diff --git a/WDACConfig/.editorconfig b/WDACConfig/.editorconfig index 7106e2984..279adddc9 100644 --- a/WDACConfig/.editorconfig +++ b/WDACConfig/.editorconfig @@ -26,3 +26,102 @@ dotnet_diagnostic.CA1311.severity = error # CA1416: Validate platform compatibility dotnet_diagnostic.CA1416.severity = error + +# CA5384: Do Not Use Digital Signature Algorithm (DSA) +dotnet_diagnostic.CA5384.severity = error + +# CA1508: Avoid dead conditional code +dotnet_diagnostic.CA1508.severity = error + +# CA1200: Avoid using cref tags with a prefix +dotnet_diagnostic.CA1200.severity = error + +# CA1812: Avoid uninstantiated internal classes +dotnet_diagnostic.CA1812.severity = error + +# CA1825: Avoid zero-length array allocations +dotnet_diagnostic.CA1825.severity = error + +# CA1841: Prefer Dictionary.Contains methods +dotnet_diagnostic.CA1841.severity = error + +# CA1845: Use span-based 'string.Concat' +dotnet_diagnostic.CA1845.severity = error + +# CA1851: Possible multiple enumerations of 'IEnumerable' collection +dotnet_diagnostic.CA1851.severity = error + +# CA1855: Prefer 'Clear' over 'Fill' +dotnet_diagnostic.CA1855.severity = error + +# CA1865: Use char overload +dotnet_diagnostic.CA1865.severity = error + +# CA1866: Use char overload +dotnet_diagnostic.CA1866.severity = error + +# CA2014: Do not use stackalloc in loops +dotnet_diagnostic.CA2014.severity = error + +# CA2200: Rethrow to preserve stack details +dotnet_diagnostic.CA2200.severity = error + +# CA1821: Remove empty Finalizers +dotnet_diagnostic.CA1821.severity = error + +# CA1820: Test for empty strings using string length +dotnet_diagnostic.CA1820.severity = error + +# CA2251: Use 'string.Equals' +dotnet_diagnostic.CA2251.severity = error + +# CA1064: Exceptions should be public +dotnet_diagnostic.CA1064.severity = error + +# CA1040: Avoid empty interfaces +dotnet_diagnostic.CA1040.severity = error + +# CA1816: Dispose methods should call SuppressFinalize +dotnet_diagnostic.CA1816.severity = error + +# CA2153: Do Not Catch Corrupted State Exceptions +dotnet_diagnostic.CA2153.severity = error + +# CA2300: Do not use insecure deserializer BinaryFormatter +dotnet_diagnostic.CA2300.severity = error + +# CA2302: Ensure BinaryFormatter.Binder is set before calling BinaryFormatter.Deserialize +dotnet_diagnostic.CA2302.severity = error + +# CA2327: Do not use insecure JsonSerializerSettings +dotnet_diagnostic.CA2327.severity = error + +# CA3012: Review code for regex injection vulnerabilities +dotnet_diagnostic.CA3012.severity = error + +# CA3011: Review code for DLL injection vulnerabilities +dotnet_diagnostic.CA3011.severity = error + +# CA2217: Do not mark enums with FlagsAttribute +dotnet_diagnostic.CA2217.severity = error + +# CA1069: Enums values should not be duplicated +dotnet_diagnostic.CA1069.severity = error + +# CA1823: Avoid unused private fields +dotnet_diagnostic.CA1823.severity = error + +# CA1836: Prefer IsEmpty over Count +dotnet_diagnostic.CA1836.severity = error + +# CA2000: Dispose objects before losing scope +dotnet_diagnostic.CA2000.severity = error + +# CA1830: Prefer strongly-typed Append and Insert method overloads on StringBuilder +dotnet_diagnostic.CA1830.severity = error + +# CA1822: Mark members as static +dotnet_diagnostic.CA1822.severity = error + +# CA1050: Declare types in namespaces +dotnet_diagnostic.CA1050.severity = error diff --git a/WDACConfig/Program.cs b/WDACConfig/Program.cs index 8d90bd31e..351a03d77 100644 --- a/WDACConfig/Program.cs +++ b/WDACConfig/Program.cs @@ -1,14 +1,8 @@ -using System.Security.Cryptography.X509Certificates; +using System.Collections.Generic; + +#nullable enable // Some test List Certificates = WDACConfig.AllCertificatesGrabber.WinTrust.GetAllFileSigners(@""); -List subjects = Certificates - .Select(Cert => Cert.Chain?.ChainElements?.Cast().FirstOrDefault()?.Certificate?.Subject?.ToString()) - .Where(subject => subject != null) - .ToList(); -foreach (var item in subjects) -{ - Console.WriteLine(item); -} diff --git a/WDACConfig/Utilities/Hashes.csv b/WDACConfig/Utilities/Hashes.csv index 84530430a..46fca7540 100644 --- a/WDACConfig/Utilities/Hashes.csv +++ b/WDACConfig/Utilities/Hashes.csv @@ -1,11 +1,11 @@ "RelativePath","FileName","FileHash","FileHashSHA3_512" -".NETAssembliesToLoad.txt",".NETAssembliesToLoad.txt","BB83BB63719ED073C085D4C412BD062546E6620F979BA7CD7A10D37DB502F84055FEBACDA2D47B763EB3BCF28EB3FE05D912FAAC21B70D01FFC9666FCCF743E3","163864394C3F7B87958698FB91E149D950096952F7A16C62661D3AC62AF5815FB346D5283309A4EFCAA64AB4DC64C7CB501678C3F147A107A468EDB189516B52" -"WDACConfig.psd1","WDACConfig.psd1","0BFCDAE2B9A422267E8E3619E457C279AE16620EECE212B16D895F6E41D53AF8758E499E058991F0E0A08CD38F81DBBBC84B351A1E0A2F704A2C0E502F9AE995","4D1A97A7F101CDA5126509967A58B75F9F5038F646932B1E8C29D5205759CC48D9BF09A9FDBC981C351E45968BAC384F6D98F962861BB623B333060C927E0A08" -"WDACConfig.psm1","WDACConfig.psm1","A8850AF60B7B8D4471E03C7FA38DB7719E5DA6360F7B338A3F21CED6FF2645E7EB1E36ED8197D855353C5577941058443DF8F897FFD17E8D58A36D3C0C724558","8985D2A9FF8EA06ADB53F8E626A2F14EAF20454A3927F557FB698C8DDBF2F2E803BA481300C4ECD2038651D902EDFD3C0C7418BD34F550B75D033D08C6C60BAD" +".NETAssembliesToLoad.txt",".NETAssembliesToLoad.txt","D9D84A303C7F0E17A7AA69EC8969A9C124BB8839BCAA207CADDCA1FBE1DCB0AAFB9B10DFB78258AA26D21F2E528A12F59727EA1566C84CBE7E7EF72CB3287942","3F0627EF4A43BECE88A1D3D2024EFD862B61B07F0F27FFBFA82C406DE0BC5570AA3BFFB58AD0C3CCAFAE8700E02B4845B42C9889958317281E47EB70C4A7C2B0" +"WDACConfig.psd1","WDACConfig.psd1","F4E06797DF6AE5A6CD4DD14F62974032B64D0F28F76A5C248B8E85BE312866A3916C0304356A2BE7D7C14AF87E7AE4DF16BC9486B4EBD46563C5990159829BB6","45E6383D19A7753852B57ED33FE96B83AA6D76FC123D2FB87BDEF48A1C1804D71F1E078CF0D14D2A3036C6585180915B6589F2C29C672991A325AE10DDFC7BF7" +"WDACConfig.psm1","WDACConfig.psm1","27744F7FD36C25AC55A15F85D11185D87AABE5D4ACCB4BB23CED8BF5C7C0F5D3A6B98439528DF634D46645FA6A115FC36D45E95462FDC72C5098FF5BB3ADA1D0","39F241C87A68E7B7000B63DA236843C4BF1B13EA0822E51E6600CD78691718CD70AD975D8B5EF3C851BE4A6E3690412203BE9AD7A6DE4855A1F13485F2ACDE4D" "Core\Assert-WDACConfigIntegrity.psm1","Assert-WDACConfigIntegrity.psm1","BF97FDDB723EDE8BBC8616C72F9ABFA8394D4C3BA528F54963FC01BB35990DE90DC82A9687D95292AE0996F8692C9C43B5E2F32D94009CAFC74D13CC5EDF2489","D5C8CD62EC9D3E64EA3B2269DB900B5DAF7171F429810D6166CEC6F8AF18D75477E5E0C5B991284604A3B8981D61C59F6B80A1B38B9820A247FDC60DC9694147" "Core\Build-WDACCertificate.psm1","Build-WDACCertificate.psm1","A2E15EFC9852B25597D84A801D220E048F6383AB3067A86CDB441C814BE5D770C4A329DEC27A728A243A82392A1FB92A50D2FCC9185E6A8A461D73CB8A5D1225","6243B57E4393D2AC31988AEB82CF6644402FBB9E17CFC1FDA416798304FB57880E0BDBF9C9A9FF068EB91E05B71D8987B2A7F7AB5EB3FAB5258374176F3D8632" "Core\Confirm-WDACConfig.psm1","Confirm-WDACConfig.psm1","1E0F0098A17815BFB817F0F8C6C8E70F0AB6A5F286F81135FF629BC82A2FD4C5F9875D9D1AAFB89C2A1143CAD3B4CBD376BADA4D457BE413167F8A35E1C0B670","7DBDCC43CDDA1E44E19EBB863FD01BE1D06A2F7E4D05E27F2C572B8E928999EBC3D023E4F9AF807A3ECBB712C14088DE8082BC8828300C8AB8DB7DD90861CA94" -"Core\ConvertTo-WDACPolicy.psm1","ConvertTo-WDACPolicy.psm1","6243AEA51FD2D21CE11478929B5456C66F46E5719A9D028098CF99F24449B6FE22EEE026718B6843159E265D5D4B0D23D7DBD796EE9D2F06C55C19DC772A595A","842B7C00822341D915253FE71547141123078B0058B4C9454935C1D4C4340155DE8A04D829A7787C7FC5C8C22A8A15840D1DF804A5C62CF495254152070487F7" +"Core\ConvertTo-WDACPolicy.psm1","ConvertTo-WDACPolicy.psm1","0F9C1548A496057BEF8B26F0DD350618BB1D3A624005C488C1E1C082DACAA49B88DD2D31C456FAF15F2744172C7C5FA5E3EEC939A5E852054E349926FC461F90","1998BDC952F94B7DCDC7D0B2B5737C21FF5D502DBE4BA9FC2DA3D00A9CB9D64ACDBD2AC565A4690D1716EAA0FE7A9171BF7CB40E4F7752525FD9E09CE636E4E5" "Core\Deploy-SignedWDACConfig.psm1","Deploy-SignedWDACConfig.psm1","06B1B37B0AE1FA3C04E403FDCED22510BF1A38811EBA71B43B2C879811698F13BB141A9B22E81BEDA685E6ACBD05D168FB1E08F42A333ABC15B1EDE66220108D","7EF761249F4C77A88E48F4C0B47022C0AD63AFEB469B58D7A4C9C2B1B55B7B87C4EBCE18C728E597CD3E43BD879073B6111468BF72C69A3D754C444FFA178414" "Core\Edit-SignedWDACConfig.psm1","Edit-SignedWDACConfig.psm1","504808CE4A141E5FF8AC1DF443B8B6BCECD847B9B648323C83431185FB91A924103AE8EBE7D3B01A5AA32287F96F0D7B8FDA75039F5C45F6361537B2B3B81F77","7274A7097F269E846B8B7B22E9A409ADF9213BD7F1A949F5CBA3960A796AAD5A008B6D1C72CBBDC9743DFC169C817D58A8403A0A4480F3940F6EC72894B53867" "Core\Edit-WDACConfig.psm1","Edit-WDACConfig.psm1","F061699C5A8CAACA9225FB5F2D0A0550D2B2FCEF602AAB96BBDBE271E9F8F890B967922EB7A7763624A4B84FD30120758BFBFC3DC8B27DBBBF2F82DF9F8F57C3","EC4E9D62E0C44F0B1E5634A16C2B03631A5DB396E556ED3AA7866FAC7E38E68FEE1C6B09FB7E95933D48FFFDD5E2113F00ADB64239FB417712E35BD9FE8A51FB" @@ -13,16 +13,16 @@ "Core\Get-CIPolicySetting.psm1","Get-CIPolicySetting.psm1","6FF6CC75377C37209A144954B5547FAFD7B1A0E513545E862C49443718CE0645813B3744EE4710204C6C83BB105470B10B6694A95243E75B187C28EE8D9102B8","E730D932B91F4C1BF02600564D9FF69C9936A3B0D311F028EEC04D9BA95E6AED1275B48A1A0141E142BF5E9959A54D41B4156A3C3509646DA295C12A0FC7FEF2" "Core\Get-CommonWDACConfig.psm1","Get-CommonWDACConfig.psm1","04D07FF7F780BF7160C0E98F0FD51C5C0A53FBA8FED84C37AC2B22716C5F788404B3EB459CAD3D03B7B9B7C7CF99F941C8AF6E557AE5739444ACB1D02BEF6C82","F0F4CCE9F2857CD3C7738211E1A8854A9A1C01A82350B51667C7F8E11B50D268342D5B798B05F69522F83C4CB580F497CBD338E7375D182D4FE05AD520FDECAA" "Core\Invoke-WDACSimulation.psm1","Invoke-WDACSimulation.psm1","6424A7CD6CE96F0854BA7D9F9889E932574CBA0858AB246AB5D82DEA06161B9D217A3195EABADA32DB5B3BB2064A62E915C03D3A00E882737175EABFA96F0EB5","F03184A5B9E9EFCD6C41CF1E7C036DE655052E2B7207C1BED2FD8000D8F697E852747DA943F5A4EC4021688A4D0C89864E1D12A73C6DE8DD6AD77ABD84C57F4B" -"Core\New-DenyWDACConfig.psm1","New-DenyWDACConfig.psm1","5E1541210B3AFB9048E271BFFAF12A6F7C1939D968D4ED9A6A6410E609AEFE01C27001CB58ED9430F224AC57AC0820240934A16D0CAF5A6094E35DF13A3C4DCE","1CD961FE72AD3DE1C6E8A5DAC9751EC61A7A02BCC36B38A5CD8A5A48929D9C9A8B1A9A03E0089DAE2018ACED38874548B5BBE792E6C772E4128F589EA246699F" -"Core\New-KernelModeWDACConfig.psm1","New-KernelModeWDACConfig.psm1","0DC6AF43E84372CC70A6FE6FD92628CDFC91515D0140518234D2EE8BD7E7ECD28543E2DC04F70F46AC3438427A5D8CEC5C48B438275F737AF0D7E73EC3A634A2","96876833922BC7EB92AE80F157E66F94CEAF056A10F1D36D861986241442F4E9618E57D4A47F66F31985C407EF1FA0DB9E1E04622615F1D3D992AA61E3C4E359" -"Core\New-SupplementalWDACConfig.psm1","New-SupplementalWDACConfig.psm1","B2E4365A379A3A452A97E41EC428934239425B5D96C5AB63057D10BDF09D6220C7EDA91D44F4D5375F4F24E3D6E8D3159AB0D9DFA174316F6783015ADF749D31","44CA9822ACCFF94E0E1E92278B9A515956626F6419EBEBE37122778A1085D7FA0AACE34A629731886DCFF5121A87E7C2238C014E1AE39641E7EB02911D920D30" -"Core\New-WDACConfig.psm1","New-WDACConfig.psm1","E1CF93F7BFBF9C73C50A0524331ED8A8429BCE8D6AB76DBC8BDE9B3946468F31A2BD4E3F14082363943AEA976D6417FD4BD3D485330442C6F855D739304E31A9","A4C3F406044780796FD954CE3772BCB6E2286492BBB56467D518B804B6B0579579D0B98EB535A24481FB5374CDDE0CC8E5173144B32F00946490306999B4E8CD" +"Core\New-DenyWDACConfig.psm1","New-DenyWDACConfig.psm1","5518BAF5E11728D802B7D14F69430F93E2BF94523CFDF87202BFF9926B3B90369E00F192F69ECD3399E4293A4BAE9D22DC2EBC5645703A952CA654FCEB795BEA","BB020AAAC19536C8F413B8C361E3E91972569D059850CF3BBC0302CCC6DD132AFF01CB8868837EFE56E66B806E8E7FA40B0C6B1941F30B71410C7C5C0BE4B1F0" +"Core\New-KernelModeWDACConfig.psm1","New-KernelModeWDACConfig.psm1","148AF2F1359B044C542A6230053BC51303E6D224C35BF676C5D6E0C81AE42AC0110155600F82F6BA9BDFC758C307B6E5F0BA5FCB89762656897E2C544189B1EC","473B6DB90D3603AD269AB12D759E6669B45FE0D3DE705B9E3C70B977F09FC683AB3751FED2019A45CF44FBD19AED208DF848EE5637AA455F73AF0E091ABBAD12" +"Core\New-SupplementalWDACConfig.psm1","New-SupplementalWDACConfig.psm1","63F6BBC1AF6B0E879D03ACD51D11FE0B4B58B40F747216FF6DFD6AFE03DEC2AD656C4653824BB7FC0015D0E42CB54EF4BA2C9BCFE05050157B2D505A23CE0B18","E09C46923364ED84C416B5A22AC665B530C08BD0CE8424A4C2A529E95F2876BF9932BA554BEFBED73950122F9642FE7D26436AB34C02DB9E6098C682A5C44A6F" +"Core\New-WDACConfig.psm1","New-WDACConfig.psm1","3B2350686EF24C52C79FE879BB51BB575333B773EAD0472BCDFF460A8CF973A257CADC5E06D9B0298EC5AEEBEC3042CA8F275B61D656B9610C4F3D2831574F70","72287A2266730E6BBEAAC364F0971100D76370ACD9BC4298CD64AABFF03C8DA8B797E19C4FB5F662224C861F47C1486B9742146D5626C166457A848A0CEA3039" "Core\Remove-CommonWDACConfig.psm1","Remove-CommonWDACConfig.psm1","12EE53DB609E78423BBCF0A39761552025DC34BA67921D17A8CF9939551E9D69DE1664FB2990327E9C9E6D896824B056454C8CC8F389FBF908AF625269F971AC","F1E4628EA93A4AB883E98BA87512D3DBC53DFF979D18E3B071FBA24E4858FE320B237EC979BA2EF367EA71B957C93363FE35F8D9F69C9A124DCBDB7353C8FA56" "Core\Remove-WDACConfig.psm1","Remove-WDACConfig.psm1","F0D33A8010F9141C545F347AA6E55BB8F555CCC379289450F4BF1EE931FCC1B53C16E2B4059C5BE45C1EC68074CF5362D07E92B4882224EBDC208D3898DC655D","90BF363AB9CBC3EDB59E19DFBE477FC5A756834F5DA644CDD5C589C0E1C4325E8353C924414F02A647F6B2F2B94B907BDA96D14AE58D427B0F73D2F725ED9A47" "Core\Set-CiRuleOptions.psm1","Set-CiRuleOptions.psm1","36FBBDDD30520E088E27C4AA746D780DB8132620CE8BE4B70A818444FF841EF8C9CB885DF1EDB9D39A3C63713EAB05A14BB78058665BBD79AA20137D64D19955","28FCCF0E1C130300E6735B74C60A8F9F1BCEF6FCA53D9FF188AF6EA66069A7CE061F9AFD068C58071E4CB352824ACA703BC13B24E18925003EA650E4E3E93DB8" "Core\Set-CommonWDACConfig.psm1","Set-CommonWDACConfig.psm1","C2FC01D7469D336EB6DB8378ED1A02C342092F87E44D1029649007FEFC22C667CA6575FC6F0DA0467E524C3DFE7343CC317EDEA99B1410A80F026223F6164D70","2FEC541BEF4D9D8156F27115F7977BA62E63B9287E27DAA8202BE18F6EF79DEE3E5793A7A4E6A23BC982DA8D437DB927BBC18D2929D0C2244772282D382BFD59" "Core\Test-CiPolicy.psm1","Test-CiPolicy.psm1","DBE26C5F7AB78ED28D771BEA862C524C16EAF7B5DB02EEB36D749DB9C59EC333EA14F34C8453B7E0A5DC761CD0D46DC81E934E3A7E4E070559DF22C89EDB2671","C572D0139DDF62068DBE2EE263A2ED40BED63283B610A7DEA3E8DC67AE2437C93A0B86DBD9A238BB43A7887704B503B72F5EBD1F85A749C34B645128EFFB45ED" -"CoreExt\PSDefaultParameterValues.ps1","PSDefaultParameterValues.ps1","AF2531B1594C3D5C9F0EB7AD3D0C81E68C25F7DBF621FA85F67163CAB343E2934EC9BCCEFE553D5D48E942D1ADD1A31F38B90D602F900262F93FD230B69A4466","F5C75934CB8697213F63E1102802888938FB0FF54B3FF47223C26C1AE2033367BBB30FBD5A028EED80CAFEC1F3CD2EB4A0ACB2D6019995055AACE5C991672D5A" +"CoreExt\PSDefaultParameterValues.ps1","PSDefaultParameterValues.ps1","57BCFB78106074AA05DD817C7DC8570AF6A8F77E6D87DE227BFAD4978D373A42D4BBCAA4D22BFCEAC8125D1E21CBF693ACB7FDBB326AD28AD884F0CE483F0926","324296E454C53FA304148E4B92CE34731A5F3CC00F7353D9152AED3ECB9313FB242DA731A1C1874FF00706C1965A2508E042F6D5B46D48FBAA3C19171015F159" "Help\ConvertTo-WDACPolicy.md","ConvertTo-WDACPolicy.md","C9A3374EC33A1A1EE6B85E993312B57443E958682536FD648982D7B0D79868A800ACDB40BD114A0FAAD774A35625745E66D8495CE1C7C6BA61677D76C3953158","69E35F64CF048A7840E9A936A5AF8D0C8D857E181A8B8DFC9B70957E70E715417478F2B4AF77E876F1E511D65CDFC73A498206FCB58E1448E5ACB69EE371DCD5" "Help\ConvertTo-WDACPolicy.xml","ConvertTo-WDACPolicy.xml","A94A65BEA4492A68E9775112BF94174CB08500AF7259E18A9033BB22DBE8E94D0DFE5499048BDB4DC0AF5BDC633FFB4D7DC322C290B6404A6DEBBDB9D9CDD616","EC97142D79661E04F4B70B8190655B02DB573557B9667BD774F2714DCDEACD758C75FE8CD16C4F1BBDA162EA45DC6B4EEBD4341CD087DE408DE28378BAD92D0A" "Public\MockConfigCIBootstrap.psm1","MockConfigCIBootstrap.psm1","7B07C00354D4EA6D80B2F2871EC9C1E039C75BC5E5E2356F66F15635831BF18E8B20D51214DE1913BE2C74ACC9BB22E6EFFFD8944A8FB824CBC8EC275D32E8EF","CC97429BAB23AE5EA068D2D68BD3002EC3CE08FD04DFFC0010DB9884E7BEADFB443F027EE73D09F6A56174A97CEECA440A4B37D2B4E1599B068C68D46CDC579E" @@ -30,17 +30,17 @@ "Public\Write-ColorfulText.psm1","Write-ColorfulText.psm1","BE30FE6D269A68CAB377A3E016DE774D670AA32F0213B0EC1CCAFA55E3B90DC904C64AE8D36B67392C92F5B2E4A4199BAAC8499C262D98344532CC771E4D00B5","FB9418374E5201E7FEBEFB77EDE2198FCE5F130AF200AE999A649FFDB7CB41A5D47BA5C2CEE548F4107594064D0D3E0DC58DF7903A1F8E84EF803946FB30BBEE" "Public\Write-FinalOutput.psm1","Write-FinalOutput.psm1","A42114346920BDC4D567D8923F362D145659B6919B5F50CA4A88DEF961A6528A34AB89A076862F1DF8BBD46E5835BDE156E2EF8819A0DBB7637DC71F2666CEEB","64433D0C34588B1240B27270C24D446BCD91B5742B739560764BDE33EBE18B5CDC659D57BCCD8061FBDB5AC780D7E8DB7600A23A670B7A31182CEA191383CE29" "Resources\PolicyRuleOptions.Json","PolicyRuleOptions.Json","1519B7A7A031923471C33E2D16E7FF05F3E40F06C3728B0E04D9B5669F893E7907809EDAD55C84B24565EA7D5E669A2C3CEE2EB6DF42D5628901010C41D03635","A97AAF4AFC1194B65CF92E7D97EBD99652F2809037AB823F238362C16CF0E8CB3BDDFA72D17B81FA534FEA9BD0EEBD19681DB954254A9B9E7C376C43C9508FA6" -"Shared\Get-KernelModeDrivers.psm1","Get-KernelModeDrivers.psm1","8DBF10779BAB7732E16AFEEE033614EF752E9CFDFEBACC51C43384300DA2C7E8C7D1BC5EF819709B8C8A2811CCCF4677A608E9D6A5BC4721862E432C8BC75FE7","56463BDC82FFF5AACE461A810F119AD0703B164217BEA86C1840EF302F6416DF53E6977EC590C44D72FCE4A29E9334382B27FCD903300BF5F4BDB77BFFBEACD9" +"Shared\Get-KernelModeDrivers.psm1","Get-KernelModeDrivers.psm1","0723DFAE9165FCA835310065140FC88F5B48D317D939F1FD2BCDD087077F2E629A763DBC547DC60777AC6AF35256EBDF6EDC0A02BA96853AC58F315DA7EE030B","BEDF4E522719A6844A7964D703FD93B20EDB222E62FF8C10D4052E2F9C909401E0370902CE72828F75BD75729BDFED6AB879C157373F4736C45AEB644E483E30" "Shared\Get-KernelModeDriversAudit.psm1","Get-KernelModeDriversAudit.psm1","7AA423D444CDEE42239E6E3732C1BCE15840096F7621D33300FD423EF16146810190976ABA0112637CAD4A56490370F23C865FF3B730EEE1FEDB1B28B865633F","8E879981403D4A51660106E45A51D0A89356F5868ED8487D05794E19CC6523F7E59B5DF6C5B204DCE7456FF5BED9D6171DC3E913B635761D687CF82C11748CA5" "Shared\Get-SignTool.psm1","Get-SignTool.psm1","BBE212D809B149FE46BC51021036B14517DCD743748E9510C5B6F9CF1C8805CB14771F5A76FAF6DDCDC08C668C87FE234A19D3CD21B3CCB476F9355207D469C2","0B162B55710056E4B206EDE00C6216E1B1BD9D8B2EC7FD39F55061A5F398430FB1C6DEF78B1B0BE6E6D5EAAE93F00B03668C2B2097345430F9FDA6AA05931304" "Shared\New-SnapBackGuarantee.psm1","New-SnapBackGuarantee.psm1","EF4B4A52A197E7429283D9577DA58D3C719886DDE1D1E66CF9E17E415428D156CF6DDDE71E41160036A7CEEE53B19B61533695C1329DC71108FF6147E7F88B50","D3688B80DB3D9873FC3086CE2F0C0C2E6AD6432AE86B1B156ACE1113822980CB6451E217D0ACF016BE9EF1E6F883511AA161BF1DC02CA79B91C2FCD78375EC55" "Shared\Receive-CodeIntegrityLogs.psm1","Receive-CodeIntegrityLogs.psm1","29B5A2CB298ABA068F64C1F814A1FBF9053401FA6FCF35D059E97AD6A40BC8E58614DD16DEBFAFAF7BF5532BD545D361E5B3F9C01AF11D8FC6278C2A86A0E9FE","4DE96C61B5E5ACA9F616B2017FE5E91B29E70421CA45E9235E7A000EE85FC35B680746A48638441AE6FF5E9907AA75CB4A10A3F3A93E9EDC1844AEE35C2238E9" -"Shared\Remove-SupplementalSigners.psm1","Remove-SupplementalSigners.psm1","1E843B2C333216EC189B61E6367FEF2293796AFF76324A7C210D787A15666A9959ED105DBB8F067FC872A7552DD4891850DB538255F8E9959589AE5C4CE49C92","E0FF936EC7FF458D65D7EA51215F1C262F0574E60678B34EF6497799E99CBFE245581A44D47D6667931F7F5905781B947F8DB971B5C589024A8701F8CA6DC6DF" -"Shared\Select-LogProperties.psm1","Select-LogProperties.psm1","A44353FD8318D4A843E1592E85DAF3CE1C1DCDB9324D9AE7CD2897BE1A13BC3B13D971E74C85E45685E613293CCA2A1C8D3C6615F0ED73ED678F987D72A8D1D2","73A7CD2ECDFD3B7CDD5D770FC8D8239597E46A0DE4B74FFC9D0E84BEB8D0B26C04B01B68A83AD0ACB0A734777E5CB7D41BBBD80468EB391747DF627FA581DF95" +"Shared\Remove-SupplementalSigners.psm1","Remove-SupplementalSigners.psm1","CE367BA1084E60E7D1789B7831FFB0EF9B4FC051223967356DFAAF307A2DA1B87D8CF0555A54E86F3E381433979D6EBE382D7AE71E493F7432D8E6BE1E24D494","A8214A0DF80B870CF5557BA54EDBC790D0147D42498BDA11F2F5586360060BB4B2FDF446512AC85A0DE017AE8BB197F079B35060E0B0E560C81F957AEBF22242" +"Shared\Select-LogProperties.psm1","Select-LogProperties.psm1","466379089AB118F509A4664A0325347F6D31E5E141089463E1B7C0AE6E5F002B7788222A63E12E478F141A2A5D6E0AA760E90AE7AA44A3844698E2432490D7A6","8A326BF412DE2C12876D9CD064D6F1201C1F337B248AEBC9FFAB6ED9CFA7B432FD2F9B420CA6855828AF6A3BBB2807411A2C9409B1D777C284EEFDF0F772AA8B" "Shared\Set-LogPropertiesVisibility.psm1","Set-LogPropertiesVisibility.psm1","D0B4A97CF9F66BDDFCBB8BB38A932D2C3FAA9701391E62604A3F3406EC5B340184395A0D2015628A67808499A60FC5FA57CA5EF89F29AF2D1329093A063F0817","728146FD039BA5191FDC1A563D314C01BF35E7602F4C153B8DF8BA6BC42F4FE8590BACF8C5D7FDB9DA83EF1D87C158E6A937AC646411962342DF6C8F3602F4C5" -"Shared\Test-ECCSignedFiles.psm1","Test-ECCSignedFiles.psm1","F5843D38B9FB0B768D028589186E551E29A0B0E6C48438400B02FE2D606A977AB33F8ADD6F6DC2844E7998966A7C1CDE10453D6DB33688A7733D59AF127E847D","DF1A105E98F1DC99F460EE989294DE2640C8DE4E767378D8B7D6C6598A187FDB1E4810672714E9E6F540A633FB74522FC23236DB0E36C3043ADCA525A8F765B9" +"Shared\Test-ECCSignedFiles.psm1","Test-ECCSignedFiles.psm1","8CFD933F97D9E183BBDBD0000AAF8C3F29ECDBB4010CB306A87034611ED7547C0422D1BD1115426E682BDAEAE0BC94D45A43D7F53F33FB19DADE7CC728756998","5A02D8FCEC5A750DB70388F880BF3A4526152A4100460E0B26E414B2413283FC6FA6F51667EB55B01B867930428D0700B95D14969CA46CE473448074BED53E20" "Shared\Test-KernelProtectedFiles.psm1","Test-KernelProtectedFiles.psm1","D855644AF7B281FCAC841D54FF40B2405623BD95C8FE0180DA5D96E7EB466C8D18C816DA18A3CBCF8755C9A4FA4EFD1C1FD63C2574F513897C1662C6B745941A","56E87F18B3DA39CD1A5375200F681509950E8728D5561D595676AD3B3FF6F96ECA0168AEDC3C8A469D481DB5D51C9B22E470F7388CC79C2866E60F95D05349FF" -"Shared\Update-self.psm1","Update-self.psm1","2F3753E1632CAC99E0CF3594702D507D8FF4094B761E2D900CFEF51E5ADF241A23808CBFD9F2FB10A58C8FE37BEA3271750E9DD88603305E19916B78965CEEB8","5B2EA4A73CDE17F811F0832F5FDD94DD21A8B1F375CDBB87A6EF5609206336456BCBF03F23B851D510D9CD63E989921CDDD054A599300869C95F4661EF576FAE" +"Shared\Update-self.psm1","Update-self.psm1","DCB02A24ED8F422AA3A0A43C4BE9BD82D5441C1D097C7F5BF27968F69D40AA7CBF680B1AEDC1FB3094BD382F23D4A4ED9D09EA443F94C4024C276CD507EA20DE","8D24269DF0B169E1CC0527F86871D5334AA79B6653D1F1C66BEE95EBB7E6D2F12FEF57F0E377211C684846E32EDCD97DE157D8BFCA5109E06D4E80C4E9EB757F" "WDACSimulation\Compare-SignerAndCertificate.psm1","Compare-SignerAndCertificate.psm1","8E75B2A6C2CFCC0CBAA36C54381E767B18DCD804200D2174DD160AD7B24C79BE302D2B9E8FB550217F4D695348D3F3D71BE53490DD83BCDE9B9650FE938CB256","80B62CE14425BEB72006336106ED37F303FDBAACC919A18EFE600D92756F7545B1DB41F385C84D6EF8FA2E1AA9B7C8856F873815BBFFCAE508A5E58D7BC65A97" "WDACSimulation\Get-CertificateDetails.psm1","Get-CertificateDetails.psm1","4444456A2412C729206DC323E00F8529D0256C1BA5853194044056320056B9A4427D2F26147A84330FE4897CE08224921FACC2A9C3AE51E27F56066E6BD7AA46","6688BB4A7B205446CD4B2F53059C2838C1259CF7454CF67350E67A55784EA5A0A473BB3C92E0456C733039A26AD67F7AB62378D3DE0921A1F8024F91D5EDC8BE" "WDACSimulation\Get-SignerInfo.psm1","Get-SignerInfo.psm1","DD9B40FF3F0DE059662712938C76C73314EF444333916504CCDA79EC7ACF5040DA0A1BC1977B5A06FE9742FA05BD56E536C1CEF0F8B410FDC56D4F46083276E7","16B5A96AE906210D96135A83E8F720598958EC3AE7C02336411894D9E59FEB0A53DF5DCAFD84C47D6B26CBC4707714C768A5523942241230F88C3976ACA17204" @@ -56,68 +56,64 @@ "XMLOps\New-PFNLevelRules.psm1","New-PFNLevelRules.psm1","33DC5FB33DFF1AAAC018092802879C4FCCA839C528CA85F36C9A6A19A3A9E924BAB48C1AC0952DE94140C7103F944CB58C3B8CB5B7C7F1D5912102291AEE68B0","0E57FE1B1F5F24FAD45E9FA697210A3AE9EE7B75559834891BBC286EAA89BCBDB97111ECD39E5780079B1452DF98246B7D7D1F5FBF2D4A7B07B6E16503DFC67E" "XMLOps\New-PublisherLevelRules.psm1","New-PublisherLevelRules.psm1","C9F69D567D09D2DE6E3BA463466D61FE20818C80D53EFA7B3C5E82CBC60984B33CBE686038F1F78EDAF7AC9D45270AB67C4F1C45C459A67F54722FC9C817CB4B","A9AD58A7F87BF24A4DF011861813981FDD748E68E64F33F6A58C6171A1C9C6D63B2DCC1A8ACC0B8A09C3E6B8FCB3F272E61BB020A361B99D5A223554856B4C02" "XMLOps\Optimize-MDECSVData.psm1","Optimize-MDECSVData.psm1","51D45985CEAF8245FD9DD2CFCCD4B2EF0795DE7E815CEA9D06E3C0B433575502DD51A23815A40B8558E77E03B27E8F7C545D4C22A368302774C333AE3E32CF58","A503F91DEB26EAFA0F55BB54EFEE23BC8AE1B0E27FFEC67E9BDEAFEFF2146BA1EC78EE1CDE0021B826E4844D2591D75DCEDEADC914A0D7239EE78C3F805B863D" -"XMLOps\Remove-AllowElements_Semantic.psm1","Remove-AllowElements_Semantic.psm1","75886E9856B9F4FCE1B4CE681D61EE11478F4A2DE79368214771C60CB0D78E7F9E3355CB04B59DCEA8CEB748D0CA43BB53E6BC4D8941BD47F57466F0D5B580EB","027D887DFE755DC430405BE6CD083C978EC9D0A4355A5E2E20878E8153BBD42FC9BF061EB6878D2928B25A2FAC8974DE519A53A8DA324249AB4ABA6F26CCCB5B" -"XMLOps\Remove-DuplicateAllowAndFileRuleRefElements_IDBased.psm1","Remove-DuplicateAllowAndFileRuleRefElements_IDBased.psm1","1A305D45A14C371C3789387524A7C1B9BBDF9FDC92DA1473E6F267425D7E32F9F541E028D0C6F2456ED7DC0AE4996225E0A92541F79DA2C4213D95909A5DFA1F","4D79B5DFD317661C22E12A721DA0BACC4D95E2DA27CE8377041D9EBD3D624BEEB9A1AA44B3811A08AD96770E5114683DA5FE78AEBA98BE19B0C7D9DF8585151F" -"XMLOps\Remove-DuplicateAllowedSignersAndCiSigners_IDBased.psm1","Remove-DuplicateAllowedSignersAndCiSigners_IDBased.psm1","C6D25F28DF94AFABA67A87ABAE546CC8D3A18D33C79D211B347828FEF1A459345C75F8771DD19F43D9C28F9BCFA88C6C97CECE59BA205188B448A50C7B5D3203","9B65546F73FC480AB638C89A8CC265A706A0DE5D93A889FE783DA8D606F95AACD195F2BC549942315E36BFCD65E905AF7278259CFCB8F7FEF6FC6388392A26EB" -"XMLOps\Remove-DuplicateFileAttribRef_IDBased.psm1","Remove-DuplicateFileAttribRef_IDBased.psm1","9244474F5AFB4A7B725772EB1C66FB681A15A1628DAB4D0FFC17ADDC0A88EAD84BCD16615F1B59E66E5393A2F4D83EF8CCE78C95583443FEF41B8FE063805DEC","1216C457AD18A98A8DFF73237008260D96C5CAAF86D42E3662F07055BB4DF05E980EE2D4CAB49CC466B6F1C31CFECFB3A55B645888A9A53B095B1EE4F258D785" -"XMLOps\Remove-DuplicateFileAttrib_IDBased.psm1","Remove-DuplicateFileAttrib_IDBased.psm1","0256A402469B9B33EC537B0BD945E382AAF1C478BDCC03127B5FF836E11631673AF685D0F6FA7FED061DFBD587BBF9DBD4146F5D74C654906AAD2918DDF6CEFF","467B685822FB21294556BAC2B9770598C127402BDF60E11908B919C5FF183B8E0C3000FD5060A3E7AE0811261AA2634C16359B2FD6A0211E6EEC4FF3EC802A46" -"XMLOps\Remove-DuplicateFileAttrib_Semantic.psm1","Remove-DuplicateFileAttrib_Semantic.psm1","E46DA853889590533A9D662DBAA1EC181D633500CDEE7767B6E9B728C3190F3AE72F82103D03290571D050BBE12304670DBE99B2C1F64057C7B4001D660BAF6D","FDD3502A427F952A4DA289B4D7D3171180303058DB522DF981D03A2512783D17525F6E2F19CBF8E4110EA0272F00F9F75B430E6427C5FEB15C98A4A305CDF391" -"XMLOps\Remove-OrphanAllowedSignersAndCiSigners_IDBased.psm1","Remove-OrphanAllowedSignersAndCiSigners_IDBased.psm1","4C84935B7B02288FB0431C565973BE9452E38DCB8CBC1F3E50254243AC7C6CA69EDDD47960AF34327EB9F8193BD42CA2B4064A88416379072B800D3C459F2821","23434D0A28FFD30C83E9AE4D58E220AE4877D1EBCAEFCEBA908B6CC077A3C5443C69C0FA62C66669DC30231D2DB4BB1C6822D0E931C38020679CC6062816878D" -"XMLOps\Remove-UnreferencedFileRuleRefs.psm1","Remove-UnreferencedFileRuleRefs.psm1","F21CB1FCD1AFE244E14FD35E3CC9CAE7E8D2B874CE4DBCD9E6C1ECC3C3BE48912238D7D36556F541E7E285B1891533508BD12C43C97F5B1B94914703C8DEFCA1","154C33DECB5178072D13D812CE6148481D6A822C2D2D39E1F58110D01A5E8EC604854A3E600824EBC2A815C38A41104FC4123324589B27F3AA27C9B86DAE6627" -"C#\ArgumentCompleters\ArgumentCompleterAttribute.cs","ArgumentCompleterAttribute.cs","62022479511011B3EF2C0B3C04FC0699A1B8175FB6EAAC6F9C28F25373C45361822805E003AB46E85AB2A9A50015D63B9C5E4A4F7422AE83D12597B8EF100280","12CBAB82F3D87DD5C28F259C4DE901F64093AC1C8BFD6FFC2E09B44CBDFF1BD987B2B1A660A4A2058D49268023A22A0F32C88B0A4A8B6676C69B8B554F5E989E" -"C#\ArgumentCompleters\BasePolicyNamez.cs","BasePolicyNamez.cs","1DAF14983598C66D51AD0B14A6A8F83549C10CAAE739301709F6EF33327AE9D6A98D2E0B187AEE99B4E8E1519CB8B45DDD377E8FE703F4EA48DAAE54B1083A12","1935591C536010ADB1C5B523DB5D4515EF8B2EDFB4CDF6683BDC8D17A194F79D9DF9D4FA5BD73391D56752360BBC50441FFA81DED3FF4EDDF7A7501C3ACDB75A" -"C#\ArgumentCompleters\CertCNz.cs","CertCNz.cs","E514FBFCEA874D4F17EDE36CB5052A4969C5B767D2A7955FCDD1C3B70034AD0FD9618DFAC21D892BE67AB3C0C8EA608B1F8EFBA38CE6ED88E2B0B0589B38566C","60F560BB38093DE664E950A453F03F11D8FF77A964895C0A75F2C0813A66130CAFDCE08D4A7E9EF972B034220C64626D63764F3C8A1AD5BC055864773AEBF3DF" -"C#\ArgumentCompleters\RuleOptionsx.cs","RuleOptionsx.cs","ECF2D379B48EB11273C346C5A1E38F81D59E3F5ECF2967255769508C4B6BBBEF6302D2395CED5811CE0E6F8B3438D2E734D038A714FC31202F16CAC1A8D3668F","46D943EB364AEE6A8AB387CC4A5157E7835FBE8907AD251DB76E77CCFBBF58E44BFB1EA4AFDA281C8818DDEA0FBBCCEA1264EAAC30DDDEA09993FD0C7A7E6C70" -"C#\ArgumentCompleters\ScanLevelz.cs","ScanLevelz.cs","5CD10A3FF08BE6AB6471F37C1D809081C726586FB1774FE9F4924E55D5559E5E94B46F5024A17B1DC15AF443133DE525F838CC3BCC979EBB05C15F37567D45D6","A17EAE5B691C3C1BAD14EF02C83F9E14568396038BE1096B12CA8E25A863DD3A9669B16F37CD987CFCFA49CE7E585188F57738989CD10F3D26CE62DF7463D30D" -"C#\Custom Types\AuthenticodePageHashes.cs","AuthenticodePageHashes.cs","B408704852D111C69EAE69699CF4A9E8BB4FA9A25AF28C09E322943BF93A1F80747340BB5338E34F26EAFDB14D1A9B721A3F3C9E4688F009F21A45B18D9E92CD","5A4FC4903C60C3FB4FA6CC953C9A7C1A0714EB5C6DAA5BD5C7C694B9F0B02740CDBF99008D3297E724F7E46F3FB9AEA98316D9439C91D0783B9343E055BB083B" +"XMLOps\Remove-AllowElements_Semantic.psm1","Remove-AllowElements_Semantic.psm1","10BAD8B9424A778FB4366FA3B896A1E86272D20AD5507EEFDF517E00D2C3CD9EDE53ADAF93B7DB0D4B0E7657BA6C90C5C2914621E3E78955C7EAEFA1F2B09357","280183E7C5AE6153A0A59BCBFA07B5101F9FC321DF740A1989CDF76565192EAA9A7BEA8FA56D478472BCA480711316391E5B4AF3B559DCA4E2BFE277AC018938" +"XMLOps\Remove-DuplicateFileAttrib_Semantic.psm1","Remove-DuplicateFileAttrib_Semantic.psm1","D1F28FCD92BF969370EAED81C13E6FAAED3ADBC331853D84CE4B432164DB8F8B014CC6C151441796C321B097745D526EA43185C77A2C0B46C7B94AAB45545B37","D122B8B056A18B97CFD758EC80F436FC5A8950FBD66D915E4231B3315190A96FD6E5B53B080C20466E4FECA6CABF5484937BAA0D1BEBC0004BEBEDBA7D1DD74A" +"XMLOps\Remove-UnreferencedFileRuleRefs.psm1","Remove-UnreferencedFileRuleRefs.psm1","7667E6EDF15F31DA0237C52595BF67CEFAB711915AFEF244DF8EDE70764FC325135E49EBDD57B49E87C313712D38D236B24B53FA790675EA50BCB067D3CF582A","83CF1233E02F456F0B7AD80A25739F8B4DC33F5CA0F019EA62BBC73D695F388807A57D8DA9D0E0DA038CFDA72AA1F1F8F7CBE175C8E03E415610CEB57F5E2A4A" +"C#\ArgumentCompleters\ArgumentCompleterAttribute.cs","ArgumentCompleterAttribute.cs","ACC939DD95D1B48C8FE329C857C61824F7533E13D78DFABE87437A4E22EA809770BD6ECEC4638610AE71DB0C2C406CEC8EF4EB07984A40E0837B7A96FF3ACD54","9A311FAB035BB7902A8F1F601E8C919F078DBEFE07A1409E32DB34B3B806152DB8C0FE62E516733E45F9DF7539DA5F4155D6AE1A1BB8376D472BD91AC4604E50" +"C#\ArgumentCompleters\BasePolicyNamez.cs","BasePolicyNamez.cs","BD005B4C253B36A820890232797E70A6BC4B98FB628918F15A07697CB26072C4FBBC7FE1E4EFF4022C577DE29527820DD943FF2F1F9959FC41EE26CFA1A89EB7","F2A3CBB9C819BBFB2095E027740988350649A784096E23BA8248A4D4F0A0AE7CA8975A80B7EDDC3005616C74DB886D4CB33E94CC3EB9F55BB1DF45C581794848" +"C#\ArgumentCompleters\CertCNz.cs","CertCNz.cs","662B57764E6570A3E006C8A5C874AFAF731B06E3B1C5BB40C0CC12EB3F70FBBEBF41B5ED4B317E8DEEF415A3143AE2E03CBE9C4B5FA0527DC2DF3CC07B7A3DA5","EF6F19FF103E4BD4A4A60EA6B0DD202372200E66FA3BB7FF6798A22E9D0E30430A9E3C487EEEAAEBB52C7A5824E67E2F6E5DB55D4CCA7E60540C744ACAAEC3C5" +"C#\ArgumentCompleters\RuleOptionsx.cs","RuleOptionsx.cs","4C4438EF5A23A4F99BDBD6809029CA38978631CB8A9470E22FB7946B856E619B4983055CB8DB34DF45B512C352B318E60F88CBD7B8EE163CCE29CC0A307C7543","E337CC14704B2BE62A392FE5D71BC6F40A208D52E03BD625D7A1A252366E8A97941CE83A53C34CDFC6C182C3CD11C06BCE294FCAE8073DFE07F59B948894A904" +"C#\ArgumentCompleters\ScanLevelz.cs","ScanLevelz.cs","AD425BFDC252CCBFE60544866DEDF2A7C04EFDE19681C78BCF72DBB9ACF5B6C8DE37A6E63CDB2403440A866BD8207ECE6F788E0A5B2922378359B6D029E9FF0B","248BAA1F40A683855FB69DD214150F4C0D65DAA133B0920DED33C548DFD7589628E99E10C685D04A9B611CEA6C571A5E8E830906807FA072A06F8ED3EF62928E" +"C#\Custom Types\AuthenticodePageHashes.cs","AuthenticodePageHashes.cs","395AF9E2B96FD07EA1C2A19938E5A7568341B82F681C68FDB9C1044A0F2B754268A56084FCDC47E64C74A925340B356304EECC05EFC33E63B058C9602CE201B1","D1D9F40EEC10531CE34913CF8CD197D9E4F738100EB0061908A53BE5670810BAB20B0DC225147940ED43921A1888F3FE32D6E3654C6F561F262115E0FA8016BA" "C#\Custom Types\CertificateDetailsCreator.cs","CertificateDetailsCreator.cs","166F34DA527BAD64CA1D1487B835D8B8C48FDB048864A47DC259B46F3B9FF8F6EAE6EB65F489C090547EC6C4A092D849F0839E2E00149F11D4E268880711F912","78A4B606AE030709C5FEB2EDE0CC7C86B7D0874ABB984419CA25A67843DF4F17F92967BED52CB51926B38C76884ECE2911AB77A3C310F6899DF15C197086E18B" -"C#\Custom Types\CertificateSignerCreator.cs","CertificateSignerCreator.cs","F63225C4FF262BF5515313128C755AC9BE77BBF707F5943858D9BB42B0CBB225A3F5656319111E752939FAAFB9A7BE61244A6944CFD5C6C502BBB05748FE7F2B","1C5C9AF8A57D4D5B9B7D2B898AA517DDA84422A453A29E029F3A94FCFB855DDAD0157C54EEF03CA886258235DE9CA53F9995CA6ACB35555D5734C84434C938DE" +"C#\Custom Types\CertificateSignerCreator.cs","CertificateSignerCreator.cs","5FC0539B08CB00C1D22B81DD47D63291FF0981AB9D58A40B1A55EF7DB12465EAF8A02C05F6482A27095318016351173D76428F23FFF50A6799FDE6D67F46C889","639029EE28D75E82AF0043C24DC4F0A1AE42B488832F9B6ACC54C80DD1036776A7419E35BAA471FC5E4B49CAD1C40B91AC03F68509B338A6595B46B961FE5A19" "C#\Custom Types\ChainElement.cs","ChainElement.cs","493A86B0365C36771E47FD83CB26A8E3017B42698AE11E6321EE1E6219DD31980E1521EDB932173E9F4BA0E298491BCA40793BE542C09C07ABCF3CFB4226041A","D209D4BEBD7032FF9EEECC5C41BEA39F8DE739C01B4854F398D17E59D8CA64FF1E160BB158E9ABE09ED8370291E0CDE3DD52842E629D488D61D24827DFA15D7C" "C#\Custom Types\ChainPackage.cs","ChainPackage.cs","6E977795BF2278AEC6CF70CCFC46C052134354C79E335338B9F2238500352BF4DDD1AE6B2734D39F2B117387C405E462B50753C313199046973345F2804B6DB2","92FDAE4C0DB140DF8C816A53DD10437324167A41C0C0856EB82FC681CC6BAE66426D970E19E927EC333198308F51886E85EEB6E4D949765F75D4F3412C9286BC" -"C#\Custom Types\FileBasedInfoPackage.cs","FileBasedInfoPackage.cs","10212D89B4895B46F74D8E1BCEE3028CE2E913C99E83E408EC0F94FA77BDD487C2046A022EA5A400B8C7256E8F9A83A68C014AA2BE5BACB8325F0ABE9E581F71","0F7081FBDC651B712D4569CB8E1B23E0373B0E6CD8DFCCC2502E395A7CBF5C5F7223A5FD056EE67ECE675BE41DECD24364DE6C24E0183E9611BC2578F100D4E7" -"C#\Custom Types\FilePublisherSignerCreator.cs","FilePublisherSignerCreator.cs","CA68EAECCA4FDCBDB31C550CAB4735809FDC1C3B15CC4E47D8B876ABE46E91F19ED2FAAD629A4B3908110483D24C6AE4AA989E9FC9FEC740CCFE29ABC5AA78E0","19DDC47E2874FAC54D00DF5FA4FE59F2C58736C29974F030D37CA053ED14F4DE5E1949E6DB98A649EDD387ED2FC3B56C45682D2EFCDEA1D0C26088F3149E2A07" +"C#\Custom Types\FileBasedInfoPackage.cs","FileBasedInfoPackage.cs","F9039FE001F28591B24B7C8B9F86EF5CA346CB4DBADDD6614CD4EC5C9C8D3851C2539DB1DBE5D8695D07D7E7143B6D9E2C4C60FD9A7693BDF2EF7FAD61286470","F878FCD9C1525C4F767592C184A6A233F4E9A6E2BC2F4A07F0951E1FE65152A25C8F05F85D18659638C190AC155CE1DAB68DB2B4672E3A8616C8186D3A3774C2" +"C#\Custom Types\FilePublisherSignerCreator.cs","FilePublisherSignerCreator.cs","7485ABBAC20B65E0C704A5491EF96C104BEF153F327432467C4558F5CDF0586AF8BEEBD718C641D3E81E7ADEA52A33B30B04174C54355A02E6CC945B4156CB3A","127987DC2632BB9760B95B960415452B73BC3FDEC888F141975CD867112A1B262CA260851B2052BBD980D0FB53D1DFC32A6F8D9D0B7BFFD021AD2A0E728169A8" "C#\Custom Types\HashCreator.cs","HashCreator.cs","5AB8EF0AE9E8E6588DC11C5728DD0655118F6B0A891AF04111168986FCECA7675AB5C87C742ABCB9F1149E6665FC7C5A523AE9E49EC49424CD3036D7BCF7CC63","659961200DC9F86CF2001EC3F337AFA26F115F3553EC569C53003619B0C31A319BB909C6F4A6C0AF76BD5B39AECB87623C0868A9173438F7E3492D8D15A3790C" "C#\Custom