//当在WIN32 平台下,将utf8格式编码转化成gbk,vs2010的默认的编码格式 string UTF8ToGBK::UTF8TOGBK(const string text) { #if (CC_TARGET_PLATFORM == CC_PLATFORM_WIN32) wstring tes = stringToWstring(text); int asciSize = WideCharToMultiByte(CP_UTF8,0,tes.c_str(),tes.size(),NULL,0,NULL,NULL); if (asciSize == ERROR_NO_UNICODE_TRANSLATION || asciSize == 0) { return string(); } char *resultString = new char[asciSize]; int conveResult = WideCharToMultiByte(CP_UTF8,0,tes.c_str(),tes.size(),resultString,asciSize,NULL,NULL); if (conveResult != asciSize) { return string(); } string buffer = ""; buffer.append(resultString,asciSize); delete[] resultString; return buffer; #endif return text; }
Status init() override { auto wc = createSubscriptionContext(); for (auto& chan : osquery::split(FLAGS_windows_event_channels, ",")) { // We remove quotes if they exist boost::erase_all(chan, "\""); boost::erase_all(chan, "\'"); wc->sources.insert(stringToWstring(chan)); } subscribe(&WindowsEventSubscriber::Callback, wc); return Status(0, "OK"); }
void WRTHttpRequest::send(WRTHttpResponse* response) { _response = response; std::wstring sURL; Uri^ uri; switch (getRequestType()) { case WRTHttpRequest::kHttpGet: // HTTP GET { sURL=stringToWstring(_url.c_str(),sURL); String^ tUrl= ref new String(sURL.c_str()); convertURL(tUrl,&uri); GetAsync(uri); } break; case WRTHttpRequest::kHttpPost: // HTTP POST { sURL=stringToWstring(_url.c_str(),sURL); String^ tUrl= ref new String(sURL.c_str()); convertURL(tUrl,&uri); std::wstring content; content=stringToWstring(_requestData.data(),content); PostAsync(uri,content); } break; case WRTHttpRequest::kHttpPut: break; case WRTHttpRequest::kHttpDelete: break; default: CCAssert(true, "CCHttpClient: unkown request type, only GET and POSt are supported"); break; } }
void processLocalUserGroups(std::string uid, std::string user, QueryData& results) { unsigned long userGroupInfoLevel = 0; unsigned long numGroups = 0; unsigned long totalUserGroups = 0; LOCALGROUP_USERS_INFO_0* ginfo = nullptr; PSID sid = nullptr; unsigned long ret = 0; ret = NetUserGetLocalGroups(nullptr, stringToWstring(user).c_str(), userGroupInfoLevel, 1, reinterpret_cast<LPBYTE*>(&ginfo), MAX_PREFERRED_LENGTH, &numGroups, &totalUserGroups); if (ret == ERROR_MORE_DATA) { LOG(WARNING) << "User " << user << " group membership exceeds buffer limits, processing " << numGroups << " our of " << totalUserGroups << " groups"; } else if (ret != NERR_Success || ginfo == nullptr) { VLOG(1) << " NetUserGetLocalGroups failed for user " << user << " with " << ret; return; } for (size_t i = 0; i < numGroups; i++) { Row r; auto sid = getSidFromUsername(ginfo[i].lgrui0_name); r["uid"] = uid; r["gid"] = INTEGER(getGidFromSid(static_cast<PSID>(sid.get()))); results.push_back(r); } if (ginfo != nullptr) { NetApiBufferFree(ginfo); } }
inline std::wstring toWstring(tstring s) { return stringToWstring(s); }
inline tstring toTstring(std::string s) { return stringToWstring(s); }
void enumerateTasksForFolder(std::string path, QueryData& results) { void* vpService = nullptr; auto ret = CoCreateInstance(CLSID_TaskScheduler, nullptr, CLSCTX_INPROC_SERVER, IID_ITaskService, &vpService); if (FAILED(ret)) { VLOG(1) << "Failed to create COM instance " << ret; return; } auto pService = static_cast<ITaskService*>(vpService); ret = pService->Connect(_variant_t(), _variant_t(), _variant_t(), _variant_t()); if (FAILED(ret)) { VLOG(1) << "Failed to connect to TaskService " << ret; pService->Release(); return; } ITaskFolder* pRootFolder = nullptr; auto widePath = stringToWstring(path); ret = pService->GetFolder(BSTR(widePath.c_str()), &pRootFolder); pService->Release(); if (FAILED(ret)) { VLOG(1) << "Failed to get root task folder " << ret; return; } IRegisteredTaskCollection* pTaskCollection = nullptr; ret = pRootFolder->GetTasks(TASK_ENUM_HIDDEN, &pTaskCollection); pRootFolder->Release(); if (FAILED(ret)) { VLOG(1) << "Failed to get task collection for root folder " << ret; return; } long numTasks = 0; pTaskCollection->get_Count(&numTasks); for (size_t i = 0; i < numTasks; i++) { IRegisteredTask* pRegisteredTask = nullptr; // Collections are 1-based lists ret = pTaskCollection->get_Item(_variant_t(i + 1), &pRegisteredTask); if (FAILED(ret)) { VLOG(1) << "Failed to process task"; continue; } Row r; BSTR taskName; ret = pRegisteredTask->get_Name(&taskName); std::wstring wTaskName(taskName, SysStringLen(taskName)); r["name"] = ret == S_OK ? SQL_TEXT(wstringToString(wTaskName.c_str())) : ""; VARIANT_BOOL enabled = false; pRegisteredTask->get_Enabled(&enabled); r["enabled"] = enabled ? INTEGER(1) : INTEGER(0); TASK_STATE taskState; pRegisteredTask->get_State(&taskState); r["state"] = kStateMap.count(taskState) > 0 ? kStateMap.at(taskState) : kStateMap.at(TASK_STATE_UNKNOWN); BSTR taskPath; ret = pRegisteredTask->get_Path(&taskPath); std::wstring wTaskPath(taskPath, SysStringLen(taskPath)); r["path"] = ret == S_OK ? wstringToString(wTaskPath.c_str()) : ""; VARIANT_BOOL hidden = false; pRegisteredTask->get_Enabled(&hidden); r["hidden"] = hidden ? INTEGER(1) : INTEGER(0); HRESULT lastTaskRun = E_FAIL; pRegisteredTask->get_LastTaskResult(&lastTaskRun); _com_error err(lastTaskRun); r["last_run_message"] = err.ErrorMessage(); r["last_run_code"] = INTEGER(lastTaskRun); // We conver the COM Date type to a unix epoch timestamp DATE dRunTime; SYSTEMTIME st; FILETIME ft; FILETIME locFt; pRegisteredTask->get_LastRunTime(&dRunTime); VariantTimeToSystemTime(dRunTime, &st); SystemTimeToFileTime(&st, &ft); LocalFileTimeToFileTime(&ft, &locFt); r["last_run_time"] = INTEGER(filetimeToUnixtime(locFt)); pRegisteredTask->get_NextRunTime(&dRunTime); VariantTimeToSystemTime(dRunTime, &st); SystemTimeToFileTime(&st, &ft); LocalFileTimeToFileTime(&ft, &locFt); r["next_run_time"] = INTEGER(filetimeToUnixtime(locFt)); ITaskDefinition* taskDef = nullptr; IActionCollection* tActionCollection = nullptr; pRegisteredTask->get_Definition(&taskDef); if (taskDef != nullptr) { taskDef->get_Actions(&tActionCollection); } long actionCount = 0; if (tActionCollection != nullptr) { tActionCollection->get_Count(&actionCount); } std::vector<std::string> actions; // Task collections are 1-indexed for (auto j = 1; j <= actionCount; j++) { IAction* act = nullptr; IExecAction* execAction = nullptr; tActionCollection->get_Item(j, &act); if (act == nullptr) { continue; } act->QueryInterface(IID_IExecAction, reinterpret_cast<void**>(&execAction)); if (execAction == nullptr) { continue; } BSTR taskExecPath; execAction->get_Path(&taskExecPath); std::wstring wTaskExecPath(taskExecPath, SysStringLen(taskExecPath)); BSTR taskExecArgs; execAction->get_Arguments(&taskExecArgs); std::wstring wTaskExecArgs(taskExecArgs, SysStringLen(taskExecArgs)); BSTR taskExecRoot; execAction->get_WorkingDirectory(&taskExecRoot); std::wstring wTaskExecRoot(taskExecRoot, SysStringLen(taskExecRoot)); auto full = wTaskExecRoot + L" " + wTaskExecPath + L" " + wTaskExecArgs; actions.push_back(wstringToString(full.c_str())); act->Release(); } if (tActionCollection != nullptr) { tActionCollection->Release(); } if (taskDef != nullptr) { taskDef->Release(); } r["action"] = !actions.empty() ? osquery::join(actions, ",") : ""; results.push_back(r); pRegisteredTask->Release(); } pTaskCollection->Release(); }
