Panoptes
1.0.0
Endpoint Detection and Response
Loading...
Searching...
No Matches
src
extensibility
PanoptesPE
src
dllmain.cpp
Go to the documentation of this file.
1
#include "
PanoptesPE.h
"
2
8
BOOL
APIENTRY
DllMain
(HMODULE module,
DWORD
dllAction, LPVOID lpReserved)
9
{
10
switch
(dllAction)
11
{
12
case
DLL_PROCESS_ATTACH:
13
//DisableThreadLibraryCalls(module);
14
break
;
15
case
DLL_THREAD_ATTACH:
16
// Code to run when a thread is created
17
break
;
18
case
DLL_THREAD_DETACH:
19
// Code to run when a thread ends
20
break
;
21
case
DLL_PROCESS_DETACH:
22
break
;
23
}
24
return
TRUE;
25
}
26
31
extern
"C"
PANO_API
int
PanoBind
(
int
ContainerPort)
32
{
33
PanoptesServiceClient
client =
PanoptesServiceClient
();
34
if
(!client.
Hello
(
ExtensibilityType::EXTENSIBILITY_TYPE_PE
, ContainerPort)) {
35
return
0;
36
}
37
38
return
ContainerPort;
39
}
40
45
extern
"C"
PANO_API
bool
PanoEntry
(
PeScan
* data,
MemScan
* mem_data)
46
{
47
if
(data->
PePath
.empty()) {
48
return
false
;
49
}
50
51
PortableExecutable
pe =
PortableExecutable
(data->
PePath
);
52
try
{
53
std::vector<std::string> imports = pe.
GetImports
();
54
std::vector<std::pair<std::string, double>> sections = pe.
GetSections
();
55
bool
isSigned = pe.
CheckIfSigned
();
56
57
PortableExecutable::PEScanData
peData;
58
peData.
imports
= imports;
59
for
(
auto
section : sections) {
60
peData.
sections
.push_back(section.first);
61
peData.
section_entropy
.push_back(section.second);
62
}
63
64
peData.
isSigned
= isSigned;
65
66
PanoptesServiceClient
client =
PanoptesServiceClient
();
67
if
(!client.
SendResults_PE
(data->
PePath
, peData)) {
68
return
false
;
69
}
70
}
71
catch
(
const
exception& e) {
72
return
false
;
73
}
74
75
return
true
;
76
}
77
78
extern
"C"
PANO_API
bool
PanoUnbind
()
79
{
80
HMODULE hModule = GetModuleHandleA(
"PanoptesPE.dll"
);
81
if
(hModule != NULL) {
82
FreeLibraryAndExitThread(hModule, 0);
83
}
84
return
true
;
85
}
PANO_API
#define PANO_API
Definition
ExtensibilityCore.h:7
EXTENSIBILITY_TYPE_PE
@ EXTENSIBILITY_TYPE_PE
Definition
ExtensibilityCore.h:13
PanoptesPE.h
PanoptesServiceClient
Panoptes Service Client that is used to communicate with the Panoptes Service via.
Definition
container_ipc.hpp:36
PanoptesServiceClient::SendResults_PE
bool SendResults_PE(std::string PePath, bool IsPeSigned, std::string PeSignerSubject, std::vector< std::string > PeImports)
PanoptesServiceClient::Hello
bool Hello(ExtensibilityType extensibilityType, std::string port)
The Hello function sends a Hello message to the Panoptes main service from the container.
Definition
service_client.cpp:25
PortableExecutable
Definition
PanoptesPE.h:8
PortableExecutable::CheckIfSigned
bool CheckIfSigned()
Check if the portable executable is signed.
Definition
pe-scan.cpp:65
PortableExecutable::GetSections
std::vector< std::pair< std::string, double > > GetSections()
Get the sections from the portable executable.
Definition
pe-scan.cpp:45
PortableExecutable::GetImports
std::vector< std::string > GetImports()
Get the imports from the portable executable.
Definition
pe-scan.cpp:20
PanoBind
ExtensibilityCore::PanoBindPtr PanoBind
Definition
container.cpp:11
PanoEntry
ExtensibilityCore::PanoEntryPtr PanoEntry
Definition
container.cpp:12
DllMain
BOOL APIENTRY DllMain(HMODULE module, DWORD dllAction, LPVOID lpReserved)
The main entry point for the DLL.
Definition
dllmain.cpp:8
PanoUnbind
PANO_API bool PanoUnbind()
Definition
dllmain.cpp:78
BOOL
int BOOL
Definition
inject.h:3
DWORD
unsigned long DWORD
Definition
inject.h:2
MemScan
The information about the memory to be scanned that passed between the container, extensibility and t...
Definition
ExtensibilityCore.h:26
PeScan
The information about the file to be scanned that passed between the container, extensibility and the...
Definition
ExtensibilityCore.h:19
PeScan::PePath
std::string PePath
Definition
ExtensibilityCore.h:20
PortableExecutable::PEScanData
The data that is sent to the Panoptes Service.
Definition
PanoptesPE.h:11
PortableExecutable::PEScanData::imports
std::vector< std::string > imports
Definition
PanoptesPE.h:12
PortableExecutable::PEScanData::section_entropy
std::vector< double > section_entropy
Definition
PanoptesPE.h:14
PortableExecutable::PEScanData::isSigned
bool isSigned
Definition
PanoptesPE.h:15
PortableExecutable::PEScanData::sections
std::vector< std::string > sections
Definition
PanoptesPE.h:13
Generated by
1.9.8
1.9.8