zervo/seb-win-refactoring
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

SEBWIN-672: Implemented basic signature verification for application monitoring.

Browse source
This commit is contained in:
Damian Büchel 2023-05-01 18:29:00 +02:00
parent ba128bb6ac
commit 557e8a6be4
12 changed files with 744 additions and 548 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
SafeExamBrowser.Configuration/ConfigurationData/DataMapping/ApplicationDataMapper.cs
View file

@ -161,6 +161,11 @@ namespace SafeExamBrowser.Configuration.ConfigurationData.DataMapping
application.ShowInShell = showInShell;
}
if (applicationData.TryGetValue(Keys.Applications.Signature, out v) && v is string signature)
{
application.Signature = signature;
}
settings.Applications.Whitelist.Add(application);
}
}

1
SafeExamBrowser.Configuration/ConfigurationData/Keys.cs
View file

@ -29,6 +29,7 @@ namespace SafeExamBrowser.Configuration.ConfigurationData
internal const string OperatingSystem = "os";
internal const string OriginalName = "originalName";
internal const string ShowInShell = "iconInTaskbar";
internal const string Signature = "signature";
internal const string Whitelist = "permittedProcesses";
}

46
SafeExamBrowser.Monitoring/Applications/ApplicationMonitor.cs
View file

@ -21,15 +21,16 @@ namespace SafeExamBrowser.Monitoring.Applications
{
public class ApplicationMonitor : IApplicationMonitor
{
private IList<BlacklistApplication> blacklist;
private readonly IList<BlacklistApplication> blacklist;
private readonly ILogger logger;
private readonly INativeMethods nativeMethods;
private readonly IProcessFactory processFactory;
private readonly Timer timer;
private readonly IList<WhitelistApplication> whitelist;
private Guid? captureHookId;
private Guid? foregroundHookId;
private ILogger logger;
private INativeMethods nativeMethods;
private IList<IProcess> processes;
private IProcessFactory processFactory;
private Timer timer;
private IList<WhitelistApplication> whitelist;
private Window activeWindow;
public event ExplorerStartedEventHandler ExplorerStarted;
@ -132,7 +133,7 @@ namespace SafeExamBrowser.Monitoring.Applications
foreach (var process in started)
{
logger.Debug($"Process {process} has been started.");
logger.Debug($"Process {process} has been started [{process.GetAdditionalInfo()}].");
processes.Add(process);
if (process.Name == "explorer.exe")
@ -217,19 +218,36 @@ namespace SafeExamBrowser.Monitoring.Applications
private bool BelongsToApplication(IProcess process, WhitelistApplication application)
{
var ignoreOriginalName = string.IsNullOrWhiteSpace(application.OriginalName);
var ignoreSignature = string.IsNullOrWhiteSpace(application.Signature);
var sameName = process.Name.Equals(application.ExecutableName, StringComparison.OrdinalIgnoreCase);
var sameOriginalName = process.OriginalName?.Equals(application.OriginalName, StringComparison.OrdinalIgnoreCase) == true;
var sameSignature = process.Signature?.Equals(application.Signature?.ToLower(), StringComparison.OrdinalIgnoreCase) == true;
return sameName && (ignoreOriginalName || sameOriginalName);
return sameName && (ignoreOriginalName || sameOriginalName) && (ignoreSignature || sameSignature);
}
private bool BelongsToSafeExamBrowser(IProcess process)
{
var isRuntime = process.Name == "SafeExamBrowser.exe" && process.OriginalName == "SafeExamBrowser.exe";
var isClient = process.Name == "SafeExamBrowser.Client.exe" && process.OriginalName == "SafeExamBrowser.Client.exe";
var isWebView = process.Name == "msedgewebview2.exe" && process.OriginalName == "msedgewebview2.exe";
var isClient = true;
var isRuntime = true;
var isWebView = true;
return isRuntime || isClient || isWebView;
isClient &= process.Name == "SafeExamBrowser.Client.exe";
isClient &= process.OriginalName == "SafeExamBrowser.Client.exe";
isRuntime &= process.Name == "SafeExamBrowser.exe";
isRuntime &= process.OriginalName == "SafeExamBrowser.exe";
isWebView &= process.Name == "msedgewebview2.exe";
isWebView &= process.OriginalName == "msedgewebview2.exe";
#if !DEBUG
isClient &= process.Signature == "2bc82fe8e56a39f96bc6c4b91d6703a0379b76a2";
isRuntime &= process.Signature == "2bc82fe8e56a39f96bc6c4b91d6703a0379b76a2";
isWebView &= process.Signature == "a4baabd12432ab9c7c297385260e95c3dae83bf2";
#endif
return isClient || isRuntime || isWebView;
}
private void Close(Window window)
@ -338,7 +356,7 @@ namespace SafeExamBrowser.Monitoring.Applications
private bool IsAllowed(Window window)
{
var processId = Convert.ToInt32(nativeMethods.GetProcessIdFor(window.Handle));
if (processFactory.TryGetById(processId, out var process))
{
if (BelongsToSafeExamBrowser(process) || IsWhitelisted(process, out _))
@ -358,7 +376,7 @@ namespace SafeExamBrowser.Monitoring.Applications
private bool IsWhitelisted(IProcess process, out Guid? applicationId)
{
applicationId = default(Guid?);
applicationId = default;
foreach (var application in whitelist)
{

