Add block count

sbidy · Nov 18, 2016 · f67e565 · f67e565
1 parent 09ccfd7
commit f67e565
Show file tree

Hide file tree

Showing 12 changed files with 198 additions and 86 deletions.
diff --git a/PoMs/App.config b/PoMs/App.config
@@ -1,6 +1,6 @@
-<?xml version="1.0" encoding="utf-8" ?>
+<?xml version="1.0" encoding="utf-8"?>
 <configuration>
     <startup> 
-        <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" />
-    </startup>
-</configuration>
+
+    <supportedRuntime version="v2.0.50727" sku="Client"/></startup>
+</configuration>
diff --git a/PoMs/Jommans-Mushroom-Search.ico b/PoMs/Jommans-Mushroom-Search.ico
diff --git a/PoMs/MainWindow.Designer.cs b/PoMs/MainWindow.Designer.cs
diff --git a/PoMs/MainWindow.cs b/PoMs/MainWindow.cs
@@ -40,6 +40,7 @@ public partial class MainWindow : Form
         private int SLEEPTIME = 2000;
         private int trashold = 5;
         private List<int> suspendetPS = new List<int>(100);
+        private int blockcount = 0;
 
         public MainWindow()
         {
@@ -78,8 +79,8 @@ private void psscanner_DoWork(object sender, DoWorkEventArgs e)
                 }
                 else
                 {
-                    PSEventEntry entry = monitor.getPSEvent();
-                    if (start < start.AddDays(1))
+                    PSEventEntry entry = monitor.checkSystem();
+                    if (start < start.AddDays(1) && entry != null)
                     {
                         if (entry.malware)
                         {
@@ -121,6 +122,7 @@ private void porcessManager(int pid)
                 {
                     controller.SuspendProcess(pid);
                     suspendetPS.Add(pid);
+                    blockcount++;
                 }
             }
             catch (ArgumentException ex)
@@ -149,13 +151,20 @@ private void releaseProcessButton_Click(object sender, EventArgs e)
                     if (!Process.GetProcessById(pid).HasExited)
                     {
                         controller.ResumeProcess(pid);
+                        blockcount--;
                     }
+
                 }
                 catch (ArgumentException ex)
                 {
                     // do nothing - process already closed
                 }
             }
         }
+
+        private void notifyIcon_Click(object sender, EventArgs e)
+        {
+            blockcountMenu.Text = "Blocked tasks: " + blockcount;
+        }
     }
 }
diff --git a/PoMs/MainWindow.resx b/PoMs/MainWindow.resx
@@ -112,18 +112,18 @@
     <value>2.0</value>
   </resheader>
   <resheader name="reader">
-    <value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
+    <value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
   </resheader>
   <resheader name="writer">
-    <value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
+    <value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
   </resheader>
-  <metadata name="notifyIcon.TrayLocation" type="System.Drawing.Point, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a">
+  <metadata name="notifyIcon.TrayLocation" type="System.Drawing.Point, System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a">
     <value>17, 17</value>
   </metadata>
-  <metadata name="contextMenu.TrayLocation" type="System.Drawing.Point, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a">
+  <metadata name="contextMenu.TrayLocation" type="System.Drawing.Point, System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a">
     <value>130, 17</value>
   </metadata>
-  <assembly alias="System.Drawing" name="System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
+  <assembly alias="System.Drawing" name="System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
   <data name="notifyIcon.Icon" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
     <value>
         AAABAAkAAAAAAAEAIABhtAAAlgAAAICAAAABACAAKAgBAPe0AABgYAAAAQAgAKiUAAAfvQEASEgAAAEA
@@ -3596,7 +3596,7 @@
         AAAAgAAAAAAAAAAAAAAAAAEAABADAAD4BwAA/g8AAP//AAA=
 </value>
   </data>
-  <metadata name="psscanner.TrayLocation" type="System.Drawing.Point, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a">
+  <metadata name="psscanner.TrayLocation" type="System.Drawing.Point, System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a">
     <value>285, 17</value>
   </metadata>
 </root>
diff --git a/PoMs/PoMs.csproj b/PoMs/PoMs.csproj
@@ -9,8 +9,25 @@
     <AppDesignerFolder>Properties</AppDesignerFolder>
     <RootNamespace>PoMs</RootNamespace>
     <AssemblyName>PoMs</AssemblyName>
-    <TargetFrameworkVersion>v4.5</TargetFrameworkVersion>
+    <TargetFrameworkVersion>v3.5</TargetFrameworkVersion>
     <FileAlignment>512</FileAlignment>
+    <IsWebBootstrapper>false</IsWebBootstrapper>
+    <PublishUrl>C:\Users\TraubS\Desktop\PoMs\</PublishUrl>
+    <Install>true</Install>
+    <InstallFrom>Disk</InstallFrom>
+    <UpdateEnabled>false</UpdateEnabled>
+    <UpdateMode>Foreground</UpdateMode>
+    <UpdateInterval>7</UpdateInterval>
+    <UpdateIntervalUnits>Days</UpdateIntervalUnits>
+    <UpdatePeriodically>false</UpdatePeriodically>
+    <UpdateRequired>false</UpdateRequired>
+    <MapFileExtensions>true</MapFileExtensions>
+    <ApplicationRevision>1</ApplicationRevision>
+    <ApplicationVersion>1.0.0.%2a</ApplicationVersion>
+    <UseApplicationTrust>false</UseApplicationTrust>
+    <PublishWizardCompleted>true</PublishWizardCompleted>
+    <BootstrapperEnabled>true</BootstrapperEnabled>
+    <TargetFrameworkProfile>Client</TargetFrameworkProfile>
   </PropertyGroup>
   <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
     <PlatformTarget>AnyCPU</PlatformTarget>
@@ -31,6 +48,21 @@
     <ErrorReport>prompt</ErrorReport>
     <WarningLevel>4</WarningLevel>
   </PropertyGroup>
+  <PropertyGroup>
+    <ManifestCertificateThumbprint>60AFE4355BA2B462CA868C28A2C69F2B476E98B4</ManifestCertificateThumbprint>
+  </PropertyGroup>
+  <PropertyGroup>
+    <ManifestKeyFile>PoMs_TemporaryKey.pfx</ManifestKeyFile>
+  </PropertyGroup>
+  <PropertyGroup>
+    <GenerateManifests>true</GenerateManifests>
+  </PropertyGroup>
+  <PropertyGroup>
+    <SignManifests>true</SignManifests>
+  </PropertyGroup>
+  <PropertyGroup>
+    <ApplicationIcon>Jommans-Mushroom-Search.ico</ApplicationIcon>
+  </PropertyGroup>
   <ItemGroup>
     <Reference Include="System" />
     <Reference Include="System.Core" />
@@ -67,7 +99,9 @@
     <Compile Include="Properties\Resources.Designer.cs">
       <AutoGen>True</AutoGen>
       <DependentUpon>Resources.resx</DependentUpon>
+      <DesignTime>True</DesignTime>
     </Compile>
+    <None Include="PoMs_TemporaryKey.pfx" />
     <None Include="Properties\Settings.settings">
       <Generator>SettingsSingleFileGenerator</Generator>
       <LastGenOutput>Settings.Designer.cs</LastGenOutput>
@@ -84,6 +118,19 @@
   <ItemGroup>
     <Content Include="img\Search-icon - Copy.png" />
     <Content Include="img\Search-icon.png" />
+    <Content Include="Jommans-Mushroom-Search.ico" />
+  </ItemGroup>
+  <ItemGroup>
+    <BootstrapperPackage Include=".NETFramework,Version=v4.5">
+      <Visible>False</Visible>
+      <ProductName>Microsoft .NET Framework 4.5 %28x86 and x64%29</ProductName>
+      <Install>true</Install>
+    </BootstrapperPackage>
+    <BootstrapperPackage Include="Microsoft.Net.Framework.3.5.SP1">
+      <Visible>False</Visible>
+      <ProductName>.NET Framework 3.5 SP1</ProductName>
+      <Install>false</Install>
+    </BootstrapperPackage>
   </ItemGroup>
   <Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
   <!-- To modify your build process, add your task inside one of the targets below and uncomment it. 