Types\OpusSigner.cs","OpusSigner.cs","DC67240B94C864C347FA9207D969499BA71C054E6C977B63315AEC93FE026D07F5981503488332AAEE3092502BB16F917AD33FD334AC9F106529E54AA98FC88C","871B8F275BB0B744D0DB204AE68346C7A438920543B0C9F088AAC7BF243B7B9FBF536548719ABFAAC3CFBD6270B7EE687D29171330999579D49557A3076F14C1" "C#\Custom Types\PolicyHashObj.cs","PolicyHashObj.cs","20962490FD2BFF5273B204B4457F0AD9D4F004C5700628EE54ADE16D0BA022D3DCEA2F9C6DD485F6BD36F266CBB560A230368534C01F6999CA936AEBF25FA426","0FAE99AD3EF3EEC33F9154923E75481C77174C46E3464A94369C928EABF620470B7BD4D1BB8692DAE46B9CF0806FC0E447F8FBFBC918880536513A6731DC4704" -"C#\Custom Types\PublisherSignerCreator.cs","PublisherSignerCreator.cs","91CB2A5060ABFD425E7F073205770CAC3CDBAA6123E2BA34DB7B31A3889A14098E7E084792C5EB5AA9C6CED000235135786527546830B7444875197C455C3F18","5F898703C036D80713A6700CFE4D17DCF05E4C903F17FB347A1F25E50A2E053D79FEA623A0BC2660E560ACBEA1B3602D403DBA14AC2EA8D2BCA86B4CCE9D5171" -"C#\Custom Types\Signer.cs","Signer.cs","D0FF193B4CAF2E57F9B8CD26857C28A68BAF838C0E059BF9503FDA181EEC60CFF5C7E3F8D598C172E4428C2B38FED7D4E769E97EDCC34A072BBF9BCC221B8ADA","9A617CFD2C3BF4A32F6A3D5132AFD33E08038272116A9A72A8FC5218B5434A429011D867818EBD88C834F0D375D6A9FF4C43614D91F430DDE939E6E9564AAC5D" +"C#\Custom Types\PublisherSignerCreator.cs","PublisherSignerCreator.cs","BE66EFB58A635509C6C4292F85298B59494E565DBF2F49B9F6C4FFA7F5DA2B5E0CDA63691587AD772467990770284500FCC29C319F04CEEEE2A6CD3B9BF5FB88","41A8C71C9ADC0D1120F1CC427950AAF0797C4F0A658D0E9D336BDC7BFC880A2D2E9F42F14015F27F634910A3BF3C30CC98318F69B9174257F1B3C53636A245A9" +"C#\Custom Types\Signer.cs","Signer.cs","8549CF9A7F8E66FF709BB0A01B83A527924D1FDA89D07A545EA1C72FA6EFAF918883EE342B0AEBDD4D0CFBCCDB03E131B238A3973B42EE8FC016FE26BEF2986E","7D47B90BAC7E738057149488C0678F64A355F0E6E619349448E4E19D6DEBADF1C49B7FC140BC4AE45884FA799A94F1487B2E7D19B5669889515615CD41CF3813" "C#\Custom Types\SimulationInput.cs","SimulationInput.cs","17BC223C676B9CD2B33294D567CB6A699CE610E73AB599E5C7EECA22716E5C40222F98EF8F3386533E8BBF04A562E817A8F24F4CA5CFC79A42B573DECEEB0F12","B122033CC2870809CAA076E25672A4F64C87A2C2FB5932D6CB017577B48541F5AA8B8A77BFA535FE466B8C962B1BCB8214C747B08EA75E0C10AB83AF62D5513B" "C#\Custom Types\SimulationOutput.cs","SimulationOutput.cs","78B686EB62D678EAF86CFDE7E172960226DA07C2D8FE584EA87BB0617E9EB92798E7C8158B663158C9F3D3AA92D6EB1A8FE582038E0B2628749CCAF9BA9F90BC","AAD6295931775F1ADC8EED37BC6BE8EDA225F28CC174587C37021ACEB2A24261DB60BB7C7743258F7F2ECB83A23AB7E0ABA8EB0141CC274E63B8FBAB373B4183" -"C#\Functions\AllCertificatesGrabber.cs","AllCertificatesGrabber.cs","B597743CB4ACB5EA9575106D6A053D059C15BFF9DD731AE25412B413C38BFE788BBA8FBE656BFD9EEE272E0A5A181B2D4DFA461B5AFD184E2267D9E19598A98E","A145CF8FA69A3C3DEBF09D66203066A6239B08D2FF78DA968299A47D5829C1D9D5AF4DCA1BC7B7F163238ABCF3DFFCA9F47F53C4210CE0AFFEC0884F06F04D79" -"C#\Functions\AuthenticodeHashCalc.cs","AuthenticodeHashCalc.cs","A23C3D451DD9F0A10765FEF50DD31BC95AE7F3F6C48C28F0E1527AF84798C0510A9FBF761C330AA8735E63C0E691455D2BBBCF32C80A97527BF4E1607954954A","5E8F4A5989B09DC4EECDDED70E0A43BEB9D0252CD66D70E7AD177EDED36464AFC8AE538ADF17D89B491B552021CD1905245EB6EFF174C504FABDA975305B1EA6" -"C#\Functions\CertificateHelper.cs","CertificateHelper.cs","257A54A8E01246FF3E85FB041613A1857899DDFD6E51734A095A4B91BBAB18C05CA89BC71DD15FD52D46CF18A09F6F8CD1C49ADC6592F0A20AA3A3CBA3D50501","6F02C6FECEA7D49B94C44555812AD0DABC82F97A0F58F580EE5F93380E89ED32F3979752D1BD83222C4EC550E85B3370F609BA639AF881436BA3D601B432E0C2" -"C#\Functions\CiPolicyUtility.cs","CiPolicyUtility.cs","7A84B32308A925754F120865C77AAAB8E3350E066984F7EFB2CFB3E267D3B54F590E5CD65B504FAAD5BFAD8F877EE345DEA0800961081B48347DD706A041B2F1","DD54A6D25A6803FB8CF7FEE2143B688840D61256745397A0A03C4809B97AA734D4B7E10D45EB33FF60E0037B943EDFB82BC5D64B9BEDD1C44A55150008E3AA5C" +"C#\Functions\AllCertificatesGrabber.cs","AllCertificatesGrabber.cs","9A046DF6003690BF825591F9A8742BF873C436300EA11B154E3F23CDD0CE1B81000C8888452AD43E0214F8599A9AF0E16FC2F3501690C5154FF43EABEA1DE4B2","C2A406FE47A091F088922D76AEFBEE3FE3839ECF6684606C6319BD51E6771347C3165AB34D047A8B28412CBDE123C55379F36EB69B4DBCA5C3FED1221058A909" +"C#\Functions\AuthenticodeHashCalc.cs","AuthenticodeHashCalc.cs","C012AAB2DCB630FCFA39512CE1007264EF7E49316FA4348E7A009E4C2434BDAAFF3AC07079F3B81F5F2BE1F6DF34A7C7644C7AF5DD40A448800F2B53BF5F1D52","C3D2630BC5976961A751DA0ABA74491563D714071000AEE698B0A9AC3E3184EB320093A9C4657A75201ECF73F1063ACFF88B49CE6FE28D5B04FFC1AFF5C39728" +"C#\Functions\CertificateHelper.cs","CertificateHelper.cs","FDBAD2634D282FF00CBF57ED646C7BA44910ACA488FA4D1619761373EACE7B7F1E783F6586B9EA76B2E83E33A72E5432113141DB186C6BF872BD712C747A35F8","89D7464ABF0C20260F28C88EC9CC434EDD695763DC73C532016F3B8C29AF64EC48AD90A18A4F62784733559EDE9D3B11A039ECC3D11CA3CC987B544E87BB6658" +"C#\Functions\CiPolicyUtility.cs","CiPolicyUtility.cs","5B4D73F6B16D6DF6A0FA5E2212B6BFBF9B965540C039DDE3DD4D04515B7ADC31F541BFB62DAE30180B10B114E3EEEE6E6ADD9EACDA634230C10B5F099C76D880","C9EDF348C249E54103114C5D234BB21C6D5CB0A594A0FD658D9AC7CDD4907698326FFF553A8ECA7C9287ECBBC7EF418E890BEE8B74BED0E49D896AA53CA947D3" "C#\Functions\CIPolicyVersion.cs","CIPolicyVersion.cs","9F2ABC9E84B6682FA45C790DD823713EF6A37B86E2DE7FE8D6DFF9E868078D638C83AE08F40195560F52C5A54E4C97E62C1485CEDD95AB455F4FD9F71ED3AFC1","1D38F312F9E718C9450F7D75A73474D2699ACB53B3B5469993623DE0FE68EC3AD2466B23B36A4D5CB452853EA36FD4BA23EBE708B33BF0D1FDC2558C0BE9933D" "C#\Functions\CodeIntegritySigner.cs","CodeIntegritySigner.cs","C5F6E3941997355E842C9AC803DEBC228662C46A72ACFD61969B080E29724074A7703303DD9A24DCA14C66CA0076E6118698A6996C0033364368B5E6339AC57D","DEEE13876A1FBA8B6CE653C0BE80D5A1F1975DFE4EF14C15F7AD56D6212F48F3FEBE62BB756A7150B4A43E01869246C42546639D576E005B2ECDD1A8A8BDBB5E" -"C#\Functions\Crypt32CertCN.cs","Crypt32CertCN.cs","73A5D594A2C438C4FD3614EC870A8862BC3718C4FA948EC5D3598DF65E3FA8208B96CD08F6300F140B886F02EAFD6A4046A5A1EEADAB4111BE3ED7547B17C3A5","BAE38F6A44AFFAFF7A910601E44B3DD12AE16BFCE7D924158FECE2623F696E6763A4CB04700CDFECA6724E884F905C00DC14B7BC3D0314C733F36DA39DEA8723" -"C#\Functions\DebugLogger.cs","DebugLogger.cs","9398BB0E0632F70F8D52496804C0F9B28C90FD8A4D7E49AB39DAFA98553DD893301E86A08C831479B337EA1D03C56311A9EC8E4F26ED7A2BBD3712932E3B13D2","4E15AF352D451CE374A2F983A490645858A72258FD73878B78C00AF9797DDB5AAB6C932E7C8E1222E9CE615F3B1825CC16624690181F056EE784A27FF31586B0" -"C#\Functions\DirectorySelector.cs","DirectorySelector.cs","E59F5159C8D67A771D1C84C8951D2AAD35621744F2EFC9C268ACBE4ED5F2D684CE64518B07F9FB411E0079028732DEABA2ECDC8C772B37CA7D7E0890DB0F2804","DAB79A73AD750FE9DBDF0771D6872351F544D75F8AD6379D1707094CB6A5F2E2978D8B24E9D692CE155AA80CD83AF85F6D1C21285613A344412CCDE753129677" +"C#\Functions\Crypt32CertCN.cs","Crypt32CertCN.cs","2B7F770BF72333291D3BC343F14BB1304FB3DD4622DD90FC1AB80EAA1D2B3E061101A279E1AD64E229BA3DA82A7F34F6034986254B93EDE7CC7DB9E4762291BD","904863B7C5A84AF860E51A494A7A5549E6208556678B3D630155A7F9DC1C41B9A9DCFEA2CD37C168C6AF63BEAD6C7B60398D90A783C3854AD51B64E1F1752642" +"C#\Functions\DebugLogger.cs","DebugLogger.cs","97C5AE3B01342EDA3B3B7E0DDEFE5364A2E57A5DFE94B2E2ED515CE95C23DD020C59DFCD7309FAC3DB10115963EFF7FBEB22A827579BFC3B08C8B2B662998DD3","66989F9934497A2F4B2FD326A404233BCB6AAC59466CA0CC03B7921BFC4C5A8DF18351F8F36EF1E6F51902DC0C22457B99683E39EB7659AC242266EE3BB23302" +"C#\Functions\DirectorySelector.cs","DirectorySelector.cs","BA10DAF2F7E671236EA677E55C2BAE273C6364F2855EEDC2FA34DFAEE55C91A8D0803C5058C8EA6137D9A1D2B89498181E805114C290F1E295907739BF3D339F","6B5B95B8C81D596C90A30924B15A1CED72F657EE3C8129038578253090D55B5BFF7F2C728EB9D7B83F48BDEBECA207ABEC5B2209A597B08DEAE0EF9DDFE00A0D" "C#\Functions\DriveLetterMapper.cs","DriveLetterMapper.cs","34D221FA85ABF10582C8EA13FECFEA481B37FD0AF4C91828B5DAEC67FC53AE2CCD842C13225047E4850D45669C96A630455C9A51ABF08E97BED900D1EB71E76A","74C4882D11EDAB6BF729E76C807F2E2D5FEF411DDF3096EA96E1B35FD087FE818AF31CC61121362B3693BFD5EC82AE8BBF4D8B60AC034849C086552997B4A2E8" -"C#\Functions\EditGUIDs.cs","EditGUIDs.cs","F7E13D2DDFDE311194877EC4DAD22A48BB9857786FE41AE878DC4C11F157D4C137F00106F5A24E66E630AEE01D4A96A4FB9A7FB1DA36A19777DB53AD75296025","1CCD3517831FE5A7C57267AF2EC493DA370812D9EB44717758128FBE855570E7671DE0598E24FD5C6032AC42E591FDFA5430B9F1036B049E8B9B40ECCC738047" -"C#\Functions\EventLogUtility.cs","EventLogUtility.cs","B3C9374B0F5FF373549ACCC724A696C2AEDC503E6D90340D86736E10DBB663C7C1676A828155D4E802ED8EC1562A8A0BF010F5A347ED496042D7AB31723BE401","677AF3BAA33FF10A9130110D254B23938517790376F563EDCD966EA7A507887264288476F3CC4C7671BA78DE0FC19F31259FBE643BA93635FF42DFDF8158C827" -"C#\Functions\FileDirectoryPathComparer.cs","FileDirectoryPathComparer.cs","B985560AFC1CF315EAC15CEBBB2D6BC726240F92766DDD1E68BBC22924F6AEE70085BD4C52EA6D304AA5B00D94197FE4C2A82B129403462E5277F6F9ED9E8467","845B82C6F9873B62CA96DC94F08A49B26D39884D29D33AE786810256A2FF7F8C131C3A9AF24D21DD395589249CB2851771EF3BBF97A60F071FB9CB1B32BE58C9" +"C#\Functions\DriversBlockRulesFetcher.cs","DriversBlockRulesFetcher.cs","5ACC4EF2617E0B33D0891D9D3E4A3B1892B932C2AFF03A0E53863F912CC2A7723FE1247C1D6976A426CFB4B5C329F2BA4F31DD508B17745F6E19F7F856ED3183","FDA51A2F67D436080C928A0AFEB82704AE8477F35877A20800D6C1A885F9DC3A6E7DB4F59833A0E163B2E2B9179D616A01444002C1ED7096438BE51631305B4C" +"C#\Functions\EditGUIDs.cs","EditGUIDs.cs","43DCD5B52E221D453C4EA56B7412E7099539C23C664610F3091A0A498B50EC81D52094A928ACF6FCA38064931C7A18ADD06DFF2581C75D0F61B231A0CA2DF034","FD284259F44990D624EADD686065AF6908ED54885B0B0553B89DFA1E7355A60B2BADDB58562B2A8F3473970E873907238AFB45DB13610657DAD7A56E67D2C56F" +"C#\Functions\EventLogUtility.cs","EventLogUtility.cs","79111BAF7862D9B39F89AB582DE2D93B6C5CB2F0FC226F0CB62A57A4CFB790A38DEDA58F99DF5F2EB822D01D59CE6FC30769CCE42016AC8F2B6FAEBEB678C7F7","E50DA280AD2A5ADE6BFCEC7F2C7A17047C1986AFD250013C96DEBCC09D543A2F8A45B7B105F0FC0358C50A8F1030439292287EDE6A7D2EC29971E2C4D1E16FAF" +"C#\Functions\FileDirectoryPathComparer.cs","FileDirectoryPathComparer.cs","471BA20F58226265093BED70D0D77453EDD8B370B6C37D0E5B025A18E1EBAB2B4C5975B680D9DD9191D2785CDA618BD431353BDFC5660428EDDA83F1A603E6B0","59CDC51C708B2EAA0C3005FED964997B8A5B73599CF7E068DB0E7E2F32889FBCDDE27EC8C50757510EBE7F570F128BC49545FB97AA3D0D769A194872013C2CD5" "C#\Functions\GetExtendedFileAttrib.cs","GetExtendedFileAttrib.cs","A2CEAC8D194F677F74A71985E913919961ADE8DFAB931EF90AC7859212BCA055CBFF2F30E824BEECBC789188D045FBA6940CBFBF21FE23B859E25908CFCD9E73","0E366B43C945BB405268F5BBB931ADCDDD197E68AAB5F19BD43CC9D5D3004236F2B0CEBC4C88E9AB08210DC93583AF1699D816F6EA7F41208055C29E482CBB39" "C#\Functions\GetFilesFast.cs","GetFilesFast.cs","64A9EBC06386EC699310FBAE3172E4D7C9F08E9FA276A864E452B14D09D854B64EB5A1A8F5CBA9A162057BAA4C106504B38EEA783D1A49919DF075EBB48C60A7","394032982FB4C8824B1AC18787035416151A5EA4D4212DC08A292711C24287B4EE4A02A8505AAC4D19983C3E861A30D77CC63D859EFE7B659F3A05BF7F76A329" "C#\Functions\GetOpusData.cs","GetOpusData.cs","145CA1FD2374700BE2C7201D7F63562AB35AB6965A147F6ACE81351F33F810F0E89F4DF92448B8D65FE6B8322185E986E5C5297502520831BF11223AB7BB2624","06606688E242C41AD0DE1F252F1B3DD2E3B3363678FD498676EF261E9EDB872042C4CD2FB41711F537D21997B5AE8F045A0593BDE9350560828110953586D8B5" -"C#\Functions\Initializer.cs","Initializer.cs","99B03FB12AE6B659B11830AB88F57CB7912A9EF4BADC895F46BF5A84208E581985A4192628B577C9558D249F9E33EBC5E878453E85764FB2B4390A1315F863AF","4594C840D867244756334F2824A8A9E3DDF5597BF1A59C77E7CD5ECE6A2ACAB399F19A4E52E3728B4CEBBC8FB87E0CA3798089C506159A65EDA71C8FF927ACD2" -"C#\Functions\LoggerInitializer.cs","LoggerInitializer.cs","C7A128D04B55D892A0D063BE0E5D141B3A8728F3C0466C2ED63C3E3B53F01897CF8C86EEA0C8DC2A8E6CEC9083FDE6323A33900179D6C94D01D0B5016F26BBA3","02FB3CE58D183D0A2FA3C0E5878FF01EC83927253FE51C0D1064C93C694E139A0090488A6281E5B5DA8AC99AFE8D7B8ADD990CE4906DD2CF6A5C6D464E5919A0" +"C#\Functions\Initializer.cs","Initializer.cs","E866652E2CF83D184ACACF6D5A662E3255D4387A2DB3BA0AFA7F3F2A22BEAF8CFC483AF996855FB945F08EAB2A140BD496289AD6B9CD19C275F1DBB66BD686F0","BDF07C125CBF598BF0ED9216830107456857AA8ABC5A90EFACCC07902E8A048F70134B090A16B082554892A9FFD86EFD595024F3EA13AEB6BB44F16C92B84C3E" +"C#\Functions\LoggerInitializer.cs","LoggerInitializer.cs","255445B30B648557C5903F12EA1E37B30A9AE69A7940C32B7918526D9F16D5A92D6672A2EEB4F05D3C007A45FE20E66B28D005442AA561C8056D7FE0432BBFC2","B534CC88614995CD999F53FFD529B45AC212E2CBFF8405FA5CF2E91ED118C45881CAC766B1DE8C623C5FEEBFF6DF329D8EFD17A41A6E6C676EDB1081B99D400E" "C#\Functions\MeowOpener.cs","MeowOpener.cs","A51A1AB7C9227AD6E1C4F395733A7151AEFE7A32AF67B0AF34F0DB113C77F53D9656D8D22DD78E0BFCEF85C505985572EEEFE9C0489EB25B3B49152E3E48ACB5","345050C7BA4B6D0B024641A1D03ECC32E2A90F7031914EA214072061A8D2891484F0F4D12292289AE0240C83078BB1B826633E2F325A28818705EECC80EEEAAF" -"C#\Functions\MoveUserModeToKernelMode.cs","MoveUserModeToKernelMode.cs","528C44AC6C3C4FBF2258F71234A795B9BC7323C144725A2A1F0CE2FD9D4F4BBD59E473F73951BC9E64235794563F3F46AA4F470465C16BEF6643F526FA91B8B9","A9B23AEDD46CD92A2808B579A1CE9677CEAFE2FC4B1FF914187F15531617C3BEDC972AEAFA8FCE4391BD79FA475776C4227B4BB5F178224839E3234A4257C27B" -"C#\Functions\PageHashCalc.cs","PageHashCalc.cs","AA1E450832B4AC8BAA1ADE4C256DB90D2A032C44EC6FA7298E26E1BA0CB5543C74DC6BD99232C5271D5436457C10F6962415C73BFC05A73A5B35EAF647AB834F","9CF74C32FB55458B45049E2B891C13D070A18AFEEC2F30AFAE3C1560355B279BC243C8792D3CB17FEF52E1D0AB95CE9AE0042CDE189174E83FA855B956A4F424" +"C#\Functions\MoveUserModeToKernelMode.cs","MoveUserModeToKernelMode.cs","A4A386CBB3ABF507BDE9D0A9EDAEACB1F67C65DF7D1A6766456F9988958ACDA3D7D693F3A39ADECF8D82E79A46F6EC5C3F868B615387E65E0982128737D3064F","F61044BDC270FF512AF73775FA7A6636C2796CF29D24412760FFA86C60CE3D53F11E13AB21AD22B005559EA1C444D5F20D0BCC22490AD6BE3A9F728A83BA2C59" +"C#\Functions\PageHashCalc.cs","PageHashCalc.cs","90370F579A9A17AD04C0CEAAB3B15BA7A8B0101520178CD73B7C4DDBAF471FE31191A6DC468AADDDC8A10AC2395A2F3D722228C9259246E882431085DD68DAE2","C701C7A53D93A7B601D2BFFBCD0B18C2FB359D5CF6D0E9581B1C287AF2FB29D2F2F8332FE820BEF4995AA1861C62AFEBAC6A06DE9A7C94365A8C292E6E405597" "C#\Functions\SecureStringComparer.cs","SecureStringComparer.cs","3FE4DD0A2B3067B0DF49D68D8D96F2694EB7C125F19CD3B884B0D3FA32A6BEBB7E7BE99E689F643F4BD5793CD4F78AAE920FEA0D37E0B22A4ED873BDF6391FA2","54E63D84A02150CCE561CC22CA283F833282D83CDCE01FAD10D0024A0306DB8AF15928E4AB80F7553DC61640B705ED1411A8B7FDA3C2820499308439008856A1" "C#\Functions\StagingArea.cs","StagingArea.cs","D74738BBB6EA15A5637F5610AAED16747E309C438A6BCC840681CFB029794A9B127EF481E58200B3BC3B1AE8F95BBFBA4C7DBCB13A7344DF22A28ACC9989B6D0","32260B2D60E5860D9D2E65F68E1F4F725814DED1F2EA54AB03D564DCFBCDD1C4E17862E46C2381112C2741A8789BF30221B806299F45A80E0BA5C31C1FB6A13B" -"C#\Functions\TestCiPolicy.cs","TestCiPolicy.cs","922EFE503C2E11A71A1D1409B2AB40116B48D41AFAECC6BE68054B350463224493F7DDA14EC53EC8090312C2EAD0B071148064793227418E63805FA947A0739A","53903153FCAFB2D6F6D8946DE9B45C01416E6B2311EA366181E6EF8B643CFC28113396CA48EE8510D185E38094DDE547064A3BE094DBDAADED91963E86C30695" -"C#\Functions\VerboseLogger.cs","VerboseLogger.cs","4E60A1C98E1F5902002917B4109CDC023BA2C25B30D525FADFFA69AE5C89027B85A2DD3E56586A7F44095B683315AE0A5051D2578E32FDACE4F21176210458B9","F23CB4DAD2A1E86037432FFE2E6181FA87A7BF83C48E8A1A9CD35FC0AFE4803788F68D12213C001ECEC4D77ACFE42EBF4FDD7797C6C62727F51FDBC9784D3BA0" +"C#\Functions\TestCiPolicy.cs","TestCiPolicy.cs","D84649D5A154F7E8ADFB67A465EC9CACA053C1F76C665EDA1687D5ED5E48F5F99FC9FA8A53F266AC45D3BD68B847AD5F1241E2780AB9504C67BACBCE053E6D75","7F844331077CA51F1D0491EE4C00D0156D6E9889E4EA50B601F7FEEFC5FA4285F73E6A0FE3202DD5465A9DF1CBCCCA7C33958009969EB5B1EE4CE47240B9C49F" +"C#\Functions\VerboseLogger.cs","VerboseLogger.cs","6B15A63B0BDEB67FF7C722B4528945B2FE1A05949AE9CB4C142CECA56A2E71355B601FF0C41A5A90188EC6892496C39780FF067B896FBDA3CC6CB0FE0D304CEF","9552A29A7F29A79C1D506269FA28A8B6070DC5FDFF0628533CB7E75332A54F574E51909AEBCC9D14A0472F589B1C98F1E1340CC22ABCC5647D2603B53D4DD34E" "C#\Functions\VersionIncrementer.cs","VersionIncrementer.cs","B25F56A32878CFCF929ACF284B727D40F79B6EC4E3FCC8886D0985A6B6B4BBBEFDA58811A3BE0E639423DB2185178184102323099B9849E18D56D47EBF969412","C3EC31668709003F0742F81A4EF0114029773E26C8F50FD15C15D91AC84799A9D4D5248E5BDD77444FF37A1A576A64C51B031CC1136E0E57D3022BA7C0BDBB16" "C#\Functions\WldpQuerySecurityPolicy.cs","WldpQuerySecurityPolicy.cs","EBB5AA457E1C37D1C77D1502892E1E9392C513BBF726273C45EA4527780F9CC255843301E5C46B9D95AAE3B1B350830C9AAC9CA0D3CA7EDB9C3F89BAD1D557B3","FDAB8254D6F1B758CB2A698934D34920BA54F93439446D65D47DDF73EAA8258292937521A966453E7A0691C6F9578AF5907C24B69FBDFF8CD9CBC02E1133E75D" -"C#\Functions\XmlFilePathExtractor.cs","XmlFilePathExtractor.cs","D86EEDC7C84F8FD9F3D261D4F016633BC1CCDB6F31A16A4902D435A32E7D26386123BF39FB4FCA855E6209A300B0F15CEA284378C493C7EDF83FC447369BF99C","4FDFF6AE06D1AA7B582B505EFFABEB32E751D98834C3E71A18974CABF9600E432471F4740EE33E224E413F6FB4B1712E5C334397311C4B43A92AA66EFBD0282C" -"C#\Variables\CILogIntel.cs","CILogIntel.cs","27DF37FA04F314EDD03FB53A217FA8CF8947A421D9913F263210CE5CAEB11F7BB7B0034F01D62168F7DBAF8E1A58D5E7F800FF3D72A635377E0B476A660210A5","22A5807102AB288661D4C912C24A85017ECC4B6D574AB00ED073F804D1E3988A0B2A09E4EFA923F00C1E2F1ED2E989B4373C6D7AD33B09D666E913B2BDF02593" -"C#\Variables\GlobalVariables.cs","GlobalVariables.cs","0D2C08D5CBC0F6C0A2DA291CF0767A030AB1F8FF5A84C408767CB434815932F075F1D14AD635944541DD5AAC5247C1F7A714F60E9BBCD2C2B040712777CCE196","00268B3B2B57FC71C6BCCDCA7847E70C771EFA5284F4B6667195EDF034C84782D87A823C3CE6937EF62EFBE2D624696B661C0B17EC900C49E961F2F7320A42ED" -"C#\XMLOps\SignerAndHashBuilder.cs","SignerAndHashBuilder.cs","CAC87FBDA10DE0BF04625D07139CABD63559B7FCAC3A7516F38E476301515FE1811B27D707BACD8BACC0C34E5B3A097C8FE6759C2F40AF68568C2B9CB2DBE9CC","9E6CCE9B1832321620A36E8D36550D3079D3A0CF7739870E5FA475F86E890F1648CC9AF9A17AD56F416141AA3B7A6BB43029111F245F55B11D50223E1AEB31C6" +"C#\Functions\XmlFilePathExtractor.cs","XmlFilePathExtractor.cs","12E8F8E858B0D7BEB9D3C573AAE9C04C49B9317E8EFFF50164847A059ECA0EBE1C19BFE80508EBD27BE90047D82076FE4A1F9DCF116A123DDDE84542A1881D2F","F4A94385995CAB3EA8BCA763D0F6BB3CA214017B2033DC1AF3958F888710F297F8643250AAB9460FE101B56501D756253B461251E1A67634915BE0A13451FE69" +"C#\Variables\CILogIntel.cs","CILogIntel.cs","FE3A9BF2148FAD268062C4F34F146C0CD84ACE5FDBC01933C93BAA2012B2EFDCD4106DE080DC81C973917091359F11583A38DADDC33D50313A66F295CC59A9B2","B417E747877FB0257454C8721B8A66725488D209B38578AD36FB16E5BBA375D9AD27CC5BDAE940C9B3F3422E1CDAD78DC63833E0FD52E160CD4549DFB8225CF5" +"C#\Variables\GlobalVariables.cs","GlobalVariables.cs","F585CF38EC82C083C5C525C936E13638C70331B3E993B9AB5BA2379F2EB19D55CE6DAC7AC26AAE37BF19C1684972B0A1FF4C05B3D1784917AD76069162DE8279","D5DBAD92A86E8B9CA8B0BACC4A2F9AC3EB39148CD9BBD514D49A0468245BE4FE13BE020C467FB2F653A33BA87D5A6DA12EE067C1E8A001B437FF94B164ED924D" +"C#\XMLOps\SignerAndHashBuilder.cs","SignerAndHashBuilder.cs","048CECDE1BF9F392882ECF59B25FE92D2E0E891161E017316098A899B5ABAB4D4C3333DBF0485065346BAF4E9A96058C858D970E6B2C85D0E06AD36B33BA9F1C","B3BAB231F8B2A7B3E16E0E53438677B3980C74B2D258443DCBD9BB051C49DE74DB3DF52F8D6709280320E9703B2C23E35EB8834852BE3281452F73ACDA18D75E" "Resources\User