|
I am trying to write my own System Policy Auditing application for a variety of reasons. At present, I am trying to detect how a system audit logs are configured on a given system. I chose VB.Net because it is what I am most comfortable with. I have tried to do this with RSOP, WMI, ADSI, et al. and the LSA function calls are the only thing that will allow for what I am trying to do.
I am new to Marshaling and copying memory. Below is my code. The problem comes out when I call the LsaQueryInformationPolicy, I get a False result, on a system that I know is configured to audit.
Thanks for any help you can provide!
Imports System.Text
Imports System.Runtime.InteropServices
Public Class LsaUtils
' Import the LSA functions
Private Shared Function LsaOpenPolicy(ByRef SystemName As LSA_UNICODE_STRING, _
ByRef ObjectAttributes As LSA_OBJECT_ATTRIBUTES, _
ByVal DesiredAccess As Int32, _
ByRef PolicyHandle As IntPtr) As UInt32
End Function
Public Shared Function LsaQueryInformationPolicy(ByRef PolicyHandle As UInt32, _
ByRef PolicyInformationClass As UIntPtr, ByRef Buffer As Int32) As UInt32
End Function
Private Shared Function LsaNtStatusToWinError(ByVal NTStatus As UInt32) As UInt32
End Function
Private Shared Function LsaClose(ByVal ObjectHandle As IntPtr) As Long
End Function
Private Shared Function GetLastError() As Long
End Function
' Define the structures
Private Structure LSA_UNICODE_STRING
Public Length As UInt16
Public MaximumLength As UInt16
Public Buffer As IntPtr
End Structure
Private Structure LSA_OBJECT_ATTRIBUTES
Public Length As Int32
Public RootDirectory As IntPtr
Public ObjectName As LSA_UNICODE_STRING
Public Attributes As UInt32
Public SecurityDescriptor As IntPtr
Public SecurityQualityOfService As IntPtr
End Structure
Private Structure POLICY_AUDIT_EVENTS_INFO
Public AuditingMode As Boolean
Public EventAuditingOptions As POLICY_AUDIT_EVENT_TYPE
Public MaximumAuditEventCount As UInt32
End Structure
' Enum all policies
Private Enum LSA_AccessPolicy As Long
POLICY_VIEW_LOCAL_INFORMATION = &H1L
POLICY_VIEW_AUDIT_INFORMATION = &H2L
POLICY_GET_PRIVATE_INFORMATION = &H4L
POLICY_TRUST_ADMIN = &H8L
POLICY_CREATE_ACCOUNT = &H10L
POLICY_CREATE_SECRET = &H20L
POLICY_CREATE_PRIVILEGE = &H40L
POLICY_SET_DEFAULT_QUOTA_LIMITS = &H80L
POLICY_SET_AUDIT_REQUIREMENTS = &H100L
POLICY_AUDIT_LOG_ADMIN = &H200L
POLICY_SERVER_ADMIN = &H400L
POLICY_LOOKUP_NAMES = &H800L
POLICY_NOTIFICATION = &H1000L
End Enum
Private Enum POLICY_INFORMATION_CLASS As Long
PolicyAuditLogInformation = &H1L
PolicyAuditEventsInformation = &H2L
PolicyPrimaryDomainInformation = &H4L
PolicyPdAccountInformation
PolicyAccountDomainInformation
PolicyLsaServerRoleInformation
PolicyReplicaSourceInformation
PolicyDefaultQuotaInformation
PolicyModificationInformation
PolicyAuditFullSetInformation
PolicyAuditFullQueryInformation
PolicyDnsDomainInformation
End Enum
Private Enum POLICY_AUDIT_EVENT_TYPE As ULong
AuditCategorySystem
AuditCategoryLogon
AuditCategoryObjectAccess
AuditCategoryPrivilegeUse
AuditCategoryDetailedTracking
AuditCategoryPolicyChange
AuditCategoryAccountManagement
AuditCategoryDirectoryServiceAccess
AuditCategoryAccountLogon
End Enum
Public Shared Function OpenHandle(ByVal strSystem As String) As Long
Dim winErrorCode As Long = 0 ' contains the last error
' initialize an empty unicode-string
Dim systemName As LSA_UNICODE_STRING = New LSA_UNICODE_STRING
systemName.Buffer = Marshal.StringToHGlobalUni(strSystem)
' Combine policies required to grant/deny privileges
Dim access As Int32 = CInt(LSA_AccessPolicy.POLICY_VIEW_AUDIT_INFORMATION)
' initialize a pointer for the policy handle
Dim policyHandle As IntPtr = IntPtr.Zero
Dim myBuff As IntPtr = IntPtr.Zero
' these attributes are not used, but LsaOpenPolicy wants them to exists
Dim ObjectAttributes As LSA_OBJECT_ATTRIBUTES = New LSA_OBJECT_ATTRIBUTES
