdvertisementApplicationFile")
18 | #define OUTPUT_DIRECTORY_AAS_FILE TEXT("[Machine||User]")
19 | //************** ********************
20 |
21 | // Generic dispatcher for printers
22 | BOOL PrintData(_In_ PAAS_FILE_DATA pAasData);
23 | BOOL PrintAasDataHeader(_In_ PTCHAR tFilePath);
24 | BOOL PrintAasDataFooter(_In_ PTCHAR tFilePath);
25 |
26 | // Printers for file format
27 | BOOL PrintXMLData(_In_ PAAS_FILE_DATA pAasData);
28 | BOOL PrintCSVData(_In_ PAAS_FILE_DATA pAasData);
29 | BOOL PrintSTDOUTData(_In_ PAAS_FILE_DATA pAasData);
30 |
31 | #endif
--------------------------------------------------------------------------------
/sysvolcrawler/SysvolCrawler/ADMFILESiniParser.cpp:
--------------------------------------------------------------------------------
1 | /**************************************************
2 | * SysvolCrawler - ADMFILESiniParser.cpp
3 | * AUTHOR: Luc Delsalle
4 | *
5 | * Parsing engine for administrative template file
6 | *
7 | * ANSSI/COSSI/DTO/BAI - 2014
8 | ***************************************************/
9 |
10 | #include "ADMFILESiniParser.h"
11 |
12 | VOID RegisterAdmFilesIniParser(_Inout_ PPARSER_IDENTIFIER *pParserID)
13 | {
14 | *pParserID = (PPARSER_IDENTIFIER) HeapAlloc(hCrawlerHeap, HEAP_ZERO_MEMORY, sizeof (PARSER_IDENTIFIER));
15 | if (!pParserID)
16 | {
17 | DEBUG_LOG(D_ERROR, "Unable to allocate PARSER_IDENTIFIER structure.\r\nExiting now...");
18 | DoExit(D_ERROR);
19 | }
20 |
21 | (*pParserID)->tParserName = ADMFILESINI_PARSER_NAME;
22 | (*pParserID)->tFileMatchingRegExp = ADMFILESINI_MATCHING_FILE_REGEXP;
23 | (*pParserID)->tFolderMatchingRegExp = NULL;
24 | (*pParserID)->pParserEntryPoint = ParseAdmFilesIniFile;
25 | }
26 |
27 | BOOL ParseAdmFilesIniFile(_In_ PTCHAR tFilePath)
28 | {
29 | HANDLE hAdmFilesIniFile = INVALID_HANDLE_VALUE;
30 | PADMFILESINI_FILE_DATA pAdmFilesIniFileData = NULL;
31 | PINI_FILE_DATA pGenericIniFileData = NULL;
32 | DWORD dwFileSize = 0, dwNumberOfBytesRead = 0;
33 | PBYTE pbINIRawDATA = NULL;
34 | BOOL bMemoryAreaMoved = FALSE;
35 |
36 | if (tFilePath == NULL)
37 | {
38 | DEBUG_LOG(D_ERROR, "FILEPATH pointer invalid.\r\nExiting now...");
39 | DoExit(D_ERROR);
40 | }
41 | DEBUG_LOG(D_MISC, "[ADMFILES] Now parsing %ws\r\n", tFilePath);
42 |
43 | hAdmFilesIniFile = CreateFile_s(tFilePath, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
44 | if (hAdmFilesIniFile == INVALID_HANDLE_VALUE)
45 | {
46 | DEBUG_LOG(D_ERROR, "Unable to open file %ws. ErrorCode: %d.\r\n", tFilePath, GetLastError());
47 | SetLastError(ERROR_ACCESS_DENIED);
48 | return FALSE;
49 | }
50 |
51 | dwFileSize = GetFileSize(hAdmFilesIniFile, NULL);
52 | if (dwFileSize == INVALID_FILE_SIZE)
53 | {
54 | DEBUG_LOG(D_ERROR, "Error during reading FileSize for %ws.\r\nExiting now...", tFilePath);
55 | DoExit(D_ERROR);
56 | }
57 |
58 | pbINIRawDATA = (PBYTE) HeapAlloc(hCrawlerHeap, HEAP_ZERO_MEMORY, sizeof (DWORD) * dwFileSize);
59 | if (pbINIRawDATA == NULL)
60 | {
61 | DEBUG_LOG(D_ERROR, "pbINIRawDATA pointer invalid.\r\nExiting now...");
62 | DoExit(D_ERROR);
63 | }
64 |
65 | if (!ReadFile(hAdmFilesIniFile, pbINIRawDATA, dwFileSize, &dwNumberOfBytesRead, NULL))
66 | {
67 | DEBUG_LOG(D_ERROR, "Unable to read file %ws. ErrorCode: %d.\r\n", tFilePath, GetLastError());
68 | return FALSE;
69 | }
70 | CloseHandle(hAdmFilesIniFile);
71 |
72 | if (IsIniFileWcharEncoded(pbINIRawDATA, dwNumberOfBytesRead) == FALSE)
73 | {
74 | PBYTE pbINIRawDATATmp = pbINIRawDATA;
75 |
76 | // ADMFILES.ini seems to be an ANSI file, we need to convert it into WHAR
77 | pbINIRawDATA = (PBYTE) CStrToPtchar(pbINIRawDATA, dwNumberOfBytesRead);
78 | if ((pbINIRawDATATmp != pbINIRawDATA) && (pbINIRawDATATmp))
79 | HeapFree(hCrawlerHeap, NULL, pbINIRawDATATmp);
80 |
81 | dwNumberOfBytesRead *= sizeof (WCHAR);
82 | if (!pbINIRawDATA)
83 | {
84 | DEBUG_LOG(D_ERROR, "Unable to convert file %ws to WideChar.\r\n", tFilePath);
85 | return FALSE;
86 | }
87 | }
88 | else
89 | // ADMFILES.ini seems to be an WCHAR file, we just need to skip the BOM
90 | pbINIRawDATA +=2;
91 |
92 | // Parse file to build generic INI structure
93 | pGenericIniFileData = ParseIniFile((PWCHAR) pbINIRawDATA, dwNumberOfBytesRead, tFilePath);
94 | if (!pGenericIniFileData)
95 | {
96 | DEBUG_LOG(D_ERROR, "Unable to parse generic ini file : %ws.\r\nExiting now...", tFilePath);
97 | DoExit(D_ERROR);
98 | }
99 |
100 | // Create structure wich contains ADMFILES.ini data
101 | pAdmFilesIniFileData = (PADMFILESINI_FILE_DATA) HeapAlloc(hCrawlerHeap, HEAP_ZERO_MEMORY, sizeof (ADMFILESINI_FILE_DATA));
102 | if (pAdmFilesIniFileData == NULL)
103 | {
104 | DEBUG_LOG(D_ERROR, "pAdmFilesIniFileData pointer invalid.\r\nExiting now...");
105 | DoExit(D_ERROR);
106 | }
107 | pAdmFilesIniFileData->dwAdmFileListNum = 0;
108 | pAdmFilesIniFileData->dwNumberOfUnReferrencedSections = 0;
109 | pAdmFilesIniFileData->tFilePath = tFilePath;
110 |
111 | FillAdmFilesIniMethods(pAdmFilesIniFileData, pGenericIniFileData);
112 |
113 | // Keep tracking of unknown sections
114 | if (pGenericIniFileData->iNumberOfSection)
115 | {
116 | pAdmFilesIniFileData->dwNumberOfUnReferrencedSections = pGenericIniFileData->iNumberOfSection;
117 | for (DWORD i = 0; i < pAdmFilesIniFileData->dwNumberOfUnReferrencedSections; ++i)
118 | {
119 | pAdmFilesIniFileData->pUnReferrencedSections[i] = pGenericIniFileData->pSections[i];
120 | }
121 | pGenericIniFileData->iNumberOfSection = 0; // set to 0 in order to prevent double free
122 | }
123 |
124 | // Call printers
125 | PrintAdmFilesIniDataHeader(pAdmFilesIniFileData->tFilePath);
126 | PrintData(pAdmFilesIniFileData);
127 | PrintAdmFilesIniDataFooter(pAdmFilesIniFileData->tFilePath);
128 |
129 | // Cleanup
130 | if (pbINIRawDATA)
131 | {
132 | if (bMemoryAreaMoved == TRUE)
133 | pbINIRawDATA -=2;
134 | HeapFree(hCrawlerHeap, NULL, pbINIRawDATA);
135 | }
136 | FreeAdmFilesIniFileData(pAdmFilesIniFileData);
137 | FreeIniFileData(pGenericIniFileData);
138 | return TRUE;
139 | }
140 |
141 | BOOL FreeAdmFilesIniFileData(_In_ PADMFILESINI_FILE_DATA pAdmFilesIniData)
142 | {
143 | if (pAdmFilesIniData == NULL)
144 | {
145 | DEBUG_LOG(D_ERROR, "ADMFILESINI_FILE_DATA pointer invalid.\r\nExiting now...");
146 | DoExit(D_ERROR);
147 | }
148 |
149 | for (DWORD i = 0; i < pAdmFilesIniData->dwAdmFileListNum; ++i)
150 | {
151 | PADMFILESINI_ADM_DATA pAdmData = pAdmFilesIniData->pAdmFileList[i];
152 |
153 | if (!pAdmData)
154 | continue;
155 |
156 | if (pAdmData->tAdmName)
157 | {
158 | HeapFree(hCrawlerHeap, NULL, pAdmData->tAdmName);
159 | pAdmData->tAdmName = NULL;
160 | }
161 | HeapFree(hCrawlerHeap, NULL, pAdmData);
162 | }
163 |
164 | for (DWORD i = 0; i < pAdmFilesIniData->dwNumberOfUnReferrencedSections; ++i)
165 | {
166 | PINI_SECTION_DATA pSectionToDelete = pAdmFilesIniData->pUnReferrencedSections[i];
167 |
168 | if (pSectionToDelete)
169 | FreeSectionData(pSectionToDelete);
170 | }
171 |
172 | HeapFree(hCrawlerHeap, NULL, pAdmFilesIniData);
173 | pAdmFilesIniData = NULL;
174 | return TRUE;
175 | }
176 |
177 | BOOL FillAdmFilesIniMethods(_Inout_ PADMFILESINI_FILE_DATA pAdmFilesIniData, _In_ PINI_FILE_DATA pGenericIniFileData)
178 | {
179 | DWORD dwSectionsToDelNum = 0;
180 | PINI_SECTION_DATA pSectionsToDelete[MAX_INI_SECTIONS];
181 |
182 | if (!pAdmFilesIniData || !pGenericIniFileData)
183 | {
184 | DEBUG_LOG(D_ERROR, "ADMFILESINI_FILE_DATA or INI_FILE_DATA pointer is invalid.\r\nExiting now...");
185 | DoExit(D_ERROR);
186 | }
187 |
188 | for (DWORD i = 0; i < pGenericIniFileData->iNumberOfSection; ++i)
189 | {
190 | BOOL bIsSectionFound = FALSE;
191 | PINI_SECTION_DATA pCurrSection = pGenericIniFileData->pSections[i];
192 |
193 | if (!pCurrSection)
194 | continue;
195 |
196 | if (_tcsstr(pCurrSection->tSectionName, ADMFILES_FILELIST_SECTION))
197 | {
198 | bIsSectionFound = TRUE;
199 | if (FillAdmFilesIniMethodsActions(pAdmFilesIniData, pCurrSection, i) == FALSE)
200 | {
201 | DEBUG_LOG(D_ERROR, "Unable to handle properties for section %ws.\r\nExiting now...", pCurrSection->tSectionName);
202 | DoExit(D_ERROR);
203 | }
204 | }
205 |
206 | // Section should be deleted
207 | if (bIsSectionFound == TRUE)
208 | {
209 | if (IsSectionEmpty(pCurrSection))
210 | {
211 | pSectionsToDelete[dwSectionsToDelNum] = pCurrSection;
212 | dwSectionsToDelNum++;
213 | }
214 | }
215 | }
216 |
217 | // Delete section only if every component has been handled
218 | for (DWORD i = 0; i < dwSectionsToDelNum; ++i)
219 | {
220 | if (RemoveSectionInIniData(pGenericIniFileData, pSectionsToDelete[i]) == FALSE)
221 | {
222 | DEBUG_LOG(D_ERROR, "Unable to remove property from section.\r\nExiting now...");
223 | DoExit(D_ERROR);
224 | }
225 | }
226 |
227 | return TRUE;
228 | }
229 |
230 | BOOL FillAdmFilesIniMethodsActions(_Inout_ PADMFILESINI_FILE_DATA pAdmFilesIniData, _In_ PINI_SECTION_DATA pGenericIniSection, _In_ DWORD dwSectionNumb)
231 | {
232 | DWORD dwPropertiesToDelNum = 0;
233 | PINI_PROPERTY_DATA pPropertiesToDelete[MAX_INI_PROPERTIES];
234 |
235 | if (!pAdmFilesIniData || !pGenericIniSection)
236 | {
237 | DEBUG_LOG(D_ERROR, "ADMFILESINI_FILE_DATA, INI_SECTION_DATA pointer or section number is invalid.\r\nExiting now...");
238 | DoExit(D_ERROR);
239 | }
240 |
241 | for (DWORD i = 0; i < pGenericIniSection->iNumberOfProperty; ++i)
242 | {
243 | PINI_PROPERTY_DATA pCurrProperty = pGenericIniSection->pProperties[i];
244 | PADMFILESINI_ADM_DATA pNewAdmData = NULL;
245 |
246 | pNewAdmData = (PADMFILESINI_ADM_DATA) HeapAlloc(hCrawlerHeap, NULL, sizeof(ADMFILESINI_ADM_DATA));
247 | if (!pNewAdmData)
248 | {
249 | DEBUG_LOG(D_ERROR, "pNewAdmData pointer invalid.\r\nExiting now...");
250 | DoExit(D_ERROR);
251 | }
252 | pNewAdmData->dwAdmVersion = 0;
253 | pNewAdmData->tAdmName = NULL;
254 |
255 | if (pCurrProperty->tName)
256 | {
257 | DWORD dwPropertyLen = (DWORD) _tcslen(pCurrProperty->tName);
258 |
259 | pNewAdmData->tAdmName = (PTCHAR) HeapAlloc(hCrawlerHeap, NULL, (dwPropertyLen + 1) * sizeof(WCHAR));
260 | if (!(pNewAdmData->tAdmName))
261 | {
262 | DEBUG_LOG(D_ERROR, "tAdmName pointer invalid.\r\nExiting now...");
263 | DoExit(D_ERROR);
264 | }
265 | if (memcpy_s((pNewAdmData->tAdmName), sizeof (TCHAR) * dwPropertyLen, pCurrProperty->tName, sizeof (WCHAR) * dwPropertyLen))
266 | {
267 | DEBUG_LOG(D_ERROR, "Unable to extract adm name.\r\nExiting now...");
268 | DoExit(D_ERROR);
269 | }
270 | pNewAdmData->tAdmName[dwPropertyLen] = TEXT('\0');
271 | }
272 |
273 | if (pCurrProperty->tValue)
274 | {
275 | DWORD dwAdmVersion = _tstoi(pCurrProperty->tValue);
276 |
277 | pNewAdmData->dwAdmVersion = dwAdmVersion;
278 | }
279 |
280 | pAdmFilesIniData->pAdmFileList[pAdmFilesIniData->dwAdmFileListNum] = pNewAdmData;
281 | pAdmFilesIniData->dwAdmFileListNum++;
282 |
283 | pPropertiesToDelete[dwPropertiesToDelNum] = pCurrProperty;
284 | dwPropertiesToDelNum++;
285 | }
286 |
287 | for (DWORD i = 0; i < dwPropertiesToDelNum; ++i)
288 | {
289 | if (RemovePropertyInSection(pGenericIniSection, pPropertiesToDelete[i]) == FALSE)
290 | {
291 | DEBUG_LOG(D_ERROR, "Unable to remove property from section.\r\nExiting now...");
292 | DoExit(D_ERROR);
293 | }
294 | }
295 |
296 | return TRUE;
297 | }
--------------------------------------------------------------------------------
/sysvolcrawler/SysvolCrawler/ADMFILESiniParser.h:
--------------------------------------------------------------------------------
1 | /**************************************************
2 | * SysvolCrawler - ADMFILESiniParser.h
3 | * AUTHOR: Luc Delsalle
4 | *
5 | * Parsing engine for administrative template file
6 | *
7 | * ANSSI/COSSI/DTO/BAI - 2014
8 | ***************************************************/
9 |
10 | #ifndef __ADMFILESINIPARSER_H__
11 | #define __ADMFILESINIPARSER_H__
12 |
13 | #include "Common.h"
14 | #include "INIGenericParser.h"
15 |
16 | //************** *********************
17 | #define ADMFILESINI_PARSER_NAME TEXT("ADMFILES.ini parser")
18 | #define ADMFILESINI_MATCHING_FILE_REGEXP TEXT("admfiles.ini")
19 | #define ADMFILESINI_MATCHING_FOLDER_REGEXP TEXT("[NON SUPPORTED]")
20 | //************** ********************
21 |
22 | #define ADMFILES_MAX_FILES 1024
23 | #define ADMFILES_FILELIST_SECTION TEXT("FileList")
24 |
25 | //******* ******
26 | typedef struct _ADMFILESINI_ADM_DATA
27 | {
28 | PWCHAR tAdmName;
29 | DWORD dwAdmVersion;
30 | } ADMFILESINI_ADM_DATA, *PADMFILESINI_ADM_DATA;
31 |
32 | typedef struct _ADMFILESINI_FILE_DATA
33 | {
34 | PWCHAR tFilePath;
35 |
36 | DWORD dwAdmFileListNum;
37 | PADMFILESINI_ADM_DATA pAdmFileList[ADMFILES_MAX_FILES];
38 |
39 | DWORD dwNumberOfUnReferrencedSections;
40 | PINI_SECTION_DATA pUnReferrencedSections[ADMFILES_MAX_FILES];
41 | } ADMFILESINI_FILE_DATA, *PADMFILESINI_FILE_DATA;
42 | //****** ******
43 |
44 | // Forward declaration for printers
45 | extern BOOL PrintData(_In_ PADMFILESINI_FILE_DATA pAdmFilesIniData);
46 | extern BOOL PrintAdmFilesIniDataHeader(_In_ PTCHAR tFilePath);
47 | extern BOOL PrintAdmFilesIniDataFooter(_In_ PTCHAR tFilePath);
48 |
49 | // Parser registration
50 | VOID RegisterAdmFilesIniParser(_Inout_ PPARSER_IDENTIFIER *pParserID);
51 | // Entry point for GPE.ini
52 | BOOL ParseAdmFilesIniFile(_In_ PTCHAR tFilePath);
53 | BOOL FreeAdmFilesIniFileData(_In_ PADMFILESINI_FILE_DATA pAdmFilesIniData);
54 |
55 | BOOL FillAdmFilesIniMethods(_Inout_ PADMFILESINI_FILE_DATA pAdmFilesIniData, _In_ PINI_FILE_DATA pGenericIniFileData);
56 | BOOL FillAdmFilesIniMethodsActions(_Inout_ PADMFILESINI_FILE_DATA pAdmFilesIniData, _In_ PINI_SECTION_DATA pGenericIniSection, _In_ DWORD dwSectionNumb);
57 |
58 | #endif
--------------------------------------------------------------------------------
/sysvolcrawler/SysvolCrawler/ADMFILESiniPrinter.h:
--------------------------------------------------------------------------------
1 | /**************************************************
2 | * SysvolCrawler - ADMFILESiniPrinter.h
3 | * AUTHOR: Luc Delsalle
4 | *
5 | * Display or export administrative template data
6 | *
7 | * ANSSI/COSSI/DTO/BAI - 2014
8 | ***************************************************/
9 |
10 | #ifndef __ADMFILESINIPPRINTER_H__
11 | #define __ADMFILESINIPPRINTER_H__
12 |
13 | #include "Common.h"
14 | #include "PrinterCommon.h"
15 | #include "ADMFILESiniParser.h"
16 |
17 | //************** *********************
18 | #define OUTPUT_NAME_ADMFILES_INI TEXT("ADMFILESiniFiles")
19 | #define OUTPUT_DIRECTORY_ADMFILES_INI TEXT("Adm")
20 | //************** ********************
21 |
22 | // Generic dispatcher for printers
23 | BOOL PrintData(_In_ PADMFILESINI_FILE_DATA pAdmFilesIniData);
24 | BOOL PrintAdmFilesIniDataHeader(_In_ PTCHAR tFilePath);
25 | BOOL PrintAdmFilesIniDataFooter(_In_ PTCHAR tFilePath);
26 |
27 | // Printers for file format
28 | BOOL PrintXMLData(_In_ PADMFILESINI_FILE_DATA pAdmFilesIniData);
29 | BOOL PrintXMLUnreferencedSectionDataInAdmFiles(_In_ PINI_SECTION_DATA pSectionData, _In_ HANDLE hXMLFile);
30 | BOOL PrintCSVData(_In_ PADMFILESINI_FILE_DATA pAdmFilesIniData);
31 | BOOL PrintSTDOUTData(_In_ PADMFILESINI_FILE_DATA pAdmFilesIniData);
32 |
33 | #endif
--------------------------------------------------------------------------------
/sysvolcrawler/SysvolCrawler/ADMParser.cpp:
--------------------------------------------------------------------------------
1 | /**************************************************
2 | * SysvolCrawler - MISCParser.c
3 | * AUTHOR: Luc Delsalle
4 | *
5 | * Parsing engine for ADM file
6 | *
7 | * ANSSI/COSSI/DTO/BAI - 2014
8 | ***************************************************/
9 |
10 | #include "ADMParser.h"
11 |
12 | VOID RegisterAdmParser(_Inout_ PPARSER_IDENTIFIER *pParserID)
13 | {
14 | *pParserID = (PPARSER_IDENTIFIER)HeapAlloc(hCrawlerHeap, HEAP_ZERO_MEMORY, sizeof (PARSER_IDENTIFIER));
15 | if (!pParserID)
16 | {
17 | DEBUG_LOG(D_ERROR, "Unable to allocate PARSER_IDENTIFIER structure.\r\nExiting now...");
18 | DoExit(D_ERROR);
19 | }
20 |
21 | (*pParserID)->tParserName = ADM_PARSER_NAME;
22 | (*pParserID)->tFileMatchingRegExp = ADM_MATCHING_FILE_REGEXP;
23 | (*pParserID)->tFolderMatchingRegExp = NULL;
24 | (*pParserID)->pParserEntryPoint = ParseAdmFile;
25 | }
26 |
27 | BOOL ParseAdmFile(_In_ PTCHAR tFilePath)
28 | {
29 | PADM_FILE_DATA pAdmData = NULL;
30 | HANDLE hAdmFile = INVALID_HANDLE_VALUE;
31 | DWORD dwFileSize = 0, dwNumberOfBytesRead = 0;
32 | PBYTE pbADMRawDATA = NULL;
33 |
34 | if (tFilePath == NULL)
35 | {
36 | DEBUG_LOG(D_ERROR, "FILEPATH pointer invalid.\r\nExiting now...");
37 | DoExit(D_ERROR);
38 | }
39 | DEBUG_LOG(D_MISC, "[ADM] Now parsing %ws\r\n", tFilePath);
40 |
41 | pAdmData = (PADM_FILE_DATA)HeapAlloc(hCrawlerHeap, HEAP_ZERO_MEMORY, sizeof (ADM_FILE_DATA));
42 | if (!pAdmData)
43 | {
44 | DEBUG_LOG(D_ERROR, "Unable to allocate ADM_FILE_DATA structure.\r\nExiting now...");
45 | DoExit(D_ERROR);
46 | }
47 | pAdmData->dwDataSize = 0;
48 | pAdmData->pbData = NULL;
49 | pAdmData->tFilePath = tFilePath;
50 |
51 | hAdmFile = CreateFile_s(tFilePath, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
52 | if (hAdmFile == INVALID_HANDLE_VALUE)
53 | {
54 | DEBUG_LOG(D_ERROR, "Unable to open file %ws. ErrorCode: %d.\r\n", tFilePath, GetLastError());
55 | SetLastError(ERROR_ACCESS_DENIED);
56 | return FALSE;
57 | }
58 |
59 | dwFileSize = GetFileSize(hAdmFile, NULL);
60 | if (dwFileSize == INVALID_FILE_SIZE)
61 | {
62 | DEBUG_LOG(D_ERROR, "Error during reading FileSize for %ws.\r\nExiting now...", tFilePath);
63 | DoExit(D_ERROR);
64 | }
65 | pAdmData->dwDataSize = dwFileSize;
66 |
67 | // Ensure that the file isnt to heavy for output printer
68 | if (dwFileSize < MISC_MAX_FILE_SIZE)
69 | {
70 | pbADMRawDATA = (PBYTE)HeapAlloc(hCrawlerHeap, HEAP_ZERO_MEMORY, sizeof (DWORD)* dwFileSize);
71 | if (pbADMRawDATA == NULL)
72 | {
73 | DEBUG_LOG(D_ERROR, "Unable to allocate pbMISCRawDATA.\r\nExiting now...");
74 | DoExit(D_ERROR);
75 | }
76 |
77 | if (!ReadFile(hAdmFile, pbADMRawDATA, dwFileSize, &dwNumberOfBytesRead, NULL))
78 | {
79 | DEBUG_LOG(D_ERROR, "Unable to read file %ws. ErrorCode: %d.\r\n", tFilePath, GetLastError());
80 | return FALSE;
81 | }
82 | }
83 | else // if the file is too big, we put error message instead
84 | {
85 | PTCHAR ptMsg = MISC_MAX_FILE_ERR_MSG;
86 | DWORD dwMsgLen = (DWORD)_tcslen(ptMsg);
87 |
88 | DEBUG_LOG(D_WARNING, "The file is %ws too big to be collected. Please save it manually\r\n.", tFilePath);
89 | pbADMRawDATA = (PBYTE)HeapAlloc(hCrawlerHeap, HEAP_ZERO_MEMORY, sizeof(TCHAR)* (dwMsgLen + 1));
90 | if (!pbADMRawDATA)
91 | {
92 | DEBUG_LOG(D_ERROR, "Unable to allocate memory (ErrCode=%d).\r\n.", GetLastError());
93 | DoExit(D_ERROR);
94 | }
95 | if (memcpy_s(pbADMRawDATA, (dwMsgLen + 1) * sizeof (TCHAR), ptMsg, sizeof(TCHAR)* dwMsgLen))
96 | {
97 | DEBUG_LOG(D_ERROR, "Unable to copy message.\r\nExiting now...");
98 | DoExit(D_ERROR);
99 | }
100 | pAdmData->dwDataSize = dwMsgLen;
101 | }
102 | pAdmData->pbData = pbADMRawDATA;
103 | CloseHandle(hAdmFile);
104 |
105 | // Call printers
106 | PrintAdmDataHeader(pAdmData->tFilePath);
107 | PrintData(pAdmData);
108 | PrintAdmDataFooter(pAdmData->tFilePath);
109 |
110 | // Release data
111 | HeapFree(hCrawlerHeap, NULL, pAdmData->pbData);
112 | HeapFree(hCrawlerHeap, NULL, pAdmData);
113 | return TRUE;
114 | }
--------------------------------------------------------------------------------
/sysvolcrawler/SysvolCrawler/ADMParser.h:
--------------------------------------------------------------------------------
1 | /**************************************************
2 | * SysvolCrawler - MISCParser.h
3 | * AUTHOR: Luc Delsalle
4 | *
5 | * Parsing engine for ADM file
6 | *
7 | * ANSSI/COSSI/DTO/BAI - 2014
8 | ***************************************************/
9 |
10 | #ifndef __ADM_PARSER_H__
11 | #define __ADM_PARSER_H__
12 |
13 | #include "Common.h"
14 |
15 | //************** *********************
16 | #define ADM_PARSER_NAME TEXT("ADM file parser")
17 | #define ADM_MATCHING_FILE_REGEXP TEXT("*.adm")
18 | #define ADM_MATCHING_FOLDER_REGEXP TEXT("[NON SUPPORTED]")
19 | //************** ********************
20 |
21 | //******* ******
22 | // Gather generic data for misc file
23 | typedef struct _ADM_FILE_DATA
24 | {
25 | PWCHAR tFilePath;
26 |
27 | DWORD dwDataSize;
28 | PBYTE pbData;
29 | } ADM_FILE_DATA, *PADM_FILE_DATA;
30 | //****** ******
31 |
32 | // Forward declaration for printers
33 | extern BOOL PrintData(_In_ PADM_FILE_DATA pAdmData);
34 | extern BOOL PrintAdmDataHeader(_In_ PTCHAR tFilePath);
35 | extern BOOL PrintAdmDataFooter(_In_ PTCHAR tFilePath);
36 |
37 | // Parser registration
38 | VOID RegisterAdmParser(_Inout_ PPARSER_IDENTIFIER *pParserID);
39 | // Entry point for misc file
40 | BOOL ParseAdmFile(_In_ PTCHAR tFilePath);
41 |
42 | #endif
--------------------------------------------------------------------------------
/sysvolcrawler/SysvolCrawler/ADMPrinter.cpp:
--------------------------------------------------------------------------------
1 | /**************************************************
2 | * SysvolCrawler - MISCPrinter.cpp
3 | * AUTHOR: Luc Delsalle
4 | *
5 | * Display or export ADM data
6 | *
7 | * ANSSI/COSSI/DTO/BAI - 2014
8 | ***************************************************/
9 |
10 | #include "ADMPrinter.h"
11 |
12 | BOOL PrintData(_In_ PADM_FILE_DATA pAdmData)
13 | {
14 | BOOL bRes = TRUE;
15 |
16 | if (pAdmData == NULL)
17 | {
18 | DEBUG_LOG(D_ERROR, "pAdmData pointer invalid.\r\nExiting now...");
19 | DoExit(D_ERROR);
20 | }
21 |
22 | // Call every printer
23 | if ((bRes) && (pSyscrwlrOptions->bShouldPrintXML))
24 | bRes = PrintXMLData(pAdmData);
25 |
26 | if ((bRes) && (pSyscrwlrOptions->bShouldPrintCSV))
27 | bRes = PrintCSVData(pAdmData);
28 |
29 | if ((bRes) && (pSyscrwlrOptions->bShouldPrintSTDOUT))
30 | bRes = PrintSTDOUTData(pAdmData);
31 |
32 | return bRes;
33 | }
34 |
35 | BOOL PrintAdmDataHeader(_In_ PTCHAR tFilePath)
36 | {
37 | DWORD dwDataRead = 0;
38 | LARGE_INTEGER liFileSize;
39 |
40 | if (!tFilePath)
41 | {
42 | DEBUG_LOG(D_WARNING, "tFilePath is invalid.\r\nExiting now...");
43 | DoExit(D_ERROR);
44 | }
45 |
46 | // Hack for closing xml document. Ugly.
47 | if (pSyscrwlrOptions->bShouldPrintXML)
48 | {
49 | HANDLE hXMLFile = GetFileHandle(OUTPUT_FILE_XML, OUTPUT_DIRECTORY_ADM_FILE, OUTPUT_NAME_ADM_FILE);
50 |
51 | if (!GetFileSizeEx(hXMLFile, &liFileSize))
52 | {
53 | DEBUG_LOG(D_WARNING, "Unable to determine file size.\r\nExiting now...");
54 | DoExit(D_ERROR);
55 | }
56 |
57 | if ((liFileSize.HighPart == 0) && (liFileSize.LowPart == 0))
58 | {
59 | // New file, we need to add xml header
60 | if (WriteFile(hXMLFile, TEXT("\r\n"), (DWORD)(_tcslen(TEXT("\r\n")) * sizeof (TCHAR)), &dwDataRead, NULL) == FALSE)
61 | goto writerror;
62 |
63 | if ((WriteFile(hXMLFile, TEXT("<"), (DWORD)(_tcslen(TEXT("<")) * sizeof (TCHAR)), &dwDataRead, NULL) == FALSE)
64 | || (WriteFile(hXMLFile, OUTPUT_NAME_ADM_FILE, (DWORD)(_tcslen(OUTPUT_NAME_ADM_FILE) * sizeof (TCHAR)), &dwDataRead, NULL) == FALSE)
65 | || (WriteFile(hXMLFile, TEXT(".xml>\r\n"), (DWORD)(_tcslen(TEXT(".xml>\r\n")) * sizeof (TCHAR)), &dwDataRead, NULL) == FALSE))
66 | goto writerror;
67 | }
68 |
69 | if ((WriteFile(hXMLFile, TEXT("\r\n"), (DWORD)(_tcslen(TEXT("\">\r\n")) * sizeof (TCHAR)), &dwDataRead, NULL) == FALSE))
72 | goto writerror;
73 |
74 | CloseHandle(hXMLFile);
75 | }
76 |
77 | if (pSyscrwlrOptions->bShouldPrintCSV)
78 | {
79 | HANDLE hCSVFile = GetFileHandle(OUTPUT_FILE_CSV, OUTPUT_DIRECTORY_ADM_FILE, OUTPUT_NAME_ADM_FILE);
80 | LARGE_INTEGER liFileSize;
81 |
82 | if (!GetFileSizeEx(hCSVFile, &liFileSize))
83 | {
84 | DEBUG_LOG(D_WARNING, "Unable to determine file size.\r\nExiting now...");
85 | DoExit(D_ERROR);
86 | }
87 |
88 | if ((liFileSize.HighPart == 0) && (liFileSize.LowPart == 0))
89 | {
90 | if (WriteFile(hCSVFile, TEXT("File;Size;Data\r\n"), (DWORD)(_tcslen(TEXT("File;Size;Data\r\n")) * sizeof (TCHAR)), &dwDataRead, NULL) == FALSE)
91 | goto writerror;
92 | }
93 | CloseHandle(hCSVFile);
94 | }
95 | return TRUE;
96 |
97 | writerror:
98 | DEBUG_LOG(D_WARNING, "Unable to write DATA HEADER for ADM printer.\r\nExiting now...");
99 | DoExit(D_ERROR);
100 | return FALSE;
101 | }
102 |
103 | BOOL PrintAdmDataFooter(_In_ PTCHAR tFilePath)
104 | {
105 | DWORD dwDataRead = 0;
106 |
107 | // Hack for closing xml document. Ugly.
