Skip to content

Commit

Permalink
Merge branch 'dev'
Browse files Browse the repository at this point in the history
  • Loading branch information
fabienfl committed Sep 28, 2020
2 parents a1c104c + 87efb05 commit a6946c6
Show file tree
Hide file tree
Showing 8 changed files with 201 additions and 95 deletions.
6 changes: 6 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
# ChangeLog

## v10.0.15
- FIX: archive were skipped when BITS server was unavailable
- FIX: two possible csv corruptions
- FEATURE: New 'Location' configuration keyword: '{UserProfiles}' (get profiles directories from HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/ProfileList)
13 changes: 0 additions & 13 deletions src/Orc/Orc.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -128,19 +128,6 @@ int wmain(int argc, const WCHAR* argv[])
std::wcerr << "Press any key to continue..." << std::endl;
_getch();
}
else
{
#ifdef _DEBUG
if (!UtilitiesMain::IsProcessParent(L"cmd.exe", pLog)
&& !UtilitiesMain::IsProcessParent(L"WindowsTerminal.exe", pLog)
&& !UtilitiesMain::IsProcessParent(L"pwsh.exe", pLog)
&& !UtilitiesMain::IsProcessParent(L"VsDebugConsole.exe", pLog))
{
std::wcerr << "Press any key to continue..." << std::endl;
_getch();
}
#endif
}

return hr;
}
Expand Down
88 changes: 38 additions & 50 deletions src/OrcCommand/WolfLauncher_Run.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -252,7 +252,6 @@ HRESULT Orc::Command::Wolf::Main::CreateAndUploadOutline()
}
writer->EndCollection(L"archives");


SystemIdentity::Write(writer);
}
writer->EndElement(L"dfir-orc");
Expand Down Expand Up @@ -596,75 +595,64 @@ HRESULT Main::Run_Execute()
continue;
}
}
else
}

if (SUCCEEDED(hr = VerifyFileExists(exec->GetOutputFullPath().c_str())))
{
WIN32_FILE_ATTRIBUTE_DATA data;
ZeroMemory(&data, sizeof(WIN32_FILE_ATTRIBUTE_DATA));

if (!GetFileAttributesEx(exec->GetOutputFullPath().c_str(), GetFileExInfoStandard, &data))
{
log::Warning(
_L_,
hr = HRESULT_FROM_WIN32(GetLastError()),
L"Failed to obtain file attributes of %s\r\n",
exec->GetOutputFullPath().c_str());
log::Info(
_L_,
L"\r\n\tExecuting \"%s\"%s%s\r\n\r\n",
L"\r\n\tSkipping \"%s\" (file %s already exists)%s%s\r\n\r\n",
exec->GetKeyword().c_str(),
exec->GetOutputFullPath().c_str(),
bDebug ? L" (debug=on)" : L"",
strRecipients.c_str());
break;
continue;
}
}
else
{
if (SUCCEEDED(hr = VerifyFileExists(exec->GetOutputFullPath().c_str())))
else
{
WIN32_FILE_ATTRIBUTE_DATA data;
ZeroMemory(&data, sizeof(WIN32_FILE_ATTRIBUTE_DATA));

if (!GetFileAttributesEx(exec->GetOutputFullPath().c_str(), GetFileExInfoStandard, &data))
if (data.nFileSizeHigh == 0L && data.nFileSizeLow == 0L)
{
log::Warning(
_L_,
hr = HRESULT_FROM_WIN32(GetLastError()),
L"Failed to obtain file attributes of %s\r\n",
exec->GetOutputFullPath().c_str());
log::Info(
_L_,
L"\r\n\tSkipping \"%s\" (file %s already exists)%s%s\r\n\r\n",
L"\r\n\tExecuting \"%s\" (overwriting previous _empty_ file)%s%s\r\n\r\n",
exec->GetKeyword().c_str(),
exec->GetOutputFullPath().c_str(),
bDebug ? L" (debug=on)" : L"",
strRecipients.c_str());
continue;
break;
}
else
{
if (data.nFileSizeHigh == 0L && data.nFileSizeLow == 0L)
{
log::Info(
_L_,
L"\r\n\tExecuting \"%s\" (overwriting previous _empty_ file)%s%s\r\n\r\n",
exec->GetKeyword().c_str(),
bDebug ? L" (debug=on)" : L"",
strRecipients.c_str());
break;
}
else
{
log::Info(
_L_,
L"\r\n\tSkipping \"%s\" (file %s already created and not empty)%s%s\r\n\r\n",
exec->GetKeyword().c_str(),
exec->GetOutputFullPath().c_str(),
bDebug ? L" (debug=on)" : L"",
strRecipients.c_str());
continue;
}
log::Info(
_L_,
L"\r\n\tSkipping \"%s\" (file %s already created and not empty)%s%s\r\n\r\n",
exec->GetKeyword().c_str(),
exec->GetOutputFullPath().c_str(),
bDebug ? L" (debug=on)" : L"",
strRecipients.c_str());
continue;
}
}
else
{
log::Info(
_L_,
L"\r\n\tExecuting \"%s\"%s%s\r\n\r\n",
exec->GetKeyword().c_str(),
bDebug ? L" (debug=on)" : L"",
strRecipients.c_str());
}
}
else
{
log::Info(
_L_,
L"\r\n\tExecuting \"%s\"%s%s\r\n\r\n",
exec->GetKeyword().c_str(),
bDebug ? L" (debug=on)" : L"",
strRecipients.c_str());
}