ObjectAttributes.Length = 0
ObjectAttributes.RootDirectory = IntPtr.Zero
ObjectAttributes.Attributes = UInt32.Parse("0")
ObjectAttributes.SecurityDescriptor = IntPtr.Zero
ObjectAttributes.SecurityQualityOfService = IntPtr.Zero
' get a policy handle
Dim resultPolicy As UInt32 = LsaOpenPolicy(systemName, ObjectAttributes, access, policyHandle)
'MessageBox.Show(resultPolicy)
If Not resultPolicy.ToString = "0" Then
MsgBox("OpenPolicy failed: " & resultPolicy.ToString, "ServiceUtils")
Else
resultPolicy = LsaQueryInformationPolicy(policyHandle, POLICY_INFORMATION_CLASS.PolicyAuditEventsInformation, _
myBuff)
Debug.Print("Result = " & LsaNtStatusToWinError(resultPolicy))
If resultPolicy = 0 Then
Dim polInfo As POLICY_AUDIT_EVENTS_INFO
polInfo = Marshal.PtrToStructure(myBuff, GetType(POLICY_AUDIT_EVENTS_INFO))
MsgBox(polInfo.AuditingMode & " " & polInfo.MaximumAuditEventCount)
Dim audPolicy As POLICY_AUDIT_EVENT_TYPE = Marshal.PtrToStringAuto(polInfo.EventAuditingOptions)
Dim audRestartShutdown As String = polInfo.EventAuditingOptions
'Dim audLogonLogoff As String
'Dim audObjectAccess = Test(4)
'Dim audUserRights = Test(6)
'Dim audProcessTrack = Test(8)
'Dim audPolicyChanges = Test(10)
'Dim audUserGroupManagement = Test(12)
'MsgBox(audRestartShutdown.ToString)
'MsgBox(audLogonLogoff)
'MsgBox(audObjectAccess)
'MsgBox(audUserRights)
'MsgBox(audProcessTrack)
'MsgBox(audPolicyChanges)
'MsgBox(audUserGroupManagement)
Else
MsgBox("Don't Know")
End If
End If
Dim Help
Help = LsaClose(policyHandle)
MessageBox.Show("Help " & Help)
Return winErrorCode
End Function
End Class
|
|
|
|
|
Hello,
I'm using an odbc adapter to read from a .csv file. But I'm having trouble updating it.
The update command creates the error:
Dynamic SQL generation for the UpdateCommand is not supported against a SelectCommand that does not return
any key column information.
Here's the code.
Thanks!
Dim da As New Odbc.OdbcDataAdapter("SELECT * FROM datafiles\tickernames.csv ", cn)
Dim ds As New DataSet
da.Fill(ds)
'Set the primary key
Dim pk1(0) As DataColumn
pk1(0) = ds.Tables(0).Columns("ShortName")
ds.Tables(0).PrimaryKey = pk1
'Modify a row
ds.Tables(0).Rows(0).Item(0) = "AAAA"
'Set the default commands and update
Dim cb As New Odbc.OdbcCommandBuilder(da)
da.Update(ds, ds.Tables(0).TableName)
|
|
|
|
|
There's the possibility that the column you've chosen as the primary key has data in it that is duplicated. The column, or columns, MUST contain data that is unique to each and every record in the table, otherwise...
|
|
|
|
|
No, that's not it. If I have duplicated data I can't create the primary key properly because an error is created when I try to.
|
|
|
|
|
hey,
if anyone can help me in this project, i really need someone who can help me in this project
Background Secret ballots are usually conducted with voters entering a cross
beside the candidate of their choice on a ballot paper and posting
their ballot paper in a sealed ballot box. At the end of the ballot the
votes are counted by hand and a winning candidate declared. This
can be time consuming to set up and operate.
Barbara Brown owns a small company that wants to sell a reusable
electronic ballet box. She needs to develop a prototype for a flexible
electronic voting system.
Ballots need be set up so that the winning candidate can be chosen by
one of two possible methods.
1. The winning candidate receives more of the votes cast than
any of the other candidates.
2. The winning candidate receives more than a fixed percentage
of the votes cast e.g. 60%.
You have been asked to write a PROGRAM to set up the ballot,
allow voters to cast their votes and work out the final result.
19.3 Specification 1. You have been asked to write and test a program to simulate the
operation of the electronic ballot box.
