From 06e7d320a59b4bded4117446595bc44adfccfd08 Mon Sep 17 00:00:00 2001 From: Pavel Yosifovich Date: Sat, 19 Nov 2022 19:34:48 -0500 Subject: [PATCH] added user name for session object other tweaks --- WFPCore/WFPEngine.cpp | 6 +++--- WFPCore/WFPEngine.h | 40 +++++++++++++++++++++++------------ WFPExplorer/FiltersView.cpp | 3 +++ WFPExplorer/FiltersView.h | 2 +- WFPExplorer/ProvidersView.cpp | 11 ++++++---- WFPExplorer/ProvidersView.h | 2 +- WFPExplorer/SessionsView.cpp | 7 ++++++ WFPExplorer/SessionsView.h | 2 +- WFPExplorer/SublayersView.cpp | 5 ++++- WFPExplorer/SublayersView.h | 2 +- WFPExplorer/WFPExplorer.rc | 23 ++++++++++++++++++++ WFPExplorer/resource.h | 8 ++++--- 12 files changed, 83 insertions(+), 28 deletions(-) diff --git a/WFPCore/WFPEngine.cpp b/WFPCore/WFPEngine.cpp index ca310f2..f80b7ec 100644 --- a/WFPCore/WFPEngine.cpp +++ b/WFPCore/WFPEngine.cpp @@ -104,13 +104,13 @@ std::optional WFPEngine::GetProviderByKey(GUID const& guid) con return p; } -std::optional WFPEngine::GetFilterByKey(GUID const& key, bool includeConditions) const { +std::optional WFPEngine::GetFilterByKey(GUID const& key, bool full) const { FWPM_FILTER* filter; m_LastError = FwpmFilterGetByKey(m_hEngine, &key, &filter); if (m_LastError != ERROR_SUCCESS) return {}; - auto info = InitFilter(filter, includeConditions); + auto info = InitFilter(filter, full); FwpmFreeMemory((void**)&filter); return info; } @@ -283,7 +283,7 @@ std::vector WFPEngine::EnumProviderContexts(bool include std::optional WFPEngine::GetCalloutByKey(GUID const& key) const { FWPM_CALLOUT* co; FwpmCalloutGetByKey(m_hEngine, &key, &co); - auto info = InitCallout(co); + auto info = InitCallout(co, true); FwpmFreeMemory((void**)&co); return info; } diff --git a/WFPCore/WFPEngine.h b/WFPCore/WFPEngine.h index 7baa2f9..094e5cf 100644 --- a/WFPCore/WFPEngine.h +++ b/WFPCore/WFPEngine.h @@ -266,6 +266,7 @@ struct WFPSubLayerInfo { WFPSubLayerFlags Flags; GUID ProviderKey; std::vector ProviderData; + uint32_t ProviderDataSize; UINT16 Weight; }; @@ -364,6 +365,7 @@ struct WFPFilterInfo { WFPFilterFlags Flags; GUID ProviderKey; std::vector ProviderData; + uint32_t ProviderDataSize; GUID LayerKey; GUID SubLayerKey; WFPValue Weight; @@ -393,6 +395,7 @@ struct WFPCalloutInfo { WFPCalloutFlags Flags; GUID ProviderKey; std::vector ProviderData; + uint32_t ProviderDataSize; GUID ApplicableLayer; UINT32 CalloutId; }; @@ -700,8 +703,8 @@ class WFPEngine { // // Filters API // - std::optional GetFilterByKey(GUID const& key, bool includeConditions = false) const; - std::optional GetFilterById(UINT64 id, bool includeConditions = false) const; + std::optional GetFilterByKey(GUID const& key, bool full = true) const; + std::optional GetFilterById(UINT64 id, bool full = true) const; // // layer API @@ -721,12 +724,12 @@ class WFPEngine { // helpers // static std::wstring ParseMUIString(PCWSTR input); - static