Panoptes 1.0.0
Endpoint Detection and Response
Loading...
Searching...
No Matches
PanoptesSetup.cpp
Go to the documentation of this file.
1#include <Windows.h>
2#include <setupapi.h>
3#include <iostream>
4#include <string>
5#include "absl/flags/flag.h"
6#include "absl/flags/parse.h"
7
8ABSL_FLAG(bool, install, false, "Install Panoptes Kernel Driver, Service, and Context Menu");
9ABSL_FLAG(bool, uninstall, false,"Uninstall Panoptes");
10
16bool FileExists(const std::string& filePath) {
17 DWORD fileAttributes = GetFileAttributesA(filePath.c_str());
18 return (fileAttributes != INVALID_FILE_ATTRIBUTES &&
19 !(fileAttributes & FILE_ATTRIBUTE_DIRECTORY));
20}
21
27bool ServiceExists(const std::string& serviceName) {
28 SC_HANDLE scm = OpenSCManagerA(NULL, NULL, SC_MANAGER_CONNECT);
29 if (scm == NULL) {
30 return false;
31 }
32
33 SC_HANDLE service = OpenServiceA(scm, serviceName.c_str(), SERVICE_QUERY_STATUS);
34
35 if (service == NULL) {
36 DWORD error = GetLastError();
37 CloseServiceHandle(scm);
38 return (error != ERROR_SERVICE_DOES_NOT_EXIST);
39 }
40
41 CloseServiceHandle(service);
42 CloseServiceHandle(scm);
43 return true;
44}
45
50VOID InstallDriverFile(std::string infPath) {
51 InstallHinfSection(NULL, NULL, L"DefaultInstall 132 C:\\Program Files\\Panoptes\\driver\\Panoptes.inf", 0);
52}
53
58LONG NewContextMenuItem() {
59 HKEY hKey, hCommandKey;
60 std::string subKey = "*\\shell\\Panoptes";
61
62 LONG result = RegCreateKeyExA(
63 HKEY_CLASSES_ROOT,
64 subKey.c_str(),
65 0,
66 NULL,
67 REG_OPTION_NON_VOLATILE,
68 KEY_ALL_ACCESS,
69 NULL,
70 &hKey,
71 NULL
72 );
73
74 if (result == ERROR_SUCCESS) {
75 std::string rootDefaultValue = "Scan with Panoptes";
76 result = RegSetValueExA(
77 hKey,
78 NULL, // NULL for the default value
79 0,
80 REG_SZ,
81 reinterpret_cast<const BYTE*>(rootDefaultValue.c_str()),
82 static_cast<DWORD>((rootDefaultValue.length() + 1) * sizeof(wchar_t))
83 );
84 if (result != ERROR_SUCCESS) {
85 return result;
86 }
87
88
89 // Add the "Icon" string value
90 std::string iconValue = "C:\\Program Files\\Panoptes\\tools\\PanoptesScan.exe";
91 result = RegSetValueExA(
92 hKey,
93 "Icon",
94 0,
95 REG_SZ,
96 reinterpret_cast<const BYTE*>(iconValue.c_str()),
97 static_cast<DWORD>((iconValue.length() + 1) * sizeof(wchar_t))
98 );
99
100 if (result == ERROR_SUCCESS) {
101 // Create the "Command" subkey
102 result = RegCreateKeyExA(
103 hKey,
104 "Command",
105 0,
106 NULL,
107 REG_OPTION_NON_VOLATILE,
108 KEY_ALL_ACCESS,
109 NULL,
110 &hCommandKey,
111 NULL
112 );
113
114 if (result == ERROR_SUCCESS) {
115 // Set the default value of the "Command" subkey
116 std::string commandValue = "\"C:\\Program Files\\Panoptes\\tools\\PanoptesScan.exe\" \"%1\"";
117 result = RegSetValueExA(
118 hCommandKey,
119 NULL, // NULL for the default value
120 0,
121 REG_SZ,
122 reinterpret_cast<const BYTE*>(commandValue.c_str()),
123 static_cast<DWORD>((commandValue.length() + 1) * sizeof(wchar_t))
124 );
125
126 RegCloseKey(hCommandKey);
127 }
128 }
129
130 RegCloseKey(hKey);
131 }
132
133 return result;
134}
135
141bool DeleteDatabase(std::string databasePath)
142{
