Panoptes
1.0.0
Endpoint Detection and Response
Loading...
Searching...
No Matches
src
extensibility
PanoptesAMSI
src
dllmain.cpp
Go to the documentation of this file.
1
#include <string>
2
#include <codecvt>
3
#include <locale>
4
#include <amsi.h>
5
#include "
PanoptesAMSI.h
"
6
#define VERSION "1.0.0"
7
13
BOOL
APIENTRY
DllMain
(HMODULE module,
DWORD
dllAction, LPVOID lpReserved)
14
{
15
switch
(dllAction)
16
{
17
case
DLL_PROCESS_ATTACH:
18
//DisableThreadLibraryCalls(module);
19
break
;
20
case
DLL_THREAD_ATTACH:
21
// Code to run when a thread is created
22
break
;
23
case
DLL_THREAD_DETACH:
24
// Code to run when a thread ends
25
break
;
26
case
DLL_PROCESS_DETACH:
27
break
;
28
}
29
return
TRUE;
30
}
31
35
extern
"C"
PANO_API
int
PanoBind
(
int
ContainerPort)
36
{
37
PanoptesServiceClient
client =
PanoptesServiceClient
();
38
if
(!client.
Hello
(
ExtensibilityType::EXTENSIBILITY_TYPE_AMSI
, ContainerPort)) {
39
return
0;
40
}
41
42
return
ContainerPort;
43
}
44
49
extern
"C"
PANO_API
bool
PanoEntry
(
PeScan
* data,
MemScan
* mem_data)
50
{
51
if
(data->
PePath
.empty()) {
52
return
false
;
53
}
54
55
INT amsi_result = 0;
56
HRESULT status =
AmsiScanner::AmsiScanFile
(data->
PePath
,
""
, &amsi_result);
57
if
(FAILED(status)) {
58
return
false
;
59
}
60
else
{
61
PanoptesServiceClient
client =
PanoptesServiceClient
();
62
if
(!client.
SendResults_AMSI
(data->
PePath
, data->
FileHash
, amsi_result)) {
63
return
false
;
64
}
65
66
return
true
;
67
}
68
}
69
72
extern
"C"
PANO_API
bool
PanoUnbind
()
73
{
74
HMODULE hModule = GetModuleHandleA(
"PanoptesAMSI.dll"
);
75
if
(hModule != NULL) {
76
FreeLibraryAndExitThread(hModule, 0);
77
}
78
return
true
;
79
}
PANO_API
#define PANO_API
Definition
ExtensibilityCore.h:7
EXTENSIBILITY_TYPE_AMSI
@ EXTENSIBILITY_TYPE_AMSI
Definition
ExtensibilityCore.h:12
PanoptesAMSI.h
AmsiScanner::AmsiScanFile
static HRESULT AmsiScanFile(std::string PathToFile, std::string CopyPath, int *AmsiResult)
Scan a file using Windows built in AMSI feature set.
Definition
amsi-scan.cpp:10
PanoptesServiceClient
Panoptes Service Client that is used to communicate with the Panoptes Service via.
Definition
container_ipc.hpp:36
PanoptesServiceClient::SendResults_AMSI
bool SendResults_AMSI(std::string PePath, DWORD AmsiResult)
PanoptesServiceClient::Hello
bool Hello(ExtensibilityType extensibilityType, std::string port)
The Hello function sends a Hello message to the Panoptes main service from the container.
Definition
service_client.cpp:25
PanoBind
ExtensibilityCore::PanoBindPtr PanoBind
Definition
container.cpp:11
PanoEntry
ExtensibilityCore::PanoEntryPtr PanoEntry
Definition
container.cpp:12
DllMain
BOOL APIENTRY DllMain(HMODULE module, DWORD dllAction, LPVOID lpReserved)
Main entry point for the DLL.
Definition
dllmain.cpp:13
PanoUnbind
PANO_API bool PanoUnbind()
Unbind from the Panoptes Service by freeing the DLL.
Definition
dllmain.cpp:72
BOOL
int BOOL
Definition
inject.h:3
DWORD
unsigned long DWORD
Definition
inject.h:2
MemScan
The information about the memory to be scanned that passed between the container, extensibility and t...
Definition
ExtensibilityCore.h:26
PeScan
The information about the file to be scanned that passed between the container, extensibility and the...
Definition
ExtensibilityCore.h:19
PeScan::FileHash
std::string FileHash
Definition
ExtensibilityCore.h:21
PeScan::PePath
std::string PePath
Definition
ExtensibilityCore.h:20
Generated by
1.9.8
1.9.8