9
SafeExamBrowser.Settings/Applications/WhitelistApplication.cs
View file

@ -36,7 +36,7 @@ namespace SafeExamBrowser.Settings.Applications
/// Determines whether the application will be automatically started when initializing a session.
/// </summary>
public bool AutoStart { get; set; }
/// <summary>
/// Specifies whether the application may be automatically terminated when starting a session. Is ignored if <see cref="AllowRunning"/> is set.
/// </summary>
@ -56,7 +56,7 @@ namespace SafeExamBrowser.Settings.Applications
/// The file name of the main executable of the application.
/// </summary>
public string ExecutableName { get; set; }
/// <summary>
/// The path where the main executable of the application is located.
/// </summary>
@ -77,6 +77,11 @@ namespace SafeExamBrowser.Settings.Applications
/// </summary>
public bool ShowInShell { get; set; }
/// <summary>
/// The signature of the main executable of the application, if available.
/// </summary>
public string Signature { get; set; }
public WhitelistApplication()
{
Arguments = new List<string>();

15
SafeExamBrowser.WindowsApi.Contracts/IProcess.cs
View file

@ -35,11 +35,26 @@ namespace SafeExamBrowser.WindowsApi.Contracts
/// </summary>
string OriginalName { get; }
/// <summary>
/// The full path of the process executable.
/// </summary>
string Path { get; }
/// <summary>
/// The thumbprint of the certificate used to sign the process executable, or <c>default(string)</c> if the executable isn't signed.
/// </summary>
string Signature { get; }
/// <summary>
/// Event fired when the process has terminated.
/// </summary>
event ProcessTerminatedEventHandler Terminated;
/// <summary>
/// Returns a string with the most important additional information about the process (not already contained in <c>ToString()</c>).
/// </summary>
string GetAdditionalInfo();
/// <summary>
/// Attempts to gracefully terminate the process by closing its main window. This will only work for interactive processes which have a main
/// window. Optionally waits the specified amount of time for the process to terminate. Returns <c>true</c> if the process has terminated,