143 WIN32_FIND_DATAA findFileData;
144 char searchPath[MAX_PATH];
145 strcpy_s(searchPath, databasePath.c_str());
146 strcat_s(searchPath, "\\*");
147
148 HANDLE hFind = FindFirstFileA(searchPath, &findFileData);
149 if (hFind == INVALID_HANDLE_VALUE) {
150 return true;
151 }
152
153 do {
154 if (strcmp(findFileData.cFileName, ".") != 0 &&
155 strcmp(findFileData.cFileName, "..") != 0) {
156 std::string filePath = databasePath + "\\" + findFileData.cFileName;
157
158 if (findFileData.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY) {
159 DeleteDatabase(filePath);
160 }
161 else {
162 DeleteFileA(filePath.c_str());
163 }
164 }
165 } while (FindNextFileA(hFind, &findFileData) != 0);
166
167 if (RemoveDirectoryA(databasePath.c_str())) {
168 return true;
169 }
170 else {
171 printf("Error attempting to delete database file: %d\n", GetLastError());
172 return false;
173 }
174}
175
180LONG DeleteContextMenuItem() {
181 std::string subKey = "*\\shell\\Panoptes";
182
183 LONG result = RegDeleteTreeA(
184 HKEY_CLASSES_ROOT,
185 subKey.c_str()
186 );
187
188 return result;
189}
190
196bool DeletePanoptesService(const std::string& serviceName) {
197 SC_HANDLE scm = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS);
198 if (scm == NULL) {
199 return false;
200 }
201
202 SC_HANDLE service = OpenServiceA(scm, serviceName.c_str(), DELETE);
203 if (service == NULL) {
204 CloseServiceHandle(scm);
205 return false;
206 }
207
208 BOOL result = DeleteService(service);
209 if (!result) {
210 CloseServiceHandle(service);
211 CloseServiceHandle(scm);
212 return false;
213 }
214
215 CloseServiceHandle(service);
216 CloseServiceHandle(scm);
217 return true;
218}
219
225bool DeletePanoptesDriver(const std::string& filePath) {
226 if (DeleteFileA(filePath.c_str())) {
227 return true;
228 }
229 else {
230 DWORD error = GetLastError();
231 if (error == ERROR_FILE_NOT_FOUND) {
232 return true;
233 }
234 else {
235 return false;
236 }
237 }
238}
239
240
246BOOL InstallPanoptes(std::string infPath) {
247 // Setup Registry Key to add Panoptes Scan to the context menu
248 printf("Adding new context menu item\n");
249 if (NewContextMenuItem() == ERROR_SUCCESS) {
250 printf("successfully added new context menu item\n");
251 // Install the Panoptes Driver INF which will setup the service
252 printf("Attempting to install driver");
253 InstallDriverFile(infPath);
254 printf("Successfully installed driver");
255
256 if (!FileExists("C:\\Windows\\System32\\drivers\\Panoptes\\Panoptes.sys"))
257 {
258 return FALSE;
259 }
260
261 if (!ServiceExists("Panoptes"))
262 {
263 return FALSE;
264 }
265
266 return TRUE;
267 }
268
269 return FALSE;
270}
271
276BOOL UninstallPanoptes() {
277 if (DeleteContextMenuItem() == ERROR_SUCCESS) {
278 if (ServiceExists("Panoptes")) {
279 if (!DeletePanoptesService("Panoptes")) {
280 return FALSE;
281 }
282 }
283
284 std::string driverPath = "C:\\Windows\\System32\\drivers\\Panoptes\\Panoptes.sys";
285 if (FileExists(driverPath)) {
286 if (!DeletePanoptesDriver("C:\\Windows\\System32\\drivers\\Panoptes\\Panoptes.sys")) {
287 return FALSE;
288 }
289 }
290