diff --git a/PoMs/PowerMon.cs b/PoMs/PowerMon.cs
@@ -1,6 +1,7 @@
 using System;
 using System.Diagnostics.Eventing.Reader;
 using System.Security.Principal;
+using System.Diagnostics;
 
 namespace PoMs
 {
@@ -11,20 +12,16 @@ class PowerMon
         /// Read the value from threshold
         /// </summary>
         DateTime run = DateTime.Now;
-        PSEventEntry entry = new PSEventEntry();
         int timespan = 2500;
-
+        PSEventEntry entry = new PSEventEntry();
         /// <summary>
         /// Pulls out the PowerShell events from the event log
         /// </summary>
         /// <returns>PSEventEntry object with the latest event properties</returns>
-        public PSEventEntry getPSEvent()
+        private PSEventEntry getPSEvent()
         {
             // event id 40962 and 4104
 
-            entry.malware = false;
-            entry.opencommand = false;
-
             string logType = "Microsoft-Windows-PowerShell/Operational";
             string query = $"*[System[(EventID='4104' or EventID='40962') and TimeCreated[timediff(@SystemTime) <= {timespan}]]]";
 
@@ -53,5 +50,66 @@ public PSEventEntry getPSEvent()
             }
             return entry;
         }
+        private int getPSProcess()
+        {
+            // get all processes on the local machine
+
+            Process[] localPS = Process.GetProcessesByName("Windows PowerShell");
+
+            if (localPS.Length < 0)
+            {
+                for (int i=0; i<localPS.Length; i++)
+                {
+                    return localPS[i].Id;
+                }
+            }
+            return 0;
+        }
+        private int getISEProcess()
+        {
+            Process[] localAll = Process.GetProcesses();
+
+            Process[] localISE = Process.GetProcessesByName("Windows PowerShell ISE");
+
+            if (localISE.Length < 0)
+            {
+                for (int i = 0; i < localISE.Length; i++)
+                { 
+                    return localISE[i].Id;
+                }
+            }
+            return 0;
+        }
+
+        public PSEventEntry checkSystem ()
+        {
+            entry.malware = false;
+            entry.opencommand = false;
+            int processID = getISEProcess();
+            // check if a PowerShell process ISE is running
+            if (getISEProcess() > 0)
+            {
+                entry.processID = processID;
+                entry.runcount = entry.runcount + 1;
+                entry.opencommand = true;
+                return entry;
+            }
+            // check if a PowerShell process is running
+            processID = getPSProcess();
+            if (getISEProcess() > 0)
+            {
+                entry.processID = processID;
+                entry.runcount = entry.runcount + 1;
+                entry.opencommand = true;
+                return entry;
+            }
+            // if no process found -- check the eventlog
+            PSEventEntry event_tmp = getPSEvent();
+            if(event_tmp.processID != 0)
+            {
+                return event_tmp;
+            }
+            return event_tmp;
+        }
     }
 }
diff --git a/PoMs/Program.cs b/PoMs/Program.cs
@@ -1,7 +1,4 @@
 using System;
-using System.Collections.Generic;
-using System.Linq;
-using System.Threading.Tasks;
 using System.Windows.Forms;
 
 namespace PoMs