Panoptes 1.0.0
Endpoint Detection and Response
Loading...
Searching...
No Matches
Functions
PanoptesSetup.cpp File Reference
#include <Windows.h>
#include <setupapi.h>
#include <iostream>
#include <string>
#include "absl/flags/flag.h"
#include "absl/flags/parse.h"

Go to the source code of this file.

Functions

 ABSL_FLAG (bool, install, false, "Install Panoptes Kernel Driver, Service, and Context Menu")
 
 ABSL_FLAG (bool, uninstall, false,"Uninstall Panoptes")
 
bool FileExists (const std::string &filePath)
 Checks if a file exists.
 
bool ServiceExists (const std::string &serviceName)
 Checks if a service exists.
 
VOID InstallDriverFile (std::string infPath)
 Installs the driver file.
 
LONG NewContextMenuItem ()
 Creates a new context menu item called "Scan with Panoptes" that uses the PanoptesScan.exe executable.
 
bool DeleteDatabase (std::string databasePath)
 Deletes the rocksdb database file.
 
LONG DeleteContextMenuItem ()
 Deletes the context menu item called "Scan with Panoptes".
 
bool DeletePanoptesService (const std::string &serviceName)
 Deletes the Panoptes service.
 
bool DeletePanoptesDriver (const std::string &filePath)
 Deletes the Panoptes driver file.
 
BOOL InstallPanoptes (std::string infPath)
 Installs the Panoptes driver, service, and adds the context menu item.
 
BOOL UninstallPanoptes ()
 Uninstalls the Panoptes driver, service, and removes the context menu item.
 
int WINAPI WinMain (HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nCmdShow)
 The main function for the Panoptes Setup program.
 

Function Documentation

◆ ABSL_FLAG() [1/2]

ABSL_FLAG ( bool  ,
install  ,
false  ,
"Install Panoptes Kernel  Driver,
Service  ,
and Context Menu"   
)

◆ ABSL_FLAG() [2/2]

ABSL_FLAG ( bool  ,
uninstall  ,
false  ,
"Uninstall Panoptes"   
)

◆ DeleteContextMenuItem()

LONG DeleteContextMenuItem ( )

Deletes the context menu item called "Scan with Panoptes".

Returns
The result of the operation

Definition at line 180 of file PanoptesSetup.cpp.

180 {
181 std::string subKey = "*\\shell\\Panoptes";
182
183 LONG result = RegDeleteTreeA(
184 HKEY_CLASSES_ROOT,
185 subKey.c_str()
186 );
187
188 return result;
189}
result
ULONG result
Definition events.cpp:22

References result.

Referenced by UninstallPanoptes().

◆ DeleteDatabase()

bool DeleteDatabase ( std::string  databasePath)

Deletes the rocksdb database file.

Parameters
databasePathThe path to the database file
Returns
True if the database file was deleted, false otherwise

Definition at line 141 of file PanoptesSetup.cpp.

142{
143 WIN32_FIND_DATAA findFileData;
144 char searchPath[MAX_PATH];
145 strcpy_s(searchPath, databasePath.c_str());
146 strcat_s(searchPath, "\\*");
147
148 HANDLE hFind = FindFirstFileA(searchPath, &findFileData);
149 if (hFind == INVALID_HANDLE_VALUE) {
150 return true;
151 }
152
153 do {
154 if (strcmp(findFileData.cFileName, ".") != 0 &&
155 strcmp(findFileData.cFileName, "..") != 0) {
156 std::string filePath = databasePath + "\\" + findFileData.cFileName;
157
158 if (findFileData.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY) {
159 DeleteDatabase(filePath);
160 }
161 else {
162 DeleteFileA(filePath.c_str());
163 }
164 }
165 } while (FindNextFileA(hFind, &findFileData) != 0);
166
167 if (RemoveDirectoryA(databasePath.c_str())) {
168 return true;
169 }
170 else {
171 printf("Error attempting to delete database file: %d\n", GetLastError());
172 return false;
173 }
174}
DeleteDatabase
bool DeleteDatabase(std::string databasePath)
Deletes the rocksdb database file.
Definition PanoptesSetup.cpp:141
MAX_PATH
#define MAX_PATH
Definition callbacks.h:6

References DeleteDatabase(), and MAX_PATH.