25
SafeExamBrowser.WindowsApi/Process.cs
View file

@ -7,6 +7,7 @@
*/
using System;
using System.Text;
using SafeExamBrowser.Logging.Contracts;
using SafeExamBrowser.WindowsApi.Contracts;
using SafeExamBrowser.WindowsApi.Contracts.Events;
@ -15,9 +16,10 @@ namespace SafeExamBrowser.WindowsApi
{
internal class Process : IProcess
{
private readonly ILogger logger;
private readonly System.Diagnostics.Process process;
private bool eventInitialized;
private ILogger logger;
private System.Diagnostics.Process process;
public bool HasTerminated
{
@ -31,6 +33,8 @@ namespace SafeExamBrowser.WindowsApi
public string Name { get; }
public string OriginalName { get; }
public string Path { get; }
public string Signature { get; }
private event ProcessTerminatedEventHandler TerminatedEvent;
@ -40,12 +44,25 @@ namespace SafeExamBrowser.WindowsApi
remove { TerminatedEvent -= value; }
}
internal Process(System.Diagnostics.Process process, string name, string originalName, ILogger logger)
internal Process(System.Diagnostics.Process process, string name, string originalName, ILogger logger, string path, string signature)
{
this.logger = logger;
this.process = process;
this.Name = name;
this.OriginalName = originalName;
this.Path = path;
this.Signature = signature?.ToLower();
}
public string GetAdditionalInfo()
{
var info = new StringBuilder();
info.Append($"Original Name: {(string.IsNullOrWhiteSpace(OriginalName) ? "n/a" : $"'{OriginalName}'")}, ");
info.Append($"Path: {(string.IsNullOrWhiteSpace(Path) ? "n/a" : $"'{Path}'")}, ");
info.Append($"Signature: {(string.IsNullOrWhiteSpace(Signature) ? "n/a" : Signature)}");
return info.ToString();
}
public bool TryClose(int timeout_ms = 0)
@ -121,8 +138,10 @@ namespace SafeExamBrowser.WindowsApi
if (!eventInitialized)
{
eventInitialized = true;
process.Exited += Process_Exited;
process.EnableRaisingEvents = true;
logger.Debug("Initialized termination event.");
}
}

84
SafeExamBrowser.WindowsApi/ProcessFactory.cs
View file

@ -14,6 +14,7 @@ using System.IO;
using System.Linq;
using System.Management;
using System.Runtime.InteropServices;
using System.Security.Cryptography.X509Certificates;
using SafeExamBrowser.Logging.Contracts;
using SafeExamBrowser.WindowsApi.Constants;
using SafeExamBrowser.WindowsApi.Contracts;
@ -23,7 +24,7 @@ namespace SafeExamBrowser.WindowsApi
{
public class ProcessFactory : IProcessFactory
{
private IModuleLogger logger;
private readonly IModuleLogger logger;
public IDesktop StartupDesktop { private get; set; }
@ -42,9 +43,9 @@ namespace SafeExamBrowser.WindowsApi
{
if (names.Any(n => n.processId == process.Id))
{
var (_, name, originalName) = names.First(n => n.processId == process.Id);
var (_, name, originalName, path, signature) = names.First(n => n.processId == process.Id);
processes.Add(new Process(process, name, originalName, LoggerFor(process, name)));
processes.Add(new Process(process, name, originalName, LoggerFor(process, name), path, signature));
}
}
@ -66,8 +67,8 @@ namespace SafeExamBrowser.WindowsApi
raw = StartNormal(path, args);
}
var (name, originalName) = LoadProcessNamesFor(raw);
var process = new Process(raw, name, originalName, LoggerFor(raw, name));
var (name, originalName, _, signature) = LoadProcessNamesFor(raw);
var process = new Process(raw, name, originalName, LoggerFor(raw, name), path, signature);
logger.Info($"Successfully started process '{path}' with ID = {process.Id}.");
@ -76,14 +77,14 @@ namespace SafeExamBrowser.WindowsApi