Voters can vote only once in any one ballot and are given a unique
number to ensure this.
Voters can choose a single candidate or ‘spoil their ballot paper’ by
choosing none of the above.
There can be between two and five candidates in a ballot.
Up to 5000 voters can vote in any ballot.
The ballot box has three modes of operation:
Setup
Voting
Result
As this is a prototype no password protection is required.
2. Setup:
set the maximum number of voters for the ballot (voters
are all given a unique number from this range, in advance,
manually)
set the number of candidates for this ballot
enter a name and description to be displayed for each
candidate
zero all totals
select the method of choosing the winner.
3. Voting:
each voter enters their unique voter number, the system
must check that this number has not already been used in
this ballot
voters are given three chances to enter their voter number,
if all three attempts fail then the voter is instructed to give
up
if the voter number is accepted then the voter is offered the
list of candidates to choose from including ‘none of the
above’
voters select a single candidate from the list and are asked
to confirm their choice
if the voter rejects their initial choice then the list of
candidates can be offered twice more
on the third time the vote is automatically accepted
one is added to the total for the chosen candidate and one
is added to the total number of votes cast in this ballot
4. Result:
for each candidate the following details are printed
o name
o number of votes cast
o percentage of total votes
o percentage of valid votes (excluding those voting for
none of the above)
the winner is identified and the name printed again with the
word WINNER beside it
OR if there is no winner for method 1 or if the percentage is
less than required for method 2 then INVALID BALLOT is
printed
AQA GCE Specification, 2009 – Computing
klm 45
Testing 5. Candidates will need to design and use test data, including boundary
values, to test the following:
the correct setup of the ballot box including displaying the
candidates to choose from
both methods of choosing a winner
results for three different valid numbers of candidates (2, 5 and
another number in between)
at least one ballot must have over 100 votes
at least one ballot must have no overall winner
Also there must be printouts of results from all the ballots tested.
19.4 Requirements of the Practical
Exercise
Candidates will need to design and implement an appropriate
computing system and provide sufficient documentation to
demonstrate the following practical skills:
Design
Implement/Test.
The task may be undertaken by writing a program in a chosen high
level language.
Candidates are expected to produce brief documentation including
some or all of the following, as appropriate.
Design
Definition of data storage requirements
User interface design for the ballot box
Design for the printout of the results
Algorithm for counting vote totals
Algorithms for selecting the winner
Implementation/Testing
Details of test plan with explanation, and evidence of testing
having been carried out
Hard copy output from the ballots used for testing
Clearly set out and commented program listing
|
|
|
|
|
Well, I would use a database and vb.net.
This is obviously a piece of course work which you should at least attempt yourself, otherwise it's what used to be known as cheating.
Bob
Ashfield Consultants Ltd
|
|
|
|
|
Hi Thanks for your answer, Well it is but i wont get benefit from it, because i have to do the exam in the end and write a project report, this project wont give me a single mark, what i am looking for if someone do it for me and i will redo it again and practice, I have no teacher at the moment and last year i did one but the teacher did not explain anything to us, and he made all the project and we just follow him and spent alot of time on it, and didn't gain anything,If you can do it for me i will be so happy and thankful,i dont mind even you do it fully in Data base,Thanks alot for your kind answer
Naveed
|
|
|
|
|
sweetlover754 wrote: last year i did one but the teacher did not explain anything to us, and he made all the project and we just follow him and spent alot of time on it,
So how is that formula working out for you?? Now you've got a project that you can't do, because everything was already done for you in the past, and you think that having someone else do your project for you will help you learn?? It didn't work before, so why do you think it's magically going to work now??
By the way, we don't do projects for people around here. If you want your code written for you, go hire a guy on RentACoder.com.
|
|
|
|
|
Dave Kreskowiak wrote: we don't do projects for people around here. If you want your code written for you, go hire a guy on RentACoder.com.
Ditto that.
"The clue train passed his station without stopping." - John Simmons / outlaw programmer
"Real programmers just throw a bunch of 1s and 0s at the computer to see what sticks" - Pete O'Hanlon
"Not only do you continue to babble nonsense, you can't even correctly remember the nonsense you babbled just minutes ago." - Rob Graham
|
|
|
|
|
So, you expect to be a "qualified" developer and get paid a decent wage without learning how to code. Good plan. I jut hope you get some good, hard technical tests at the interviews.
I have one consolation, you are based in the USA so the chances are I'm not going to have to do your work for you in one of my contracts.
Bob
Ashfield Consultants Ltd
|
|
|
|
|
Do your own work jack**.
