//当在WIN32 平台下,将utf8格式编码转化成gbk,vs2010的默认的编码格式
string UTF8ToGBK::UTF8TOGBK(const string text)
{
#if (CC_TARGET_PLATFORM == CC_PLATFORM_WIN32)
wstring tes = stringToWstring(text);
int asciSize = WideCharToMultiByte(CP_UTF8,0,tes.c_str(),tes.size(),NULL,0,NULL,NULL);
if (asciSize == ERROR_NO_UNICODE_TRANSLATION || asciSize == 0)
{
return string();
}
char *resultString = new char[asciSize];
int conveResult = WideCharToMultiByte(CP_UTF8,0,tes.c_str(),tes.size(),resultString,asciSize,NULL,NULL);
if (conveResult != asciSize)
{
return string();
}
string buffer = "";
buffer.append(resultString,asciSize);
delete[] resultString;
return buffer;
#endif
return text;
}
Status init() override {
auto wc = createSubscriptionContext();
for (auto& chan : osquery::split(FLAGS_windows_event_channels, ",")) {
// We remove quotes if they exist
boost::erase_all(chan, "\"");
boost::erase_all(chan, "\'");
wc->sources.insert(stringToWstring(chan));
}
subscribe(&WindowsEventSubscriber::Callback, wc);
return Status(0, "OK");
}
void WRTHttpRequest::send(WRTHttpResponse* response)
{
_response = response;
std::wstring sURL;
Uri^ uri;
switch (getRequestType())
{
case WRTHttpRequest::kHttpGet: // HTTP GET
{
sURL=stringToWstring(_url.c_str(),sURL);
String^ tUrl= ref new String(sURL.c_str());
convertURL(tUrl,&uri);
GetAsync(uri);
}
break;
case WRTHttpRequest::kHttpPost: // HTTP POST
{
sURL=stringToWstring(_url.c_str(),sURL);
String^ tUrl= ref new String(sURL.c_str());
convertURL(tUrl,&uri);
std::wstring content;
content=stringToWstring(_requestData.data(),content);
PostAsync(uri,content);
}
break;
case WRTHttpRequest::kHttpPut:
break;
case WRTHttpRequest::kHttpDelete:
break;
default:
CCAssert(true, "CCHttpClient: unkown request type, only GET and POSt are supported");
break;
}
}
void processLocalUserGroups(std::string uid,
std::string user,
QueryData& results) {
unsigned long userGroupInfoLevel = 0;
unsigned long numGroups = 0;
unsigned long totalUserGroups = 0;
LOCALGROUP_USERS_INFO_0* ginfo = nullptr;
PSID sid = nullptr;
unsigned long ret = 0;
ret = NetUserGetLocalGroups(nullptr,
stringToWstring(user).c_str(),
userGroupInfoLevel,
1,
reinterpret_cast<LPBYTE*>(&ginfo),
MAX_PREFERRED_LENGTH,
&numGroups,
&totalUserGroups);
if (ret == ERROR_MORE_DATA) {
LOG(WARNING) << "User " << user
<< " group membership exceeds buffer limits, processing "
<< numGroups << " our of " << totalUserGroups << " groups";
} else if (ret != NERR_Success || ginfo == nullptr) {
VLOG(1) << " NetUserGetLocalGroups failed for user " << user << " with "
<< ret;
return;
}
for (size_t i = 0; i < numGroups; i++) {
Row r;
auto sid = getSidFromUsername(ginfo[i].lgrui0_name);
r["uid"] = uid;
r["gid"] = INTEGER(getGidFromSid(static_cast<PSID>(sid.get())));
results.push_back(r);
}
if (ginfo != nullptr) {
NetApiBufferFree(ginfo);
}
}
inline std::wstring toWstring(tstring s) { return stringToWstring(s); }
inline tstring toTstring(std::string s) { return stringToWstring(s); }
void enumerateTasksForFolder(std::string path, QueryData& results) {
void* vpService = nullptr;
auto ret = CoCreateInstance(CLSID_TaskScheduler,
nullptr,
CLSCTX_INPROC_SERVER,
IID_ITaskService,
&vpService);
if (FAILED(ret)) {
VLOG(1) << "Failed to create COM instance " << ret;
return;
}
auto pService = static_cast<ITaskService*>(vpService);
ret =
pService->Connect(_variant_t(), _variant_t(), _variant_t(), _variant_t());
if (FAILED(ret)) {
VLOG(1) << "Failed to connect to TaskService " << ret;
pService->Release();
return;
}
ITaskFolder* pRootFolder = nullptr;