public bool TryGetById(int id, out IProcess process)
{
process = default(IProcess);
process = default;
try
{
var raw = System.Diagnostics.Process.GetProcessById(id);
var (name, originalName) = LoadProcessNamesFor(raw);
var (name, originalName, path, signature) = LoadProcessNamesFor(raw);
process = new Process(raw, name, originalName, LoggerFor(raw, name));
process = new Process(raw, name, originalName, LoggerFor(raw, name), path, signature);
}
catch (Exception e)
{
@ -93,9 +94,9 @@ namespace SafeExamBrowser.WindowsApi
return process != default(IProcess);
}
private IEnumerable<(int processId, string name, string originalName)> LoadAllProcessNames()
private IEnumerable<(int processId, string name, string originalName, string path, string signature)> LoadAllProcessNames()
{
var names = new List<(int, string, string)>();
var names = new List<(int, string, string, string, string)>();
try
{
@ -109,18 +110,20 @@ namespace SafeExamBrowser.WindowsApi
using (process)
{
var name = Convert.ToString(process["Name"]);
var originalName = default(string);
var path = Convert.ToString(process["ExecutablePath"]);
var processId = Convert.ToInt32(process["ProcessId"]);
var executablePath = Convert.ToString(process["ExecutablePath"]);
var signature = default(string);
if (File.Exists(executablePath))
if (File.Exists(path))
{
names.Add((processId, name, FileVersionInfo.GetVersionInfo(executablePath).OriginalFilename));
}
else
{
names.Add((processId, name, default(string)));
TryLoadOriginalName(path, out originalName);
TryLoadSignature(path, out signature);
}
names.Add((processId, name, originalName, path, signature));
}
}
}
}
@ -132,10 +135,12 @@ namespace SafeExamBrowser.WindowsApi
return names;
}
private (string name, string originalName) LoadProcessNamesFor(System.Diagnostics.Process process)
private (string name, string originalName, string path, string signature) LoadProcessNamesFor(System.Diagnostics.Process process)
{
var name = process.ProcessName;
var originalName = default(string);
var path = default(string);
var signature = default(string);
try
{
@ -143,13 +148,13 @@ namespace SafeExamBrowser.WindowsApi
using (var results = searcher.Get())
using (var processData = results.Cast<ManagementObject>().First())
{
var executablePath = Convert.ToString(processData["ExecutablePath"]);
name = Convert.ToString(processData["Name"]);
path = Convert.ToString(processData["ExecutablePath"]);
if (File.Exists(executablePath))
if (File.Exists(path))
{
originalName = FileVersionInfo.GetVersionInfo(executablePath).OriginalFilename;
TryLoadOriginalName(path, out originalName);
TryLoadSignature(path, out signature);
}
}
}
@ -158,7 +163,7 @@ namespace SafeExamBrowser.WindowsApi
logger.Error($"Failed to load process names for {process.ProcessName}!", e);
}
return (name, originalName);
return (name, originalName, path, signature);
}
private ILogger LoggerFor(System.Diagnostics.Process process, string name)
@ -201,5 +206,38 @@ namespace SafeExamBrowser.WindowsApi
throw new Win32Exception(errorCode);
}
private bool TryLoadOriginalName(string path, out string originalName)
{
originalName = default;
try
{
originalName = FileVersionInfo.GetVersionInfo(path).OriginalFilename;
}
catch
{
}
return originalName != default;
}
private bool TryLoadSignature(string path, out string signature)
{
signature = default;
try
{
using (var certificate = X509Certificate.CreateFromSignedFile(path))
{
signature = certificate.GetCertHashString();
}
}
catch
{
}
return signature != default;
}
}
}