Configurations\Schema.json","Schema.json","9A20EF0148D298178B35C1AAB961C46AF62BBCC0BB0DCCBE63F2FE08E0A764406267449CDD686A01F85650622DA6E690D12FBB88BB3A7E070BA58C1AF8FBC813","D9D8391DAA994B8AE33433070A9438B4EAE5EFF4E00652E26A7C19870211B092991F6C4A8577D31255016369F4C5956A34A0404B78CB091AABC1043833C5CF79" "Resources\WDAC Policies\DefaultWindows_Enforced_Kernel.xml","DefaultWindows_Enforced_Kernel.xml","846663A7B0CAD90A2305F3C3322D6C2CFA6277B7E4B083CB478FF409DB29A7D0D71318845B884518B8D2F87B66A5EA327D4EB2D39A9707D1EE41B0237812FFD6","4D1EFC2EC8AE373A7FDA3BC8666BF41A2D603FE150FA6F755439A6B1EF7352EAC687EED61888AB4478123D8A5BD7B3CD22BB48EB9192ACF3E75F4F917C8A1A64" "Resources\WDAC Policies\DefaultWindows_Enforced_Kernel_NoFlights.xml","DefaultWindows_Enforced_Kernel_NoFlights.xml","7E4BC35A3F0840C8F3921FB260CE84660DC3CAACB7850A1AEF13AFC48B0E069D27562C5632444926BF60B44A0E0FF522D0215F1F7DD5E1A7E51A45E86AB7F44C","A50C9102ABF310CB5A0AE062E29EC45390C0DF192AA62E0F428804A0C9F0BBA704D22BFC41956886AFCA4342A64B91B30A6F2EA4DA0FAC2CF0367B3B46290706" "Resources\WDAC Policies-Archived\DefaultWindows_Enforced_Kernel.xml","DefaultWindows_Enforced_Kernel.xml","BDC7B623386570F383B4A113BF06C7FF6A5A4271AFE572B5D68EEBC161CD650B62E70636527DFBEF09A8F95E66899CEEC424AA22CD00BBEF6D7888759D812F8D","6AD8A2005DC250814353E9006A9B03F2F6E7633877C8590130A24985965C1C7F58AB1A40C00B0A9F7D80BAFBFFB1FC5091931FA1FF732DFB3AF321CEB7DAAD08" "Resources\WDAC Policies-Archived\DefaultWindows_Enforced_Kernel_NoFlights.xml","DefaultWindows_Enforced_Kernel_NoFlights.xml","D02BCCFA3C35E179A634AFCDE04259C43F8FBD619A4D0D2F7BAC1A8A9FBC58D3EBC7EE89B1B2EC6B3C17BD6EC38ADB501B271AEA3037B980D10EAB9AFA3B8308","046CF9A95CCF5288AF1D2BCFAB91E1CB3FB767A9E5B4131CEA4F4CBD4CD21AD36332AC304AA2E06D4509E77BD07309AB5EDC9978E84F51FFA4169D1CABBAB319" "Resources\WDAC Policies-Archived\Readme.md","Readme.md","66F9B622C333505E782F1AF1509BFBDABF1AD5167042064593FEEA5245D6CFAFE60DBDA5231D600D4157BC424E49F77D33302CE77B79D1D30CA8E29ECFDB31F1","80E8A8638027931E613409A3F80847EAF0D929D382A3A8FD996E6152FA25591CAE9D06AA7E5E3D7B4CCD38E912CEA0B22A1AAE8BA34DD00D202852ADE673493F" -"C#\Functions\WDAC Simulation\GetFileRuleOutput.cs","GetFileRuleOutput.cs","5BCD95BE48DCCF112977EDC4E1476BAE66F66B4E09DD3E1112C9AEC13292BE631C94B9F809FBAB3E62BE4E597C0DFF30729C738EFB520BFAA64B659952CFC323","96C8FCC456E0584F31B42393946834E098EB7B0F1A0995C25006B0E5FA55EC8ECE7CE04857471F1B5902A932CB8993104CD2F66B886538770CEE7864310F0364" +"C#\Functions\WDAC Simulation\GetFileRuleOutput.cs","GetFileRuleOutput.cs","BF3CF4DEC35E4AE008CE1FA4EFDFE05988B6B4D05F26C14E3752A5F65083EB08BD1C244D57CD4EAC8078510E8A49045E8E4C300B162E18E182CFC5021B0FAF76","1DF5BE320326A38ED02ECD625F74509B2FBDE2EB3654F46996691123B7CD3FEF6943AF3D948EEE9A9450888828003F5F28719D1B2EAE937CD329F0F908894B0F" diff --git a/WDACConfig/WDACConfig Module Files/.NETAssembliesToLoad.txt b/WDACConfig/WDACConfig Module Files/.NETAssembliesToLoad.txt index 4bd83adf3..8ba5e0dc0 100644 --- a/WDACConfig/WDACConfig Module Files/.NETAssembliesToLoad.txt +++ b/WDACConfig/WDACConfig Module Files/.NETAssembliesToLoad.txt @@ -4,6 +4,7 @@ System.Xml System.Linq System.Memory System.Console +System.Net.Http System.Xml.Linq System.Text.Json System.Management @@ -19,6 +20,7 @@ System.Diagnostics.Process System.Diagnostics.EventLog System.Security.Cryptography System.Management.Automation +System.IO.Compression.zipfile System.Collections.NonGeneric System.Text.RegularExpressions System.Runtime.InteropServices diff --git a/WDACConfig/WDACConfig Module Files/C#/ArgumentCompleters/ArgumentCompleterAttribute.cs b/WDACConfig/WDACConfig Module Files/C#/ArgumentCompleters/ArgumentCompleterAttribute.cs index f63a23cde..a848b8691 100644 --- a/WDACConfig/WDACConfig Module Files/C#/ArgumentCompleters/ArgumentCompleterAttribute.cs +++ b/WDACConfig/WDACConfig Module Files/C#/ArgumentCompleters/ArgumentCompleterAttribute.cs @@ -1,10 +1,10 @@ using System; using System.Collections; using System.Collections.Generic; +using System.Linq; using System.Management.Automation; using System.Management.Automation.Language; using System.Windows.Forms; -using System.Linq; #nullable enable diff --git a/WDACConfig/WDACConfig Module Files/C#/ArgumentCompleters/BasePolicyNamez.cs b/WDACConfig/WDACConfig Module Files/C#/ArgumentCompleters/BasePolicyNamez.cs index 2903a19b9..677e23385 100644 --- a/WDACConfig/WDACConfig Module Files/C#/ArgumentCompleters/BasePolicyNamez.cs +++ b/WDACConfig/WDACConfig Module Files/C#/ArgumentCompleters/BasePolicyNamez.cs @@ -1,9 +1,7 @@ using System; +using System.Collections.Generic; using System.Diagnostics; using System.Text.Json; -using System.Collections.Generic; -using System.Management.Automation; -using System.Globalization; #nullable enable @@ -24,33 +22,35 @@ public string[] GetValidValues() CreateNoWindow = true }; - Process process = new Process { StartInfo = startInfo }; - process.Start(); + using (Process process = new Process { StartInfo = startInfo }) + { + process.Start(); - string jsonOutput = process.StandardOutput.ReadToEnd(); - process.WaitForExit(); + string jsonOutput = process.StandardOutput.ReadToEnd(); + process.WaitForExit(); - // Parse the JSON output - JsonDocument jsonDoc = JsonDocument.Parse(jsonOutput); - JsonElement policiesElement = jsonDoc.RootElement.GetProperty("Policies"); + // Parse the JSON output + JsonDocument jsonDoc = JsonDocument.Parse(jsonOutput); + JsonElement policiesElement = jsonDoc.RootElement.GetProperty("Policies"); - List validValues = new List(); + List validValues = new List(); - foreach (JsonElement policyElement in policiesElement.EnumerateArray()) - { - bool isSystemPolicy = policyElement.GetProperty("IsSystemPolicy").GetBoolean(); - string? policyId = policyElement.GetProperty("PolicyID").GetString(); - string? basePolicyId = policyElement.GetProperty("BasePolicyID").GetString(); - string? friendlyName = policyElement.GetProperty("FriendlyName").GetString(); - - // Use ordinal, case-insensitive comparison for the policy IDs - if (!isSystemPolicy && string.Equals(policyId, basePolicyId, StringComparison.OrdinalIgnoreCase) && friendlyName != null) + foreach (JsonElement policyElement in policiesElement.EnumerateArray()) { - validValues.Add(friendlyName); + bool isSystemPolicy = policyElement.GetProperty("IsSystemPolicy").GetBoolean(); + string? policyId = policyElement.GetProperty("PolicyID").GetString(); + string? basePolicyId = policyElement.GetProperty("BasePolicyID").GetString(); + string? friendlyName = policyElement.GetProperty("FriendlyName").GetString(); + + // Use ordinal, case-insensitive comparison for the policy IDs + if (!isSystemPolicy && string.Equals(policyId, basePolicyId, StringComparison.OrdinalIgnoreCase) && friendlyName != null) + { + validValues.Add(friendlyName); + } } - } - return validValues.ToArray(); + return validValues.ToArray(); + } } } } diff --git a/WDACConfig/WDACConfig Module Files/C#/ArgumentCompleters/CertCNz.cs b/WDACConfig/WDACConfig Module Files/C#/ArgumentCompleters/CertCNz.cs index c5b0502fa..8976146d1 100644 --- a/WDACConfig/WDACConfig Module Files/C#/ArgumentCompleters/CertCNz.cs +++ b/WDACConfig/WDACConfig Module Files/C#/ArgumentCompleters/CertCNz.cs @@ -1,9 +1,10 @@ using System; using System.Collections.Generic; -using System.Management.Automation; using System.Linq; using System.Security.Cryptography.X509Certificates; +#nullable enable + namespace WDACConfig { // Argument completer and ValidateSet for CertCNs diff --git a/WDACConfig/WDACConfig Module Files/C#/ArgumentCompleters/RuleOptionsx.cs b/WDACConfig/WDACConfig Module Files/C#/ArgumentCompleters/RuleOptionsx.cs index 3cd9ed054..86b8b7cb6 100644 --- a/WDACConfig/WDACConfig Module Files/C#/ArgumentCompleters/RuleOptionsx.cs +++ b/WDACConfig/WDACConfig Module Files/C#/ArgumentCompleters/RuleOptionsx.cs @@ -43,6 +43,11 @@ public string[] GetValidValues() } } + if (WDACConfig.GlobalVars.ModuleRootPath == null) + { + throw new Exception("ModuleRootPath is null!"); + } + // Construct the full path to PolicyRuleOptions.Json string jsonFilePath = Path.Combine(WDACConfig.GlobalVars.ModuleRootPath, "Resources", "PolicyRuleOptions.Json"); diff --git a/WDACConfig/WDACConfig Module Files/C#/ArgumentCompleters/ScanLevelz.cs b/WDACConfig/WDACConfig Module Files/C#/ArgumentCompleters/ScanLevelz.cs index 56e9219be..ddb0bc904 100644 --- a/WDACConfig/WDACConfig Module Files/C#/ArgumentCompleters/ScanLevelz.cs +++ b/WDACConfig/WDACConfig Module Files/C#/ArgumentCompleters/ScanLevelz.cs @@ -1,6 +1,3 @@ -using System; -using System.Management.Automation; - #nullable enable namespace WDACConfig diff --git a/WDACConfig/WDACConfig Module Files/C#/Custom Types/AuthenticodePageHashes.cs b/WDACConfig/WDACConfig Module Files/C#/Custom Types/AuthenticodePageHashes.cs index 4b2e6333e..709e93884 100644 --- a/WDACConfig/WDACConfig Module Files/C#/Custom Types/AuthenticodePageHashes.cs +++ b/WDACConfig/WDACConfig Module Files/C#/Custom Types/AuthenticodePageHashes.cs @@ -1,17 +1,15 @@ -using System; - #nullable enable namespace WDACConfig { public class AuthenticodePageHashes { - public string SHA1Page { get; set; } - public string SHA256Page { get; set; } - public string SHa1Authenticode { get; set; } - public string SHA256Authenticode { get; set; } + public string? SHA1Page { get; set; } + public string? SHA256Page { get; set; } + public string? SHa1Authenticode { get; set; } + public string? SHA256Authenticode { get; set; } - public AuthenticodePageHashes(string sha1Page, string sha256Page, string sha1Authenticode, string sha256Authenticode) + public AuthenticodePageHashes(string? sha1Page, string? sha256Page, string? sha1Authenticode, string? sha256Authenticode) { SHA1Page = sha1Page; SHA256Page = sha256Page; diff --git a/WDACConfig/WDACConfig Module Files/C#/Custom Types/CertificateSignerCreator.cs b/WDACConfig/WDACConfig Module Files/C#/Custom Types/CertificateSignerCreator.cs index b6129ddca..f529662a1 100644 --- a/WDACConfig/WDACConfig Module Files/C#/Custom Types/CertificateSignerCreator.cs +++ b/WDACConfig/WDACConfig Module Files/C#/Custom Types/CertificateSignerCreator.cs @@ -1,5 +1,3 @@ -using System; - #nullable enable namespace WDACConfig diff --git a/WDACConfig/WDACConfig Module Files/C#/Custom Types/FileBasedInfoPackage.cs b/WDACConfig/WDACConfig Module Files/C#/Custom Types/FileBasedInfoPackage.cs index e77835e45..5baeefdc7 100644 --- a/WDACConfig/WDACConfig Module Files/C#/Custom Types/FileBasedInfoPackage.cs +++ b/WDACConfig/WDACConfig Module Files/C#/Custom Types/FileBasedInfoPackage.cs @@ -1,4 +1,3 @@ -using System; using System.Collections.Generic; #nullable enable diff --git a/WDACConfig/WDACConfig Module Files/C#/Custom Types/FilePublisherSignerCreator.cs b/WDACConfig/WDACConfig Module Files/C#/Custom Types/FilePublisherSignerCreator.cs index 5b36b2c37..d07140847 100644 --- a/WDACConfig/WDACConfig Module Files/C#/Custom Types/FilePublisherSignerCreator.cs +++ b/WDACConfig/WDACConfig Module Files/C#/Custom Types/FilePublisherSignerCreator.cs @@ -19,7 +19,18 @@ public class FilePublisherSignerCreator public string? AuthenticodeSHA1 { get; set; } public int SiSigningScenario { get; set; } - public FilePublisherSignerCreator(List certificateDetails, Version fileVersion, string fileDescription, string internalName, string originalFileName, string packageFamilyName, string productName, string fileName, string authenticodeSHA256, string authenticodeSHA1, int siSigningScenario) + public FilePublisherSignerCreator( + List certificateDetails, + Version fileVersion, + string? fileDescription, + string? internalName, + string? originalFileName, + string? packageFamilyName, + string? productName, + string? fileName, + string? authenticodeSHA256, + string? authenticodeSHA1, + int siSigningScenario) { CertificateDetails = certificateDetails; FileVersion = fileVersion; diff --git a/WDACConfig/WDACConfig Module Files/C#/Custom Types/PublisherSignerCreator.cs b/WDACConfig/WDACConfig Module Files/C#/Custom Types/PublisherSignerCreator.cs index d083421ea..5266016da 100644 --- a/WDACConfig/WDACConfig Module Files/C#/Custom Types/PublisherSignerCreator.cs +++ b/WDACConfig/WDACConfig Module Files/C#/Custom Types/PublisherSignerCreator.cs @@ -1,14 +1,15 @@ -using System; using System.Collections.Generic; +#nullable enable + namespace WDACConfig { public class PublisherSignerCreator { public List CertificateDetails { get; set; } - public string FileName { get; set; } - public string AuthenticodeSHA256 { get; set; } - public string AuthenticodeSHA1 { get; set; } + public string? FileName { get; set; } + public string? AuthenticodeSHA256 { get; set; } + public string? AuthenticodeSHA1 { get; set; } public int SiSigningScenario { get; set; } public PublisherSignerCreator(List certificateDetails, string fileName, string authenticodeSHA256, string authenticodeSHA1, int siSigningScenario) diff --git a/WDACConfig/WDACConfig Module Files/C#/Custom Types/Signer.cs b/WDACConfig/WDACConfig Module Files/C#/Custom Types/Signer.cs index 0d467b284..e8bdd38fe 100644 --- a/WDACConfig/WDACConfig Module Files/C#/Custom Types/Signer.cs +++ b/WDACConfig/WDACConfig Module Files/C#/Custom Types/Signer.cs @@ -1,4 +1,3 @@ -using System; using System.Collections.Generic; #nullable enable diff --git a/WDACConfig/WDACConfig Module Files/C#/Functions/AllCertificatesGrabber.cs b/WDACConfig/WDACConfig Module Files/C#/Functions/AllCertificatesGrabber.cs index 3f6ea0b35..9a659dadb 100644 --- a/WDACConfig/WDACConfig Module Files/C#/Functions/AllCertificatesGrabber.cs +++ b/WDACConfig/WDACConfig Module Files/C#/Functions/AllCertificatesGrabber.cs @@ -4,6 +4,8 @@ using System.Security.Cryptography.Pkcs; using System.Security.Cryptography.X509Certificates; +#nullable enable + // The following functions and methods use the Windows APIs to grab all of the certificates from a signed file namespace WDACConfig.AllCertificatesGrabber @@ -160,7 +162,7 @@ public class WinTrustData public uint StateAction = StateActionVerify; // State action for trust verification public IntPtr StateData = IntPtr.Zero; // Pointer to state data [MarshalAs(UnmanagedType.LPTStr)] - private string URLReference; // URL reference for trust verification + private string? URLReference; // URL reference for trust verification public uint ProvFlags = 4112; // Provider flags for trust verification public uint UIContext; // UI context for trust verification public IntPtr pSignatureSettings; // Pointer to signature settings @@ -201,7 +203,7 @@ internal static extern bool CryptMsgGetParam( IntPtr hCryptMsg, int dwParamType, int dwIndex, - byte[] pvData, + byte[]? pvData, ref int pcbData ); } @@ -235,7 +237,7 @@ public static List GetAllFileSigners(string FilePath) do { - WinTrustData TrustedData = null; // Declare a WinTrustData structure variable + WinTrustData? TrustedData = null; // Declare a WinTrustData structure variable IntPtr winTrustDataPointer = IntPtr.Zero; // Pointer to WinTrustData structure try @@ -260,7 +262,18 @@ public static List GetAllFileSigners(string FilePath) // Check signature settings and process the signer's certificate if (maxSigners == uint.MaxValue) { - maxSigners = ((WinTrustSignatureSettings)Marshal.PtrToStructure(TrustedData.pSignatureSettings, typeof(WinTrustSignatureSettings))).SecondarySignersCount; + // First, checking if TrustedData.pSignatureSettings is not IntPtr.Zero (which means it is not null) + if (TrustedData.pSignatureSettings != IntPtr.Zero) + { + // Using the generic overload of Marshal.PtrToStructure for better type safety and performance + var signatureSettings = Marshal.PtrToStructure(TrustedData.pSignatureSettings); + + // Ensuring that the structure is not null before accessing its members + if (signatureSettings != null) + { + maxSigners = signatureSettings.SecondarySignersCount; + } + } } // If the certificate is expired, continue to the next iteration @@ -280,7 +293,8 @@ public static List GetAllFileSigners(string FilePath) if (TrustedData.StateData != IntPtr.Zero) { // Get provider data from state data - CryptProviderData providerData = (CryptProviderData)Marshal.PtrToStructure(WTHelperProvDataFromStateData(TrustedData.StateData), typeof(CryptProviderData)); + CryptProviderData providerData = Marshal.PtrToStructure(WTHelperProvDataFromStateData(TrustedData.StateData)); + int pcbData = 0; // Size of data in bytes // https://learn.