auto widePath = stringToWstring(path);
ret = pService->GetFolder(BSTR(widePath.c_str()), &pRootFolder);
pService->Release();
if (FAILED(ret)) {
VLOG(1) << "Failed to get root task folder " << ret;
return;
}
IRegisteredTaskCollection* pTaskCollection = nullptr;
ret = pRootFolder->GetTasks(TASK_ENUM_HIDDEN, &pTaskCollection);
pRootFolder->Release();
if (FAILED(ret)) {
VLOG(1) << "Failed to get task collection for root folder " << ret;
return;
}
long numTasks = 0;
pTaskCollection->get_Count(&numTasks);
for (size_t i = 0; i < numTasks; i++) {
IRegisteredTask* pRegisteredTask = nullptr;
// Collections are 1-based lists
ret = pTaskCollection->get_Item(_variant_t(i + 1), &pRegisteredTask);
if (FAILED(ret)) {
VLOG(1) << "Failed to process task";
continue;
}
Row r;
BSTR taskName;
ret = pRegisteredTask->get_Name(&taskName);
std::wstring wTaskName(taskName, SysStringLen(taskName));
r["name"] = ret == S_OK ? SQL_TEXT(wstringToString(wTaskName.c_str())) : "";
VARIANT_BOOL enabled = false;
pRegisteredTask->get_Enabled(&enabled);
r["enabled"] = enabled ? INTEGER(1) : INTEGER(0);
TASK_STATE taskState;
pRegisteredTask->get_State(&taskState);
r["state"] = kStateMap.count(taskState) > 0
? kStateMap.at(taskState)
: kStateMap.at(TASK_STATE_UNKNOWN);
BSTR taskPath;
ret = pRegisteredTask->get_Path(&taskPath);
std::wstring wTaskPath(taskPath, SysStringLen(taskPath));
r["path"] = ret == S_OK ? wstringToString(wTaskPath.c_str()) : "";
VARIANT_BOOL hidden = false;
pRegisteredTask->get_Enabled(&hidden);
r["hidden"] = hidden ? INTEGER(1) : INTEGER(0);
HRESULT lastTaskRun = E_FAIL;
pRegisteredTask->get_LastTaskResult(&lastTaskRun);
_com_error err(lastTaskRun);
r["last_run_message"] = err.ErrorMessage();
r["last_run_code"] = INTEGER(lastTaskRun);
// We conver the COM Date type to a unix epoch timestamp
DATE dRunTime;
SYSTEMTIME st;
FILETIME ft;
FILETIME locFt;
pRegisteredTask->get_LastRunTime(&dRunTime);
VariantTimeToSystemTime(dRunTime, &st);
SystemTimeToFileTime(&st, &ft);
LocalFileTimeToFileTime(&ft, &locFt);
r["last_run_time"] = INTEGER(filetimeToUnixtime(locFt));
pRegisteredTask->get_NextRunTime(&dRunTime);
VariantTimeToSystemTime(dRunTime, &st);
SystemTimeToFileTime(&st, &ft);
LocalFileTimeToFileTime(&ft, &locFt);
r["next_run_time"] = INTEGER(filetimeToUnixtime(locFt));
ITaskDefinition* taskDef = nullptr;
IActionCollection* tActionCollection = nullptr;
pRegisteredTask->get_Definition(&taskDef);
if (taskDef != nullptr) {
taskDef->get_Actions(&tActionCollection);
}
long actionCount = 0;
if (tActionCollection != nullptr) {
tActionCollection->get_Count(&actionCount);
}
std::vector<std::string> actions;
// Task collections are 1-indexed
for (auto j = 1; j <= actionCount; j++) {
IAction* act = nullptr;
IExecAction* execAction = nullptr;
tActionCollection->get_Item(j, &act);
if (act == nullptr) {
continue;
}
act->QueryInterface(IID_IExecAction,
reinterpret_cast<void**>(&execAction));
if (execAction == nullptr) {
continue;
}
BSTR taskExecPath;
execAction->get_Path(&taskExecPath);
std::wstring wTaskExecPath(taskExecPath, SysStringLen(taskExecPath));
BSTR taskExecArgs;
execAction->get_Arguments(&taskExecArgs);
std::wstring wTaskExecArgs(taskExecArgs, SysStringLen(taskExecArgs));
BSTR taskExecRoot;
execAction->get_WorkingDirectory(&taskExecRoot);
std::wstring wTaskExecRoot(taskExecRoot, SysStringLen(taskExecRoot));
auto full = wTaskExecRoot + L" " + wTaskExecPath + L" " + wTaskExecArgs;
actions.push_back(wstringToString(full.c_str()));
act->Release();
}
if (tActionCollection != nullptr) {