1
SebWindowsConfig/Entities/PermittedApplicationInformation.cs
View file

@ -6,5 +6,6 @@
public string Executable { get; set; }
public string OriginalName { get; set; }
public string Path { get; set; }
public string Signature { get; set; }
}
}

2
SebWindowsConfig/SEBSettings.cs
View file

@ -260,6 +260,7 @@ namespace SebWindowsConfig
public const String KeyArguments = "arguments";
public const String KeyArgument = "argument";
public const String KeyWindowHandlingProcess = "windowHandlingProcess";
public const String KeySignature = "signature";
// Group "Network"
public const String KeyEnableURLFilter = "enableURLFilter";
@ -781,6 +782,7 @@ namespace SebWindowsConfig
SEBSettings.permittedProcessDataDefault.Add(SEBSettings.KeyIdentifier, "");
SEBSettings.permittedProcessDataDefault.Add(SEBSettings.KeyWindowHandlingProcess, "");
SEBSettings.permittedProcessDataDefault.Add(SEBSettings.KeyArguments, new ListObj());
SEBSettings.permittedProcessDataDefault.Add(SEBSettings.KeySignature, "");
// Default settings for prohibited process data
SEBSettings.prohibitedProcessDataDefault.Clear();

77
SebWindowsConfig/SebWindowsConfigForm.Designer.cs generated
View file

@ -30,8 +30,8 @@ namespace SebWindowsConfig
{
this.components = new System.ComponentModel.Container();
System.ComponentModel.ComponentResourceManager resources = new System.ComponentModel.ComponentResourceManager(typeof(SebWindowsConfigForm));
System.Windows.Forms.DataGridViewCellStyle dataGridViewCellStyle1 = new System.Windows.Forms.DataGridViewCellStyle();
System.Windows.Forms.DataGridViewCellStyle dataGridViewCellStyle2 = new System.Windows.Forms.DataGridViewCellStyle();
System.Windows.Forms.DataGridViewCellStyle dataGridViewCellStyle7 = new System.Windows.Forms.DataGridViewCellStyle();
System.Windows.Forms.DataGridViewCellStyle dataGridViewCellStyle8 = new System.Windows.Forms.DataGridViewCellStyle();
this.openFileDialogSebConfigFile = new System.Windows.Forms.OpenFileDialog();
this.saveFileDialogSebConfigFile = new System.Windows.Forms.SaveFileDialog();
this.imageListTabIcons = new System.Windows.Forms.ImageList(this.components);
@ -179,7 +179,6 @@ namespace SebWindowsConfig
this.label2 = new System.Windows.Forms.Label();
this.textBoxPermittedProcessExecutables = new System.Windows.Forms.TextBox();
this.checkBoxPermittedProcessStrongKill = new System.Windows.Forms.CheckBox();
this.buttonPermittedProcessCodeSignature = new System.Windows.Forms.Button();
this.dataGridViewPermittedProcessArguments = new System.Windows.Forms.DataGridView();
this.ArgumentActive = new System.Windows.Forms.DataGridViewCheckBoxColumn();
this.ArgumentParameter = new System.Windows.Forms.DataGridViewTextBoxColumn();
@ -270,6 +269,7 @@ namespace SebWindowsConfig
this.labelBrowserExamKey = new System.Windows.Forms.Label();
this.label3 = new System.Windows.Forms.Label();
this.tabPageDownUploads = new System.Windows.Forms.TabPage();
this.checkBoxShowFileSystemElementPath = new System.Windows.Forms.CheckBox();
this.checkBoxTemporaryDownloadDirectory = new System.Windows.Forms.CheckBox();
this.checkBoxAllowCustomDownloadLocation = new System.Windows.Forms.CheckBox();
this.checkBoxAllowPDFPlugIn = new System.Windows.Forms.CheckBox();
@ -463,7 +463,8 @@ namespace SebWindowsConfig
this.editDuplicateToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem();
this.configureClientToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem();
this.applyAndStartSEBToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem();
this.checkBoxShowFileSystemElementPath = new System.Windows.Forms.CheckBox();
this.label27 = new System.Windows.Forms.Label();
this.textBoxPermittedProcessSignature = new System.Windows.Forms.TextBox();
this.tabPageHookedKeys.SuspendLayout();
this.groupBoxFunctionKeys.SuspendLayout();
this.groupBoxSpecialKeys.SuspendLayout();
@ -1885,8 +1886,8 @@ namespace SebWindowsConfig
//
// Type
//
dataGridViewCellStyle1.BackColor = System.Drawing.Color.Silver;
this.Type.DefaultCellStyle = dataGridViewCellStyle1;
dataGridViewCellStyle7.BackColor = System.Drawing.Color.Silver;
