test/CDPShared/DataGather.cs

using System;
using System.Collections.Generic;
using System.Globalization;
using System.Linq;
using System.Management;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading.Tasks;

namespace CDPShared
{
    public class DataGather
    {
        private CircleAPIHelper _apiHelper;
        List<string> _meta;
        List<string> _head;
        List<string> _tail;

        public List<string> Meta
        {
            get
            {
                return _meta;
            }
        }

        public DataGather(CircleAPIHelper apiHelper)
        {
            _apiHelper = apiHelper;
            _meta = new List<string>();
            _head = new List<string>();
            _tail = new List<string>();
        }

        public void AddHead(string name, string value)
        {
            _head.Add(name + "|" + value);
        }
        public void AddTail(string name, string value)
        {
            _tail.Add(name + "|" + value);
        }

        public List<string> Gather()
        {
            try
            {
                _meta.AddRange(_head);
                if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
                {
                    _meta.AddRange(GetSystemWMIStuff());
                    _meta.AddRange(GetSecurityWMIStuff());
                }

                _meta.Add(GetCountry());
                _meta.Add($"OS username|{Environment.UserDomainName + "\\" + Environment.UserName}");
                _meta.Add($"Machine name|{Environment.MachineName}");
                _meta.AddRange(_tail);
            }
            catch (Exception e)
            {

            }

            return _meta;
        }

        string GetCountry()
        {
            CultureInfo culture = CultureInfo.CurrentCulture;
            RegionInfo region = new RegionInfo(culture.LCID);
            return $"Country|{region.DisplayName}";

        }
        List<string> GetSystemWMIStuff()
        {
            List<string> systemWmiStuff = new List<string>();
            try
            {
                // Connect to the WMI namespace
                ManagementScope scope = new ManagementScope(@"\\.\root\CIMV2");
                scope.Connect();

                string wql = @"SELECT * FROM Win32_OperatingSystem";

                // Create a new WMI query object and execute the query
                ObjectQuery query = new ObjectQuery(wql);
                ManagementObjectSearcher searcher = new ManagementObjectSearcher(scope, query);
                ManagementObjectCollection results = searcher.Get();

                foreach (ManagementObject result in results)
                {
                    string OS = result.Properties["Caption"].Value.ToString();
                    systemWmiStuff.Add($"Operating system|{OS}");
                }

                // IP Addresses
                wql = @"SELECT IPAddress FROM Win32_NetworkAdapterConfiguration WHERE IPEnabled = 'True'";
                // Create a new WMI query object and execute the query
                query = new ObjectQuery(wql);
                searcher = new ManagementObjectSearcher(scope, query);
                results = searcher.Get();
                foreach (ManagementObject result in results)
                {
                    string[] ipAddresses = (string[])result["IPAddress"];
                    if (ipAddresses != null && ipAddresses.Length > 0)
                    {
                        systemWmiStuff.Add($"IP Address|{ipAddresses[0]}");
                    }
                }

                // TimeZone
                wql = @"SELECT * FROM Win32_TimeZone";

                // Create a new WMI query object and execute the query
                query = new ObjectQuery(wql);
                searcher = new ManagementObjectSearcher(scope, query);
                results = searcher.Get();
                foreach (ManagementObject result in results)
                {
                    string timeZoneName = (string)result["Caption"];
                    systemWmiStuff.Add($"TimeZone|{timeZoneName}");
                }
            }
            catch (Exception e)
            {
                MinLogging.LogIt(e.Message);
            }

            return systemWmiStuff;

        }
        List<string> GetSecurityWMIStuff()
        {
            List<string> securityWMIStuff = new List<string>();
            try
            {
                // Connect to the WMI namespace
                ManagementScope scope = new ManagementScope(@"\\.\root\SecurityCenter2");
                scope.Connect();

                // WMI query to get the current patch level for the antivirus program
                string wql = @"SELECT * FROM AntiVirusProduct";

                // Create a new WMI query object and execute the query
                ObjectQuery query = new ObjectQuery(wql);
                ManagementObjectSearcher searcher = new ManagementObjectSearcher(scope, query);
                ManagementObjectCollection results = searcher.Get();

                foreach (ManagementObject result in results)
                {
                    string name = result.Properties["displayName"].Value.ToString();
                    string signatureDate = result.Properties["timestamp"].Value.ToString();
                    uint state = Convert.ToUInt32(result.Properties["productState"].Value);
                    uint avState = (state >> 12) & 0xf; // https://mcpforlife.com/2020/04/14/how-to-resolve-this-state-value-of-av-providers/
                    string running = "";
                    switch (avState)
                    {
                        case 0:
                            running = "Off";
                            break;
                        case 1:
                            running = "On";
                            break;
                        case 2:
                            running = "Snoozed";
                            break;
                        case 3:
                            running = "Expired";
                            break;
                        default:
                            running = "Unknown";
                            break;

                    }
                    string avLine = string.Format($"AntiVirus|{name} Signature file: {signatureDate}  Active: {running}");
                    securityWMIStuff.Add(avLine);
                }
            }
            catch (Exception e)
            {
                MinLogging.LogIt(e.Message);
            }

            return securityWMIStuff;

        }

    }
}