291 if (!DeleteDatabase("C:\\ProgramData\\Panoptes\\Database")) {
292 return FALSE;
293 }
294
295 return TRUE;
296 }
297 else {
298 return FALSE;
299 }
300
301}
302
309int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nCmdShow) {
310 std::string infPath = "C:\\Program Files\\Panoptes\\driver\\Panoptes.inf";
311 absl::ParseCommandLine(__argc, __argv);
312
313 if (absl::GetFlag(FLAGS_install) == true && absl::GetFlag(FLAGS_uninstall) == true) {
314 MessageBoxA(NULL, "Can not specify `install` and `uninstall` flags", "Panoptes EDR", 1);
315 }
316 else if (absl::GetFlag(FLAGS_uninstall) == true) {
317 if (UninstallPanoptes()) {
318 MessageBoxA(NULL, "Driver uninstalled successfully.", "Panoptes EDR Uninstall", 0);
319 }
320 else {
321 MessageBoxA(NULL, "Failed to uninstall driver.", "Panoptes EDR Uninstall", 1);
322 }
323 }
324 else if (absl::GetFlag(FLAGS_install)) {
325 if (InstallPanoptes(infPath)) {
326 MessageBoxA(NULL, "Driver installed successfully.", "Panoptes EDR Installer", 0);
327 }
328 else {
329 MessageBoxA(NULL, "Failed to install driver.", "Panoptes EDR Installer", 1);
330 }
331 }
332 else {
333 MessageBoxA(NULL, "No arguments provided.", "Panoptes EDR", 1);
334 }
335
336 return 0;
337}
DeleteDatabase
bool DeleteDatabase(std::string databasePath)
Deletes the rocksdb database file.
Definition PanoptesSetup.cpp:141
FileExists
bool FileExists(const std::string &filePath)
Checks if a file exists.
Definition PanoptesSetup.cpp:16
UninstallPanoptes
BOOL UninstallPanoptes()
Uninstalls the Panoptes driver, service, and removes the context menu item.
Definition PanoptesSetup.cpp:276
ServiceExists
bool ServiceExists(const std::string &serviceName)
Checks if a service exists.
Definition PanoptesSetup.cpp:27
DeletePanoptesDriver
bool DeletePanoptesDriver(const std::string &filePath)
Deletes the Panoptes driver file.
Definition PanoptesSetup.cpp:225
WinMain
int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nCmdShow)
The main function for the Panoptes Setup program.
Definition PanoptesSetup.cpp:309
DeletePanoptesService
bool DeletePanoptesService(const std::string &serviceName)
Deletes the Panoptes service.
Definition PanoptesSetup.cpp:196
InstallPanoptes
BOOL InstallPanoptes(std::string infPath)
Installs the Panoptes driver, service, and adds the context menu item.
Definition PanoptesSetup.cpp:246
NewContextMenuItem
LONG NewContextMenuItem()
Creates a new context menu item called "Scan with Panoptes" that uses the PanoptesScan....
Definition PanoptesSetup.cpp:58
DeleteContextMenuItem
LONG DeleteContextMenuItem()
Deletes the context menu item called "Scan with Panoptes".
Definition PanoptesSetup.cpp:180
ABSL_FLAG
ABSL_FLAG(bool, install, false, "Install Panoptes Kernel Driver, Service, and Context Menu")
InstallDriverFile
VOID InstallDriverFile(std::string infPath)
Installs the driver file.
Definition PanoptesSetup.cpp:50
MAX_PATH
#define MAX_PATH
Definition callbacks.h:6
result
ULONG result
Definition events.cpp:22
BOOL
int BOOL
Definition inject.h:3
BYTE
unsigned char BYTE
Definition inject.h:4
DWORD
unsigned long DWORD
Definition inject.h:2
Generated by doxygen 1.9.8