zervo/seb-win-refactoring
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

added registry check for the device cache

Browse source
This commit is contained in:
user 2023-04-01 19:09:01 +02:00
parent 71b722d215
commit c0f37b309b
1 changed files with 53 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

58
SafeExamBrowser.SystemComponents/VirtualMachineDetector.cs
View file

@ -42,6 +42,7 @@ namespace SafeExamBrowser.SystemComponents
} }
private bool IsVirtualSystemInfo(string biosInfo, string manufacturer, string model) private bool IsVirtualSystemInfo(string biosInfo, string manufacturer, string model)
{ {
bool isVirtualMachine = false; bool isVirtualMachine = false;
biosInfo = biosInfo.ToLower(); biosInfo = biosInfo.ToLower();
@ -60,6 +61,8 @@ namespace SafeExamBrowser.SystemComponents
isVirtualMachine |= model.Contains("virtualbox"); isVirtualMachine |= model.Contains("virtualbox");
isVirtualMachine |= model.Contains("Q35 +"); isVirtualMachine |= model.Contains("Q35 +");
Console.WriteLine($"biosInfo: {biosInfo}, manufacturer: {manufacturer}, model: {model}, isVirtualMachine: {isVirtualMachine}");
return isVirtualMachine; return isVirtualMachine;
} }
@ -67,13 +70,58 @@ namespace SafeExamBrowser.SystemComponents
{ {
bool isVirtualMachine = false; bool isVirtualMachine = false;
// check historic hardware profiles
RegistryKey hardwareConfig = Microsoft.Win32.Registry.LocalMachine.OpenSubKey("SYSTEM\\HardwareConfig"); RegistryKey hardwareConfig = Microsoft.Win32.Registry.LocalMachine.OpenSubKey("SYSTEM\\HardwareConfig");
foreach (string childKeyName in hardwareConfig.GetSubKeyNames()) if (hardwareConfig != null)
{ {
RegistryKey childKey = Microsoft.Win32.Registry.LocalMachine.OpenSubKey($"SYSTEM\\HardwareConfig\\{childKeyName}"); foreach (string configId in hardwareConfig.GetSubKeyNames())
childKey.GetValue(""); {
RegistryKey configKey = Microsoft.Win32.Registry.LocalMachine.OpenSubKey($"SYSTEM\\HardwareConfig\\{configId}");
if (configKey == null)
{
continue;
}
// reconstruct the systemInfo.biosInfo string
string biosInfo = (string) configKey.GetValue("BIOSVendor") + " " + (string) configKey.GetValue("BIOSVersion");
string manufacturer = (string) configKey.GetValue("SystemManufacturer");
string model = (string) configKey.GetValue("SystemProductName");
isVirtualMachine |= IsVirtualSystemInfo(biosInfo, manufacturer, model);
// TODO: check computerIds
}
}
// check Windows timeline caches for current hardware config
RegistryKey deviceCache = Microsoft.Win32.Registry.CurrentUser.OpenSubKey($"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\TaskFlow\\DeviceCache");
if (deviceCache != null)
{
foreach (string cacheId in deviceCache.GetSubKeyNames())
{
RegistryKey cacheKey = Microsoft.Win32.Registry.CurrentUser.OpenSubKey($"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\TaskFlow\\DeviceCache\\{cacheId}");
if (cacheKey == null)
{
continue;
}
string currHostname = Environment.GetEnvironmentVariable("COMPUTERNAME").ToLower();
string cacheHostname = ((string) cacheKey.GetValue("DeviceName")).ToLower();
// windows timeline syncs with other hosts that a user has logged into, hence avoid false positives
if (cacheHostname == currHostname)
{
string biosInfo = "";
string manufacturer = (string) cacheKey.GetValue("DeviceMake");
string model = (string) cacheKey.GetValue("DeviceModel");
isVirtualMachine |= IsVirtualSystemInfo(biosInfo, manufacturer, model);
}
}
} }
return isVirtualMachine; return isVirtualMachine;
@ -85,7 +133,7 @@ namespace SafeExamBrowser.SystemComponents
ManagementObjectSearcher searcherCpu = new ManagementObjectSearcher("SELECT * FROM Win32_Processor"); ManagementObjectSearcher searcherCpu = new ManagementObjectSearcher("SELECT * FROM Win32_Processor");
// edge case where no CPU is detected? // TODO: how to handle no CPU?
foreach (ManagementObject obj in searcherCpu.Get()) foreach (ManagementObject obj in searcherCpu.Get())
{ {
isVirtualMachine |= ((string) obj["Name"]).ToLower().Contains(" kvm "); // qemu isVirtualMachine |= ((string) obj["Name"]).ToLower().Contains(" kvm "); // qemu
@ -103,6 +151,7 @@ namespace SafeExamBrowser.SystemComponents
var model = systemInfo.Model; var model = systemInfo.Model;
var devices = systemInfo.PlugAndPlayDeviceIds; var devices = systemInfo.PlugAndPlayDeviceIds;
// redundant: registry check (hardware config)
isVirtualMachine |= IsVirtualSystemInfo(biosInfo, manufacturer, model); isVirtualMachine |= IsVirtualSystemInfo(biosInfo, manufacturer, model);
isVirtualMachine |= IsVirtualWmi(); isVirtualMachine |= IsVirtualWmi();
isVirtualMachine |= IsVirtualRegistry(); isVirtualMachine |= IsVirtualRegistry();
@ -121,7 +170,6 @@ namespace SafeExamBrowser.SystemComponents
isVirtualMachine |= DEVICE_BLACKLIST.Any(d => device.ToLower().Contains(d.ToLower())); isVirtualMachine |= DEVICE_BLACKLIST.Any(d => device.ToLower().Contains(d.ToLower()));
} }
logger.Debug($"Computer '{systemInfo.Name}' appears {(isVirtualMachine ? "" : "not ")}to be a virtual machine."); logger.Debug($"Computer '{systemInfo.Name}' appears {(isVirtualMachine ? "" : "not ")}to be a virtual machine.");
return isVirtualMachine; return isVirtualMachine;