std::wstring stringToWstring(const char* str) { std::string s(str); return stringToWstring(s); }
void Error::__ErrorMessage(const char* msg, const char* functionName, unsigned int line, const wchar_t* file, Error::Severity severity) { __ErrorMessage(stringToWstring(msg), functionName, line, file, severity); }
void enumerateTasksForFolder(std::string path, QueryData& results) { void* vpService = nullptr; auto ret = CoCreateInstance(CLSID_TaskScheduler, nullptr, CLSCTX_INPROC_SERVER, IID_ITaskService, &vpService); if (FAILED(ret)) { VLOG(1) << "Failed to create COM instance " << ret; return; } auto pService = static_cast<ITaskService*>(vpService); ret = pService->Connect(_variant_t(), _variant_t(), _variant_t(), _variant_t()); if (FAILED(ret)) { VLOG(1) << "Failed to connect to TaskService " << ret; pService->Release(); return; } ITaskFolder* pRootFolder = nullptr; auto widePath = stringToWstring(path.c_str()); ret = pService->GetFolder(BSTR(widePath.c_str()), &pRootFolder); pService->Release(); if (FAILED(ret)) { VLOG(1) << "Failed to get root task folder " << ret; return; } IRegisteredTaskCollection* pTaskCollection = nullptr; ret = pRootFolder->GetTasks(TASK_ENUM_HIDDEN, &pTaskCollection); pRootFolder->Release(); if (FAILED(ret)) { VLOG(1) << "Failed to get task collection for root folder " << ret; return; } long numTasks = 0; pTaskCollection->get_Count(&numTasks); for (size_t i = 0; i < numTasks; i++) { IRegisteredTask* pRegisteredTask = nullptr; // Collections are 1-based lists ret = pTaskCollection->get_Item(_variant_t(i + 1), &pRegisteredTask); if (FAILED(ret)) { VLOG(1) << "Failed to process task"; continue; } Row r; BSTR taskName; ret = pRegisteredTask->get_Name(&taskName); std::wstring wTaskName(taskName, SysStringLen(taskName)); r["name"] = ret == S_OK ? SQL_TEXT(wstringToString(wTaskName.c_str())) : ""; VARIANT_BOOL enabled = false; pRegisteredTask->get_Enabled(&enabled); r["enabled"] = enabled ? INTEGER(1) : INTEGER(0); TASK_STATE taskState; pRegisteredTask->get_State(&taskState); r["state"] = kStateMap.count(taskState) > 0 ? kStateMap.at(taskState) : kStateMap.at(TASK_STATE_UNKNOWN); BSTR taskPath; ret = pRegisteredTask->get_Path(&taskPath); std::wstring wTaskPath(taskPath, SysStringLen(taskPath)); r["path"] = ret == S_OK ? SQL_TEXT(wstringToString(wTaskPath.c_str())) : ""; VARIANT_BOOL hidden = false; pRegisteredTask->get_Enabled(&hidden); r["hidden"] = hidden ? INTEGER(1) : INTEGER(0); HRESULT lastTaskRun = E_FAIL; pRegisteredTask->get_LastTaskResult(&lastTaskRun); _com_error err(lastTaskRun); r["last_run_message"] = err.ErrorMessage(); r["last_run_code"] = INTEGER(lastTaskRun); // We conver the COM Date type to a unix epoch timestamp DATE dRunTime; SYSTEMTIME st; FILETIME ft; FILETIME locFt; pRegisteredTask->get_LastRunTime(&dRunTime); VariantTimeToSystemTime(dRunTime, &st); SystemTimeToFileTime(&st, &ft); LocalFileTimeToFileTime(&ft, &locFt); r["last_run_time"] = INTEGER(filetimeToUnixtime(locFt)); pRegisteredTask->get_NextRunTime(&dRunTime); VariantTimeToSystemTime(dRunTime, &st); SystemTimeToFileTime(&st, &ft); LocalFileTimeToFileTime(&ft, &locFt); r["next_run_time"] = INTEGER(filetimeToUnixtime(locFt)); results.push_back(r); pRegisteredTask->Release(); } pTaskCollection->Release(); }