Referenced by DeleteDatabase(), and UninstallPanoptes().

◆ DeletePanoptesDriver()

bool DeletePanoptesDriver ( const std::string &  filePath)

Deletes the Panoptes driver file.

Parameters
filePathThe path to the driver file
Returns
True if the driver file was deleted, false otherwise

Definition at line 225 of file PanoptesSetup.cpp.

225 {
226 if (DeleteFileA(filePath.c_str())) {
227 return true;
228 }
229 else {
230 DWORD error = GetLastError();
231 if (error == ERROR_FILE_NOT_FOUND) {
232 return true;
233 }
234 else {
235 return false;
236 }
237 }
238}
DWORD
unsigned long DWORD
Definition inject.h:2

Referenced by UninstallPanoptes().

◆ DeletePanoptesService()

bool DeletePanoptesService ( const std::string &  serviceName)

Deletes the Panoptes service.

Parameters
serviceNameThe name of the service
Returns
True if the service was deleted, false otherwise

Definition at line 196 of file PanoptesSetup.cpp.

196 {
197 SC_HANDLE scm = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS);
198 if (scm == NULL) {
199 return false;
200 }
201
202 SC_HANDLE service = OpenServiceA(scm, serviceName.c_str(), DELETE);
203 if (service == NULL) {
204 CloseServiceHandle(scm);
205 return false;
206 }
207
208 BOOL result = DeleteService(service);
209 if (!result) {
210 CloseServiceHandle(service);
211 CloseServiceHandle(scm);
212 return false;
213 }
214
215 CloseServiceHandle(service);
216 CloseServiceHandle(scm);
217 return true;
218}
BOOL
int BOOL
Definition inject.h:3

References result.

Referenced by UninstallPanoptes().

◆ FileExists()

bool FileExists ( const std::string &  filePath)

Checks if a file exists.

Check if a file exists.

Parameters
filePathThe path to the file
Returns
True if the file exists, false otherwise

Definition at line 16 of file PanoptesSetup.cpp.

16 {
17 DWORD fileAttributes = GetFileAttributesA(filePath.c_str());
18 return (fileAttributes != INVALID_FILE_ATTRIBUTES &&
19 !(fileAttributes & FILE_ATTRIBUTE_DIRECTORY));
20}

Referenced by InstallPanoptes(), and UninstallPanoptes().

◆ InstallDriverFile()

VOID InstallDriverFile ( std::string  infPath)

Installs the driver file.

Parameters
infPathThe path to the INF file

Definition at line 50 of file PanoptesSetup.cpp.

50 {
51 InstallHinfSection(NULL, NULL, L"DefaultInstall 132 C:\\Program Files\\Panoptes\\driver\\Panoptes.inf", 0);
52}

Referenced by InstallPanoptes().

◆ InstallPanoptes()

BOOL InstallPanoptes ( std::string  infPath)

Installs the Panoptes driver, service, and adds the context menu item.

Parameters
infPathThe path to the INF file
Returns
True if the driver and service were installed, false otherwise

Definition at line 246 of file PanoptesSetup.cpp.

246 {
247 // Setup Registry Key to add Panoptes Scan to the context menu
248 printf("Adding new context menu item\n");
249 if (NewContextMenuItem() == ERROR_SUCCESS) {
250 printf("successfully added new context menu item\n");
251 // Install the Panoptes Driver INF which will setup the service
252 printf("Attempting to install driver");
253 InstallDriverFile(infPath);
254 printf("Successfully installed driver");
255
256 if (!FileExists("C:\\Windows\\System32\\drivers\\Panoptes\\Panoptes.sys"))
257 {
258 return FALSE;
259 }
260
261 if (!ServiceExists("Panoptes"))
262 {
263 return FALSE;
264 }
265
266 return TRUE;
267 }
268
269 return FALSE;
270}
FileExists
bool FileExists(const std::string &filePath)
Checks if a file exists.
Definition PanoptesSetup.cpp:16
ServiceExists
bool ServiceExists(const std::string &serviceName)
Checks if a service exists.
Definition PanoptesSetup.cpp:27
NewContextMenuItem
LONG NewContextMenuItem()
Creates a new context menu item called "Scan with Panoptes" that uses the PanoptesScan....
Definition PanoptesSetup.cpp:58
InstallDriverFile
VOID InstallDriverFile(std::string infPath)
Installs the driver file.
Definition PanoptesSetup.cpp:50

References FileExists(), InstallDriverFile(), NewContextMenuItem(), and ServiceExists().

