Panoptes 1.0.0
Endpoint Detection and Response
Loading...
Searching...
No Matches
Functions
service.cpp File Reference
#include "panoptes_service.h"
#include "ResourceCore.h"
#include <iostream>
#include "grpc.hpp"
#include "TrayNotifications.h"
#include "events.h"
#include "error_message.h"
#include "mutex.hpp"
#include "containers.h"
#include "utils.h"
#include "database.hpp"
#include "driver.h"
#include "Configuration.hpp"

Go to the source code of this file.

Functions

ERRORCODE CleanupWithError (ERRORCODE err)
 
int WINAPI WinMain (HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nCmdShow)
 

Function Documentation

◆ CleanupWithError()

ERRORCODE CleanupWithError ( ERRORCODE  err)

Definition at line 15 of file service.cpp.

15 {
16 DestroyMutex();
17 std::string msg = GetErrorMessage(err);
18 DisplayErrorMessage(msg);
19 return err;
20}
GetErrorMessage
std::string GetErrorMessage(UINT resourceID)
Definition error_message.cpp:5
DisplayErrorMessage
void DisplayErrorMessage(std::string errorMessage)
Definition error_message.cpp:24
DestroyMutex
ERRORCODE DestroyMutex()
Definition mutex.cpp:33

References DestroyMutex(), DisplayErrorMessage(), and GetErrorMessage().

Referenced by WinMain().

◆ WinMain()

int WINAPI WinMain ( HINSTANCE  hInstance,
HINSTANCE  hPrevInstance,
LPSTR  lpCmdLine,
int  nCmdShow 
)

Definition at line 23 of file service.cpp.