108 | if (pSyscrwlrOptions->bShouldPrintXML)
109 | {
110 | HANDLE hXMLFile = GetFileHandle(OUTPUT_FILE_XML, OUTPUT_DIRECTORY_ADM_FILE, OUTPUT_NAME_ADM_FILE);
111 | if (WriteFile(hXMLFile, TEXT("\r\n"), (DWORD)(_tcslen(TEXT("\r\n")) * sizeof (TCHAR)), &dwDataRead, NULL) == FALSE)
112 | goto writerror;
113 | CloseHandle(hXMLFile);
114 | }
115 | return TRUE;
116 |
117 | writerror:
118 | DEBUG_LOG(D_WARNING, "Unable to write DATA FOOTER for ADM printer.\r\nExiting now...");
119 | DoExit(D_ERROR);
120 | return FALSE;
121 | }
122 |
123 | BOOL PrintXMLData(_In_ PADM_FILE_DATA pAdmData)
124 | {
125 | DWORD dwDataRead = 0, dwSizeLength = 0;
126 | HANDLE hAdmFile = GetFileHandle(OUTPUT_FILE_XML, OUTPUT_DIRECTORY_ADM_FILE, OUTPUT_NAME_ADM_FILE);
127 | TCHAR tSize[100];
128 | PTCHAR tData = NULL;
129 |
130 | if (!pAdmData || !(pAdmData->pbData) || !(pAdmData->tFilePath))
131 | {
132 | DEBUG_LOG(D_WARNING, "PADM_FILE_DATA invalid for ADM file.\r\n");
133 | DoExit(D_WARNING);
134 | }
135 |
136 | if (hAdmFile == INVALID_HANDLE_VALUE)
137 | {
138 | DEBUG_LOG(D_WARNING, "Handle to hAdmFile is invalid.\r\nExiting now...");
139 | DoExit(D_ERROR);
140 | }
141 |
142 | tData = GetBase64FromByte(pAdmData->pbData, pAdmData->dwDataSize);
143 | dwSizeLength = _stprintf_s(tSize, 100, TEXT("%d"), (pAdmData->dwDataSize));
144 |
145 | if ((WriteFile(hAdmFile, TEXT("\t\t\r\n"), (DWORD)(_tcslen(TEXT("\"/>\r\n")) * sizeof (TCHAR)), &dwDataRead, NULL) == FALSE))
150 | goto writerror;
151 |
152 | HeapFree(hCrawlerHeap, NULL, tData);
153 | CloseHandle(hAdmFile);
154 | return TRUE;
155 | writerror:
156 | DEBUG_LOG(D_WARNING, "Unable to write XML DATA.\r\nExiting now...");
157 | DoExit(D_ERROR);
158 | return FALSE;
159 | }
160 |
161 | BOOL PrintCSVData(_In_ PADM_FILE_DATA pAdmData)
162 | {
163 | DWORD dwDataRead = 0, dwSizeLength = 0;
164 | HANDLE hADMFile = GetFileHandle(OUTPUT_FILE_CSV, OUTPUT_DIRECTORY_ADM_FILE, OUTPUT_NAME_ADM_FILE);
165 | TCHAR tSize[100];
166 | PTCHAR tData = NULL;
167 |
168 | if (!pAdmData || !(pAdmData->pbData) || !(pAdmData->tFilePath))
169 | {
170 | DEBUG_LOG(D_WARNING, "PADM_FILE_DATA invalid for ADM file.\r\n");
171 | DoExit(D_WARNING);
172 | }
173 |
174 | if (hADMFile == INVALID_HANDLE_VALUE)
175 | {
176 | DEBUG_LOG(D_WARNING, "Handle to hADMFile is invalid.\r\nExiting now...");
177 | DoExit(D_ERROR);
178 | }
179 |
180 | tData = GetBase64FromByte(pAdmData->pbData, pAdmData->dwDataSize);
181 | dwSizeLength = _stprintf_s(tSize, 100, TEXT("%d"), (pAdmData->dwDataSize));
182 |
183 | if ((WriteFile(hADMFile, pAdmData->tFilePath, (DWORD)(_tcslen(pAdmData->tFilePath) * sizeof (WCHAR)), &dwDataRead, NULL) == FALSE)
184 | || (WriteFile(hADMFile, TEXT(";"), (DWORD)(_tcslen(TEXT(";")) * sizeof (TCHAR)), &dwDataRead, NULL) == FALSE)
185 | || (WriteFile(hADMFile, tSize, (DWORD)(_tcslen(tSize) * sizeof (WCHAR)), &dwDataRead, NULL) == FALSE)
186 | || (WriteFile(hADMFile, TEXT(";"), (DWORD)(_tcslen(TEXT(";")) * sizeof (TCHAR)), &dwDataRead, NULL) == FALSE)
187 | || (WriteFile(hADMFile, tData, (DWORD)(_tcslen(tData) * sizeof (WCHAR)), &dwDataRead, NULL) == FALSE)
188 | || (WriteFile(hADMFile, TEXT("\r\n"), (DWORD)(_tcslen(TEXT("\r\n")) * sizeof (TCHAR)), &dwDataRead, NULL) == FALSE))
189 | goto writerror;
190 |
191 | HeapFree(hCrawlerHeap, NULL, tData);
192 | CloseHandle(hADMFile);
193 | return TRUE;
194 | writerror:
195 | DEBUG_LOG(D_WARNING, "Unable to write CSV DATA.\r\nExiting now...");
196 | DoExit(D_ERROR);
197 | return FALSE;
198 | }
199 |
200 | BOOL PrintSTDOUTData(_In_ PADM_FILE_DATA pAdmData)
201 | {
202 | PTCHAR tData = NULL;
203 |
204 | if (!pAdmData || !(pAdmData->pbData) || !(pAdmData->tFilePath))
205 | {
206 | DEBUG_LOG(D_WARNING, "PADM_FILE_DATA invalid for ADM file.\r\n");
207 | DoExit(D_WARNING);
208 | }
209 |
210 | tData = GetBase64FromByte(pAdmData->pbData, pAdmData->dwDataSize);
211 |
212 | printf("[ADM] File=%ws Size=%d Data=%ws\r\n", pAdmData->tFilePath, pAdmData->dwDataSize, tData);
213 |
214 | HeapFree(hCrawlerHeap, NULL, tData);
215 | return TRUE;
216 | }
--------------------------------------------------------------------------------
/sysvolcrawler/SysvolCrawler/ADMPrinter.h:
--------------------------------------------------------------------------------
1 | /**************************************************
2 | * SysvolCrawler - INFPrinter.h
3 | * AUTHOR: Luc Delsalle
4 | *
5 | * Display or export ADM data
6 | *
7 | * ANSSI/COSSI/DTO/BAI - 2014
8 | ***************************************************/
9 |
10 | #ifndef __ADM_PRINTER_H__
11 | #define __ADM_PRINTER_H__
12 |
13 | #include "ADMParser.h"
14 | #include "PrinterCommon.h"
15 |
16 | //************** *********************
17 | #define OUTPUT_NAME_ADM_FILE TEXT("AdmFiles")
18 | #define OUTPUT_DIRECTORY_ADM_FILE TEXT("Adm")
19 | //************** ********************
20 |
21 | // Generic dispatcher for printers
22 | BOOL PrintData(_In_ PADM_FILE_DATA pAdmData);
23 | BOOL PrintMiscDataHeader(_In_ PTCHAR tFilePath);
24 | BOOL PrintMiscDataFooter(_In_ PTCHAR tFilePath);
25 |
26 | // Printers for file format
27 | BOOL PrintXMLData(_In_ PADM_FILE_DATA pAdmData);
28 | BOOL PrintCSVData(_In_ PADM_FILE_DATA pAdmData);
29 | BOOL PrintSTDOUTData(_In_ PADM_FILE_DATA pAdmData);
30 |
31 | #endif
--------------------------------------------------------------------------------
/sysvolcrawler/SysvolCrawler/Common.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gtworek/SysvolExplorer/aa2d809d0390aa07f137aca08fa9a39998e6ef5f/sysvolcrawler/SysvolCrawler/Common.cpp
--------------------------------------------------------------------------------
/sysvolcrawler/SysvolCrawler/Common.h:
--------------------------------------------------------------------------------
1 | /**************************************************
2 | * SysvolCrawler - Common.h
3 | * AUTHOR: Luc Delsalle
4 | *
5 | * Common file for projet
6 | *
7 | * ANSSI/COSSI/DTO/BAI - 2014
8 | ***************************************************/
9 |
10 | #ifndef __COMMON_H__
11 | #define __COMMON_H__
12 |
13 | #include
14 | #include
15 | #include
16 |
17 | // Define crawler version
18 | #define CRAWLER_VERSION TEXT("0.5e")
19 |
20 | // DEBUG Mode
21 | #define DEBUG_TO_STDOUT true
22 | #define DEFAULT_DEBUG_LEVEL 5
23 | #define DEFAULT_LOGFILE TEXT("SysvolCrawler.log")
24 |
25 | // Define output folername
26 | #define OUTPUT_FOLDER_NAME TEXT("SysCrwlrResults")
27 |
28 | // LDAP default port
29 | #define DEFAULT_LDAP_PORT 389
30 |
31 | // Define logs options
32 | #define D_NOLOG 0
33 | #define D_ERROR 1
34 | #define D_SECURITY_WARNING 2
35 | #define D_WARNING 4
36 | #define D_INFO 5
37 | #define D_MISC 6
38 | #define MAX_LINE 8192
39 |
40 | // Allow parser to know if it is currently processing computer or user settings
41 | typedef DWORD GPO_FILTER_TARGET;
42 | #define GPO_FILTER_UNKNOWN 0
43 | #define GPO_FILTER_TARGET_MACHINE 1
44 | #define GPO_FILTER_TARGET_USER 2
45 |
46 | // Define maximum file size to be store by MISC parser
47 | #define MISC_MAX_FILE_SIZE 0x02000000
48 | #define MISC_MAX_FILE_ERR_MSG TEXT("File too big to be collected.")
49 |
50 | // Store launch parameters
51 | typedef struct _SYSCRWLR_OPTIONS
52 | {
53 | DWORD dwDebugLevel;
54 | BOOL bShouldDumpLDAP;
55 | BOOL bShouldDumpSYSVOL;
56 | BOOL bShouldPrintCSV;
57 | BOOL bShouldPrintXML;
58 | BOOL bShouldPrintSTDOUT;
59 | PTCHAR tADLogin;
60 | PTCHAR tADPassword;
61 | PTCHAR tSysvolFolderPath;
62 | PTCHAR tOutputFolderPath;
63 | PTCHAR tLogFilePath;
64 | PTCHAR tLDAPServer;
65 | DWORD dwLDAPPort;
66 | PTCHAR tDNSName;
67 | } SYSCRWLR_OPTIONS, *PSYSCRWLR_OPTIONS;
68 |
69 | // Store parser metadata
70 | typedef struct _PARSER_IDENTIFIER
71 | {
72 | BOOL (*pParserEntryPoint) (PTCHAR);
73 | PTCHAR tFileMatchingRegExp;
74 | PTCHAR tFolderMatchingRegExp;
75 | PTCHAR tParserName;
76 | } PARSER_IDENTIFIER, *PPARSER_IDENTIFIER;
77 |
78 | // Crawler heap
79 | extern HANDLE hCrawlerHeap;
80 |
81 | // Forward declaration for launch options
82 | extern PSYSCRWLR_OPTIONS pSyscrwlrOptions;
83 |
84 | // Debug macro
85 | VOID DebugLog(_In_ CHAR CONST *function, _In_ CHAR CONST *file, _In_ INT line, _In_ DWORD dwDebugLevel, _In_ CONST CHAR *format, ...);
86 | #define DEBUG_LOG(...) DebugLog(__FUNCTION__, __FILE__, __LINE__, __VA_ARGS__)
87 |
88 | // Standard function library for SysvolCrawler projet
89 | VOID DoExit(_In_ DWORD statuscode);
90 | HANDLE CreateFile_s(_In_ LPCTSTR lpFileName, _In_ DWORD dwDesiredAccess, _In_ DWORD dwShareMode, _In_opt_ LPSECURITY_ATTRIBUTES lpSecurityAttributes, _In_ DWORD dwCreationDisposition, _In_ DWORD dwFlagsAndAttributes, _In_opt_ HANDLE hTemplateFile);
91 | BOOL SetBackupPrivilege();
92 | PTCHAR CStrToPtchar(_In_ CONST PBYTE cstr, _In_ CONST DWORD dwLength);
93 | PCHAR PtcharToCStr(_In_ const PTCHAR tstr);
94 | BOOL GetLine(_In_ PDWORD pdwIndex, _In_ DWORD dwRawDataMaxSize, _In_ PBYTE *pbRawDATA, _Out_ PWCHAR *tResultLine);
95 | BOOL IsLineEmpty(_In_ PWCHAR tLine);
96 | BOOL TrimWhiteSpace(_In_ PWCHAR *pwStr);
97 | GPO_FILTER_TARGET GetTargetGPO(_In_ PTCHAR tFilePath);
98 | PTCHAR rstrstr(_In_ PTCHAR str, _In_ PTCHAR pattern);
99 | BOOL CreateFolderRecursively(_In_ PTCHAR tFolderToCreateOnFS);
100 |
101 | #endif
--------------------------------------------------------------------------------
/sysvolcrawler/SysvolCrawler/DACLParser.cpp:
--------------------------------------------------------------------------------
1 | /**************************************************
2 | * SysvolCrawler - DACLParser.c
3 | * AUTHOR: Luc Delsalle
4 | *
5 | * Extract DACL from GPO files
6 | *
7 | * ANSSI/COSSI/DTO/BAI - 2014
8 | ***************************************************/
9 |
10 | #include "DACLParser.h"
11 |
12 | VOID RegisterDaclParser(_Inout_ PPARSER_IDENTIFIER *pParserID)
13 | {
14 | *pParserID = (PPARSER_IDENTIFIER)HeapAlloc(hCrawlerHeap, HEAP_ZERO_MEMORY, sizeof (PARSER_IDENTIFIER));
15 | if (!pParserID)
16 | {
17 | DEBUG_LOG(D_ERROR, "Unable to allocate PARSER_IDENTIFIER structure.\r\nExiting now...");
18 | DoExit(D_ERROR);
19 | }
20 |
21 | (*pParserID)->tParserName = DACL_PARSER_NAME;
22 | (*pParserID)->tFileMatchingRegExp = NULL;
23 | (*pParserID)->tFolderMatchingRegExp = NULL;
24 | (*pParserID)->pParserEntryPoint = ParseFileDacl;
25 | }
26 |
27 | BOOL ParseFileDacl(_In_ PTCHAR tFilePath)
28 | {
29 | HANDLE hDaclFile = INVALID_HANDLE_VALUE;
30 | PDACL_FILE_DATA pFileDaclData = NULL;
31 | DWORD dwRes = 0;
32 | PACL *ppDacl = NULL;
33 | PSID psidOwner = NULL;
34 | PSECURITY_DESCRIPTOR pSecurityDescriptor = NULL;
35 | PTCHAR tOwnerSidStr = NULL;
36 |
37 | if (tFilePath == NULL)
38 | {
39 | DEBUG_LOG(D_ERROR, "FILEPATH pointer invalid.\r\nExiting now...");
40 | DoExit(D_ERROR);
41 | }
42 | DEBUG_LOG(D_MISC, "[DACL] Now parsing %ws\r\n", tFilePath);
43 |
44 | hDaclFile = CreateFile_s(tFilePath, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
45 | if (hDaclFile == INVALID_HANDLE_VALUE)
46 | {
47 | return FALSE;
48 | }
49 |
50 | pFileDaclData = (PDACL_FILE_DATA)HeapAlloc(hCrawlerHeap, HEAP_ZERO_MEMORY, sizeof (DACL_FILE_DATA));
51 | if (pFileDaclData == NULL)
52 | {
53 | DEBUG_LOG(D_ERROR, "pFileDaclData pointer invalid.\r\nExiting now...");
54 | DoExit(D_ERROR);
55 | }
56 | pFileDaclData->tFilePath = tFilePath;
57 |
58 | dwRes = GetSecurityInfo(hDaclFile, SE_FILE_OBJECT, OWNER_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION, &psidOwner, NULL, ppDacl, NULL, &pSecurityDescriptor);
59 | if (dwRes != ERROR_SUCCESS)
60 | {
61 | DEBUG_LOG(D_ERROR, "Unable to retrieve DACL data for file %ws. ErrorCode: %d.\r\n", tFilePath, GetLastError());
62 | SetLastError(ERROR_ACCESS_DENIED);
63 | return FALSE;
64 | }
65 |
66 | if (!ConvertSidToStringSid(psidOwner, &pFileDaclData->tOwnerSid))
67 | {
68 | DEBUG_LOG(D_ERROR, "Unable to convert Owner SID for file %ws. ErrorCode: %d.\r\n", tFilePath, GetLastError());
69 | return FALSE;
70 | }
71 |
72 | if (!ConvertSecurityDescriptorToStringSecurityDescriptor(pSecurityDescriptor, SDDL_REVISION_1, DACL_SECURITY_INFORMATION, &pFileDaclData->tSDDL, NULL))
73 | {
74 | DEBUG_LOG(D_ERROR, "Unable to convert DACL for file %ws. ErrorCode: %d.\r\n", tFilePath, GetLastError());
75 | return FALSE;
76 | }
77 |
78 | PrintDaclDataHeader(pFileDaclData->tFilePath);
79 | PrintData(pFileDaclData);
80 | PrintDaclDataFooter(pFileDaclData->tFilePath);
81 |
82 | FreeDaclFileData(pFileDaclData);
83 | return TRUE;
84 | }
85 |
86 | BOOL FreeDaclFileData(_Inout_ PDACL_FILE_DATA pDaclData)
87 | {
88 | if (!pDaclData)
89 | return TRUE;
90 |
91 | if (pDaclData->tOwnerSid)
92 | LocalFree(pDaclData->tOwnerSid);
93 |
94 | if (pDaclData->tSDDL)
95 | LocalFree(pDaclData->tSDDL);
96 |
97 | HeapFree(hCrawlerHeap, NULL, pDaclData);
98 | return TRUE;
99 | }
100 |
--------------------------------------------------------------------------------
/sysvolcrawler/SysvolCrawler/DACLParser.h:
--------------------------------------------------------------------------------
1 | /**************************************************
2 | * SysvolCrawler - DACLParser.c
3 | * AUTHOR: Luc Delsalle
4 | *
5 | * Extract DACL from GPO files
6 | *
7 | * ANSSI/COSSI/DTO/BAI - 2014
8 | ***************************************************/
9 |
10 | #ifndef __DACL_PARSER_H__
11 | #define __DACL_PARSER_H__
12 |
13 | #include "Common.h"
14 | #include "Sddl.h"
15 | #include "accctrl.h"
16 | #include "aclapi.h"
17 |
18 | //************** *********************
19 | #define DACL_PARSER_NAME TEXT("DACL parser")
20 | #define DACL_MATCHING_FILE_REGEXP TEXT("[NON SUPPORTED]")
21 | #define DACL_MATCHING_FOLDER_REGEXP TEXT("[NON SUPPORTED]")
22 | //************** ********************
23 |
24 | // Gather DACL information
25 | typedef struct _DACL_FILE_DATA
26 | {
27 | PWCHAR tFilePath;
28 | PTCHAR tOwnerSid;
29 | PTCHAR tSDDL;
30 | } DACL_FILE_DATA, *PDACL_FILE_DATA;
31 |
32 | // Forward declaration for printers
33 | extern BOOL PrintData(_In_ PDACL_FILE_DATA pDaclData);
34 | extern BOOL PrintDaclDataHeader(_In_ PTCHAR tFilePath);
35 | extern BOOL PrintDaclDataFooter(_In_ PTCHAR tFilePath);
36 |
37 | // Parser registration
38 | VOID RegisterDaclParser(_Inout_ PPARSER_IDENTIFIER *pParserID);
39 | // Entry point for DACL parsing
40 | BOOL ParseFileDacl(_In_ PTCHAR tFilePath);
41 | BOOL FreeDaclFileData(_Inout_ PDACL_FILE_DATA pDaclData);
42 | #endif
--------------------------------------------------------------------------------
/sysvolcrawler/SysvolCrawler/DACLPrinter.cpp:
--------------------------------------------------------------------------------
1 | /**************************************************
2 | * SysvolCrawler - DACLPrinter.h
3 | * AUTHOR: Luc Delsalle
4 | *
5 | * Display or export DACL data
6 | *
7 | * ANSSI/COSSI/DTO/BAI - 2014
8 | ***************************************************/
9 |
10 | #include "DACLPrinter.h"
11 |
12 | BOOL PrintData(_In_ PDACL_FILE_DATA pDaclData)
13 | {
14 | BOOL bRes = TRUE;
15 |
16 | if (pDaclData == NULL)
17 | {
18 | DEBUG_LOG(D_ERROR, "pDaclData pointer invalid.\r\nExiting now...");
19 | DoExit(D_ERROR);
20 | }
21 |
22 | // Call every printer
23 | if ((bRes) && (pSyscrwlrOptions->bShouldPrintXML))
24 | bRes = PrintXMLData(pDaclData);
25 |
26 | if ((bRes) && (pSyscrwlrOptions->bShouldPrintCSV))
27 | bRes = PrintCSVData(pDaclData);
28 |
29 | if ((bRes) && (pSyscrwlrOptions->bShouldPrintSTDOUT))
30 | bRes = PrintSTDOUTData(pDaclData);
31 |
32 | return bRes;
33 | }
34 |
35 | BOOL PrintDaclDataHeader(_In_ PTCHAR tFilePath)
36 | {
37 | DWORD dwDataRead = 0;
38 | LARGE_INTEGER liFileSize;
39 |
40 | if (!tFilePath)
41 | {
42 | DEBUG_LOG(D_WARNING, "tFilePath is invalid.\r\nExiting now...");
43 | DoExit(D_ERROR);
44 | }
45 |
46 | // Hack for closing xml document. Ugly.
47 | if (pSyscrwlrOptions->bShouldPrintXML)
48 | {
49 | HANDLE hXMLFile = GetFileHandle(OUTPUT_FILE_XML, OUTPUT_DIRECTORY_DACL_FILE, OUTPUT_NAME_DACL_FILE);
50 |
51 | if (!GetFileSizeEx(hXMLFile, &liFileSize))
52 | {
53 | DEBUG_LOG(D_WARNING, "Unable to determine file size.\r\nExiting now...");
54 | DoExit(D_ERROR);
55 | }
56 |
57 | if ((liFileSize.HighPart == 0) && (liFileSize.LowPart == 0))
58 | {
59 | // New file, we need to add xml header
60 | if (WriteFile(hXMLFile, TEXT("\r\n"), (DWORD)(_tcslen(TEXT("\r\n")) * sizeof (TCHAR)), &dwDataRead, NULL) == FALSE)
61 | goto writerror;
62 |
63 | if ((WriteFile(hXMLFile, TEXT("<"), (DWORD)(_tcslen(TEXT("<")) * sizeof (TCHAR)), &dwDataRead, NULL) == FALSE)
64 | || (WriteFile(hXMLFile, OUTPUT_NAME_DACL_FILE, (DWORD)(_tcslen(OUTPUT_NAME_DACL_FILE) * sizeof (TCHAR)), &dwDataRead, NULL) == FALSE)
65 | || (WriteFile(hXMLFile, TEXT(".xml>\r\n"), (DWORD)(_tcslen(TEXT(".xml>\r\n")) * sizeof (TCHAR)), &dwDataRead, NULL) == FALSE))
66 | goto writerror;
67 | }
68 |
69 | if ((WriteFile(hXMLFile, TEXT("\r\n"), (DWORD)(_tcslen(TEXT("\">\r\n")) * sizeof (TCHAR)), &dwDataRead, NULL) == FALSE))
72 | goto writerror;
73 |
74 | CloseHandle(hXMLFile);
75 | }
76 |
77 | if (pSyscrwlrOptions->bShouldPrintCSV)
78 | {
79 | HANDLE hCSVFile = GetFileHandle(OUTPUT_FILE_CSV, OUTPUT_DIRECTORY_DACL_FILE, OUTPUT_NAME_DACL_FILE);
80 | LARGE_INTEGER liFileSize;
81 |
82 | if (!GetFileSizeEx(hCSVFile, &liFileSize))
83 | {
84 | DEBUG_LOG(D_WARNING, "Unable to determine file size.\r\nExiting now...");
85 | DoExit(D_ERROR);
86 | }
87 |
88 | if ((liFileSize.HighPart == 0) && (liFileSize.LowPart == 0))
89 | {
90 | if (WriteFile(hCSVFile, TEXT("File;Owner;Dacl\r\n"), (DWORD)(_tcslen(TEXT("File;Owner;Dacl\r\n")) * sizeof (TCHAR)), &dwDataRead, NULL) == FALSE)
91 | goto writerror;
92 | }
93 | CloseHandle(hCSVFile);
94 | }
95 | return TRUE;
96 |
97 | writerror:
98 | DEBUG_LOG(D_WARNING, "Unable to write DATA HEADER for DACL printer.\r\nExiting now...");
99 | DoExit(D_ERROR);
100 | return FALSE;
101 | }
102 |
103 | BOOL PrintDaclDataFooter(_In_ PTCHAR tFilePath)
104 | {
105 | DWORD dwDataRead = 0;
106 |
107 | // Hack for closing xml document. Ugly.
108 | if (pSyscrwlrOptions->bShouldPrintXML)
109 | {
110 | HANDLE hXMLFile = GetFileHandle(OUTPUT_FILE_XML, OUTPUT_DIRECTORY_DACL_FILE, OUTPUT_NAME_DACL_FILE);
111 | if (WriteFile(hXMLFile, TEXT("\r\n"), (DWORD)(_tcslen(TEXT("\r\n")) * sizeof (TCHAR)), &dwDataRead, NULL) == FALSE)
112 | goto writerror;
113 | CloseHandle(hXMLFile);
114 | }
115 | return TRUE;
116 |
117 | writerror:
118 | DEBUG_LOG(D_WARNING, "Unable to write DATA FOOTER for DACL printer.\r\nExiting now...");
119 | DoExit(D_ERROR);
120 | return FALSE;
121 | }
122 |
123 | BOOL PrintXMLData(_In_ PDACL_FILE_DATA pDaclData)
124 | {
125 | HANDLE hDACLFile = GetFileHandle(OUTPUT_FILE_XML, OUTPUT_DIRECTORY_DACL_FILE, OUTPUT_NAME_DACL_FILE);
126 | DWORD dwDataRead = 0;
127 |
128 | if (!pDaclData || !(pDaclData->tOwnerSid) || !(pDaclData->tSDDL))
129 | {
130 | DEBUG_LOG(D_WARNING, "PDACL_FILE_DATA invalid for current file.\r\n");
131 | DoExit(D_WARNING);
132 | }
133 |
134 | if (hDACLFile == INVALID_HANDLE_VALUE)
135 | {
136 | DEBUG_LOG(D_WARNING, "Handle to hMISCFile is invalid.\r\nExiting now...");
137 | DoExit(D_ERROR);
138 | }
139 |
140 | if ((WriteFile(hDACLFile, TEXT("\t\ttOwnerSid, (DWORD)(_tcslen(pDaclData->tOwnerSid) * sizeof (WCHAR)), &dwDataRead, NULL) == FALSE)
142 | || (WriteFile(hDACLFile, TEXT("\" dacl=\""), (DWORD)(_tcslen(TEXT("\" dacl=\"")) * sizeof (TCHAR)), &dwDataRead, NULL) == FALSE)
143 | || (WriteFile(hDACLFile, pDaclData->tSDDL, (DWORD)(_tcslen(pDaclData->tSDDL) * sizeof (WCHAR)), &dwDataRead, NULL) == FALSE)
144 | || (WriteFile(hDACLFile, TEXT("\"/>\r\n"), (DWORD)(_tcslen(TEXT("\"/>\r\n")) * sizeof (TCHAR)), &dwDataRead, NULL) == FALSE))
145 | goto writerror;
146 |
147 | CloseHandle(hDACLFile);
148 | return TRUE;
149 | writerror:
150 | DEBUG_LOG(D_WARNING, "Unable to write XML DATA.\r\nExiting now...");
151 | DoExit(D_ERROR);
152 | return FALSE;
153 | }
154 |
155 | BOOL PrintCSVData(_In_ PDACL_FILE_DATA pDaclData)
156 | {
157 | HANDLE hDACLFile = GetFileHandle(OUTPUT_FILE_CSV, OUTPUT_DIRECTORY_DACL_FILE, OUTPUT_NAME_DACL_FILE);
158 | DWORD dwDataRead = 0;
159 |
160 | if (!pDaclData || !(pDaclData->tOwnerSid) || !(pDaclData->tSDDL))
161 | {
162 | DEBUG_LOG(D_WARNING, "PDACL_FILE_DATA invalid for current file.\r\n");
163 | DoExit(D_WARNING);
164 | }
165 |
166 | if (hDACLFile == INVALID_HANDLE_VALUE)
167 | {
168 | DEBUG_LOG(D_WARNING, "Handle to hDACLFile is invalid.\r\nExiting now...");
169 | DoExit(D_ERROR);
170 | }
171 |
172 | PTCHAR tEscapedOwnerSid = EscapeCSVString(pDaclData->tOwnerSid);
173 | PTCHAR tEscapedDacl = EscapeCSVString(pDaclData->tSDDL);
174 |
175 |
176 | if ((WriteFile(hDACLFile, pDaclData->tFilePath, (DWORD)(_tcslen(pDaclData->tFilePath) * sizeof (WCHAR)), &dwDataRead, NULL) == FALSE)
177 | || (WriteFile(hDACLFile, TEXT(";"), (DWORD)(_tcslen(TEXT(";")) * sizeof (TCHAR)), &dwDataRead, NULL) == FALSE)
178 | || (WriteFile(hDACLFile, tEscapedOwnerSid, (DWORD)(_tcslen(tEscapedOwnerSid) * sizeof (WCHAR)), &dwDataRead, NULL) == FALSE)
179 | || (WriteFile(hDACLFile, TEXT(";"), (DWORD)(_tcslen(TEXT(";")) * sizeof (TCHAR)), &dwDataRead, NULL) == FALSE)
180 | || (WriteFile(hDACLFile, tEscapedDacl, (DWORD)(_tcslen(tEscapedDacl) * sizeof (WCHAR)), &dwDataRead, NULL) == FALSE)
181 | || (WriteFile(hDACLFile, TEXT("\r\n"), (DWORD)(_tcslen(TEXT("\r\n")) * sizeof (TCHAR)), &dwDataRead, NULL) == FALSE))
182 | goto writerror;
183 |
184 | HeapFree(hCrawlerHeap, NULL, tEscapedOwnerSid);
185 | HeapFree(hCrawlerHeap, NULL, tEscapedDacl);
186 | CloseHandle(hDACLFile);
187 | return TRUE;
188 | writerror:
189 | DEBUG_LOG(D_WARNING, "Unable to write CSV DATA.\r\nExiting now...");
190 | DoExit(D_ERROR);
191 | return FALSE;
192 | }
193 |
194 | BOOL PrintSTDOUTData(_In_ PDACL_FILE_DATA pDaclData)
195 | {
196 | PTCHAR tData = NULL;
197 |
198 | if (!pDaclData || !(pDaclData->tOwnerSid) || !(pDaclData->tSDDL))
199 | {
200 | DEBUG_LOG(D_WARNING, "PDACL_FILE_DATA invalid for current file.\r\n");
201 | DoExit(D_WARNING);
202 | }
203 |
204 | printf("[DACL] File=%ws Owner=%ws SDDL=%ws\r\n", pDaclData->tFilePath, pDaclData->tOwnerSid, pDaclData->tSDDL);
205 |
206 | HeapFree(hCrawlerHeap, NULL, tData);
207 | return TRUE;
208 | }
209 |
--------------------------------------------------------------------------------
/sysvolcrawler/SysvolCrawler/DACLPrinter.h:
--------------------------------------------------------------------------------
1 | /**************************************************
2 | * SysvolCrawler - DACLPrinter.h
3 | * AUTHOR: Luc Delsalle
4 | *
5 | * Display or export DACL data
6 | *
7 | * ANSSI/COSSI/DTO/BAI - 2014
8 | ***************************************************/
9 |
10 | #ifndef __DACLPRINTER_H__
11 | #define __DACLPRINTER_H__
12 |
13 | #include "DACLParser.h"
14 | #include "PrinterCommon.h"
15 |
16 | //************** *********************
17 | #define OUTPUT_NAME_DACL_FILE TEXT("FilesDACL")
18 | #define OUTPUT_DIRECTORY_DACL_FILE TEXT("")
19 | //************** ********************
20 |
21 | // Generic dispatcher for printers
22 | BOOL PrintData(_In_ PDACL_FILE_DATA pDaclData);
23 | BOOL PrintDaclDataHeader(_In_ PTCHAR tFilePath);
24 | BOOL PrintDaclDataFooter(_In_ PTCHAR tFilePath);
25 |
26 | // Printers for file format
27 | BOOL PrintXMLData(_In_ PDACL_FILE_DATA pDaclData);
28 | BOOL PrintCSVData(_In_ PDACL_FILE_DATA pDaclData);
29 | BOOL PrintSTDOUTData(_In_ PDACL_FILE_DATA pDaclData);
30 |
31 | #endif
--------------------------------------------------------------------------------
/sysvolcrawler/SysvolCrawler/DENIEDParser.cpp:
--------------------------------------------------------------------------------
1 | /**************************************************
2 | * SysvolCrawler - DENIEDParser.c
3 | * AUTHOR: Luc Delsalle
4 | *
5 | * Parsing engine for file which couldn't be
6 | * opened during CreateFile attempt
7 | *
8 | * ANSSI/COSSI/DTO/BAI - 2014
9 | ***************************************************/
10 |
11 | #include "DENIEDParser.h"
12 |
13 | VOID RegisterDeniedParser(_Inout_ PPARSER_IDENTIFIER *pParserID)
14 | {
15 | *pParserID = (PPARSER_IDENTIFIER) HeapAlloc(hCrawlerHeap, HEAP_ZERO_MEMORY, sizeof (PARSER_IDENTIFIER));
16 | if (!pParserID)
17 | {
18 | DEBUG_LOG(D_ERROR, "Unable to allocate PARSER_IDENTIFIER structure.\r\nExiting now...");
19 | DoExit(D_ERROR);
20 | }
21 |
22 | (*pParserID)->tParserName = DENIED_PARSER_NAME;
23 | (*pParserID)->tFileMatchingRegExp = DENIED_MATCHING_FILE_REGEXP;
24 | (*pParserID)->tFolderMatchingRegExp = NULL;
25 | (*pParserID)->pParserEntryPoint = ParseDeniedFile;
26 | }
27 |
28 | BOOL ParseDeniedFile(_In_ PTCHAR tFilePath)
29 | {
30 | PDENIED_FILE_DATA pDeniedData = NULL;
31 | HANDLE hMiscFile = INVALID_HANDLE_VALUE;
32 | DWORD dwFileSize = 0, dwNumberOfBytesRead = 0;
33 | PBYTE pbMISCRawDATA = NULL;
34 | DWORD dwFileAttributes = 0;
35 |
36 | if (tFilePath == NULL)
37 | {
38 | DEBUG_LOG(D_ERROR, "FILEPATH pointer invalid.\r\nExiting now...");
39 | DoExit(D_ERROR);
40 | }
41 | DEBUG_LOG(D_MISC, "[DENIED] Now handling %ws\r\n", tFilePath);
42 |
43 | pDeniedData = (PDENIED_FILE_DATA) HeapAlloc(hCrawlerHeap, HEAP_ZERO_MEMORY, sizeof (DENIED_FILE_DATA));
44 | if (!pDeniedData)
45 | {
46 | DEBUG_LOG(D_ERROR, "Unable to allocate DENIED_FILE_DATA structure.\r\nExiting now...");
47 | DoExit(D_ERROR);
48 | }
49 | pDeniedData->tFilePath = tFilePath;
50 |
51 | dwFileAttributes = GetFileAttributes(tFilePath);
52 | if (dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY)
53 | pDeniedData->bIsADirectory = TRUE;
54 | else
55 | pDeniedData->bIsADirectory = FALSE;
56 |
57 | // Call printers
58 | PrintDeniedDataHeader(pDeniedData->tFilePath);
59 | PrintData(pDeniedData);
60 | PrintDeniedDataFooter(pDeniedData->tFilePath);
61 |
62 | // Release data
63 | HeapFree(hCrawlerHeap, NULL, pDeniedData);
64 | return TRUE;
65 | }
--------------------------------------------------------------------------------
/sysvolcrawler/SysvolCrawler/DENIEDParser.h:
--------------------------------------------------------------------------------
1 | /**************************************************
2 | * SysvolCrawler - DENIEDParser.h
3 | * AUTHOR: Luc Delsalle
4 | *
5 | * Parsing engine for file which couldn't be
6 | * opened during CreateFile attempt
7 | *
8 | * ANSSI/COSSI/DTO/BAI - 2014
9 | ***************************************************/
10 |
11 | #ifndef __DENIED_PARSER_H__
12 | #define __DENIED_PARSER_H__
13 |
14 | #include "Common.h"
15 |
16 | //************** *********************
17 | #define DENIED_PARSER_NAME TEXT("DENIED file parser")
18 | #define DENIED_MATCHING_FILE_REGEXP TEXT("*.*")
19 | #define DENIED_MATCHING_FOLDER_REGEXP TEXT("[NON SUPPORTED]")
20 | //************** ********************
21 |
22 | //******* ******
23 | // Gather information for ACCESS_DENIED file
24 | typedef struct _DENIED_FILE_DATA
25 | {
26 | PWCHAR tFilePath;
27 | BOOL bIsADirectory;
28 | } DENIED_FILE_DATA, *PDENIED_FILE_DATA;
29 | //****** ******
30 |
31 | // Forward declaration for printers
32 | extern BOOL PrintData(_In_ PDENIED_FILE_DATA pDeniedData);
33 | extern BOOL PrintDeniedDataHeader(_In_ PTCHAR tFilePath);
34 | extern BOOL PrintDeniedDataFooter(_In_ PTCHAR tFilePath);
35 |
36 | // Parser registration
37 | VOID RegisterDeniedParser(_Inout_ PPARSER_IDENTIFIER *pParserID);
38 | // Entry point for ACCESS_DENIED file
39 | BOOL ParseDeniedFile(_In_ PTCHAR tFilePath);
40 |
41 | #endif
--------------------------------------------------------------------------------
/sysvolcrawler/SysvolCrawler/DENIEDPrinter.cpp:
--------------------------------------------------------------------------------
1 | /**************************************************
2 | * SysvolCrawler - DENIEDPrinter.cpp
3 | * AUTHOR: Luc Delsalle
4 | *
5 | * Display data for file which couldn't be opened
6 | * during CreateFile attempt
7 | *
8 | * ANSSI/COSSI/DTO/BAI - 2014
9 | ***************************************************/
10 |
11 | #include "DENIEDPrinter.h"
12 |
13 | BOOL PrintData(_In_ PDENIED_FILE_DATA pDeniedData)
14 | {
15 | BOOL bRes = TRUE;
16 |
17 | if (pDeniedData == NULL)
18 | {
19 | DEBUG_LOG(D_ERROR, "DENIED_FILE_DATA pointer invalid.\r\nExiting now...");
20 | DoExit(D_ERROR);
21 | }
22 |
23 | // Call every printer
24 | if ((bRes) && (pSyscrwlrOptions->bShouldPrintXML))
25 | bRes = PrintXMLData(pDeniedData);
26 |
27 | if ((bRes) && (pSyscrwlrOptions->bShouldPrintCSV))
28 | bRes = PrintCSVData(pDeniedData);
29 |
30 | if ((bRes) && (pSyscrwlrOptions->bShouldPrintSTDOUT))
31 | bRes = PrintSTDOUTData(pDeniedData);
32 |
33 | return bRes;
34 | }
35 |
36 | BOOL PrintDeniedDataHeader(_In_ PTCHAR tFilePath)
37 | {
38 | DWORD dwDataRead = 0;
39 | LARGE_INTEGER liFileSize;
40 |
41 | if (!tFilePath)
42 | {
43 | DEBUG_LOG(D_WARNING, "tFilePath is invalid.\r\nExiting now...");
44 | DoExit(D_ERROR);
45 | }
46 |
47 | // Hack for closing xml document. Ugly.
