From 303a2768f7b03285d43e07e167e7ca402233a860 Mon Sep 17 00:00:00 2001 From: regevnoam1 Date: Tue, 31 Dec 2024 14:01:57 +0200 Subject: [PATCH 1/4] Added multi threading for init pipes --- PipeViewer/Form1.cs | 195 ++++++++++++++++++++------------------------ 1 file changed, 90 insertions(+), 105 deletions(-) diff --git a/PipeViewer/Form1.cs b/PipeViewer/Form1.cs index 2b451e1..7c16187 100644 --- a/PipeViewer/Form1.cs +++ b/PipeViewer/Form1.cs @@ -213,14 +213,14 @@ private void initializePipeListOrig() //} // # version 3 - private void initializePipeList() + private async void initializePipeList() { string[] listOfPipes = System.IO.Directory.GetFiles(@"\\.\pipe\"); - Parallel.ForEach(listOfPipes, namedPipe => - { - addNamedPipeToDataGridView(namedPipe); - }); + foreach(var pipe in listOfPipes) + { + await addNamedPipeToDataGridView(pipe); + } this.Invoke(new Action(() => { @@ -284,123 +284,108 @@ private void dataGridView1_SelectionChanged(object sender, EventArgs e) //} // https://blog.cjwdev.co.uk/2011/06/28/permissions-not-included-in-net-accessrule-filesystemrights-enum/ - private void addNamedPipeToDataGridView(string i_NamedPipe) + private async Task addNamedPipeToDataGridView(string namedPipe) { - // i_NamedPipe = @"\\.\pipe\myPipe"; - string permissions; - if (this.InvokeRequired) + try { - addNamedPipeToDataGridViewCallBack s = new addNamedPipeToDataGridViewCallBack(addNamedPipeToDataGridView); - this.Invoke(s, i_NamedPipe); - } - else - { - DataGridViewRow row = new DataGridViewRow(); - row.CreateCells(dataGridView1); - row.Cells[m_ColumnIndexes[ColumnName.HeaderText]].Value = i_NamedPipe; - row.DefaultCellStyle.Font = new Font(dataGridView1.DefaultCellStyle.Font, FontStyle.Regular); - - NtNamedPipeFileBase namedPipeObject = Engine.GetNamedPipeObject(i_NamedPipe, Engine.NamedPipeFunctionEndType.Client); - if (namedPipeObject == null) + // Perform heavy work in a background thread + var rowData = await Task.Run(() => { - namedPipeObject = Engine.GetNamedPipeObject(i_NamedPipe, Engine.NamedPipeFunctionEndType.Server); - } + var row = new DataGridViewRow(); + row.CreateCells(dataGridView1); + row.Cells[m_ColumnIndexes[ColumnName.HeaderText]].Value = namedPipe; - // NtNamedPipeFileBase namedPipeObjectClient = Engine.GetNamedPipeClientObject(i_NamedPipe); - // We added a check for empty name because it caused an exception with named pipe \\.\pipe\dbxsvc which wasn't NULL - // but add partial value exist on one machine. - - // We added try\catch because one specific bug with \\.\pipe\dbxsvc (DropBox). Maybe there is a better way to handle it? - try - { + NtNamedPipeFileBase namedPipeObject = Engine.GetNamedPipeObject(namedPipe, Engine.NamedPipeFunctionEndType.Client) + ?? Engine.GetNamedPipeObject(namedPipe, Engine.NamedPipeFunctionEndType.Server); if (namedPipeObject != null) { - row.Cells[m_ColumnIndexes[ColumnSddl.HeaderText]].Value = namedPipeObject.Sddl; + // Process security descriptors and pipe information + ProcessNamedPipeObject(namedPipeObject, row); + } + else + { + row.Cells[m_ColumnIndexes[ColumnPermissions.HeaderText]].Value = "No DACL -> FULL permissions"; + row.Cells[m_ColumnIndexes[ColumnPermissions.HeaderText]].Style.BackColor = Color.Red; + } - Color cellColor = Color.White; - if (namedPipeObject.SecurityDescriptor.Dacl.Count != 0) - { - permissions = ""; + return row; + }); - foreach (Ace dacl in namedPipeObject.SecurityDescriptor.Dacl) - { - string permissionReadOrWrite = Engine.ConvertAccessMaskToSimplePermissions(dacl.Mask.Access); - string allowedOrNotAllowed = dacl.Type.ToString(); - - // TODO: why adding to a new group doesn't show the new group - foreach (IdentityReference group in m_CurrentIdentity.Groups) - { - SecurityIdentifier sid = (SecurityIdentifier)group.Translate(typeof(SecurityIdentifier)); - if ((m_CurrentUserSid.Equals(dacl.Sid.ToString()) || sid.Value.Equals(dacl.Sid.ToString())) && allowedOrNotAllowed.Contains("Allowed")) - { - if (!m_SidDict.ContainsKey(dacl.Sid.Name)) - { - m_SidDict.Add(dacl.Sid.Name, dacl.Sid.ToString()); - } - if (permissionReadOrWrite.Contains("R")) - { - cellColor = Color.Yellow; - } - if (permissionReadOrWrite.Contains("W") || permissionReadOrWrite.Contains("Full") || permissionReadOrWrite.Contains("RW")) - { - cellColor = Color.LightGreen; - break; - } - } - } - - row.Cells[m_ColumnIndexes[ColumnPermissions.HeaderText]].Style.BackColor = cellColor; - permissions += allowedOrNotAllowed + " "; - permissions += permissionReadOrWrite; - permissions += " " + dacl.Sid.Name + "; \n"; - } + // Update the UI on the main thread + this.Invoke((Action)(() => + { + dataGridView1.Rows.Add(rowData); + this.m_NamedPipesNumber++; + this.toolStripStatusLabelTotalNamedPipes.Text = "Total Named Pipes: " + this.m_NamedPipesNumber; + })); + } + catch (Exception ex) + { + // Log or handle exceptions here + } + } + + private void ProcessNamedPipeObject(NtNamedPipeFileBase namedPipeObject, DataGridViewRow row) + { + string permissions = ""; + Color cellColor = Color.White; - row.Cells[m_ColumnIndexes[ColumnPermissions.HeaderText]].Value = permissions; - } else + foreach (Ace dacl in namedPipeObject.SecurityDescriptor.Dacl) + { + string permissionReadOrWrite = Engine.ConvertAccessMaskToSimplePermissions(dacl.Mask.Access); + string allowedOrNotAllowed = dacl.Type.ToString(); + + foreach (IdentityReference group in m_CurrentIdentity.Groups) + { + SecurityIdentifier sid = (SecurityIdentifier)group.Translate(typeof(SecurityIdentifier)); + if ((m_CurrentUserSid.Equals(dacl.Sid.ToString()) || sid.Value.Equals(dacl.Sid.ToString())) && allowedOrNotAllowed.Contains("Allowed")) + { + if (!m_SidDict.ContainsKey(dacl.Sid.Name)) { - row.Cells[m_ColumnIndexes[ColumnPermissions.HeaderText]].Value = "NO DACL -> FULL permissions"; - //row.Cells[m_ColumnIndexes[ColumnPermissions.HeaderText]].Style.Font = new Font(dataGridView1.DefaultCellStyle.Font, FontStyle.Bold); - row.Cells[m_ColumnIndexes[ColumnPermissions.HeaderText]].Style.BackColor = Color.Red; + m_SidDict.Add(dacl.Sid.Name, dacl.Sid.ToString()); + } + if (permissionReadOrWrite.Contains("R")) + { + cellColor = Color.Yellow; + } + if (permissionReadOrWrite.Contains("W") || permissionReadOrWrite.Contains("Full") || permissionReadOrWrite.Contains("RW")) + { + cellColor = Color.LightGreen; + break; } - - row.Cells[m_ColumnIndexes[ColumnOwnerSid.HeaderText]].Value = namedPipeObject.SecurityDescriptor.Owner.Sid.ToString(); - row.Cells[m_ColumnIndexes[ColumnOwnerName.HeaderText]].Value = namedPipeObject.SecurityDescriptor.Owner.Sid.Name; - row.Cells[m_ColumnIndexes[ColumnGroupSid.HeaderText]].Value = namedPipeObject.SecurityDescriptor.Group.Sid.ToString(); - row.Cells[m_ColumnIndexes[ColumnGroupName.HeaderText]].Value = namedPipeObject.SecurityDescriptor.Group.Sid.Name; - row.Cells[m_ColumnIndexes[ColumnIntegrityLevel.HeaderText]].Value = namedPipeObject.SecurityDescriptor.IntegrityLevel; - row.Cells[m_ColumnIndexes[ColumnEndPointType.HeaderText]].Value = namedPipeObject.EndPointType; - row.Cells[m_ColumnIndexes[ColumnConfiguration.HeaderText]].Value = namedPipeObject.Configuration; - - row.Cells[m_ColumnIndexes[ColumnPipeType.HeaderText]].Value = namedPipeObject.PipeType; - row.Cells[m_ColumnIndexes[ColumnReadMode.HeaderText]].Value = namedPipeObject.ReadMode; - row.Cells[m_ColumnIndexes[ColumnDirectoryGrantedAccess.HeaderText]].Value = namedPipeObject.DirectoryGrantedAccess; - row.Cells[m_ColumnIndexes[ColumnGrantedAccess.HeaderText]].Value = namedPipeObject.GrantedAccess; - row.Cells[m_ColumnIndexes[ColumnGrantedAccessGeneric.HeaderText]].Value = namedPipeObject.GrantedAccessGeneric; - row.Cells[m_ColumnIndexes[ColumnHandle.HeaderText]].Value = namedPipeObject.Handle.ToString(); - row.Cells[m_ColumnIndexes[ColumnCreationTime.HeaderText]].Value = namedPipeObject.CreationTime; - - row.Cells[m_ColumnIndexes[ColumnClientPID.HeaderText]].Value = getProcessNameWithProcessPIDs(namedPipeObject); - row.Cells[m_ColumnIndexes[ColumnNumberOfLinks.HeaderText]].Value = namedPipeObject.NumberOfLinks; - row.Cells[m_ColumnIndexes[ColumnFileCreationTime.HeaderText]].Value = namedPipeObject.FileCreationTime; - row.Cells[m_ColumnIndexes[ColumnLastAccessTime.HeaderText]].Value = namedPipeObject.LastAccessTime; - row.Cells[m_ColumnIndexes[ColumnLastWriteTime.HeaderText]].Value = namedPipeObject.LastWriteTime; - row.Cells[m_ColumnIndexes[ColumnChangeTime.HeaderText]].Value = namedPipeObject.ChangeTime; } } - catch (Exception) - { - // TODO: write to log - } - - - dataGridView1.Rows.Add(row); - this.m_NamedPipesNumber += 1; - this.toolStripStatusLabelTotalNamedPipes.Text = "Total Named Pipes: " + this.m_NamedPipesNumber; - } + permissions += $"{allowedOrNotAllowed} {permissionReadOrWrite} {dacl.Sid.Name}; \n"; + } + + row.Cells[m_ColumnIndexes[ColumnPermissions.HeaderText]].Value = permissions; + row.Cells[m_ColumnIndexes[ColumnPermissions.HeaderText]].Style.BackColor = cellColor; + + row.Cells[m_ColumnIndexes[ColumnOwnerSid.HeaderText]].Value = namedPipeObject.SecurityDescriptor.Owner.Sid.ToString(); + row.Cells[m_ColumnIndexes[ColumnOwnerName.HeaderText]].Value = namedPipeObject.SecurityDescriptor.Owner.Sid.Name; + row.Cells[m_ColumnIndexes[ColumnGroupSid.HeaderText]].Value = namedPipeObject.SecurityDescriptor.Group.Sid.ToString(); + row.Cells[m_ColumnIndexes[ColumnGroupName.HeaderText]].Value = namedPipeObject.SecurityDescriptor.Group.Sid.Name; + row.Cells[m_ColumnIndexes[ColumnIntegrityLevel.HeaderText]].Value = namedPipeObject.SecurityDescriptor.IntegrityLevel; + row.Cells[m_ColumnIndexes[ColumnEndPointType.HeaderText]].Value = namedPipeObject.EndPointType; + row.Cells[m_ColumnIndexes[ColumnConfiguration.HeaderText]].Value = namedPipeObject.Configuration; + row.Cells[m_ColumnIndexes[ColumnPipeType.HeaderText]].Value = namedPipeObject.PipeType; + row.Cells[m_ColumnIndexes[ColumnReadMode.HeaderText]].Value = namedPipeObject.ReadMode; + row.Cells[m_ColumnIndexes[ColumnDirectoryGrantedAccess.HeaderText]].Value = namedPipeObject.DirectoryGrantedAccess; + row.Cells[m_ColumnIndexes[ColumnGrantedAccess.HeaderText]].Value = namedPipeObject.GrantedAccess; + row.Cells[m_ColumnIndexes[ColumnGrantedAccessGeneric.HeaderText]].Value = namedPipeObject.GrantedAccessGeneric; + row.Cells[m_ColumnIndexes[ColumnHandle.HeaderText]].Value = namedPipeObject.Handle.ToString(); + row.Cells[m_ColumnIndexes[ColumnCreationTime.HeaderText]].Value = namedPipeObject.CreationTime; + row.Cells[m_ColumnIndexes[ColumnClientPID.HeaderText]].Value = getProcessNameWithProcessPIDs(namedPipeObject); + row.Cells[m_ColumnIndexes[ColumnNumberOfLinks.HeaderText]].Value = namedPipeObject.NumberOfLinks; + row.Cells[m_ColumnIndexes[ColumnFileCreationTime.HeaderText]].Value = namedPipeObject.FileCreationTime; + row.Cells[m_ColumnIndexes[ColumnLastAccessTime.HeaderText]].Value = namedPipeObject.LastAccessTime; + row.Cells[m_ColumnIndexes[ColumnLastWriteTime.HeaderText]].Value = namedPipeObject.LastWriteTime; + row.Cells[m_ColumnIndexes[ColumnChangeTime.HeaderText]].Value = namedPipeObject.ChangeTime; } + private string getProcessNameWithProcessPIDs(NtNamedPipeFileBase i_NamedPipe) { var processNames = i_NamedPipe.GetUsingProcessIds() From 5f2449d1cd2d5e2d712b860dbd175e4e3c5f5516 Mon Sep 17 00:00:00 2001 From: Noam Regev <121763006+regevnoam1@users.noreply.github.com> Date: Sun, 5 Jan 2025 11:26:28 +0200 Subject: [PATCH 2/4] Update Form1.cs --- PipeViewer/Form1.cs | 124 +++++++++++++++++++++++++++----------------- 1 file changed, 75 insertions(+), 49 deletions(-) diff --git a/PipeViewer/Form1.cs b/PipeViewer/Form1.cs index 7c16187..4553462 100644 --- a/PipeViewer/Form1.cs +++ b/PipeViewer/Form1.cs @@ -218,8 +218,11 @@ private async void initializePipeList() string[] listOfPipes = System.IO.Directory.GetFiles(@"\\.\pipe\"); foreach(var pipe in listOfPipes) - { - await addNamedPipeToDataGridView(pipe); + { + if (pipe.StartsWith(@"\\.\pipe\")) + { + await addNamedPipeToDataGridView(pipe); + } } this.Invoke(new Action(() => @@ -328,64 +331,87 @@ private async Task addNamedPipeToDataGridView(string namedPipe) private void ProcessNamedPipeObject(NtNamedPipeFileBase namedPipeObject, DataGridViewRow row) { - string permissions = ""; - Color cellColor = Color.White; - - foreach (Ace dacl in namedPipeObject.SecurityDescriptor.Dacl) + try { - string permissionReadOrWrite = Engine.ConvertAccessMaskToSimplePermissions(dacl.Mask.Access); - string allowedOrNotAllowed = dacl.Type.ToString(); + string permissions = ""; + Color cellColor = Color.White; - foreach (IdentityReference group in m_CurrentIdentity.Groups) + // Check for null or empty SecurityDescriptor or DACL + if (namedPipeObject.SecurityDescriptor == null || namedPipeObject.SecurityDescriptor.Dacl == null || namedPipeObject.SecurityDescriptor.Dacl.Count == 0) { - SecurityIdentifier sid = (SecurityIdentifier)group.Translate(typeof(SecurityIdentifier)); - if ((m_CurrentUserSid.Equals(dacl.Sid.ToString()) || sid.Value.Equals(dacl.Sid.ToString())) && allowedOrNotAllowed.Contains("Allowed")) + row.Cells[m_ColumnIndexes[ColumnPermissions.HeaderText]].Value = "NO DACL -> FULL permissions"; + row.Cells[m_ColumnIndexes[ColumnPermissions.HeaderText]].Style.BackColor = Color.Red; + } + else + { + // Process each ACE in the DACL + foreach (Ace dacl in namedPipeObject.SecurityDescriptor.Dacl) { - if (!m_SidDict.ContainsKey(dacl.Sid.Name)) - { - m_SidDict.Add(dacl.Sid.Name, dacl.Sid.ToString()); - } - if (permissionReadOrWrite.Contains("R")) - { - cellColor = Color.Yellow; - } - if (permissionReadOrWrite.Contains("W") || permissionReadOrWrite.Contains("Full") || permissionReadOrWrite.Contains("RW")) + string permissionReadOrWrite = Engine.ConvertAccessMaskToSimplePermissions(dacl.Mask.Access); + string allowedOrNotAllowed = dacl.Type.ToString(); + + // Check if the current user or their groups have permissions + foreach (IdentityReference group in m_CurrentIdentity.Groups) { - cellColor = Color.LightGreen; - break; + SecurityIdentifier sid = (SecurityIdentifier)group.Translate(typeof(SecurityIdentifier)); + if ((m_CurrentUserSid.Equals(dacl.Sid.ToString()) || sid.Value.Equals(dacl.Sid.ToString())) && allowedOrNotAllowed.Contains("Allowed")) + { + // Add SID to dictionary if not already present + if (!m_SidDict.ContainsKey(dacl.Sid.Name)) + { + m_SidDict.Add(dacl.Sid.Name, dacl.Sid.ToString()); + } + + // Determine cell color based on permissions + if (permissionReadOrWrite.Contains("R")) + { + cellColor = Color.Yellow; + } + if (permissionReadOrWrite.Contains("W") || permissionReadOrWrite.Contains("Full") || permissionReadOrWrite.Contains("RW")) + { + cellColor = Color.LightGreen; + break; + } + } } + + permissions += $"{allowedOrNotAllowed} {permissionReadOrWrite} {dacl.Sid.Name}; \n"; } + + // Assign permissions and color + row.Cells[m_ColumnIndexes[ColumnPermissions.HeaderText]].Value = permissions; + row.Cells[m_ColumnIndexes[ColumnPermissions.HeaderText]].Style.BackColor = cellColor; } - permissions += $"{allowedOrNotAllowed} {permissionReadOrWrite} {dacl.Sid.Name}; \n"; - } - - row.Cells[m_ColumnIndexes[ColumnPermissions.HeaderText]].Value = permissions; - row.Cells[m_ColumnIndexes[ColumnPermissions.HeaderText]].Style.BackColor = cellColor; - - row.Cells[m_ColumnIndexes[ColumnOwnerSid.HeaderText]].Value = namedPipeObject.SecurityDescriptor.Owner.Sid.ToString(); - row.Cells[m_ColumnIndexes[ColumnOwnerName.HeaderText]].Value = namedPipeObject.SecurityDescriptor.Owner.Sid.Name; - row.Cells[m_ColumnIndexes[ColumnGroupSid.HeaderText]].Value = namedPipeObject.SecurityDescriptor.Group.Sid.ToString(); - row.Cells[m_ColumnIndexes[ColumnGroupName.HeaderText]].Value = namedPipeObject.SecurityDescriptor.Group.Sid.Name; - row.Cells[m_ColumnIndexes[ColumnIntegrityLevel.HeaderText]].Value = namedPipeObject.SecurityDescriptor.IntegrityLevel; - row.Cells[m_ColumnIndexes[ColumnEndPointType.HeaderText]].Value = namedPipeObject.EndPointType; - row.Cells[m_ColumnIndexes[ColumnConfiguration.HeaderText]].Value = namedPipeObject.Configuration; - row.Cells[m_ColumnIndexes[ColumnPipeType.HeaderText]].Value = namedPipeObject.PipeType; - row.Cells[m_ColumnIndexes[ColumnReadMode.HeaderText]].Value = namedPipeObject.ReadMode; - row.Cells[m_ColumnIndexes[ColumnDirectoryGrantedAccess.HeaderText]].Value = namedPipeObject.DirectoryGrantedAccess; - row.Cells[m_ColumnIndexes[ColumnGrantedAccess.HeaderText]].Value = namedPipeObject.GrantedAccess; - row.Cells[m_ColumnIndexes[ColumnGrantedAccessGeneric.HeaderText]].Value = namedPipeObject.GrantedAccessGeneric; - row.Cells[m_ColumnIndexes[ColumnHandle.HeaderText]].Value = namedPipeObject.Handle.ToString(); - row.Cells[m_ColumnIndexes[ColumnCreationTime.HeaderText]].Value = namedPipeObject.CreationTime; - row.Cells[m_ColumnIndexes[ColumnClientPID.HeaderText]].Value = getProcessNameWithProcessPIDs(namedPipeObject); - row.Cells[m_ColumnIndexes[ColumnNumberOfLinks.HeaderText]].Value = namedPipeObject.NumberOfLinks; - row.Cells[m_ColumnIndexes[ColumnFileCreationTime.HeaderText]].Value = namedPipeObject.FileCreationTime; - row.Cells[m_ColumnIndexes[ColumnLastAccessTime.HeaderText]].Value = namedPipeObject.LastAccessTime; - row.Cells[m_ColumnIndexes[ColumnLastWriteTime.HeaderText]].Value = namedPipeObject.LastWriteTime; - row.Cells[m_ColumnIndexes[ColumnChangeTime.HeaderText]].Value = namedPipeObject.ChangeTime; + // Fill other row columns with named pipe object data + row.Cells[m_ColumnIndexes[ColumnOwnerSid.HeaderText]].Value = namedPipeObject.SecurityDescriptor.Owner.Sid.ToString(); + row.Cells[m_ColumnIndexes[ColumnOwnerName.HeaderText]].Value = namedPipeObject.SecurityDescriptor.Owner.Sid.Name; + row.Cells[m_ColumnIndexes[ColumnGroupSid.HeaderText]].Value = namedPipeObject.SecurityDescriptor.Group.Sid.ToString(); + row.Cells[m_ColumnIndexes[ColumnGroupName.HeaderText]].Value = namedPipeObject.SecurityDescriptor.Group.Sid.Name; + row.Cells[m_ColumnIndexes[ColumnIntegrityLevel.HeaderText]].Value = namedPipeObject.SecurityDescriptor.IntegrityLevel; + row.Cells[m_ColumnIndexes[ColumnEndPointType.HeaderText]].Value = namedPipeObject.EndPointType; + row.Cells[m_ColumnIndexes[ColumnConfiguration.HeaderText]].Value = namedPipeObject.Configuration; + row.Cells[m_ColumnIndexes[ColumnPipeType.HeaderText]].Value = namedPipeObject.PipeType; + row.Cells[m_ColumnIndexes[ColumnReadMode.HeaderText]].Value = namedPipeObject.ReadMode; + row.Cells[m_ColumnIndexes[ColumnDirectoryGrantedAccess.HeaderText]].Value = namedPipeObject.DirectoryGrantedAccess; + row.Cells[m_ColumnIndexes[ColumnGrantedAccess.HeaderText]].Value = namedPipeObject.GrantedAccess; + row.Cells[m_ColumnIndexes[ColumnGrantedAccessGeneric.HeaderText]].Value = namedPipeObject.GrantedAccessGeneric; + row.Cells[m_ColumnIndexes[ColumnHandle.HeaderText]].Value = namedPipeObject.Handle.ToString(); + row.Cells[m_ColumnIndexes[ColumnCreationTime.HeaderText]].Value = namedPipeObject.CreationTime; + row.Cells[m_ColumnIndexes[ColumnClientPID.HeaderText]].Value = getProcessNameWithProcessPIDs(namedPipeObject); + row.Cells[m_ColumnIndexes[ColumnNumberOfLinks.HeaderText]].Value = namedPipeObject.NumberOfLinks; + row.Cells[m_ColumnIndexes[ColumnFileCreationTime.HeaderText]].Value = namedPipeObject.FileCreationTime; + row.Cells[m_ColumnIndexes[ColumnLastAccessTime.HeaderText]].Value = namedPipeObject.LastAccessTime; + row.Cells[m_ColumnIndexes[ColumnLastWriteTime.HeaderText]].Value = namedPipeObject.LastWriteTime; + row.Cells[m_ColumnIndexes[ColumnChangeTime.HeaderText]].Value = namedPipeObject.ChangeTime; + } + catch (Exception ex) + { + // Log the exception for debugging purposes + Console.WriteLine($"Error processing named pipe object: {ex.Message}"); + } } - private string getProcessNameWithProcessPIDs(NtNamedPipeFileBase i_NamedPipe) { var processNames = i_NamedPipe.GetUsingProcessIds() From 7d81620647223a2e62ddc6583772f9037d909ed4 Mon Sep 17 00:00:00 2001 From: Noam Regev <121763006+regevnoam1@users.noreply.github.com> Date: Sun, 5 Jan 2025 11:32:58 +0200 Subject: [PATCH 3/4] Update Form1.cs --- PipeViewer/Form1.cs | 6 ------ 1 file changed, 6 deletions(-) diff --git a/PipeViewer/Form1.cs b/PipeViewer/Form1.cs index 4553462..6caa720 100644 --- a/PipeViewer/Form1.cs +++ b/PipeViewer/Form1.cs @@ -306,12 +306,6 @@ private async Task addNamedPipeToDataGridView(string namedPipe) // Process security descriptors and pipe information ProcessNamedPipeObject(namedPipeObject, row); } - else - { - row.Cells[m_ColumnIndexes[ColumnPermissions.HeaderText]].Value = "No DACL -> FULL permissions"; - row.Cells[m_ColumnIndexes[ColumnPermissions.HeaderText]].Style.BackColor = Color.Red; - } - return row; }); From 440381adf2c40fd6d1bfbebee7d45f4252ec9c83 Mon Sep 17 00:00:00 2001 From: Noam Regev <121763006+regevnoam1@users.noreply.github.com> Date: Tue, 11 Feb 2025 13:38:11 +0200 Subject: [PATCH 4/4] Fix F3 and Bold --- PipeViewer/Form1.cs | 137 ++++++++++++++++++++++++++------------------ 1 file changed, 82 insertions(+), 55 deletions(-) diff --git a/PipeViewer/Form1.cs b/PipeViewer/Form1.cs index 6caa720..cf537b8 100644 --- a/PipeViewer/Form1.cs +++ b/PipeViewer/Form1.cs @@ -1,4 +1,4 @@ -using System; +using System; using System.Collections.Generic; using System.Data; using System.Drawing; @@ -219,10 +219,11 @@ private async void initializePipeList() foreach(var pipe in listOfPipes) { - if (pipe.StartsWith(@"\\.\pipe\")) - { - await addNamedPipeToDataGridView(pipe); - } + if (pipe.StartsWith(@"\\.