Skip to content

Commit

Permalink
configuration related fixups
Browse files Browse the repository at this point in the history
  • Loading branch information
@sagiesec
sagiesec committed Jan 11, 2024
1 parent 2170ede commit 41610cd
Show file tree
Hide file tree
Showing 2 changed files with 39 additions and 3 deletions.
28 changes: 27 additions & 1 deletion rpcFirewall/dllmain.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -452,10 +452,28 @@ std::wstring extractKeyValueFromConfigLineInner(const std::wstring& confLine, co
return val;
}

void removeCharFromStrig(const std::wstring& chr, std::wstring& s)
{
size_t pos = s.find(chr.c_str());
while (pos != std::wstring::npos) {
s.replace(pos, 1, L"");
pos = s.find(chr.c_str(), pos);
}
}

void removeEOLCharsFromString(std::wstring& s)
{
removeCharFromStrig(L"\r", s);
removeCharFromStrig(L"\n", s);
}

std::wstring extractKeyValueFromConfigLine(const std::wstring& confLine, const std::wstring& key)
{
std::wstring fixedConfLine = confLine;

removeEOLCharsFromString(fixedConfLine);
removeEOLCharsFromString(fixedConfLine);

fixedConfLine.replace(fixedConfLine.size() - 1, 1, _T(" "));

return extractKeyValueFromConfigLineInner(fixedConfLine, key);
Expand Down Expand Up @@ -1417,6 +1435,7 @@ bool processRPCCallInternal(wchar_t* functionName, PRPC_MESSAGE pRpcMsg)
byte buffSrc[0x80] = {0};
unsigned long buffersize = 0x80;

std::wstring srcAddrFromConnectionTmp;
std::wstring srcAddrFromConnection;
unsigned short srcPort = 0;

Expand All @@ -1427,7 +1446,14 @@ bool processRPCCallInternal(wchar_t* functionName, PRPC_MESSAGE pRpcMsg)
}
else
{
srcPort = getAddressAndPortFromBuffer(srcAddrFromConnection, buffSrc);
srcPort = getAddressAndPortFromBuffer(srcAddrFromConnectionTmp, buffSrc);
}

// Removing possible excess chars from Ipv6 addresses
for (wchar_t ch : srcAddrFromConnectionTmp) {
if (ch != L'\\' && ch != L'[' && ch != L']') {
srcAddrFromConnection += ch;
}
}

byte buffDst[0x80] = { 0 };
Expand Down
14 changes: 12 additions & 2 deletions rpcFwManager/RPCMgr.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -141,6 +141,7 @@ void getHelp()
_tprintf(TEXT("Usage: rpcFwManager /<Command> [options] \n\n"));
_tprintf(TEXT("command:\n"));
_tprintf(TEXT("----------\n"));
_tprintf(TEXT("show\t\t - print various rpc related info (protected processes, for now...).\n"));
_tprintf(TEXT("install\t\t - configure EventLogs, auditing, put DLLs in the %%SystemRoot%%\\system32 folder.\n"));
_tprintf(TEXT("uninstall\t - undo installation changes.\n"));
_tprintf(TEXT("start [options/pid/process]\t- Apply RPC protections according to the configuration file.\n"));
Expand Down Expand Up @@ -475,8 +476,6 @@ void cmdStatusRPCFW()

outputMessage(L"\n");
printProcessesWithRPCFW();
outputMessage(L"\n");
printProtectedProcesses();


outputMessage(L"\n\tconfiguration:");
Expand All @@ -485,6 +484,13 @@ void cmdStatusRPCFW()

}

void cmdShow()
{
elevateCurrentProcessToSystem();
outputMessage(L"\n");
printProtectedProcesses();
}

void cmdStatus(std::wstring& param)
{
std::wstring errMsg = _T("usage: /status <fw/flt/all>\n");
Expand Down Expand Up @@ -616,6 +622,10 @@ int _tmain(int argc, wchar_t* argv[])
{
cmdStatus(param);
}
else if (cmmd.find(_T("/show")) != std::string::npos)
{
cmdShow();
}
else
{
getHelp();
Expand Down

0 comments on commit 41610cd

Please sign in to comment.