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-cryptmsggetparam @@ -323,7 +337,8 @@ public static List GetAllFileSigners(string FilePath) else { // Otherwise, get the CryptProviderSigner structure from pasSigners pointer - CryptProviderSigner signer = (CryptProviderSigner)Marshal.PtrToStructure(providerData.pasSigners, typeof(CryptProviderSigner)); + // Using the generic overload to marshal the structure for better performance and type safety + CryptProviderSigner signer = Marshal.PtrToStructure(providerData.pasSigners); // Initialize X509Chain with the pChainContext from the signer structure certificateChain = new X509Chain(signer.pChainContext); @@ -337,12 +352,15 @@ public static List GetAllFileSigners(string FilePath) } finally { - // Set StateAction to close the WinTrustData structure - TrustedData.StateAction = StateActionClose; + if (TrustedData != null) + { + // Set StateAction to close the WinTrustData structure + TrustedData.StateAction = StateActionClose; - // Convert TrustedData back to pointer and call WinVerifyTrust to close the structure - Marshal.StructureToPtr(TrustedData, winTrustDataPointer, false); - WinVerifyTrust(IntPtr.Zero, GenericWinTrustVerifyActionGuid, winTrustDataPointer); + // Convert TrustedData back to pointer and call WinVerifyTrust to close the structure + Marshal.StructureToPtr(TrustedData, winTrustDataPointer, false); + WinVerifyTrust(IntPtr.Zero, GenericWinTrustVerifyActionGuid, winTrustDataPointer); + } // Free memory allocated to winTrustDataPointer Marshal.FreeHGlobal(winTrustDataPointer); diff --git a/WDACConfig/WDACConfig Module Files/C#/Functions/AuthenticodeHashCalc.cs b/WDACConfig/WDACConfig Module Files/C#/Functions/AuthenticodeHashCalc.cs index 84a67806e..b2ba4d89b 100644 --- a/WDACConfig/WDACConfig Module Files/C#/Functions/AuthenticodeHashCalc.cs +++ b/WDACConfig/WDACConfig Module Files/C#/Functions/AuthenticodeHashCalc.cs @@ -1,8 +1,10 @@ using System; +using System.Globalization; +using System.IO; using System.Runtime.InteropServices; using System.Text; -using System.IO; -using System.Globalization; + +#nullable enable namespace WDACConfig { @@ -58,7 +60,7 @@ public static WDACConfig.AuthenticodePageHashes GetCiFileHashes(string filePath) ); } - private static string GetAuthenticodeHash(string filePath, string hashAlgorithm) + private static string? GetAuthenticodeHash(string filePath, string hashAlgorithm) { // A StringBuilder object to store the hash value as a hexadecimal string StringBuilder hashString = new StringBuilder(64); diff --git a/WDACConfig/WDACConfig Module Files/C#/Functions/CertificateHelper.cs b/WDACConfig/WDACConfig Module Files/C#/Functions/CertificateHelper.cs index 14b3c21d4..06e9795e2 100644 --- a/WDACConfig/WDACConfig Module Files/C#/Functions/CertificateHelper.cs +++ b/WDACConfig/WDACConfig Module Files/C#/Functions/CertificateHelper.cs @@ -1,8 +1,7 @@ using System; -using System.Collections.Generic; +using System.Formats.Asn1; using System.Security.Cryptography; using System.Security.Cryptography.X509Certificates; -using System.Formats.Asn1; #nullable enable @@ -89,19 +88,21 @@ public static string GetTBSCertificate(X509Certificate2 cert) throw new Exception($"No handler for algorithm {algorithmOid}"); } - // Compute the hash of the TBS value using the hash function - byte[] hash = hashFunction.ComputeHash(tbsCertificate.ToArray()); + using (hashFunction) + { + // Compute the hash of the TBS value using the hash function + byte[] hash = hashFunction.ComputeHash(tbsCertificate.ToArray()); - // Convert the hash to a hex string - string hexStringOutput = BitConverter.ToString(hash).Replace("-", "", StringComparison.OrdinalIgnoreCase); + // Convert the hash to a hex string + string hexStringOutput = BitConverter.ToString(hash).Replace("-", "", StringComparison.OrdinalIgnoreCase); - return hexStringOutput; + return hexStringOutput; + } } public static string ConvertHexToOID(string hex) // Converts a hexadecimal string to an OID // Used for converting hexadecimal values found in the EKU sections of the WDAC policies to their respective OIDs. - { if (string.IsNullOrEmpty(hex)) { diff --git a/WDACConfig/WDACConfig Module Files/C#/Functions/CiPolicyUtility.cs b/WDACConfig/WDACConfig Module Files/C#/Functions/CiPolicyUtility.cs index a6bcd9413..dd41ade49 100644 --- a/WDACConfig/WDACConfig Module Files/C#/Functions/CiPolicyUtility.cs +++ b/WDACConfig/WDACConfig Module Files/C#/Functions/CiPolicyUtility.cs @@ -72,7 +72,6 @@ public static void CopyCiRules(string sourceFilePath, string destinationFilePath XmlNode importedRulesNode = destinationXmlDoc.ImportNode(sourceRulesNode, true); destinationSiPolicyNode.ReplaceChild(importedRulesNode, destinationRulesNode); - // Save the modified XML file destinationXmlDoc.Save(destinationFilePath); } } diff --git a/WDACConfig/WDACConfig Module Files/C#/Functions/Crypt32CertCN.cs b/WDACConfig/WDACConfig Module Files/C#/Functions/Crypt32CertCN.cs index b2977bfd3..b3ab9f49b 100644 --- a/WDACConfig/WDACConfig Module Files/C#/Functions/Crypt32CertCN.cs +++ b/WDACConfig/WDACConfig Module Files/C#/Functions/Crypt32CertCN.cs @@ -26,7 +26,7 @@ int cchNameString public const int CERT_NAME_ISSUER_FLAG = 0x1; // Flag indicating that the issuer name should be retrieved // Define a helper method to get the name string - public static string GetNameString(IntPtr pCertContext, int dwType, string pvTypePara, bool isIssuer) + public static string GetNameString(IntPtr pCertContext, int dwType, string? pvTypePara, bool isIssuer) { // Allocate a buffer for the name string, setting it big to handle longer names if needed const int bufferSize = 1024; diff --git a/WDACConfig/WDACConfig Module Files/C#/Functions/DebugLogger.cs b/WDACConfig/WDACConfig Module Files/C#/Functions/DebugLogger.cs index 06cad352b..3ba9d52d9 100644 --- a/WDACConfig/WDACConfig Module Files/C#/Functions/DebugLogger.cs +++ b/WDACConfig/WDACConfig Module Files/C#/Functions/DebugLogger.cs @@ -1,5 +1,4 @@ using System; -using System.Management.Automation.Host; #nullable enable @@ -20,7 +19,10 @@ public static void Write(string message) if (string.Equals(WDACConfig.GlobalVars.DebugPreference, "Continue", StringComparison.OrdinalIgnoreCase) || string.Equals(WDACConfig.GlobalVars.DebugPreference, "Inquire", StringComparison.OrdinalIgnoreCase)) { - WDACConfig.GlobalVars.Host.UI.WriteDebugLine(message); + if (WDACConfig.GlobalVars.Host != null) + { + WDACConfig.GlobalVars.Host.UI.WriteDebugLine(message); + } } } diff --git a/WDACConfig/WDACConfig Module Files/C#/Functions/DirectorySelector.cs b/WDACConfig/WDACConfig Module Files/C#/Functions/DirectorySelector.cs index 61cd46dc6..3890cc297 100644 --- a/WDACConfig/WDACConfig Module Files/C#/Functions/DirectorySelector.cs +++ b/WDACConfig/WDACConfig Module Files/C#/Functions/DirectorySelector.cs @@ -1,9 +1,9 @@ using System; using System.Collections.Generic; using System.IO; -using System.Windows.Forms; using System.Linq; using System.Runtime.InteropServices; +using System.Windows.Forms; #nullable enable diff --git a/WDACConfig/WDACConfig Module Files/C#/Functions/DriversBlockRulesFetcher.cs b/WDACConfig/WDACConfig Module Files/C#/Functions/DriversBlockRulesFetcher.cs new file mode 100644 index 000000000..a887b23a3 --- /dev/null +++ b/WDACConfig/WDACConfig Module Files/C#/Functions/DriversBlockRulesFetcher.cs @@ -0,0 +1,72 @@ +using System.Collections.Generic; +using System.Net.Http; +using System.IO; +using System; + +#nullable enable + +namespace WDACConfig +{ + public class DriversBlockRulesFetcher + { + + /// + /// A method to fetch the Vulnerable Driver Block List from the Microsoft servers and deploy it to the system + /// + /// The directory to use for temporary files + /// + public static void Fetch(string StagingArea) + { + // The location where the downloaded zip file will be saved + string DownloadSaveLocation = System.IO.Path.Combine(StagingArea, "VulnerableDriverBlockList.zip"); + + // The location where the zip file will be extracted + string ZipExtractionDir = System.IO.Path.Combine(StagingArea, "VulnerableDriverBlockList"); + + // The link to download the zip file + string DriversBlockListZipDownloadLink = "https://aka.ms/VulnerableDriverBlockList"; + + // Get the system drive + string? systemDrive = Environment.GetEnvironmentVariable("SystemDrive"); + + // Initialize the final destination of the SiPolicy file + string SiPolicyFinalDestination = string.Empty; + + if (systemDrive != null) + { + // Construct the final destination of the SiPolicy file + SiPolicyFinalDestination = System.IO.Path.Combine(systemDrive, "Windows", "System32", "CodeIntegrity", "SiPolicy.p7b"); + } + else + { + throw new Exception("SystemDrive environment variable is null"); + } + + // Download the zip file + using (HttpClient client = new HttpClient()) + { + // Download the file synchronously + byte[] fileBytes = client.GetByteArrayAsync(DriversBlockListZipDownloadLink).GetAwaiter().GetResult(); + File.WriteAllBytes(DownloadSaveLocation, fileBytes); + } + + // Extract the contents of the zip file, overwriting any existing files + System.IO.Compression.ZipFile.ExtractToDirectory(DownloadSaveLocation, ZipExtractionDir, true); + + // Get the path of the SiPolicy file + string[] SiPolicyPaths = System.IO.Directory.GetFiles(ZipExtractionDir, "SiPolicy_Enforced.p7b", System.IO.SearchOption.AllDirectories); + + // Make sure to get only one file is there is more than one (which is unexpected) + string SiPolicyPath = SiPolicyPaths[0]; + + // If the SiPolicy file already exists, delete it + if (File.Exists(SiPolicyFinalDestination)) + { + File.Delete(SiPolicyFinalDestination); + } + + // Move the SiPolicy file to the final destination, renaming it in the process + File.Move(SiPolicyPath, SiPolicyFinalDestination); + } + } +} diff --git a/WDACConfig/WDACConfig Module Files/C#/Functions/EditGUIDs.cs b/WDACConfig/WDACConfig Module Files/C#/Functions/EditGUIDs.cs index c132c8b7b..4c5c93a7f 100644 --- a/WDACConfig/WDACConfig Module Files/C#/Functions/EditGUIDs.cs +++ b/WDACConfig/WDACConfig Module Files/C#/Functions/EditGUIDs.cs @@ -1,4 +1,3 @@ -using System; using System.IO; using System.Xml; @@ -38,7 +37,6 @@ public static void EditGuids(string policyIdInput, FileInfo policyFilePathInput) basePolicyIdNode.InnerText = newBasePolicyId; } - // Save the modified XML file xmlDoc.Save(policyFilePathInput.FullName); } } diff --git a/WDACConfig/WDACConfig Module Files/C#/Functions/EventLogUtility.cs b/WDACConfig/WDACConfig Module Files/C#/Functions/EventLogUtility.cs index c11057a57..9155881c5 100644 --- a/WDACConfig/WDACConfig Module Files/C#/Functions/EventLogUtility.cs +++ b/WDACConfig/WDACConfig Module Files/C#/Functions/EventLogUtility.cs @@ -19,39 +19,42 @@ public static void SetLogSize(ulong logSize = 0) WDACConfig.VerboseLogger.Write("Set-SetLogSize method started..."); string logName = "Microsoft-Windows-CodeIntegrity/Operational"; - var logConfig = new EventLogConfiguration(logName); - string logFilePath = Environment.ExpandEnvironmentVariables(logConfig.LogFilePath); - FileInfo logFileInfo = new FileInfo(logFilePath); - long currentLogFileSize = logFileInfo.Length; - long currentLogMaxSize = logConfig.MaximumSizeInBytes; - if (logSize == 0) + using (var logConfig = new EventLogConfiguration(logName)) { - if ((currentLogMaxSize - currentLogFileSize) < 1 * 1024 * 1024) + string logFilePath = Environment.ExpandEnvironmentVariables(logConfig.LogFilePath); + FileInfo logFileInfo = new FileInfo(logFilePath); + long currentLogFileSize = logFileInfo.Length; + long currentLogMaxSize = logConfig.MaximumSizeInBytes; + + if (logSize == 0) { - if (currentLogMaxSize <= 10 * 1024 * 1024) + if ((currentLogMaxSize - currentLogFileSize) < 1 * 1024 * 1024) { - WDACConfig.VerboseLogger.Write("Increasing the Code Integrity log size by 1MB because its current free space is less than 1MB."); - logConfig.MaximumSizeInBytes = currentLogMaxSize + 1 * 1024 * 1024; - logConfig.IsEnabled = true; - logConfig.SaveChanges(); + if (currentLogMaxSize <= 10 * 1024 * 1024) + { + WDACConfig.VerboseLogger.Write("Increasing the Code Integrity log size by 1MB because its current free space is less than 1MB."); + logConfig.MaximumSizeInBytes = currentLogMaxSize + 1 * 1024 * 1024; + logConfig.IsEnabled = true; + logConfig.SaveChanges(); + } } } - } - else - { - // Check if the provided log size is greater than 1100 KB - // To prevent from disabling the log or setting it to a very small size that is lower than its default size - if (logSize > 1100 * 1024) - { - WDACConfig.VerboseLogger.Write($"Setting Code Integrity log size to {logSize}."); - logConfig.MaximumSizeInBytes = (long)logSize; - logConfig.IsEnabled = true; - logConfig.SaveChanges(); - } else { - WDACConfig.VerboseLogger.Write("Provided log size is less than or equal to 1100 KB. No changes made."); + // Check if the provided log size is greater than 1100 KB + // To prevent from disabling the log or setting it to a very small size that is lower than its default size + if (logSize > 1100 * 1024) + { + WDACConfig.VerboseLogger.Write($"Setting Code Integrity log size to {logSize}."); + logConfig.MaximumSizeInBytes = (long)logSize; + logConfig.IsEnabled = true; + logConfig.SaveChanges(); + } + else + { + WDACConfig.VerboseLogger.Write("Provided log size is less than or equal to 1100 KB. No changes made."); + } } } } diff --git a/WDACConfig/WDACConfig Module Files/C#/Functions/FileDirectoryPathComparer.cs b/WDACConfig/WDACConfig Module Files/C#/Functions/FileDirectoryPathComparer.cs index 31efde2ef..093ba4047 100644 --- a/WDACConfig/WDACConfig Module Files/C#/Functions/FileDirectoryPathComparer.cs +++ b/WDACConfig/WDACConfig Module Files/C#/Functions/FileDirectoryPathComparer.cs @@ -1,6 +1,5 @@ using System; using System.Collections.Generic; -using System.IO; #nullable enable diff --git a/WDACConfig/WDACConfig Module Files/C#/Functions/Initializer.cs b/WDACConfig/WDACConfig Module Files/C#/Functions/Initializer.cs index d9469a569..93651fa8a 100644 --- a/WDACConfig/WDACConfig Module Files/C#/Functions/Initializer.cs +++ b/WDACConfig/WDACConfig Module Files/C#/Functions/Initializer.cs @@ -1,5 +1,5 @@ -using System; using Microsoft.Win32; +using System; using System.Globalization; #nullable enable @@ -14,21 +14,14 @@ public static void Initialize() { using (RegistryKey key = Registry.LocalMachine.OpenSubKey(@"SOFTWARE\Microsoft\Windows NT\CurrentVersion") ?? throw new Exception("Could not get the current Windows version from the registry")) { - if (key != null) + object? ubrValue = key.GetValue("UBR"); + if (ubrValue != null && int.TryParse(ubrValue.ToString(), NumberStyles.Integer, CultureInfo.InvariantCulture, out int ubr)) { - object? ubrValue = key.GetValue("UBR"); - if (ubrValue != null && int.TryParse(ubrValue.ToString(), NumberStyles.Integer, CultureInfo.InvariantCulture, out int ubr)) - { - WDACConfig.GlobalVars.UBR = ubr; - } - else - { - throw new InvalidOperationException("The UBR value could not be retrieved from the registry: HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion"); - } + WDACConfig.GlobalVars.UBR = ubr; } else { - throw new InvalidOperationException("The UBR key does not exist in the registry path: HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion"); + throw new InvalidOperationException("The UBR value could not be retrieved from the registry: HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion"); } } diff --git a/WDACConfig/WDACConfig Module Files/C#/Functions/LoggerInitializer.cs b/WDACConfig/WDACConfig Module Files/C#/Functions/LoggerInitializer.cs index 5d9856ee6..7642e30c0 100644 --- a/WDACConfig/WDACConfig Module Files/C#/Functions/LoggerInitializer.cs +++ b/WDACConfig/WDACConfig Module Files/C#/Functions/LoggerInitializer.cs @@ -1,4 +1,3 @@ -using System; using System.Management.Automation.Host; #nullable enable diff --git a/WDACConfig/WDACConfig Module Files/C#/Functions/MoveUserModeToKernelMode.cs b/WDACConfig/WDACConfig Module Files/C#/Functions/MoveUserModeToKernelMode.cs index 302e50d35..76947e876 100644 --- a/WDACConfig/WDACConfig Module Files/C#/Functions/MoveUserModeToKernelMode.cs +++ b/WDACConfig/WDACConfig Module Files/C#/Functions/MoveUserModeToKernelMode.cs @@ -1,9 +1,5 @@ using System; -using System.Linq.Expressions; using System.Xml; -using static System.Formats.Asn1.AsnWriter; -using System.Xml.Linq; -using System.Globalization; #nullable enable @@ -109,10 +105,7 @@ public static void Move(string