|
// ---------------------------------------------------------------------------------------------
// Author: Marc Ochsenmeier
// Email: info@winitor.net
// Web: www.winitor.net
// Date: 25.02.2010
//
// Description: Read the Windows Audit Policy settings programmatically like "Auditpol" does.
// ---------------------------------------------------------------------------------------------
#include "stdafx.h"
CAuditPolicyCategory::CAuditPolicyCategory(GUID* const guid):
m_pGuid(guid), m_pName(NULL)
{
}
CAuditPolicyCategory::~CAuditPolicyCategory()
{
CleanAuditSubCategoriesCollection();
m_pGuid = NULL;
}
GUID* CAuditPolicyCategory::GetGuid()
{
return m_pGuid;
}
// Retrieve its User Friendly Name
wstring CAuditPolicyCategory::GetFriendlyName()
{
wstring sFriendlyName;
if(m_pGuid)
{
if( AuditLookupCategoryName(m_pGuid, &m_pName))
{
sFriendlyName = m_pName;
}
}
else
{
// Error
}
return sFriendlyName;
}
void CAuditPolicyCategory::CleanAuditSubCategoriesCollection()
{
AuditPolicySubCategory::iterator it = m_vAuditPolicySubCategories.begin();
for( ;it!=m_vAuditPolicySubCategories.end(); it++)
{
CAuditPolicySubCategory* item = *it;
delete item;
}
m_vAuditPolicySubCategories.clear();
}
vector<CAuditPolicySubCategory*> CAuditPolicyCategory::GetSubCategories()
{
// Clean from previous call.
CleanAuditSubCategoriesCollection();
GUID* pGuid = NULL;
ULONG uCount = 0;
if(AuditEnumerateSubCategories(
m_pGuid,
FALSE /*return only the Subcategories for this Category*/,
&pGuid,
&uCount))
{
GUID* pCurrentGuid = pGuid;
for(ULONG i=0; i<uCount; i++)
{
m_vAuditPolicySubCategories.push_back(new CAuditPolicySubCategory(pCurrentGuid));
pCurrentGuid++;
}
}
else
{
// Error
}
return m_vAuditPolicySubCategories;
}
|
By viewing downloads associated with this article you agree to the Terms of Service and the article's licence.
If a file you wish to view isn't highlighted, and is a text file (not binary), please
let us know and we'll add colourisation support for it.
Marc Ochsenmeier is the author of pestudio (www.winitor.com) and worked as developer with the focus on Windows Security. He now works as a Malware Analyst
pestudio is on twitter at: https://twitter.com/ochsenmeier