WFPProviderInfo InitProvider(FWPM_PROVIDER* p, bool includeData = false); - static WFPConnectionInfo InitConnection(FWPM_CONNECTION* p, bool includeData); - static WFPProviderContextInfo InitProviderContext(FWPM_PROVIDER_CONTEXT* p, bool includeData); + static WFPProviderInfo InitProvider(FWPM_PROVIDER* p, bool full = false); + static WFPConnectionInfo InitConnection(FWPM_CONNECTION* p, bool full = false); + static WFPProviderContextInfo InitProviderContext(FWPM_PROVIDER_CONTEXT* p, bool full = false); template requires std::is_base_of_v - static TFilter InitFilter(FWPM_FILTER* filter, bool includeConditions = false) { + static TFilter InitFilter(FWPM_FILTER* filter, bool full = false) { TFilter fi; fi.FilterKey = filter->filterKey; fi.FilterId = filter->filterId; @@ -741,7 +744,8 @@ class WFPEngine { fi.Weight.Init(filter->weight); fi.Action.Type = static_cast(filter->action.type); fi.Action.FilterType = filter->action.filterType; - if (includeConditions) { + fi.ProviderDataSize = filter->providerData.size; + if (full) { fi.Conditions.reserve(fi.ConditionCount); for (uint32_t i = 0; i < fi.ConditionCount; i++) { auto& cond = filter->filterCondition[i]; @@ -751,6 +755,10 @@ class WFPEngine { c.Value.Init(cond.conditionValue); fi.Conditions.emplace_back(std::move(c)); } + if (fi.ProviderDataSize) { + fi.ProviderData.resize(fi.ProviderDataSize); + memcpy(fi.ProviderData.data(), filter->providerData.data, fi.ProviderDataSize); + } } return fi; } @@ -780,7 +788,7 @@ class WFPEngine { } template requires std::is_base_of_v - static TLayer InitSubLayer(FWPM_SUBLAYER* layer) { + static TLayer InitSubLayer(FWPM_SUBLAYER* layer, bool full = false) { TLayer li; li.Name = ParseMUIString(layer->displayData.name); li.Desc = ParseMUIString(layer->displayData.description); @@ -788,13 +796,16 @@ class WFPEngine { li.Flags = static_cast(layer->flags); li.Weight = layer->weight; li.ProviderKey = layer->providerKey ? *layer->providerKey : GUID_NULL; - li.ProviderData.resize(layer->providerData.size); - memcpy(li.ProviderData.data(), layer->providerData.data, layer->providerData.size); + li.ProviderDataSize = layer->providerData.size; + if (full && li.ProviderDataSize) { + li.ProviderData.resize(li.ProviderDataSize); + memcpy(li.ProviderData.data(), layer->providerData.data, layer->providerData.size); + } return li; } template requires std::is_base_of_v - static TCallout InitCallout(FWPM_CALLOUT* c) { + static TCallout InitCallout(FWPM_CALLOUT* c, bool full = false) { TCallout ci; ci.Name = ParseMUIString(c->displayData.name); ci.Desc = ParseMUIString(c->displayData.description); @@ -802,8 +813,11 @@ class WFPEngine { ci.Flags = static_cast(c->flags); ci.CalloutKey = c->calloutKey; ci.ApplicableLayer = c->applicableLayer; - ci.ProviderData.resize(c->providerData.size); - memcpy(ci.ProviderData.data(), c->providerData.data, c->providerData.size); + ci.ProviderDataSize = c->providerData.size; + if (full && ci.ProviderDataSize) { + ci.ProviderData.resize(ci.ProviderDataSize); + memcpy(ci.ProviderData.data(), c->providerData.data, ci.ProviderDataSize); + } ci.CalloutId = c->calloutId; ci.ApplicableLayer = c->applicableLayer; return ci; diff --git a/WFPExplorer/FiltersView.cpp b/WFPExplorer/FiltersView.cpp index cba81d4..7c418c9 100644 --- a/WFPExplorer/FiltersView.cpp +++ b/WFPExplorer/FiltersView.cpp @@ -31,6 +31,7 @@ CString CFiltersView::GetColumnText(HWND, int row, int col) { case ColumnType::SubLayerKey: return StringHelper::GuidToString(info.SubLayerKey); case ColumnType::Weight: return StringHelper::WFPValueToString(info.Weight, true); case ColumnType::Action: return StringHelper::WFPFilterActionTypeToString(info.Action.Type); + case ColumnType::ProviderData: return info.ProviderDataSize == 0 ? L"" : std::format(L"{} Bytes", info.ProviderDataSize).c_str(); case ColumnType::ActionKey: if (info.FilterAction.IsEmpty()) { if (info.Action.CalloutKey == GUID_NULL) @@ -107,6 +108,7 @@ LRESULT CFiltersView::OnCreate(UINT /*uMsg*/, WPARAM /*wParam*/, LPARAM /*lParam cm->AddColumn(L"Action", LVCFMT_LEFT, 110, ColumnType::Action); cm->AddColumn(L"Action Filter/Callout", LVCFMT_LEFT, 120, ColumnType::ActionKey); cm->AddColumn(L"Flags", LVCFMT_LEFT, 150, ColumnType::Flags); + cm->AddColumn(L"Provider Data", LVCFMT_RIGHT, 100, ColumnType::ProviderData); cm->AddColumn(L"Filter Name", 0, 180, ColumnType::Name); cm->AddColumn(L"Description", 0, 180, ColumnType::Desc); cm->AddColumn(L"Provider", 0, 240, ColumnType::ProviderName); @@ -162,6 +164,7 @@ void CFiltersView::DoSort(SortInfo const* si) { case ColumnType::Layer: return SortHelper::Sort(GetLayerName(f1), GetLayerName(f2), asc); case ColumnType::SubLayer: return SortHelper::Sort(GetSublayerName(f1), GetSublayerName(f2), asc); case ColumnType::ConditionCount: return SortHelper::Sort(f1.ConditionCount, f2.ConditionCount, asc); + case ColumnType::ProviderData: return SortHelper::Sort(f1.ProviderDataSize, f2.ProviderDataSize, asc); } return false; }; diff --git a/WFPExplorer/FiltersView.h b/WFPExplorer/FiltersView.h index a31ccdc..b70944a 100644 --- a/WFPExplorer/FiltersView.h +++ b/WFPExplorer/FiltersView.h @@ -49,7 +49,7 @@ class CFiltersView : enum class ColumnType { Key, Name, Desc, Flags, ProviderGUID, ProviderName, LayerKey, SubLayerKey, - Weight, ConditionCount, Action, Id, EffectiveWeight, Layer, SubLayer, ActionKey, + Weight, ConditionCount, Action, Id, EffectiveWeight, Layer, SubLayer, ActionKey, ProviderData, }; struct FilterInfo : WFPFilterInfo { diff --git a/WFPExplorer/ProvidersView.cpp b/WFPExplorer/ProvidersView.cpp index 3e8fbc9..113f9e1 100644 --- a/WFPExplorer/ProvidersView.cpp +++ b/WFPExplorer/ProvidersView.cpp @@ -13,11 +13,12 @@ LRESULT CProvidersView::OnCreate(UINT /*uMsg*/, WPARAM /*wParam*/, LPARAM /*lPar