gnh1201/welsonjs
1
0
Fork 0
mirror of https://github.com/gnh1201/welsonjs.git synced 2024-11-26 15:31:42 +00:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Related works for #132
Some checks are pending
CodeQL / Analyze (csharp) (push) Waiting to run
Details
CodeQL / Analyze (javascript) (push) Waiting to run
Details
CodeQL / Analyze (python) (push) Waiting to run
Details

Browse Source
This commit is contained in:
Namhyeon Go 2024-08-19 17:04:50 +09:00
parent 5d9fb71753
commit c8b3ac5d99
7 changed files with 221 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

78
WelsonJS.Toolkit/WelsonJS.Service/MessageReceiver.cs Normal file
View File

@ -0,0 +1,78 @@
// MessageReceiver.cs
// https://github.com/gnh1201/welsonjs
using DeviceId;
using Grpc.Core;
using Grpc.Net.Client;
using System.ServiceProcess;
using System.Threading.Tasks;
using WelsonJS.GrpcService;
namespace WelsonJS.Service
{
public class MessageReceiver
{
private GrpcChannel channel;
private ServiceMain parent;
private string deviceId;
public MessageReceiver(ServiceBase parent, string workingDirectory)
{
this.parent = (ServiceMain)parent;
// Read the device ID on this computer
deviceId = new DeviceIdBuilder()
.OnWindows(windows => windows.AddWindowsDeviceId())
.ToString();
// Read configuration from settings.ini
try
{
// Get the GRPC server URL from settings
string grpcServerAddress = this.parent.GetSettingsFileHandler().Read("GRPC_SERVER_ADDRESS");
// Set the GRPC channel
channel = GrpcChannel.ForAddress(grpcServerAddress);
}
catch
{
channel = null;
}
}
public void Start()
{
if (channel != null)
{
Task.Run(() => GetTask());
}
else
{
parent.Log("Not Initializd GRPC channel");
}
}
private async Task GetTask()
{
try
{
var client = new MessageController.MessageControllerClient(channel);
var request = new MessageRequest {
ClientId = deviceId
};
var call = client.SendMessageStream(request);
while (await call.ResponseStream.MoveNext())
{
var response = call.ResponseStream.Current;
parent.Log($"Received: {response.Message}");
}
}
finally
{
channel?.Dispose();
}
}
}
}

15
WelsonJS.Toolkit/WelsonJS.Service/Protos/WelsonJS.GrpcService.proto Normal file
View File

@ -0,0 +1,15 @@
syntax = "proto3";
option csharp_namespace = "WelsonJS.GrpcService";
service MessageController {
rpc SendMessageStream (MessageRequest) returns (stream MessageReply);
}
message MessageRequest {
string clientId = 1;
}
message MessageReply {
string message = 1;
}

46
WelsonJS.Toolkit/WelsonJS.Service/ServiceMain.cs
View File

@ -50,7 +50,7 @@ namespace WelsonJS.Service
private bool disabledFileMonitor = false;
private ScreenMatching screenMatcher;
private FileEventMonitor fileEventMonitor;
private IniFile settingsController;
private IniFile settingsFileHandler;
[DllImport("user32.dll")]
private static extern int GetSystemMetrics(int nIndex);
@ -111,11 +111,11 @@ namespace WelsonJS.Service
{
try
{
settingsController = new IniFile(settingsFilePath);
settingsFileHandler = new IniFile(settingsFilePath);
}
catch (Exception)
{
settingsController = null;
settingsFileHandler = null;
}
}
@ -137,19 +137,6 @@ namespace WelsonJS.Service
defaultTimer.Elapsed += OnElapsedTime;
timers.Add(defaultTimer);
// Trace an event of file creation
if (!disabledFileMonitor)
{
fileEventMonitor = new FileEventMonitor(this, workingDirectory);
fileEventMonitor.Start();
Log("File Event Monitor started.");
}
else
{
Log("Disabled the File Event Monitor (Sysinternals Sysmon based file event monitor)");
}
// check this session is the user interactive mode
if (Environment.UserInteractive) {
this.OnUserInteractiveEnvironment();
@ -164,6 +151,11 @@ namespace WelsonJS.Service
Log(appName + " Service Loaded");
}
public IniFile GetSettingsFileHandler()
{
return settingsFileHandler;
}
internal void TestStartupAndStop()
{
this.OnStart(this.args);
@ -175,7 +167,7 @@ namespace WelsonJS.Service
{
base.OnStart(args);
// check the script file exists
// Check exists the entry script file
if (File.Exists(scriptFilePath))
{
Log($"Script file found: {scriptFilePath}");
@ -205,7 +197,25 @@ namespace WelsonJS.Service
Log($"Script file not found: {scriptFilePath}");
}
timers.ForEach(timer => timer?.Start()); // start
// Trace a Sysmon file events (If Sysinternals Sysmon installed)
if (!disabledFileMonitor)
{
fileEventMonitor = new FileEventMonitor(this, workingDirectory);
fileEventMonitor.Start();
Log("Trace a Sysmon file events (If Sysinternals Sysmon installed) started.");
}
else
{
Log("Trace a Sysmon file events (If Sysinternals Sysmon installed) is disabled");
}
// Start GRPC based message receiver
MessageReceiver receiver = new MessageReceiver(this, workingDirectory);
receiver.Start();
// Start all the registered timers
timers.ForEach(timer => timer?.Start());
Log(appName + " Service Started");
}

