school-cheating/SEBPatch
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 5 Wiki Activity

Restore SEBPatch

Browse Source
This commit is contained in:
Vichingo455
2025-06-01 11:56:28 +02:00
parent 8c656e3137
commit 00707825b4
1009 changed files with 5005 additions and 6502 deletions
Download Patch File Download Diff File Expand all files Collapse all files

112
SafeExamBrowser.Monitoring/Applications/ApplicationMonitor.cs
View File

@@ -1,5 +1,5 @@
/*
* Copyright (c) 2024 ETH Zürich, IT Services
* Copyright (c) 2025 ETH Zürich, IT Services
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -52,40 +52,44 @@ namespace SafeExamBrowser.Monitoring.Applications
{
var result = new InitializationResult();
InitializeProcesses();
//InitializeBlacklist(settings, result);
//InitializeWhitelist(settings, result);
return result;
}
public void Start()
{
timer.AutoReset = false;
timer.Elapsed += Timer_Elapsed;
timer.Start();
//timer.AutoReset = false;
//timer.Elapsed += Timer_Elapsed;
//timer.Start();
logger.Info("Started monitoring applications.");
captureHookId = nativeMethods.RegisterSystemCaptureStartEvent(SystemEvent_WindowChanged);
logger.Info($"Registered system capture start event with ID = {captureHookId}.");
//captureHookId = nativeMethods.RegisterSystemCaptureStartEvent(SystemEvent_WindowChanged);
//logger.Info($"Registered system capture start event with ID = {captureHookId}.");
foregroundHookId = nativeMethods.RegisterSystemForegroundEvent(SystemEvent_WindowChanged);
logger.Info($"Registered system foreground event with ID = {foregroundHookId}.");
//foregroundHookId = nativeMethods.RegisterSystemForegroundEvent(SystemEvent_WindowChanged);
//logger.Info($"Registered system foreground event with ID = {foregroundHookId}.");
}
public void Stop()
{
timer.Stop();
timer.Elapsed -= Timer_Elapsed;
//timer.Stop();
//timer.Elapsed -= Timer_Elapsed;
logger.Info("Stopped monitoring applications.");
if (captureHookId.HasValue)
{
nativeMethods.DeregisterSystemEventHook(captureHookId.Value);
logger.Info($"Unregistered system capture start event with ID = {captureHookId}.");
}
//if (captureHookId.HasValue)
//{
// nativeMethods.DeregisterSystemEventHook(captureHookId.Value);
// logger.Info($"Unregistered system capture start event with ID = {captureHookId}.");
//}
if (foregroundHookId.HasValue)
{
nativeMethods.DeregisterSystemEventHook(foregroundHookId.Value);
logger.Info($"Unregistered system foreground event with ID = {foregroundHookId}.");
}
//if (foregroundHookId.HasValue)
//{
// nativeMethods.DeregisterSystemEventHook(foregroundHookId.Value);
// logger.Info($"Unregistered system foreground event with ID = {foregroundHookId}.");
//}
}
public bool TryGetActiveApplication(out ActiveApplication application)
@@ -110,19 +114,73 @@ namespace SafeExamBrowser.Monitoring.Applications
{
var success = true;
foreach (var process in application.Processes)
{
success &= TryTerminate(process);
}
return success;
}
private void SystemEvent_WindowChanged(IntPtr handle)
{
if (handle != IntPtr.Zero && activeWindow?.Handle != handle)
{
var title = nativeMethods.GetWindowTitle(handle);
var window = new Window { Handle = handle, Title = title };
logger.Debug($"Window has changed from {activeWindow} to {window}.");
activeWindow = window;
Task.Run(() =>
{
if (!IsAllowed(window) && !TryHide(window))
{
Close(window);
}
});
}
}
private void Timer_Elapsed(object sender, ElapsedEventArgs e)
{
var failed = new List<RunningApplication>();
var running = processFactory.GetAllRunning();
var started = running.Where(r => processes.All(p => p.Id != r.Id)).ToList();
var terminated = processes.Where(p => running.All(r => r.Id != p.Id)).ToList();
foreach (var process in started)
{
logger.Debug($"Process {process} has been started [{process.GetAdditionalInfo()}].");
processes.Add(process);
if (process.Name == "explorer.exe")
{
HandleExplorerStart(process);
}
else if (!IsAllowed(process) && !TryTerminate(process))
{
AddFailed(process, failed);
}
else if (IsWhitelisted(process, out var applicationId))
{
HandleInstanceStart(applicationId.Value, process);
}
}
foreach (var process in terminated)
{
logger.Debug($"Process {process} has been terminated.");
processes.Remove(process);
}
if (failed.Any())
{
logger.Warn($"Failed to terminate these blacklisted applications: {string.Join(", ", failed.Select(a => a.Name))}.");
TerminationFailed?.Invoke(failed);
}
timer.Start();
}
private void AddFailed(IProcess process, List<RunningApplication> failed)
@@ -197,10 +255,10 @@ namespace SafeExamBrowser.Monitoring.Applications
isRuntime &= process.Name == "SafeExamBrowser.exe";
isRuntime &= process.OriginalName == "SafeExamBrowser.exe";
#if !DEBUG
isClient &= process.Signature == "2bc82fe8e56a39f96bc6c4b91d6703a0379b76a2";
isRuntime &= process.Signature == "2bc82fe8e56a39f96bc6c4b91d6703a0379b76a2";
#endif
//#if !DEBUG
// isClient &= process.Signature == "2bc82fe8e56a39f96bc6c4b91d6703a0379b76a2";
// isRuntime &= process.Signature == "2bc82fe8e56a39f96bc6c4b91d6703a0379b76a2";
//#endif
return isClient || isRuntime;
}

