avivshabtay / stresser Goto Github PK

Problem: If the main thread finish it's work but the application doesn't close yet (because other thread still running) it is possible to press CTRL+C and the "installed" handler keep on handling the interrupt.

It's better to remove the CTRL handler when the main thread as finish it's work.

This class will hold the configuration for the StresserApplication such as:

• Timeout values
• Event names
• Local files paths
• etc

If FakeFile project:

WinMain used for GUI application, where wmain used for console application.

Corresponding to ProcessArtifact:

1. Check if the process still exists (by it's PID) after signaling policy-changed event, then try to close it.
2. Accept number of tries & sleep amount - try to do the action, then wait and repeat until the action is preformed or you have reached the number of tries.

EtwManager register OnEventRecord callback function for all the exists EtwEventType.
We should change to logic, so this function will trigger other object which will handle specific event by the event type.
Possible solution whould be like:

class EtwManager
{
public:
	// ....
	
private:
	// Key = EventType
	std::map<EventType, IEtwEventHandler*> m_handlers;
}

EtwManager:registerEventHandler(IEtwEventHandler handler, EventType type)
{
	// Check if the handler already exists, throw....
	
	// Otherwise, add the new handler:
	this->handlers.insert({ type, handler });
}

EtwManager::OnEventRecord(PEVENT_RECORD record)
{
	// extract event type (by opcode)
	// int opcode = .....
	
	switch(opcode)
	{
		case EventType::Registry:
		{
			try
			{
				const IEtwEventHandler* handler = this->handlers.get[EventType::Registry];
				
				// Verify handler, otherwise throw...
				
				handler->onEvent(record);
			}
			catch(// Case key doesn't exsits)
			{
				
			}
		}
		
		case EventType::IoFile: // other bulshit
		{
			
		}
	}
}

You don't need this header here, only in the source file.
Maybe there is problem with you setup (Visual Studio).
Try to remove it and if it isn't solve the problem talk with me.

Originally posted by @AvivShabtay in #20 (comment)

WindowsEvent used for managing Win32 Event Object.
Common use case is to wait on the event object to be signaled.
Use case example from the main function:

Need to add 2 useful methods:

• wait(timeout) - call to WaitForSingleObject with given value
• waitInfintly() - call to previous method with timeout=INFINITE

Visual Studio use absolute paths by default, we preferer using relatives ones.

Useful link:
https://mklimenko.github.io/english/2018/06/23/embed-resources-msvc/

Every entity in our application need to support serialization from Json and to Json for the HTTP operations preformed on the entity data.
Create interface named IJsonConverted (or other meaningful name) and make sure to implement it for all the enitities in the Stresser project (Endpoint, Policy, Rule, Event).
The inerface should contains the method:

template<class Entity>
static Json convertFromEntity(Entity entity);

template<class Entity>
static Entity convertFromJason(Json data);

If the function isn't static, the class specifier is redundant and can be removed.
Fix in this functions:

Create function that return the ip that connected to the internet

Replace:

with: event (without Hungarian notation)

Many logs using DEBUG_PRINT macro to print logs only in Debug mode.

Should write these logs to log file in both cases of release and debug,
with adding more trace data (class/function that print the data, etc).

The logger should:

• Create StresserLogger class / wrapped logger
• Add methods to write log to logfile
• Start in the initialization of the application as Singleton
• Create local file in TEMP directory
• Support logging in Stresser