|
// ---------------------------------------------------------------------------------------------
// Author: Marc Ochsenmeier
// Email: info@winitor.net
// Web: www.winitor.net
// Date: 25.02.2010
//
// Description: Read the Windows Audit Policy settings programmatically like "Auditpol" does.
// ---------------------------------------------------------------------------------------------
#include "stdafx.h"
#include "Audit Policy Manager.h"
CAuditPolicyManager::CAuditPolicyManager()
{
}
CAuditPolicyManager::~CAuditPolicyManager()
{
CleanAuditCategoriesCollection();
}
vector<CAuditPolicyCategory*> CAuditPolicyManager::GetCategories()
{
GUID* pGuid = NULL;
ULONG uCount = 0;
// Clean from previous call
CleanAuditCategoriesCollection();
// Enumerate
if(AuditEnumerateCategories(&pGuid, &uCount))
{
GUID* pCurrentGuid = pGuid;
for(ULONG i=0; i<uCount; i++)
{
m_vAuditPolicyCategories.push_back(new CAuditPolicyCategory(pCurrentGuid));
pCurrentGuid++;
}
}
else
{
// Error
}
return m_vAuditPolicyCategories;
}
void CAuditPolicyManager::CleanAuditCategoriesCollection()
{
AuditPolicyCategory::iterator it = m_vAuditPolicyCategories.begin();
for( ; it!=m_vAuditPolicyCategories.end(); it++)
{
CAuditPolicyCategory* item = (CAuditPolicyCategory*)*it;
delete item;
}
m_vAuditPolicyCategories.clear();
}
CAuditPolicyCategory* CAuditPolicyManager::GetCategory(wstring& name)
{
CAuditPolicyCategory* pCategory = NULL;
AuditPolicyCategory::iterator it = m_vAuditPolicyCategories.begin();
for( ; it!=m_vAuditPolicyCategories.end(); it++)
{
CAuditPolicyCategory* item = (CAuditPolicyCategory*)*it;
wstring sName = item->GetFriendlyName();
if(sName.compare(name)==0)
{
pCategory = item;
break;
}
}
return pCategory;
}
CAuditPolicySubCategory* CAuditPolicyManager::GetSubcategory(wstring& name)
{
CAuditPolicySubCategory* subcategory = NULL;
if(name.size())
{
AuditPolicyCategory::iterator it = m_vAuditPolicyCategories.begin();
for( ; it!=m_vAuditPolicyCategories.end(); it++)
{
CAuditPolicyCategory* cat = (CAuditPolicyCategory*)*it;
wstring sName = cat->GetFriendlyName();
vector<CAuditPolicySubCategory*> collection = cat->GetSubCategories();
vector<CAuditPolicySubCategory*>::iterator it = collection.begin();
for( ;it!=collection.end(); it++)
{
CAuditPolicySubCategory* sub = *it;
wstring subName = sub->GetFriendlyName();
if(subName.compare(name)==0)
{
subcategory = sub;
break;
}
}
// Item found?
if(subcategory)
{
break;
}
}
}
return subcategory;
}
|
By viewing downloads associated with this article you agree to the Terms of Service and the article's licence.
If a file you wish to view isn't highlighted, and is a text file (not binary), please
let us know and we'll add colourisation support for it.
Marc Ochsenmeier is the author of pestudio (www.winitor.com) and worked as developer with the focus on Windows Security. He now works as a Malware Analyst
pestudio is on twitter at: https://twitter.com/ochsenmeier