This repository has been archived by the owner on Jan 17, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 54
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #21 from CrowdStrike/develop
v1.1.0 Merge development into master
- Loading branch information
Showing
59 changed files
with
2,117 additions
and
620 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,32 @@ | ||
| <?xml version="1.0" encoding="utf-8" ?> | ||
| <configuration> | ||
| <startup useLegacyV2RuntimeActivationPolicy="true"> | ||
|
|
||
| <!-- | ||
| Use supportedRuntime tags to explicitly specify the version(s) of the .NET Framework runtime that | ||
| the custom action should run on. If no versions are specified, the chosen version of the runtime | ||
| will be the "best" match to what Microsoft.Deployment.WindowsInstaller.dll was built against. | ||
| WARNING: leaving the version unspecified is dangerous as it introduces a risk of compatibility | ||
| problems with future versions of the .NET Framework runtime. It is highly recommended that you specify | ||
| only the version(s) of the .NET Framework runtime that you have tested against. | ||
| Note for .NET Framework v3.0 and v3.5, the runtime version is still v2.0. | ||
| In order to enable .NET Framework version 2.0 runtime activation policy, which is to load all assemblies | ||
| by using the latest supported runtime, @useLegacyV2RuntimeActivationPolicy="true". | ||
| For more information, see http://msdn.microsoft.com/en-us/library/bbx34a2h.aspx | ||
| --> | ||
|
|
||
| <supportedRuntime version="v4.0" /> | ||
| <supportedRuntime version="v2.0.50727"/> | ||
|
|
||
| </startup> | ||
|
|
||
| <!-- | ||
| Add additional configuration settings here. For more information on application config files, | ||
| see http://msdn.microsoft.com/en-us/library/kza1yk3a.aspx | ||
| --> | ||
|
|
||
| </configuration> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,18 @@ | ||
| using System; | ||
| using System.Collections.Generic; | ||
| using System.Text; | ||
| using Microsoft.Deployment.WindowsInstaller; | ||
|
|
||
| namespace CustomActions | ||
| { | ||
| public class CustomActions | ||
| { | ||
| [CustomAction] | ||
| public static ActionResult CustomAction1(Session session) | ||
| { | ||
| session.Log("Begin CustomAction1"); | ||
|
|
||
| return ActionResult.Success; | ||
| } | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,51 @@ | ||
| <?xml version="1.0" encoding="utf-8"?> | ||
| <Project ToolsVersion="4.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003"> | ||
| <PropertyGroup> | ||
| <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration> | ||
| <Platform Condition=" '$(Platform)' == '' ">x86</Platform> | ||
| <ProductVersion>8.0.30703</ProductVersion> | ||
| <SchemaVersion>2.0</SchemaVersion> | ||
| <ProjectGuid>{908B9867-AD1B-406B-B1FA-03DA91C0A72A}</ProjectGuid> | ||
| <OutputType>Library</OutputType> | ||
| <AppDesignerFolder>Properties</AppDesignerFolder> | ||
| <RootNamespace>CustomActions</RootNamespace> | ||
| <AssemblyName>CustomActions</AssemblyName> | ||
| <TargetFrameworkVersion>v4.5.2</TargetFrameworkVersion> | ||
| <FileAlignment>512</FileAlignment> | ||
| <WixCATargetsPath Condition=" '$(WixCATargetsPath)' == '' ">$(MSBuildExtensionsPath)\Microsoft\WiX\v3.x\Wix.CA.targets</WixCATargetsPath> | ||
| </PropertyGroup> | ||
| <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|x86' "> | ||
| <DebugSymbols>true</DebugSymbols> | ||
| <DebugType>full</DebugType> | ||
| <Optimize>false</Optimize> | ||
| <OutputPath>bin\Debug\</OutputPath> | ||
| <DefineConstants>DEBUG;TRACE</DefineConstants> | ||
| <ErrorReport>prompt</ErrorReport> | ||
| <WarningLevel>4</WarningLevel> | ||
| </PropertyGroup> | ||
| <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|x86' "> | ||
| <DebugType>pdbonly</DebugType> | ||
| <Optimize>true</Optimize> | ||
| <OutputPath>bin\Release\</OutputPath> | ||
| <DefineConstants>TRACE</DefineConstants> | ||
| <ErrorReport>prompt</ErrorReport> | ||
| <WarningLevel>4</WarningLevel> | ||
| </PropertyGroup> | ||
| <ItemGroup> | ||
| <Reference Include="System" /> | ||
| <Reference Include="System.Core" /> | ||
| <Reference Include="System.Xml.Linq" /> | ||
| <Reference Include="Microsoft.CSharp" /> | ||
| <Reference Include="System.Xml" /> | ||
| <Reference Include="Microsoft.Deployment.WindowsInstaller"> | ||
| <Private>True</Private> | ||
| </Reference> | ||
| </ItemGroup> | ||
| <ItemGroup> | ||
| <Compile Include="CustomAction.cs" /> | ||
| <Compile Include="Properties\AssemblyInfo.cs" /> | ||
| <Content Include="CustomAction.config" /> | ||
| </ItemGroup> | ||
| <Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" /> | ||
| <Import Project="$(WixCATargetsPath)" /> | ||