Referenced by WinMain().

◆ NewContextMenuItem()

LONG NewContextMenuItem ( )

Creates a new context menu item called "Scan with Panoptes" that uses the PanoptesScan.exe executable.

Returns
The result of the operation

Definition at line 58 of file PanoptesSetup.cpp.

58 {
59 HKEY hKey, hCommandKey;
60 std::string subKey = "*\\shell\\Panoptes";
61
62 LONG result = RegCreateKeyExA(
63 HKEY_CLASSES_ROOT,
64 subKey.c_str(),
65 0,
66 NULL,
67 REG_OPTION_NON_VOLATILE,
68 KEY_ALL_ACCESS,
69 NULL,
70 &hKey,
71 NULL
72 );
73
74 if (result == ERROR_SUCCESS) {
75 std::string rootDefaultValue = "Scan with Panoptes";
76 result = RegSetValueExA(
77 hKey,
78 NULL, // NULL for the default value
79 0,
80 REG_SZ,
81 reinterpret_cast<const BYTE*>(rootDefaultValue.c_str()),
82 static_cast<DWORD>((rootDefaultValue.length() + 1) * sizeof(wchar_t))
83 );
84 if (result != ERROR_SUCCESS) {
85 return result;
86 }
87
88
89 // Add the "Icon" string value
90 std::string iconValue = "C:\\Program Files\\Panoptes\\tools\\PanoptesScan.exe";
91 result = RegSetValueExA(
92 hKey,
93 "Icon",
94 0,
95 REG_SZ,
96 reinterpret_cast<const BYTE*>(iconValue.c_str()),
97 static_cast<DWORD>((iconValue.length() + 1) * sizeof(wchar_t))
98 );
99
100 if (result == ERROR_SUCCESS) {
101 // Create the "Command" subkey
102 result = RegCreateKeyExA(
103 hKey,
104 "Command",
105 0,
106 NULL,
107 REG_OPTION_NON_VOLATILE,
108 KEY_ALL_ACCESS,
109 NULL,
110 &hCommandKey,
111 NULL
112 );
113
114 if (result == ERROR_SUCCESS) {
115 // Set the default value of the "Command" subkey
116 std::string commandValue = "\"C:\\Program Files\\Panoptes\\tools\\PanoptesScan.exe\" \"%1\"";
117 result = RegSetValueExA(
118 hCommandKey,
119 NULL, // NULL for the default value
120 0,
121 REG_SZ,
122 reinterpret_cast<const BYTE*>(commandValue.c_str()),
123 static_cast<DWORD>((commandValue.length() + 1) * sizeof(wchar_t))
124 );
125
126 RegCloseKey(hCommandKey);
127 }
128 }
129
130 RegCloseKey(hKey);
131 }
132
133 return result;
134}
BYTE
unsigned char BYTE
Definition inject.h:4

References result.

Referenced by InstallPanoptes().

◆ ServiceExists()

bool ServiceExists ( const std::string &  serviceName)

Checks if a service exists.

Parameters
serviceNameThe name of the service
Returns
True if the service exists, false otherwise

Definition at line 27 of file PanoptesSetup.cpp.

27 {
28 SC_HANDLE scm = OpenSCManagerA(NULL, NULL, SC_MANAGER_CONNECT);
29 if (scm == NULL) {
30 return false;
31 }
32
33 SC_HANDLE service = OpenServiceA(scm, serviceName.c_str(), SERVICE_QUERY_STATUS);
34
35 if (service == NULL) {
36 DWORD error = GetLastError();
37 CloseServiceHandle(scm);
38 return (error != ERROR_SERVICE_DOES_NOT_EXIST);
39 }
40
41 CloseServiceHandle(service);
42 CloseServiceHandle(scm);
43 return true;
44}

Referenced by InstallPanoptes(), and UninstallPanoptes().

