Panoptes/service__client__amsi_8cpp_source.html

#include <grpcpp/grpcpp.h>

#include "panoptes.grpc.pb.h"

#include "PanoptesAMSI.h"


using grpc::ClientContext;

using grpc::Status;


std::unique_ptr<PanoptesService::Stub> stub_;


bool GetRegistryPortValue(DWORD& portValue) {

    HKEY hKey;

    DWORD dwType = REG_DWORD;

    DWORD dwSize = sizeof(DWORD);


    // Open the key

    LONG lResult = RegOpenKeyExA(

        HKEY_LOCAL_MACHINE,

        "SOFTWARE\\Panoptes",

        0,

        KEY_READ,

        &hKey

    );


    if (lResult != ERROR_SUCCESS) {

        std::cerr << "Error opening registry key. Error code: " << lResult << std::endl;

        return false;

    }


    // Read the SRV_PORT value

    lResult = RegQueryValueExA(

        hKey,

        "SRV_PORT",

        NULL,

        &dwType,

        reinterpret_cast<LPBYTE>(&portValue),

        &dwSize

    );


    RegCloseKey(hKey);


    if (lResult != ERROR_SUCCESS) {

        std::cerr << "Error reading registry value. Error code: " << lResult << std::endl;

        return false;

    }


    if (dwType != REG_DWORD) {

        std::cerr << "Unexpected value type in registry." << std::endl;

        return false;

    }


    return true;

}


PanoptesServiceClient::PanoptesServiceClient() {

    DWORD portValue;

    if (!GetRegistryPortValue(portValue)) {

        std::cerr << "Failed to get registry port value." << std::endl;

        return;

    }

    std::string server_url = "localhost:" + std::to_string(portValue);

    std::shared_ptr<grpc::Channel> channel = grpc::CreateChannel(server_url, grpc::InsecureChannelCredentials());

    stub_ = PanoptesService::NewStub(channel);

}


bool PanoptesServiceClient::Hello(ExtensibilityType extensibilityType,int ContainerPort) {

    AckMessage reply;

    ContainerInfo request;

    ClientContext g_context;


    request.set_container_type((ContainerType)extensibilityType);

    request.set_grpc_port(ContainerPort);


    Status status = stub_->Hello(&g_context, request, &reply);


    if (!status.ok()) {

        std::cout << status.error_code() << ": " << status.error_message() << std::endl;

        exit(1);

    }


    return reply.ack_type();

}


bool PanoptesServiceClient::SendResults_AMSI(

    std::string PePath,

    std::string FileHash,

    DWORD AmsiResult)

{

    AckMessage reply;

    ContainerReply request;

    ClientContext g_context;


    ScanAMSI results;

    request.set_portable_executable_path(PePath);

    request.set_file_hash(FileHash);

    results.set_amsi_result(AmsiResult);


    request.mutable_amsi_scan()->CopyFrom(results);


    Status status = stub_->ScanResults(&g_context, request, &reply);


    if (!status.ok()) {

        std::cout << status.error_code() << ": " << status.error_message() << std::endl;

        exit(1);

    }


    return !reply.ack_type();

}


ExtensibilityType
ExtensibilityType
The type of extensibility.
Definition ExtensibilityCore.h:10

PanoptesAMSI.h

PanoptesServiceClient::PanoptesServiceClient
PanoptesServiceClient()
The PanoptesServiceClient class is a class that implements the PanoptesServiceClient class.
Definition service_client.cpp:15

PanoptesServiceClient::SendResults_AMSI
bool SendResults_AMSI(std::string PePath, DWORD AmsiResult)

PanoptesServiceClient::Hello
bool Hello(ExtensibilityType extensibilityType, std::string port)
The Hello function sends a Hello message to the Panoptes main service from the container.
Definition service_client.cpp:25

GetRegistryPortValue
bool GetRegistryPortValue(DWORD &portValue)
Get the gRPC port value from the registry.
Definition container.cpp:24

DWORD
unsigned long DWORD
Definition inject.h:2

stub_
std::unique_ptr< PanoptesService::Stub > stub_
Definition service_client.cpp:10

stub_
std::unique_ptr< PanoptesService::Stub > stub_
Definition service_client_amsi.cpp:8

GetRegistryPortValue
bool GetRegistryPortValue(DWORD &portValue)
Get the Panoptes Service port from the registry.
Definition service_client_amsi.cpp:13