24{
25
26#ifndef _DEBUG
27 if (IsDebuggerPresent()) {
28 auto msg = GetErrorMessage(DEBUGGER);
29 DisplayErrorMessage(msg);
30 return DEBUGGER;
31 }
32#endif
33
34 PanoptesContext serviceContext;
35 serviceContext.threadError = false;
36
37#pragma region Admin Check
38 if (!IsRunningAsAdmin()) {
39 auto msg = GetErrorMessage(NOT_ADMIN);
40 DisplayErrorMessage(msg);
41 return NOT_ADMIN;
42 }
43#pragma endregion
44
45#pragma region Mutex Check
46 if (MutexExist() != PANO_SUCCESS) {
47 if (SetEnvironmentMutex() != PANO_SUCCESS) {
48 auto msg = GetErrorMessage(MUTEX_SET);
49 DisplayErrorMessage(msg);
50 return MUTEX_SET;
51 }
52 }
53 else {
54 auto msg = GetErrorMessage(MUTEX_SET);
55 DisplayErrorMessage(msg);
56 return MUTEX_SET;
57 }
58#pragma endregion
59
60#pragma region Panoptes Configuration
61#ifdef _DEBUG
62 std::string configPath = GetCurrentPath() + "\\panoptes.config";
63#else
64 std::string configPath = "C:\\ProgramData\\Panoptes\\Panoptes.config";
65#endif // _DEBUG
66
67 Configuration* configuration = new Configuration(configPath);
68 try {
69 configuration->Parse();
70 serviceContext.config = configuration;
71 }
72 catch (const int& err) {
73 return CleanupWithError(err);
74 }
75#pragma endregion
76
77#pragma region Database
78 auto dbTmp = serviceContext.database.load();
79 ERRORCODE errCode = dbTmp.InitializeDatabase();
80 if (errCode != PANO_SUCCESS) {
81 return CleanupWithError(errCode);
82 }
83#pragma endregion
84
85#pragma region GRPC Server
86 HANDLE grpcThread = CreateThread(
87 NULL, // default security attributes
88 0, // default stack size
89 (LPTHREAD_START_ROUTINE)RunServiceServer, // thread function
90 &serviceContext, // no thread function arguments
91 0, // default creation flags
92 NULL // receive thread identifier
93 );
94 Sleep(2000);
95
96 if (grpcThread == NULL || serviceContext.threadError) {
97 return CleanupWithError(GRPC_SERVER_ERROR);
98 }
99#pragma endregion
100
101#pragma region Container Start
102 errCode = StartContainers(configuration->m_extensibility);
103 if (errCode != PANO_SUCCESS) {
104 return CleanupWithError(errCode);
105 }
106#pragma endregion
107
108#pragma region ETW Trace
109 HANDLE etwThread = CreateThread(
110 NULL, // default security attributes
111 0, // default stack size
112 (LPTHREAD_START_ROUTINE)StartPanoptesTrace, // thread function
113 &serviceContext, // no thread function arguments
114 0, // default creation flags
115 NULL // receive thread identifier
116 );
117 Sleep(2000);
118
119 if (etwThread == NULL || serviceContext.threadError){
120 return CleanupWithError(START_TRACE);
121 }
122#pragma endregion
123
124#pragma region Driver Check
125 //Check to see if the driver is installed and running/stopped
126 if (!configuration->m_ignoreDriver) {
127 errCode = GetKernelServiceStatus();
128 if (errCode == NOT_INSTALLED)
129 {
130 return CleanupWithError(errCode);
131 }
132 else if (errCode == PANO_SERVICE_RUNNING) {
133 errCode = StopWindowsDriver();
134 if (errCode != PANO_SUCCESS)
135 {
136 return CleanupWithError(errCode);
137 }
138 }
139 else if (errCode == PANO_SERVICE_STOPPED) {
140 errCode = StartWindowsDriver();
141 if (errCode != PANO_SUCCESS)
142 {
143 return CleanupWithError(errCode);
144 }
145 }
146 }
147#pragma endregion
148
149 HANDLE proc = GetCurrentProcess();
150 while (1) {
151 WaitForSingleObject(proc, INFINITE);
152 }
153
154 return 0;
155}
START_TRACE
#define START_TRACE
Definition ResourceCore.h:36
PANO_SUCCESS
#define PANO_SUCCESS
Definition ResourceCore.h:11
DEBUGGER
#define DEBUGGER
Definition ResourceCore.h:39
PANO_SERVICE_STOPPED
#define PANO_SERVICE_STOPPED
Definition ResourceCore.h:29
NOT_ADMIN
#define NOT_ADMIN
Definition ResourceCore.h:34
PANO_SERVICE_RUNNING
#define PANO_SERVICE_RUNNING
Definition ResourceCore.h:28
MUTEX_SET
#define MUTEX_SET
Definition ResourceCore.h:16
GRPC_SERVER_ERROR
#define GRPC_SERVER_ERROR
Definition ResourceCore.h:37
NOT_INSTALLED
#define NOT_INSTALLED
Definition ResourceCore.h:26
Configuration::m_extensibility
std::vector< Configuration::ContainerType > m_extensibility
The extensibility selected from the configuration file.
Definition Configuration.hpp:40
Configuration::Parse
void Parse()
Parse the configuration file.
Definition Configuration.cpp:61
Configuration::m_ignoreDriver
bool m_ignoreDriver
The ignore driver from the configuration file.
Definition Configuration.hpp:49
StartContainers
ERRORCODE StartContainers(std::vector< Configuration::ContainerType > selectedExtensibility)
Definition containers.cpp:30
StartWindowsDriver
ERRORCODE StartWindowsDriver()
Definition driver.cpp:82
GetKernelServiceStatus
ERRORCODE GetKernelServiceStatus()
Definition driver.cpp:4
StopWindowsDriver
ERRORCODE StopWindowsDriver()
Definition driver.cpp:42
StartPanoptesTrace
ULONG StartPanoptesTrace(LPVOID lpParam)
Definition events.cpp:305
serviceContext
PanoptesContext * serviceContext
Definition grpc.cpp:27
RunServiceServer
VOID RunServiceServer(LPVOID lpParam)
Definition grpc.cpp:371
SetEnvironmentMutex
ERRORCODE SetEnvironmentMutex()
Definition mutex.cpp:5
MutexExist
ERRORCODE MutexExist()
Definition mutex.cpp:19
CleanupWithError
ERRORCODE CleanupWithError(ERRORCODE err)
Definition service.cpp:15
ERRORCODE
#define ERRORCODE
Definition service_constants.h:25
PanoptesContext::threadError
std::atomic< bool > threadError
Definition panoptes_service.h:7
PanoptesContext::config
Configuration * config
Definition panoptes_service.h:8
PanoptesContext::database
std::atomic< PanoptesDatabase > database
Definition panoptes_service.h:9
GetCurrentPath
std::string GetCurrentPath()
Definition utils.cpp:68
IsRunningAsAdmin
bool IsRunningAsAdmin()
Definition utils.cpp:9

References CleanupWithError(), PanoptesContext::config, PanoptesContext::database, DEBUGGER, DisplayErrorMessage(), ERRORCODE, GetCurrentPath(), GetErrorMessage(), GetKernelServiceStatus(), GRPC_SERVER_ERROR, IsRunningAsAdmin(), Configuration::m_extensibility, Configuration::m_ignoreDriver, MUTEX_SET, MutexExist(), NOT_ADMIN, NOT_INSTALLED, PANO_SERVICE_RUNNING, PANO_SERVICE_STOPPED, PANO_SUCCESS, Configuration::Parse(), RunServiceServer(), serviceContext, SetEnvironmentMutex(), START_TRACE, StartContainers(), StartPanoptesTrace(), StartWindowsDriver(), StopWindowsDriver(), and PanoptesContext::threadError.

Generated by doxygen 1.9.8