tActionCollection->Release();
}
if (taskDef != nullptr) {
taskDef->Release();
}
r["action"] = !actions.empty() ? osquery::join(actions, ",") : "";
results.push_back(r);
pRegisteredTask->Release();
}
pTaskCollection->Release();
}
std::wstring stringToWstring(const char* str)
{
std::string s(str);
return stringToWstring(s);
}
void Error::__ErrorMessage(const char* msg, const char* functionName, unsigned int line, const wchar_t* file, Error::Severity severity)
{
__ErrorMessage(stringToWstring(msg), functionName, line, file, severity);
}
void enumerateTasksForFolder(std::string path, QueryData& results) {
void* vpService = nullptr;
auto ret = CoCreateInstance(CLSID_TaskScheduler,
nullptr,
CLSCTX_INPROC_SERVER,
IID_ITaskService,
&vpService);
if (FAILED(ret)) {
VLOG(1) << "Failed to create COM instance " << ret;
return;
}
auto pService = static_cast<ITaskService*>(vpService);
ret =
pService->Connect(_variant_t(), _variant_t(), _variant_t(), _variant_t());
if (FAILED(ret)) {
VLOG(1) << "Failed to connect to TaskService " << ret;
pService->Release();
return;
}
ITaskFolder* pRootFolder = nullptr;
auto widePath = stringToWstring(path.c_str());
ret = pService->GetFolder(BSTR(widePath.c_str()), &pRootFolder);
pService->Release();
if (FAILED(ret)) {
VLOG(1) << "Failed to get root task folder " << ret;
return;
}
IRegisteredTaskCollection* pTaskCollection = nullptr;
ret = pRootFolder->GetTasks(TASK_ENUM_HIDDEN, &pTaskCollection);
pRootFolder->Release();
if (FAILED(ret)) {
VLOG(1) << "Failed to get task collection for root folder " << ret;
return;
}
long numTasks = 0;
pTaskCollection->get_Count(&numTasks);
for (size_t i = 0; i < numTasks; i++) {
IRegisteredTask* pRegisteredTask = nullptr;
// Collections are 1-based lists
ret = pTaskCollection->get_Item(_variant_t(i + 1), &pRegisteredTask);
if (FAILED(ret)) {
VLOG(1) << "Failed to process task";
continue;
}
Row r;
BSTR taskName;
ret = pRegisteredTask->get_Name(&taskName);
std::wstring wTaskName(taskName, SysStringLen(taskName));
r["name"] = ret == S_OK ? SQL_TEXT(wstringToString(wTaskName.c_str())) : "";
VARIANT_BOOL enabled = false;
pRegisteredTask->get_Enabled(&enabled);
r["enabled"] = enabled ? INTEGER(1) : INTEGER(0);
TASK_STATE taskState;
pRegisteredTask->get_State(&taskState);
r["state"] = kStateMap.count(taskState) > 0
? kStateMap.at(taskState)
: kStateMap.at(TASK_STATE_UNKNOWN);
BSTR taskPath;
ret = pRegisteredTask->get_Path(&taskPath);
std::wstring wTaskPath(taskPath, SysStringLen(taskPath));
r["path"] = ret == S_OK ? SQL_TEXT(wstringToString(wTaskPath.c_str())) : "";
VARIANT_BOOL hidden = false;
pRegisteredTask->get_Enabled(&hidden);
r["hidden"] = hidden ? INTEGER(1) : INTEGER(0);
HRESULT lastTaskRun = E_FAIL;
pRegisteredTask->get_LastTaskResult(&lastTaskRun);
_com_error err(lastTaskRun);
r["last_run_message"] = err.ErrorMessage();
r["last_run_code"] = INTEGER(lastTaskRun);
// We conver the COM Date type to a unix epoch timestamp
DATE dRunTime;
SYSTEMTIME st;
FILETIME ft;
FILETIME locFt;
pRegisteredTask->get_LastRunTime(&dRunTime);
VariantTimeToSystemTime(dRunTime, &st);
SystemTimeToFileTime(&st, &ft);
LocalFileTimeToFileTime(&ft, &locFt);
r["last_run_time"] = INTEGER(filetimeToUnixtime(locFt));
pRegisteredTask->get_NextRunTime(&dRunTime);
VariantTimeToSystemTime(dRunTime, &st);
SystemTimeToFileTime(&st, &ft);
LocalFileTimeToFileTime(&ft, &locFt);
r["next_run_time"] = INTEGER(filetimeToUnixtime(locFt));
results.push_back(r);
pRegisteredTask->Release();
}
pTaskCollection->Release();
}
