using System.Diagnostics; using System.Reflection; using System.Runtime.InteropServices; using System.Security.Principal; namespace AiQ_GUI { internal class Windows { private static readonly string[] targetProcesses = ["IP_Tool", "Rapier", "IPConfig", "BackdoorGUI"]; // Closes other MAV and Rudstone tools. public static async Task CloseProcesses() { IEnumerable tasks = Process.GetProcesses() .Where(p => targetProcesses.Any(tp => p.ProcessName.Contains(tp))) .Select(clsProcess => { using (clsProcess) { try { clsProcess.CloseMainWindow(); } catch { } } return Task.CompletedTask; }); await Task.WhenAll(tasks).ConfigureAwait(false); // Run all tasks concurrently } public static void StartAsAdmin(string ExeLoc) { Logging.LogMessage($"Starting exe from {ExeLoc}"); ProcessStartInfo processInfo = new ProcessStartInfo(ExeLoc) { UseShellExecute = true, Verb = "runas" }; try { Process.Start(processInfo); Properties.Settings.Default.FirstRun = false; Properties.Settings.Default.Save(); Application.Exit(); // Exit now that we have admin rights version } catch (Exception ex) { Logging.LogErrorMessage("Failed to restart with admin rights. " + ex.Message); MessageBox.Show("Sorry, but I don't seem to be able to start this program with administrator rights!"); } } public static void UpdateFirewall() { WindowsPrincipal wp = new(WindowsIdentity.GetCurrent()); bool runAsAdmin = wp.IsInRole(WindowsBuiltInRole.Administrator); string ExeLoc = Assembly.GetEntryAssembly().Location.Replace("dll", "exe"); // Sometimes trys to open the dll instead of exe if (Properties.Settings.Default.FirstRun && !runAsAdmin) // On first run, put into admin mode to allow defender. { StartAsAdmin(ExeLoc); } else if (runAsAdmin) { try { // Use dynamic for COM interop Type ruleType = Type.GetTypeFromProgID("HNetCfg.FWRule"); Type policyType = Type.GetTypeFromProgID("HNetCfg.FwPolicy2"); dynamic firewallRule = Activator.CreateInstance(ruleType); dynamic firewallPolicy = Activator.CreateInstance(policyType); firewallRule.ApplicationName = ExeLoc; firewallRule.Action = 1; // NET_FW_ACTION_ALLOW firewallRule.Description = "Programmatically added rule to allow the GUI to work"; firewallRule.Enabled = true; firewallRule.InterfaceTypes = "All"; firewallRule.Name = "AiQ_GUI"; firewallRule.Protocol = 17; // UDP firewallPolicy.Rules.Add(firewallRule); Properties.Settings.Default.FirstRun = false; Properties.Settings.Default.Save(); } catch (Exception ex) { Logging.LogErrorMessage("Failed to install firewall. " + ex.Message); MessageBox.Show("Sorry, but I couldn't install the firewall rule!"); } } } } [ComImport, Guid("AF230D27-BABA-4E42-ACED-F524F22CFCE2")] public interface INetFwRule { string Name { get; set; } string Description { get; set; } string ApplicationName { get; set; } string ServiceName { get; set; } int Protocol { get; set; } string LocalPorts { get; set; } string RemotePorts { get; set; } string LocalAddresses { get; set; } string RemoteAddresses { get; set; } string IcmpTypesAndCodes { get; set; } int Direction { get; set; } object Interfaces { get; set; } string InterfaceTypes { get; set; } bool Enabled { get; set; } string Grouping { get; set; } int Profiles { get; set; } bool EdgeTraversal { get; set; } int Action { get; set; } } [ComImport, Guid("98325047-C671-4174-8D81-DEFCD3F03186")] public interface INetFwPolicy2 { int CurrentProfileTypes { get; } void get_FirewallEnabled(int profileType, out bool enabled); void put_FirewallEnabled(int profileType, bool enabled); void get_ExcludedInterfaces(int profileType, out object interfaces); void put_ExcludedInterfaces(int profileType, object interfaces); int BlockAllInboundTraffic { get; set; } int NotificationsDisabled { get; set; } int UnicastResponsesToMulticastBroadcastDisabled { get; set; } object Rules { get; } object ServiceRestriction { get; } // ...other members omitted for brevity } }