Panoptes 1.0.0
Endpoint Detection and Response
Loading...
Searching...
No Matches
Functions
containers.cpp File Reference
#include "containers.h"
#include "error_message.h"
#include "utils.h"
#include "Configuration.hpp"

Go to the source code of this file.

Functions

std::string BuildContainerCommandLine (Configuration::ContainerType ext)
 
ERRORCODE StartContainers (std::vector< Configuration::ContainerType > selectedExtensibility)
 

Function Documentation

◆ BuildContainerCommandLine()

std::string BuildContainerCommandLine ( Configuration::ContainerType  ext)

Definition at line 6 of file containers.cpp.

7{
8 std::string localPath = GetCurrentPath();
9 std::string extPath = localPath + "\\ext\\";
10 std::string result = "\"" + localPath + "\\PanoptesContainer.exe" + "\" \"";
11
12 switch (ext) {
13 case CONTAINER_TYPE_YARA:
14 result.append(extPath + EXT_YARA);
15 break;
16 case CONTAINER_TYPE_AMSI:
17 result.append(extPath + EXT_AMSI);
18 break;
19 case CONTAINER_TYPE_PE:
20 result.append(extPath + EXT_PE);
21 break;
22 default:
23 break;
24 }
25 result.append("\"");
26
27 return result;
28}
result
ULONG result
Definition events.cpp:22
EXT_AMSI
#define EXT_AMSI
Definition service_constants.h:3
EXT_YARA
#define EXT_YARA
Definition service_constants.h:4
EXT_PE
#define EXT_PE
Definition service_constants.h:5
GetCurrentPath
std::string GetCurrentPath()
Definition utils.cpp:68

References EXT_AMSI, EXT_PE, EXT_YARA, GetCurrentPath(), and result.

Referenced by StartContainers().

◆ StartContainers()

ERRORCODE StartContainers ( std::vector< Configuration::ContainerType selectedExtensibility)

Definition at line 30 of file containers.cpp.

30 {
31
32 if (selectedExtensibility.size() < 1)
33 {
34 return EXT_SELECTED;
35 }
36
37 BOOL containerStartupSuccess = true;
38 STARTUPINFOA startupInfo;
39 PROCESS_INFORMATION processInformation;
40
41 ZeroMemory(&startupInfo, sizeof(startupInfo));
42 startupInfo.cb = sizeof(startupInfo);
43 ZeroMemory(&processInformation, sizeof(processInformation));
44
45 for (auto containerType : selectedExtensibility) {
46 std::string cmdStr = BuildContainerCommandLine(containerType);
47#ifdef _DEBUG
48 DWORD creationFlags = 0;
49#else
50 DWORD creationFlags = CREATE_NO_WINDOW;
51#endif
52
53 if (!CreateProcessA(
54 NULL, // No module name (use command line)
55 (LPSTR)cmdStr.c_str(), // Command line
56 NULL, // Process handle not inheritable
57 NULL, // Thread handle not inheritable
58 FALSE, // Set handle inheritance to FALSE
59 creationFlags, // No creation flags
60 NULL, // Use parent's environment block
61 NULL, // Use parent's starting directory
62 &startupInfo, // Pointer to STARTUPINFO structure
63 &processInformation) // Pointer to PROCESS_INFORMATION structure
64 )
65 {
66 //string message = format("Failed to create process for {} extensibility: {}", m_extensibilityListName[i], GetLastError());
67 //LogErrorMessage(message);
68 //DWORD errMsg = GetLastError();
69 return CONTAINER_START;
70 }
71 }
72
73 return PANO_SUCCESS;
74}
PANO_SUCCESS
#define PANO_SUCCESS
Definition ResourceCore.h:11
CONTAINER_START
#define CONTAINER_START
Definition ResourceCore.h:19
EXT_SELECTED
#define EXT_SELECTED
Definition ResourceCore.h:33
BuildContainerCommandLine
std::string BuildContainerCommandLine(Configuration::ContainerType ext)
Definition containers.cpp:6
BOOL
int BOOL
Definition inject.h:3
DWORD
unsigned long DWORD
Definition inject.h:2

References BuildContainerCommandLine(), CONTAINER_START, EXT_SELECTED, and PANO_SUCCESS.

Referenced by WinMain().

Generated by doxygen 1.9.8