filePath) } // Remove SigningScenario with Value 12 completely after moving all of its AllowedSigners to SigningScenario with the value of 131 - if (signingScenario12 != null) - { - signingScenario12.ParentNode?.RemoveChild(signingScenario12); - } + signingScenario12.ParentNode?.RemoveChild(signingScenario12); } } diff --git a/WDACConfig/WDACConfig Module Files/C#/Functions/PageHashCalc.cs b/WDACConfig/WDACConfig Module Files/C#/Functions/PageHashCalc.cs index 944dcb228..b86829419 100644 --- a/WDACConfig/WDACConfig Module Files/C#/Functions/PageHashCalc.cs +++ b/WDACConfig/WDACConfig Module Files/C#/Functions/PageHashCalc.cs @@ -1,9 +1,7 @@ using System; -using System.IO; +using System.Globalization; using System.Runtime.InteropServices; -using System.Security.Cryptography; using System.Text; -using System.Globalization; #nullable enable diff --git a/WDACConfig/WDACConfig Module Files/C#/Functions/TestCiPolicy.cs b/WDACConfig/WDACConfig Module Files/C#/Functions/TestCiPolicy.cs index dfa8a995f..31db65a74 100644 --- a/WDACConfig/WDACConfig Module Files/C#/Functions/TestCiPolicy.cs +++ b/WDACConfig/WDACConfig Module Files/C#/Functions/TestCiPolicy.cs @@ -1,9 +1,8 @@ using System; using System.IO; -using System.Management.Automation; +using System.Security.Cryptography; using System.Security.Cryptography.Pkcs; using System.Security.Cryptography.X509Certificates; -using System.Security.Cryptography; using System.Xml; using System.Xml.Schema; diff --git a/WDACConfig/WDACConfig Module Files/C#/Functions/VerboseLogger.cs b/WDACConfig/WDACConfig Module Files/C#/Functions/VerboseLogger.cs index 88fa16f5a..032fdd0a5 100644 --- a/WDACConfig/WDACConfig Module Files/C#/Functions/VerboseLogger.cs +++ b/WDACConfig/WDACConfig Module Files/C#/Functions/VerboseLogger.cs @@ -1,5 +1,4 @@ using System; -using System.Management.Automation.Host; #nullable enable @@ -20,7 +19,10 @@ public static void Write(string message) if (string.Equals(WDACConfig.GlobalVars.VerbosePreference, "Continue", StringComparison.OrdinalIgnoreCase) || string.Equals(WDACConfig.GlobalVars.VerbosePreference, "Inquire", StringComparison.OrdinalIgnoreCase)) { - WDACConfig.GlobalVars.Host.UI.WriteVerboseLine(message); + if (WDACConfig.GlobalVars.Host != null) + { + WDACConfig.GlobalVars.Host.UI.WriteVerboseLine(message); + } } } diff --git a/WDACConfig/WDACConfig Module Files/C#/Functions/WDAC Simulation/GetFileRuleOutput.cs b/WDACConfig/WDACConfig Module Files/C#/Functions/WDAC Simulation/GetFileRuleOutput.cs index c86434344..6f35fdcce 100644 --- a/WDACConfig/WDACConfig Module Files/C#/Functions/WDAC Simulation/GetFileRuleOutput.cs +++ b/WDACConfig/WDACConfig Module Files/C#/Functions/WDAC Simulation/GetFileRuleOutput.cs @@ -1,8 +1,8 @@ using System; using System.Collections.Generic; using System.Linq; -using System.Xml; using System.Text.RegularExpressions; +using System.Xml; #nullable enable diff --git a/WDACConfig/WDACConfig Module Files/C#/Functions/XmlFilePathExtractor.cs b/WDACConfig/WDACConfig Module Files/C#/Functions/XmlFilePathExtractor.cs index 1b6ef3948..8472c70f0 100644 --- a/WDACConfig/WDACConfig Module Files/C#/Functions/XmlFilePathExtractor.cs +++ b/WDACConfig/WDACConfig Module Files/C#/Functions/XmlFilePathExtractor.cs @@ -1,6 +1,5 @@ using System; using System.Collections.Generic; -using System.IO; using System.Xml; #nullable enable diff --git a/WDACConfig/WDACConfig Module Files/C#/Variables/CILogIntel.cs b/WDACConfig/WDACConfig Module Files/C#/Variables/CILogIntel.cs index e41a2fb30..7f2b7e82e 100644 --- a/WDACConfig/WDACConfig Module Files/C#/Variables/CILogIntel.cs +++ b/WDACConfig/WDACConfig Module Files/C#/Variables/CILogIntel.cs @@ -1,4 +1,3 @@ -using System; using System.Collections.Generic; #nullable enable diff --git a/WDACConfig/WDACConfig Module Files/C#/Variables/GlobalVariables.cs b/WDACConfig/WDACConfig Module Files/C#/Variables/GlobalVariables.cs index 05530b052..2845b698a 100644 --- a/WDACConfig/WDACConfig Module Files/C#/Variables/GlobalVariables.cs +++ b/WDACConfig/WDACConfig Module Files/C#/Variables/GlobalVariables.cs @@ -1,9 +1,8 @@ using System; using System.IO; -using System.Globalization; using System.Management.Automation.Host; -#nullable disable +#nullable enable namespace WDACConfig { @@ -30,10 +29,10 @@ public static class GlobalVars // Stores the value of $PSScriptRoot to allow the internal functions to use it when navigating the module structure // It's set by PowerShell code outside of C# - public static string ModuleRootPath; + public static string? ModuleRootPath; // Create full OS build number as seen in Windows Settings - public static string FullOSBuild; + public static string? FullOSBuild; // Storing the path to the WDAC Code Integrity Schema XSD file public static readonly string CISchemaPath = Path.Combine( @@ -47,13 +46,13 @@ public static class GlobalVars public static readonly string UserConfigJson = Path.Combine(UserConfigDir, "UserConfigurations", "UserConfigurations.json"); // The VerbosePreference variable of the PowerShell session - public static string VerbosePreference; + public static string? VerbosePreference; // The DebugPreference variable of the PowerShell session - public static string DebugPreference; + public static string? DebugPreference; // The value of the automatic variable $HOST from the PowerShell session // Stored using the LoggerInitializer method that is called at the beginning of each cmdlet - public static PSHost Host; + public static PSHost? Host; } } diff --git a/WDACConfig/WDACConfig Module Files/C#/XMLOps/SignerAndHashBuilder.cs b/WDACConfig/WDACConfig Module Files/C#/XMLOps/SignerAndHashBuilder.cs index 365f8d2b8..981648842 100644 --- a/WDACConfig/WDACConfig Module Files/C#/XMLOps/SignerAndHashBuilder.cs +++ b/WDACConfig/WDACConfig Module Files/C#/XMLOps/SignerAndHashBuilder.cs @@ -1,7 +1,6 @@ using System; using System.Collections; using System.Collections.Generic; -using System.Linq; using System.Globalization; #nullable enable @@ -228,10 +227,8 @@ public static FileBasedInfoPackage BuildSignerAndHashObjects(Hashtable[] data, s } // Add the Certificate details to the CurrentFilePublisherSigner's CertificateDetails property - if (currentCorData != null) - { - currentFilePublisherSigner.CertificateDetails.Add(currentCorData); - } + currentFilePublisherSigner.CertificateDetails.Add(currentCorData); + } } @@ -342,10 +339,7 @@ public static FileBasedInfoPackage BuildSignerAndHashObjects(Hashtable[] data, s } // Add the Certificate details to the CurrentPublisherSigner's CertificateDetails property - if (currentCorData != null) - { - currentPublisherSigner.CertificateDetails.Add(currentCorData); - } + currentPublisherSigner.CertificateDetails.Add(currentCorData); } } diff --git a/WDACConfig/WDACConfig Module Files/Core/ConvertTo-WDACPolicy.psm1 b/WDACConfig/WDACConfig Module Files/Core/ConvertTo-WDACPolicy.psm1 index 3c19ebec3..1ddc98bfe 100644 --- a/WDACConfig/WDACConfig Module Files/Core/ConvertTo-WDACPolicy.psm1 +++ b/WDACConfig/WDACConfig Module Files/Core/ConvertTo-WDACPolicy.psm1 @@ -762,18 +762,7 @@ Function ConvertTo-WDACPolicy { # This function runs twice, once for signed data and once for unsigned data Close-EmptyXmlNodes_Semantic -XmlFilePath $OutputPolicyPathMDEAH - # UNUSED FUNCTIONS - Their jobs have been replaced by semantic functions - # Keeping them here for reference - - # Remove-OrphanAllowedSignersAndCiSigners_IDBased -Path $OutputPolicyPathMDEAH - # Remove-DuplicateAllowedSignersAndCiSigners_IDBased -Path $OutputPolicyPathMDEAH - # Remove-DuplicateFileAttrib_IDBased -XmlFilePath $OutputPolicyPathMDEAH - # Remove-DuplicateAllowAndFileRuleRefElements_IDBased -XmlFilePath $OutputPolicyPathMDEAH - # Remove-DuplicateFileAttrib_Semantic -XmlFilePath $OutputPolicyPathMDEAH - # Remove-DuplicateFileAttribRef_IDBased -XmlFilePath $OutputPolicyPathMDEAH -Verbose - #Region Base To Supplemental Policy Association and Deployment - Switch ($True) { { $null -ne $BasePolicyFile } { diff --git a/WDACConfig/WDACConfig Module Files/Core/New-DenyWDACConfig.psm1 b/WDACConfig/WDACConfig Module Files/Core/New-DenyWDACConfig.psm1 index dbfe8d926..8dbe0820e 100644 --- a/WDACConfig/WDACConfig Module Files/Core/New-DenyWDACConfig.psm1 +++ b/WDACConfig/WDACConfig Module Files/Core/New-DenyWDACConfig.psm1 @@ -190,7 +190,14 @@ Function New-DenyWDACConfig { Write-Progress -Id 23 -Activity 'Processing user selected Folders' -Status "Step $CurrentStep/$TotalSteps" -PercentComplete ($CurrentStep / $TotalSteps * 100) Write-Verbose -Message 'Looping through each user-selected folder paths, scanning them, creating a temp policy file based on them' - powershell.exe -Command { + powershell.exe -NoProfile -Command { + + # Prep the environment as a workaround for the ConfigCI bug + if ([System.IO.Directory]::Exists('C:\Program Files\Windows Defender\Offline')) { + [System.String]$RandomGUID = [System.Guid]::NewGuid().ToString() + New-CIPolicy -UserPEs -ScanPath 'C:\Program Files\Windows Defender\Offline' -Level hash -FilePath ".\$RandomGUID.xml" -NoShadowCopy -PathToCatroot 'C:\Program Files\Windows Defender\Offline' -WarningAction SilentlyContinue + Remove-Item -LiteralPath ".\$RandomGUID.xml" -Force + } [System.Collections.ArrayList]$DriverFilesObject = @() @@ -280,7 +287,7 @@ Function New-DenyWDACConfig { Write-Progress -Id 24 -Activity 'Creating the base policy' -Status "Step $CurrentStep/$TotalSteps" -PercentComplete ($CurrentStep / $TotalSteps * 100) Write-Verbose -Message 'Creating a temporary Deny policy for the supplied Appx package name' - powershell.exe -Command { + powershell.exe -NoProfile -Command { # Get all the packages based on the supplied name [Microsoft.Windows.Appx.PackageManager.Commands.AppxPackage[]]$Package = Get-AppxPackage -Name $args[0] @@ -345,7 +352,7 @@ Function New-DenyWDACConfig { # Using Windows PowerShell to handle serialized data since PowerShell core throws an error Write-Verbose -Message 'Creating the deny policy file' - powershell.exe -Command { + powershell.exe -NoProfile -Command { $RulesWildCards = New-CIPolicyRule -Deny -FilePathRule $args[0] New-CIPolicy -MultiplePolicyFormat -FilePath $args[1] -Rules $RulesWildCards } -args $FolderPath, $TempPolicyPath diff --git a/WDACConfig/WDACConfig Module Files/Core/New-KernelModeWDACConfig.psm1 b/WDACConfig/WDACConfig Module Files/Core/New-KernelModeWDACConfig.psm1 index cb2b5f148..8fe50235c 100644 --- a/WDACConfig/WDACConfig Module Files/Core/New-KernelModeWDACConfig.psm1 +++ b/WDACConfig/WDACConfig Module Files/Core/New-KernelModeWDACConfig.psm1 @@ -32,11 +32,6 @@ Function New-KernelModeWDACConfig { # if -SkipVersionCheck wasn't passed, run the updater if (-NOT $SkipVersionCheck) { Update-Self -InvocationStatement $MyInvocation.Statement } - if ([WDACConfig.GlobalVars]::ConfigCIBootstrap -eq $false) { - Invoke-MockConfigCIBootstrap - [WDACConfig.GlobalVars]::ConfigCIBootstrap = $true - } - [System.IO.DirectoryInfo]$StagingArea = [WDACConfig.StagingArea]::NewStagingArea('New-KernelModeWDACConfig') # Create a directory to store the kernel mode drivers symbolic links for both modes @@ -199,7 +194,14 @@ Function New-KernelModeWDACConfig { # Get the kernel mode drivers directory path containing symlinks Get-KernelModeDriversAudit -SavePath $KernelModeDriversDirectory - powershell.exe -Command { + powershell.exe -NoProfile -Command { + # Prep the environment as a workaround for the ConfigCI bug + if ([System.IO.Directory]::Exists('C:\Program Files\Windows Defender\Offline')) { + [System.String]$RandomGUID = [System.Guid]::NewGuid().ToString() + New-CIPolicy -UserPEs -ScanPath 'C:\Program Files\Windows Defender\Offline' -Level hash -FilePath ".\$RandomGUID.xml" -NoShadowCopy -PathToCatroot 'C:\Program Files\Windows Defender\Offline' -WarningAction SilentlyContinue + Remove-Item -LiteralPath ".\$RandomGUID.xml" -Force + } + Write-Verbose -Message 'Scanning the kernel-mode drivers detected in Event viewer logs' [System.Collections.ArrayList]$DriverFilesObj = Get-SystemDriver -ScanPath $args[0] @@ -333,7 +335,14 @@ Function New-KernelModeWDACConfig { # Get the kernel mode drivers directory path containing symlinks Get-KernelModeDriversAudit -SavePath $KernelModeDriversDirectory - powershell.exe -Command { + powershell.exe -NoProfile -Command { + # Prep the environment as a workaround for the ConfigCI bug + if ([System.IO.Directory]::Exists('C:\Program Files\Windows Defender\Offline')) { + [System.String]$RandomGUID = [System.Guid]::NewGuid().ToString() + New-CIPolicy -UserPEs -ScanPath 'C:\Program Files\Windows Defender\Offline' -Level hash -FilePath ".\$RandomGUID.xml" -NoShadowCopy -PathToCatroot 'C:\Program Files\Windows Defender\Offline' -WarningAction SilentlyContinue + Remove-Item -LiteralPath ".\$RandomGUID.xml" -Force + } + Write-Verbose -Message 'Scanning the kernel-mode drivers detected in Event viewer logs' [System.Collections.ArrayList]$DriverFilesObj = Get-SystemDriver -ScanPath $args[0] diff --git a/WDACConfig/WDACConfig Module Files/Core/New-SupplementalWDACConfig.psm1 b/WDACConfig/WDACConfig Module Files/Core/New-SupplementalWDACConfig.psm1 index 7ffd1bca5..f7a1e1e5d 100644 --- a/WDACConfig/WDACConfig Module Files/Core/New-SupplementalWDACConfig.psm1 +++ b/WDACConfig/WDACConfig Module Files/Core/New-SupplementalWDACConfig.psm1 @@ -207,7 +207,7 @@ Function New-SupplementalWDACConfig { # Using Windows PowerShell to handle serialized data since PowerShell core throws an error Write-Verbose -Message 'Creating the Supplemental policy file' - powershell.exe -Command { + powershell.exe -NoProfile -Command { $RulesWildCards = New-CIPolicyRule -FilePathRule $args[0] New-CIPolicy -MultiplePolicyFormat -FilePath "$($args[2])\SupplementalPolicy $($args[1]).xml" -Rules $RulesWildCards } -args $FolderPath, $SuppPolicyName, $StagingArea @@ -262,7 +262,7 @@ Function New-SupplementalWDACConfig { Write-Progress -Id 21 -Activity 'Creating the Supplemental policy' -Status "Step $CurrentStep/$TotalSteps" -PercentComplete ($CurrentStep / $TotalSteps * 100) Write-Verbose -Message 'Creating a policy for the supplied Appx package name and its dependencies (if any)' - powershell.exe -Command { + powershell.exe -NoProfile -Command { # Get all the packages based on the supplied name [Microsoft.Windows.Appx.PackageManager.Commands.AppxPackage[]]$Package = Get-AppxPackage -Name $args[0] diff --git a/WDACConfig/WDACConfig Module Files/Core/New-WDACConfig.psm1 b/WDACConfig/WDACConfig Module Files/Core/New-WDACConfig.psm1 index 2ffc7c9c5..b3dcfef04 100644 --- a/WDACConfig/WDACConfig Module Files/Core/New-WDACConfig.psm1 +++ b/WDACConfig/WDACConfig Module Files/Core/New-WDACConfig.psm1 @@ -95,35 +95,33 @@ Function New-WDACConfig { $CurrentStep++ Write-Progress -Id 2 -Activity 'Setting up the Scheduled task' -Status "Step $CurrentStep/$TotalSteps" -PercentComplete ($CurrentStep / $TotalSteps * 100) - Write-Verbose -Message 'Getting the state of MSFT Driver Block list update Scheduled task' - [System.String]$BlockListScheduledTaskState = (Get-ScheduledTask -TaskName 'MSFT Driver Block list update' -TaskPath '\MSFT Driver Block list update\' -ErrorAction SilentlyContinue).State + Write-Verbose -Message 'Deleting the MSFT Driver Block list update Scheduled task if it exists' + Get-ScheduledTask -TaskName 'MSFT Driver Block list update' -TaskPath '\MSFT Driver Block list update\' -ErrorAction Ignore | Unregister-ScheduledTask -Confirm:$false - # Create scheduled task for fast weekly Microsoft recommended driver block list update if it doesn't exist or exists but is not Ready/Running - if (-NOT (($BlockListScheduledTaskState -eq 'Ready' -or $BlockListScheduledTaskState -eq 'Running'))) { + Write-Verbose -Message 'Creating the MSFT Driver Block list update task' + # Get the SID of the SYSTEM account. It is a well-known SID, but still querying it, going to use it to create the scheduled task + [System.Security.Principal.SecurityIdentifier]$SYSTEMSID = New-Object -TypeName System.Security.Principal.SecurityIdentifier([System.Security.Principal.WellKnownSidType]::LocalSystemSid, $null) - Write-Verbose -Message "Creating the MSFT Driver Block list update task because its state is neither Running nor Ready, it's $BlockListScheduledTaskState" - # Get the SID of the SYSTEM account. It is a well-known SID, but still querying it, going to use it to create the scheduled task - [System.Security.Principal.SecurityIdentifier]$SYSTEMSID = New-Object -TypeName System.Security.Principal.SecurityIdentifier([System.Security.Principal.WellKnownSidType]::LocalSystemSid, $null) +[System.String]$TaskArgument = @' +-NoProfile -WindowStyle Hidden -command "& {try {Invoke-WebRequest -Uri 'https://aka.ms/VulnerableDriverBlockList' -OutFile 'VulnerableDriverBlockList.zip' -ErrorAction Stop}catch{exit 1};Expand-Archive -Path '.\VulnerableDriverBlockList.zip' -DestinationPath 'VulnerableDriverBlockList' -Force;$SiPolicy_EnforcedFile = Get-ChildItem -Recurse -File -Path '.\VulnerableDriverBlockList' -Filter 'SiPolicy_Enforced.p7b' | Select-Object -First 1;Move-Item -Path $SiPolicy_EnforcedFile.FullName -Destination ($env:SystemDrive + '\Windows\System32\CodeIntegrity\SiPolicy.p7b') -Force;citool --refresh -json;Remove-Item -Path '.\VulnerableDriverBlockList' -Recurse -Force;Remove-Item -Path '.