45
WelsonJS.Toolkit/WelsonJS.Service/WelsonJS.Service.csproj
View File

@ -1,5 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<Project ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<Import Project="..\packages\Grpc.Tools.2.65.0\build\Grpc.Tools.props" Condition="Exists('..\packages\Grpc.Tools.2.65.0\build\Grpc.Tools.props')" />
<Import Project="..\packages\Microsoft.O365.Security.Native.libyara.NET.4.5.1\build\net462\Microsoft.O365.Security.Native.libyara.NET.props" Condition="Exists('..\packages\Microsoft.O365.Security.Native.libyara.NET.4.5.1\build\net462\Microsoft.O365.Security.Native.libyara.NET.props')" />
<Import Project="$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props" Condition="Exists('$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props')" />
<PropertyGroup>
@ -82,10 +83,37 @@
<StartupObject />
</PropertyGroup>
<ItemGroup>
<Reference Include="DeviceId, Version=6.7.0.0, Culture=neutral, PublicKeyToken=f755c371b5c59c52, processorArchitecture=MSIL">
<HintPath>..\packages\DeviceId.6.7.0\lib\net40\DeviceId.dll</HintPath>
</Reference>
<Reference Include="DeviceId.Windows, Version=6.6.0.0, Culture=neutral, PublicKeyToken=f755c371b5c59c52, processorArchitecture=MSIL">
<HintPath>..\packages\DeviceId.Windows.6.6.0\lib\net40\DeviceId.Windows.dll</HintPath>
</Reference>
<Reference Include="Google.Protobuf, Version=3.27.3.0, Culture=neutral, PublicKeyToken=a7d26565bac4d604, processorArchitecture=MSIL">
<HintPath>..\packages\Google.Protobuf.3.27.3\lib\net45\Google.Protobuf.dll</HintPath>
</Reference>
<Reference Include="Grpc.Core, Version=2.0.0.0, Culture=neutral, PublicKeyToken=d754f35622e28bad, processorArchitecture=MSIL">
<HintPath>..\packages\Grpc.Core.2.46.6\lib\net45\Grpc.Core.dll</HintPath>
</Reference>
<Reference Include="Grpc.Core.Api, Version=2.0.0.0, Culture=neutral, PublicKeyToken=d754f35622e28bad, processorArchitecture=MSIL">
<HintPath>..\packages\Grpc.Core.Api.2.65.0\lib\net462\Grpc.Core.Api.dll</HintPath>
</Reference>
<Reference Include="Grpc.Net.Client, Version=2.0.0.0, Culture=neutral, PublicKeyToken=d754f35622e28bad, processorArchitecture=MSIL">
<HintPath>..\packages\Grpc.Net.Client.2.65.0\lib\net462\Grpc.Net.Client.dll</HintPath>
</Reference>
<Reference Include="Grpc.Net.Common, Version=2.0.0.0, Culture=neutral, PublicKeyToken=d754f35622e28bad, processorArchitecture=MSIL">
<HintPath>..\packages\Grpc.Net.Common.2.65.0\lib\netstandard2.0\Grpc.Net.Common.dll</HintPath>
</Reference>
<Reference Include="Microsoft.Bcl.AsyncInterfaces, Version=8.0.0.0, Culture=neutral, PublicKeyToken=cc7b13ffcd2ddd51, processorArchitecture=MSIL">
<HintPath>..\packages\Microsoft.Bcl.AsyncInterfaces.8.0.0\lib\net462\Microsoft.Bcl.AsyncInterfaces.dll</HintPath>
</Reference>
<Reference Include="Microsoft.CSharp" />
<Reference Include="Microsoft.Extensions.DependencyInjection.Abstractions, Version=8.0.0.1, Culture=neutral, PublicKeyToken=adb9793829ddae60, processorArchitecture=MSIL">
<HintPath>..\packages\Microsoft.Extensions.DependencyInjection.Abstractions.8.0.1\lib\net462\Microsoft.Extensions.DependencyInjection.Abstractions.dll</HintPath>
</Reference>
<Reference Include="Microsoft.Extensions.Logging.Abstractions, Version=8.0.0.1, Culture=neutral, PublicKeyToken=adb9793829ddae60, processorArchitecture=MSIL">
<HintPath>..\packages\Microsoft.Extensions.Logging.Abstractions.8.0.1\lib\net462\Microsoft.Extensions.Logging.Abstractions.dll</HintPath>
</Reference>
<Reference Include="RestSharp, Version=111.4.1.0, Culture=neutral, PublicKeyToken=598062e77f915f75, processorArchitecture=MSIL">
