You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
190 lines
6.4 KiB
190 lines
6.4 KiB
using System;
|
|
using System.Collections.Generic;
|
|
using System.Globalization;
|
|
using System.Linq;
|
|
using System.Management;
|
|
using System.Runtime.InteropServices;
|
|
using System.Text;
|
|
using System.Threading.Tasks;
|
|
|
|
namespace CDPShared
|
|
{
|
|
public class DataGather
|
|
{
|
|
private CircleAPIHelper _apiHelper;
|
|
List<string> _meta;
|
|
List<string> _head;
|
|
List<string> _tail;
|
|
|
|
public List<string> Meta
|
|
{
|
|
get
|
|
{
|
|
return _meta;
|
|
}
|
|
}
|
|
|
|
public DataGather(CircleAPIHelper apiHelper)
|
|
{
|
|
_apiHelper = apiHelper;
|
|
_meta = new List<string>();
|
|
_head = new List<string>();
|
|
_tail = new List<string>();
|
|
}
|
|
|
|
public void AddHead(string name, string value)
|
|
{
|
|
_head.Add(name + "|" + value);
|
|
}
|
|
public void AddTail(string name, string value)
|
|
{
|
|
_tail.Add(name + "|" + value);
|
|
}
|
|
|
|
public List<string> Gather()
|
|
{
|
|
try
|
|
{
|
|
_meta.AddRange(_head);
|
|
if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
|
|
{
|
|
_meta.AddRange(GetSystemWMIStuff());
|
|
_meta.AddRange(GetSecurityWMIStuff());
|
|
}
|
|
|
|
_meta.Add(GetCountry());
|
|
_meta.Add($"OS username|{Environment.UserDomainName + "\\" + Environment.UserName}");
|
|
_meta.Add($"Machine name|{Environment.MachineName}");
|
|
_meta.AddRange(_tail);
|
|
}
|
|
catch (Exception e)
|
|
{
|
|
|
|
}
|
|
|
|
return _meta;
|
|
}
|
|
|
|
string GetCountry()
|
|
{
|
|
CultureInfo culture = CultureInfo.CurrentCulture;
|
|
RegionInfo region = new RegionInfo(culture.LCID);
|
|
return $"Country|{region.DisplayName}";
|
|
|
|
}
|
|
List<string> GetSystemWMIStuff()
|
|
{
|
|
List<string> systemWmiStuff = new List<string>();
|
|
try
|
|
{
|
|
// Connect to the WMI namespace
|
|
ManagementScope scope = new ManagementScope(@"\\.\root\CIMV2");
|
|
scope.Connect();
|
|
|
|
string wql = @"SELECT * FROM Win32_OperatingSystem";
|
|
|
|
// Create a new WMI query object and execute the query
|
|
ObjectQuery query = new ObjectQuery(wql);
|
|
ManagementObjectSearcher searcher = new ManagementObjectSearcher(scope, query);
|
|
ManagementObjectCollection results = searcher.Get();
|
|
|
|
foreach (ManagementObject result in results)
|
|
{
|
|
string OS = result.Properties["Caption"].Value.ToString();
|
|
systemWmiStuff.Add($"Operating system|{OS}");
|
|
}
|
|
|
|
// IP Addresses
|
|
wql = @"SELECT IPAddress FROM Win32_NetworkAdapterConfiguration WHERE IPEnabled = 'True'";
|
|
// Create a new WMI query object and execute the query
|
|
query = new ObjectQuery(wql);
|
|
searcher = new ManagementObjectSearcher(scope, query);
|
|
results = searcher.Get();
|
|
foreach (ManagementObject result in results)
|
|
{
|
|
string[] ipAddresses = (string[])result["IPAddress"];
|
|
if (ipAddresses != null && ipAddresses.Length > 0)
|
|
{
|
|
systemWmiStuff.Add($"IP Address|{ipAddresses[0]}");
|
|
}
|
|
}
|
|
|
|
// TimeZone
|
|
wql = @"SELECT * FROM Win32_TimeZone";
|
|
|
|
// Create a new WMI query object and execute the query
|
|
query = new ObjectQuery(wql);
|
|
searcher = new ManagementObjectSearcher(scope, query);
|
|
results = searcher.Get();
|
|
foreach (ManagementObject result in results)
|
|
{
|
|
string timeZoneName = (string)result["Caption"];
|
|
systemWmiStuff.Add($"TimeZone|{timeZoneName}");
|
|
}
|
|
}
|
|
catch (Exception e)
|
|
{
|
|
MinLogging.LogIt(e.Message);
|
|
}
|
|
|
|
return systemWmiStuff;
|
|
|
|
}
|
|
List<string> GetSecurityWMIStuff()
|
|
{
|
|
List<string> securityWMIStuff = new List<string>();
|
|
try
|
|
{
|
|
// Connect to the WMI namespace
|
|
ManagementScope scope = new ManagementScope(@"\\.\root\SecurityCenter2");
|
|
scope.Connect();
|
|
|
|
// WMI query to get the current patch level for the antivirus program
|
|
string wql = @"SELECT * FROM AntiVirusProduct";
|
|
|
|
// Create a new WMI query object and execute the query
|
|
ObjectQuery query = new ObjectQuery(wql);
|
|
ManagementObjectSearcher searcher = new ManagementObjectSearcher(scope, query);
|
|
ManagementObjectCollection results = searcher.Get();
|
|
|
|
foreach (ManagementObject result in results)
|
|
{
|
|
string name = result.Properties["displayName"].Value.ToString();
|
|
string signatureDate = result.Properties["timestamp"].Value.ToString();
|
|
uint state = Convert.ToUInt32(result.Properties["productState"].Value);
|
|
uint avState = (state >> 12) & 0xf; // https://mcpforlife.com/2020/04/14/how-to-resolve-this-state-value-of-av-providers/
|
|
string running = "";
|
|
switch (avState)
|
|
{
|
|
case 0:
|
|
running = "Off";
|
|
break;
|
|
case 1:
|
|
running = "On";
|
|
break;
|
|
case 2:
|
|
running = "Snoozed";
|
|
break;
|
|
case 3:
|
|
running = "Expired";
|
|
break;
|
|
default:
|
|
running = "Unknown";
|
|
break;
|
|
|
|
}
|
|
string avLine = string.Format($"AntiVirus|{name} Signature file: {signatureDate} Active: {running}");
|
|
securityWMIStuff.Add(avLine);
|
|
}
|
|
}
|
|
catch (Exception e)
|
|
{
|
|
MinLogging.LogIt(e.Message);
|
|
}
|
|
|
|
return securityWMIStuff;
|
|
|
|
}
|
|
|
|
}
|
|
}
|