\VulnerableDriverBlockList.zip' -Force;}" +'@ + # Create a scheduled task action, this defines how to download and install the latest Microsoft Recommended Driver Block Rules + [Microsoft.Management.Infrastructure.CimInstance]$Action = New-ScheduledTaskAction -Execute 'Powershell.exe' -Argument $TaskArgument - # Create a scheduled task action, this defines how to download and install the latest Microsoft Recommended Driver Block Rules - [Microsoft.Management.Infrastructure.CimInstance]$Action = New-ScheduledTaskAction -Execute 'Powershell.exe' ` - -Argument '-NoProfile -WindowStyle Hidden -command "& {try {Invoke-WebRequest -Uri "https://aka.ms/VulnerableDriverBlockList" -OutFile VulnerableDriverBlockList.zip -ErrorAction Stop}catch{exit 1};Expand-Archive -Path .\VulnerableDriverBlockList.zip -DestinationPath "VulnerableDriverBlockList" -Force;Rename-Item -Path .\VulnerableDriverBlockList\SiPolicy_Enforced.p7b -NewName "SiPolicy.p7b" -Force;Copy-Item -Path .\VulnerableDriverBlockList\SiPolicy.p7b -Destination "$env:SystemDrive\Windows\System32\CodeIntegrity" -Force;citool --refresh -json;Remove-Item -Path .\VulnerableDriverBlockList -Recurse -Force;Remove-Item -Path .\VulnerableDriverBlockList.zip -Force; exit 0;}"' + # Create a scheduled task principal and assign the SYSTEM account's SID to it so that the task will run under its context + [Microsoft.Management.Infrastructure.CimInstance]$TaskPrincipal = New-ScheduledTaskPrincipal -LogonType S4U -UserId $($SYSTEMSID.Value) -RunLevel Highest - # Create a scheduled task principal and assign the SYSTEM account's SID to it so that the task will run under its context - [Microsoft.Management.Infrastructure.CimInstance]$TaskPrincipal = New-ScheduledTaskPrincipal -LogonType S4U -UserId $($SYSTEMSID.Value) -RunLevel Highest + # Create a trigger for the scheduled task. The task will first run one hour after its creation and from then on will run every 7 days, indefinitely + [Microsoft.Management.Infrastructure.CimInstance]$Time = New-ScheduledTaskTrigger -Once -At (Get-Date).AddHours(1) -RepetitionInterval (New-TimeSpan -Days 7) - # Create a trigger for the scheduled task. The task will first run one hour after its creation and from then on will run every 7 days, indefinitely - [Microsoft.Management.Infrastructure.CimInstance]$Time = New-ScheduledTaskTrigger -Once -At (Get-Date).AddHours(1) -RepetitionInterval (New-TimeSpan -Days 7) + # Register the scheduled task. If the task's state is disabled, it will be overwritten with a new task that is enabled + Register-ScheduledTask -Action $Action -Trigger $Time -Principal $TaskPrincipal -TaskPath 'MSFT Driver Block list update' -TaskName 'MSFT Driver Block list update' -Description 'Microsoft Recommended Driver Block List update' -Force - # Register the scheduled task. If the task's state is disabled, it will be overwritten with a new task that is enabled - Register-ScheduledTask -Action $Action -Trigger $Time -Principal $TaskPrincipal -TaskPath 'MSFT Driver Block list update' -TaskName 'MSFT Driver Block list update' -Description 'Microsoft Recommended Driver Block List update' -Force + # Define advanced settings for the scheduled task + [Microsoft.Management.Infrastructure.CimInstance]$TaskSettings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries -Compatibility 'Win8' -StartWhenAvailable -ExecutionTimeLimit (New-TimeSpan -Minutes 3) -RestartCount 4 -RestartInterval (New-TimeSpan -Hours 6) -RunOnlyIfNetworkAvailable - # Define advanced settings for the scheduled task - [Microsoft.Management.Infrastructure.CimInstance]$TaskSettings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries -Compatibility 'Win8' -StartWhenAvailable -ExecutionTimeLimit (New-TimeSpan -Minutes 3) -RestartCount 4 -RestartInterval (New-TimeSpan -Hours 6) -RunOnlyIfNetworkAvailable - - # Add the advanced settings we defined above to the scheduled task - Set-ScheduledTask -TaskName 'MSFT Driver Block list update' -TaskPath 'MSFT Driver Block list update' -Settings $TaskSettings - } + # Add the advanced settings we defined above to the scheduled task + Set-ScheduledTask -TaskName 'MSFT Driver Block list update' -TaskPath 'MSFT Driver Block list update' -Settings $TaskSettings Write-Verbose -Message 'Displaying extra info about the Microsoft recommended Drivers block list' Invoke-Command -ScriptBlock $DriversBlockListInfoGatheringSCRIPTBLOCK @@ -143,17 +141,7 @@ Function New-WDACConfig { $CurrentStep++ Write-Progress -Id 1 -Activity "Downloading the $Name" -Status "Step $CurrentStep/$TotalSteps" -PercentComplete ($CurrentStep / $TotalSteps * 100) - Write-Verbose -Message "Downloading the $Name archive" - Invoke-WebRequest -Uri 'https://aka.ms/VulnerableDriverBlockList' -OutFile (Join-Path -Path $StagingArea -ChildPath 'VulnerableDriverBlockList.zip') -ProgressAction SilentlyContinue - - $CurrentStep++ - Write-Progress -Id 1 -Activity 'Expanding the archive' -Status "Step $CurrentStep/$TotalSteps" -PercentComplete ($CurrentStep / $TotalSteps * 100) - - Write-Verbose -Message 'Expanding the Block list archive' - Expand-Archive -Path (Join-Path -Path $StagingArea -ChildPath 'VulnerableDriverBlockList.zip') -DestinationPath (Join-Path -Path $StagingArea -ChildPath 'VulnerableDriverBlockList') -Force - - Write-Verbose -Message 'Renaming and copying the new block list to the CodeIntegrity folder, replacing any old ones' - Move-Item -Path (Join-Path -Path $StagingArea -ChildPath 'VulnerableDriverBlockList' -AdditionalChildPath 'SiPolicy_Enforced.p7b') -Destination 'C:\Windows\System32\CodeIntegrity\SiPolicy.p7b' -Force + [WDACConfig.DriversBlockRulesFetcher]::Fetch($StagingArea) $CurrentStep++ Write-Progress -Id 1 -Activity 'Refreshing the system policies' -Status "Step $CurrentStep/$TotalSteps" -PercentComplete ($CurrentStep / $TotalSteps * 100) diff --git a/WDACConfig/WDACConfig Module Files/CoreExt/PSDefaultParameterValues.ps1 b/WDACConfig/WDACConfig Module Files/CoreExt/PSDefaultParameterValues.ps1 index 4fb43f777..92c5af6dc 100644 --- a/WDACConfig/WDACConfig Module Files/CoreExt/PSDefaultParameterValues.ps1 +++ b/WDACConfig/WDACConfig Module Files/CoreExt/PSDefaultParameterValues.ps1 @@ -40,12 +40,7 @@ $PSDefaultParameterValues = @{ 'New-PublisherLevelRules:Verbose' = $Verbose 'Optimize-MDECSVData:Verbose' = $Verbose 'Remove-AllowElements_Semantic:Verbose' = $Verbose - 'Remove-DuplicateAllowAndFileRuleRefElements_IDBased:Verbose' = $Verbose - 'Remove-DuplicateAllowedSignersAndCiSigners_IDBased:Verbose' = $Verbose - 'Remove-DuplicateFileAttrib_IDBased:Verbose' = $Verbose 'Remove-DuplicateFileAttrib_Semantic:Verbose' = $Verbose - 'Remove-DuplicateFileAttribRef_IDBased:Verbose' = $Verbose - 'Remove-OrphanAllowedSignersAndCiSigners_IDBased:Verbose' = $Verbose 'Remove-UnreferencedFileRuleRefs:Verbose' = $Verbose 'New-CertificateSignerRules:Verbose' = $Verbose @@ -58,12 +53,7 @@ $PSDefaultParameterValues = @{ 'New-PublisherLevelRules:Debug' = $Debug 'Optimize-MDECSVData:Debug' = $Debug 'Remove-AllowElements_Semantic:Debug' = $Debug - 'Remove-DuplicateAllowAndFileRuleRefElements_IDBased:Debug' = $Debug - 'Remove-DuplicateAllowedSignersAndCiSigners_IDBased:Debug' = $Debug - 'Remove-DuplicateFileAttrib_IDBased:Debug' = $Debug 'Remove-DuplicateFileAttrib_Semantic:Debug' = $Debug - 'Remove-DuplicateFileAttribRef_IDBased:Debug' = $Debug - 'Remove-OrphanAllowedSignersAndCiSigners_IDBased:Debug' = $Debug 'Remove-UnreferencedFileRuleRefs:Debug' = $Debug 'New-CertificateSignerRules:Debug' = $Debug } diff --git a/WDACConfig/WDACConfig Module Files/Shared/Get-KernelModeDrivers.psm1 b/WDACConfig/WDACConfig Module Files/Shared/Get-KernelModeDrivers.psm1 index 23fe90973..59b0deff5 100644 --- a/WDACConfig/WDACConfig Module Files/Shared/Get-KernelModeDrivers.psm1 +++ b/WDACConfig/WDACConfig Module Files/Shared/Get-KernelModeDrivers.psm1 @@ -33,7 +33,7 @@ Function Get-KernelModeDrivers { # Import the ConfigCI assembly resources if they are not already imported if (-NOT ('Microsoft.SecureBoot.UserConfig.ImportParser' -as [System.Type]) ) { [WDACConfig.VerboseLogger]::Write('Importing the ConfigCI assembly resources') - Add-Type -Path ([System.String](PowerShell.exe -Command { (Get-Command -Name Merge-CIPolicy).DLL })) + Add-Type -Path ([System.String](PowerShell.exe -NoProfile -Command { (Get-Command -Name Merge-CIPolicy).DLL })) } Function Test-UserPE { diff --git a/WDACConfig/WDACConfig Module Files/Shared/Remove-SupplementalSigners.psm1 b/WDACConfig/WDACConfig Module Files/Shared/Remove-SupplementalSigners.psm1 index 59297602b..9f78dd26a 100644 --- a/WDACConfig/WDACConfig Module Files/Shared/Remove-SupplementalSigners.psm1 +++ b/WDACConfig/WDACConfig Module Files/Shared/Remove-SupplementalSigners.psm1 @@ -96,7 +96,6 @@ Function Remove-SupplementalSigners { } } End { - # Save the modified XML content to a file $XMLContent.Save($Path) } } diff --git a/WDACConfig/WDACConfig Module Files/Shared/Select-LogProperties.psm1 b/WDACConfig/WDACConfig Module Files/Shared/Select-LogProperties.psm1 index 0b1366b00..b81b25f09 100644 --- a/WDACConfig/WDACConfig Module Files/Shared/Select-LogProperties.psm1 +++ b/WDACConfig/WDACConfig Module Files/Shared/Select-LogProperties.psm1 @@ -50,12 +50,5 @@ Function Select-LogProperties { 'SignatureStatus', 'ProviderName', 'SignerInfo' | Sort-Object -Property TimeCreated -Descending - - <# - Return [System.Linq.Enumerable]::OrderByDescending( - [System.Collections.Generic.List[System.Object]]$Logs, - [System.Func[System.Object, System.DateTime]] { param($Item) $Item.TimeCreated } - ) - #> } Export-ModuleMember -Function 'Select-LogProperties' diff --git a/WDACConfig/WDACConfig Module Files/Shared/Test-ECCSignedFiles.psm1 b/WDACConfig/WDACConfig Module Files/Shared/Test-ECCSignedFiles.psm1 index b1b037cb5..4bad07acf 100644 --- a/WDACConfig/WDACConfig Module Files/Shared/Test-ECCSignedFiles.psm1 +++ b/WDACConfig/WDACConfig Module Files/Shared/Test-ECCSignedFiles.psm1 @@ -82,14 +82,16 @@ Function Test-ECCSignedFiles { foreach ($ECCSignedFile in $ECCSignedFiles) { + [WDACConfig.VerboseLogger]::Write("Test-ECCSignedFiles: Creating Hash Level rules for the ECC signed file '$ECCSignedFile'.") + [WDACConfig.AuthenticodePageHashes]$HashOutput = [WDACConfig.AuthPageHash]::GetCiFileHashes($ECCSignedFile) $CompleteHashes.Add([WDACConfig.HashCreator]::New( $HashOutput.SHA256Authenticode, $HashOutput.SHA1Authenticode, ([System.IO.FileInfo]$ECCSignedFile).Name, - # Check if the file is kernel-mode or user-mode -- Don't need the verbose output of the cmdlet when using it in embedded mode - ($null -eq (Get-KernelModeDrivers -File $ECCSignedFile 4>$null)) ? 1 : 0 + # Check if the file is kernel-mode or user-mode + ($null -eq (Get-KernelModeDrivers -File $ECCSignedFile)) ? 1 : 0 ) ) } diff --git a/WDACConfig/WDACConfig Module Files/Shared/Update-self.psm1 b/WDACConfig/WDACConfig Module Files/Shared/Update-self.psm1 index 59bc75291..0994c40b5 100644 --- a/WDACConfig/WDACConfig Module Files/Shared/Update-self.psm1 +++ b/WDACConfig/WDACConfig Module Files/Shared/Update-self.psm1 @@ -74,25 +74,22 @@ Function Update-Self { Write-Output -InputObject "$($PSStyle.Foreground.FromRGB(255,0,230))The currently installed module's version is $CurrentVersion while the latest version is $LatestVersion - Auto Updating the module...$($PSStyle.Reset)" # Remove the old module version from the current session - Remove-Module -Name 'WDACConfig' -Force + Remove-Module -Name 'WDACConfig' -Force -WarningAction SilentlyContinue - # Do this if the module was installed properly using Install-module cmdlet try { - Uninstall-Module -Name 'WDACConfig' -AllVersions -Force -ErrorAction Stop - Install-Module -Name 'WDACConfig' -RequiredVersion $LatestVersion -Scope AllUsers -Force - # Will not import the new module version in the current session because of the constant variables. New version is automatically imported when the main cmdlet is run in a new session. - } - # Do this if module files/folder was just copied to Documents folder and not properly installed - Should rarely happen - catch { - Install-Module -Name 'WDACConfig' -RequiredVersion $LatestVersion -Scope AllUsers -Force - # Will not import the new module version in the current session because of the constant variables. New version is automatically imported when the main cmdlet is run in a new session. + Uninstall-Module -Name 'WDACConfig' -AllVersions -Force -ErrorAction Ignore -WarningAction SilentlyContinue } + catch {} + + Install-Module -Name 'WDACConfig' -RequiredVersion $LatestVersion -Scope AllUsers -Force + # Will not import the new module version in the current session because of the constant variables. New version is automatically imported when the main cmdlet is run in a new session. + # Make sure the old version isn't run after update Write-Output -InputObject "$($PSStyle.Foreground.FromRGB(152,255,152))Update has been successful, running your command now$($PSStyle.Reset)" try { # Try to re-run the command that invoked the Update-Self function in a new session after the module is updated. - pwsh.exe -NoLogo -NoExit -command $InvocationStatement + pwsh.exe -NoProfile -NoLogo -NoExit -command $InvocationStatement } catch { Throw 'Could not relaunch PowerShell after update. Please close and reopen PowerShell to run your command again.' diff --git a/WDACConfig/WDACConfig Module Files/WDACConfig.psd1 b/WDACConfig/WDACConfig Module Files/WDACConfig.psd1 index 5d709910b..955fc6740 100644 --- a/WDACConfig/WDACConfig Module Files/WDACConfig.psd1 +++ b/WDACConfig/WDACConfig Module Files/WDACConfig.psd1 @@ -2,13 +2,13 @@ # https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_module_manifests RootModule = 'WDACConfig.psm1' - ModuleVersion = '0.4.4' + ModuleVersion = '0.4.5' CompatiblePSEditions = @('Core') GUID = '79920947-efb5-48c1-a567-5b02ebe74793' Author = 'HotCakeX' CompanyName = 'SpyNetGirl' Copyright = '(c) 2023-2024' - PowerShellVersion = '7.4.3' + PowerShellVersion = '7.4.4' CmdletsToExport = @() VariablesToExport = '*' AliasesToExport = @() diff --git a/WDACConfig/WDACConfig Module Files/WDACConfig.psm1 b/WDACConfig/WDACConfig Module Files/WDACConfig.psm1 index c3f049afa..c0b975537 100644 --- a/WDACConfig/WDACConfig Module Files/WDACConfig.psm1 +++ b/WDACConfig/WDACConfig Module Files/WDACConfig.psm1 @@ -1,5 +1,4 @@ <# -------- Guidance for code readers -------- -The module uses tight import/export control, no internal function is exposed on the console/to the user. The $PSDefaultParameterValues located in "$([WDACConfig.GlobalVars]::ModuleRootPath)\CoreExt\PSDefaultParameterValues.ps1" is imported via dot-sourcing to the current session of each main cmdlet/internal function that calls any (other) internal function or uses any of the cmdlets defined in that file, prior to everything else. At the beginning of each main cmdlet, 2 custom $Verbose and/or $Debug variables are defined which help to take actions based on Verbose/Debug preferences and also pass the $VerbosePreference and $DebugPreference to the subsequent sub-functions/modules being called from the main cmdlets. @@ -26,7 +25,6 @@ if (!$IsWindows) { Throw [System.PlatformNotSupportedException] 'The WDACConfig module only runs on Windows operation systems. Download it from here: https://www.microsoft.com/software-download/windows11' } -# Specifies that the WDACConfig module requires Administrator privileges #Requires -RunAsAdministrator # Unimportant actions that don't need to be terminating if they fail @@ -38,6 +36,7 @@ try { } catch {} +<# # This is required for the EKUs to work. # Load all the DLLs in the PowerShell folder, providing .NET types for the module # These types are required for the folder picker with multiple select options. Also the module manifest no longer handles assembly as it's not necessary anymore. @@ -50,6 +49,10 @@ foreach ($Dll in (Convert-Path -Path ("$([psobject].Assembly.Location)\..\*.dll" # Clear the Get-Error from Add-Type errors that are unnecessary $Error.Clear() +#> +# Because we need it to construct Microsoft.Powershell.Commands.EnhancedKeyUsageProperty object for EKUs +Add-Type -AssemblyName 'Microsoft.PowerShell.Security' + # Import all C# codes at once so they will get compiled together, have resolved dependencies and recognize each others' classes/types Add-Type -Path ([System.IO.Directory]::GetFiles("$PSScriptRoot\C#", '*.