m_List.SetExtendedListViewStyle(LVS_EX_DOUBLEBUFFER | LVS_EX_FULLROWSELECT | LVS_EX_INFOTIP); auto cm = GetColumnManager(m_List); - cm->AddColumn(L"Provider Key", 0, 250, ColumnType::Key); + cm->AddColumn(L"Provider Key", 0, 280, ColumnType::Key); + cm->AddColumn(L"Provider Name", 0, 220, ColumnType::Name); cm->AddColumn(L"Service Name", 0, 180, ColumnType::ServiceName); cm->AddColumn(L"Flags", 0, 120, ColumnType::Flags); - cm->AddColumn(L"Provider Name", 0, 180, ColumnType::Name); - cm->AddColumn(L"Description", 0, 180, ColumnType::Desc); + cm->AddColumn(L"Provider Data", LVCFMT_RIGHT, 90, ColumnType::ProviderData); + cm->AddColumn(L"Description", 0, 250, ColumnType::Desc); CImageList images; images.Create(16, 16, ILC_COLOR32 | ILC_MASK, 2, 2); @@ -47,7 +48,8 @@ CString CProvidersView::GetColumnText(HWND, int row, int col) { case ColumnType::Key: return StringHelper::GuidToString(info.ProviderKey); case ColumnType::Name: return info.Name.c_str(); case ColumnType::Desc: return info.Desc.c_str(); - case ColumnType::Flags: + case ColumnType::ProviderData: return info.ProviderDataSize == 0 ? L"" : std::format(L"{} Bytes", info.ProviderDataSize).c_str(); + case ColumnType::Flags: if (info.Flags == WFPProviderFlags::None) return L"0"; return std::format(L"0x{:X} ({})", (UINT32)info.Flags, StringHelper::WFPProviderFlagsToString(info.Flags)).c_str(); @@ -67,6 +69,7 @@ void CProvidersView::DoSort(SortInfo const* si) { case ColumnType::Desc: return SortHelper::Sort(p1.Desc, p2.Desc, asc); case ColumnType::Flags: return SortHelper::Sort(p1.Flags, p2.Flags, asc); case ColumnType::ServiceName: return SortHelper::Sort(p1.ServiceName, p2.ServiceName, asc); + case ColumnType::ProviderData: return SortHelper::Sort(p1.ProviderDataSize, p2.ProviderDataSize, asc); } return false; }; diff --git a/WFPExplorer/ProvidersView.h b/WFPExplorer/ProvidersView.h index b60b77e..774399d 100644 --- a/WFPExplorer/ProvidersView.h +++ b/WFPExplorer/ProvidersView.h @@ -35,7 +35,7 @@ class CProvidersView : private: enum class ColumnType { - Key, Name, Desc, Flags, ServiceName, + Key, Name, Desc, Flags, ServiceName, ProviderData, }; LRESULT OnCreate(UINT /*uMsg*/, WPARAM /*wParam*/, LPARAM /*lParam*/, BOOL& /*bHandled*/); diff --git a/WFPExplorer/SessionsView.cpp b/WFPExplorer/SessionsView.cpp index ac86aab..edc00aa 100644 --- a/WFPExplorer/SessionsView.cpp +++ b/WFPExplorer/SessionsView.cpp @@ -30,6 +30,9 @@ CString CSessionsView::GetColumnText(HWND, int row, int col) { case ColumnType::Key: return StringHelper::GuidToString(session.SessionKey); case ColumnType::Name: return session.Name.c_str(); case ColumnType::Desc: return session.Desc.c_str(); + case ColumnType::SID: return StringHelper::FormatSID((PSID const)session.Sid); + case ColumnType::KernelMode: return session.KernelMode ? L"Yes" : L""; + case ColumnType::UserName: return session.UserName.c_str(); case ColumnType::ProcessId: return std::to_wstring(session.ProcessId).c_str(); case ColumnType::Flags: if (session.Flags == WFPSessionFlags::None) @@ -55,6 +58,8 @@ void CSessionsView::DoSort(SortInfo const* si) { case ColumnType::Flags: return SortHelper::Sort(s1.Flags, s2.Flags, asc); case ColumnType::ProcessId: return SortHelper::Sort(s1.ProcessId, s2.ProcessId, asc); case ColumnType::ProcessName: return SortHelper::Sort(s1.ProcessName, s2.ProcessName, asc); + case ColumnType::UserName: return SortHelper::Sort(s1.UserName, s2.UserName, asc); + case ColumnType::KernelMode: return SortHelper::Sort(s1.KernelMode, s2.KernelMode, asc); } return false; }; @@ -74,8 +79,10 @@ LRESULT CSessionsView::OnCreate(UINT /*uMsg*/, WPARAM /*wParam*/, LPARAM /*lPara cm->AddColumn(L"Session Key", 0, 250, ColumnType::Key); cm->AddColumn(L"PID", LVCFMT_RIGHT, 90, ColumnType::ProcessId); cm->AddColumn(L"Process Name", LVCFMT_LEFT, 180, ColumnType::ProcessName); + cm->AddColumn(L"User Name", LVCFMT_LEFT, 220, ColumnType::UserName); cm->AddColumn(L"Flags", LVCFMT_LEFT, 120, ColumnType::Flags); cm->AddColumn(L"Session Name", 0, 180, ColumnType::Name); + cm->AddColumn(L"Kernel?", 0, 80, ColumnType::KernelMode); cm->AddColumn(L"Description", 0, 180, ColumnType::Desc); CImageList images; diff --git a/WFPExplorer/SessionsView.h b/WFPExplorer/SessionsView.h index f0e13f7..1969d7f 100644 --- a/WFPExplorer/SessionsView.h +++ b/WFPExplorer/SessionsView.h @@ -35,7 +35,7 @@ class CSessionsView : private: enum class ColumnType { - Key, Name, Desc, Flags, ProcessId, ProcessName, + Key, Name, Desc, Flags, ProcessId, ProcessName, UserName, SID, KernelMode, }; struct SessionInfo : WFPSessionInfo { CString ProcessName; diff --git a/WFPExplorer/SublayersView.cpp b/WFPExplorer/SublayersView.cpp index 2ecf584..580f6d0 100644 --- a/WFPExplorer/SublayersView.cpp +++ b/WFPExplorer/SublayersView.cpp @@ -17,6 +17,7 @@ LRESULT CSublayersView::OnCreate(UINT /*uMsg*/, WPARAM /*wParam*/, LPARAM /*lPar cm->AddColumn(L"Name", 0, 180, ColumnType::Name); cm->AddColumn(L"Flags", 0, 120, ColumnType::Flags); cm->AddColumn(L"Weight", LVCFMT_RIGHT, 80, ColumnType::Weight); + cm->AddColumn(L"Provider Data", LVCFMT_RIGHT, 90, ColumnType::ProviderData); cm->AddColumn(L"Provider", 0, 180, ColumnType::Provider); cm->AddColumn(L"Description", 0, 180, ColumnType::Desc); @@ -47,7 +48,8 @@ CString CSublayersView::GetColumnText(HWND, int row, int col) { case ColumnType::Key: return StringHelper::GuidToString(info.SubLayerKey); case ColumnType::Name: return info.Name.c_str(); case ColumnType::Desc: return info.Desc.c_str(); - case ColumnType::Flags: + case ColumnType::ProviderData: return info.ProviderDataSize == 0 ? L"" : std::format(L"{} Bytes", info.ProviderDataSize).c_str(); + case ColumnType::Flags: if (info.Flags == WFPSubLayerFlags::None) return L"0"; return std::format(L"0x{:X} ({})", (UINT32)info.Flags, @@ -82,6 +84,7 @@ void CSublayersView::DoSort(SortInfo const* si) { case ColumnType::Flags: return SortHelper::Sort(l1.Flags, l2.Flags, asc); case ColumnType::Provider: return SortHelper::Sort(l1.ProviderName, l2.ProviderName, asc); case ColumnType::Weight: return SortHelper::Sort(l1.Weight, l2.Weight, asc); + case ColumnType::ProviderData: return SortHelper::Sort(l1.ProviderDataSize, l2.ProviderDataSize, asc); } return false; }; diff --git a/WFPExplorer/SublayersView.h b/WFPExplorer/SublayersView.h index 55fae78..790979b 100644 --- a/WFPExplorer/SublayersView.h +++ b/WFPExplorer/SublayersView.h @@ -35,7 +35,7 @@ class CSublayersView : private: enum class ColumnType { - Key, Name, Desc, Flags, Weight, Provider, + Key, Name, Desc, Flags, Weight, Provider, ProviderData, }; struct SubLayerInfo : WFPSubLayerInfo { diff --git a/WFPExplorer/WFPExplorer.rc b/WFPExplorer/WFPExplorer.rc index 234ad47..0f069c0 100644 --- a/WFPExplorer/WFPExplorer.rc +++ b/WFPExplorer/WFPExplorer.rc @@ -245,6 +245,16 @@ BEGIN CONTROL "",IDC_LIST,"SysListView32",LVS_REPORT | LVS_SINGLESEL | LVS_ALIGNLEFT | LVS_OWNERDATA | WS_BORDER | WS_TABSTOP,7,7,375,240 END +IDD_PROPSHEET DIALOGEX 0, 0, 309, 176 +STYLE DS_SETFONT | DS_MODALFRAME | DS_FIXEDSYS | WS_POPUP | WS_CAPTION | WS_SYSMENU +CAPTION "Dialog" +FONT 8, "MS Shell Dlg", 400, 0, 0x1 +BEGIN + DEFPUSHBUTTON "OK",IDOK,198,155,50,14 + PUSHBUTTON "Cancel",IDCANCEL,252,155,50,14 + CONTROL "",IDC_TABS,"SysTabControl32",0x0,7,7,295,142 +END + ///////////////////////////////////////////////////////////////////////////// // @@ -293,6 +303,14 @@ BEGIN TOPMARGIN, 7 BOTTOMMARGIN, 247 END + + IDD_PROPSHEET, DIALOG + BEGIN + LEFTMARGIN, 7 + RIGHTMARGIN, 302 + TOPMARGIN, 7 + BOTTOMMARGIN, 169 + END END #endif // APSTUDIO_INVOKED @@ -394,6 +412,11 @@ BEGIN 0, 0, 100, 100 END +IDD_PROPSHEET AFX_DIALOG_LAYOUT +BEGIN + 0 +END + ///////////////////////////////////////////////////////////////////////////// // diff --git a/WFPExplorer/resource.h b/WFPExplorer/resource.h index 48b3368..89b9abf 100644 --- a/WFPExplorer/resource.h +++ b/WFPExplorer/resource.h @@ -32,8 +32,8 @@ #define IDD_LAYERFIELDS 226 #define IDI_CONDITION 227 #define IDI_CUBE 228 -#define IDI_ICON1 230 #define IDI_FIELD 230 +#define IDD_PROPSHEET 231 #define IDC_VERSION 1000 #define IDC_COPYRIGHT 1001 #define IDC_KEY 1001 @@ -54,6 +54,8 @@ #define IDC_SUBLAYER_PROP 1014 #define IDC_VALUE 1016 #define IDC_FLAGS 1017 +#define IDC_TAB1 1018 +#define IDC_TABS 1018 #define ID_WINDOW_CLOSE 32772 #define ID_WINDOW_CLOSE_ALL 32773 #define ID_OPTIONS_ALWAYSONTOP 32775 @@ -73,9 +75,9 @@ // #ifdef APSTUDIO_INVOKED #ifndef APSTUDIO_READONLY_SYMBOLS -#define _APS_NEXT_RESOURCE_VALUE 231 +#define _APS_NEXT_RESOURCE_VALUE 233 #define _APS_NEXT_COMMAND_VALUE 32789 -#define _APS_NEXT_CONTROL_VALUE 1018 +#define _APS_NEXT_CONTROL_VALUE 1019 #define _APS_NEXT_SYMED_VALUE 101 #endif #endif