48 | if (pSyscrwlrOptions->bShouldPrintXML)
49 | {
50 | HANDLE hXMLFile = GetFileHandle(OUTPUT_FILE_XML, OUTPUT_DIRECTORY_DENIED_FILE, OUTPUT_NAME_DENIED_FILE);
51 |
52 | if (!GetFileSizeEx(hXMLFile, &liFileSize))
53 | {
54 | DEBUG_LOG(D_WARNING, "Unable to determine file size.\r\nExiting now...");
55 | DoExit(D_ERROR);
56 | }
57 |
58 | if ((liFileSize.HighPart == 0) && (liFileSize.LowPart == 0))
59 | {
60 | // New file, we need to add xml header
61 | if (WriteFile(hXMLFile, TEXT("\r\n"), (DWORD)(_tcslen(TEXT("\r\n")) * sizeof (TCHAR)), &dwDataRead, NULL) == FALSE)
62 | goto writerror;
63 |
64 | if ((WriteFile(hXMLFile, TEXT("<"), (DWORD)(_tcslen(TEXT("<")) * sizeof (TCHAR)), &dwDataRead, NULL) == FALSE)
65 | || (WriteFile(hXMLFile, OUTPUT_NAME_DENIED_FILE, (DWORD)(_tcslen(OUTPUT_NAME_DENIED_FILE) * sizeof (TCHAR)), &dwDataRead, NULL) == FALSE)
66 | || (WriteFile(hXMLFile, TEXT(".xml>\r\n"), (DWORD)(_tcslen(TEXT(".xml>\r\n")) * sizeof (TCHAR)), &dwDataRead, NULL) == FALSE))
67 | goto writerror;
68 | }
69 |
70 | if ((WriteFile(hXMLFile, TEXT("\r\n"), (DWORD)(_tcslen(TEXT("\">\r\n")) * sizeof (TCHAR)), &dwDataRead, NULL) == FALSE))
73 | goto writerror;
74 |
75 | CloseHandle(hXMLFile);
76 | }
77 |
78 | if (pSyscrwlrOptions->bShouldPrintCSV)
79 | {
80 | HANDLE hCSVFile = GetFileHandle(OUTPUT_FILE_CSV, OUTPUT_DIRECTORY_DENIED_FILE, OUTPUT_NAME_DENIED_FILE);
81 | LARGE_INTEGER liFileSize;
82 |
83 | if (!GetFileSizeEx(hCSVFile, &liFileSize))
84 | {
85 | DEBUG_LOG(D_WARNING, "Unable to determine file size.\r\nExiting now...");
86 | DoExit(D_ERROR);
87 | }
88 |
89 | if ((liFileSize.HighPart == 0) && (liFileSize.LowPart == 0))
90 | {
91 | if (WriteFile(hCSVFile, TEXT("File;Type\r\n"), (DWORD)(_tcslen(TEXT("File;Type\r\n")) * sizeof (TCHAR)), &dwDataRead, NULL) == FALSE)
92 | goto writerror;
93 | }
94 | CloseHandle(hCSVFile);
95 | }
96 | return TRUE;
97 |
98 | writerror:
99 | DEBUG_LOG(D_WARNING, "Unable to write DATA HEADER for DENIED printer.\r\nExiting now...");
100 | DoExit(D_ERROR);
101 | return FALSE;
102 | }
103 |
104 | BOOL PrintDeniedDataFooter(_In_ PTCHAR tFilePath)
105 | {
106 | DWORD dwDataRead = 0;
107 |
108 | // Hack for closing xml document. Ugly.
109 | if (pSyscrwlrOptions->bShouldPrintXML)
110 | {
111 | HANDLE hXMLFile = GetFileHandle(OUTPUT_FILE_XML, OUTPUT_DIRECTORY_DENIED_FILE, OUTPUT_NAME_DENIED_FILE);
112 | if (WriteFile(hXMLFile, TEXT("\r\n"), (DWORD)(_tcslen(TEXT("\r\n")) * sizeof (TCHAR)), &dwDataRead, NULL) == FALSE)
113 | goto writerror;
114 | CloseHandle(hXMLFile);
115 | }
116 | return TRUE;
117 |
118 | writerror:
119 | DEBUG_LOG(D_WARNING, "Unable to write DATA FOOTER for DENIED printer.\r\nExiting now...");
120 | DoExit(D_ERROR);
121 | return FALSE;
122 | }
123 |
124 | BOOL PrintXMLData(_In_ PDENIED_FILE_DATA pDeniedData)
125 | {
126 | DWORD dwDataRead = 0, dwSizeLength = 0;
127 | HANDLE hDENIEDFile = GetFileHandle(OUTPUT_FILE_XML, OUTPUT_DIRECTORY_DENIED_FILE, OUTPUT_NAME_DENIED_FILE);
128 | PTCHAR tFileType = NULL;
129 |
130 | if (!pDeniedData || !(pDeniedData->tFilePath))
131 | {
132 | DEBUG_LOG(D_WARNING, "PDENIED_FILE_DATA invalid for DENIED file.\r\n");
133 | DoExit(D_WARNING);
134 | }
135 |
136 | if (hDENIEDFile == INVALID_HANDLE_VALUE)
137 | {
138 | DEBUG_LOG(D_WARNING, "Handle to hDENIEDFile is invalid.\r\nExiting now...");
139 | DoExit(D_ERROR);
140 | }
141 |
142 | if (pDeniedData->bIsADirectory)
143 | tFileType = TEXT("directory");
144 | else
145 | tFileType = TEXT("file");
146 |
147 | if ((WriteFile(hDENIEDFile, TEXT("\ttFilePath, (DWORD)(_tcslen(pDeniedData->tFilePath) * sizeof (WCHAR)), &dwDataRead, NULL) == FALSE)
149 | || (WriteFile(hDENIEDFile, TEXT("\" type=\""), (DWORD)(_tcslen(TEXT("\" type=\"")) * sizeof (TCHAR)), &dwDataRead, NULL) == FALSE)
150 | || (WriteFile(hDENIEDFile, tFileType, (DWORD)(_tcslen(tFileType) * sizeof (WCHAR)), &dwDataRead, NULL) == FALSE)
151 | || (WriteFile(hDENIEDFile, TEXT("\"/>\r\n"), (DWORD)(_tcslen(TEXT("\"/>\r\n")) * sizeof (TCHAR)), &dwDataRead, NULL) == FALSE))
152 | goto writerror;
153 |
154 | CloseHandle(hDENIEDFile);
155 | return TRUE;
156 | writerror:
157 | DEBUG_LOG(D_WARNING, "Unable to write XML DATA.\r\nExiting now...");
158 | DoExit(D_ERROR);
159 | return FALSE;
160 | }
161 |
162 | BOOL PrintCSVData(_In_ PDENIED_FILE_DATA pDeniedData)
163 | {
164 | DWORD dwDataRead = 0, dwSizeLength = 0;
165 | HANDLE hDENIEDFile = GetFileHandle(OUTPUT_FILE_CSV, OUTPUT_DIRECTORY_DENIED_FILE, OUTPUT_NAME_DENIED_FILE);
166 | PTCHAR tFileType = NULL;
167 |
168 | if (!pDeniedData || !(pDeniedData->tFilePath))
169 | {
170 | DEBUG_LOG(D_WARNING, "PDENIED_FILE_DATA invalid for DENIED file.\r\n");
171 | DoExit(D_WARNING);
172 | }
173 |
174 | if (pDeniedData == INVALID_HANDLE_VALUE)
175 | {
176 | DEBUG_LOG(D_WARNING, "Handle to hDENIEDFile is invalid.\r\nExiting now...");
177 | DoExit(D_ERROR);
178 | }
179 |
180 | if (pDeniedData->bIsADirectory)
181 | tFileType = TEXT("directory");
182 | else
183 | tFileType = TEXT("file");
184 |
185 | if ((WriteFile(hDENIEDFile, pDeniedData->tFilePath, (DWORD)(_tcslen(pDeniedData->tFilePath) * sizeof (WCHAR)), &dwDataRead, NULL) == FALSE)
186 | || (WriteFile(hDENIEDFile, TEXT(";"), (DWORD)(_tcslen(TEXT(";")) * sizeof (TCHAR)), &dwDataRead, NULL) == FALSE)
187 | || (WriteFile(hDENIEDFile, tFileType, (DWORD)(_tcslen(tFileType) * sizeof (WCHAR)), &dwDataRead, NULL) == FALSE)
188 | || (WriteFile(hDENIEDFile, TEXT("\r\n"), (DWORD)(_tcslen(TEXT("\r\n")) * sizeof (TCHAR)), &dwDataRead, NULL) == FALSE))
189 | goto writerror;
190 |
191 | CloseHandle(hDENIEDFile);
192 | return TRUE;
193 | writerror:
194 | DEBUG_LOG(D_WARNING, "Unable to write CSV DATA.\r\nExiting now...");
195 | DoExit(D_ERROR);
196 | return FALSE;
197 | }
198 |
199 | BOOL PrintSTDOUTData(_In_ PDENIED_FILE_DATA pDeniedData)
200 | {
201 | PTCHAR tData = NULL;
202 | PTCHAR tFileType = NULL;
203 |
204 | if (!pDeniedData || !(pDeniedData->tFilePath))
205 | {
206 | DEBUG_LOG(D_WARNING, "PDENIED_FILE_DATA invalid for file.\r\n");
207 | DoExit(D_WARNING);
208 | }
209 |
210 | if (pDeniedData->bIsADirectory)
211 | tFileType = TEXT("directory");
212 | else
213 | tFileType = TEXT("file");
214 |
215 | printf("[DENIED] File=%ws Type=%ws\r\n", pDeniedData->tFilePath, tFileType);
216 |
217 | return TRUE;
218 | }
--------------------------------------------------------------------------------
/sysvolcrawler/SysvolCrawler/DENIEDPrinter.h:
--------------------------------------------------------------------------------
1 | /**************************************************
2 | * SysvolCrawler - INFPrinter.h
3 | * AUTHOR: Luc Delsalle
4 | *
5 | * Display data for file which couldn't be opened
6 | * during CreateFile attempt
7 | *
8 | * ANSSI/COSSI/DTO/BAI - 2014
9 | ***************************************************/
10 |
11 | #ifndef __DENIEDPRINTER_H__
12 | #define __DENIEDPRINTER_H__
13 |
14 | #include "DENIEDParser.h"
15 | #include "PrinterCommon.h"
16 |
17 | //************** *********************
18 | #define OUTPUT_NAME_DENIED_FILE TEXT("DENIEDFiles")
19 | #define OUTPUT_DIRECTORY_DENIED_FILE TEXT("Misc")
20 | //************** ********************
21 |
22 | // Generic dispatcher for printers
23 | BOOL PrintData(_In_ PDENIED_FILE_DATA pDeniedData);
24 | BOOL PrintDeniedDataHeader(_In_ PTCHAR tFilePath);
25 | BOOL PrintDeniedDataFooter(_In_ PTCHAR tFilePath);
26 |
27 | // Printers for file format
28 | BOOL PrintXMLData(_In_ PDENIED_FILE_DATA pDeniedData);
29 | BOOL PrintCSVData(_In_ PDENIED_FILE_DATA pDeniedData);
30 | BOOL PrintSTDOUTData(_In_ PDENIED_FILE_DATA pDeniedData);
31 |
32 | #endif
--------------------------------------------------------------------------------
/sysvolcrawler/SysvolCrawler/Dispatcher.cpp:
--------------------------------------------------------------------------------
1 | /**************************************************
2 | * SysvolCrawler - Dispatcher.c
3 | * AUTHOR: Luc Delsalle
4 | *
5 | * Crawl the SYSVOL and dispatch content to the correct
6 | * parser
7 | *
8 | * ANSSI/COSSI/DTO/BAI - 2014
9 | ***************************************************/
10 |
11 | #include "Dispatcher.h"
12 |
13 | // Array of parsers metadata
14 | PPARSER_IDENTIFIER pParserTable[MAX_PARSER];
15 |
16 | BOOL InitDispatcher()
17 | {
18 | PPARSER_IDENTIFIER pParserID = NULL;
19 |
20 | for (DWORD i = 0; i < MAX_PARSER; ++i)
21 | pParserTable[i] = NULL;
22 |
23 | // Add parser for POL file
24 | RegisterPOLParser(&pParserID);
25 | if (pParserID)
26 | pParserTable[0] = pParserID;
27 | else
28 | {
29 | DEBUG_LOG(D_ERROR, "Failed to register POL parser.\r\n");
30 | return FALSE;
31 | }
32 |
33 | // Add parser for INF file
34 | RegisterInfParser(&pParserID);
35 | if (pParserID)
36 | pParserTable[1] = pParserID;
37 | else
38 | {
39 | DEBUG_LOG(D_ERROR, "Failed to register INF parser.\r\n");
40 | return FALSE;
41 | }
42 |
43 | // Add parser for GPT.ini file
44 | RegisterGptIniParser(&pParserID);
45 | if (pParserID)
46 | pParserTable[2] = pParserID;
47 | else
48 | {
49 | DEBUG_LOG(D_ERROR, "Failed to register GPT.ini parser.\r\n");
50 | return FALSE;
51 | }
52 |
53 | // Add parser for AAS file
54 | RegisterAasParser(&pParserID);
55 | if (pParserID)
56 | pParserTable[3] = pParserID;
57 | else
58 | {
59 | DEBUG_LOG(D_ERROR, "Failed to register AAS parser.\r\n");
60 | return FALSE;
61 | }
62 |
63 | // Add parser for scripts.ini file
64 | RegisterScriptsIniParser(&pParserID);
65 | if (pParserID)
66 | pParserTable[4] = pParserID;
67 | else
68 | {
69 | DEBUG_LOG(D_ERROR, "Failed to register SCRIPTS parser.\r\n");
70 | return FALSE;
71 | }
72 |
73 | // Add parser for GPE.ini file
74 | RegisterGpeIniParser(&pParserID);
75 | if (pParserID)
76 | pParserTable[5] = pParserID;
77 | else
78 | {
79 | DEBUG_LOG(D_ERROR, "Failed to register GPE.ini parser.\r\n");
80 | return FALSE;
81 | }
82 |
83 | // Add parser for IEAK folder
84 | RegisterIeakParser(&pParserID);
85 | if (pParserID)
86 | pParserTable[6] = pParserID;
87 | else
88 | {
89 | DEBUG_LOG(D_ERROR, "Failed to register IEAK folder handler.\r\n");
90 | return FALSE;
91 | }
92 |
93 | // Add parser for PREFERENCES folder
94 | RegisterPreferencesParser(&pParserID);
95 | if (pParserID)
96 | pParserTable[7] = pParserID;
97 | else
98 | {
99 | DEBUG_LOG(D_ERROR, "Failed to register PREFERENCES folder handler.\r\n");
100 | return FALSE;
101 | }
102 |
103 | // Add parser for ADMFILES.ini file
104 | RegisterAdmFilesIniParser(&pParserID);
105 | if (pParserID)
106 | pParserTable[8] = pParserID;
107 | else
108 | {
109 | DEBUG_LOG(D_ERROR, "Failed to register ADMFILES.ini parser.\r\n");
110 | return FALSE;
111 | }
112 |
113 | // Add parser for FDEPLOY.ini file
114 | RegisterFdeployIniParser(&pParserID);
115 | if (pParserID)
116 | pParserTable[9] = pParserID;
117 | else
118 | {
119 | DEBUG_LOG(D_ERROR, "Failed to register FDEPLOY.ini parser.\r\n");
120 | return FALSE;
121 | }
122 |
123 | // Add parser for ADM file
124 | RegisterAdmParser(&pParserID);
125 | if (pParserID)
126 | pParserTable[10] = pParserID;
127 | else
128 | {
129 | DEBUG_LOG(D_ERROR, "Failed to register ADM parser.\r\n");
130 | return FALSE;
131 | }
132 |
133 | //
134 | //FIXME : Add new parser or folder handler
135 | //
136 |
137 | // Add DACL parser
138 | RegisterDaclParser(&pParserID);
139 | if (pParserID)
140 | pParserTable[DACL_PARSER_ID] = pParserID;
141 | else
142 | {
143 | DEBUG_LOG(D_ERROR, "Failed to register DACL parser.\r\n");
144 | return FALSE;
145 | }
146 |
147 | // Add ACCESS_DENIED parser
148 | RegisterDeniedParser(&pParserID);
149 | if (pParserID)
150 | pParserTable[DENIED_PARSER_ID] = pParserID;
151 | else
152 | {
153 | DEBUG_LOG(D_ERROR, "Failed to register DENIED parser.\r\n");
154 | return FALSE;
155 | }
156 |
157 | // Add parser for MISC file
158 | RegisterMiscParser(&pParserID);
159 | if (pParserID)
160 | pParserTable[MISC_PARSER_ID] = pParserID;
161 | else
162 | {
163 | DEBUG_LOG(D_ERROR, "Failed to register MISC parser.\r\n");
164 | return FALSE;
165 | }
166 |
167 | return TRUE;
168 | }
169 |
170 | BOOL FreeDispatcher()
171 | {
172 | for (DWORD i = 0; i < MAX_PARSER; ++i)
173 | {
174 | if (pParserTable[i] != NULL)
175 | {
176 | HeapFree(hCrawlerHeap, NULL, pParserTable[i]);
177 | pParserTable[i] = NULL;
178 | }
179 | }
180 | return TRUE;
181 | }
182 |
183 | BOOL BrowseAndDispatch(_In_ TCHAR *tCurrentPath, _In_ DWORD depth)
184 | {
185 | DWORD dwPathLen = 0;
186 | TCHAR tFindPath[MAX_PATH];
187 | TCHAR tFullNamePath[MAX_PATH];
188 | HANDLE hNode = INVALID_HANDLE_VALUE;
189 | WIN32_FIND_DATA sFindDataMask;
190 | DWORD dwLastError;
191 |
192 | DEBUG_LOG(D_INFO, "Target directory is now: %ws\r\n", tCurrentPath);
193 |
194 | // Format the string which will be pass to regexp engine
195 | StringCchCopy(tFindPath, MAX_PATH, tCurrentPath);
196 | StringCchCat(tFindPath, MAX_PATH, TEXT("\\*"));
197 |
198 | hNode = FindFirstFile(tFindPath, &sFindDataMask);
199 | if (hNode == INVALID_HANDLE_VALUE)
200 | {
201 | dwLastError = GetLastError();
202 | if ((dwLastError == ERROR_ACCESS_DENIED) || (dwLastError == ERROR_SHARING_VIOLATION) || (dwLastError == ERROR_UNEXP_NET_ERR))
203 | goto parsingerror;
204 |
205 | DEBUG_LOG(D_ERROR, "Folder node invalid. Error code %d\r\nExiting now...", dwLastError);
206 | DoExit(1);
207 | }
208 |
209 | // following the file type we dispatch the content to the right parser
210 |
211 | do
212 | {
213 | if (sFindDataMask.cFileName == NULL)
214 | {
215 | DEBUG_LOG(D_WARNING, "Folder node with no name found !\r\n");
216 | continue;
217 | }
218 | else if (!_tcscmp(sFindDataMask.cFileName, TEXT("."))
219 | || !_tcscmp(sFindDataMask.cFileName, TEXT("..")))
220 | continue;
221 |
222 | StringCchCopy(tFullNamePath, MAX_PATH, tCurrentPath);
223 | StringCchCat(tFullNamePath, MAX_PATH, TEXT("\\"));
224 | StringCchCat(tFullNamePath, MAX_PATH, sFindDataMask.cFileName);
225 |
226 | if (sFindDataMask.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY)
227 | {
228 | pParserTable[DACL_PARSER_ID]->pParserEntryPoint(tFullNamePath);
229 | BrowseAndDispatch(tFullNamePath, ++depth);
230 | }
231 | else
232 | DispatchFile(sFindDataMask.cFileName, tFullNamePath);
233 | }
234 | while (FindNextFile(hNode, &sFindDataMask) != 0);
235 |
236 | if (GetLastError() != ERROR_NO_MORE_FILES)
237 | {
238 | DEBUG_LOG(D_ERROR, "Cannot parse all the folder node.\r\n Exiting now...");
239 | DoExit(1);
240 | }
241 |
242 | FindClose(hNode);
243 |
244 | return TRUE;
245 | parsingerror:
246 | if ((dwLastError == ERROR_ACCESS_DENIED) || (dwLastError == ERROR_SHARING_VIOLATION) || (dwLastError == ERROR_UNEXP_NET_ERR)) // Rattrappe les fichiers en ACCESS_DENIED, ERROR_SHARING_VIOLATION ou ERROR_UNEXP_NET_ERR
247 | {
248 | DEBUG_LOG(D_WARNING, "Folder %ws isn't readable. Sending to %ws.\r\n", tCurrentPath, pParserTable[DENIED_PARSER_ID]->tParserName);
249 | pParserTable[DENIED_PARSER_ID]->pParserEntryPoint(tCurrentPath);
250 | }
251 | else
252 | {
253 | DEBUG_LOG(D_ERROR, "Unable to open folder %ws.\r\nExiting now...", tCurrentPath);
254 | DoExit(D_ERROR);
255 | }
256 | return FALSE;
257 | }
258 |
259 | BOOL DispatchFile(_In_ PTCHAR tFileName, _In_ PTCHAR tFilePath)
260 | {
261 | PPARSER_IDENTIFIER pCurrentParserId = NULL;
262 | DWORD dwCpt = 0;
263 | BOOL isFileParsed = FALSE;
264 |
265 | while (pParserTable[dwCpt] != NULL)
266 | {
267 | pCurrentParserId = pParserTable[dwCpt];
268 |
269 | // If the path doesnt match a global folder (eg: IEAK, PREFERENCES, etc.) we handle it in batch
270 | if ((pCurrentParserId->tFolderMatchingRegExp) && (wildcmp(pCurrentParserId->tFolderMatchingRegExp, tFilePath)))
271 | {
272 | if (pCurrentParserId->pParserEntryPoint(tFilePath) == FALSE)
273 | goto parsingerror;
274 | isFileParsed = TRUE;
275 | break;
276 | }
277 |
278 | // If the file need to be parsed, we call the right parser
279 | if ((pCurrentParserId->tFileMatchingRegExp) && (wildcmp(pCurrentParserId->tFileMatchingRegExp, tFileName)))
280 | {
281 | if (pCurrentParserId->pParserEntryPoint(tFilePath) == FALSE)
282 | goto parsingerror;
283 | isFileParsed = TRUE;
284 | break;
285 | }
286 | ++dwCpt;
287 | }
288 |
289 | // Send to generic parser in case of lake of specific parser
290 | if (isFileParsed == FALSE)
291 | {
292 | DEBUG_LOG(D_WARNING, "File %ws with path: %ws isn't a classical SYSVOL file. Sending to %ws.\r\n", tFileName, tFilePath, pParserTable[MISC_PARSER_ID]->tParserName);
293 | if (pParserTable[MISC_PARSER_ID]->pParserEntryPoint(tFilePath) == FALSE)
294 | goto parsingerror;
295 | }
296 |
297 | // In all case we call the dacl parser
298 | if (pParserTable[DACL_PARSER_ID]->pParserEntryPoint(tFilePath) == FALSE)
299 | goto parsingerror;
300 |
301 | return TRUE;
302 | parsingerror:
303 | DWORD dwLastError = GetLastError();
304 | if (dwLastError == ERROR_ACCESS_DENIED) // Catch ACCESS_DENIED file and send it to ACCESS_DENIED parser
305 | {
306 | DEBUG_LOG(D_WARNING, "File %ws with path: %ws isn't readable. Sending to %ws.\r\n", tFileName, tFilePath, pParserTable[DENIED_PARSER_ID]->tParserName);
307 | pParserTable[DENIED_PARSER_ID]->pParserEntryPoint(tFilePath);
308 | }
309 | else
310 | {
311 | DEBUG_LOG(D_ERROR, "Unable to parse %ws.\r\nExiting now...", tFilePath);
312 | DoExit(D_ERROR);
313 | }
314 | return FALSE;
315 | }
316 |
317 | // Fast, lightweight, and simple pattern matching function
318 | // Written by Jack Handy - improved for sysvolcrawler projet
319 | BOOL wildcmp(_In_ TCHAR* wild, _In_ TCHAR* string)
320 | {
321 | TCHAR *cp = NULL, *mp = NULL;
322 |
323 | while ((*string) && (*wild != '*')) {
324 | if ((towlower(*wild) != towlower(*string)) && (*wild != '?')) {
325 | return 0;
326 | }
327 | wild++;
328 | string++;
329 | }
330 |
331 | while (*string) {
332 | if (*wild == '*') {
333 | if (!*++wild) {
334 | return 1;
335 | }
336 | mp = wild;
337 | cp = string+1;
338 | } else if ((towlower(*wild) == towlower(*string)) || (*wild == '?')) {
339 | wild++;
340 | string++;
341 | } else {
342 | wild = mp;
343 | string = cp++;
344 | }
345 | }
346 |
347 | while (*wild == '*') {
348 | wild++;
349 | }
350 |
351 | return !*wild;
352 | }
--------------------------------------------------------------------------------
/sysvolcrawler/SysvolCrawler/Dispatcher.h:
--------------------------------------------------------------------------------
1 | /**************************************************
2 | * SysvolCrawler - Dispatcher.h
3 | * AUTHOR: Luc Delsalle
4 | *
5 | * Crawl the SYSVOL and dispatch content to the correct
6 | * parser
7 | *
8 | * ANSSI/COSSI/DTO/BAI - 2014
9 | ***************************************************/
10 | #ifndef __DISPATCHER_H__
11 | #define __DISPATCHER_H__
12 |
13 | #include "Common.h"
14 | #include
15 |
16 | //Parser definition
17 | #include "POLParser.h"
18 | #include "INFParser.h"
19 | #include "GPTiniParser.h"
20 | #include "AASParser.h"
21 | #include "SCRIPTSiniParser.h"
22 | #include "GPEiniParser.h"
23 | #include "IEAKParser.h"
24 | #include "PREFERENCESParser.h"
25 | #include "ADMFILESiniParser.h"
26 | #include "FDEPLOYiniParser.h"
27 | #include "DACLParser.h"
28 | #include "DENIEDParser.h"
29 | #include "MISCParser.h"
30 | #include "ADMParser.h"
31 |
32 | #define MAX_PARSER 128
33 | #define DACL_PARSER_ID 125
34 | #define DENIED_PARSER_ID 126
35 | #define MISC_PARSER_ID 127
36 |
37 | // Loader SysvolCrawler parsers
38 | BOOL InitDispatcher();
39 | BOOL FreeDispatcher();
40 | // Browse SYSVOL and send file to dispatcher
41 | BOOL BrowseAndDispatch(_In_ TCHAR *tCurrentPath, _In_ DWORD depth);
42 | // Dispatch file to the right parser
43 | BOOL DispatchFile(_In_ PTCHAR tFileName, _In_ PTCHAR tFilePath);
44 |
45 | // Simple regexp engine for file name
46 | BOOL wildcmp(_In_ TCHAR* wild, _In_ TCHAR* string);
47 |
48 | #endif
--------------------------------------------------------------------------------
/sysvolcrawler/SysvolCrawler/FDEPLOYiniParser.h:
--------------------------------------------------------------------------------
1 | /**************************************************
2 | * SysvolCrawler - FDEPLOYiniParser.h
3 | * AUTHOR: Luc Delsalle
4 | *
5 | * Parsing engine for folder deployment file
6 | *
7 | * ANSSI/COSSI/DTO/BAI - 2014
8 | ***************************************************/
9 |
10 | #ifndef __FDEPLOYINIPARSER_H__
11 | #define __FDEPLOYINIPARSER_H__
12 |
13 | #include "Common.h"
14 | #include "INIGenericParser.h"
15 |
16 | //************** *********************
17 | #define FDEPLOYINI_PARSER_NAME TEXT("FDEPLOY.ini parser")
18 | #define FDEPLOYINI_MATCHING_FILE_REGEXP TEXT("fdeploy.ini")
19 | #define FDEPLOYINI_MATCHING_FOLDER_REGEXP TEXT("[NON SUPPORTED]")
20 | //************** ********************
21 |
22 | #define FDEPLOY_MAX_REDIRECTION_VALUES 1024
23 | #define FDEPLOY_MAX_STATUS_VALUES 1024
24 | #define FDEPLOY_STATUS_SECTION TEXT("FolderStatus")
25 | #define FDEPLOY_MYDOCUMENTS_SECTION TEXT("My Documents")
26 | #define FDEPLOY_MYPICTURES_SECTION TEXT("My Pictures")
27 | #define FDEPLOY_APPDATA_SECTION TEXT("Application Data")
28 | #define FDEPLOY_DESKTOP_SECTION TEXT("Desktop")
29 | #define FDEPLOY_STARTMENU_SECTION TEXT("Start Menu")
30 | #define FDEPLOY_PROGRAMS_SECTION TEXT("Programs")
31 | #define FDEPLOY_STARTUP_SECTION TEXT("Startup")
32 |
33 | typedef DWORD FDEPLOY_REDIRECTION_ID;
34 | #define FDEPLOY_MYDOCUMENTS_REDIRECTION_ID 0x1
35 | #define FDEPLOY_MYPICTURES_REDIRECTION_ID 0x2
36 | #define FDEPLOY_APPDATA_REDIRECTION_ID 0x3
37 | #define FDEPLOY_DESKTOP_REDIRECTION_ID 0x4
38 | #define FDEPLOY_STARTMENU_REDIRECTION_ID 0x5
39 | #define FDEPLOY_PROGRAMS_REDIRECTION_ID 0x6
40 | #define FDEPLOY_STARTUP_REDIRECTION_ID 0x7
41 |
42 | //******* ******
43 | typedef struct _FDEPLOYINI_FOLDER_REDIRECTION
44 | {
45 | PTCHAR tTargetedSID;
46 | PTCHAR tRedirectionPath;
47 | } FDEPLOYINI_FOLDER_REDIRECTION, *PFDEPLOYINI_FOLDER_REDIRECTION;
48 |
49 | typedef struct _FDEPLOYINI_FOLDER_STATUS
50 | {
51 | PTCHAR tTargetedFolder;
52 | DWORD dwStatus;
53 | } FDEPLOYINI_FOLDER_STATUS, *PFDEPLOYINI_FOLDER_STATUS;
54 |
55 | typedef struct _FDEPLOYINI_FILE_DATA
56 | {
57 | PWCHAR tFilePath;
58 |
59 | DWORD dwFolderStatusNum;
60 | PFDEPLOYINI_FOLDER_STATUS pFolderStatus[FDEPLOY_MAX_STATUS_VALUES];
61 |
62 | DWORD dwMyDocumentsRedirectionNum;
63 | PFDEPLOYINI_FOLDER_REDIRECTION pMyDocumentsRedirection[FDEPLOY_MAX_REDIRECTION_VALUES];
64 |
65 | DWORD dwMyPicturesRedirectionNum;
66 | PFDEPLOYINI_FOLDER_REDIRECTION pMyPicturesRedirection[FDEPLOY_MAX_REDIRECTION_VALUES];
67 |
68 | DWORD dwAppDataRedirectionNum;
69 | PFDEPLOYINI_FOLDER_REDIRECTION pAppdataRedirection[FDEPLOY_MAX_REDIRECTION_VALUES];
70 |
71 | DWORD dwDesktopRedirectionNum;
72 | PFDEPLOYINI_FOLDER_REDIRECTION pDesktopRedirection[FDEPLOY_MAX_REDIRECTION_VALUES];
73 |
74 | DWORD dwStartMenuRedirectionNum;
75 | PFDEPLOYINI_FOLDER_REDIRECTION pStartMenuRedirection[FDEPLOY_MAX_REDIRECTION_VALUES];
76 |
77 | DWORD dwProgramsRedirectionNum;
78 | PFDEPLOYINI_FOLDER_REDIRECTION pProgramsRedirection[FDEPLOY_MAX_REDIRECTION_VALUES];
79 |
80 | DWORD dwStartupRedirectionNum;
81 | PFDEPLOYINI_FOLDER_REDIRECTION pStartupRedirection[FDEPLOY_MAX_REDIRECTION_VALUES];
82 |
83 | DWORD dwNumberOfUnReferrencedSections;
84 | PINI_SECTION_DATA pUnReferrencedSections[FDEPLOY_MAX_REDIRECTION_VALUES];
85 | } FDEPLOYINI_FILE_DATA, *PFDEPLOYINI_FILE_DATA;
86 | //****** ******
87 |
88 | // Forward declaration for printers
89 | extern BOOL PrintData(_In_ PFDEPLOYINI_FILE_DATA pFdeployIniData);
90 | extern BOOL PrintFdeployIniDataHeader(_In_ PTCHAR tFilePath);
91 | extern BOOL PrintFdeployIniDataFooter(_In_ PTCHAR tFilePath);
92 |
93 | // Parser registration
94 | VOID RegisterFdeployIniParser(_Inout_ PPARSER_IDENTIFIER *pParserID);
95 | // Entry point for GPE.ini
96 | BOOL ParseFdeployIniFile(_In_ PTCHAR tFilePath);
97 | BOOL FreeFdeployIniFileData(_Inout_ PFDEPLOYINI_FILE_DATA pFdeployIniData);
98 |
99 | BOOL FillFdeployIniMethods(_Inout_ PFDEPLOYINI_FILE_DATA pFdeployIniFileData, _In_ PINI_FILE_DATA pGenericIniFileData);
100 | BOOL FillFolderStatusSection(_Inout_ PFDEPLOYINI_FILE_DATA pFdeployIniFileData, _In_ PINI_SECTION_DATA pGenericIniSection, _In_ DWORD dwSectionNumb);
101 | BOOL FillFolderRedirectionSection(_Inout_ PFDEPLOYINI_FILE_DATA pFdeployIniFileData, _In_ PINI_SECTION_DATA pGenericIniSection, _In_ DWORD dwSectionNumb, _In_ FDEPLOY_REDIRECTION_ID dwRedirectionID);
102 | #endif
--------------------------------------------------------------------------------
/sysvolcrawler/SysvolCrawler/FDEPLOYiniPrinter.h:
--------------------------------------------------------------------------------
1 | /**************************************************
2 | * SysvolCrawler - FDEPLOYiniPrinter.h
3 | * AUTHOR: Luc Delsalle
4 | *
5 | * Display or store data for folder deployment file
6 | *
7 | * ANSSI/COSSI/DTO/BAI - 2014
8 | ***************************************************/
9 |
10 | #ifndef __FDEPLOYINIPPRINTER_H__
11 | #define __FDEPLOYINIPPRINTER_H__
12 |
13 | #include "Common.h"
14 | #include "PrinterCommon.h"
15 | #include "FDEPLOYiniParser.h"
16 |
17 | //************** *********************
18 | #define OUTPUT_NAME_FDEPLOY_INI TEXT("FDEPLOYiniFiles")
19 | #define OUTPUT_DIRECTORY_FDEPLOY_INI TEXT("User\\Documents & Settings")
20 | //************** ********************
21 |
22 | // Generic dispatcher for printers
23 | BOOL PrintData(_In_ PFDEPLOYINI_FILE_DATA pFdeployIniFileData);
24 | BOOL PrintFdeployIniDataHeader(_In_ PTCHAR tFilePath);
25 | BOOL PrintFdeployIniDataFooter(_In_ PTCHAR tFilePath);
26 |