Blog link to be reinstated at a later date.
|
|
|
|
|
Hello all,
I have MDI Application in which i am displaying crystal reports.
For that i have created a mdi child form. in which ReportViewer control is used to display reports.
Now in my app, there would be many reports. so, do i need to create that many chile mdi forms and add reportviewer in all these forms?
or else can i use single form and reportviewer to disaply all forms?
and if yes.... how?
because it is MDI application, it wont allow me to open multiple instances of single form. but, user may want to view multiple reports without closing other.
any idea?
Thanx.......!
|
|
|
|
|
I used to do this before changing to RS.
Have a form with a viewer only
Create and test your report in CR and save it as a .RPT file. Report should be based on stored procedure or at least a paramaterised query (I always used procs).
In VB create a report (CR) using the .RPT file name (can't remember the details)
Pass in the parameters as CR parameter array
Connect the table objects in the report to the database
Pass the report object to the viewer
Show the MDI form.
Never underestimate the power of human stupidity
RAH
|
|
|
|
|
Hi,
I want to include/create a chart in my program which displays titles of x and y axis and then saves the chart/graph as an image file. What would be the robust way to do that!!
Thanks,
Aman
|
|
|
|
|
hi,
may this Create Column Chart Help you.
for save chart use following statement
AxChartSpace1.ExportPicture("C:\abc.jpg", "Jpg", 640, 400)
hope this helps
|
|
|
|
|
You would either have to create a new user control or you would have to use a third-party control.
Regards,
Thomas Stockwell
Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning.
Visit my Blog
|
|
|
|
|
Google for "ZedGraph". It's a free graphing library that will probably have the type of chart you're looking for.
|
|
|
|
|
Thanks Dave for the tip. It worked for my application; however, do you know the statement for saving a ZedGraph chart/graph as an image (jpg, bmp etc.)!
Aman
|
|
|
|
|
Nope. I've never used the library. That's a question for the people who made it.
|
|
|
|
|
Trying to get the title and artist data from the id3v1 in a .mp3 file
id3v1 info = http://www.id3.org/ID3v1
Heres more code:
Private Sub bAddFolder_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles bAddFolder.Click
For Each filePath As String In IO.Directory.GetFiles(DirListBox1.Path, "*.mp3", IO.SearchOption.AllDirectories)
Dim Title(30) As Byte
Dim Artist(30) As Byte
Dim mp As FileStream = New FileStream(filePath, FileMode.Open)
mp.Seek(-125, SeekOrigin.End)
mp.Read(Title, 0, 30)
mp.Seek(-95, SeekOrigin.End)
mp.Read(Artist, 0, 30)
mp.Close()
Dim TxtTitle As String = System.Text.Encoding.Default.GetString(Title)
Dim TxtArtist As String = System.Text.Encoding.Default.GetString(Artist)
fMain.ListView1.Items.Add(TxtArtist + " - " + TxtTitle).SubItems.Add(filePath)
Next
End Sub
Whats happening is it doesn't seem to be reading the data correctly....I get blanks in my listview or weird characters or just the artist and no title....all the mp3's i am testing have both the artist and title data in them (i checked through winamp)
|
|
|
|
|
|
kjdion wrote: mp.Read(Title, 0, 30)
You have ignored the return value from the method call. The method returns the number of bytes that was actually read, and that can be less than the requested number of bytes. If the number of bytes read is less than the request number of bytes, you have to repeat the call to get the rest of the data until you have got all the data.
Despite everything, the person most likely to be fooling you next is yourself.
|
|
|
|
|
hi! i'm new to vb .net..i want to calculate a power, i want to do it in a function..i'm having a hard time with arguments and parameters as well as with the return value.
please help! i have 2 text boxes for accepting inputs for base and exponent.
Public Class Power
Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button1.Click
Dim base, exp As Integer
base = Val(text1.Text)
exp = Val(text2.Text)
MessageBox.Show("Power: " & Power(base, exp)) //how about this??
End Sub
Function Power(ByVal x As Integer, ByVal y As Integer)
Dim pow, i As Integer
Select Case y
Case 1
MessageBox.Show(x & " raised to " & y & " is 1")
Case 0
MessageBox.Show(x & " raised to " & y & " is 0")
End Select
For i = 2 To y
Return pow = pow * x //is this correct??
i += 1
Next
Return ??what/how??
End Function
End Class
|
|
|
|
|
Have you tryed:
dim Number as integer = 2
dim Power as integer = 5
dim x as integer = Number ^ Power
Alexei Rodriguez
|
|
|
|
|
trying to do the calculation inside a loop, not using nay math method or ^..
thank you!
|
|
|
|
|