<HintPath>..\packages\RestSharp.111.4.1\lib\net48\RestSharp.dll</HintPath>
</Reference>
@ -95,12 +123,18 @@
</Reference>
<Reference Include="System.Configuration.Install" />
<Reference Include="System.Data" />
<Reference Include="System.Diagnostics.DiagnosticSource, Version=8.0.0.1, Culture=neutral, PublicKeyToken=cc7b13ffcd2ddd51, processorArchitecture=MSIL">
<HintPath>..\packages\System.Diagnostics.DiagnosticSource.8.0.1\lib\net462\System.Diagnostics.DiagnosticSource.dll</HintPath>
</Reference>
<Reference Include="System.Drawing" />
<Reference Include="System.Management" />
<Reference Include="System.Memory, Version=4.0.1.2, Culture=neutral, PublicKeyToken=cc7b13ffcd2ddd51, processorArchitecture=MSIL">
<HintPath>..\packages\System.Memory.4.5.5\lib\net461\System.Memory.dll</HintPath>
</Reference>
<Reference Include="System.Net.Http" />
<Reference Include="System.Net.Http.WinHttpHandler, Version=8.0.0.2, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=MSIL">
<HintPath>..\packages\System.Net.Http.WinHttpHandler.8.0.2\lib\net462\System.Net.Http.WinHttpHandler.dll</HintPath>
</Reference>
<Reference Include="System.Numerics" />
<Reference Include="System.Numerics.Vectors, Version=4.1.4.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=MSIL">
<HintPath>..\packages\System.Numerics.Vectors.4.5.0\lib\net46\System.Numerics.Vectors.dll</HintPath>
@ -127,6 +161,7 @@
</ItemGroup>
<ItemGroup>
<Compile Include="FileEventMonitor.cs" />
<Compile Include="MessageReceiver.cs" />
<Compile Include="Model\FileRuleMatched.cs" />
<Compile Include="ServiceMain.cs">
<SubType>Component</SubType>
@ -172,11 +207,21 @@
<Name>WelsonJS.Toolkit</Name>
</ProjectReference>
</ItemGroup>
<ItemGroup>
<Protobuf Include="Protos\WelsonJS.GrpcService.proto" GrpcServices="Client">
<CopyToOutputDirectory>Always</CopyToOutputDirectory>
</Protobuf>
</ItemGroup>
<Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
<Target Name="EnsureNuGetPackageBuildImports" BeforeTargets="PrepareForBuild">
<PropertyGroup>
<ErrorText>이 프로젝트는 이 컴퓨터에 없는 NuGet 패키지를 참조합니다. 해당 패키지를 다운로드하려면 NuGet 패키지 복원을 사용하십시오. 자세한 내용은 http://go.microsoft.com/fwlink/?LinkID=322105를 참조하십시오. 누락된 파일은 {0}입니다.</ErrorText>
</PropertyGroup>
<Error Condition="!Exists('..\packages\Microsoft.O365.Security.Native.libyara.NET.4.5.1\build\net462\Microsoft.O365.Security.Native.libyara.NET.props')" Text="$([System.String]::Format('$(ErrorText)', '..\packages\Microsoft.O365.Security.Native.libyara.NET.4.5.1\build\net462\Microsoft.O365.Security.Native.libyara.NET.props'))" />
<Error Condition="!Exists('..\packages\Grpc.Tools.2.65.0\build\Grpc.Tools.props')" Text="$([System.String]::Format('$(ErrorText)', '..\packages\Grpc.Tools.2.65.0\build\Grpc.Tools.props'))" />
<Error Condition="!Exists('..\packages\Grpc.Tools.2.65.0\build\Grpc.Tools.targets')" Text="$([System.String]::Format('$(ErrorText)', '..\packages\Grpc.Tools.2.65.0\build\Grpc.Tools.targets'))" />
<Error Condition="!Exists('..\packages\Grpc.Core.2.46.6\build\net45\Grpc.Core.targets')" Text="$([System.String]::Format('$(ErrorText)', '..\packages\Grpc.Core.2.46.6\build\net45\Grpc.Core.targets'))" />
</Target>
<Import Project="..\packages\Grpc.Tools.2.65.0\build\Grpc.Tools.targets" Condition="Exists('..\packages\Grpc.Tools.2.65.0\build\Grpc.Tools.targets')" />
<Import Project="..\packages\Grpc.Core.2.46.6\build\net45\Grpc.Core.targets" Condition="Exists('..\packages\Grpc.Core.2.46.6\build\net45\Grpc.Core.targets')" />
</Project>