27 | // Printers for file format
28 | BOOL PrintXMLData(_In_ PFDEPLOYINI_FILE_DATA pFdeployIniFileData);
29 | BOOL PrintCSVData(_In_ PFDEPLOYINI_FILE_DATA pFdeployIniFileData);
30 | BOOL PrintSTDOUTData(_In_ PFDEPLOYINI_FILE_DATA pFdeployIniFileData);
31 |
32 | BOOL PrintXMLStatusData(_In_ PFDEPLOYINI_FILE_DATA pFdeployIniFileData, _In_ HANDLE hXMLFile);
33 | BOOL PrintXMLRedirectionData(_In_ PFDEPLOYINI_FILE_DATA pFdeployIniFileData, _In_ HANDLE hXMLFile, _In_ FDEPLOY_REDIRECTION_ID dwRedirectionID);
34 | BOOL PrintXMLFdeployUnreferencedSectionData(_In_ PINI_SECTION_DATA pSectionData, _In_ HANDLE hXMLFile);
35 | BOOL PrintCSVStatusData(_In_ PFDEPLOYINI_FILE_DATA pFdeployIniFileData, _In_ HANDLE hCSVFile);
36 | BOOL PrintCSVRedirectionData(_In_ PFDEPLOYINI_FILE_DATA pFdeployIniFileData, _In_ HANDLE hCSVFile, _In_ FDEPLOY_REDIRECTION_ID dwRedirectionID);
37 | BOOL PrintSTDOUTStatusData(_In_ PFDEPLOYINI_FILE_DATA pFdeployIniFileData);
38 | BOOL PrintSTDOUTRedirectionData(_In_ PFDEPLOYINI_FILE_DATA pFdeployIniFileData, _In_ FDEPLOY_REDIRECTION_ID dwRedirectionID);
39 |
40 | #endif
--------------------------------------------------------------------------------
/sysvolcrawler/SysvolCrawler/GPEiniParser.h:
--------------------------------------------------------------------------------
1 | /**************************************************
2 | * SysvolCrawler - GPEiniParser.h
3 | * AUTHOR: Luc Delsalle
4 | *
5 | * Parsing engine for GPE.ini file
6 | *
7 | * ANSSI/COSSI/DTO/BAI - 2014
8 | ***************************************************/
9 |
10 | #ifndef __GPEINIPARSER_H__
11 | #define __GPEINIPARSER_H__
12 |
13 | #include "Common.h"
14 | #include "INIGenericParser.h"
15 |
16 | //************** *********************
17 | #define GPEINI_PARSER_NAME TEXT("GPE.ini parser")
18 | #define GPEINI_MATCHING_FILE_REGEXP TEXT("gpe.ini")
19 | #define GPEINI_MATCHING_FOLDER_REGEXP TEXT("[NON SUPPORTED]")
20 | //************** ********************
21 |
22 | #define GPE_MAX_CSE 1024
23 | #define GPE_MAX_CSE_VALUES 1024
24 | #define GPE_GENERAL_SECTION TEXT("General")
25 | #define GPE_MACHINE_EXTENSION_VERSION TEXT("MachineExtensionVersions")
26 | #define GPE_USER_EXTENSION_VERSION TEXT("UserExtensionVersions")
27 |
28 | //******* ******
29 | typedef struct _GPEINI_CSE_DATA
30 | {
31 | DWORD dwCSEValuesNum;
32 | PTCHAR pCSEValues[GPE_MAX_CSE_VALUES];
33 | DWORD dwCSEID;
34 | } GPEINI_CSE_DATA, *PGPEINI_CSE_DATA;
35 |
36 | typedef struct _GPEINI_FILE_DATA
37 | {
38 | PWCHAR tFilePath;
39 |
40 | DWORD dwMachineExtensionVersionsNum;
41 | PGPEINI_CSE_DATA pMachineExtensionVersions[GPE_MAX_CSE];
42 |
43 | DWORD dwUserExtensionVersionsNum;
44 | PGPEINI_CSE_DATA pUserExtensionVersions[GPE_MAX_CSE];
45 |
46 | DWORD dwNumberOfUnReferrencedSections;
47 | PINI_SECTION_DATA pUnReferrencedSections[GPE_MAX_CSE];
48 | } GPEINI_FILE_DATA, *PGPEINI_FILE_DATA;
49 | //****** ******
50 |
51 | // Forward declaration for printers
52 | extern BOOL PrintData(_In_ PGPEINI_FILE_DATA pGpeIniData);
53 | extern BOOL PrintGpeIniDataHeader(_In_ PTCHAR tFilePath);
54 | extern BOOL PrintGpeIniDataFooter(_In_ PTCHAR tFilePath);
55 |
56 | // Parser registration
57 | VOID RegisterGpeIniParser(_Inout_ PPARSER_IDENTIFIER *pParserID);
58 | BOOL ParseGpeIniFile(_In_ PTCHAR tFilePath);
59 | BOOL FreeGpeIniFileData(_Inout_ PGPEINI_FILE_DATA pGpeIniFileData);
60 |
61 | // Fill GPEINI_FILE_DATA structure
62 | BOOL FillGpeIniAttributes(_Inout_ PGPEINI_FILE_DATA pGpeIniFileData, _In_ PINI_FILE_DATA pGenericIniFileData);
63 | BOOL FillExtensionAttributes(_Inout_ PGPEINI_FILE_DATA pGpeIniFileData, _In_ PINI_SECTION_DATA pGenericIniSection, _In_ DWORD dwSectionNumb);
64 | BOOL FillCSEAttributes(_Inout_ PGPEINI_CSE_DATA pCseData, _In_ PTCHAR tRawCSEAttributes);
65 | PTCHAR ExtractCSEFromProperty(_In_ PTCHAR tProperty, _In_ DWORD dwPropertyLen, _In_ PDWORD pdwIndex);
66 | PTCHAR ExtractCSEValuesFromProperty(_In_ PTCHAR tProperty, _In_ DWORD dwPropertyLen, _In_ PDWORD pdwIndex);
67 | PTCHAR ExtractCSEIdFromProperty(_In_ PTCHAR tProperty);
68 |
69 | #endif
--------------------------------------------------------------------------------
/sysvolcrawler/SysvolCrawler/GPEiniPrinter.h:
--------------------------------------------------------------------------------
1 | /**************************************************
2 | * SysvolCrawler - GPEiniPrinter.h
3 | * AUTHOR: Luc Delsalle
4 | *
5 | * Display or export GPE.ini data
6 | *
7 | * ANSSI/COSSI/DTO/BAI - 2014
8 | ***************************************************/
9 |
10 | #ifndef __GPEINIPPRINTER_H__
11 | #define __GPEINIPPRINTER_H__
12 |
13 | #include "Common.h"
14 | #include "PrinterCommon.h"
15 | #include "GPEiniParser.h"
16 |
17 | //************** *********************
18 | #define OUTPUT_NAME_GPE_INI TEXT("GPEiniFiles")
19 | #define OUTPUT_DIRECTORY_GPE_INI TEXT("Group Policy")
20 | //************** ********************
21 |
22 | // Generic dispatcher for printers
23 | BOOL PrintData(_In_ PGPEINI_FILE_DATA pGpeIniData);
24 | BOOL PrintGpeIniDataHeader(_In_ PTCHAR tFilePath);
25 | BOOL PrintGpeIniDataFooter(_In_ PTCHAR tFilePath);
26 |
27 | // Printers for file format
28 | BOOL PrintXMLData(_In_ PGPEINI_FILE_DATA pGpeIniData);
29 | BOOL PrintCSVData(_In_ PGPEINI_FILE_DATA pGpeIniData);
30 | BOOL PrintSTDOUTData(_In_ PGPEINI_FILE_DATA pGpeIniData);
31 |
32 | // Handle unreferrenced section
33 | BOOL PrintXMLUnreferencedSectionDataInGPE(_In_ PINI_SECTION_DATA pSectionData, _In_ HANDLE hXMLFile);
34 |
35 | #endif
--------------------------------------------------------------------------------
/sysvolcrawler/SysvolCrawler/GPTiniParser.cpp:
--------------------------------------------------------------------------------
1 | /**************************************************
2 | * SysvolCrawler - GPTiniParser.cpp
3 | * AUTHOR: Luc Delsalle
4 | *
5 | * Parsing engine for GPT.ini file
6 | *
7 | * ANSSI/COSSI/DTO/BAI - 2014
8 | ***************************************************/
9 |
10 | #include "GPTiniParser.h"
11 |
12 | VOID RegisterGptIniParser(_Inout_ PPARSER_IDENTIFIER *pParserID)
13 | {
14 | *pParserID = (PPARSER_IDENTIFIER) HeapAlloc(hCrawlerHeap, HEAP_ZERO_MEMORY, sizeof (PARSER_IDENTIFIER));
15 | if (!pParserID)
16 | {
17 | DEBUG_LOG(D_ERROR, "Unable to allocate PARSER_IDENTIFIER structure.\r\nExiting now...");
18 | DoExit(D_ERROR);
19 | }
20 |
21 | (*pParserID)->tParserName = GPTINI_PARSER_NAME;
22 | (*pParserID)->tFileMatchingRegExp = GPTINI_MATCHING_FILE_REGEXP;
23 | (*pParserID)->tFolderMatchingRegExp = NULL;
24 | (*pParserID)->pParserEntryPoint = ParseGptIniFile;
25 | }
26 |
27 | BOOL ParseGptIniFile(_In_ PTCHAR tFilePath)
28 | {
29 | HANDLE hGptIniFile = INVALID_HANDLE_VALUE;
30 | PINI_FILE_DATA pGenericIniFileData = NULL;
31 | PGPTINI_FILE_DATA pGptIniFileData = NULL;
32 | PINI_SECTION_DATA pGeneralSection = NULL;
33 | PINI_PROPERTY_DATA pVersionProperty = NULL, pDisplayNameProperty = NULL;
34 | DWORD dwFileSize = 0, dwNumberOfBytesRead = 0;
35 | PBYTE pbINIRawDATA = NULL;
36 | BOOL bMemoryAreaMoved = FALSE;
37 |
38 | if (tFilePath == NULL)
39 | {
40 | DEBUG_LOG(D_ERROR, "FILEPATH pointer invalid.\r\nExiting now...");
41 | DoExit(D_ERROR);
42 | }
43 | DEBUG_LOG(D_MISC, "[GPT.INI] Now parsing %ws\r\n", tFilePath);
44 |
45 | hGptIniFile = CreateFile_s(tFilePath, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
46 | if (hGptIniFile == INVALID_HANDLE_VALUE)
47 | {
48 | DEBUG_LOG(D_ERROR, "Unable to open file %ws. ErrorCode: %d.\r\n", tFilePath, GetLastError());
49 | SetLastError(ERROR_ACCESS_DENIED);
50 | return FALSE;
51 | }
52 |
53 | dwFileSize = GetFileSize(hGptIniFile, NULL);
54 | if (dwFileSize == INVALID_FILE_SIZE)
55 | {
56 | DEBUG_LOG(D_ERROR, "Error during reading FileSize for %ws.\r\nExiting now...", tFilePath);
57 | DoExit(D_ERROR);
58 | }
59 |
60 | pbINIRawDATA = (PBYTE) HeapAlloc(hCrawlerHeap, HEAP_ZERO_MEMORY, sizeof (DWORD) * dwFileSize);
61 | if (pbINIRawDATA == NULL)
62 | {
63 | DEBUG_LOG(D_ERROR, "pbINIRawDATA pointer invalid.\r\nExiting now...");
64 | DoExit(D_ERROR);
65 | }
66 |
67 | if (!ReadFile(hGptIniFile, pbINIRawDATA, dwFileSize, &dwNumberOfBytesRead, NULL))
68 | {
69 | DEBUG_LOG(D_ERROR, "Unable to read file %ws. ErrorCode: %d.\r\n", tFilePath, GetLastError());
70 | return FALSE;
71 | }
72 | CloseHandle(hGptIniFile);
73 |
74 | if (IsIniFileWcharEncoded(pbINIRawDATA, dwNumberOfBytesRead) == FALSE)
75 | {
76 | PBYTE pbINIRawDATATmp = pbINIRawDATA;
77 |
78 | // GPT.ini is an ANSI file, we need to convert it to WCHAR
79 | pbINIRawDATA = (PBYTE) CStrToPtchar(pbINIRawDATA, dwNumberOfBytesRead);
80 | dwNumberOfBytesRead *= sizeof (WCHAR);
81 | if ((pbINIRawDATATmp != pbINIRawDATA) && (pbINIRawDATATmp))
82 | HeapFree(hCrawlerHeap, NULL, pbINIRawDATATmp);
83 | if (!pbINIRawDATA)
84 | {
85 | DEBUG_LOG(D_ERROR, "Unable to convert file %ws to WideChar.\r\n", tFilePath);
86 | return FALSE;
87 | }
88 | }
89 | else
90 | {
91 | // GPT.ini if a WCHAR file, we just need to skip BOM
92 | bMemoryAreaMoved = TRUE;
93 | pbINIRawDATA +=2;
94 | }
95 |
96 | pGenericIniFileData = ParseIniFile((PWCHAR) pbINIRawDATA, dwNumberOfBytesRead, tFilePath);
97 | if (!pGenericIniFileData)
98 | {
99 | DEBUG_LOG(D_ERROR, "Unable to parse generic ini file : %ws.\r\nExiting now...", tFilePath);
100 | DoExit(D_ERROR);
101 | }
102 |
103 | pGptIniFileData = (PGPTINI_FILE_DATA) HeapAlloc(hCrawlerHeap, HEAP_ZERO_MEMORY, sizeof (GPTINI_FILE_DATA));
104 | if (pGptIniFileData == NULL)
105 | {
106 | DEBUG_LOG(D_ERROR, "pGptIniFileData pointer invalid.\r\nExiting now...");
107 | DoExit(D_ERROR);
108 | }
109 | pGptIniFileData->tFilePath = tFilePath;
110 | pGptIniFileData->iNumberOfUnReferrencedSections = 0;
111 |
112 | pGeneralSection = GetSectionByName(pGenericIniFileData, TEXT(GPT_GENERAL_SECTION));
113 | if (!pGeneralSection)
114 | {
115 | DEBUG_LOG(D_ERROR, "Unable to retrieve General section for GPT File.\r\nExiting now...");
116 | DoExit(D_ERROR);
117 | }
118 |
119 | pVersionProperty = GetPropertyByName(pGeneralSection, TEXT(GPT_GENERAL_VERSION));
120 | pDisplayNameProperty = GetPropertyByName(pGeneralSection, TEXT(GPT_GENERAL_DISPLAYNAME));
121 | if (pVersionProperty)
122 | {
123 | PWCHAR tmp = (PWCHAR) HeapAlloc(hCrawlerHeap, HEAP_ZERO_MEMORY, sizeof (PWCHAR) * (_tcslen(pVersionProperty->tValue) + 1));
124 | _tcscpy_s(tmp, _tcslen(pVersionProperty->tValue) + 1, pVersionProperty->tValue);
125 | pGptIniFileData->tVersion = tmp;
126 |
127 | if (RemovePropertyInSection(pGeneralSection, pVersionProperty) != TRUE)
128 | {
129 | DEBUG_LOG(D_ERROR, "Unable to delete General properties.\r\nExiting now...");
130 | DoExit(D_ERROR);
131 | }
132 | }
133 | if (pDisplayNameProperty)
134 | {
135 | PWCHAR tmp = (PWCHAR) HeapAlloc(hCrawlerHeap, HEAP_ZERO_MEMORY, sizeof (PWCHAR) * (_tcslen(pDisplayNameProperty->tValue) + 1));
136 | _tcscpy_s(tmp, _tcslen(pDisplayNameProperty->tValue) + 1, pDisplayNameProperty->tValue);
137 | pGptIniFileData->tDisplayName = tmp;
138 |
139 | if (RemovePropertyInSection(pGeneralSection, pDisplayNameProperty) != TRUE)
140 | {
141 | DEBUG_LOG(D_ERROR, "Unable to delete General properties.\r\nExiting now...");
142 | DoExit(D_ERROR);
143 | }
144 | }
145 |
146 | if (IsSectionEmpty(pGeneralSection))
147 | {
148 | if (RemoveSectionInIniData(pGenericIniFileData, pGeneralSection) != TRUE)
149 | {
150 | DEBUG_LOG(D_ERROR, "Unable to delete General section.\r\nExiting now...");
151 | DoExit(D_ERROR);
152 | }
153 | }
154 |
155 | if (pGenericIniFileData->iNumberOfSection)
156 | {
157 | pGptIniFileData->iNumberOfUnReferrencedSections = pGenericIniFileData->iNumberOfSection;
158 | for (DWORD i = 0; i < pGptIniFileData->iNumberOfUnReferrencedSections; ++i)
159 | pGptIniFileData->pUnReferrencedSections[i] = pGenericIniFileData->pSections[i];
160 | pGenericIniFileData->iNumberOfSection = 0;
161 | }
162 |
163 | PrintGptIniDataHeader(pGptIniFileData->tFilePath);
164 | PrintData(pGptIniFileData);
165 | PrintGptIniDataFooter(pGptIniFileData->tFilePath);
166 |
167 | if (pbINIRawDATA)
168 | {
169 | if (bMemoryAreaMoved == TRUE)
170 | pbINIRawDATA -=2;
171 | HeapFree(hCrawlerHeap, NULL, pbINIRawDATA);
172 | }
173 | FreeGptIniFileData(pGptIniFileData);
174 | FreeIniFileData(pGenericIniFileData);
175 | return TRUE;
176 | }
177 |
178 | BOOL FreeGptIniFileData(_Inout_ PGPTINI_FILE_DATA pGptIniFileData)
179 | {
180 | PINI_SECTION_DATA pCurrentSection = NULL;
181 | PINI_PROPERTY_DATA pCurrentProperty = NULL;
182 |
183 | if (pGptIniFileData == NULL)
184 | {
185 | DEBUG_LOG(D_ERROR, "GPTINI_FILE_DATA pointer invalid.\r\nExiting now...");
186 | DoExit(D_ERROR);
187 | }
188 |
189 | for (DWORD i = 0; i < pGptIniFileData->iNumberOfUnReferrencedSections; ++i)
190 | {
191 | pCurrentSection = pGptIniFileData->pUnReferrencedSections[i];
192 | if (!pCurrentSection)
193 | continue;
194 |
195 | for (DWORD j = 0; j < pCurrentSection->iNumberOfProperty; ++j)
196 | {
197 | pCurrentProperty = pCurrentSection->pProperties[j];
198 | if (!pCurrentProperty)
199 | continue;
200 |
201 | if ((pCurrentProperty->tName) && (_tcscmp(pCurrentProperty->tValue, TEXT(""))))
202 | HeapFree(hCrawlerHeap, NULL, pCurrentProperty->tName);
203 | if ((pCurrentProperty->tValue) && (_tcscmp(pCurrentProperty->tValue, TEXT(""))))
204 | HeapFree(hCrawlerHeap, NULL, pCurrentProperty->tValue);
205 |
206 | HeapFree(hCrawlerHeap, NULL, pCurrentProperty);
207 | }
208 |
209 | if (pCurrentSection->tSectionName)
210 | HeapFree(hCrawlerHeap, NULL, pCurrentSection->tSectionName);
211 | HeapFree(hCrawlerHeap, NULL, pCurrentSection);
212 | }
213 |
214 | if (pGptIniFileData->tVersion != NULL)
215 | HeapFree(hCrawlerHeap, NULL, pGptIniFileData->tVersion);
216 | if (pGptIniFileData->tDisplayName)
217 | HeapFree(hCrawlerHeap, NULL, pGptIniFileData->tDisplayName);
218 | HeapFree(hCrawlerHeap, NULL, pGptIniFileData);
219 | return TRUE;
220 | }
--------------------------------------------------------------------------------
/sysvolcrawler/SysvolCrawler/GPTiniParser.h:
--------------------------------------------------------------------------------
1 | /**************************************************
2 | * SysvolCrawler - GPTiniParser.h
3 | * AUTHOR: Luc Delsalle
4 | *
5 | * Parsing engine for GPT.ini file
6 | *
7 | * ANSSI/COSSI/DTO/BAI - 2014
8 | ***************************************************/
9 |
10 | #ifndef __GPTINIPARSER_H__
11 | #define __GPTINIPARSER_H__
12 |
13 | #include "Common.h"
14 | #include "INIGenericParser.h"
15 |
16 | //************** *********************
17 | #define GPTINI_PARSER_NAME TEXT("GPT.ini parser")
18 | #define GPTINI_MATCHING_FILE_REGEXP TEXT("gpt.ini")
19 | #define GPTINI_MATCHING_FOLDER_REGEXP TEXT("[NON SUPPORTED]")
20 | //************** ********************
21 |
22 | #define GPT_GENERAL_SECTION "General"
23 | #define GPT_GENERAL_VERSION "Version"
24 | #define GPT_GENERAL_DISPLAYNAME "displayName"
25 |
26 | //******* ******
27 | typedef struct _GPTINI_FILE_DATA
28 | {
29 | PWCHAR tFilePath;
30 |
31 | PTCHAR tVersion;
32 | PTCHAR tDisplayName;
33 |
34 | DWORD iNumberOfUnReferrencedSections;
35 | PINI_SECTION_DATA pUnReferrencedSections[MAX_INI_SECTIONS];
36 | } GPTINI_FILE_DATA, *PGPTINI_FILE_DATA;
37 | //****** ******
38 |
39 | // Forward declaration for printers
40 | extern BOOL PrintData(_In_ PGPTINI_FILE_DATA pGptIniData);
41 | extern BOOL PrintGptIniDataHeader(_In_ PTCHAR tFilePath);
42 | extern BOOL PrintGptIniDataFooter(_In_ PTCHAR tFilePath);
43 |
44 | // Parser registration
45 | VOID RegisterGptIniParser(_Inout_ PPARSER_IDENTIFIER *pParserID);
46 | BOOL ParseGptIniFile(_In_ PTCHAR tFilePath);
47 | BOOL FreeGptIniFileData(_Inout_ PGPTINI_FILE_DATA pGptIniFileData);
48 |
49 | #endif
--------------------------------------------------------------------------------
/sysvolcrawler/SysvolCrawler/GPTiniPrinter.h:
--------------------------------------------------------------------------------
1 | /**************************************************
2 | * SysvolCrawler - GPTiniPrinter.h
3 | * AUTHOR: Luc Delsalle
4 | *
5 | * Display or export GPT.ini file data
6 | *
7 | * ANSSI/COSSI/DTO/BAI - 2014
8 | ***************************************************/
9 |
10 | #ifndef __GPTINIPRINTER_H__
11 | #define __GPTINIPRINTER_H__
12 |
13 | #include "Common.h"
14 | #include "PrinterCommon.h"
15 | #include "GPTiniParser.h"
16 |
17 | //************** *********************
18 | #define OUTPUT_NAME_GPT_INI TEXT("GPTiniFiles")
19 | #define OUTPUT_DIRECTORY_GPT_INI TEXT("")
20 | //************** ********************
21 |
22 | // Generic dispatcher for printers
23 | BOOL PrintData(_In_ PGPTINI_FILE_DATA pGptIniData);
24 | BOOL PrintGptIniDataHeader(_In_ PTCHAR tFilePath);
25 | BOOL PrintGptIniDataFooter(_In_ PTCHAR tFilePath);
26 |
27 | // Printers for file format
28 | BOOL PrintXMLData(_In_ PGPTINI_FILE_DATA pGptIniData);
29 | BOOL PrintXMLUnreferrencedSectionDataInGPT(_In_ PINI_SECTION_DATA pSectionData, _In_ HANDLE hXMLFile);
30 | BOOL PrintCSVData(_In_ PGPTINI_FILE_DATA pGptIniData);
31 | BOOL PrintCSVUnreferrencedSectionDataInGPT(_In_ PINI_SECTION_DATA pSectionData, _In_ HANDLE hCSVFile);
32 | BOOL PrintSTDOUTData(_In_ PGPTINI_FILE_DATA pGptIniData);
33 | BOOL PrintSTDOUTSectionData(_In_ PINI_SECTION_DATA pSectionData);
34 |
35 | #endif
--------------------------------------------------------------------------------
/sysvolcrawler/SysvolCrawler/IEAKParser.cpp:
--------------------------------------------------------------------------------
1 | /**************************************************
2 | * SysvolCrawler - IEAKParser.c
3 | * AUTHOR: Luc Delsalle
4 | *
5 | * Parsing engine for Internet Explorer file
6 | * (store in IEAK folder)
7 | *
8 | * ANSSI/COSSI/DTO/BAI - 2014
9 | ***************************************************/
10 |
11 | #include "IEAKParser.h"
12 |
13 | VOID RegisterIeakParser(_Inout_ PPARSER_IDENTIFIER *pParserID)
14 | {
15 | *pParserID = (PPARSER_IDENTIFIER) HeapAlloc(hCrawlerHeap, HEAP_ZERO_MEMORY, sizeof (PARSER_IDENTIFIER));
16 | if (!pParserID)
17 | {
18 | DEBUG_LOG(D_ERROR, "Unable to allocate PARSER_IDENTIFIER structure.\r\nExiting now...");
19 | DoExit(D_ERROR);
20 | }
21 |
22 | (*pParserID)->tParserName = IEAK_PARSER_NAME;
23 | (*pParserID)->tFileMatchingRegExp = NULL;
24 | (*pParserID)->tFolderMatchingRegExp = IEAK_MATCHING_FOLDER_REGEXP;
25 | (*pParserID)->pParserEntryPoint = ParseIeakFile;
26 | }
27 |
28 | BOOL ParseIeakFile(_In_ PTCHAR tFilePath)
29 | {
30 | PIEAK_FILE_DATA pIeakFileData = NULL;
31 | HANDLE hIeakFile = INVALID_HANDLE_VALUE;
32 | DWORD dwFileSize = 0, dwNumberOfBytesRead = 0;
33 | PBYTE pbIeakFileRawDATA = NULL;
34 |
35 | if (tFilePath == NULL)
36 | {
37 | DEBUG_LOG(D_ERROR, "FILEPATH pointer invalid.\r\nExiting now...");
38 | DoExit(D_ERROR);
39 | }
40 | DEBUG_LOG(D_INFO, "[IEAK] Now handling %ws\r\n", tFilePath);
41 |
42 | pIeakFileData = (PIEAK_FILE_DATA) HeapAlloc(hCrawlerHeap, HEAP_ZERO_MEMORY, sizeof (IEAK_FILE_DATA));
43 | if (!pIeakFileData)
44 | {
45 | DEBUG_LOG(D_ERROR, "Unable to allocate IEAK_FILE_DATA structure.\r\nExiting now...");
46 | DoExit(D_ERROR);
47 | }
48 | pIeakFileData->dwDataSize = 0;
49 | pIeakFileData->pvData = NULL;
50 | pIeakFileData->tFilePath = tFilePath;
51 | pIeakFileData->dwFileType = IEAK_UNHANDLE_FILE;
52 |
53 | hIeakFile = CreateFile_s(tFilePath, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
54 | if (hIeakFile == INVALID_HANDLE_VALUE)
55 | {
56 | DEBUG_LOG(D_ERROR, "Unable to open file %ws. ErrorCode: %d.\r\n", tFilePath, GetLastError());
57 | SetLastError(ERROR_ACCESS_DENIED);
58 | return FALSE;
59 | }
60 |
61 | dwFileSize = GetFileSize(hIeakFile, NULL);
62 | if (dwFileSize == INVALID_FILE_SIZE)
63 | {
64 | DEBUG_LOG(D_ERROR, "Error during reading FileSize for %ws.\r\nExiting now...", tFilePath);
65 | DoExit(D_ERROR);
66 | }
67 | pIeakFileData->dwDataSize = dwFileSize;
68 |
69 | pbIeakFileRawDATA = (PBYTE) HeapAlloc(hCrawlerHeap, HEAP_ZERO_MEMORY, sizeof (DWORD) * dwFileSize);
70 | if (pbIeakFileRawDATA == NULL)
71 | {
72 | DEBUG_LOG(D_ERROR, "pbIeakFileRawDATA pointer invalid.\r\nExiting now...");
73 | DoExit(D_ERROR);
74 | }
75 |
76 | if (!ReadFile(hIeakFile, pbIeakFileRawDATA, dwFileSize, &dwNumberOfBytesRead, NULL))
77 | {
78 | DEBUG_LOG(D_ERROR, "Unable to read file %ws. ErrorCode: %d.\r\n", tFilePath, GetLastError());
79 | return FALSE;
80 | }
81 | CloseHandle(hIeakFile);
82 |
83 | pIeakFileData->dwFileType = GetIEAKFileExtensionID(pIeakFileData->tFilePath);
84 |
85 | if (FillIeakDataContent(pIeakFileData, pbIeakFileRawDATA, dwNumberOfBytesRead) == FALSE)
86 | {
87 | DEBUG_LOG(D_ERROR, "Unable to fill data structure for %ws.\r\nExiting now...", tFilePath);
88 | DoExit(D_ERROR);
89 | }
90 | HeapFree(hCrawlerHeap, NULL, pbIeakFileRawDATA);
91 |
92 | // Call printers
93 | PrintIeakDataHeader(pIeakFileData->tFilePath);
94 | PrintData(pIeakFileData);
95 | PrintIeakDataFooter(pIeakFileData->tFilePath);
96 |
97 | // Cleanup
98 | FreeIeakFileData(pIeakFileData);
99 | return TRUE;
100 | }
101 |
102 | BOOL FreeIeakFileData(_Inout_ PIEAK_FILE_DATA pIeakFileData)
103 | {
104 | if (!pIeakFileData)
105 | {
106 | DEBUG_LOG(D_ERROR, "IEAK_FILE_DATA pointer is invalid.\r\nExiting now...");
107 | DoExit(D_ERROR);
108 | }
109 |
110 | switch(pIeakFileData->dwFileType)
111 | {
112 | case IEAK_INI_FILE:
113 | FreeIniFileData((PINI_FILE_DATA) pIeakFileData->pvData);
114 | break;
115 | case IEAK_INF_FILE: // Parse INF as an INI
116 | FreeIniFileData((PINI_FILE_DATA) pIeakFileData->pvData);
117 | break;
118 | default:
119 | HeapFree(hCrawlerHeap, NULL, pIeakFileData->pvData);
120 | break;
121 | }
122 |
123 | if (pIeakFileData)
124 | HeapFree(hCrawlerHeap, NULL, pIeakFileData);
125 | return TRUE;
126 | }
127 |
128 | IEAK_FILE_EXTENSION GetIEAKFileExtensionID(_In_ PTCHAR tFilePath)
129 | {
130 | PTCHAR tFileName = NULL;
131 | PTCHAR tFileExtension = NULL;
132 |
133 | if (!tFilePath)
134 | {
135 | DEBUG_LOG(D_ERROR, "FILEPATH pointer invalid.\r\nExiting now...");
136 | DoExit(D_ERROR);
137 | }
138 |
139 | tFileName = rstrstr(tFilePath, TEXT("\\"));
140 | if (!tFileName)
141 | {
142 | DEBUG_LOG(D_WARNING, "The file %ws doesn't seems to be hosted in a proper sysvol folder.\r\n", tFilePath);
143 | tFileName = tFilePath;
144 | }
145 | else
146 | tFileName++;
147 |
148 | tFileExtension = rstrstr(tFileName, TEXT("."));
149 | if (!tFileExtension)
150 | {
151 | DEBUG_LOG(D_WARNING, "The filename %ws doesn't seems to have a well-kwnown extension.\r\n", tFileName);
152 | tFileExtension = tFileName;
153 | }
154 | else
155 | tFileExtension++;
156 |
157 | if (!_tcscmp(tFileExtension, IEAK_INI_FILE_EXTENSION))
158 | return IEAK_INI_FILE;
159 | else if (!_tcscmp(tFileExtension, IEAK_INF_FILE_EXTENSION))
160 | return IEAK_INF_FILE;
161 | else
162 | return IEAK_UNHANDLE_FILE;
163 | }
164 |
165 | BOOL FillIeakDataContent(_Inout_ PIEAK_FILE_DATA pIeakFileData, _In_ PBYTE pbIeakFileRawDATA, _In_ DWORD dwIeakFileRawDATALen)
166 | {
167 | if (!pIeakFileData || !pbIeakFileRawDATA)
168 | {
169 | DEBUG_LOG(D_ERROR, "IEAK_FILE_DATA pointer or raw data invalid.\r\nExiting now...");
170 | DoExit(D_ERROR);
171 | }
172 |
173 | switch(pIeakFileData->dwFileType)
174 | {
175 | case IEAK_INI_FILE:
176 | return FillIniDataContent(pIeakFileData, pbIeakFileRawDATA, dwIeakFileRawDATALen);
177 | break;
178 | case IEAK_INF_FILE: // Parse INF file like an INI
179 | return FillIniDataContent(pIeakFileData, pbIeakFileRawDATA, dwIeakFileRawDATALen);
180 | break;
181 | default:
182 | return FillDefaultDataContent(pIeakFileData, pbIeakFileRawDATA, dwIeakFileRawDATALen);
183 | break;
184 | }
185 |
186 | return TRUE;
187 | }
188 |
189 | BOOL FillIniDataContent(_Inout_ PIEAK_FILE_DATA pIeakFileData, _In_ PBYTE pbIeakFileRawDATA, _In_ DWORD dwIeakFileRawDATALen)
190 | {
191 | PINI_FILE_DATA pGenericIniFileData = NULL;
192 | PBYTE pbIeakFileRawDATANew = NULL;
193 |
194 | if (!pIeakFileData || !pbIeakFileRawDATA)
195 | {
196 | DEBUG_LOG(D_ERROR, "IEAK_FILE_DATA pointer or raw datainvalid.\r\nExiting now...");
197 | DoExit(D_ERROR);
198 | }
199 |
200 | if (IsIniFileWcharEncoded(pbIeakFileRawDATA, dwIeakFileRawDATALen) == FALSE)
201 | {
202 | // In case of ANSI file, we convert it to WCHAR
203 | pbIeakFileRawDATANew = (PBYTE) CStrToPtchar(pbIeakFileRawDATA, dwIeakFileRawDATALen);
204 | pbIeakFileRawDATA = pbIeakFileRawDATANew;
205 | dwIeakFileRawDATALen *= sizeof (WCHAR);
206 | if (!pbIeakFileRawDATA)
207 | {
208 | DEBUG_LOG(D_ERROR, "Unable to convert file %ws to WideChar.\r\n", pIeakFileData->tFilePath);
209 | return FALSE;
210 | }
211 | }
212 | else
213 | // In case of WCHAR, we simply skip the BOM
214 | pbIeakFileRawDATA +=2;
215 |
216 | pGenericIniFileData = ParseIniFile((PWCHAR) pbIeakFileRawDATA, dwIeakFileRawDATALen, pIeakFileData->tFilePath);
217 | if (!pGenericIniFileData)
218 | {
219 | DEBUG_LOG(D_ERROR, "Unable to parse generic IEAK file : %ws.\r\nExiting now...", pIeakFileData->tFilePath);
220 | DoExit(D_ERROR);
221 | }
222 | pIeakFileData->pvData = (PVOID) pGenericIniFileData;
223 | pIeakFileData->dwDataSize = sizeof(INI_FILE_DATA);
224 |
225 | if (pbIeakFileRawDATANew)
226 | HeapFree(hCrawlerHeap, NULL, pbIeakFileRawDATANew);
227 |
228 | return TRUE;
229 | }
230 |
231 | BOOL FillDefaultDataContent(_Inout_ PIEAK_FILE_DATA pIeakFileData, _In_ PBYTE pbIeakFileRawDATA, _In_ DWORD dwIeakFileRawDATALen)
232 | {
233 | PBYTE pbRawData = NULL;
234 |
235 | if (!pIeakFileData || !pbIeakFileRawDATA)
236 | {