this.Type.DefaultCellStyle = dataGridViewCellStyle7;
this.Type.HeaderText = "Type";
this.Type.Name = "Type";
this.Type.ReadOnly = true;
@ -2337,6 +2338,8 @@ namespace SebWindowsConfig
//
// groupBoxPermittedProcess
//
this.groupBoxPermittedProcess.Controls.Add(this.textBoxPermittedProcessSignature);
this.groupBoxPermittedProcess.Controls.Add(this.label27);
this.groupBoxPermittedProcess.Controls.Add(this.textBoxPermittedProcessOriginalName);
this.groupBoxPermittedProcess.Controls.Add(this.PermittedProcessOriginalNameLabel);
this.groupBoxPermittedProcess.Controls.Add(this.checkBoxPermittedProcessIconInTaskbar);
@ -2344,7 +2347,6 @@ namespace SebWindowsConfig
this.groupBoxPermittedProcess.Controls.Add(this.label2);
this.groupBoxPermittedProcess.Controls.Add(this.textBoxPermittedProcessExecutables);
this.groupBoxPermittedProcess.Controls.Add(this.checkBoxPermittedProcessStrongKill);
this.groupBoxPermittedProcess.Controls.Add(this.buttonPermittedProcessCodeSignature);
this.groupBoxPermittedProcess.Controls.Add(this.dataGridViewPermittedProcessArguments);
this.groupBoxPermittedProcess.Controls.Add(this.labelPermittedProcessIdentifier);
this.groupBoxPermittedProcess.Controls.Add(this.textBoxPermittedProcessIdentifier);
@ -2424,7 +2426,7 @@ namespace SebWindowsConfig
// label2
//
this.label2.AutoSize = true;
this.label2.Location = new System.Drawing.Point(107, 138);
this.label2.Location = new System.Drawing.Point(846, 266);
this.label2.Margin = new System.Windows.Forms.Padding(2, 0, 2, 0);
this.label2.Name = "label2";
this.label2.Size = new System.Drawing.Size(129, 13);
@ -2434,10 +2436,10 @@ namespace SebWindowsConfig
//
// textBoxPermittedProcessExecutables
//
this.textBoxPermittedProcessExecutables.Location = new System.Drawing.Point(246, 135);
this.textBoxPermittedProcessExecutables.Location = new System.Drawing.Point(985, 263);
this.textBoxPermittedProcessExecutables.Margin = new System.Windows.Forms.Padding(2, 1, 2, 1);
this.textBoxPermittedProcessExecutables.Name = "textBoxPermittedProcessExecutables";
this.textBoxPermittedProcessExecutables.Size = new System.Drawing.Size(517, 20);
this.textBoxPermittedProcessExecutables.Size = new System.Drawing.Size(122, 20);
this.textBoxPermittedProcessExecutables.TabIndex = 90;
this.toolTip1.SetToolTip(this.textBoxPermittedProcessExecutables, "Process executable which is actually handling the main window.");
this.textBoxPermittedProcessExecutables.Visible = false;
@ -2457,18 +2459,6 @@ namespace SebWindowsConfig
this.checkBoxPermittedProcessStrongKill.UseVisualStyleBackColor = true;
this.checkBoxPermittedProcessStrongKill.CheckedChanged += new System.EventHandler(this.checkBoxPermittedProcessStrongKill_CheckedChanged);
//
// buttonPermittedProcessCodeSignature
//
this.buttonPermittedProcessCodeSignature.Location = new System.Drawing.Point(781, 153);
this.buttonPermittedProcessCodeSignature.Margin = new System.Windows.Forms.Padding(2, 1, 2, 1);
this.buttonPermittedProcessCodeSignature.Name = "buttonPermittedProcessCodeSignature";
this.buttonPermittedProcessCodeSignature.Size = new System.Drawing.Size(112, 25);
this.buttonPermittedProcessCodeSignature.TabIndex = 14;
this.buttonPermittedProcessCodeSignature.Text = "Code Signature...";
this.buttonPermittedProcessCodeSignature.UseVisualStyleBackColor = true;
this.buttonPermittedProcessCodeSignature.Visible = false;
this.buttonPermittedProcessCodeSignature.Click += new System.EventHandler(this.buttonPermittedProcessCodeSignature_Click);
//
// dataGridViewPermittedProcessArguments
//
this.dataGridViewPermittedProcessArguments.ColumnHeadersHeightSizeMode = System.Windows.Forms.DataGridViewColumnHeadersHeightSizeMode.AutoSize;
@ -3560,6 +3550,17 @@ namespace SebWindowsConfig
this.tabPageDownUploads.Text = "Down/Uploads";
this.tabPageDownUploads.UseVisualStyleBackColor = true;
//
// checkBoxShowFileSystemElementPath
//
this.checkBoxShowFileSystemElementPath.AutoSize = true;
this.checkBoxShowFileSystemElementPath.Location = new System.Drawing.Point(114, 167);