32
WelsonJS.Toolkit/WelsonJS.Service/app.config
View File

@ -7,6 +7,38 @@
<assemblyIdentity name="System.Runtime.CompilerServices.Unsafe" publicKeyToken="b03f5f7f11d50a3a" culture="neutral" />
<bindingRedirect oldVersion="0.0.0.0-6.0.0.0" newVersion="6.0.0.0" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="System.Memory" publicKeyToken="cc7b13ffcd2ddd51" culture="neutral" />
<bindingRedirect oldVersion="0.0.0.0-4.0.1.2" newVersion="4.0.1.2" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="Microsoft.Bcl.AsyncInterfaces" publicKeyToken="cc7b13ffcd2ddd51" culture="neutral" />
<bindingRedirect oldVersion="0.0.0.0-8.0.0.0" newVersion="8.0.0.0" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="System.ValueTuple" publicKeyToken="cc7b13ffcd2ddd51" culture="neutral" />
<bindingRedirect oldVersion="0.0.0.0-4.0.3.0" newVersion="4.0.3.0" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="Microsoft.Extensions.Logging.Abstractions" publicKeyToken="adb9793829ddae60" culture="neutral" />
<bindingRedirect oldVersion="0.0.0.0-8.0.0.1" newVersion="8.0.0.1" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="System.Diagnostics.DiagnosticSource" publicKeyToken="cc7b13ffcd2ddd51" culture="neutral" />
<bindingRedirect oldVersion="0.0.0.0-8.0.0.1" newVersion="8.0.0.1" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="System.Net.Http.WinHttpHandler" publicKeyToken="b03f5f7f11d50a3a" culture="neutral" />
<bindingRedirect oldVersion="0.0.0.0-8.0.0.2" newVersion="8.0.0.2" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="System.Buffers" publicKeyToken="cc7b13ffcd2ddd51" culture="neutral" />
<bindingRedirect oldVersion="0.0.0.0-4.0.3.0" newVersion="4.0.3.0" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="DeviceId" publicKeyToken="f755c371b5c59c52" culture="neutral" />
<bindingRedirect oldVersion="0.0.0.0-6.7.0.0" newVersion="6.7.0.0" />
</dependentAssembly>
</assemblyBinding>
</runtime>
</configuration>