237 | DEBUG_LOG(D_ERROR, "IEAK_FILE_DATA pointer or raw datainvalid.\r\nExiting now...");
238 | DoExit(D_ERROR);
239 | }
240 |
241 | pbRawData = (PBYTE) HeapAlloc(hCrawlerHeap, NULL, (dwIeakFileRawDATALen) * sizeof(BYTE));
242 | if (!pbRawData)
243 | {
244 | DEBUG_LOG(D_ERROR, "pbRawData pointer invalid.\r\nExiting now...");
245 | DoExit(D_ERROR);
246 | }
247 |
248 | if (memcpy_s(pbRawData, sizeof (BYTE) * dwIeakFileRawDATALen, pbIeakFileRawDATA, sizeof (BYTE) * dwIeakFileRawDATALen))
249 | {
250 | DEBUG_LOG(D_ERROR, "Unable to extract ID.\r\nExiting now...");
251 | DoExit(D_ERROR);
252 | }
253 | pIeakFileData->pvData = pbRawData;
254 | pIeakFileData->dwDataSize = dwIeakFileRawDATALen;
255 |
256 | return TRUE;
257 | }
--------------------------------------------------------------------------------
/sysvolcrawler/SysvolCrawler/IEAKParser.h:
--------------------------------------------------------------------------------
1 | /**************************************************
2 | * SysvolCrawler - IEAKParser.h
3 | * AUTHOR: Luc Delsalle
4 | *
5 | * Parsing engine for Internet Explorer file
6 | * (store in IEAK folder)
7 | *
8 | * ANSSI/COSSI/DTO/BAI - 2014
9 | ***************************************************/
10 |
11 | #ifndef __IEAK_PARSER_H__
12 | #define __IEAK_PARSER_H__
13 |
14 | #include "Common.h"
15 | #include "INIGenericParser.h"
16 |
17 | //************** *********************
18 | #define IEAK_PARSER_NAME TEXT("IEAK files handler")
19 | #define IEAK_MATCHING_FILE_REGEXP TEXT("[NON SUPPORTED]")
20 | #define IEAK_MATCHING_FOLDER_REGEXP TEXT("*\\IEAK\\*")
21 | //************** ********************
22 |
23 | typedef DWORD IEAK_FILE_EXTENSION;
24 | #define IEAK_UNHANDLE_FILE 0
25 | #define IEAK_INI_FILE 1
26 | #define IEAK_INF_FILE 2
27 |
28 | #define IEAK_INI_FILE_EXTENSION TEXT("ini")
29 | #define IEAK_INF_FILE_EXTENSION TEXT("inf")
30 |
31 | //******* ******
32 | // Gather information for IEAK files
33 | typedef struct _IEAK_FILE_DATA
34 | {
35 | PWCHAR tFilePath;
36 | IEAK_FILE_EXTENSION dwFileType;
37 |
38 | DWORD dwDataSize;
39 | PVOID pvData;
40 | } IEAK_FILE_DATA, *PIEAK_FILE_DATA;
41 | //****** ******
42 |
43 | // Forward declaration for printers
44 | extern BOOL PrintData(_In_ PIEAK_FILE_DATA pMiscData);
45 | extern BOOL PrintIeakDataHeader(_In_ PTCHAR tFilePath);
46 | extern BOOL PrintIeakDataFooter(_In_ PTCHAR tFilePath);
47 |
48 | // Parser registration
49 | VOID RegisterIeakParser(_Inout_ PPARSER_IDENTIFIER *pParserID);
50 | BOOL ParseIeakFile(_In_ PTCHAR tFilePath);
51 | BOOL FreeIeakFileData(_Inout_ PIEAK_FILE_DATA pIeakFileData);
52 |
53 | // Guess what kind of file we are gonna parse
54 | IEAK_FILE_EXTENSION GetIEAKFileExtensionID(_In_ PTCHAR tFilePath);
55 | // Extract IEAK file data and size
56 | BOOL FillIeakDataContent(_Inout_ PIEAK_FILE_DATA pIeakFileData, _In_ PBYTE pbIeakFileRawDATA, _In_ DWORD dwIeakFileRawDATALen);
57 | // Parse IEAK file as ini file
58 | BOOL FillIniDataContent(_Inout_ PIEAK_FILE_DATA pIeakFileData, _In_ PBYTE pbIeakFileRawDATA, _In_ DWORD dwIeakFileRawDATALen);
59 | // Parse IEAK file as raw data (need parser implementation for that type of file)
60 | BOOL FillDefaultDataContent(_Inout_ PIEAK_FILE_DATA pIeakFileData, _In_ PBYTE pbIeakFileRawDATA, _In_ DWORD dwIeakFileRawDATALen);
61 |
62 | /*****************************************************************
63 | * HOW TO add new IEAK file parser
64 | * 1 - Specify new extension id and file extension in header file:
65 | * IEAK_FILE_EXTENSION & IEAK_XXX_FILE_EXTENSION
66 | *
67 | * 2 - Add switch case in GetFileExtensionID function and implement
68 | * dedicated allocation function (eg. FillXXXDataContent)
69 | *
70 | * 3 - Fill FillIeakDataContent function for the new type of file
71 | *
72 | * 4 - Add memory release code in FreeIeakFileData function
73 | *****************************************************************/
74 | #endif
--------------------------------------------------------------------------------
/sysvolcrawler/SysvolCrawler/IEAKPrinter.h:
--------------------------------------------------------------------------------
1 | /**************************************************
2 | * SysvolCrawler - IEAKPrinter.c
3 | * AUTHOR: Luc Delsalle
4 | *
5 | * Display or export content of Internet Explorer file
6 | * (store in IEAK folder)
7 | *
8 | * ANSSI/COSSI/DTO/BAI - 2014
9 | ***************************************************/
10 |
11 | #ifndef __IEAKPRINTER_H__
12 | #define __IEAKPRINTER_H__
13 |
14 | #include "Common.h"
15 | #include "PrinterCommon.h"
16 | #include "IEAKParser.h"
17 | #include "INIGenericPrinter.h"
18 |
19 | //************** *********************
20 | #define OUTPUT_NAME_IEAK_FOLDER TEXT("IEAKFileFolder")
21 | #define OUTPUT_DIRECTORY_IEAK_FOLDER TEXT("[Machine||User]")
22 | //************** ********************
23 |
24 | // Generic dispatcher for printers
25 | BOOL PrintData(_In_ PIEAK_FILE_DATA pIeakFileData);
26 | BOOL PrintIeakDataHeader(_In_ PTCHAR tFilePath);
27 | BOOL PrintIeakDataFooter(_In_ PTCHAR tFilePath);
28 |
29 | // Printers for file format
30 | BOOL PrintXMLData(_In_ PIEAK_FILE_DATA pIeakFileData);
31 | BOOL PrintCSVData(_In_ PIEAK_FILE_DATA pIeakFileData);
32 | BOOL PrintSTDOUTData(_In_ PIEAK_FILE_DATA pIeakFileData);
33 |
34 | BOOL PrintXMLRawData(_In_ PIEAK_FILE_DATA pIeakFileData, _In_ HANDLE hXMLFile);
35 | BOOL PrintXMLIniData(_In_ PIEAK_FILE_DATA pIeakFileData, _In_ HANDLE hXMLFile);
36 | BOOL PrintCSVRawData(_In_ PIEAK_FILE_DATA pIeakFileData, _In_ HANDLE hCSVFile);
37 | BOOL PrintCSVIniData(_In_ PIEAK_FILE_DATA pIeakFileData, _In_ HANDLE hCSVFile);
38 | BOOL PrintSTDOUTRawData(_In_ PIEAK_FILE_DATA pIeakFileData);
39 | BOOL PrintSTDOUTIniData(_In_ PIEAK_FILE_DATA pIeakFileData);
40 |
41 | /*****************************************************************
42 | * HOW TO add new IEAK file printer
43 | * 1 - Add switch case in PrintXMLData, PrintCSVData and
44 | * PrintSTDOUTData method
45 | *
46 | * 2 - Implement new printing functions: PrintXMLXXXData,
47 | * PrintCSVXXXData and PrintSTDOUTXXXData
48 | *****************************************************************/
49 | #endif
--------------------------------------------------------------------------------
/sysvolcrawler/SysvolCrawler/INFParser.h:
--------------------------------------------------------------------------------
1 | /**************************************************
2 | * SysvolCrawler - INFParser.h
3 | * AUTHOR: Luc Delsalle
4 | *
5 | * Parsing engine for .inf file like GptTmpl.inf
6 | *
7 | * ANSSI/COSSI/DTO/BAI - 2014
8 | ***************************************************/
9 |
10 | #ifndef __INF_PARSER_H__
11 | #define __INF_PARSER_H__
12 |
13 | #include "Common.h"
14 |
15 | //************** *********************
16 | #define INF_PARSER_NAME TEXT("INF parser")
17 | #define INF_MATCHING_FILE_REGEXP TEXT("GptTmpl.inf")
18 | #define INF_MATCHING_FOLDER_REGEXP TEXT("[NON SUPPORTED]")
19 | //************** ********************
20 |
21 | #define INF_COMMENT_SYMBOL ';'
22 | #define INF_ESCAPE_SYMBOL '\\'
23 | #define INF_PROPERTY_SEPARATOR_SYMBOL '='
24 | #define MAX_INF_SECTIONS 1024
25 | #define MAX_INF_PROPERTIES 4096
26 |
27 | //******* ******
28 | // Generic structure for '[sample]' section
29 | typedef struct _INF_PROPERTY_DATA
30 | {
31 | PWCHAR tName;
32 | PWCHAR tValue;
33 | } INF_PROPERTY_DATA, *PINF_PROPERTY_DATA;
34 |
35 | // Generic structure for '[sample]' section
36 | typedef struct _INF_SECTION_DATA
37 | {
38 | PWCHAR tSectionName;
39 |
40 | DWORD iNumberOfProperty;
41 | PINF_PROPERTY_DATA pProperties[MAX_INF_PROPERTIES];
42 | } INF_SECTION_DATA, *PINF_SECTION_DATA;
43 |
44 | // Gather INF data
45 | typedef struct _INF_FILE_DATA
46 | {
47 | PWCHAR tFilePath;
48 |
49 | DWORD iNumberOfSection;
50 | PINF_SECTION_DATA pSections[MAX_INF_SECTIONS];
51 | } INF_FILE_DATA, *PINF_FILE_DATA;
52 | //****** ******
53 |
54 | // Forward declaration for printers
55 | extern BOOL PrintData(_In_ PINF_FILE_DATA pInfData);
56 | extern BOOL PrintInfDataHeader(_In_ PTCHAR tFilePath);
57 | extern BOOL PrintInfDataFooter(_In_ PTCHAR tFilePath);
58 |
59 | // Parser registration
60 | VOID RegisterInfParser(_Inout_ PPARSER_IDENTIFIER *pParserID);
61 | // Entry point for INF
62 | BOOL ParseInfFile(_In_ PTCHAR tFilePath);
63 |
64 | BOOL IsLineContainASection(_In_ PWCHAR tLine, _In_ PWCHAR *pSectionName);
65 | BOOL IsLineComment(_In_ PWCHAR tLine);
66 | BOOL AddNewSection(_Inout_ PINF_FILE_DATA pInfData, _In_ PWCHAR pSectionName, _In_ PINF_SECTION_DATA *pOutNewSection);
67 | BOOL AddNewProperty(_Inout_ PINF_SECTION_DATA pSectionData, _In_ PWCHAR tRawValue);
68 | BOOL FreeInfFileData(_Inout_ PINF_FILE_DATA pInfData);
69 |
70 | #endif
--------------------------------------------------------------------------------
/sysvolcrawler/SysvolCrawler/INFPrinter.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gtworek/SysvolExplorer/aa2d809d0390aa07f137aca08fa9a39998e6ef5f/sysvolcrawler/SysvolCrawler/INFPrinter.cpp
--------------------------------------------------------------------------------
/sysvolcrawler/SysvolCrawler/INFPrinter.h:
--------------------------------------------------------------------------------
1 | /**************************************************
2 | * SysvolCrawler - INFPrinter.h
3 | * AUTHOR: Luc Delsalle
4 | *
5 | * Display or export INF file content
6 | *
7 | * ANSSI/COSSI/DTO/BAI - 2014
8 | ***************************************************/
9 |
10 | #ifndef __INFPRINTER_H__
11 | #define __INFPRINTER_H__
12 |
13 | #include "INFParser.h"
14 | #include "PrinterCommon.h"
15 |
16 | //************** *********************
17 | #define OUTPUT_NAME_INF_FILE TEXT("INFormationFile")
18 | #define OUTPUT_DIRECTORY_INF_FILE TEXT("Machine\\Microsoft\\Windows NT\\SecEdit")
19 | //************** ********************
20 |
21 | // Generic dispatcher for printers
22 | BOOL PrintData(_In_ PINF_FILE_DATA pInfData);
23 | BOOL PrintInfDataHeader(_In_ PTCHAR tFilePath);
24 | BOOL PrintInfDataFooter(_In_ PTCHAR tFilePath);
25 |
26 | // Printers for file format
27 | BOOL PrintXMLData(_In_ PINF_FILE_DATA pInfData);
28 | BOOL PrintXMLSectionData(_In_ PINF_SECTION_DATA pSectionData, _In_ HANDLE hXMLFile);
29 | BOOL PrintCSVData(_In_ PINF_FILE_DATA pInfData);
30 | BOOL PrintCSVSectionData(_In_ PINF_FILE_DATA pInfData, _In_ PINF_SECTION_DATA pSectionData, _In_ HANDLE hCSVFile);
31 | BOOL PrintSTDOUTData(_In_ PINF_FILE_DATA pInfData);
32 | BOOL PrintSTDOUTSectionData(_In_ PINF_FILE_DATA pInfData, _In_ PINF_SECTION_DATA pSectionData);
33 |
34 | #endif
35 |
--------------------------------------------------------------------------------
/sysvolcrawler/SysvolCrawler/INIGenericParser.h:
--------------------------------------------------------------------------------
1 | /**************************************************
2 | * SysvolCrawler - INICommon.h
3 | * AUTHOR: Luc Delsalle
4 | *
5 | * Functions library for generic INI file
6 | *
7 | * ANSSI/COSSI/DTO/BAI - 2014
8 | ***************************************************/
9 |
10 | #ifndef __INI_GENERIC_PARSER_H__
11 | #define __INI_GENERIC_PARSER_H__
12 |
13 | #include "Common.h"
14 |
15 | #define INI_COMMENT_SYMBOL ';'
16 | #define INI_ESCAPE_SYMBOL '\\'
17 | #define INI_PROPERTY_SEPARATOR_SYMBOL '='
18 | #define MAX_INI_SECTIONS 1024
19 | #define MAX_INI_PROPERTIES 4096
20 |
21 | //******* ******
22 | // Gather data for section properties
23 | typedef struct _INI_PROPERTY_DATA
24 | {
25 | PWCHAR tName;
26 | PWCHAR tValue;
27 | } INI_PROPERTY_DATA, *PINI_PROPERTY_DATA;
28 |
29 | // Gather data for a section '[sample]'
30 | typedef struct _INI_SECTION_DATA
31 | {
32 | PWCHAR tSectionName;
33 |
34 | DWORD iNumberOfProperty;
35 | PINI_PROPERTY_DATA pProperties[MAX_INI_PROPERTIES];
36 | } INI_SECTION_DATA, *PINI_SECTION_DATA;
37 |
38 | // Store information for a generic ini file
39 | typedef struct _INI_FILE_DATA
40 | {
41 | PWCHAR tFilePath;
42 |
43 | DWORD iNumberOfSection;
44 | PINI_SECTION_DATA pSections[MAX_INI_SECTIONS];
45 | } INI_FILE_DATA, *PINI_FILE_DATA;
46 | //****** ******
47 |
48 | // Entry point for generic INI parsing
49 | PINI_FILE_DATA ParseIniFile(_In_ PWCHAR pwFileRawData, _In_ DWORD dwDataSize, _In_ PTCHAR tFilePath);
50 | BOOL FreeIniFileData(_Inout_ PINI_FILE_DATA pIniData);
51 |
52 | // Get section from it name
53 | PINI_SECTION_DATA GetSectionByName(_In_ PINI_FILE_DATA pIniData, _In_ PTCHAR tSectionName);
54 | // Get property from it name
55 | PINI_PROPERTY_DATA GetPropertyByName(_In_ PINI_SECTION_DATA pSectionData, _In_ PTCHAR tPropertyName);
56 | // Delete section from an INI file
57 | BOOL RemoveSectionInIniData(_Inout_ PINI_FILE_DATA pIniData, _In_ PINI_SECTION_DATA pSectionToDelete);
58 | // Delete property from an INI file
59 | BOOL RemovePropertyInSection(_Inout_ PINI_SECTION_DATA pSectionData, _In_ PINI_PROPERTY_DATA pPropertyToDelete);
60 | // Release section data
61 | BOOL FreeSectionData(_Inout_ PINI_SECTION_DATA pSectionData);
62 | // Release property data
63 | BOOL FreePropertyData(_Inout_ PINI_PROPERTY_DATA pPropertyData);
64 | // Determine if a section is empty or not
65 | BOOL IsSectionEmpty(_In_ PINI_SECTION_DATA pSectionData);
66 |
67 | // Add section structure to generic INI structure
68 | BOOL AddNewSection(_In_ PINI_FILE_DATA pInfData, _In_ PWCHAR pSectionName, _In_ PINI_SECTION_DATA *pOutNewSection);
69 | // Add a new property to a section
70 | BOOL AddNewProperty(_Inout_ PINI_SECTION_DATA pSectionData, _In_ PWCHAR tRawValue);
71 |
72 | // Oracle guessing if a file is encoded in WCHAR OR ANSI
73 | BOOL IsIniFileWcharEncoded(_In_ PBYTE pbINIRawDATA, _In_ DWORD dwINIRawDATALen);
74 |
75 | // Guess if a line contain a new section to parse
76 | BOOL IsIniLineContainASection(_In_ PWCHAR tLine, _In_ PWCHAR *pSectionName);
77 |
78 | //Check if line is a comment
79 | BOOL IsLineCommentInINI(_In_ PWCHAR tLine);
80 | #endif
--------------------------------------------------------------------------------
/sysvolcrawler/SysvolCrawler/INIGenericPrinter.cpp:
--------------------------------------------------------------------------------
1 | /**************************************************
2 | * SysvolCrawler - INIGenericPrinter.h
3 | * AUTHOR: Luc Delsalle
4 | *
5 | * Generic INI file printer
6 | *
7 | * ANSSI/COSSI/DTO/BAI - 2014
8 | ***************************************************/
9 |
10 | #include "INIGenericPrinter.h"
11 |
12 | BOOL PrintData(_In_ PINI_FILE_DATA pIniFileData, _In_ HANDLE hXMLFile, _In_ HANDLE hCSVFile)
13 | {
14 | BOOL bRes = TRUE;
15 |
16 | if (pIniFileData == NULL)
17 | {
18 | DEBUG_LOG(D_ERROR, "pIniFileData pointer invalid.\r\nExiting now...");
19 | DoExit(D_ERROR);
20 | }
21 |
22 | // Call every printer
23 | if ((bRes) && (pSyscrwlrOptions->bShouldPrintXML))
24 | bRes = PrintXMLData(pIniFileData, hXMLFile);
25 |
26 | if ((bRes) && (pSyscrwlrOptions->bShouldPrintCSV))
27 | bRes = PrintCSVData(pIniFileData, hCSVFile);
28 |
29 | if ((bRes) && (pSyscrwlrOptions->bShouldPrintSTDOUT))
30 | bRes = PrintSTDOUTData(pIniFileData);
31 |
32 | return bRes;
33 | }
34 |
35 | BOOL PrintIniDataHeader(_In_ PTCHAR tFilePath, _In_ HANDLE hXMLFile, _In_ HANDLE hCSVFile)
36 | {
37 | DWORD dwDataRead = 0;
38 |
39 | if (!tFilePath)
40 | {
41 | DEBUG_LOG(D_WARNING, "tFilePath is invalid.\r\nExiting now...");
42 | DoExit(D_ERROR);
43 | }
44 |
45 | // Hack for closing xml document. Ugly.
46 | if (pSyscrwlrOptions->bShouldPrintXML && hXMLFile)
47 | {
48 | if ((WriteFile(hXMLFile, TEXT("\r\n"), (DWORD)(_tcslen(TEXT("\">\r\n")) * sizeof (TCHAR)), &dwDataRead, NULL) == FALSE))
51 | goto writerror;
52 | }
53 |
54 | if (pSyscrwlrOptions->bShouldPrintCSV && hCSVFile)
55 | {
56 | if (WriteFile(hCSVFile, TEXT("File;Section;Name;Value\r\n"), (DWORD)(_tcslen(TEXT("File;Section;Name;Value\r\n")) * sizeof (TCHAR)), &dwDataRead, NULL) == FALSE)
57 | goto writerror;
58 | }
59 | return TRUE;
60 |
61 | writerror:
62 | DEBUG_LOG(D_WARNING, "Unable to write DATA HEADER for generic ini printer.\r\nExiting now...");
63 | DoExit(D_ERROR);
64 | return FALSE;
65 | }
66 |
67 | BOOL PrintIniDataFooter(_In_ PTCHAR tFilePath)
68 | {
69 | // Nothing to do in case of generic parser
70 | return TRUE;
71 | }
72 |
73 | BOOL PrintXMLData(_In_ PINI_FILE_DATA pIniFileData, _In_ HANDLE hXMLFile)
74 | {
75 | DWORD dwDataRead = 0;
76 |
77 | if (!pIniFileData || !(pIniFileData->tFilePath))
78 | {
79 | DEBUG_LOG(D_WARNING, "PINI_FILE_DATA invalid for INI file.\r\n");
80 | DoExit(D_WARNING);
81 | }
82 |
83 | if (hXMLFile == INVALID_HANDLE_VALUE)
84 | {
85 | DEBUG_LOG(D_WARNING, "Handle to hXMLFile is invalid.\r\nExiting now...");
86 | DoExit(D_ERROR);
87 | }
88 |
89 | for (DWORD i = 0; i < pIniFileData->iNumberOfSection; ++i)
90 | {
91 | PINI_SECTION_DATA pCurrSectionData = pIniFileData->pSections[i];
92 |
93 | if (!pCurrSectionData->tSectionName)
94 | continue;
95 |
96 | if ((WriteFile(hXMLFile, TEXT("\t\ttSectionName, (DWORD)(_tcslen(pCurrSectionData->tSectionName) * sizeof (WCHAR)), &dwDataRead, NULL) == FALSE)
98 | || (WriteFile(hXMLFile, TEXT("\">\r\n"), (DWORD)(_tcslen(TEXT("\">\r\n")) * sizeof (TCHAR)), &dwDataRead, NULL) == FALSE))
99 | goto writerror;
100 |
101 | PrintXMLSectionData(pCurrSectionData, hXMLFile);
102 |
103 | if (WriteFile(hXMLFile, TEXT("\t\t\r\n"), (DWORD)(_tcslen(TEXT("\t\t\r\n")) * sizeof (TCHAR)), &dwDataRead, NULL) == FALSE)
104 | goto writerror;
105 | }
106 |
107 | return TRUE;
108 |
109 | writerror:
110 | DEBUG_LOG(D_WARNING, "Unable to write XML DATA.\r\nExiting now...");
111 | DoExit(D_ERROR);
112 | return FALSE;
113 | }
114 |
115 | BOOL PrintXMLSectionData(_In_ PINI_SECTION_DATA pSectionData, _In_ HANDLE hXMLFile)
116 | {
117 | DWORD dwDataRead = 0;
118 |
119 | if (!pSectionData || !(pSectionData->tSectionName))
120 | {
121 | DEBUG_LOG(D_WARNING, "PINI_SECTION_DATA invalid for INI file.\r\n");
122 | DoExit(D_WARNING);
123 | }
124 |
125 | if (hXMLFile == INVALID_HANDLE_VALUE)
126 | {
127 | DEBUG_LOG(D_WARNING, "Handle to hXMLFile is invalid.\r\nExiting now...");
128 | DoExit(D_ERROR);
129 | }
130 |
131 | for (DWORD i = 0; i < pSectionData->iNumberOfProperty; ++i)
132 | {
133 | PINI_PROPERTY_DATA pCurrPropertyData = pSectionData->pProperties[i];
134 | PTCHAR tEscapedValue = EscapeXMLString(pCurrPropertyData->tValue);
135 | PTCHAR tEscapedName = EscapeXMLString(pCurrPropertyData->tName);
136 |
137 | if (!pCurrPropertyData->tName)
138 | continue;
139 |
140 | if ((WriteFile(hXMLFile, TEXT("\t\t\t\r\n"), (DWORD)(_tcslen(TEXT("\"/>\r\n")) * sizeof (TCHAR)), &dwDataRead, NULL) == FALSE))
145 | goto writerror;
146 | if (tEscapedName)
147 | HeapFree(hCrawlerHeap, NULL, tEscapedName);
148 | if (tEscapedValue)
149 | HeapFree(hCrawlerHeap, NULL, tEscapedValue);
150 | }
151 |
152 | return TRUE;
153 | writerror:
154 | DEBUG_LOG(D_WARNING, "Unable to write XML DATA.\r\nExiting now...");
155 | DoExit(D_ERROR);
156 | return FALSE;
157 | }
158 |
159 | BOOL PrintCSVData(_In_ PINI_FILE_DATA pIniFileData, _In_ HANDLE hCSVFile)
160 | {
161 | DWORD dwDataRead = 0;
162 |
163 | if (!pIniFileData || !(pIniFileData->tFilePath))
164 | {
165 | DEBUG_LOG(D_WARNING, "PINI_FILE_DATA invalid for INI file.\r\n");
166 | DoExit(D_WARNING);
167 | }
168 |
169 | if (hCSVFile == INVALID_HANDLE_VALUE)
170 | {
171 | DEBUG_LOG(D_WARNING, "Handle to hCSVFile is invalid.\r\nExiting now...");
172 | DoExit(D_ERROR);
173 | }
174 |
175 | for (DWORD i = 0; i < pIniFileData->iNumberOfSection; ++i)
176 | {
177 | PINI_SECTION_DATA pCurrSectionData = pIniFileData->pSections[i];
178 |
179 | if (!pCurrSectionData->tSectionName)
180 | continue;
181 |
182 | PrintCSVSectionData(pIniFileData, pCurrSectionData, hCSVFile);
183 | }
184 |
185 | return TRUE;
186 | }
187 |
188 | BOOL PrintCSVSectionData(_In_ PINI_FILE_DATA pIniData, _In_ PINI_SECTION_DATA pSectionData, _In_ HANDLE hCSVFile)
189 | {
190 | DWORD dwDataRead = 0;
191 |
192 | if (!pSectionData || !(pSectionData->tSectionName))
193 | {
194 | DEBUG_LOG(D_WARNING, "PINI_SECTION_DATA invalid for INI file.\r\n");
195 | DoExit(D_WARNING);
196 | }
197 |
198 | if (hCSVFile == INVALID_HANDLE_VALUE)
199 | {
200 | DEBUG_LOG(D_WARNING, "Handle to hCSVFile is invalid.\r\nExiting now...");
201 | DoExit(D_ERROR);
202 | }
203 |
204 | for (DWORD i = 0; i < pSectionData->iNumberOfProperty; ++i)
205 | {
206 | PINI_PROPERTY_DATA pCurrPropertyData = pSectionData->pProperties[i];
207 |
208 | if (!pCurrPropertyData->tName)
209 | continue;
210 |
211 | if ((WriteFile(hCSVFile, pIniData->tFilePath, (DWORD)(_tcslen(pIniData->tFilePath) * sizeof (WCHAR)), &dwDataRead, NULL) == FALSE)
212 | || (WriteFile(hCSVFile, TEXT(";"), (DWORD)(_tcslen(TEXT(";")) * sizeof (TCHAR)), &dwDataRead, NULL) == FALSE)
213 | || (WriteFile(hCSVFile, pSectionData->tSectionName, (DWORD)(_tcslen(pSectionData->tSectionName) * sizeof (WCHAR)), &dwDataRead, NULL) == FALSE)
214 | || (WriteFile(hCSVFile, TEXT(";"), (DWORD)(_tcslen(TEXT(";")) * sizeof (TCHAR)), &dwDataRead, NULL) == FALSE)
215 | || (WriteFile(hCSVFile, pCurrPropertyData->tName, (DWORD)(_tcslen(pCurrPropertyData->tName) * sizeof (WCHAR)), &dwDataRead, NULL) == FALSE)
216 | || (WriteFile(hCSVFile, TEXT(";"), (DWORD)(_tcslen(TEXT(";")) * sizeof (TCHAR)), &dwDataRead, NULL) == FALSE)
217 | || (WriteFile(hCSVFile, pCurrPropertyData->tValue, (DWORD)(_tcslen(pCurrPropertyData->tValue) * sizeof (WCHAR)), &dwDataRead, NULL) == FALSE)
218 | || (WriteFile(hCSVFile, TEXT("\r\n"), (DWORD)(_tcslen(TEXT("\r\n")) * sizeof (TCHAR)), &dwDataRead, NULL) == FALSE))
219 | goto writerror;
220 | }
221 |
222 | return TRUE;
223 | writerror:
224 | DEBUG_LOG(D_WARNING, "Unable to write CSV DATA.\r\nExiting now...");
225 | DoExit(D_ERROR);
226 | return FALSE;
227 | }
228 |
229 | BOOL PrintSTDOUTData(_In_ PINI_FILE_DATA pIniFileData)
230 | {
231 | DWORD dwDataRead = 0;
232 |
233 | if (!pIniFileData || !(pIniFileData->tFilePath))
234 | {
235 | DEBUG_LOG(D_WARNING, "PINI_FILE_DATA invalid for INI file.\r\n");
236 | DoExit(D_WARNING);
237 | }
238 |
239 | for (DWORD i = 0; i < pIniFileData->iNumberOfSection; ++i)
240 | {
241 | PINI_SECTION_DATA pCurrSectionData = pIniFileData->pSections[i];
242 |
243 | if (!pCurrSectionData->tSectionName)
244 | continue;
245 |
246 | PrintSTDOUTSectionData(pIniFileData, pCurrSectionData);
247 | }
248 | return TRUE;
249 | }
250 |
251 | BOOL PrintSTDOUTSectionData(_In_ PINI_FILE_DATA pInfData, _In_ PINI_SECTION_DATA pSectionData)
252 | {
253 | DWORD dwDataRead = 0;
254 |
255 | if (!pSectionData || !(pSectionData->tSectionName))
256 | {
257 | DEBUG_LOG(D_WARNING, "PINI_FILE_DATA invalid for INI file.\r\n");
258 | DoExit(D_WARNING);
259 | }
260 |
261 | for (DWORD i = 0; i < pSectionData->iNumberOfProperty; ++i)
262 | {
263 | PINI_PROPERTY_DATA pCurrPropertyData = pSectionData->pProperties[i];
264 |
265 | if (!pCurrPropertyData->tName)
266 | continue;
267 |
268 | printf("\t[INI] File=%ws SectionName=%ws PropertyName=%ws Value=%ws\r\n", pInfData->tFilePath, pSectionData->tSectionName, pCurrPropertyData->tName, pCurrPropertyData->tValue);
269 | }
270 |
271 | return TRUE;
272 | }
273 |
--------------------------------------------------------------------------------
/sysvolcrawler/SysvolCrawler/INIGenericPrinter.h:
--------------------------------------------------------------------------------
1 | /**************************************************
2 | * SysvolCrawler - INIGenericPrinter.h
3 | * AUTHOR: Luc Delsalle
4 | *
5 | * Generic INI file printer
6 | *
7 | * ANSSI/COSSI/DTO/BAI - 2014
8 | ***************************************************/
9 |
10 | #ifndef __INIGENERICPPRINTER_H__
11 | #define __INIGENERICPPRINTER_H__
12 |
13 | #include "Common.h"
14 | #include "PrinterCommon.h"
15 | #include "INIGenericParser.h"
16 |
17 | // Generic dispatcher for printers
18 | BOOL PrintData(_In_ PINI_FILE_DATA pIniFileData, _In_ HANDLE hXMLFile, _In_ HANDLE hCSVFile);
19 | BOOL PrintIniDataHeader(_In_ PTCHAR tFilePath, _In_ HANDLE hXMLFile, _In_ HANDLE hCSVFile);
20 | BOOL PrintIniDataFooter(_In_ PTCHAR tFilePath);
21 |
22 | // Printers for file format
23 | BOOL PrintXMLData(_In_ PINI_FILE_DATA pIniFileData, _In_ HANDLE hXMLFile);
24 | BOOL PrintCSVData(_In_ PINI_FILE_DATA pIniFileData, _In_ HANDLE hCSVFile);
25 | BOOL PrintSTDOUTData(_In_ PINI_FILE_DATA pIniFileData);
26 |
27 | BOOL PrintXMLSectionData(_In_ PINI_SECTION_DATA pSectionData, _In_ HANDLE hXMLFile);
28 | BOOL PrintCSVSectionData(_In_ PINI_FILE_DATA pIniData, _In_ PINI_SECTION_DATA pSectionData, _In_ HANDLE hCSVFile);
29 | BOOL PrintSTDOUTSectionData(_In_ PINI_FILE_DATA pInfData, _In_ PINI_SECTION_DATA pSectionData);
30 |
31 | #endif
--------------------------------------------------------------------------------
/sysvolcrawler/SysvolCrawler/LDAPCrawler.h:
--------------------------------------------------------------------------------
1 | /**************************************************
2 | * SysvolCrawler - LDAPCrawler.h
3 | * AUTHOR: Luc Delsalle
4 | *
5 | * Extract GPO metadata from LDAP Directory
6 | *
7 | * ANSSI/COSSI/DTO/BAI - 2014
8 | ***************************************************/
9 |
10 | #ifndef __LDAPCRAWLER_H__
11 | #define __LDAPCRAWLER_H__
12 |
13 | #include "Common.h"
14 | #include
15 | #include
16 | #include
17 |
18 | #define AD_LDAP_SEARCH_LIMIT 1
19 | #define LDAP_SEARCH_USERS_FILTER TEXT("(&(objectCategory=person)(objectClass=user))")
20 | #define LDAP_SEARCH_GROUPS_FILTER TEXT("(&(&(objectCategory=group)(objectClass=group))(name=*))")