◆ UninstallPanoptes()

BOOL UninstallPanoptes ( )

Uninstalls the Panoptes driver, service, and removes the context menu item.

Returns
True if the driver, service, and context menu item were uninstalled, false otherwise

Definition at line 276 of file PanoptesSetup.cpp.

276 {
277 if (DeleteContextMenuItem() == ERROR_SUCCESS) {
278 if (ServiceExists("Panoptes")) {
279 if (!DeletePanoptesService("Panoptes")) {
280 return FALSE;
281 }
282 }
283
284 std::string driverPath = "C:\\Windows\\System32\\drivers\\Panoptes\\Panoptes.sys";
285 if (FileExists(driverPath)) {
286 if (!DeletePanoptesDriver("C:\\Windows\\System32\\drivers\\Panoptes\\Panoptes.sys")) {
287 return FALSE;
288 }
289 }
290
291 if (!DeleteDatabase("C:\\ProgramData\\Panoptes\\Database")) {
292 return FALSE;
293 }
294
295 return TRUE;
296 }
297 else {
298 return FALSE;
299 }
300
301}
DeletePanoptesDriver
bool DeletePanoptesDriver(const std::string &filePath)
Deletes the Panoptes driver file.
Definition PanoptesSetup.cpp:225
DeletePanoptesService
bool DeletePanoptesService(const std::string &serviceName)
Deletes the Panoptes service.
Definition PanoptesSetup.cpp:196
DeleteContextMenuItem
LONG DeleteContextMenuItem()
Deletes the context menu item called "Scan with Panoptes".
Definition PanoptesSetup.cpp:180

References DeleteContextMenuItem(), DeleteDatabase(), DeletePanoptesDriver(), DeletePanoptesService(), FileExists(), and ServiceExists().

Referenced by WinMain().

◆ WinMain()

int WINAPI WinMain ( HINSTANCE  hInstance,
HINSTANCE  hPrevInstance,
LPSTR  lpCmdLine,
int  nCmdShow 
)

The main function for the Panoptes Setup program.

Parameters
hInstanceThe instance of the application
hPrevInstanceThe previous instance of the application
lpCmdLineThe command line arguments

Definition at line 309 of file PanoptesSetup.cpp.

309 {
310 std::string infPath = "C:\\Program Files\\Panoptes\\driver\\Panoptes.inf";
311 absl::ParseCommandLine(__argc, __argv);
312
313 if (absl::GetFlag(FLAGS_install) == true && absl::GetFlag(FLAGS_uninstall) == true) {
314 MessageBoxA(NULL, "Can not specify `install` and `uninstall` flags", "Panoptes EDR", 1);
315 }
316 else if (absl::GetFlag(FLAGS_uninstall) == true) {
317 if (UninstallPanoptes()) {
318 MessageBoxA(NULL, "Driver uninstalled successfully.", "Panoptes EDR Uninstall", 0);
319 }
320 else {
321 MessageBoxA(NULL, "Failed to uninstall driver.", "Panoptes EDR Uninstall", 1);
322 }
323 }
324 else if (absl::GetFlag(FLAGS_install)) {
325 if (InstallPanoptes(infPath)) {
326 MessageBoxA(NULL, "Driver installed successfully.", "Panoptes EDR Installer", 0);
327 }
328 else {
329 MessageBoxA(NULL, "Failed to install driver.", "Panoptes EDR Installer", 1);
330 }
331 }
332 else {
333 MessageBoxA(NULL, "No arguments provided.", "Panoptes EDR", 1);
334 }
335
336 return 0;
337}
UninstallPanoptes
BOOL UninstallPanoptes()
Uninstalls the Panoptes driver, service, and removes the context menu item.
Definition PanoptesSetup.cpp:276
InstallPanoptes
BOOL InstallPanoptes(std::string infPath)
Installs the Panoptes driver, service, and adds the context menu item.
Definition PanoptesSetup.cpp:246

References InstallPanoptes(), and UninstallPanoptes().

Generated by doxygen 1.9.8