Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Split Program.cs to separate focused files #16

Closed
wants to merge 1 commit into from
Closed

Split Program.cs to separate focused files #16

wants to merge 1 commit into from

Conversation

mark-s
Copy link

@mark-s mark-s commented Oct 20, 2018
edited
Loading

Why these changes?:

Similarly to the refactoring in Rubeus and Watson (https://github.com/rasta-mouse/Watson), the 6927 line program.cs class is a bit of a monster here too.
This is a nightmare to try to read and understand, and will be a problem to maintain and add to going forward.

What's changed - in brief:

  • Each 'check' has been moved to a probe class in \Probes\
  • Added an option ToFile - that allows outputting the results to a file
  • Performance improvements around the filesystem scanning:
    Before: Completed All Safety Checks in 41 seconds
    Now: Completed All Safety Checks in 18 seconds
  • Merged:
    PR 14 (Fix issues with parsing of Service binary paths #14) (and fixed a null reference exception)
    PR 15 (Add ListAppLockerSettings() #15)
  • Better handling of exceptions allowing checks to continue rather than fail early
  • Re-written command line arguments parser
  • The command line isn't case sensitive any more

What hasn't changed:

  • Any of the P/Invoke voodoo
  • The version number.
  • still .Net 3.5 (this is a pain in the arse for VS 2017 tbh)

Comments

While working on the code I noticed that all wasn't running all the available checks - as the help text implied - this version will run all the available checks if all is selected <- is this correct? If not the ProbePresets\AllPreset.cs can simply be changed and the original lines uncommitted.

The probes are in the Probes folder and the Presets ( full \ all \ user \ system ) are in the ProbePresets Folder

The new version produces a lot more output - due to better coping with exceptions.

Testing

I've tested the changes on 2 machines by piping the output from the original version and new versions, and Diffing the output. As far as I can see the functionality between the 2 versions is unchanged except for newline differences and the extra output as noted above.

How to add new probes?

Every probe/check class needs to implement IProbe and have a ProbeName property to identify the check.

    public class ANewProbe : IProbe
    {
        public static string ProbeName => "NewProbe";
        
        public string List()
        {

            // All code for the check goes here
            // return the results as a string

        }
    }

The program will automatically add the probe to the available probes and call it if required. (Just need to add the name & info to the Info.cs class)

@mark-s
Copy link
Author

mark-s commented Oct 26, 2018

@HarmJ0y Bump?

@leechristensen
Copy link
Member

Revamped this and more with the latest release. Sorry for taking so long!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@mark-s @leechristensen