21 | #define LDAP_SEARCH_OUS_FILTER TEXT("(|(&(objectCategory=organizationalUnit)(objectClass=organizationalUnit))(objectClass=domainDNS))")
22 | #define LDAP_SEARCH_GPO_FILTER TEXT("(&(objectCategory=groupPolicyContainer)(objectClass=groupPolicyContainer))")
23 |
24 | #define LDAP_USER_TARGETED 1
25 | #define LDAP_USER_TARGETED_INFO_CN TEXT("cn")
26 | #define LDAP_USER_TARGETED_INFO_UPN TEXT("userPrincipalName")
27 | #define LDAP_USER_TARGETED_INFO_LLOGON TEXT("lastLogon")
28 | #define LDAP_USER_TARGETED_INFO_PWD_LS TEXT("pwdLastSet")
29 | #define LDAP_USER_TARGETED_INFO_MOF TEXT("memberOf")
30 | #define LDAP_USER_TARGETED_INFO_NAME TEXT("name")
31 | #define LDAP_USER_TARGETED_INFO_SD TEXT("nTSecurityDescriptor")
32 | #define LDAP_USER_TARGETED_INFO_SID TEXT("objectSid")
33 |
34 | #define LDAP_GROUP_TARGETED 2
35 | #define LDAP_GROUP_TARGETED_INFO_CN TEXT("cn")
36 | #define LDAP_GROUP_TARGETED_INFO_DESC TEXT("description")
37 | #define LDAP_GROUP_TARGETED_INFO_GTYPE TEXT("groupType")
38 | #define LDAP_GROUP_TARGETED_INFO_MEMBER TEXT("member")
39 | #define LDAP_GROUP_TARGETED_INFO_NAME TEXT("name")
40 | #define LDAP_GROUP_TARGETED_INFO_SD TEXT("nTSecurityDescriptor")
41 | #define LDAP_GROUP_TARGETED_INFO_SID TEXT("objectSid")
42 |
43 | #define LDAP_OU_TARGETED 3
44 | #define LDAP_OU_TARGETED_INFO_OU TEXT("ou")
45 | #define LDAP_OU_TARGETED_INFO_DESC TEXT("description")
46 | #define LDAP_OU_TARGETED_INFO_NAME TEXT("name")
47 | #define LDAP_OU_TARGETED_INFO_GPLINK TEXT("gPLink")
48 | #define LDAP_OU_TARGETED_INFO_GPOPTIONS TEXT("gPOptions")
49 | #define LDAP_OU_TARGETED_INFO_SD TEXT("nTSecurityDescriptor")
50 |
51 | #define LDAP_GPO_TARGETED 4
52 | #define LDAP_GPO_TARGETED_INFO_CN TEXT("cn")
53 | #define LDAP_GPO_TARGETED_INFO_CREATED TEXT("whenCreated")
54 | #define LDAP_GPO_TARGETED_INFO_MODIFIED TEXT("whenChanged")
55 | #define LDAP_GPO_TARGETED_INFO_DISPLAY TEXT("displayName")
56 | #define LDAP_GPO_TARGETED_INFO_FLAGS TEXT("flags")
57 | #define LDAP_GPO_TARGETED_INFO_VERSION TEXT("versionNumber")
58 | #define LDAP_GPO_TARGETED_INFO_FUNCVER TEXT("gPCFunctionalityVersion")
59 | #define LDAP_GPO_TARGETED_INFO_FILEPATH TEXT("gPCFileSysPath")
60 | #define LDAP_GPO_TARGETED_INFO_EXT_COMP TEXT("gPCMachineExtensionNames")
61 | #define LDAP_GPO_TARGETED_INFO_EXT_USR TEXT("gPCUserExtensionNames")
62 | #define LDAP_GPO_TARGETED_INFO_PROPAG TEXT("dSCorePropagationData")
63 | #define LDAP_GPO_TARGETED_INFO_WQLFILTER TEXT("gPCWQLFilter")
64 | #define LDAP_GPO_TARGETED_INFO_SD TEXT("nTSecurityDescriptor")
65 |
66 | //******* ******
67 | typedef struct _LDAP_CONNECT_INFOS
68 | {
69 | PLDAP hLDAPConnection;
70 | PTCHAR ptLDAPDomainDN;
71 | PTCHAR ptLDAPDomainName;
72 | } LDAP_CONNECT_INFOS, *PLDAP_CONNECT_INFO;
73 | //******* ******
74 |
75 | //******* ******
76 | typedef DWORD LDAP_REQUESTED_DATA_INFO;
77 |
78 | // Store temporary data
79 | typedef struct _LDAP_RETRIEVED_DATA
80 | {
81 | PTCHAR tDN;
82 | PBYTE *ppbData;
83 | PDWORD pdwDataSize;
84 | DWORD dwElementCount;
85 | } LDAP_RETRIEVED_DATA, *PLDAP_RETRIEVED_DATA;
86 |
87 | // Store generic user data
88 | typedef struct _LDAP_AD_USER
89 | {
90 | PTCHAR tCN;
91 | PTCHAR tName;
92 | PTCHAR tDistinguishedName;
93 | PTCHAR tUserPrincipalName;
94 | PTCHAR tLastLogon;
95 | PTCHAR tPwdLastSet;
96 | PTCHAR tMemberOf;
97 | PTCHAR tSecurityDescriptor;
98 | PTCHAR tSid;
99 | } LDAP_AD_USER, *PLDAP_AD_USER;
100 |
101 | // Store generic user group data
102 | typedef struct _LDAP_AD_GROUP
103 | {
104 | PTCHAR tCN;
105 | PTCHAR tName;
106 | PTCHAR tDistinguishedName;
107 | PTCHAR tDescription;
108 | PTCHAR tGroupType;
109 | PTCHAR tMember;
110 | PTCHAR tSecurityDescriptor;
111 | PTCHAR tSid;
112 | } LDAP_AD_GROUP, *PLDAP_AD_GROUP;
113 |
114 | // Store generic user data
115 | typedef struct _LDAP_AD_OU
116 | {
117 | PTCHAR tOu;
118 | PTCHAR tDistinguishedName;
119 | PTCHAR tDescription;
120 | PTCHAR tName;
121 | PTCHAR tGpLink;
122 | PTCHAR tGpOptions;
123 | PTCHAR tSecurityDescriptor;
124 | } LDAP_AD_OU, *PLDAP_AD_OU;
125 |
126 | // Store generic GPO data
127 | typedef struct _LDAP_AD_GPO
128 | {
129 | PTCHAR tCN;
130 | PTCHAR tDistinguishedName;
131 | PTCHAR tWhenCreated;
132 | PTCHAR tWhenChanged;
133 | PTCHAR tDisplayName;
134 | PTCHAR tFlags;
135 | PTCHAR tVersionNumber;
136 | PTCHAR tFunctionalityVersion;
137 | PTCHAR tFileSysPath;
138 | PTCHAR tMachineExtensionsNames;
139 | PTCHAR tUserExtensionsNames;
140 | PTCHAR tCorePropagationData;
141 | PTCHAR tWQLFilter;
142 | PTCHAR tSecurityDescriptor;
143 | } LDAP_AD_GPO, *PLDAP_AD_GPO;
144 |
145 | // Store ldap crawling results
146 | typedef struct _LDAP_AD_INFOS
147 | {
148 | DWORD dwNumberOfUser;
149 | PLDAP_AD_USER *pUsers;
150 |
151 | DWORD dwNumberOfGroup;
152 | PLDAP_AD_GROUP *pGroups;
153 |
154 | DWORD dwNumberOfOU;
155 | PLDAP_AD_OU *pOUs;
156 |
157 | DWORD dwNumberOfGPO;
158 | PLDAP_AD_GPO *pGPOs;
159 | } LDAP_AD_INFOS, *PLDAP_AD_INFOS;
160 |
161 | //******* ******
162 |
163 | // Forward declaration defining ldap authentification context
164 | extern PLDAP_CONNECT_INFO pLDAPConnectInfo;
165 |
166 | // Connect/Disconnect from LDAP
167 | BOOL InitToLDAP(_In_ PTCHAR ptHostName, _In_ ULONG dwPortNumber);
168 | BOOL BindToLDAP(_In_ PTCHAR ptUserName, _In_ PTCHAR ptPassword);
169 | BOOL ExtractDomainNamingContext();
170 | BOOL DisconnectFromLDAP();
171 | BOOL FreeLDAPInfo(_Inout_ PLDAP_AD_INFOS pLdapADInfos);
172 | BOOL FreeLDAPUsersInfo(_Inout_ PLDAP_AD_INFOS pLdapADInfos);
173 | BOOL FreeLDAPGroupsInfo(_Inout_ PLDAP_AD_INFOS pLdapADInfos);
174 | BOOL FreeLDAPOUsInfo(_Inout_ PLDAP_AD_INFOS pLdapADInfos);
175 | BOOL FreeLDAPGPOsInfo(_Inout_ PLDAP_AD_INFOS pLdapADInfos);
176 |
177 | BOOL LDAPExtractDomainUsers(_Inout_ PLDAP_AD_INFOS pLdapADInfos);
178 | BOOL LDAPExtractDomainGroups(_Inout_ PLDAP_AD_INFOS pLdapADInfos);
179 | BOOL LDAPExtractOrganizationalUnits(_Inout_ PLDAP_AD_INFOS pLdapADInfos);
180 | BOOL LDAPExtractGPOs(_Inout_ PLDAP_AD_INFOS pLdapADInfos);
181 |
182 | BOOL FillDomainUserStruct(_Inout_ PLDAP_AD_USER pLdapADUser, _In_ PTCHAR ptAttribute, _In_ PTCHAR ptValue);
183 | BOOL FillDomainGroupStruct(_Inout_ PLDAP_AD_GROUP pLdapADGroup, _In_ PTCHAR ptAttribute, _In_ PTCHAR ptValue);
184 | BOOL FillDomainOUStruct(_Inout_ PLDAP_AD_OU pLdapADOU, _In_ PTCHAR ptAttribute, _In_ PTCHAR ptValue);
185 | BOOL FillDomainGPOStruct(_Inout_ PLDAP_AD_GPO pLdapADGPO, _In_ PTCHAR ptAttribute, _In_ PTCHAR ptValue);
186 |
187 | PLDAP_AD_USER GetLDAPADUser(PLDAP_AD_USER *pADUsers, DWORD dwADUsersCount, PTCHAR tDN);
188 | PLDAP_AD_GROUP GetLDAPADGroup(PLDAP_AD_GROUP *pADGroups, DWORD dwADGroupsCount, PTCHAR tDN);
189 | PLDAP_AD_OU GetLDAPADOu(PLDAP_AD_OU *pADOus, DWORD dwADOusCount, PTCHAR tDN);
190 | PLDAP_AD_GPO GetLDAPADGpo(PLDAP_AD_GPO *pADGpos, DWORD dwADGposCount, PTCHAR tDN);
191 |
192 | BOOL LDAPDoPageSearch(_In_ PTCHAR tLdapFilter, _In_ PTCHAR tOrigAttribute, _Inout_ PLDAP_RETRIEVED_DATA **ppRetrievedResults, _Inout_ PDWORD dwResultsCount);
193 | BOOL LDAPExtractAttributes(_In_ PLDAPMessage pCurrentEntry, _In_ PTCHAR tAttribute, _Inout_ PLDAP_RETRIEVED_DATA *ppRetrievedData);
194 | BOOL LDAPExtractRangedAttributes(_In_ PLDAPMessage pCurrentEntry, _In_ PTCHAR tOrigAttribute, _In_ PTCHAR tAttribute, _Inout_ PLDAP_RETRIEVED_DATA *ppRetrievedData);
195 |
196 | BOOL GetRangeValues(_Inout_ PLDAPMessage pEntry, _In_ PTCHAR tOriginalAttribute, _Inout_ PDWORD pdwAttributeCount, _Inout_ PBYTE **pppbData, _Inout_ PDWORD *ppdwDataSize);
197 | BOOL ParseRange(_In_ PTCHAR tAtttype, _In_ PTCHAR tAttdescr, _Inout_ PDWORD pdwStart, _Inout_ PDWORD pdwEnd);
198 | BOOL ConstructRangeAtt(_In_ PTCHAR tAtttype, _In_ DWORD dwStart, _In_ INT iEnd, _Inout_ PTCHAR* tOutputRangeAttr);
199 |
200 | #endif
--------------------------------------------------------------------------------
/sysvolcrawler/SysvolCrawler/LDAPPrinter.h:
--------------------------------------------------------------------------------
1 | /**************************************************
2 | * SysvolCrawler - LDAPPrinter.h
3 | * AUTHOR: Luc Delsalle
4 | *
5 | * Display or export data extracted from LDAP
6 | * directory
7 | *
8 | * ANSSI/COSSI/DTO/BAI - 2014
9 | ***************************************************/
10 |
11 | #ifndef __LDAPPRINTER_H__
12 | #define __LDAPPRINTER_H__
13 |
14 | #include "Common.h"
15 | #include "LDAPCrawler.h"
16 | #include "PrinterCommon.h"
17 |
18 | //************** *********************
19 | #define OUTPUT_NAME_USERS_FILE TEXT("LDAPUsersFile")
20 | #define OUTPUT_NAME_GROUPS_FILE TEXT("LDAPGroupsFile")
21 | #define OUTPUT_NAME_OUS_FILE TEXT("LDAPOusFile")
22 | #define OUTPUT_NAME_GPOS_FILE TEXT("LDAPGPOsFile")
23 | #define OUTPUT_DIRECTORY_LDAP_FILE TEXT(".\\")
24 | //************** ********************
25 |
26 | // Generic dispatcher for printers
27 | BOOL PrintData(_In_ PLDAP_AD_INFOS pLdapADInfos);
28 | BOOL PrintLdapDataHeader();
29 | BOOL PrintLdapDataFooter();
30 | BOOL PrintSpecifiedData(_In_ PLDAP_AD_INFOS pLdapADInfos, _In_ LDAP_REQUESTED_DATA_INFO dwRequestedInfo);
31 |
32 | // Printers for file format
33 | BOOL PrintXMLData(_In_ PLDAP_AD_INFOS pLdapADInfos);
34 | BOOL PrintCSVData(_In_ PLDAP_AD_INFOS pLdapADInfos);
35 | BOOL PrintSTDOUTData(_In_ PLDAP_AD_INFOS pLdapADInfos);
36 |
37 | BOOL PrintXMLDataUsers(_In_ HANDLE hXMLUsersFile, _In_ PLDAP_AD_INFOS pLdapADInfos);
38 | BOOL PrintXMLDataGroups(_In_ HANDLE hXMLGroupsFile, _In_ PLDAP_AD_INFOS pLdapADInfos);
39 | BOOL PrintXMLDataOUs(_In_ HANDLE hXMLOusFile, _In_ PLDAP_AD_INFOS pLdapADInfos);
40 | BOOL PrintXMLDataGPOs(_In_ HANDLE hXMLGPOsFile, _In_ PLDAP_AD_INFOS pLdapADInfos);
41 |
42 | BOOL PrintCSVDataUsers(_In_ HANDLE hCSVUsersFile, _In_ PLDAP_AD_INFOS pLdapADInfos);
43 | BOOL PrintCSVDataGroups(_In_ HANDLE hCSVGroupsFile, _In_ PLDAP_AD_INFOS pLdapADInfos);
44 | BOOL PrintCSVDataOUs(_In_ HANDLE hCSVOusFile, _In_ PLDAP_AD_INFOS pLdapADInfos);
45 | BOOL PrintCSVDataGPOs(_In_ HANDLE hCSVGPOsFile, _In_ PLDAP_AD_INFOS pLdapADInfos);
46 |
47 | BOOL PrintSTDOUTDataUsers(_In_ PLDAP_AD_INFOS pLdapADInfos);
48 | BOOL PrintSTDOUTDataGroups(_In_ PLDAP_AD_INFOS pLdapADInfos);
49 | BOOL PrintSTDOUTDataOUs(_In_ PLDAP_AD_INFOS pLdapADInfos);
50 | BOOL PrintSTDOUTDataGPOs(_In_ PLDAP_AD_INFOS pLdapADInfos);
51 |
52 | #endif
53 |
--------------------------------------------------------------------------------
/sysvolcrawler/SysvolCrawler/MISCParser.cpp:
--------------------------------------------------------------------------------
1 | /**************************************************
2 | * SysvolCrawler - MISCParser.c
3 | * AUTHOR: Luc Delsalle
4 | *
5 | * Parsing engine for odd file which should not be
6 | * on a Sysvol folder
7 | *
8 | * ANSSI/COSSI/DTO/BAI - 2014
9 | ***************************************************/
10 |
11 | #include "MISCParser.h"
12 |
13 | VOID RegisterMiscParser(_Inout_ PPARSER_IDENTIFIER *pParserID)
14 | {
15 | *pParserID = (PPARSER_IDENTIFIER) HeapAlloc(hCrawlerHeap, HEAP_ZERO_MEMORY, sizeof (PARSER_IDENTIFIER));
16 | if (!pParserID)
17 | {
18 | DEBUG_LOG(D_ERROR, "Unable to allocate PARSER_IDENTIFIER structure.\r\nExiting now...");
19 | DoExit(D_ERROR);
20 | }
21 |
22 | (*pParserID)->tParserName = MISC_PARSER_NAME;
23 | (*pParserID)->tFileMatchingRegExp = MISC_MATCHING_FILE_REGEXP;
24 | (*pParserID)->tFolderMatchingRegExp = NULL;
25 | (*pParserID)->pParserEntryPoint = ParseMiscFile;
26 | }
27 |
28 | BOOL ParseMiscFile(_In_ PTCHAR tFilePath)
29 | {
30 | PMISC_FILE_DATA pMiscData = NULL;
31 | HANDLE hMiscFile = INVALID_HANDLE_VALUE;
32 | DWORD dwFileSize = 0, dwNumberOfBytesRead = 0;
33 | PBYTE pbMISCRawDATA = NULL;
34 |
35 | if (tFilePath == NULL)
36 | {
37 | DEBUG_LOG(D_ERROR, "FILEPATH pointer invalid.\r\nExiting now...");
38 | DoExit(D_ERROR);
39 | }
40 | DEBUG_LOG(D_MISC, "[MISC] Now parsing %ws\r\n", tFilePath);
41 |
42 | pMiscData = (PMISC_FILE_DATA) HeapAlloc(hCrawlerHeap, HEAP_ZERO_MEMORY, sizeof (MISC_FILE_DATA));
43 | if (!pMiscData)
44 | {
45 | DEBUG_LOG(D_ERROR, "Unable to allocate MISC_FILE_DATA structure.\r\nExiting now...");
46 | DoExit(D_ERROR);
47 | }
48 | pMiscData->dwDataSize = 0;
49 | pMiscData->pbData = NULL;
50 | pMiscData->tFilePath = tFilePath;
51 |
52 | hMiscFile = CreateFile_s(tFilePath, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
53 | if (hMiscFile == INVALID_HANDLE_VALUE)
54 | {
55 | DEBUG_LOG(D_ERROR, "Unable to open file %ws. ErrorCode: %d.\r\n", tFilePath, GetLastError());
56 | SetLastError(ERROR_ACCESS_DENIED);
57 | return FALSE;
58 | }
59 |
60 | dwFileSize = GetFileSize(hMiscFile, NULL);
61 | if (dwFileSize == INVALID_FILE_SIZE)
62 | {
63 | DEBUG_LOG(D_ERROR, "Error during reading FileSize for %ws.\r\nExiting now...", tFilePath);
64 | DoExit(D_ERROR);
65 | }
66 | pMiscData->dwDataSize = dwFileSize;
67 |
68 | // Chack that file isnt to big to be handled by printers
69 | if (dwFileSize < MISC_MAX_FILE_SIZE)
70 | {
71 | pbMISCRawDATA = (PBYTE) HeapAlloc(hCrawlerHeap, HEAP_ZERO_MEMORY, sizeof (DWORD) * dwFileSize);
72 | if (pbMISCRawDATA == NULL)
73 | {
74 | DEBUG_LOG(D_ERROR, "Unable to allocate pbMISCRawDATA.\r\nExiting now...");
75 | DoExit(D_ERROR);
76 | }
77 |
78 | if (!ReadFile(hMiscFile, pbMISCRawDATA, dwFileSize, &dwNumberOfBytesRead, NULL))
79 | {
80 | DEBUG_LOG(D_ERROR, "Unable to read file %ws. ErrorCode: %d.\r\n", tFilePath, GetLastError());
81 | return FALSE;
82 | }
83 | }
84 | else // in case of heavy file, we replace it by error message
85 | {
86 | PTCHAR ptMsg = MISC_MAX_FILE_ERR_MSG;
87 | DWORD dwMsgLen = (DWORD) _tcslen(ptMsg);
88 |
89 | DEBUG_LOG(D_WARNING, "The file is %ws too big to be collected. Please save it manually\r\n.", tFilePath);
90 | pbMISCRawDATA = (PBYTE) HeapAlloc(hCrawlerHeap, HEAP_ZERO_MEMORY, sizeof(TCHAR) * (dwMsgLen + 1));
91 | if (!pbMISCRawDATA)
92 | {
93 | DEBUG_LOG(D_ERROR, "Unable to allocate memory (ErrCode=%d).\r\n.", GetLastError());
94 | DoExit(D_ERROR);
95 | }
96 | if (memcpy_s(pbMISCRawDATA, (dwMsgLen + 1) * sizeof (TCHAR), ptMsg, sizeof(TCHAR) * dwMsgLen))
97 | {
98 | DEBUG_LOG(D_ERROR, "Unable to copy message.\r\nExiting now...");
99 | DoExit(D_ERROR);
100 | }
101 | pMiscData->dwDataSize = dwMsgLen;
102 | }
103 | pMiscData->pbData = pbMISCRawDATA;
104 | CloseHandle(hMiscFile);
105 |
106 | // Call printers
107 | PrintMiscDataHeader(pMiscData->tFilePath);
108 | PrintData(pMiscData);
109 | PrintMiscDataFooter(pMiscData->tFilePath);
110 |
111 | // Release data
112 | HeapFree(hCrawlerHeap, NULL, pMiscData->pbData);
113 | HeapFree(hCrawlerHeap, NULL, pMiscData);
114 | return TRUE;
115 | }
--------------------------------------------------------------------------------
/sysvolcrawler/SysvolCrawler/MISCParser.h:
--------------------------------------------------------------------------------
1 | /**************************************************
2 | * SysvolCrawler - MISCParser.h
3 | * AUTHOR: Luc Delsalle
4 | *
5 | * Parsing engine for odd file which should not be
6 | * on a Sysvol folder
7 | *
8 | * ANSSI/COSSI/DTO/BAI - 2014
9 | ***************************************************/
10 |
11 | #ifndef __MISC_PARSER_H__
12 | #define __MISC_PARSER_H__
13 |
14 | #include "Common.h"
15 |
16 | //************** *********************
17 | #define MISC_PARSER_NAME TEXT("MISCellaneous file parser")
18 | #define MISC_MATCHING_FILE_REGEXP TEXT("*.*")
19 | #define MISC_MATCHING_FOLDER_REGEXP TEXT("[NON SUPPORTED]")
20 | //************** ********************
21 |
22 | //******* ******
23 | // Gather data for misc file
24 | typedef struct _MISC_FILE_DATA
25 | {
26 | PWCHAR tFilePath;
27 |
28 | DWORD dwDataSize;
29 | PBYTE pbData;
30 | } MISC_FILE_DATA, *PMISC_FILE_DATA;
31 | //****** ******
32 |
33 | // Forward declaration for printers
34 | extern BOOL PrintData(_In_ PMISC_FILE_DATA pMiscData);
35 | extern BOOL PrintMiscDataHeader(_In_ PTCHAR tFilePath);
36 | extern BOOL PrintMiscDataFooter(_In_ PTCHAR tFilePath);
37 |
38 | // Parser registration
39 | VOID RegisterMiscParser(_Inout_ PPARSER_IDENTIFIER *pParserID);
40 | // Entry point for MISC file
41 | BOOL ParseMiscFile(_In_ PTCHAR tFilePath);
42 |
43 | #endif
--------------------------------------------------------------------------------
/sysvolcrawler/SysvolCrawler/MISCPrinter.cpp:
--------------------------------------------------------------------------------
1 | /**************************************************
2 | * SysvolCrawler - MISCPrinter.cpp
3 | * AUTHOR: Luc Delsalle
4 | *
5 | * Display or export data for odd file which should
6 | * not be on a Sysvol folder
7 | *
8 | * ANSSI/COSSI/DTO/BAI - 2014
9 | ***************************************************/
10 |
11 | #include "MISCPrinter.h"
12 |
13 | BOOL PrintData(_In_ PMISC_FILE_DATA pMiscData)
14 | {
15 | BOOL bRes = TRUE;
16 |
17 | if (pMiscData == NULL)
18 | {
19 | DEBUG_LOG(D_ERROR, "pMiscData pointer invalid.\r\nExiting now...");
20 | DoExit(D_ERROR);
21 | }
22 |
23 | // Call every printer
24 | if ((bRes) && (pSyscrwlrOptions->bShouldPrintXML))
25 | bRes = PrintXMLData(pMiscData);
26 |
27 | if ((bRes) && (pSyscrwlrOptions->bShouldPrintCSV))
28 | bRes = PrintCSVData(pMiscData);
29 |
30 | if ((bRes) && (pSyscrwlrOptions->bShouldPrintSTDOUT))
31 | bRes = PrintSTDOUTData(pMiscData);
32 |
33 | return bRes;
34 | }
35 |
36 | BOOL PrintMiscDataHeader(_In_ PTCHAR tFilePath)
37 | {
38 | DWORD dwDataRead = 0;
39 | LARGE_INTEGER liFileSize;
40 |
41 | if (!tFilePath)
42 | {
43 | DEBUG_LOG(D_WARNING, "tFilePath is invalid.\r\nExiting now...");
44 | DoExit(D_ERROR);
45 | }
46 |
47 | // Hack for closing xml document. Ugly.
48 | if (pSyscrwlrOptions->bShouldPrintXML)
49 | {
50 | HANDLE hXMLFile = GetFileHandle(OUTPUT_FILE_XML, OUTPUT_DIRECTORY_MISC_FILE, OUTPUT_NAME_MISC_FILE);
51 |
52 | if (!GetFileSizeEx(hXMLFile, &liFileSize))
53 | {
54 | DEBUG_LOG(D_WARNING, "Unable to determine file size.\r\nExiting now...");
55 | DoExit(D_ERROR);
56 | }
57 |
58 | if ((liFileSize.HighPart == 0) && (liFileSize.LowPart == 0))
59 | {
60 | // New file, we need to add xml header
61 | if (WriteFile(hXMLFile, TEXT("\r\n"), (DWORD)(_tcslen(TEXT("\r\n")) * sizeof (TCHAR)), &dwDataRead, NULL) == FALSE)
62 | goto writerror;
63 |
64 | if ((WriteFile(hXMLFile, TEXT("<"), (DWORD)(_tcslen(TEXT("<")) * sizeof (TCHAR)), &dwDataRead, NULL) == FALSE)
65 | || (WriteFile(hXMLFile, OUTPUT_NAME_MISC_FILE, (DWORD)(_tcslen(OUTPUT_NAME_MISC_FILE) * sizeof (TCHAR)), &dwDataRead, NULL) == FALSE)
66 | || (WriteFile(hXMLFile, TEXT(".xml>\r\n"), (DWORD)(_tcslen(TEXT(".xml>\r\n")) * sizeof (TCHAR)), &dwDataRead, NULL) == FALSE))
67 | goto writerror;
68 | }
69 |
70 | if ((WriteFile(hXMLFile, TEXT("\r\n"), (DWORD)(_tcslen(TEXT("\">\r\n")) * sizeof (TCHAR)), &dwDataRead, NULL) == FALSE))
73 | goto writerror;
74 |
75 | CloseHandle(hXMLFile);
76 | }
77 |
78 | if (pSyscrwlrOptions->bShouldPrintCSV)
79 | {
80 | HANDLE hCSVFile = GetFileHandle(OUTPUT_FILE_CSV, OUTPUT_DIRECTORY_MISC_FILE, OUTPUT_NAME_MISC_FILE);
81 | LARGE_INTEGER liFileSize;
82 |
83 | if (!GetFileSizeEx(hCSVFile, &liFileSize))
84 | {
85 | DEBUG_LOG(D_WARNING, "Unable to determine file size.\r\nExiting now...");
86 | DoExit(D_ERROR);
87 | }
88 |
89 | if ((liFileSize.HighPart == 0) && (liFileSize.LowPart == 0))
90 | {
91 | if (WriteFile(hCSVFile, TEXT("File;Size;Data\r\n"), (DWORD)(_tcslen(TEXT("File;Size;Data\r\n")) * sizeof (TCHAR)), &dwDataRead, NULL) == FALSE)
92 | goto writerror;
93 | }
94 | CloseHandle(hCSVFile);
95 | }
96 | return TRUE;
97 |
98 | writerror:
99 | DEBUG_LOG(D_WARNING, "Unable to write DATA HEADER for MISC printer.\r\nExiting now...");
100 | DoExit(D_ERROR);
101 | return FALSE;
102 | }
103 |
104 | BOOL PrintMiscDataFooter(_In_ PTCHAR tFilePath)
105 | {
106 | DWORD dwDataRead = 0;
107 |
108 | // Hack for closing xml document. Ugly.
109 | if (pSyscrwlrOptions->bShouldPrintXML)
110 | {
111 | HANDLE hXMLFile = GetFileHandle(OUTPUT_FILE_XML, OUTPUT_DIRECTORY_MISC_FILE, OUTPUT_NAME_MISC_FILE);
112 | if (WriteFile(hXMLFile, TEXT("\r\n"), (DWORD)(_tcslen(TEXT("\r\n")) * sizeof (TCHAR)), &dwDataRead, NULL) == FALSE)
113 | goto writerror;
114 | CloseHandle(hXMLFile);
115 | }
116 | return TRUE;
117 |
118 | writerror:
119 | DEBUG_LOG(D_WARNING, "Unable to write DATA FOOTER for MISC printer.\r\nExiting now...");
120 | DoExit(D_ERROR);
121 | return FALSE;
122 | }
123 |
124 | BOOL PrintXMLData(_In_ PMISC_FILE_DATA pMiscData)
125 | {
126 | DWORD dwDataRead = 0, dwSizeLength = 0;
127 | HANDLE hMISCFile = GetFileHandle(OUTPUT_FILE_XML, OUTPUT_DIRECTORY_MISC_FILE, OUTPUT_NAME_MISC_FILE);
128 | TCHAR tSize[100];
129 | PTCHAR tData = NULL;
130 |
131 | if (!pMiscData || !(pMiscData->pbData) || !(pMiscData->tFilePath))
132 | {
133 | DEBUG_LOG(D_WARNING, "PMISC_FILE_DATA invalid for MISC file.\r\n");
134 | DoExit(D_WARNING);
135 | }
136 |
137 | if (hMISCFile == INVALID_HANDLE_VALUE)
138 | {
139 | DEBUG_LOG(D_WARNING, "Handle to hMISCFile is invalid.\r\nExiting now...");
140 | DoExit(D_ERROR);
141 | }
142 |
143 | tData = GetBase64FromByte(pMiscData->pbData, pMiscData->dwDataSize);
144 | dwSizeLength = _stprintf_s(tSize, 100, TEXT("%d"), (pMiscData->dwDataSize));
145 |
146 | if ((WriteFile(hMISCFile, TEXT("\t\t\r\n"), (DWORD)(_tcslen(TEXT("\"/>\r\n")) * sizeof (TCHAR)), &dwDataRead, NULL) == FALSE))
151 | goto writerror;
152 |
153 | HeapFree(hCrawlerHeap, NULL, tData);
154 | CloseHandle(hMISCFile);
155 | return TRUE;
156 | writerror:
157 | DEBUG_LOG(D_WARNING, "Unable to write XML DATA.\r\nExiting now...");
158 | DoExit(D_ERROR);
159 | return FALSE;
160 | }
161 |
162 | BOOL PrintCSVData(_In_ PMISC_FILE_DATA pMiscData)
163 | {
164 | DWORD dwDataRead = 0, dwSizeLength = 0;
165 | HANDLE hMISCFile = GetFileHandle(OUTPUT_FILE_CSV, OUTPUT_DIRECTORY_MISC_FILE, OUTPUT_NAME_MISC_FILE);
166 | TCHAR tSize[100];
167 | PTCHAR tData = NULL;
168 |
169 | if (!pMiscData || !(pMiscData->pbData) || !(pMiscData->tFilePath))
170 | {
171 | DEBUG_LOG(D_WARNING, "PMISC_FILE_DATA invalid for MISC file.\r\n");
172 | DoExit(D_WARNING);
173 | }
174 |
175 | if (hMISCFile == INVALID_HANDLE_VALUE)
176 | {
177 | DEBUG_LOG(D_WARNING, "Handle to hMISCFile is invalid.\r\nExiting now...");
178 | DoExit(D_ERROR);
179 | }
180 |
181 | tData = GetBase64FromByte(pMiscData->pbData, pMiscData->dwDataSize);
182 | dwSizeLength = _stprintf_s(tSize, 100, TEXT("%d"), (pMiscData->dwDataSize));
183 |
184 | if ((WriteFile(hMISCFile, pMiscData->tFilePath, (DWORD)(_tcslen(pMiscData->tFilePath) * sizeof (WCHAR)), &dwDataRead, NULL) == FALSE)
185 | || (WriteFile(hMISCFile, TEXT(";"), (DWORD)(_tcslen(TEXT(";")) * sizeof (TCHAR)), &dwDataRead, NULL) == FALSE)
186 | || (WriteFile(hMISCFile, tSize, (DWORD)(_tcslen(tSize) * sizeof (WCHAR)), &dwDataRead, NULL) == FALSE)
187 | || (WriteFile(hMISCFile, TEXT(";"), (DWORD)(_tcslen(TEXT(";")) * sizeof (TCHAR)), &dwDataRead, NULL) == FALSE)
188 | || (WriteFile(hMISCFile, tData, (DWORD)(_tcslen(tData) * sizeof (WCHAR)), &dwDataRead, NULL) == FALSE)
189 | || (WriteFile(hMISCFile, TEXT("\r\n"), (DWORD)(_tcslen(TEXT("\r\n")) * sizeof (TCHAR)), &dwDataRead, NULL) == FALSE))
190 | goto writerror;
191 |
192 | HeapFree(hCrawlerHeap, NULL, tData);
193 | CloseHandle(hMISCFile);
194 | return TRUE;
195 | writerror:
196 | DEBUG_LOG(D_WARNING, "Unable to write CSV DATA.\r\nExiting now...");
197 | DoExit(D_ERROR);
198 | return FALSE;
199 | }
200 |
201 | BOOL PrintSTDOUTData(_In_ PMISC_FILE_DATA pMiscData)
202 | {
203 | PTCHAR tData = NULL;
204 |
205 | if (!pMiscData || !(pMiscData->pbData) || !(pMiscData->tFilePath))
206 | {
207 | DEBUG_LOG(D_WARNING, "PMISC_FILE_DATA invalid for MISC file.\r\n");
208 | DoExit(D_WARNING);
209 | }
210 |
211 | tData = GetBase64FromByte(pMiscData->pbData, pMiscData->dwDataSize);
212 |
213 | printf("[MISC] File=%ws Size=%d Data=%ws\r\n", pMiscData->tFilePath, pMiscData->dwDataSize, tData);
214 |
215 | HeapFree(hCrawlerHeap, NULL, tData);
216 | return TRUE;
217 | }
--------------------------------------------------------------------------------
/sysvolcrawler/SysvolCrawler/MISCPrinter.h:
--------------------------------------------------------------------------------
1 | /**************************************************
2 | * SysvolCrawler - INFPrinter.h
3 | * AUTHOR: Luc Delsalle
4 | *
5 | * Display or export data for odd file which should
6 | * not be on a Sysvol folder
7 | *
8 | * ANSSI/COSSI/DTO/BAI - 2014
9 | ***************************************************/
10 |
11 | #ifndef __MISCPRINTER_H__
12 | #define __MISCPRINTER_H__
13 |
14 | #include "MISCParser.h"
15 | #include "PrinterCommon.h"
16 |
17 | //************** *********************
18 | #define OUTPUT_NAME_MISC_FILE TEXT("MISCellaneousFiles")
19 | #define OUTPUT_DIRECTORY_MISC_FILE TEXT("Misc")
20 | //************** ********************
21 |
22 | // Generic dispatcher for printers
23 | BOOL PrintData(_In_ PMISC_FILE_DATA pMiscData);
24 | BOOL PrintMiscDataHeader(_In_ PTCHAR tFilePath);
25 | BOOL PrintMiscDataFooter(_In_ PTCHAR tFilePath);
26 |
27 | // Printers for file format
28 | BOOL PrintXMLData(_In_ PMISC_FILE_DATA pMiscData);
29 | BOOL PrintCSVData(_In_ PMISC_FILE_DATA pMiscData);
30 | BOOL PrintSTDOUTData(_In_ PMISC_FILE_DATA pMiscData);
31 |
32 | #endif
--------------------------------------------------------------------------------
/sysvolcrawler/SysvolCrawler/Main.h:
--------------------------------------------------------------------------------
1 | /**************************************************
2 | * SysvolCrawler
3 | *
4 | *
5 | * Description:
6 | * This projet is a fast, complete and reliable Active
7 | * Directory SYSVOL crawler.