*', [System.IO.SearchOption]::AllDirectories)) -ReferencedAssemblies @(Get-Content -Path "$PSScriptRoot\.NETAssembliesToLoad.txt") diff --git a/WDACConfig/WDACConfig Module Files/XMLOps/Remove-AllowElements_Semantic.psm1 b/WDACConfig/WDACConfig Module Files/XMLOps/Remove-AllowElements_Semantic.psm1 index eb93d8426..97d337c03 100644 --- a/WDACConfig/WDACConfig Module Files/XMLOps/Remove-AllowElements_Semantic.psm1 +++ b/WDACConfig/WDACConfig Module Files/XMLOps/Remove-AllowElements_Semantic.psm1 @@ -148,7 +148,6 @@ function Remove-AllowElements_Semantic { } End { - # Save the modified XML file $Xml.Save($Path) } } diff --git a/WDACConfig/WDACConfig Module Files/XMLOps/Remove-DuplicateAllowAndFileRuleRefElements_IDBased.psm1 b/WDACConfig/WDACConfig Module Files/XMLOps/Remove-DuplicateAllowAndFileRuleRefElements_IDBased.psm1 deleted file mode 100644 index 164aef2d3..000000000 --- a/WDACConfig/WDACConfig Module Files/XMLOps/Remove-DuplicateAllowAndFileRuleRefElements_IDBased.psm1 +++ /dev/null @@ -1,88 +0,0 @@ -Function Remove-DuplicateAllowAndFileRuleRefElements_IDBased { - <# - .SYNOPSIS - Removes duplicates elements from the nodes - and elements from the nodes in every node of each node - - The criteria for removing duplicates is the ID attribute of the elements and the RuleID attribute of the elements - .PARAMETER XmlFilePath - The file path of the XML document to be modified - .INPUTS - System.IO.FileInfo - .OUTPUTS - System.Void - #> - [CmdletBinding()] - [OutputType([System.Void])] - param ( - [Parameter(Mandatory = $true)][System.IO.FileInfo]$XmlFilePath - ) - Begin { - . "$([WDACConfig.GlobalVars]::ModuleRootPath)\CoreExt\PSDefaultParameterValues.ps1" - - # Load the XML document from the specified file path - [System.Xml.XmlDocument]$XmlDocument = Get-Content -Path $XmlFilePath - - # Create a namespace manager for handling XML namespaces - [System.Xml.XmlNamespaceManager]$NsMgr = New-Object -TypeName System.Xml.XmlNamespaceManager -ArgumentList $XmlDocument.NameTable - $NsMgr.AddNamespace('sip', 'urn:schemas-microsoft-com:sipolicy') - } - - Process { - # Remove duplicate elements within the section - [System.Xml.XmlNodeList]$AllowElements = $XmlDocument.SelectNodes('//sip:FileRules/sip:Allow', $NsMgr) - - [System.Collections.Hashtable]$UniqueAllowIDs = @{} - - foreach ($AllowElement in $AllowElements) { - - [System.String]$AllowID = $AllowElement.ID - - if ($UniqueAllowIDs.ContainsKey($AllowID)) { - - [WDACConfig.VerboseLogger]::Write("Removing duplicate Allow element with ID: $AllowID") - [System.Void]$AllowElement.ParentNode.RemoveChild($AllowElement) - } - else { - $UniqueAllowIDs[$AllowID] = $true - } - } - - # Remove duplicate elements within under nodes - [System.Xml.XmlNodeList]$SigningScenarios = $XmlDocument.SelectNodes('//sip:SigningScenarios/sip:SigningScenario', $NsMgr) - - foreach ($Scenario in $SigningScenarios) { - - $ProductSigners = $Scenario.ProductSigners - - $FileRulesRefs = $ProductSigners.FileRulesRef - - foreach ($FileRulesRef in $FileRulesRefs) { - - [System.Collections.Hashtable]$UniqueFileRuleRefIDs = @{} - - [System.Xml.XmlElement[]]$FileRuleRefs = $FileRulesRef.FileRuleRef - - foreach ($FileRuleRef in $FileRuleRefs) { - - [System.String]$RuleID = $FileRuleRef.RuleID - - if ($UniqueFileRuleRefIDs.ContainsKey($RuleID)) { - - [WDACConfig.VerboseLogger]::Write("Removing duplicate FileRuleRef element with ID: $RuleID") - [System.Void]$FileRulesRef.RemoveChild($FileRuleRef) - } - else { - $UniqueFileRuleRefIDs[$RuleID] = $true - } - } - } - } - } - - End { - # Save the modified XML document back to the original file path - $XmlDocument.Save($XmlFilePath) - } -} -Export-ModuleMember -Function 'Remove-DuplicateAllowAndFileRuleRefElements_IDBased' diff --git a/WDACConfig/WDACConfig Module Files/XMLOps/Remove-DuplicateAllowedSignersAndCiSigners_IDBased.psm1 b/WDACConfig/WDACConfig Module Files/XMLOps/Remove-DuplicateAllowedSignersAndCiSigners_IDBased.psm1 deleted file mode 100644 index 1c2c4d0f3..000000000 --- a/WDACConfig/WDACConfig Module Files/XMLOps/Remove-DuplicateAllowedSignersAndCiSigners_IDBased.psm1 +++ /dev/null @@ -1,67 +0,0 @@ -Function Remove-DuplicateAllowedSignersAndCiSigners_IDBased { - <# - .SYNOPSIS - Removes duplicate SignerIds from the CiSigners and AllowedSigners nodes from each Signing Scenario in a CI policy XML file - The criteria for removing duplicates is the SignerId attribute of the CiSigner and AllowedSigner nodes - .PARAMETER Path - The path to the CI policy XML file - .INPUTS - System.IO.FileInfo - .OUTPUTS - System.Void - #> - [CmdletBinding()] - param ( - [Parameter(Mandatory = $true)][System.IO.FileInfo]$Path - ) - Begin { - . "$([WDACConfig.GlobalVars]::ModuleRootPath)\CoreExt\PSDefaultParameterValues.ps1" - - # Load the XML file - [System.Xml.XmlDocument]$Xml = Get-Content -Path $Path - - # Create an XmlNamespaceManager for namespace resolution - [System.Xml.XmlNamespaceManager]$NsManager = New-Object System.Xml.XmlNamespaceManager -ArgumentList $Xml.NameTable - $NsManager.AddNamespace('ns', 'urn:schemas-microsoft-com:sipolicy') - - Function Remove-DuplicateSignerIds { - <# - .SYNOPSIS - Removes duplicate SignerIds from the given XmlNodeList - #> - Param( - [Parameter(Mandatory = $true)][System.Xml.XmlNodeList]$NodeList - ) - - [System.String[]]$UniqueSignerIds = @() - - foreach ($Node in $NodeList) { - if ($UniqueSignerIds -notcontains $Node.SignerId) { - $UniqueSignerIds += $Node.SignerId - } - else { - [System.Void]$Node.ParentNode.RemoveChild($Node) - } - } - } - } - - Process { - - # Get CiSigners and AllowedSigners nodes - [System.Xml.XmlNodeList]$CiSigners = $Xml.SelectNodes('//ns:CiSigners/ns:CiSigner', $NsManager) - [System.Xml.XmlNodeList]$AllowedSigners12 = $Xml.SelectNodes('//ns:SigningScenarios/ns:SigningScenario[@Value="12"]/ns:ProductSigners/ns:AllowedSigners/ns:AllowedSigner', $NsManager) - [System.Xml.XmlNodeList]$AllowedSigners131 = $Xml.SelectNodes('//ns:SigningScenarios/ns:SigningScenario[@Value="131"]/ns:ProductSigners/ns:AllowedSigners/ns:AllowedSigner', $NsManager) - - # Remove duplicate signer IDs from CiSigners and AllowedSigners - Remove-DuplicateSignerIds $CiSigners - Remove-DuplicateSignerIds $AllowedSigners12 - Remove-DuplicateSignerIds $AllowedSigners131 - } - - End { - # Save the changes to the XML file - $Xml.Save($Path) - } -} -Export-ModuleMember -Function 'Remove-DuplicateAllowedSignersAndCiSigners_IDBased' diff --git a/WDACConfig/WDACConfig Module Files/XMLOps/Remove-DuplicateFileAttribRef_IDBased.psm1 b/WDACConfig/WDACConfig Module Files/XMLOps/Remove-DuplicateFileAttribRef_IDBased.psm1 deleted file mode 100644 index 2d96356a8..000000000 --- a/WDACConfig/WDACConfig Module Files/XMLOps/Remove-DuplicateFileAttribRef_IDBased.psm1 +++ /dev/null @@ -1,59 +0,0 @@ -Function Remove-DuplicateFileAttribRef_IDBased { - <# - .SYNOPSIS - Loops through each Signer element in node in the XML file and removes duplicate FileAttribRef elements inside them - Based on the RuleID attribute - This is according to the ConfigCI Schema - .PARAMETER XmlFilePath - The path to the XML file to be modified - .INPUTS - System.IO.FileInfo - .OUTPUTS - System.Void - #> - [CmdletBinding()] - [OutputType([System.Void])] - Param( - [Parameter(Mandatory = $true)][System.IO.FileInfo]$XmlFilePath - ) - Begin { - . "$([WDACConfig.GlobalVars]::ModuleRootPath)\CoreExt\PSDefaultParameterValues.ps1" - - # Load the XML file - [System.Xml.XmlDocument]$Xml = Get-Content -Path $XmlFilePath - } - - Process { - - # Iterate through each Signer element - foreach ($Signer in $Xml.SiPolicy.Signers.Signer) { - - # Create a hashtable to track unique FileAttribRef IDs - [System.Collections.Hashtable]$UniqueFileAttribRefs = @{} - - # Iterate through each FileAttribRef element of the current signer - foreach ($FileAttribRef in $Signer.FileAttribRef) { - - # Get the RuleID attribute value of the current FileAttribRef element - [System.String]$FileAttribRefID = $FileAttribRef.RuleID - - # Check if the current FileAttribRef ID already exists in the hashtable - if (-not $UniqueFileAttribRefs.ContainsKey($FileAttribRefID)) { - - # If not, add it to the hashtable and keep the FileAttribRef element - $UniqueFileAttribRefs[$FileAttribRefID] = $true - } - else { - # If it exists, remove the duplicate FileAttribRef element - [System.Void]$Signer.RemoveChild($FileAttribRef) - } - } - } - } - - End { - # Save the modified XML back to the file - $Xml.Save($XmlFilePath) - } -} -Export-ModuleMember -Function 'Remove-DuplicateFileAttribRef_IDBased' diff --git a/WDACConfig/WDACConfig Module Files/XMLOps/Remove-DuplicateFileAttrib_IDBased.psm1 b/WDACConfig/WDACConfig Module Files/XMLOps/Remove-DuplicateFileAttrib_IDBased.psm1 deleted file mode 100644 index fdf6d40ec..000000000 --- a/WDACConfig/WDACConfig Module Files/XMLOps/Remove-DuplicateFileAttrib_IDBased.psm1 +++ /dev/null @@ -1,125 +0,0 @@ -Function Remove-DuplicateFileAttrib_IDBased { - <# - .SYNOPSIS - Takes a path to an XML file and removes duplicate FileAttrib elements from the node - and duplicate FileRuleRef elements from the node under each node - and duplicate FileAttribRef elements from the node under each node. - - The criteria for removing duplicates is the ID attribute of the FileAttrib elements and the RuleID attribute of the FileRuleRef elements - .PARAMETER XmlFilePath - The path to the XML file to be modified. - .INPUTS - System.IO.FileInfo - .OUTPUTS - System.Void - #> - [CmdletBinding()] - [OutputType([System.Void])] - param ( - [Parameter(Mandatory = $true)][System.IO.FileInfo]$XmlFilePath - ) - Begin { - # Load the XML file - [System.Xml.XmlDocument]$Xml = Get-Content -Path $XmlFilePath - - # Define namespace manager - [System.Xml.XmlNamespaceManager]$NsMgr = New-Object -TypeName System.Xml.XmlNamespaceManager -ArgumentList $Xml.NameTable - $NsMgr.AddNamespace('sip', 'urn:schemas-microsoft-com:sipolicy') - } - - Process { - . "$([WDACConfig.GlobalVars]::ModuleRootPath)\CoreExt\PSDefaultParameterValues.ps1" - - # Get all FileAttrib elements - [System.Xml.XmlNodeList]$FileAttribs = $Xml.SelectNodes('//sip:FileRules/sip:FileAttrib', $NsMgr) - - # Track seen FileAttrib IDs - [System.Collections.Hashtable]$SeenFileAttribIDs = @{} - - # Loop through each FileAttrib element - foreach ($FileAttrib in $FileAttribs) { - - [System.String]$FileAttribID = $FileAttrib.ID - - # Check if the FileAttrib ID has been seen before - if ($SeenFileAttribIDs.ContainsKey($FileAttribID)) { - - [WDACConfig.VerboseLogger]::Write("Remove-DuplicateFileAttrib: Removed duplicate FileAttrib with ID: $FileAttribID") - [System.Void]$FileAttrib.ParentNode.RemoveChild($FileAttrib) - } - else { - # If not seen before, add to seen FileAttrib IDs - $SeenFileAttribIDs[$FileAttribID] = $true - } - } - - # Get all ProductSigners under SigningScenarios - [System.Xml.XmlNodeList]$SigningScenarios = $Xml.SelectNodes('//sip:SigningScenarios/sip:SigningScenario', $NsMgr) - - # Loop through each SigningScenario - foreach ($Scenario in $SigningScenarios) { - - # Track seen FileRuleRef IDs - [System.Collections.Hashtable]$SeenFileRuleRefIDs = @{} - - # Get all FileRuleRef elements under ProductSigners - $FileRuleRefs = $Scenario.ProductSigners.FileRulesRef.FileRuleRef - - # Loop through each FileRuleRef element - foreach ($FileRuleRef in $FileRuleRefs) { - - [System.String]$FileRuleRefID = $FileRuleRef.RuleID - - # Check if the FileRuleRef ID has been seen before - if ($SeenFileRuleRefIDs.ContainsKey($FileRuleRefID)) { - - [WDACConfig.VerboseLogger]::Write("Remove-DuplicateFileAttrib: Removed duplicate FileRuleRef with ID: $FileRuleRefID") - [System.Void]$FileRuleRef.ParentNode.RemoveChild($FileRuleRef) - } - else { - # If not seen before, add to seen FileRuleRef IDs - $SeenFileRuleRefIDs[$FileRuleRefID] = $true - } - } - } - - # Get all Signers - [System.Xml.XmlNodeList]$Signers = $Xml.SelectNodes('//sip:Signers/sip:Signer', $NsMgr) - - # Loop through each Signer - foreach ($Signer in $Signers) { - - # Get all FileAttribRef elements under the Signer - [System.Xml.XmlElement[]]$FileAttribRefs = foreach ($Item in $Signer.ChildNodes) { - if ($Item.Name -eq 'FileAttribRef') { - $Item - } - } - - # Track seen FileAttribRef IDs - [System.Collections.Hashtable]$SeenFileAttribRefIDs = @{} - - # Loop through each FileAttribRef element - foreach ($FileAttribRef in $FileAttribRefs) { - - [System.String]$FileAttribRefID = $FileAttribRef.RuleID - - # Check if the FileAttribRef ID has been seen before - if ($SeenFileAttribRefIDs.ContainsKey($FileAttribRefID)) { - - [WDACConfig.VerboseLogger]::Write("Remove-DuplicateFileAttrib: Removed duplicate FileAttribRef with ID: $FileAttribRefID") - [System.Void]$Signer.RemoveChild($FileAttribRef) - } - else { - # If not seen before, add to seen FileAttribRef IDs - $SeenFileAttribRefIDs[$FileAttribRefID] = $true - } - } - } - } - End { - # Save the modified XML - $Xml.Save($XmlFilePath) - } -} -Export-ModuleMember -Function 'Remove-DuplicateFileAttrib_IDBased' diff --git a/WDACConfig/WDACConfig Module Files/XMLOps/Remove-DuplicateFileAttrib_Semantic.psm1 b/WDACConfig/WDACConfig Module Files/XMLOps/Remove-DuplicateFileAttrib_Semantic.psm1 index d4c8d843d..53206a57c 100644 --- a/WDACConfig/WDACConfig Module Files/XMLOps/Remove-DuplicateFileAttrib_Semantic.psm1 +++ b/WDACConfig/WDACConfig Module Files/XMLOps/Remove-DuplicateFileAttrib_Semantic.psm1 @@ -41,11 +41,8 @@ function Remove-DuplicateFileAttrib_Semantic { # Define a hashtable to store Signer IDs and their associated SigningScenario IDs [System.Collections.Hashtable]$SignerScenarioHash = @{} - } - Process { - # Iterate through each FileAttrib element foreach ($FileAttrib in $XmlDoc.SelectNodes('//ns:FileAttrib', $NsMgr)) { @@ -155,11 +152,9 @@ function Remove-DuplicateFileAttrib_Semantic { } } } - } End { - # Save the modified XML back to file $XmlDoc.Save($XmlFilePath) } } diff --git a/WDACConfig/WDACConfig Module Files/XMLOps/Remove-OrphanAllowedSignersAndCiSigners_IDBased.psm1 b/WDACConfig/WDACConfig Module Files/XMLOps/Remove-OrphanAllowedSignersAndCiSigners_IDBased.psm1 deleted file mode 100644 index 233b2e63a..000000000 --- a/WDACConfig/WDACConfig Module Files/XMLOps/Remove-OrphanAllowedSignersAndCiSigners_IDBased.psm1 +++ /dev/null @@ -1,74 +0,0 @@ -Function Remove-OrphanAllowedSignersAndCiSigners_IDBased { - <# - .SYNOPSIS - Removes elements with invalid SignerIds from the CiSigners and AllowedSigners nodes in a CI policy XML file - These are elements with SignerIds that are not found in any in the node - .PARAMETER Path - The path to the CI policy XML file - .INPUTS - System.IO.FileInfo - .OUTPUTS - System.Void - #> - [CmdletBinding()] - [OutputType([System.Void])] - param ( - [Parameter(Mandatory = $true)][System.IO.FileInfo]$Path - ) - Begin { - . "$([WDACConfig.GlobalVars]::ModuleRootPath)\CoreExt\PSDefaultParameterValues.ps1" - - # Load the XML file - [System.Xml.XmlDocument]$Xml = Get-Content -Path $Path - - # Create an XmlNamespaceManager for namespace resolution - [System.Xml.XmlNamespaceManager]$NsManager = New-Object System.Xml.XmlNamespaceManager -ArgumentList $Xml.NameTable - $NsManager.AddNamespace('ns', 'urn:schemas-microsoft-com:sipolicy') - - # Get the list of valid signer IDs from the Signers node - [System.String[]]$ValidSignerIds = foreach ($Item in ($Xml.SelectNodes('//ns:Signers/ns:Signer', $NsManager))) { - $Item.ID - } - - Function Remove-InvalidSignerIds { - <# - .SYNOPSIS - Removes nodes with invalid SignerIds from the given XmlNodeList - .INPUTS - System.Xml.XmlNodeList - .OUTPUTS - System.Void - .PARAMETER NodeList - The XmlNodeList to remove invalid SignerIds from - #> - Param ( - [Parameter(Mandatory = $true)][System.Xml.XmlNodeList]$NodeList - ) - - foreach ($Node in $NodeList) { - if ($ValidSignerIds -notcontains $Node.SignerId) { - [System.Void]$Node.ParentNode.RemoveChild($Node) - } - } - } - } - - Process { - - # Get CiSigners and AllowedSigners nodes - [System.Xml.XmlNodeList]$CiSigners = $Xml.SelectNodes('//ns:CiSigners/ns:CiSigner', $NsManager) - [System.Xml.XmlNodeList]$AllowedSigners12 = $Xml.SelectNodes('//ns:SigningScenarios/ns:SigningScenario[@Value="12"]/ns:ProductSigners/ns:AllowedSigners/ns:AllowedSigner', $NsManager) - [System.Xml.XmlNodeList]$AllowedSigners131 = $Xml.SelectNodes('//ns:SigningScenarios/ns:SigningScenario[@Value="131"]/ns:ProductSigners/ns:AllowedSigners/ns:AllowedSigner', $NsManager) - - # Remove invalid signer IDs from CiSigners and AllowedSigners - Remove-InvalidSignerIds $CiSigners - Remove-InvalidSignerIds $AllowedSigners12 - Remove-InvalidSignerIds $AllowedSigners131 - - } - End { - # Save the changes to the XML file - $Xml.Save($Path) - } -} -Export-ModuleMember -Function 'Remove-OrphanAllowedSignersAndCiSigners_IDBased' diff --git a/WDACConfig/WDACConfig Module Files/XMLOps/Remove-UnreferencedFileRuleRefs.psm1 b/WDACConfig/WDACConfig Module Files/XMLOps/Remove-UnreferencedFileRuleRefs.psm1 index 2f48e7cf7..58f5844b7 100644 --- a/WDACConfig/WDACConfig Module Files/XMLOps/Remove-UnreferencedFileRuleRefs.psm1 +++ b/WDACConfig/WDACConfig Module Files/XMLOps/Remove-UnreferencedFileRuleRefs.psm1 @@ -17,10 +17,8 @@ function Remove-UnreferencedFileRuleRefs { Begin { . "$([WDACConfig.GlobalVars]::ModuleRootPath)\CoreExt\PSDefaultParameterValues.ps1" - # Load the XML file [System.Xml.XmlDocument]$XmlContent = Get-Content $XmlFilePath } - Process { # Define the namespace to use with the namespace manager [System.Xml.XmlNamespaceManager]$NsManager = New-Object -TypeName System.Xml.XmlNamespaceManager -ArgumentList $XmlContent.NameTable @@ -42,7 +40,6 @@ function Remove-UnreferencedFileRuleRefs { } } } - End { # Save the modified XML back to the file or to a new file $XmlContent.Save($XmlFilePath) diff --git a/WDACConfig/WDACConfig.csproj b/WDACConfig/WDACConfig.csproj index 3f313c2de..713c655cc 100644 --- a/WDACConfig/WDACConfig.csproj +++ b/WDACConfig/WDACConfig.csproj @@ -3,11 +3,19 @@ Exe net9.0-windows10.0.22621.0 - enable + WDACConfig + + + disable + enable true + true True - WDACConfig https://github.com/HotCakeX/Harden-Windows-Security https://github.com/HotCakeX/Harden-Windows-Security Windows @@ -15,20 +23,29 @@ Violet Hansen SpyNetGirl WDACConfig + WDACConfig https://github.com/HotCakeX/Harden-Windows-Security/releases - + True + True True + True + + + + win-x64;win-arm64 + false + en-US - + diff --git a/WDACConfig/version.txt b/WDACConfig/version.txt index b300caa32..c8a5397fb 100644 --- a/WDACConfig/version.txt +++ b/WDACConfig/version.txt @@ -1 +1 @@ -0.4.4 \ No newline at end of file +0.4.5 \ No newline at end of file