this.checkBoxShowFileSystemElementPath.Name = "checkBoxShowFileSystemElementPath";
this.checkBoxShowFileSystemElementPath.Size = new System.Drawing.Size(213, 17);
this.checkBoxShowFileSystemElementPath.TabIndex = 91;
this.checkBoxShowFileSystemElementPath.Text = "Show path of file system elements (Win)";
this.checkBoxShowFileSystemElementPath.UseVisualStyleBackColor = true;
this.checkBoxShowFileSystemElementPath.CheckedChanged += new System.EventHandler(this.checkBoxShowFileSystemElementPath_CheckedChanged);
//
// checkBoxTemporaryDownloadDirectory
//
this.checkBoxTemporaryDownloadDirectory.AutoSize = true;
@ -4626,8 +4627,8 @@ namespace SebWindowsConfig
// spellCheckerDictionaryFilesColumn
//
this.spellCheckerDictionaryFilesColumn.AutoSizeMode = System.Windows.Forms.DataGridViewAutoSizeColumnMode.Fill;
dataGridViewCellStyle2.WrapMode = System.Windows.Forms.DataGridViewTriState.True;
this.spellCheckerDictionaryFilesColumn.DefaultCellStyle = dataGridViewCellStyle2;
dataGridViewCellStyle8.WrapMode = System.Windows.Forms.DataGridViewTriState.True;
this.spellCheckerDictionaryFilesColumn.DefaultCellStyle = dataGridViewCellStyle8;
this.spellCheckerDictionaryFilesColumn.HeaderText = "Files";
this.spellCheckerDictionaryFilesColumn.Name = "spellCheckerDictionaryFilesColumn";
this.spellCheckerDictionaryFilesColumn.ReadOnly = true;
@ -6025,16 +6026,23 @@ namespace SebWindowsConfig
this.applyAndStartSEBToolStripMenuItem.Visible = false;
this.applyAndStartSEBToolStripMenuItem.Click += new System.EventHandler(this.applyAndStartSEBToolStripMenuItem_Click);
//
// checkBoxShowFileSystemElementPath
// label27
//
this.checkBoxShowFileSystemElementPath.AutoSize = true;
this.checkBoxShowFileSystemElementPath.Location = new System.Drawing.Point(114, 167);
this.checkBoxShowFileSystemElementPath.Name = "checkBoxShowFileSystemElementPath";
this.checkBoxShowFileSystemElementPath.Size = new System.Drawing.Size(213, 17);
this.checkBoxShowFileSystemElementPath.TabIndex = 91;
this.checkBoxShowFileSystemElementPath.Text = "Show path of file system elements (Win)";
this.checkBoxShowFileSystemElementPath.UseVisualStyleBackColor = true;
this.checkBoxShowFileSystemElementPath.CheckedChanged += new System.EventHandler(this.checkBoxShowFileSystemElementPath_CheckedChanged);
this.label27.AutoSize = true;
this.label27.Location = new System.Drawing.Point(141, 138);
this.label27.Name = "label27";
this.label27.Size = new System.Drawing.Size(52, 13);
this.label27.TabIndex = 96;
this.label27.Text = "Signature";
//
// textBoxPermittedProcessSignature
//
this.textBoxPermittedProcessSignature.Location = new System.Drawing.Point(199, 135);
this.textBoxPermittedProcessSignature.Name = "textBoxPermittedProcessSignature";
this.textBoxPermittedProcessSignature.Size = new System.Drawing.Size(565, 20);
this.textBoxPermittedProcessSignature.TabIndex = 97;
this.toolTip1.SetToolTip(this.textBoxPermittedProcessSignature, "The hash / thumbprint of the certificate used to sign the executable.");
this.textBoxPermittedProcessSignature.TextChanged += new System.EventHandler(this.textBoxPermittedProcessSignature_TextChanged);
//
// SebWindowsConfigForm
//
@ -6361,7 +6369,6 @@ namespace SebWindowsConfig
private System.Windows.Forms.CheckBox checkBoxProhibitedProcessCurrentUser;
private System.Windows.Forms.CheckBox checkBoxProhibitedProcessActive;
private System.Windows.Forms.Button buttonProhibitedProcessCodeSignature;
private System.Windows.Forms.Button buttonPermittedProcessCodeSignature;
private System.Windows.Forms.DataGridView dataGridViewEmbeddedCertificates;
private System.Windows.Forms.Button buttonRemoveCertificate;
private System.Windows.Forms.ComboBox comboBoxChooseIdentityToEmbed;
@ -6601,6 +6608,8 @@ namespace SebWindowsConfig
private System.Windows.Forms.CheckBox checkBoxAllowPrint;
private System.Windows.Forms.CheckBox checkBoxEnableFindPrinter;
private System.Windows.Forms.CheckBox checkBoxShowFileSystemElementPath;
private System.Windows.Forms.TextBox textBoxPermittedProcessSignature;
private System.Windows.Forms.Label label27;
}
}

