zervo/seb-win-refactoring
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

chore: split up functions and added docs

Browse source
This commit is contained in:
Notselwyn 2023-07-17 17:33:21 +02:00
parent 3b8f552138
commit 689e388e23
1 changed files with 52 additions and 29 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

81
SafeExamBrowser.SystemComponents/VirtualMachineDetector.cs
View file

@ -76,6 +76,9 @@ namespace SafeExamBrowser.SystemComponents
return isVirtualMachine; return isVirtualMachine;
} }
/// <summary>
/// Scans parameters for disallowed strings (signatures)
/// </summary>
private bool IsVirtualSystemInfo(string biosInfo, string manufacturer, string model) private bool IsVirtualSystemInfo(string biosInfo, string manufacturer, string model)
{ {
var isVirtualMachine = false; var isVirtualMachine = false;
@ -103,8 +106,23 @@ namespace SafeExamBrowser.SystemComponents
{ {
var isVirtualMachine = false; var isVirtualMachine = false;
// the resulting IsVirtualRegistry() would be massive so split it
isVirtualMachine |= IsVirtualRegistryHardwareConfig();
isVirtualMachine |= IsVirtualRegistryDeviceCache();
return isVirtualMachine;
}
/// <summary>
/// Scans (historic) hardware configurations in the registry.
/// </summary>
private bool IsVirtualRegistryHardwareConfig()
{
bool isVirtualMachine = false;
/** /**
* check historic hardware profiles * scanned registry format:
* *
* HKLM\SYSTEM\HardwareConfig\{configId=uuid}\ComputerIds * HKLM\SYSTEM\HardwareConfig\{configId=uuid}\ComputerIds
* - {computerId=uuid}: {computerSummary=hardwareInfo} * - {computerId=uuid}: {computerSummary=hardwareInfo}
@ -127,7 +145,6 @@ namespace SafeExamBrowser.SystemComponents
object systemProductName; object systemProductName;
bool success = true; bool success = true;
success &= registry.TryRead(hwConfigKey, "BIOSVendor", out biosVendor); success &= registry.TryRead(hwConfigKey, "BIOSVendor", out biosVendor);
success &= registry.TryRead(hwConfigKey, "BIOSVersion", out biosVersion); success &= registry.TryRead(hwConfigKey, "BIOSVersion", out biosVersion);
success &= registry.TryRead(hwConfigKey, "SystemManufacturer", out systemManufacturer); success &= registry.TryRead(hwConfigKey, "SystemManufacturer", out systemManufacturer);
@ -150,7 +167,7 @@ namespace SafeExamBrowser.SystemComponents
foreach (var computerIdName in computerIdNames) foreach (var computerIdName in computerIdNames)
{ {
logger.Info($"computerId: {computerIdName}"); logger.Info($"computerId: {computerIdName}");
// collect computer hardware summary (e.g. manufacturer&version&sku&...) // collect computer hardware summary (e.g. manufacturer&version&sku&...)
object computerSummary; object computerSummary;
if (!registry.TryRead(computerIdsKey, computerIdName, out computerSummary)) if (!registry.TryRead(computerIdsKey, computerIdName, out computerSummary))
@ -160,40 +177,46 @@ namespace SafeExamBrowser.SystemComponents
} }
} }
return isVirtualMachine;
}
/// <summary>
/// Scans (synced) device cache for hardware info of the current device.
/// </summary>
private bool IsVirtualRegistryDeviceCache()
{
bool isVirtualMachine = false;
// device cache contains hardware about other devices logged into as well, so lock onto this device in case an innocent VM was logged into.
// in the future, try to improve this check somehow since DeviceCache only gives ComputerName
var deviceName = System.Environment.GetEnvironmentVariable("COMPUTERNAME");
// check Windows timeline caches for current hardware config // check Windows timeline caches for current hardware config
/*IEnumerable<string> deviceCacheSubkeys; const string deviceCacheParentKey = "HKCU\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\TaskFlow\\DeviceCache";
if (registry.TryGetSubKeys($"HKCU\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\TaskFlow\\DeviceCache", out deviceCacheSubkeys) IEnumerable<string> deviceCacheKeys;
bool has_dc_keys = registry.TryGetSubKeys(deviceCacheParentKey, out deviceCacheKeys);
if (deviceName != null && has_dc_keys)
{ {
foreach (string deviceCacheKey in deviceCacheSubkeys) foreach (string cacheId in deviceCacheKeys)
{ {
if (registry.TryRead($"HKCU\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\TaskFlow\\DeviceCache"))*/ var cacheIdKey = $"{deviceCacheParentKey}\\{cacheId}";
object cacheDeviceName;
object cacheDeviceManufacturer;
object cacheDeviceModel;
bool success = true;
success &= registry.TryRead(cacheIdKey, "DeviceName", out cacheDeviceName);
var deviceCacheKey = Microsoft.Win32.Registry.CurrentUser.OpenSubKey($"HKCU\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\TaskFlow\\DeviceCache"); if (!success || deviceName.ToLower() != ((string) cacheDeviceName).ToLower())
var currHostname = System.Environment.GetEnvironmentVariable("COMPUTERNAME");
if (deviceCacheKey != null && currHostname != null)
{
foreach (var cacheId in deviceCacheKey.GetSubKeyNames())
{
var cacheKey = Microsoft.Win32.Registry.CurrentUser.OpenSubKey($"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\TaskFlow\\DeviceCache\\{cacheId}");
if (cacheKey == null)
{
continue; continue;
}
var cacheHostname = ((string) cacheKey.GetValue("DeviceName")).ToLower(); success &= registry.TryRead(cacheIdKey, "DeviceMake", out cacheDeviceManufacturer);
success &= registry.TryRead(cacheIdKey, "DeviceModel", out cacheDeviceModel);
if (!success)
continue;
// windows timeline syncs with other hosts that a user has logged into: check hostname to only check this device isVirtualMachine |= IsVirtualSystemInfo("", (string) cacheDeviceManufacturer, (string) cacheDeviceModel);
if (currHostname.ToLower() == cacheHostname)
{
var biosInfo = "";
var manufacturer = (string) cacheKey.GetValue("DeviceMake");
var model = (string) cacheKey.GetValue("DeviceModel");
isVirtualMachine |= IsVirtualSystemInfo(biosInfo, manufacturer, model);
}
} }
} }