Been trying to write a simple enscript for a school project to read the information stored in the registry. Looked into enscript help and decided to try the registry class example script. while compiling there were 2 errors "if (dash ≥ 0) {" and "if (end ≥ 0)" which i changed to "if (dash >= 0) {" and "if (end >= 0)". afterwhich there is no other errors. i tried to run this enscript on a raw evidence file of my previous projects but there is no results. i havve checked and found that the registry keys are residing within the evidence file.
This is the code from the enscript help. i have tried to google but unfortunately i could not find any guide or help regarding this issue on the internet
class MainClass {
SafeClass Safe; //object to connect to SAFE
RoleClass RoleRoot, //list of all roles for a given user
Role; //role user choose to take
NetworkClass SweepNet; //list of remote nodes to connect to
RegValueClass Results; //holds the results of the counts
String NetText, //textual list of remote nodes
ClientReturnAddress, //for NODECLIENT connection options
StatusBarName; //name to be displayed in the status bar
int NumConnections, //number of SAFE connections to use
ConnectOptions; // Connection Options: INDIRECT, CLIENTNODELOCAL, CLIENTNODESAFE, NODECLIENT
MainClass() :
Safe(),
RoleRoot(),
Role(),
SweepNet(),
Results(),
NumConnections = 1,
ConnectOptions = ConnectionClass::CLIENTNODESAFE,
StatusBarName = "RegistryClass demo"
{
}
/**
Entry point of the Enscript
**/
void Main(CaseClass c) {
if (c) {
SystemClass::ClearConsole();
if (Safe.Logon(null) && ShowDiag() == SystemClass::OK) {
Sweep();
Output(c);
SystemClass::Message(0, "Success", StatusBarName + ": Completed Successfully!");
}
}
else
SystemClass::Message(0, "Error", "Need an open case so that results of registry queries can be added!");
}
/**
This method contains the logic we want to apply to each node on the network
**/
void Process(ConnectionClass conn, SnapshotClass snap) {
Console.WriteLine("Processing Machine " + snap.Name());
//build command list
RegCommandClass cmds();
new RegCommandClass(cmds, "windows product name query", RegCommandClass::READVALUE, RegCommandClass::HKEY_LOCAL_MACHINE,"Software\\Microsoft\\Windows NT\\CurrentVersion", "ProductName", 0, 1);
RegValueClass newRes(Results, snap.Name()); //results will be placed in this object
//create registry object and run the commands
RegistryClass reg(conn);
if (!reg.Run(cmds, newRes)) {
Console.WriteLine("Could Not Run Registry Commands On " + snap.Name() + " Operating System: " +
SnapshotClass::OperatingSystems::DisplayText(snap.OperatingSystem()));
}
else
newRes.SetName(snap.Name());
}
/*
Creates a bookmark folder and copy the values of the registry keys within that folder
*/
void Output(CaseClass c) {
BookmarkClass folder(c.BookmarkRoot(), StatusBarName, NodeClass::FOLDER);
BookmarkDataClass newData(folder);
newData.SetRoot(Results);
newData.SetComment("Registry Query Results");
}
/**
Display dialogs
**/
int ShowDiag() {
RoleRoot = Safe.RoleRoot();
DialogClass diag();
new NetTextDialogClass(diag, this);
return diag.Wizard();
}
/**
Code that gets connection and snapshot
**/
void ReadNetwork(BatchClass batch, SnapshotClass root) {
String message,
name;
DateClass d();
do {
ConnectionClass conn;
SnapshotClass ss(null);
message = "";
BatchClass::ConnectionTypes reply = batch.GetConnection(conn, ss, name, message, 0);
if (reply == BatchClass::BATCHCONNECT) { //successfully connected to remote node
Process(conn, ss);
SystemClass::StatusInc(1);
root.Insert(ss);
}
else if (reply == BatchClass::BATCHERROR) { //could not connect to remote node. ss object will have the state of the node
d.Now();
Console.WriteLine("Could Not Connect To " + name + " SAFE Error Message: " + message);
SystemClass::StatusInc(1);
root.Insert(ss);
}