8 | * It allows ITOPs or Security Auditors to inspect
9 | * GPO parameters at a domain scale in order to
10 | * evaluate GPO accurency.
11 | *
12 | *
13 | * ANSSI/COSSI/DTO/BAI - 2014
14 | ***************************************************/
15 |
16 | #ifndef __SYSVOLCRAWLER_H__
17 | #define __SYSVOLCRAWLER_H__
18 |
19 | #include "Common.h"
20 | #include "Dispatcher.h"
21 | #include "PrinterCommon.h"
22 | #include "LDAPPrinter.h"
23 |
24 | INT main(_In_ INT argc, _In_ PCHAR argv[]);
25 | VOID ParseCmdLineOption(_In_ INT argc, _In_ PCHAR *argv);
26 | BOOL LaunchSysvolCrawling(_In_ PCHAR pSysvolPath);
27 | BOOL LaunchLDAPCrawling();
28 |
29 | INT GetOpt(_In_ INT argc, _In_ PCHAR *argv, _In_ PCHAR optstring, _Out_ PCHAR *outOptArg, _Out_ PINT pOptInd);
30 | VOID SysCrwlrUsage(_In_ PCHAR pSyscrwlrName, _In_ BOOL bSouldPrintInfo);
31 | VOID DefineOutputFormat(_In_ PCHAR pSelectedOutputFormat);
32 |
33 | #endif
--------------------------------------------------------------------------------
/sysvolcrawler/SysvolCrawler/POLParser.cpp:
--------------------------------------------------------------------------------
1 | /**************************************************
2 | * SysvolCrawler - POLParser.c
3 | * AUTHOR: Luc Delsalle
4 | *
5 | * Parsing engine for .pol file (eg. Registry.pol)
6 | *
7 | * ANSSI/COSSI/DTO/BAI - 2014
8 | ***************************************************/
9 | #include "POLParser.h"
10 |
11 | VOID RegisterPOLParser(_Inout_ PPARSER_IDENTIFIER *pParserID)
12 | {
13 | *pParserID = (PPARSER_IDENTIFIER) HeapAlloc(hCrawlerHeap, HEAP_ZERO_MEMORY, sizeof (PARSER_IDENTIFIER));
14 | if (!pParserID)
15 | {
16 | DEBUG_LOG(D_ERROR, "Unable to allocate PARSER_IDENTIFIER structure.\r\nExiting now...");
17 | DoExit(D_ERROR);
18 | }
19 |
20 | (*pParserID)->tParserName = POL_PARSER_NAME;
21 | (*pParserID)->tFileMatchingRegExp = POL_MATCHING_FILE_REGEXP;
22 | (*pParserID)->tFolderMatchingRegExp = NULL;
23 | (*pParserID)->pParserEntryPoint = ParsePolFile;
24 | }
25 |
26 | BOOL ParsePolFile(_In_ PTCHAR tFilePath)
27 | {
28 | HANDLE hPOLFile = INVALID_HANDLE_VALUE;
29 | DWORD dwPOLMagic[2];
30 | DWORD dwNumberOfBytesRead = 0, dwFileSize = 0;
31 |
32 | if (tFilePath == NULL)
33 | {
34 | DEBUG_LOG(D_ERROR, "FILEPATH pointer invalid.\r\nExiting now...");
35 | DoExit(D_ERROR);
36 | }
37 | DEBUG_LOG(D_MISC, "[POL] Now parsing %ws\r\n", tFilePath);
38 |
39 | hPOLFile = CreateFile_s(tFilePath, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
40 | if (hPOLFile == INVALID_HANDLE_VALUE)
41 | {
42 | DEBUG_LOG(D_ERROR, "Unable to open file %ws. ErrorCode: %d.\r\n", tFilePath, GetLastError());
43 | SetLastError(ERROR_ACCESS_DENIED);
44 | return FALSE;
45 | }
46 |
47 | dwFileSize = GetFileSize(hPOLFile, NULL);
48 | if (dwFileSize == INVALID_FILE_SIZE)
49 | {
50 | DEBUG_LOG(D_ERROR, "Error during reading FileSize for %ws.\r\nExiting now...", tFilePath);
51 | DoExit(D_ERROR);
52 | }
53 | else if (dwFileSize == 0)
54 | {
55 | return TRUE;
56 | }
57 |
58 | // Check format magic in pol file
59 | if (!ReadFile(hPOLFile, dwPOLMagic, 8, &dwNumberOfBytesRead, NULL) || (dwNumberOfBytesRead != 8))
60 | {
61 | DEBUG_LOG(D_ERROR, "Unable to read file %ws. ErrorCode: %d.\r\n", tFilePath, GetLastError());
62 | return FALSE;
63 | }
64 |
65 | if (dwPOLMagic[0] != 0x67655250)
66 | {
67 | DEBUG_LOG(D_ERROR, "The file %ws doesn't seems to be a real POL file: MagicNumber error with value: 0x%8x.\r\n", tFilePath, dwPOLMagic[0]);
68 | return FALSE;
69 | }
70 | else
71 | {
72 | DEBUG_LOG(D_MISC, "Valid POL file found [version:%d] for %ws.\r\n", dwPOLMagic[1], tFilePath);
73 | if (ParseBodyRegisteryValues(&hPOLFile, tFilePath) == FALSE)
74 | return FALSE;
75 | }
76 | CloseHandle(hPOLFile);
77 | return TRUE;
78 | }
79 |
80 | BOOL ParseBodyRegisteryValues(_In_ PHANDLE hPOLFile, _In_ PTCHAR tFilePath)
81 | {
82 | DWORD dwFileSize = 0;
83 | PBYTE pbPOLDATA = NULL;
84 | PPOL_DATA pPolDATA = NULL;
85 | DWORD dwNumberOfBytesRead = 0, dwSubTokenIndex = 0;
86 | INT iSubTokenStartPos = -1, iSubTokenLen = 0;
87 | BOOL bIsTokenFound = FALSE, bIsDataSizeExtracted = FALSE;
88 |
89 | if ((hPOLFile == INVALID_HANDLE_VALUE) || (tFilePath == NULL))
90 | {
91 | DEBUG_LOG(D_ERROR, "POLFILE or FILEPATH pointer invalid for %ws.\r\nExiting now...", tFilePath);
92 | DoExit(D_ERROR);
93 | }
94 |
95 | dwFileSize = GetFileSize(*hPOLFile, NULL);
96 | if (dwFileSize == INVALID_FILE_SIZE)
97 | {
98 | DEBUG_LOG(D_ERROR, "Error during reading FileSize for %ws.\r\nExiting now...", tFilePath);
99 | DoExit(D_ERROR);
100 | }
101 |
102 | pbPOLDATA = (PBYTE) HeapAlloc(hCrawlerHeap, HEAP_ZERO_MEMORY, sizeof (DWORD) * dwFileSize);
103 | if (pbPOLDATA == NULL)
104 | {
105 | DEBUG_LOG(D_ERROR, "pbPOLDATA pointer invalid.\r\nExiting now...");
106 | DoExit(D_ERROR);
107 | }
108 |
109 | if (!ReadFile(*hPOLFile, pbPOLDATA, dwFileSize, &dwNumberOfBytesRead, NULL))
110 | {
111 | DEBUG_LOG(D_ERROR, "Unable to read file %ws. ErrorCode: %d.\r\n", tFilePath, GetLastError());
112 | return FALSE;
113 | }
114 |
115 | // Extract every tokens in file(registry keys like [key;value;type;size;data]) and send them to parsing
116 | PrintPolDataHeader(tFilePath);
117 | for (DWORD i = 0; i < dwNumberOfBytesRead; ++i)
118 | {
119 | WCHAR cCurrentVal = (TCHAR) *(pbPOLDATA + i);
120 |
121 | // Get token beginning
122 | if ((cCurrentVal == TEXT('['))
123 | && (bIsTokenFound == FALSE)) // we didnt find a token yet
124 | {
125 | pPolDATA = (PPOL_DATA) HeapAlloc(hCrawlerHeap, HEAP_ZERO_MEMORY, sizeof (POL_DATA));
126 | if (pPolDATA == NULL)
127 | {
128 | DEBUG_LOG(D_ERROR, "pPolDATA pointer invalid.\r\nExiting now...");
129 | DoExit(D_ERROR);
130 | }
131 | else
132 | pPolDATA->tFilePath = tFilePath;
133 |
134 | // Reset aprsing indexes
135 | bIsTokenFound = TRUE;
136 | iSubTokenStartPos = i + sizeof(TCHAR);
137 | iSubTokenLen = -1;
138 | }
139 |
140 | // We need to determine new token size when we capture it
141 | if (bIsTokenFound)
142 | {
143 | iSubTokenLen++;
144 | }
145 |
146 | // Detect separators
147 | if ((bIsTokenFound == TRUE) // Token found
148 | && (bIsDataSizeExtracted == FALSE) // could determine size yet
149 | && (cCurrentVal == TEXT(';'))) // In case of ';': we need to extract subtoken
150 | {
151 | ExtractSubToken(pPolDATA, pbPOLDATA, iSubTokenStartPos, iSubTokenLen, dwSubTokenIndex);
152 |
153 | dwSubTokenIndex++; // increase subtoken index
154 | if (dwSubTokenIndex == 4) // found token size
155 | bIsDataSizeExtracted = TRUE;
156 |
157 | //Reset token indexes
158 | iSubTokenStartPos = i + sizeof(TCHAR);
159 | iSubTokenLen = -1;
160 | }
161 |
162 | if ((bIsTokenFound)
163 | && (bIsDataSizeExtracted == TRUE)
164 | && (dwSubTokenIndex == 4)
165 | && (pPolDATA->pwdSize))
166 | {
167 | ExtractSubToken(pPolDATA, pbPOLDATA, iSubTokenStartPos, (*pPolDATA->pwdSize), dwSubTokenIndex);
168 | dwSubTokenIndex++;
169 | i = iSubTokenStartPos + (*pPolDATA->pwdSize) - 1;
170 | continue;
171 | }
172 |
173 | // Detect token end
174 | if ((bIsTokenFound)
175 | && (bIsDataSizeExtracted == TRUE)
176 | && (dwSubTokenIndex == 5)
177 | && (cCurrentVal == TEXT(']')))
178 | {
179 | BOOL bRes = FALSE;
180 |
181 | if (!pPolDATA->pwKey || !pPolDATA->pbValue || !pPolDATA->pwdSize || !pPolDATA->pwdType || !pPolDATA->pbData)
182 | {
183 | DEBUG_LOG(D_ERROR, "[POL] Token Invalid, must be skipped.\r\n.");
184 | return FALSE;
185 | }
186 | else
187 | {
188 | // Send to printer extracted token
189 | DEBUG_LOG(D_MISC, "[POL] Found one token ending at pos [%d].\r\n", i);
190 | bRes = PrintData(pPolDATA);
191 | }
192 |
193 | if (bRes == FALSE)
194 | DEBUG_LOG(D_ERROR, "[POL] unable to print token ending at pos [%d].\r\n", i);
195 |
196 | // Release data
197 | HeapFree(hCrawlerHeap, NULL, pPolDATA->pbData);
198 | HeapFree(hCrawlerHeap, NULL, pPolDATA->pbValue);
199 | HeapFree(hCrawlerHeap, NULL, pPolDATA->pwdSize);
200 | HeapFree(hCrawlerHeap, NULL, pPolDATA->pwdType);
201 | HeapFree(hCrawlerHeap, NULL, pPolDATA->pwKey);
202 | HeapFree(hCrawlerHeap, NULL, pPolDATA);
203 |
204 | bIsTokenFound = FALSE;
205 | bIsDataSizeExtracted = FALSE;
206 | dwSubTokenIndex = 0;
207 | }
208 | }
209 | PrintPolDataFooter(tFilePath);
210 | HeapFree(hCrawlerHeap, NULL, pbPOLDATA);
211 | return TRUE;
212 | }
213 |
214 | BOOL ExtractSubToken(_Inout_ PPOL_DATA pPolDATA, _In_ PBYTE pToken, _In_ INT iSubTokenStartPos, _In_ INT iSubTokenLen, _In_ DWORD dwSubTokenIndex)
215 | {
216 | LPVOID lpDest = NULL;
217 |
218 | lpDest = HeapAlloc(hCrawlerHeap, HEAP_ZERO_MEMORY, sizeof (WCHAR) * (iSubTokenLen));
219 |
220 | if (memcpy_s(lpDest, iSubTokenLen, (pToken + iSubTokenStartPos), iSubTokenLen))
221 | {
222 | DEBUG_LOG(D_ERROR, "Unable to extract token.\r\nExiting now...");
223 | DoExit(D_ERROR);
224 | }
225 |
226 | switch (dwSubTokenIndex)
227 | {
228 | case 0:
229 | pPolDATA->pwKey = (PWCHAR) lpDest;
230 | break;
231 | case 1:
232 | pPolDATA->pbValue = (PBYTE) lpDest;
233 | pPolDATA->dwValueSize = iSubTokenLen;
234 | break;
235 | case 2:
236 | pPolDATA->pwdType = (PDWORD) lpDest;
237 | *pPolDATA->pwdType = (*pPolDATA->pwdType) / 256;
238 | break;
239 | case 3:
240 | pPolDATA->pwdSize = (PDWORD) lpDest;
241 | break;
242 | case 4:
243 | pPolDATA->pbData = (PBYTE) lpDest;
244 | break;
245 | }
246 | return TRUE;
247 | }
--------------------------------------------------------------------------------
/sysvolcrawler/SysvolCrawler/POLParser.h:
--------------------------------------------------------------------------------
1 | /**************************************************
2 | * SysvolCrawler - POLParser.h
3 | * AUTHOR: Luc Delsalle
4 | *
5 | * Parsing engine for .pol file (eg. Registry.pol)
6 | *
7 | * ANSSI/COSSI/DTO/BAI - 2014
8 | ***************************************************/
9 |
10 | #ifndef __POL_PARSER_H__
11 | #define __POL_PARSER_H__
12 |
13 | #include "Common.h"
14 |
15 | //************** *********************
16 | #define POL_PARSER_NAME TEXT("POL parser")
17 | #define POL_MATCHING_FILE_REGEXP TEXT("Registry.pol")
18 | #define POL_MATCHING_FOLDER_REGEXP TEXT("[NON SUPPORTED]")
19 | //************** ********************
20 |
21 | // Gather information from POL file
22 | typedef struct _POL_DATA
23 | {
24 | PTCHAR tFilePath;
25 | PWCHAR pwKey;
26 | PBYTE pbValue;
27 | DWORD dwValueSize;
28 | PDWORD pwdType;
29 | PDWORD pwdSize;
30 | PBYTE pbData;
31 | } POL_DATA, *PPOL_DATA;
32 |
33 | // Forward declaration for printers
34 | extern BOOL PrintData(_In_ PPOL_DATA pPolData);
35 | extern BOOL PrintPolDataHeader(_In_ PTCHAR tFilePath);
36 | extern BOOL PrintPolDataFooter(_In_ PTCHAR tFilePath);
37 |
38 | // Parser registration
39 | VOID RegisterPOLParser(_Inout_ PPARSER_IDENTIFIER *pParserID);
40 | // Entry point for POL
41 | BOOL ParsePolFile(_In_ PTCHAR tFilePath);
42 | // extract token ([key;value;type;size;data]) from pol file
43 | BOOL ParseBodyRegisteryValues(_In_ PHANDLE hPOLFile, _In_ PTCHAR tFilePath);
44 | // extract subtoken ([key;value;type;size;data]) from every token
45 | BOOL ExtractSubToken(_Inout_ PPOL_DATA pPolDATA, _In_ PBYTE pToken, _In_ INT iSubTokenStartPos, _In_ INT iSubTokenLen, _In_ DWORD dwSubTokenIndex);
46 | #endif
--------------------------------------------------------------------------------
/sysvolcrawler/SysvolCrawler/POLPrinter.h:
--------------------------------------------------------------------------------
1 | /**************************************************
2 | * SysvolCrawler - POLPrinter.h
3 | * AUTHOR: Luc Delsalle
4 | *
5 | * Display or export POL file content
6 | *
7 | * ANSSI/COSSI/DTO/BAI - 2014
8 | ***************************************************/
9 |
10 | #ifndef __POLPRINTER_H__
11 | #define __POLPRINTER_H__
12 |
13 | #include "PrinterCommon.h"
14 | #include "POLParser.h"
15 |
16 | //************** *********************
17 | #define OUTPUT_NAME_POL_FILE TEXT("RegistryPolicyFile")
18 | #define OUTPUT_DIRECTORY_POL_FILE TEXT("[Machine||User]")
19 | //************** ********************
20 |
21 | // Generic dispatcher for printers
22 | BOOL PrintData(_In_ PPOL_DATA pPolData);
23 | BOOL PrintPolDataHeader(_In_ PTCHAR tFilePath);
24 | BOOL PrintPolDataFooter(_In_ PTCHAR tFilePath);
25 |
26 | // Printers for file format
27 | BOOL PrintXMLData(_In_ PPOL_DATA pPolData);
28 | BOOL PrintCSVData(_In_ PPOL_DATA pPolData);
29 | BOOL PrintSTDOUTData(_In_ PPOL_DATA pPolData);
30 |
31 | PTCHAR GetTypeFromID(_In_ DWORD dwPolType);
32 | BOOL RemoveEndline(_In_ PTCHAR tString);
33 | #endif
34 |
--------------------------------------------------------------------------------
/sysvolcrawler/SysvolCrawler/PREFERENCESParser.cpp:
--------------------------------------------------------------------------------
1 | /**************************************************
2 | * SysvolCrawler - PREFERENCESParser.c
3 | * AUTHOR: Luc Delsalle
4 | *
5 | * Parsing engine for preferences GPO file store
6 | * in PREFERENCES folder
7 | *
8 | * ANSSI/COSSI/DTO/BAI - 2014
9 | ***************************************************/
10 |
11 | #include "PREFERENCESParser.h"
12 |
13 | VOID RegisterPreferencesParser(_Inout_ PPARSER_IDENTIFIER *pParserID)
14 | {
15 | *pParserID = (PPARSER_IDENTIFIER) HeapAlloc(hCrawlerHeap, HEAP_ZERO_MEMORY, sizeof (PARSER_IDENTIFIER));
16 | if (!pParserID)
17 | {
18 | DEBUG_LOG(D_ERROR, "Unable to allocate PARSER_IDENTIFIER structure.\r\nExiting now...");
19 | DoExit(D_ERROR);
20 | }
21 |
22 | (*pParserID)->tParserName = PREFERENCES_PARSER_NAME;
23 | (*pParserID)->tFileMatchingRegExp = NULL;
24 | (*pParserID)->tFolderMatchingRegExp = PREFERENCES_MATCHING_FOLDER_REGEXP;
25 | (*pParserID)->pParserEntryPoint = ParsePreferencesFile;
26 | }
27 |
28 | BOOL ParsePreferencesFile(_In_ PTCHAR tFilePath)
29 | {
30 | PPREFERENCES_FILE_DATA pPreferencesFileData = NULL;
31 | HANDLE hPreferencesFile = INVALID_HANDLE_VALUE;
32 | DWORD dwFileSize = 0, dwNumberOfBytesRead = 0;
33 | PBYTE pbPreferencesFileRawDATA = NULL;
34 |
35 | if (tFilePath == NULL)
36 | {
37 | DEBUG_LOG(D_ERROR, "FILEPATH pointer invalid.\r\nExiting now...");
38 | DoExit(D_ERROR);
39 | }
40 | DEBUG_LOG(D_INFO, "[PREFERENCES] Now handling %ws\r\n", tFilePath);
41 |
42 | pPreferencesFileData = (PPREFERENCES_FILE_DATA) HeapAlloc(hCrawlerHeap, HEAP_ZERO_MEMORY, sizeof (PREFERENCES_FILE_DATA));
43 | if (!pPreferencesFileData)
44 | {
45 | DEBUG_LOG(D_ERROR, "Unable to allocate IEAK_FILE_DATA structure.\r\nExiting now...");
46 | DoExit(D_ERROR);
47 | }
48 | pPreferencesFileData->dwDataSize = 0;
49 | pPreferencesFileData->pvData = NULL;
50 | pPreferencesFileData->tFilePath = tFilePath;
51 | pPreferencesFileData->dwFileType = PREFERENCES_UNHANDLE_FILE;
52 |
53 | hPreferencesFile = CreateFile_s(tFilePath, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
54 | if (hPreferencesFile == INVALID_HANDLE_VALUE)
55 | {
56 | DEBUG_LOG(D_ERROR, "Unable to open file %ws. ErrorCode: %d.\r\n", tFilePath, GetLastError());
57 | SetLastError(ERROR_ACCESS_DENIED);
58 | return FALSE;
59 | }
60 |
61 | dwFileSize = GetFileSize(hPreferencesFile, NULL);
62 | if (dwFileSize == INVALID_FILE_SIZE)
63 | {
64 | DEBUG_LOG(D_ERROR, "Error during reading FileSize for %ws.\r\nExiting now...", tFilePath);
65 | DoExit(D_ERROR);
66 | }
67 | pPreferencesFileData->dwDataSize = dwFileSize;
68 |
69 | pbPreferencesFileRawDATA = (PBYTE) HeapAlloc(hCrawlerHeap, HEAP_ZERO_MEMORY, sizeof (DWORD) * dwFileSize);
70 | if (pbPreferencesFileRawDATA == NULL)
71 | {
72 | DEBUG_LOG(D_ERROR, "pbPreferencesFileRawDATA pointer invalid.\r\nExiting now...");
73 | DoExit(D_ERROR);
74 | }
75 |
76 | if (!ReadFile(hPreferencesFile, pbPreferencesFileRawDATA, dwFileSize, &dwNumberOfBytesRead, NULL))
77 | {
78 | DEBUG_LOG(D_ERROR, "Unable to read file %ws. ErrorCode: %d.\r\n", tFilePath, GetLastError());
79 | return FALSE;
80 | }
81 | CloseHandle(hPreferencesFile);
82 |
83 | pPreferencesFileData->dwFileType = GetPreferenceFileExtensionID(pPreferencesFileData->tFilePath);
84 |
85 | if (FillPreferencesDataContent(pPreferencesFileData, pbPreferencesFileRawDATA, dwNumberOfBytesRead) == FALSE)
86 | {
87 | DEBUG_LOG(D_ERROR, "Unable to fill data structure for %ws.\r\nExiting now...", tFilePath);
88 | DoExit(D_ERROR);
89 | }
90 | HeapFree(hCrawlerHeap, NULL, pbPreferencesFileRawDATA);
91 |
92 | // Call printers
93 | PrintPreferencesDataHeader(pPreferencesFileData->tFilePath);
94 | PrintData(pPreferencesFileData);
95 | PrintPreferencesDataFooter(pPreferencesFileData->tFilePath);
96 |
97 | // Cleanup
98 | FreePreferencesFileData(pPreferencesFileData);
99 | return TRUE;
100 | }
101 |
102 | BOOL FreePreferencesFileData(_Inout_ PPREFERENCES_FILE_DATA pPreferencesFileData)
103 | {
104 | if (!pPreferencesFileData)
105 | {
106 | DEBUG_LOG(D_ERROR, "PREFERENCES_FILE_DATA pointer is invalid.\r\nExiting now...");
107 | DoExit(D_ERROR);
108 | }
109 |
110 | switch(pPreferencesFileData->dwFileType)
111 | {
112 | case PREFERENCES_INI_FILE:
113 | FreeIniFileData((PINI_FILE_DATA) pPreferencesFileData->pvData);
114 | break;
115 | case PREFERENCES_INF_FILE: // Consider INF file like an INI file
116 | FreeIniFileData((PINI_FILE_DATA) pPreferencesFileData->pvData);
117 | break;
118 | default:
119 | HeapFree(hCrawlerHeap, NULL, pPreferencesFileData->pvData);
120 | break;
121 | }
122 |
123 | if (pPreferencesFileData)
124 | HeapFree(hCrawlerHeap, NULL, pPreferencesFileData);
125 | return TRUE;
126 | }
127 |
128 | PREFERENCES_FILE_EXTENSION GetPreferenceFileExtensionID(_In_ PTCHAR tFilePath)
129 | {
130 | PTCHAR tFileName = NULL;
131 | PTCHAR tFileExtension = NULL;
132 |
133 | if (!tFilePath)
134 | {
135 | DEBUG_LOG(D_ERROR, "FILEPATH pointer invalid.\r\nExiting now...");
136 | DoExit(D_ERROR);
137 | }
138 |
139 | tFileName = rstrstr(tFilePath, TEXT("\\"));
140 | if (!tFileName)
141 | {
142 | DEBUG_LOG(D_WARNING, "The file %ws doesn't seems to be hosted in a proper sysvol folder.\r\n", tFilePath);
143 | tFileName = tFilePath;
144 | }
145 | else
146 | tFileName++;
147 |
148 | tFileExtension = rstrstr(tFileName, TEXT("."));
149 | if (!tFileExtension)
150 | {
151 | DEBUG_LOG(D_WARNING, "The filename %ws doesn't seems to have a well-kwnown extension.\r\n", tFileName);
152 | tFileExtension = tFileName;
153 | }
154 | else
155 | tFileExtension++;
156 |
157 | if (!_tcscmp(tFileExtension, PREFERENCES_INI_FILE_EXTENSION))
158 | return PREFERENCES_INI_FILE;
159 | else if (!_tcscmp(tFileExtension, PREFERENCES_INF_FILE_EXTENSION))
160 | return PREFERENCES_INF_FILE;
161 | else
162 | return PREFERENCES_UNHANDLE_FILE;
163 | }
164 |
165 | BOOL FillPreferencesDataContent(_Inout_ PPREFERENCES_FILE_DATA pPreferencesFileData, _In_ PBYTE pbPreferencesFileRawDATA, _In_ DWORD dwPreferencesFileRawDATALen)
166 | {
167 | if (!pPreferencesFileData || !pbPreferencesFileRawDATA)
168 | {
169 | DEBUG_LOG(D_ERROR, "PREFERENCES_FILE_DATA pointer or raw data invalid.\r\nExiting now...");
170 | DoExit(D_ERROR);
171 | }
172 |
173 | switch(pPreferencesFileData->dwFileType)
174 | {
175 | case PREFERENCES_INI_FILE:
176 | return FillIniDataContent(pPreferencesFileData, pbPreferencesFileRawDATA, dwPreferencesFileRawDATALen);
177 | break;
178 | case PREFERENCES_INF_FILE: // Consider INF file like an INI file
179 | return FillIniDataContent(pPreferencesFileData, pbPreferencesFileRawDATA, dwPreferencesFileRawDATALen);
180 | break;
181 | default:
182 | return FillDefaultDataContent(pPreferencesFileData, pbPreferencesFileRawDATA, dwPreferencesFileRawDATALen);
183 | break;
184 | }
185 |
186 | return TRUE;
187 | }
188 |
189 | BOOL FillIniDataContent(_Inout_ PPREFERENCES_FILE_DATA pPreferencesFileData, _In_ PBYTE pbPreferencesFileRawDATA, _In_ DWORD dwPreferencesFileRawDATALen)
190 | {
191 | PINI_FILE_DATA pGenericIniFileData = NULL;
192 |
193 | if (!pPreferencesFileData || !pbPreferencesFileRawDATA)
194 | {
195 | DEBUG_LOG(D_ERROR, "IEAK_FILE_DATA pointer or raw data invalid.\r\nExiting now...");
196 | DoExit(D_ERROR);
197 | }
198 |
199 | if (IsIniFileWcharEncoded(pbPreferencesFileRawDATA, dwPreferencesFileRawDATALen) == FALSE)
200 | {
201 | // in case of ANSI file, we need to convert it in WCHAR
202 | pbPreferencesFileRawDATA = (PBYTE) CStrToPtchar(pbPreferencesFileRawDATA, dwPreferencesFileRawDATALen);
203 | dwPreferencesFileRawDATALen *= sizeof (WCHAR);
204 | if (!pbPreferencesFileRawDATA)
205 | {
206 | DEBUG_LOG(D_ERROR, "Unable to convert file %ws to WideChar.\r\n", pPreferencesFileData->tFilePath);
207 | return FALSE;
208 | }
209 | }
210 | else
211 | // In case of WHAR file, we simply skip the BOM
212 | pbPreferencesFileRawDATA +=2;
213 |
214 | pGenericIniFileData = ParseIniFile((PWCHAR) pbPreferencesFileRawDATA, dwPreferencesFileRawDATALen, pPreferencesFileData->tFilePath);
215 | if (!pGenericIniFileData)
216 | {
217 | DEBUG_LOG(D_ERROR, "Unable to parse generic PREFERENCES file : %ws.\r\nExiting now...", pPreferencesFileData->tFilePath);
218 | DoExit(D_ERROR);
219 | }
220 | pPreferencesFileData->pvData = (PVOID) pGenericIniFileData;
221 | pPreferencesFileData->dwDataSize = sizeof(INI_FILE_DATA);
222 |
223 | return TRUE;
224 | }
225 |
226 | BOOL FillDefaultDataContent(_Inout_ PPREFERENCES_FILE_DATA pPreferencesFileData, _In_ PBYTE pbPreferencesFileRawDATA, _In_ DWORD dwPreferencesFileRawDATALen)
227 | {
228 | PBYTE pbRawData = NULL;
229 |
230 | if (!pPreferencesFileData || !pbPreferencesFileRawDATA)
231 | {
232 | DEBUG_LOG(D_ERROR, "IEAK_FILE_DATA pointer or raw data invalid.\r\nExiting now...");
233 | DoExit(D_ERROR);
234 | }
235 |
236 | pbRawData = (PBYTE) HeapAlloc(hCrawlerHeap, NULL, (dwPreferencesFileRawDATALen) * sizeof(BYTE));
237 | if (!pbRawData)
238 | {
239 | DEBUG_LOG(D_ERROR, "pbRawData pointer invalid.\r\nExiting now...");
240 | DoExit(D_ERROR);
241 | }
242 |
243 | if (memcpy_s(pbRawData, sizeof (BYTE) * dwPreferencesFileRawDATALen, pbPreferencesFileRawDATA, sizeof (BYTE) * dwPreferencesFileRawDATALen))
244 | {
245 | DEBUG_LOG(D_ERROR, "Unable to extract ID.\r\nExiting now...");
246 | DoExit(D_ERROR);
247 | }
248 | pPreferencesFileData->pvData = pbRawData;
249 | pPreferencesFileData->dwDataSize = dwPreferencesFileRawDATALen;
250 |
251 | return TRUE;
252 | }
--------------------------------------------------------------------------------
/sysvolcrawler/SysvolCrawler/PREFERENCESParser.h:
--------------------------------------------------------------------------------
1 | /**************************************************
2 | * SysvolCrawler - PREFERENCESParser.h
3 | * AUTHOR: Luc Delsalle
4 | *
5 | * Parsing engine for preferences GPO file store
6 | * in PREFERENCES folder
7 | *
8 | * ANSSI/COSSI/DTO/BAI - 2014
9 | ***************************************************/
10 |
11 | #ifndef __PREFERENCES_PARSER_H__
12 | #define __PREFERENCES_PARSER_H__
13 |
14 | #include "Common.h"
15 | #include "INIGenericParser.h"
16 |
17 | //************** *********************
18 | #define PREFERENCES_PARSER_NAME TEXT("IEAK files handler")
19 | #define PREFERENCES_MATCHING_FILE_REGEXP TEXT("[NON SUPPORTED]")
20 | #define PREFERENCES_MATCHING_FOLDER_REGEXP TEXT("*\\Preferences\\*")
21 | //************** ********************
22 |
23 | typedef DWORD PREFERENCES_FILE_EXTENSION;
24 | #define PREFERENCES_UNHANDLE_FILE 0
25 | #define PREFERENCES_INI_FILE 1
26 | #define PREFERENCES_INF_FILE 2
27 |
28 | #define PREFERENCES_INI_FILE_EXTENSION TEXT("ini")
29 | #define PREFERENCES_INF_FILE_EXTENSION TEXT("inf")
30 |
31 | //******* ******
32 | // Gather generic information from PREFERENCES files
33 | typedef struct _PREFERENCES_FILE_DATA
34 | {
35 | PWCHAR tFilePath;
36 | PREFERENCES_FILE_EXTENSION dwFileType;
37 |
38 | DWORD dwDataSize;
39 | PVOID pvData;
40 | } PREFERENCES_FILE_DATA, *PPREFERENCES_FILE_DATA;
41 | //****** ******
42 |
43 | // Forward declaration for printers
44 | extern BOOL PrintData(_In_ PPREFERENCES_FILE_DATA pMiscData);
45 | extern BOOL PrintPreferencesDataHeader(_In_ PTCHAR tFilePath);
46 | extern BOOL PrintPreferencesDataFooter(_In_ PTCHAR tFilePath);
47 |
48 | // Parser registration
49 | VOID RegisterPreferencesParser(_Inout_ PPARSER_IDENTIFIER *pParserID);
50 | BOOL ParsePreferencesFile(_In_ PTCHAR tFilePath);
51 | BOOL FreePreferencesFileData(_Inout_ PPREFERENCES_FILE_DATA pPreferencesFileData);
52 |
53 | // Determine whuich type of file we wanna parse
54 | PREFERENCES_FILE_EXTENSION GetPreferenceFileExtensionID(_In_ PTCHAR tFilePath);
55 | // Extract PREFERENCES file data and size
56 | BOOL FillPreferencesDataContent(_Inout_ PPREFERENCES_FILE_DATA pPreferencesFileData, _In_ PBYTE pbPreferencesFileRawDATA, _In_ DWORD dwPreferencesFileRawDATALen);
57 | // Parse IEAK file as ini file
58 | BOOL FillIniDataContent(_Inout_ PPREFERENCES_FILE_DATA pPreferencesFileData, _In_ PBYTE pbPreferencesFileRawDATA, _In_ DWORD dwPreferencesFileRawDATALen);
59 | // Parse IEAK file as raw data (need parser implementation for that type of file)
60 | BOOL FillDefaultDataContent(_Inout_ PPREFERENCES_FILE_DATA pPreferencesFileData, _In_ PBYTE pbPreferencesFileRawDATA, _In_ DWORD dwPreferencesFileRawDATALen);
61 |
62 | /*****************************************************************
63 | * HOW TO add new PREFERENCES file parser
64 | * 1 - Specify new extension id and file extension in header file:
65 | * PREFERENCES_INI_FILE_EXTENSION & PREFERENCES_XXX_FILE_EXTENSION
66 | *
67 | * 2 - Add switch case in GetFileExtensionID function and implement
68 | * dedicated allocation function (eg. FillXXXDataContent)
69 | *
70 | * 3 - Fill FillPreferencesDataContent function for the new type of
71 | * file
72 | *
73 | * 4 - Add memory release code in FreePreferencesFileData function
74 | *****************************************************************/
75 | #endif
--------------------------------------------------------------------------------
/sysvolcrawler/SysvolCrawler/PREFERENCESPrinter.h:
--------------------------------------------------------------------------------
1 | /**************************************************
2 | * SysvolCrawler - PREFERENCESPrinter.h
3 | * AUTHOR: Luc Delsalle
4 | *
5 | * Display or export preferences GPO file data
6 | *
7 | * ANSSI/COSSI/DTO/BAI - 2014
8 | ***************************************************/
9 |
10 | #ifndef __PREFERENCESPRINTER_H__
11 | #define __PREFERENCESPRINTER_H__
12 |
13 | #include "Common.h"
14 | #include "PrinterCommon.h"
15 | #include "PREFERENCESParser.h"
16 | #include "INIGenericPrinter.h"
17 |
18 | //************** *********************
19 | #define OUTPUT_NAME_PREFERENCES_FOLDER TEXT("PREFERENCESFileFolder")
20 | #define OUTPUT_DIRECTORY_PREFERENCES_FOLDER TEXT("[Machine||User]")
21 | //************** ********************
22 |
23 | // Generic dispatcher for printers
24 | BOOL PrintData(_In_ PPREFERENCES_FILE_DATA pPreferencesFileData);
25 | BOOL PrintPreferencesDataHeader(_In_ PTCHAR tFilePath);
26 | BOOL PrintPreferencesDataFooter(_In_ PTCHAR tFilePath);
27 |
28 | // Printers for file format
29 | BOOL PrintXMLData(_In_ PPREFERENCES_FILE_DATA pPreferencesFileData);
30 | BOOL PrintCSVData(_In_ PPREFERENCES_FILE_DATA pPreferencesFileData);
31 | BOOL PrintSTDOUTData(_In_ PPREFERENCES_FILE_DATA pPreferencesFileData);
32 |
33 | BOOL PrintXMLRawData(_In_ PPREFERENCES_FILE_DATA pPreferencesFileData, _In_ HANDLE hXMLFile);
34 | BOOL PrintXMLIniData(_In_ PPREFERENCES_FILE_DATA pPreferencesFileData, _In_ HANDLE hXMLFile);