13
WelsonJS.Toolkit/WelsonJS.Service/packages.config
View File

@ -1,10 +1,23 @@
<?xml version="1.0" encoding="utf-8"?>
<packages>
<package id="DeviceId" version="6.7.0" targetFramework="net48" />
<package id="DeviceId.Windows" version="6.6.0" targetFramework="net48" />
<package id="Google.Protobuf" version="3.27.3" targetFramework="net48" />
<package id="Grpc" version="2.46.6" targetFramework="net48" />
<package id="Grpc.Core" version="2.46.6" targetFramework="net48" />
<package id="Grpc.Core.Api" version="2.65.0" targetFramework="net48" />
<package id="Grpc.Net.Client" version="2.65.0" targetFramework="net48" />
<package id="Grpc.Net.Common" version="2.65.0" targetFramework="net48" />
<package id="Grpc.Tools" version="2.65.0" targetFramework="net48" developmentDependency="true" />
<package id="Microsoft.Bcl.AsyncInterfaces" version="8.0.0" targetFramework="net48" />
<package id="Microsoft.Extensions.DependencyInjection.Abstractions" version="8.0.1" targetFramework="net48" />
<package id="Microsoft.Extensions.Logging.Abstractions" version="8.0.1" targetFramework="net48" />
<package id="Microsoft.O365.Security.Native.libyara.NET" version="4.5.1" targetFramework="net48" />
<package id="RestSharp" version="111.4.1" targetFramework="net48" />
<package id="System.Buffers" version="4.5.1" targetFramework="net48" />
<package id="System.Diagnostics.DiagnosticSource" version="8.0.1" targetFramework="net48" />
<package id="System.Memory" version="4.5.5" targetFramework="net48" />
<package id="System.Net.Http.WinHttpHandler" version="8.0.2" targetFramework="net48" />
<package id="System.Numerics.Vectors" version="4.5.0" targetFramework="net48" />
<package id="System.Runtime.CompilerServices.Unsafe" version="6.0.0" targetFramework="net48" />
<package id="System.Text.Encodings.Web" version="8.0.0" targetFramework="net48" />

17
WelsonJS.Toolkit/WelsonJS.Toolkit/TinyINIController/IniFile.cs
View File

@ -4,7 +4,9 @@ using System.Reflection;
using System.Runtime.InteropServices;
using System.Text;
// https://github.com/niklyadov/tiny-ini-file-class
// TinyINIController
// Original source code: https://github.com/niklyadov/tiny-ini-file-class
namespace WelsonJS.TinyINIController
{
public class IniFile
@ -17,14 +19,15 @@ namespace WelsonJS.TinyINIController
private readonly FileInfo FileInfo;
private readonly string exe = Assembly.GetExecutingAssembly().GetName().Name;
//private readonly string exe = Assembly.GetExecutingAssembly().GetName().Name;
private readonly string defaultSection = "Default";
private readonly FileAccess fileAccess;
public IniFile(string path = null, FileAccess access = FileAccess.ReadWrite)
{
fileAccess = access;
FileInfo = new FileInfo(path ?? exe);
FileInfo = new FileInfo(path ?? defaultSection);
}
public string Read(string key, string section = null)
@ -33,7 +36,7 @@ namespace WelsonJS.TinyINIController
if (fileAccess != FileAccess.Write)
{
GetPrivateProfileString(section ?? exe, key, "", RetVal, 65025, FileInfo.FullName);
GetPrivateProfileString(section ?? defaultSection, key, "", RetVal, 65025, FileInfo.FullName);
}
else
{
@ -46,7 +49,7 @@ namespace WelsonJS.TinyINIController
{
if (fileAccess != FileAccess.Read)
{
WritePrivateProfileString(section ?? exe, key, value, FileInfo.FullName);
WritePrivateProfileString(section ?? defaultSection, key, value, FileInfo.FullName);
}
else
{
@ -56,12 +59,12 @@ namespace WelsonJS.TinyINIController
public void DeleteKey(string key, string section = null)
{
Write(key, null, section ?? exe);
Write(key, null, section ?? defaultSection);
}
public void DeleteSection(string section = null)
{
Write(null, null, section ?? exe);
Write(null, null, section ?? defaultSection);
}
public bool KeyExists(string key, string section = null)