break;
}

Expand Down
29 changes: 15 additions & 14 deletions src/OrcLib/BITSAgent.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -443,7 +443,7 @@ HRESULT BITSAgent::CheckFileUploadOverHttp(const std::wstring& strRemoteName, PD
if (hSession == NULL)
{
log::Error(_L_, hr = HRESULT_FROM_WIN32(GetLastError()), L"Failed to open %s\r\n", m_config.ServerName.c_str());
return S_OK;
return hr;
}
BOOST_SCOPE_EXIT((&hSession)) { WinHttpCloseHandle(hSession); }
BOOST_SCOPE_EXIT_END;
Expand All @@ -454,7 +454,7 @@ HRESULT BITSAgent::CheckFileUploadOverHttp(const std::wstring& strRemoteName, PD
{
log::Error(
_L_, hr = HRESULT_FROM_WIN32(GetLastError()), L"Failed to connect to %s\r\n", m_config.ServerName.c_str());
return S_OK;
return hr;
}
BOOST_SCOPE_EXIT((&hConnect)) { WinHttpCloseHandle(hConnect); }
BOOST_SCOPE_EXIT_END;
Expand All @@ -476,7 +476,7 @@ HRESULT BITSAgent::CheckFileUploadOverHttp(const std::wstring& strRemoteName, PD
L"Failed to open request to %s/%s\r\n",
m_config.ServerName.c_str(),
strRemotePath.c_str());
return S_OK;
return hr;
}
BOOST_SCOPE_EXIT((&hRequest)) { WinHttpCloseHandle(hRequest); }
BOOST_SCOPE_EXIT_END;
Expand All @@ -490,7 +490,7 @@ HRESULT BITSAgent::CheckFileUploadOverHttp(const std::wstring& strRemoteName, PD
L"Failed to send status request for %s/%s\r\n",
m_config.ServerName.c_str(),
strRemotePath.c_str());
return S_OK;
return hr;
}

// Place additional code here.
Expand All @@ -502,7 +502,7 @@ HRESULT BITSAgent::CheckFileUploadOverHttp(const std::wstring& strRemoteName, PD
L"Failed to receive response to %s/%s\r\n",
m_config.ServerName.c_str(),
strRemotePath.c_str());
return S_OK;
return hr;
}

DWORD dwStatusCode = 0L;
Expand All @@ -521,7 +521,7 @@ HRESULT BITSAgent::CheckFileUploadOverHttp(const std::wstring& strRemoteName, PD
L"Failed to query status code %s/%s\r\n",
m_config.ServerName.c_str(),
strRemotePath.c_str());
return S_OK;
return hr;
}

if (dwStatusCode == 401)
Expand All @@ -538,7 +538,7 @@ HRESULT BITSAgent::CheckFileUploadOverHttp(const std::wstring& strRemoteName, PD
L"Failed to query status code %s/%s\r\n",
m_config.ServerName.c_str(),
strRemotePath.c_str());
return S_OK;
return hr;
}

DWORD dwSelectedScheme = 0L;
Expand All @@ -554,7 +554,7 @@ HRESULT BITSAgent::CheckFileUploadOverHttp(const std::wstring& strRemoteName, PD
L"No supported authentication scheme available %s/%s\r\n",
m_config.ServerName.c_str(),
strRemotePath.c_str());
return S_OK;
return hr;
}

if (!WinHttpSetCredentials(
Expand All @@ -566,7 +566,7 @@ HRESULT BITSAgent::CheckFileUploadOverHttp(const std::wstring& strRemoteName, PD
L"Failed to authenticate to %s/%s\r\n",
m_config.ServerName.c_str(),
strRemotePath.c_str());
return S_OK;
return hr;
}

// Send a Request.
Expand All @@ -578,7 +578,7 @@ HRESULT BITSAgent::CheckFileUploadOverHttp(const std::wstring& strRemoteName, PD
L"Failed to send status request for %s/%s\r\n",
m_config.ServerName.c_str(),
strRemotePath.c_str());
return S_OK;
return hr;
}

