2017-07-19 14:43:54 +02:00
|
|
|
|
/*
|
2018-01-16 08:24:00 +01:00
|
|
|
|
* Copyright (c) 2018 ETH Zürich, Educational Development and Technology (LET)
|
2017-07-19 14:43:54 +02:00
|
|
|
|
*
|
|
|
|
|
* This Source Code Form is subject to the terms of the Mozilla Public
|
|
|
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
|
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
using System;
|
|
|
|
|
using System.Diagnostics;
|
2017-07-26 14:36:20 +02:00
|
|
|
|
using System.Management;
|
2017-07-19 14:43:54 +02:00
|
|
|
|
using SafeExamBrowser.Contracts.Logging;
|
|
|
|
|
using SafeExamBrowser.Contracts.Monitoring;
|
2018-07-06 15:57:38 +02:00
|
|
|
|
using SafeExamBrowser.Contracts.Monitoring.Events;
|
2017-07-27 11:46:31 +02:00
|
|
|
|
using SafeExamBrowser.Contracts.WindowsApi;
|
2017-07-19 14:43:54 +02:00
|
|
|
|
|
|
|
|
|
namespace SafeExamBrowser.Monitoring.Processes
|
|
|
|
|
{
|
|
|
|
|
public class ProcessMonitor : IProcessMonitor
|
|
|
|
|
{
|
|
|
|
|
private ILogger logger;
|
2017-07-27 11:46:31 +02:00
|
|
|
|
private INativeMethods nativeMethods;
|
2017-07-26 14:36:20 +02:00
|
|
|
|
private ManagementEventWatcher explorerWatcher;
|
|
|
|
|
|
2017-08-02 08:31:12 +02:00
|
|
|
|
public event ExplorerStartedEventHandler ExplorerStarted;
|
2017-07-19 14:43:54 +02:00
|
|
|
|
|
2017-07-27 11:46:31 +02:00
|
|
|
|
public ProcessMonitor(ILogger logger, INativeMethods nativeMethods)
|
2017-07-19 14:43:54 +02:00
|
|
|
|
{
|
|
|
|
|
this.logger = logger;
|
2017-07-27 11:46:31 +02:00
|
|
|
|
this.nativeMethods = nativeMethods;
|
|
|
|
|
}
|
|
|
|
|
|
2017-07-27 13:57:12 +02:00
|
|
|
|
public bool BelongsToAllowedProcess(IntPtr window)
|
|
|
|
|
{
|
|
|
|
|
var processId = nativeMethods.GetProcessIdFor(window);
|
|
|
|
|
var process = Process.GetProcessById(Convert.ToInt32(processId));
|
|
|
|
|
|
|
|
|
|
if (process != null)
|
|
|
|
|
{
|
|
|
|
|
var allowed = process.ProcessName == "SafeExamBrowser";
|
|
|
|
|
|
|
|
|
|
if (!allowed)
|
|
|
|
|
{
|
|
|
|
|
logger.Warn($"Window with handle = {window} belongs to not allowed process '{process.ProcessName}'!");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return allowed;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
2017-07-19 14:43:54 +02:00
|
|
|
|
public void StartMonitoringExplorer()
|
|
|
|
|
{
|
2017-07-26 14:36:20 +02:00
|
|
|
|
explorerWatcher = new ManagementEventWatcher(@"\\.\root\CIMV2", GetQueryFor("explorer.exe"));
|
|
|
|
|
explorerWatcher.EventArrived += new EventArrivedEventHandler(ExplorerWatcher_EventArrived);
|
|
|
|
|
explorerWatcher.Start();
|
2017-07-27 11:46:31 +02:00
|
|
|
|
|
|
|
|
|
logger.Info("Started monitoring process 'explorer.exe'.");
|
2017-07-19 14:43:54 +02:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public void StopMonitoringExplorer()
|
|
|
|
|
{
|
2017-07-26 14:36:20 +02:00
|
|
|
|
explorerWatcher?.Stop();
|
2017-07-27 11:46:31 +02:00
|
|
|
|
logger.Info("Stopped monitoring 'explorer.exe'.");
|
2017-07-19 14:43:54 +02:00
|
|
|
|
}
|
2017-07-26 14:36:20 +02:00
|
|
|
|
|
|
|
|
|
private void ExplorerWatcher_EventArrived(object sender, EventArrivedEventArgs e)
|
|
|
|
|
{
|
|
|
|
|
var eventName = e.NewEvent.ClassPath.ClassName;
|
|
|
|
|
|
|
|
|
|
if (eventName == "__InstanceCreationEvent")
|
|
|
|
|
{
|
|
|
|
|
logger.Warn("A new instance of Windows explorer has been started!");
|
|
|
|
|
ExplorerStarted?.Invoke();
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
private string GetQueryFor(string processName)
|
|
|
|
|
{
|
|
|
|
|
return $@"
|
|
|
|
|
SELECT *
|
|
|
|
|
FROM __InstanceOperationEvent
|
|
|
|
|
WITHIN 2
|
|
|
|
|
WHERE TargetInstance ISA 'Win32_Process'
|
|
|
|
|
AND TargetInstance.Name = '{processName}'";
|
|
|
|
|
}
|
2017-07-19 14:43:54 +02:00
|
|
|
|
}
|
|
|
|
|
}
|