\pipe\")) + { + await addNamedPipeToDataGridView(pipe); + } + } this.Invoke(new Action(() => @@ -306,6 +307,7 @@ private async Task addNamedPipeToDataGridView(string namedPipe) // Process security descriptors and pipe information ProcessNamedPipeObject(namedPipeObject, row); } + return row; }); @@ -319,7 +321,8 @@ private async Task addNamedPipeToDataGridView(string namedPipe) } catch (Exception ex) { - // Log or handle exceptions here + //TODO - Log the exception + } } @@ -335,48 +338,47 @@ private void ProcessNamedPipeObject(NtNamedPipeFileBase namedPipeObject, DataGri { row.Cells[m_ColumnIndexes[ColumnPermissions.HeaderText]].Value = "NO DACL -> FULL permissions"; row.Cells[m_ColumnIndexes[ColumnPermissions.HeaderText]].Style.BackColor = Color.Red; + return; } - else + + foreach (Ace dacl in namedPipeObject.SecurityDescriptor.Dacl) { - // Process each ACE in the DACL - foreach (Ace dacl in namedPipeObject.SecurityDescriptor.Dacl) - { - string permissionReadOrWrite = Engine.ConvertAccessMaskToSimplePermissions(dacl.Mask.Access); - string allowedOrNotAllowed = dacl.Type.ToString(); + string permissionReadOrWrite = Engine.ConvertAccessMaskToSimplePermissions(dacl.Mask.Access); + string allowedOrNotAllowed = dacl.Type.ToString(); - // Check if the current user or their groups have permissions - foreach (IdentityReference group in m_CurrentIdentity.Groups) + // Check if the current user or their groups have permissions + foreach (IdentityReference group in m_CurrentIdentity.Groups) + { + SecurityIdentifier sid = (SecurityIdentifier)group.Translate(typeof(SecurityIdentifier)); + if ((m_CurrentUserSid.Equals(dacl.Sid.ToString()) || sid.Value.Equals(dacl.Sid.ToString())) && allowedOrNotAllowed.Contains("Allowed")) { - SecurityIdentifier sid = (SecurityIdentifier)group.Translate(typeof(SecurityIdentifier)); - if ((m_CurrentUserSid.Equals(dacl.Sid.ToString()) || sid.Value.Equals(dacl.Sid.ToString())) && allowedOrNotAllowed.Contains("Allowed")) + // Add SID to dictionary if not already present + if (!m_SidDict.ContainsKey(dacl.Sid.Name)) { - // Add SID to dictionary if not already present - if (!m_SidDict.ContainsKey(dacl.Sid.Name)) - { - m_SidDict.Add(dacl.Sid.Name, dacl.Sid.ToString()); - } - - // Determine cell color based on permissions - if (permissionReadOrWrite.Contains("R")) - { - cellColor = Color.Yellow; - } - if (permissionReadOrWrite.Contains("W") || permissionReadOrWrite.Contains("Full") || permissionReadOrWrite.Contains("RW")) - { - cellColor = Color.LightGreen; - break; - } + m_SidDict.Add(dacl.Sid.Name, dacl.Sid.ToString()); } - } - permissions += $"{allowedOrNotAllowed} {permissionReadOrWrite} {dacl.Sid.Name}; \n"; + // Determine cell color based on permissions + if (permissionReadOrWrite.Contains("R")) + { + cellColor = Color.Yellow; + } + if (permissionReadOrWrite.Contains("W") || permissionReadOrWrite.Contains("Full") || permissionReadOrWrite.Contains("RW")) + { + cellColor = Color.LightGreen; + break; + } + } } - // Assign permissions and color - row.Cells[m_ColumnIndexes[ColumnPermissions.HeaderText]].Value = permissions; - row.Cells[m_ColumnIndexes[ColumnPermissions.HeaderText]].Style.BackColor = cellColor; + permissions += $"{allowedOrNotAllowed} {permissionReadOrWrite} {dacl.Sid.Name}; \n"; } + // Assign permissions and color + row.Cells[m_ColumnIndexes[ColumnPermissions.HeaderText]].Value = permissions; + row.Cells[m_ColumnIndexes[ColumnPermissions.HeaderText]].Style.BackColor = cellColor; + + // Fill other row columns with named pipe object data row.Cells[m_ColumnIndexes[ColumnOwnerSid.HeaderText]].Value = namedPipeObject.SecurityDescriptor.Owner.Sid.ToString(); row.Cells[m_ColumnIndexes[ColumnOwnerName.HeaderText]].Value = namedPipeObject.SecurityDescriptor.Owner.Sid.Name; @@ -406,6 +408,8 @@ private void ProcessNamedPipeObject(NtNamedPipeFileBase namedPipeObject, DataGri } } + + private string getProcessNameWithProcessPIDs(NtNamedPipeFileBase i_NamedPipe) { var processNames = i_NamedPipe.GetUsingProcessIds() @@ -522,30 +526,41 @@ protected override bool ProcessCmdKey(ref Message msg, Keys keyData) } else if (keyData == (Keys.Control | Keys.B)) { - Font boldFont = new Font(dataGridView1.DefaultCellStyle.Font, FontStyle.Bold); - Font font = new Font(dataGridView1.DefaultCellStyle.Font, FontStyle.Regular); + Font baseFont = dataGridView1.DefaultCellStyle.Font; + Font boldFont = new Font(baseFont, FontStyle.Bold); + Font regularFont = new Font(baseFont, FontStyle.Regular); foreach (DataGridViewCell cell in dataGridView1.SelectedCells) { - - if (!dataGridView1.Rows[cell.RowIndex].DefaultCellStyle.Font.Bold) + var rowStyle = dataGridView1.Rows[cell.RowIndex].DefaultCellStyle; + if (rowStyle.Font == null) { - font = boldFont; + rowStyle.Font = baseFont; + } + if (!rowStyle.Font.Bold) + { + rowStyle.Font = boldFont; + } + else + { + rowStyle.Font = regularFont; } - - dataGridView1.Rows[cell.RowIndex].DefaultCellStyle.Font = font; } foreach (DataGridViewRow selectedRow in dataGridView1.SelectedRows) { - + if (selectedRow.DefaultCellStyle.Font == null) + { + selectedRow.DefaultCellStyle.Font = baseFont; + } if (!selectedRow.DefaultCellStyle.Font.Bold) { - font = boldFont; + selectedRow.DefaultCellStyle.Font = boldFont; + } + else + { + selectedRow.DefaultCellStyle.Font = regularFont; } - - dataGridView1.Rows[selectedRow.Index].DefaultCellStyle.Font = font; - } result = true; } @@ -562,12 +577,18 @@ protected override bool ProcessCmdKey(ref Message msg, Keys keyData) else if (keyData == (Keys.F3)) { // We need to implement the options for the search + dataGridView1.Columns["ColumnName"].SortMode = DataGridViewColumnSortMode.NotSortable; FindWindow_searchForMatch(m_LastSearchValue, true, false, false); + dataGridView1.Columns["ColumnName"].SortMode = DataGridViewColumnSortMode.Automatic; + } else if (keyData == (Keys.Shift | Keys.F3)) { // We need to implement the options for the search + dataGridView1.Columns["ColumnName"].SortMode = DataGridViewColumnSortMode.NotSortable; FindWindow_searchForMatch(m_LastSearchValue, false, false, false); + dataGridView1.Columns["ColumnName"].SortMode = DataGridViewColumnSortMode.Automatic; + } return result; @@ -671,19 +692,25 @@ private void FindWindow_searchForMatch(string i_SearchString, bool i_SearchDown, { break; } + DataGridViewRow row = dataGridView1.Rows[i]; + if (row == null || !row.Visible || i_SearchString == null) + { + continue; + } - foreach (DataGridViewCell cell in dataGridView1.Rows[i].Cells) + foreach (DataGridViewCell cell in row.Cells) { - // TODO: Add support in Case Sensitive, replicate to RPCMon. - if (dataGridView1.Rows[i].Visible && cell.Value != null && cell.Value.ToString().ToLower().Contains(i_SearchString.ToLower())) + string cellText = cell.Value?.ToString(); + + if (cellText != null && cellText.ToLower().Contains(i_SearchString.ToLower())) { cleanAllSelectedCells(); - dataGridView1.Rows[i].Selected = true; + row.Selected = true; foundMatch = true; - dataGridView1.CurrentCell = dataGridView1.Rows[i].Cells[0]; + dataGridView1.CurrentCell = row.Cells[0]; dataGridView1.FirstDisplayedScrollingRowIndex = dataGridView1.SelectedRows[0].Index; - + break; } }