// Place additional code here.
Expand All @@ -590,7 +590,7 @@ HRESULT BITSAgent::CheckFileUploadOverHttp(const std::wstring& strRemoteName, PD
L"Failed to receive response to %s/%s\r\n",
m_config.ServerName.c_str(),
strRemotePath.c_str());
return S_OK;
return hr;
}

if (!WinHttpQueryHeaders(
Expand All @@ -607,7 +607,7 @@ HRESULT BITSAgent::CheckFileUploadOverHttp(const std::wstring& strRemoteName, PD
L"Failed to query status code %s/%s\r\n",
m_config.ServerName.c_str(),
strRemotePath.c_str());
return S_OK;
return hr;
}
}

Expand All @@ -630,7 +630,7 @@ HRESULT BITSAgent::CheckFileUploadOverHttp(const std::wstring& strRemoteName, PD
L"Failed to query content length %s/%s\r\n",
m_config.ServerName.c_str(),
strRemotePath.c_str());
return S_OK;
return hr;
}
}
}
Expand Down Expand Up @@ -658,7 +658,8 @@ HRESULT BITSAgent::CheckFileUploadOverSMB(const std::wstring& strRemoteName, PDW
{
if (GetLastError() == ERROR_FILE_NOT_FOUND)
return S_FALSE;
*pdwFileSize = MAXDWORD;

return HRESULT_FROM_WIN32(GetLastError());
}
else
{
Expand Down
2 changes: 1 addition & 1 deletion src/OrcLib/Buffer.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -302,7 +302,7 @@ class Buffer
bool is_inner() const { return std::holds_alternative<InnerStore>(m_store); }
bool is_view() const { return std::holds_alternative<ViewStore>(m_store); }

bool full() const { return capacity() > size(); }
bool full() const { return capacity() == size(); }

bool empty() const { return std::holds_alternative<EmptyStore>(m_store); }
void set(_In_reads_(Elts) _T* Ptr, _In_ ULONG Elts, _In_ ULONG Used)
Expand Down
85 changes: 70 additions & 15 deletions src/OrcLib/CsvFileWriter.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -318,20 +318,6 @@ class ORCLIB_API Writer
{
fmt::format_to(std::back_inserter(buffer), strFormat, args...);
}

if (!buffer.is_view())
{
// if buffer is no longer a non owning view on the reserved data, we need to flush
if (auto hr = Flush(); FAILED(hr))
return hr;

buffer_type new_buffer;
new_buffer.view_of(m_pCurrent, (m_dwBufferSize - m_dwCount) / sizeof(char_type));
new_buffer.append(buffer);
std::swap(buffer, new_buffer);
}
m_dwCount += buffer.size() * sizeof(char_type);
m_pCurrent += buffer.size();
}
catch (const fmt::format_error& error)
{
Expand All @@ -345,7 +331,76 @@ class ORCLIB_API Writer
log::Error(_L_, HRESULT_FROM_WIN32(system_error.error_code()), L"fmt::system_error: %s\r\n", errorMsg);
return HRESULT_FROM_WIN32(system_error.error_code());
}
return S_OK;

if (buffer.is_view())
{
if (buffer.full())
{
// Flush the buffer as it is full, size must be updated to include last formatted data
m_dwCount += buffer.size() * sizeof(char_type);
if (auto hr = Flush(); FAILED(hr))
{
return hr;
}

return S_OK;
}

m_dwCount += buffer.size() * sizeof(char_type);
m_pCurrent += buffer.size();
return S_OK;
}
else
{
// Flush cache buffer 'm_pBuffer' first then process the one allocated for formatting
if (auto hr = Flush(); FAILED(hr))
{
return hr;
}

if (buffer.size() < m_dwBufferSize)
{
// Push previously formatted data into the buffer as it was not handled by 'Flush'
buffer_type new_buffer;
new_buffer.view_of(m_pBuffer, m_dwBufferSize);
new_buffer.append(buffer);

m_dwCount += new_buffer.size() * sizeof(char_type);
m_pCurrent += new_buffer.size();

return S_OK;
}
else
{
//
// Flush all as it will not be possible to hold everything at once in 'm_pBuffer'.
//
// With a buffer of 1MB it is really unusual to have bigger cell but it can happen. For example
// 'mrt.exe' has a SecurityDirectory of 4MB.
//
const auto internalBufferCch = m_dwBufferSize / sizeof(wchar_t);
const auto chunkCount = buffer.size() / internalBufferCch;

for (size_t i = 0; i <= chunkCount; i++)
{
const size_t chunkSizeCch =
(i != chunkCount) ? internalBufferCch : buffer.size() % internalBufferCch;

std::wstring_view chunk(buffer.get() + i * internalBufferCch, chunkSizeCch);
std::copy(std::cbegin(chunk), std::cend(chunk), m_pBuffer);
m_dwCount = chunkSizeCch * sizeof(wchar_t);

if (auto hr = Flush(); FAILED(hr))
{
return hr;
}
}

return S_OK;
}
}

return E_FAIL;
}

template <typename... Args>
Expand Down
Loading

0 comments on commit a6946c6

Please sign in to comment.