35 | BOOL PrintCSVRawData(_In_ PPREFERENCES_FILE_DATA pPreferencesFileData, _In_ HANDLE hCSVFile);
36 | BOOL PrintCSVIniData(_In_ PPREFERENCES_FILE_DATA pPreferencesFileData, _In_ HANDLE hCSVFile);
37 | BOOL PrintSTDOUTRawData(_In_ PPREFERENCES_FILE_DATA pPreferencesFileData);
38 | BOOL PrintSTDOUTIniData(_In_ PPREFERENCES_FILE_DATA pPreferencesFileData);
39 |
40 | /*****************************************************************
41 | * HOW TO add new PREFERENCES file printer
42 | * 1 - Add switch case in PrintXMLData, PrintCSVData and
43 | * PrintSTDOUTData method
44 | *
45 | * 2 - Implement new printing functions: PrintXMLXXXData,
46 | * PrintCSVXXXData and PrintSTDOUTXXXData
47 | *****************************************************************/
48 | #endif
--------------------------------------------------------------------------------
/sysvolcrawler/SysvolCrawler/PrinterCommon.h:
--------------------------------------------------------------------------------
1 | /**************************************************
2 | * SysvolCrawler - PrinterCommon.h
3 | * AUTHOR: Luc Delsalle
4 | *
5 | * Common functions for printers
6 | *
7 | * ANSSI/COSSI/DTO/BAI - 2014
8 | ***************************************************/
9 |
10 | #ifndef __PRINTERCOMMON_H__
11 | #define __PRINTERCOMMON_H__
12 |
13 | #include "Common.h"
14 | #include
15 |
16 | // Define the filename of printer output
17 | typedef PTCHAR OUTPUT_FILE_NAME;
18 |
19 | // Define output folder
20 | typedef PTCHAR OUTPUT_DIRECTORY_NAME;
21 |
22 | // Define printer file format
23 | typedef DWORD OUTPUT_FILE_TYPE;
24 | #define OUTPUT_FILE_XML 0
25 | #define OUTPUT_FILE_CSV 1
26 | #define OUTPUT_FILE_STDOUT 2
27 |
28 | // XML caracters to escape
29 | #define XML_TOESCAPE_CHAR_NUMB 5
30 | #define XML_TOESCAPE_CHAR {TEXT('"'),TEXT('\''), TEXT('<'), TEXT('>'), TEXT('&')}
31 | #define XML_ESCAPED_CHAR {TEXT("""),TEXT("'"), TEXT("<"), TEXT(">"), TEXT("&")}
32 | #define CSV_TOESCAPE_CHAR TEXT(';')
33 | #define CSV_ESCAPED_CHAR TEXT("\"\"")
34 |
35 | // Open and retrieve handle for printer file
36 | HANDLE GetFileHandle(_In_ OUTPUT_FILE_TYPE dwOutputFileType, _In_ OUTPUT_DIRECTORY_NAME tOutputDirectoryName, _In_ OUTPUT_FILE_NAME tOutputFileName);
37 | PTCHAR GetBase64FromByte(_In_ PBYTE pbData, _In_ DWORD dwDataSize);
38 | PTCHAR EscapeXMLString(_In_ PTCHAR tXmlStringToEscape);
39 | PTCHAR EscapeCSVString(_In_ PTCHAR tCsvStringToEscape);
40 | VOID CloseXMLRootElement(_In_ PTCHAR tPath);
41 |
42 | #endif
--------------------------------------------------------------------------------
/sysvolcrawler/SysvolCrawler/SCRIPTSiniParser.h:
--------------------------------------------------------------------------------
1 | /**************************************************
2 | * SysvolCrawler - SCRIPTSiniParser.h
3 | * AUTHOR: Luc Delsalle
4 | *
5 | * Parsing engine for scripts.ini file
6 | *
7 | * ANSSI/COSSI/DTO/BAI - 2014
8 | ***************************************************/
9 |
10 | #ifndef __SCRIPTSINIPARSER_H__
11 | #define __SCRIPTSINIPARSER_H__
12 |
13 | #include "Common.h"
14 | #include "INIGenericParser.h"
15 |
16 | //************** *********************
17 | #define SCRIPTSINI_PARSER_NAME TEXT("scripts.ini parser")
18 | #define SCRIPTSINI_MATCHING_FILE_REGEXP TEXT("scripts.ini")
19 | #define SCRIPTSINI_MATCHING_FOLDER_REGEXP TEXT("[NON SUPPORTED]")
20 | //************** ********************
21 |
22 | //******* ******
23 | typedef struct _SCRIPTSINI_ACTION_DATA
24 | {
25 | PTCHAR tCmdLine;
26 | PTCHAR tParameters;
27 | } SCRIPTSINI_ACTION_DATA, *PSCRIPTSINI_ACTION_DATA;
28 |
29 | typedef struct _SCRIPTSINI_FILE_DATA
30 | {
31 | PWCHAR tFilePath;
32 |
33 | DWORD dwLogonScriptNum;
34 | PSCRIPTSINI_ACTION_DATA pLogonScripts[MAX_INI_PROPERTIES];
35 |
36 | DWORD dwLogoffScriptNum;
37 | PSCRIPTSINI_ACTION_DATA pLogoffScripts[MAX_INI_PROPERTIES];
38 |
39 | DWORD dwStartupScriptNum;
40 | PSCRIPTSINI_ACTION_DATA pStartupScripts[MAX_INI_PROPERTIES];
41 |
42 | DWORD dwShutdownScriptNum;
43 | PSCRIPTSINI_ACTION_DATA pShutdownScripts[MAX_INI_PROPERTIES];
44 |
45 | DWORD dwNumberOfUnReferrencedSections;
46 | PINI_SECTION_DATA pUnReferrencedSections[MAX_INI_SECTIONS];
47 | } SCRIPTSINI_FILE_DATA, *PSCRIPTSINI_FILE_DATA;
48 | //****** ******
49 |
50 | #define SCRIPTS_LOGON_SECTION TEXT("Logon")
51 | #define SCRIPTS_LOGOFF_SECTION TEXT("Logoff")
52 | #define SCRIPTS_STARTUP_SECTION TEXT("Startup")
53 | #define SCRIPTS_SHUTDOWN_SECTION TEXT("Shutdown")
54 |
55 | #define SCRIPTS_CMDLINE_PROPERTY_NAME TEXT("CmdLine")
56 | #define SCRIPTS_PARAM_PROPERTY_NAME TEXT("Parameters")
57 |
58 | typedef DWORD SCRIPTS_SECTION_ID;
59 | #define SCRIPTS_LOGON_SECTION_ID 0x1
60 | #define SCRIPTS_LOGOFF_SECTION_ID 0x2
61 | #define SCRIPTS_STARTUP_SECTION_ID 0x3
62 | #define SCRIPTS_SHUTDOWN_SECTION_ID 0x4
63 |
64 | // Forward declaration for printers
65 | extern BOOL PrintData(_In_ PSCRIPTSINI_FILE_DATA pScriptsIniData);
66 | extern BOOL PrintScriptsIniDataHeader(_In_ PTCHAR tFilePath);
67 | extern BOOL PrintScriptsIniDataFooter(_In_ PTCHAR tFilePath);
68 |
69 | // Parser registration
70 | VOID RegisterScriptsIniParser(_Inout_ PPARSER_IDENTIFIER *pParserID);
71 | // Entry point for scripts.ini file
72 | BOOL ParseScriptsIniFile(_In_ PTCHAR tFilePath);
73 | BOOL FreeScriptsIniFileData(_Inout_ PSCRIPTSINI_FILE_DATA pScriptsIniFileData);
74 |
75 | // internal functions
76 | BOOL FillScriptsIniMethods(_Inout_ PSCRIPTSINI_FILE_DATA pScriptsIniFileData, _In_ PINI_FILE_DATA pGenericIniFileData);
77 | BOOL FillScriptsIniMethodsActions(_Inout_ PSCRIPTSINI_FILE_DATA pScriptsIniFileData, _In_ PINI_SECTION_DATA pGenericIniSection, _In_ DWORD dwSectionNumb, _In_ SCRIPTS_SECTION_ID dwSectionID);
78 |
79 | #endif
--------------------------------------------------------------------------------
/sysvolcrawler/SysvolCrawler/SCRIPTSiniPrinter.h:
--------------------------------------------------------------------------------
1 | /**************************************************
2 | * SysvolCrawler - SCRIPTSiniPrinter.h
3 | * AUTHOR: Luc Delsalle
4 | *
5 | * Display or export scripts.ini file content
6 | *
7 | * ANSSI/COSSI/DTO/BAI - 2014
8 | ***************************************************/
9 |
10 | #ifndef __SCRIPTSINIPPRINTER_H__
11 | #define __SCRIPTSINIPPRINTER_H__
12 |
13 | #include "Common.h"
14 | #include "PrinterCommon.h"
15 | #include "SCRIPTSiniParser.h"
16 |
17 | //************** *********************
18 | #define OUTPUT_NAME_SCRIPTS_INI TEXT("SCRIPTSiniFiles")
19 | #define OUTPUT_DIRECTORY_SCRIPTS_INI TEXT("[Machine||User]")
20 | //************** ********************
21 |
22 | // Generic dispatcher for printers
23 | BOOL PrintData(_In_ PSCRIPTSINI_FILE_DATA pScriptsIniData);
24 | BOOL PrintScriptsIniDataHeader(_In_ PTCHAR tFilePath);
25 | BOOL PrintScriptsIniDataFooter(_In_ PTCHAR tFilePath);
26 |
27 | // Printers for file format
28 | BOOL PrintXMLData(_In_ PSCRIPTSINI_FILE_DATA pScriptsIniData);
29 | BOOL PrintXMLUnreferencedSectionData(_In_ PINI_SECTION_DATA pSectionData, _In_ HANDLE hXMLFile);
30 | BOOL PrintCSVData(_In_ PSCRIPTSINI_FILE_DATA pScriptsIniData);
31 | BOOL PrintSTDOUTData(_In_ PSCRIPTSINI_FILE_DATA pScriptsIniData);
32 |
33 | #endif
--------------------------------------------------------------------------------
/sysvolcrawler/SysvolCrawler/x64/Debug/AASParser.obj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gtworek/SysvolExplorer/aa2d809d0390aa07f137aca08fa9a39998e6ef5f/sysvolcrawler/SysvolCrawler/x64/Debug/AASParser.obj
--------------------------------------------------------------------------------
/sysvolcrawler/SysvolCrawler/x64/Debug/AASPrinter.obj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gtworek/SysvolExplorer/aa2d809d0390aa07f137aca08fa9a39998e6ef5f/sysvolcrawler/SysvolCrawler/x64/Debug/AASPrinter.obj
--------------------------------------------------------------------------------
/sysvolcrawler/SysvolCrawler/x64/Debug/ADMFILESiniParser.obj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gtworek/SysvolExplorer/aa2d809d0390aa07f137aca08fa9a39998e6ef5f/sysvolcrawler/SysvolCrawler/x64/Debug/ADMFILESiniParser.obj
--------------------------------------------------------------------------------
/sysvolcrawler/SysvolCrawler/x64/Debug/ADMFILESiniPrinter.obj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gtworek/SysvolExplorer/aa2d809d0390aa07f137aca08fa9a39998e6ef5f/sysvolcrawler/SysvolCrawler/x64/Debug/ADMFILESiniPrinter.obj
--------------------------------------------------------------------------------
/sysvolcrawler/SysvolCrawler/x64/Debug/ADMParser.obj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gtworek/SysvolExplorer/aa2d809d0390aa07f137aca08fa9a39998e6ef5f/sysvolcrawler/SysvolCrawler/x64/Debug/ADMParser.obj
--------------------------------------------------------------------------------
/sysvolcrawler/SysvolCrawler/x64/Debug/ADMPrinter.obj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gtworek/SysvolExplorer/aa2d809d0390aa07f137aca08fa9a39998e6ef5f/sysvolcrawler/SysvolCrawler/x64/Debug/ADMPrinter.obj
--------------------------------------------------------------------------------
/sysvolcrawler/SysvolCrawler/x64/Debug/Common.obj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gtworek/SysvolExplorer/aa2d809d0390aa07f137aca08fa9a39998e6ef5f/sysvolcrawler/SysvolCrawler/x64/Debug/Common.obj
--------------------------------------------------------------------------------
/sysvolcrawler/SysvolCrawler/x64/Debug/DACLParser.obj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gtworek/SysvolExplorer/aa2d809d0390aa07f137aca08fa9a39998e6ef5f/sysvolcrawler/SysvolCrawler/x64/Debug/DACLParser.obj
--------------------------------------------------------------------------------
/sysvolcrawler/SysvolCrawler/x64/Debug/DACLPrinter.obj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gtworek/SysvolExplorer/aa2d809d0390aa07f137aca08fa9a39998e6ef5f/sysvolcrawler/SysvolCrawler/x64/Debug/DACLPrinter.obj
--------------------------------------------------------------------------------
/sysvolcrawler/SysvolCrawler/x64/Debug/DENIEDParser.obj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gtworek/SysvolExplorer/aa2d809d0390aa07f137aca08fa9a39998e6ef5f/sysvolcrawler/SysvolCrawler/x64/Debug/DENIEDParser.obj
--------------------------------------------------------------------------------
/sysvolcrawler/SysvolCrawler/x64/Debug/DENIEDPrinter.obj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gtworek/SysvolExplorer/aa2d809d0390aa07f137aca08fa9a39998e6ef5f/sysvolcrawler/SysvolCrawler/x64/Debug/DENIEDPrinter.obj
--------------------------------------------------------------------------------
/sysvolcrawler/SysvolCrawler/x64/Debug/Dispatcher.obj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gtworek/SysvolExplorer/aa2d809d0390aa07f137aca08fa9a39998e6ef5f/sysvolcrawler/SysvolCrawler/x64/Debug/Dispatcher.obj
--------------------------------------------------------------------------------
/sysvolcrawler/SysvolCrawler/x64/Debug/FDEPLOYiniParser.obj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gtworek/SysvolExplorer/aa2d809d0390aa07f137aca08fa9a39998e6ef5f/sysvolcrawler/SysvolCrawler/x64/Debug/FDEPLOYiniParser.obj
--------------------------------------------------------------------------------
/sysvolcrawler/SysvolCrawler/x64/Debug/FDEPLOYiniPrinter.obj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gtworek/SysvolExplorer/aa2d809d0390aa07f137aca08fa9a39998e6ef5f/sysvolcrawler/SysvolCrawler/x64/Debug/FDEPLOYiniPrinter.obj
--------------------------------------------------------------------------------
/sysvolcrawler/SysvolCrawler/x64/Debug/GPEiniParser.obj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gtworek/SysvolExplorer/aa2d809d0390aa07f137aca08fa9a39998e6ef5f/sysvolcrawler/SysvolCrawler/x64/Debug/GPEiniParser.obj
--------------------------------------------------------------------------------
/sysvolcrawler/SysvolCrawler/x64/Debug/GPEiniPrinter.obj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gtworek/SysvolExplorer/aa2d809d0390aa07f137aca08fa9a39998e6ef5f/sysvolcrawler/SysvolCrawler/x64/Debug/GPEiniPrinter.obj
--------------------------------------------------------------------------------
/sysvolcrawler/SysvolCrawler/x64/Debug/GPTiniParser.obj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gtworek/SysvolExplorer/aa2d809d0390aa07f137aca08fa9a39998e6ef5f/sysvolcrawler/SysvolCrawler/x64/Debug/GPTiniParser.obj
--------------------------------------------------------------------------------
/sysvolcrawler/SysvolCrawler/x64/Debug/GPTiniPrinter.obj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gtworek/SysvolExplorer/aa2d809d0390aa07f137aca08fa9a39998e6ef5f/sysvolcrawler/SysvolCrawler/x64/Debug/GPTiniPrinter.obj
--------------------------------------------------------------------------------
/sysvolcrawler/SysvolCrawler/x64/Debug/IEAKParser.obj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gtworek/SysvolExplorer/aa2d809d0390aa07f137aca08fa9a39998e6ef5f/sysvolcrawler/SysvolCrawler/x64/Debug/IEAKParser.obj
--------------------------------------------------------------------------------
/sysvolcrawler/SysvolCrawler/x64/Debug/IEAKPrinter.obj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gtworek/SysvolExplorer/aa2d809d0390aa07f137aca08fa9a39998e6ef5f/sysvolcrawler/SysvolCrawler/x64/Debug/IEAKPrinter.obj
--------------------------------------------------------------------------------
/sysvolcrawler/SysvolCrawler/x64/Debug/INFParser.obj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gtworek/SysvolExplorer/aa2d809d0390aa07f137aca08fa9a39998e6ef5f/sysvolcrawler/SysvolCrawler/x64/Debug/INFParser.obj
--------------------------------------------------------------------------------
/sysvolcrawler/SysvolCrawler/x64/Debug/INFPrinter.obj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gtworek/SysvolExplorer/aa2d809d0390aa07f137aca08fa9a39998e6ef5f/sysvolcrawler/SysvolCrawler/x64/Debug/INFPrinter.obj
--------------------------------------------------------------------------------
/sysvolcrawler/SysvolCrawler/x64/Debug/INIGenericParser.obj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gtworek/SysvolExplorer/aa2d809d0390aa07f137aca08fa9a39998e6ef5f/sysvolcrawler/SysvolCrawler/x64/Debug/INIGenericParser.obj
--------------------------------------------------------------------------------
/sysvolcrawler/SysvolCrawler/x64/Debug/INIGenericPrinter.obj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gtworek/SysvolExplorer/aa2d809d0390aa07f137aca08fa9a39998e6ef5f/sysvolcrawler/SysvolCrawler/x64/Debug/INIGenericPrinter.obj
--------------------------------------------------------------------------------
/sysvolcrawler/SysvolCrawler/x64/Debug/LDAPCrawler.obj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gtworek/SysvolExplorer/aa2d809d0390aa07f137aca08fa9a39998e6ef5f/sysvolcrawler/SysvolCrawler/x64/Debug/LDAPCrawler.obj
--------------------------------------------------------------------------------
/sysvolcrawler/SysvolCrawler/x64/Debug/LDAPPrinter.obj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gtworek/SysvolExplorer/aa2d809d0390aa07f137aca08fa9a39998e6ef5f/sysvolcrawler/SysvolCrawler/x64/Debug/LDAPPrinter.obj
--------------------------------------------------------------------------------
/sysvolcrawler/SysvolCrawler/x64/Debug/MISCParser.obj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gtworek/SysvolExplorer/aa2d809d0390aa07f137aca08fa9a39998e6ef5f/sysvolcrawler/SysvolCrawler/x64/Debug/MISCParser.obj
--------------------------------------------------------------------------------
/sysvolcrawler/SysvolCrawler/x64/Debug/MISCPrinter.obj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gtworek/SysvolExplorer/aa2d809d0390aa07f137aca08fa9a39998e6ef5f/sysvolcrawler/SysvolCrawler/x64/Debug/MISCPrinter.obj
--------------------------------------------------------------------------------
/sysvolcrawler/SysvolCrawler/x64/Debug/Main.obj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gtworek/SysvolExplorer/aa2d809d0390aa07f137aca08fa9a39998e6ef5f/sysvolcrawler/SysvolCrawler/x64/Debug/Main.obj
--------------------------------------------------------------------------------
/sysvolcrawler/SysvolCrawler/x64/Debug/POLParser.obj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gtworek/SysvolExplorer/aa2d809d0390aa07f137aca08fa9a39998e6ef5f/sysvolcrawler/SysvolCrawler/x64/Debug/POLParser.obj
--------------------------------------------------------------------------------
/sysvolcrawler/SysvolCrawler/x64/Debug/POLPrinter.obj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gtworek/SysvolExplorer/aa2d809d0390aa07f137aca08fa9a39998e6ef5f/sysvolcrawler/SysvolCrawler/x64/Debug/POLPrinter.obj
--------------------------------------------------------------------------------
/sysvolcrawler/SysvolCrawler/x64/Debug/PREFERENCESParser.obj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gtworek/SysvolExplorer/aa2d809d0390aa07f137aca08fa9a39998e6ef5f/sysvolcrawler/SysvolCrawler/x64/Debug/PREFERENCESParser.obj
--------------------------------------------------------------------------------
/sysvolcrawler/SysvolCrawler/x64/Debug/PREFERENCESPrinter.obj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gtworek/SysvolExplorer/aa2d809d0390aa07f137aca08fa9a39998e6ef5f/sysvolcrawler/SysvolCrawler/x64/Debug/PREFERENCESPrinter.obj
--------------------------------------------------------------------------------
/sysvolcrawler/SysvolCrawler/x64/Debug/PrinterCommon.obj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gtworek/SysvolExplorer/aa2d809d0390aa07f137aca08fa9a39998e6ef5f/sysvolcrawler/SysvolCrawler/x64/Debug/PrinterCommon.obj
--------------------------------------------------------------------------------
/sysvolcrawler/SysvolCrawler/x64/Debug/SCRIPTSiniParser.obj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gtworek/SysvolExplorer/aa2d809d0390aa07f137aca08fa9a39998e6ef5f/sysvolcrawler/SysvolCrawler/x64/Debug/SCRIPTSiniParser.obj
--------------------------------------------------------------------------------
/sysvolcrawler/SysvolCrawler/x64/Debug/SCRIPTSiniPrinter.obj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gtworek/SysvolExplorer/aa2d809d0390aa07f137aca08fa9a39998e6ef5f/sysvolcrawler/SysvolCrawler/x64/Debug/SCRIPTSiniPrinter.obj
--------------------------------------------------------------------------------
/sysvolcrawler/SysvolCrawler/x64/Debug/SysvolCrawler.log:
--------------------------------------------------------------------------------
1 | AASParser.cpp
2 | AASPrinter.cpp
3 | ADMParser.cpp
4 | ADMPrinter.cpp
5 | DACLParser.cpp
6 | DACLPrinter.cpp
7 | ADMFILESiniParser.cpp
8 | ADMFILESiniPrinter.cpp
9 | Common.cpp
10 | DENIEDParser.cpp
11 | DENIEDPrinter.cpp
12 | Dispatcher.cpp
13 | FDEPLOYiniParser.cpp
14 | FDEPLOYiniPrinter.cpp
15 | GPEiniParser.cpp
16 | GPEiniPrinter.cpp
17 | GPTiniParser.cpp
18 | GPTiniPrinter.cpp
19 | IEAKParser.cpp
20 | IEAKPrinter.cpp
21 | Generating Code...
22 | Compiling...
23 | INFParser.cpp
24 | INFPrinter.cpp
25 | INIGenericParser.cpp
26 | INIGenericPrinter.cpp
27 | LDAPCrawler.cpp
28 | C:\Users\GrzegorzTworek\source\repos\gtworek\SysvolExplorer\sysvolcrawler\SysvolCrawler\LDAPCrawler.cpp(20,33): warning C4311: 'type cast': pointer truncation from 'void *' to 'ULONG'
29 | C:\Users\GrzegorzTworek\source\repos\gtworek\SysvolExplorer\sysvolcrawler\SysvolCrawler\LDAPCrawler.cpp(20,33): warning C4302: 'type cast': truncation from 'void *' to 'ULONG'
30 | C:\Users\GrzegorzTworek\source\repos\gtworek\SysvolExplorer\sysvolcrawler\SysvolCrawler\LDAPCrawler.cpp(254,66): warning C4311: 'type cast': pointer truncation from 'wchar_t *' to 'DWORD'
31 | C:\Users\GrzegorzTworek\source\repos\gtworek\SysvolExplorer\sysvolcrawler\SysvolCrawler\LDAPCrawler.cpp(254,66): warning C4302: 'type cast': truncation from 'wchar_t *' to 'DWORD'
32 | C:\Users\GrzegorzTworek\source\repos\gtworek\SysvolExplorer\sysvolcrawler\SysvolCrawler\LDAPCrawler.cpp(254,94): warning C4311: 'type cast': pointer truncation from 'PTCHAR' to 'DWORD'
33 | C:\Users\GrzegorzTworek\source\repos\gtworek\SysvolExplorer\sysvolcrawler\SysvolCrawler\LDAPCrawler.cpp(254,94): warning C4302: 'type cast': truncation from 'PTCHAR' to 'DWORD'
34 | C:\Users\GrzegorzTworek\source\repos\gtworek\SysvolExplorer\sysvolcrawler\SysvolCrawler\LDAPCrawler.cpp(638,5): warning C4311: 'type cast': pointer truncation from 'PCHAR' to 'DWORD'
35 | LDAPPrinter.cpp
36 | Main.cpp
37 | C:\Users\GrzegorzTworek\source\repos\gtworek\SysvolExplorer\sysvolcrawler\SysvolCrawler\LDAPCrawler.cpp(638,5): warning C4302: 'type cast': truncation from 'PCHAR' to 'DWORD'
38 | C:\Users\GrzegorzTworek\source\repos\gtworek\SysvolExplorer\sysvolcrawler\SysvolCrawler\Main.cpp(263,51): warning C4474: 'printf' : too many arguments passed for format string
39 | C:\Users\GrzegorzTworek\source\repos\gtworek\SysvolExplorer\sysvolcrawler\SysvolCrawler\Main.cpp(263,51): message : placeholders and their parameters expect 0 variadic arguments, but 1 were provided
40 | C:\Users\GrzegorzTworek\source\repos\gtworek\SysvolExplorer\sysvolcrawler\SysvolCrawler\Main.cpp(301,44): warning C4474: 'printf' : too many arguments passed for format string
41 | C:\Users\GrzegorzTworek\source\repos\gtworek\SysvolExplorer\sysvolcrawler\SysvolCrawler\Main.cpp(301,44): message : placeholders and their parameters expect 0 variadic arguments, but 1 were provided
42 | C:\Users\GrzegorzTworek\source\repos\gtworek\SysvolExplorer\sysvolcrawler\SysvolCrawler\Main.cpp(309,50): warning C4474: 'printf' : too many arguments passed for format string
43 | C:\Users\GrzegorzTworek\source\repos\gtworek\SysvolExplorer\sysvolcrawler\SysvolCrawler\Main.cpp(309,50): message : placeholders and their parameters expect 0 variadic arguments, but 1 were provided
44 | C:\Users\GrzegorzTworek\source\repos\gtworek\SysvolExplorer\sysvolcrawler\SysvolCrawler\Main.cpp(316,50): warning C4474: 'printf' : too many arguments passed for format string
45 | MISCParser.cpp
46 | MISCPrinter.cpp
47 | POLParser.cpp
48 | POLPrinter.cpp
49 | PREFERENCESParser.cpp
50 | PREFERENCESPrinter.cpp
51 | PrinterCommon.cpp
52 | SCRIPTSiniParser.cpp
53 | SCRIPTSiniPrinter.cpp
54 | Generating Code...
55 | C:\Users\GrzegorzTworek\source\repos\gtworek\SysvolExplorer\sysvolcrawler\SysvolCrawler\Main.cpp(316,50): message : placeholders and their parameters expect 0 variadic arguments, but 1 were provided
56 | SysvolCrawler.vcxproj -> C:\Users\GrzegorzTworek\Source\Repos\gtworek\SysvolExplorer\sysvolcrawler\x64\Debug\SysvolCrawler.exe
57 |
--------------------------------------------------------------------------------
/sysvolcrawler/SysvolCrawler/x64/Debug/SysvolCrawler.tlog/CL.command.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gtworek/SysvolExplorer/aa2d809d0390aa07f137aca08fa9a39998e6ef5f/sysvolcrawler/SysvolCrawler/x64/Debug/SysvolCrawler.tlog/CL.command.1.tlog
--------------------------------------------------------------------------------
/sysvolcrawler/SysvolCrawler/x64/Debug/SysvolCrawler.tlog/CL.read.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gtworek/SysvolExplorer/aa2d809d0390aa07f137aca08fa9a39998e6ef5f/sysvolcrawler/SysvolCrawler/x64/Debug/SysvolCrawler.tlog/CL.read.1.tlog
--------------------------------------------------------------------------------
/sysvolcrawler/SysvolCrawler/x64/Debug/SysvolCrawler.tlog/CL.write.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gtworek/SysvolExplorer/aa2d809d0390aa07f137aca08fa9a39998e6ef5f/sysvolcrawler/SysvolCrawler/x64/Debug/SysvolCrawler.tlog/CL.write.1.tlog
--------------------------------------------------------------------------------
/sysvolcrawler/SysvolCrawler/x64/Debug/SysvolCrawler.tlog/SysvolCrawler.lastbuildstate:
--------------------------------------------------------------------------------
1 | #TargetFrameworkVersion=v4.0:PlatformToolSet=v142:EnableManagedIncrementalBuild=false:VCToolArchitecture=Native32Bit:WindowsTargetPlatformVersion=10.0
2 | Debug|x64|C:\Users\GrzegorzTworek\Source\Repos\gtworek\SysvolExplorer\sysvolcrawler\|
3 |
--------------------------------------------------------------------------------
/sysvolcrawler/SysvolCrawler/x64/Debug/SysvolCrawler.tlog/link.command.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gtworek/SysvolExplorer/aa2d809d0390aa07f137aca08fa9a39998e6ef5f/sysvolcrawler/SysvolCrawler/x64/Debug/SysvolCrawler.tlog/link.command.1.tlog
--------------------------------------------------------------------------------
/sysvolcrawler/SysvolCrawler/x64/Debug/SysvolCrawler.tlog/link.read.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gtworek/SysvolExplorer/aa2d809d0390aa07f137aca08fa9a39998e6ef5f/sysvolcrawler/SysvolCrawler/x64/Debug/SysvolCrawler.tlog/link.read.1.tlog
--------------------------------------------------------------------------------
/sysvolcrawler/SysvolCrawler/x64/Debug/SysvolCrawler.tlog/link.write.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gtworek/SysvolExplorer/aa2d809d0390aa07f137aca08fa9a39998e6ef5f/sysvolcrawler/SysvolCrawler/x64/Debug/SysvolCrawler.tlog/link.write.1.tlog
--------------------------------------------------------------------------------
/sysvolcrawler/SysvolCrawler/x64/Debug/vc142.idb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gtworek/SysvolExplorer/aa2d809d0390aa07f137aca08fa9a39998e6ef5f/sysvolcrawler/SysvolCrawler/x64/Debug/vc142.idb
--------------------------------------------------------------------------------
/sysvolcrawler/SysvolCrawler/x64/Debug/vc142.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gtworek/SysvolExplorer/aa2d809d0390aa07f137aca08fa9a39998e6ef5f/sysvolcrawler/SysvolCrawler/x64/Debug/vc142.pdb
--------------------------------------------------------------------------------
/sysvolcrawler/bin/x64/SysvolCrawler.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gtworek/SysvolExplorer/aa2d809d0390aa07f137aca08fa9a39998e6ef5f/sysvolcrawler/bin/x64/SysvolCrawler.exe
--------------------------------------------------------------------------------
/sysvolcrawler/bin/x86/SysvolCrawler.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gtworek/SysvolExplorer/aa2d809d0390aa07f137aca08fa9a39998e6ef5f/sysvolcrawler/bin/x86/SysvolCrawler.exe
--------------------------------------------------------------------------------
/sysvolcrawler/x64/Debug/SysvolCrawler.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gtworek/SysvolExplorer/aa2d809d0390aa07f137aca08fa9a39998e6ef5f/sysvolcrawler/x64/Debug/SysvolCrawler.exe
--------------------------------------------------------------------------------
/sysvolcrawler/x64/Debug/SysvolCrawler.ilk:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gtworek/SysvolExplorer/aa2d809d0390aa07f137aca08fa9a39998e6ef5f/sysvolcrawler/x64/Debug/SysvolCrawler.ilk
--------------------------------------------------------------------------------
/sysvolcrawler/x64/Debug/SysvolCrawler.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gtworek/SysvolExplorer/aa2d809d0390aa07f137aca08fa9a39998e6ef5f/sysvolcrawler/x64/Debug/SysvolCrawler.pdb
--------------------------------------------------------------------------------