| </Project> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,35 @@ | ||
| using System.Reflection; | ||
| using System.Runtime.CompilerServices; | ||
| using System.Runtime.InteropServices; | ||
|
|
||
| // General Information about an assembly is controlled through the following | ||
| // set of attributes. Change these attribute values to modify the information | ||
| // associated with an assembly. | ||
| [assembly: AssemblyTitle("CustomActions")] | ||
| [assembly: AssemblyDescription("")] | ||
| [assembly: AssemblyCompany("")] | ||
| [assembly: AssemblyProduct("CustomActions")] | ||
| [assembly: AssemblyCopyright("Copyright © 2016")] | ||
| [assembly: AssemblyTrademark("")] | ||
| [assembly: AssemblyCulture("")] | ||
|
|
||
| // Setting ComVisible to false makes the types in this assembly not visible | ||
| // to COM components. If you need to access a type in this assembly from | ||
| // COM, set the ComVisible attribute to true on that type. | ||
| [assembly: ComVisible(false)] | ||
|
|
||
| // The following GUID is for the ID of the typelib if this project is exposed to COM | ||
| [assembly: Guid("908b9867-ad1b-406b-b1fa-03da91c0a72a")] | ||
|
|
||
| // Version information for an assembly consists of the following four values: | ||
| // | ||
| // Major Version | ||
| // Minor Version | ||
| // Build Number | ||
| // Revision | ||
| // | ||
| // You can specify all the values or you can default the Build and Revision Numbers | ||
| // by using the '*' as shown below: | ||
| // [assembly: AssemblyVersion("1.0.*")] | ||
| [assembly: AssemblyVersion("1.0.0.0")] | ||
| [assembly: AssemblyFileVersion("1.0.0.0")] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,34 @@ | ||
| //<Falcon Orchestrator provides automated workflow and response capabilities> | ||
| // Copyright(C) 2016 CrowdStrike | ||
|
|
||
| // This program is free software: you can redistribute it and/or modify | ||
| // it under the terms of the GNU Affero General Public License as | ||
| // published by the Free Software Foundation, either version 3 of the | ||
| // License, or(at your option) any later version. | ||
|
|
||
| // This program is distributed in the hope that it will be useful, | ||
| // but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
| // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.See the | ||
| // GNU Affero General Public License for more details. | ||
|
|
||
| // You should have received a copy of the GNU Affero General Public License | ||
| // along with this program.If not, see<http://www.gnu.org/licenses/>. | ||
|
|
||
|
|
||
| namespace FalconOrchestrator.Forensics | ||
| { | ||
| public class Memory | ||
| { | ||
| private PSRemoting _psr; | ||
|
|
||
| public Memory(PSRemoting psr) | ||
| { | ||
| _psr = psr; | ||
| } | ||
|
|
||
| public void ProcessDump(string command) | ||
| { | ||
| _psr.ExecuteCommand(command); | ||
| } | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,51 @@ | ||
| //<Falcon Orchestrator provides automated workflow and response capabilities> | ||
| // Copyright(C) 2016 CrowdStrike | ||
|
|
||
| // This program is free software: you can redistribute it and/or modify | ||
| // it under the terms of the GNU Affero General Public License as | ||
| // published by the Free Software Foundation, either version 3 of the | ||
| // License, or(at your option) any later version. | ||
|
|
||
| // This program is distributed in the hope that it will be useful, | ||
| // but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
| // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.See the | ||
| // GNU Affero General Public License for more details. | ||
|
|
||
| // You should have received a copy of the GNU Affero General Public License | ||
| // along with this program.If not, see<http://www.gnu.org/licenses/>. | ||
|
|
||
| using System.Collections.Generic; | ||
| using System.Linq; | ||
| using System.Management.Automation; | ||
|
|
||
| namespace FalconOrchestrator.Forensics | ||
| { | ||
| public class ProcessManagement | ||
| { | ||
| private PSRemoting _psr; | ||
|
|
||
| public ProcessManagement(PSRemoting psr) | ||
| { | ||
| _psr = psr; | ||
| } | ||
|
|
||
| public List<FalconOrchestrator.Forensics.Process> ListProcesses(string command) | ||
| { | ||
| List<Process> result = new List<Process>(); | ||
|
|
||
| foreach (PSObject line in _psr.ExecuteCommand(command)) | ||
| { | ||
| Process proc = new Process(); | ||
| line.Properties.ToList().ForEach(x => proc.GetType().GetProperty(x.Name).SetValue(proc, x.Value)); | ||
| result.Add(proc); | ||
| } | ||
| return result; | ||
| } | ||
|
|
||
| public void Kill(int pid) | ||
| { | ||
| _psr.ExecuteCommand("Get-Process -id " + pid + " | Stop-Process -Force"); | ||
| } | ||
|
|
||
| } | ||
| } |
Oops, something went wrong.