31
SebWindowsConfig/SebWindowsConfigForm.cs
View file

@ -2476,6 +2476,7 @@ namespace SebWindowsConfig
textBoxPermittedProcessExecutables.Text = (String) SEBSettings.permittedProcessData[SEBSettings.KeyWindowHandlingProcess];
textBoxPermittedProcessPath.Text = (String) SEBSettings.permittedProcessData[SEBSettings.KeyPath];
textBoxPermittedProcessIdentifier.Text = (String) SEBSettings.permittedProcessData[SEBSettings.KeyIdentifier];
textBoxPermittedProcessSignature.Text = (String) SEBSettings.permittedProcessData[SEBSettings.KeySignature];
// Reset the ignore widget event flags
ignoreWidgetEventPermittedProcessesActive = false;
@ -2671,6 +2672,7 @@ namespace SebWindowsConfig
processData[SEBSettings.KeyPath] = "";
processData[SEBSettings.KeyIdentifier] = "";
processData[SEBSettings.KeyArguments] = new ListObj();
processData[SEBSettings.KeySignature] = "";
// Insert new process into process list at position index
SEBSettings.permittedProcessList.Insert(SEBSettings.permittedProcessIndex, processData);
@ -2719,6 +2721,7 @@ namespace SebWindowsConfig
textBoxPermittedProcessOriginalName.Text = permittedApplicationInformation.OriginalName;
textBoxPermittedProcessTitle.Text = permittedApplicationInformation.Title;
textBoxPermittedProcessPath.Text = permittedApplicationInformation.Path;
textBoxPermittedProcessSignature.Text = permittedApplicationInformation.Signature;
}
}
@ -2731,6 +2734,7 @@ namespace SebWindowsConfig
textBoxPermittedProcessOriginalName.Text = permittedApplicationInformation.OriginalName;
textBoxPermittedProcessTitle.Text = permittedApplicationInformation.Title;
textBoxPermittedProcessPath.Text = permittedApplicationInformation.Path;
textBoxPermittedProcessSignature.Text = permittedApplicationInformation.Signature;
}
}
@ -2787,6 +2791,18 @@ namespace SebWindowsConfig
permittedApplicationInformation.Path = filePath;
permittedApplicationInformation.OriginalName = FileVersionInfo.GetVersionInfo(filename).OriginalFilename;
try
{
using (var certificate = X509Certificate.CreateFromSignedFile(filename))
{
permittedApplicationInformation.Signature = certificate.GetCertHashString()?.ToLower();
}
}
catch (Exception e)
{
MessageBox.Show(this, $"Failed to load the signature for the permitted process! {e}", "Signature Load Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
return permittedApplicationInformation;
}
return null;
@ -2941,8 +2957,13 @@ namespace SebWindowsConfig
SEBSettings.permittedProcessData[SEBSettings.KeyWindowHandlingProcess] = textBoxPermittedProcessExecutables.Text;
}
private void buttonPermittedProcessCodeSignature_Click(object sender, EventArgs e)
private void buttonPermittedProcessCodeSignature_Click(object sender, EventArgs args)
{
if (SEBSettings.permittedProcessIndex < 0) return;
SEBSettings.permittedProcessList = (ListObj) SEBSettings.settingsCurrent[SEBSettings.KeyPermittedProcesses];
SEBSettings.permittedProcessData = (DictObj) SEBSettings.permittedProcessList[SEBSettings.permittedProcessIndex];
}
@ -4689,5 +4710,13 @@ namespace SebWindowsConfig
{
SEBSettings.settingsCurrent[SEBSettings.KeyShowFileSystemElementPath] = checkBoxShowFileSystemElementPath.Checked;
}
private void textBoxPermittedProcessSignature_TextChanged(object sender, EventArgs e)
{
if (SEBSettings.permittedProcessIndex < 0) return;
SEBSettings.permittedProcessList = (ListObj) SEBSettings.settingsCurrent[SEBSettings.KeyPermittedProcesses];
SEBSettings.permittedProcessData = (DictObj) SEBSettings.permittedProcessList[SEBSettings.permittedProcessIndex];
SEBSettings.permittedProcessData[SEBSettings.KeySignature] = textBoxPermittedProcessSignature.Text;
}
}
}

996
SebWindowsConfig/SebWindowsConfigForm.resx
View file

File diff suppressed because it is too large Load diff