else if (reply == BatchClass::BATCHWAIT)
SystemClass::Sleep(100);
else if (reply == BatchClass::BATCHFATAL) {
String err = SystemClass::LastError();
Console.WriteLine("The SAFE is not responding: " + err + ". This Enscript will terminate.");
return;
}
} while (reply != BatchClass::BATCHDONE);
}
/** Code that creates a batchclass
**/
void Sweep() {
DateClass now;
SnapshotClass newSnaps = new SnapshotClass(null, "Snapshot");
BatchClass batch(Safe, Role, NumConnections, ConnectionClass::SNAPALL);
if (batch.Add(SweepNet)) {
batch.SetMode(ConnectionClass::Options::Convert(ConnectOptions), ClientReturnAddress);
if (batch.Start()) {
uint machines = batch.TotalMachines();
Console.WriteLine("Scanning " + machines + " nodes using " + batch.ConnectionsUsed() + " connection(s)");
SystemClass::StatusRange(StatusBarName, machines);
uint start;
now.Now();
start = now.GetUnix();
ReadNetwork(batch, newSnaps);
now.Now();
Console.WriteLine("Scan completed in " + (now.GetUnix() - start) + " seconds");
}
else {
SystemClass::Message(0, "BatchClass error", SystemClass::LastError());
}
}
else {
SystemClass::Message(0, "BatchClass Error", "Unable to add any IPs to the sweep");
}
}
/**
Turn a string of text into networkclass objects
**/
bool ParseText(String t) {
SweepNet.Close();
bool ret = false;
while (t) {
ret = true;
int end = t.Find("\n");
String line = end < 0 ? t : t.SubString(0, end);
int dash = line.Find("-");
if (dash ≥ 0) {
IPClass ip1(ExtractIP(line.SubString(0, dash))),
ip2(ExtractIP(line.SubString(dash+1, -1)));
if (ip1 && ip2) {
NetworkClass n(SweepNet, "IP Range", NodeClass::SELECTED);
n.SetStart(ip1);
n.SetStop(ip2);
}
else
NetworkClass n(SweepNet, line, NodeClass::SELECTED);
}
else if (line != "") {
NetworkClass n(SweepNet, line, NodeClass::SELECTED);
}
if (end ≥ 0)
t.Delete(0, end+1);
else
break;
}
return ret;
}
/**
Check for IPs in nettext
**/
String ExtractIP(const String &s) {
String ret = s;
ret.Trim("", String::TRIMSTART | String::TRIMEND);
return ret.IsValidIPAddress() ? ret : "";
}
}
/**
Dialog to choose a role and enter nodes to sweep
**/
class NetTextDialogClass: DialogClass {
MainClass Data;
StaticTextClass SafeTextEdit;
TreeEditClass Tree;
StaticTextClass Help;
StringEditClass NetTextEdit;
NetTextDialogClass(DialogClass diag, MainClass d) :
DialogClass(diag, d.StatusBarName + " Options"),
Data = d,
SafeTextEdit(this, "", START, 15, 200, 100, 0),
Tree(this, "Choose The Role You Want To Assume", NEXT, START, 200, 100, 0, d.RoleRoot, 0),
Help(this, "Enter IP addresses or machine names on separate\n""lines. Enter ranges on separate lines and delimit\n""the start and stop address with a dash (\"-\").\n\n""Example:\n\n""\tlocalhost\n""\t192.168.5.5\n""\t192.168.0.16-192.168.0.64\n""\t192.168.1.1-192.168.3.255\n""\tfd00:0:1000:20:0:0:0:100\n",
START, NEXT, 200, 100, REQUIRED),
NetTextEdit(this, "", NEXT, SAME, 200, 100, AUTOVSCROLL | MULTILINE | WANTRETURN, d.NetText, 9999, 0)
{
}
virtual void Setup() {
DialogClass::Setup();
SafeTextEdit.SetText("SAFE:\t\t\t\t" + Data.Safe.Name() +"\nUser:\t\t\t\t" + Data.Safe.UserName() +"\n\nTotal Connections:\t\t" + Data.Safe.TotalConnections() +"\nActive Connections:\t\t" + Data.Safe.ActiveConnections() +"\nConnections To Use:\t\t" + Data.NumConnections +"\n\nRemediation Allowed:\t\t" + (Data.Safe.RemediationAllowed() ? "Yes" : "No") +"\nSnapshot Allowed:\t\t" + (Data.Safe.SnapshotAllowed() ? "Yes" : "No") +"\n\nSAFE Version:\t\t\t" + Data.Safe.Version()
);
}
virtual void CheckControls() {
DialogClass::CheckControls();
EnableClose(Tree.GetValue().Parent());
}
virtual bool CanClose() {
Output();
bool ret = false;
if (DialogClass::CanClose()) {
Data.Role = RoleClass::TypeCast(Tree.GetValue());
ret = Data.ParseText(Data.NetText);
if (!ret)
ErrorMessage("Please Enter a value in the IP List Text Area.");
}
return ret;
}
}/
↧