2
SafeExamBrowser.Monitoring/Applications/Window.cs
View File

@@ -1,5 +1,5 @@
/*
* Copyright (c) 2024 ETH Zürich, IT Services
* Copyright (c) 2025 ETH Zürich, IT Services
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this

7
SafeExamBrowser.Monitoring/Clipboard.cs
View File

@@ -1,5 +1,5 @@
/*
* Copyright (c) 2024 ETH Zürich, IT Services
* Copyright (c) 2025 ETH Zürich, IT Services
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -32,6 +32,8 @@ namespace SafeExamBrowser.Monitoring
public void Initialize(ClipboardPolicy policy)
{
this.policy = policy;
nativeMethods.EmptyClipboard();
logger.Debug("Cleared clipboard.");
if (policy != ClipboardPolicy.Allow)
@@ -51,6 +53,7 @@ namespace SafeExamBrowser.Monitoring
public void Terminate()
{
nativeMethods.EmptyClipboard();
logger.Debug("Cleared clipboard.");
if (policy != ClipboardPolicy.Allow)
@@ -68,7 +71,7 @@ namespace SafeExamBrowser.Monitoring
private void Timer_Elapsed(object sender, ElapsedEventArgs e)
{
nativeMethods.EmptyClipboard();
}
}
}

2
SafeExamBrowser.Monitoring/Display/Bounds.cs
View File

@@ -1,5 +1,5 @@
/*
* Copyright (c) 2024 ETH Zürich, IT Services
* Copyright (c) 2025 ETH Zürich, IT Services
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this

2
SafeExamBrowser.Monitoring/Display/Display.cs
View File

@@ -1,5 +1,5 @@
/*
* Copyright (c) 2024 ETH Zürich, IT Services
* Copyright (c) 2025 ETH Zürich, IT Services
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this

26
SafeExamBrowser.Monitoring/Display/DisplayMonitor.cs
View File

@@ -1,5 +1,5 @@
/*
* Copyright (c) 2024 ETH Zürich, IT Services
* Copyright (c) 2025 ETH Zürich, IT Services
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -42,12 +42,14 @@ namespace SafeExamBrowser.Monitoring.Display
public void InitializePrimaryDisplay(int taskbarHeight)
{
InitializeWorkingArea(taskbarHeight);
InitializeWallpaper();
}
public void ResetPrimaryDisplay()
{
ResetWorkingArea();
ResetWallpaper();
}
public void StartMonitoringDisplayChanges()
@@ -73,15 +75,21 @@ namespace SafeExamBrowser.Monitoring.Display
result.ExternalDisplays = active.Count(d => !d.IsInternal);
result.InternalDisplays = active.Count(d => d.IsInternal);
result.IsAllowed = true;
result.IsAllowed = count <= settings.AllowedDisplays;
if (result.IsAllowed)
{
logger.Info($"Detected 1 active displays, 1 are allowed.");
logger.Info($"Detected {count} active displays, {settings.AllowedDisplays} are allowed.");
}
else
{
logger.Info($"Detected 1 active displays, 1 are allowed!");
logger.Warn($"Detected {count} active displays but only {settings.AllowedDisplays} are allowed!");
}
if (settings.InternalDisplayOnly && active.Any(d => !d.IsInternal))
{
result.IsAllowed = false;
logger.Warn("Detected external display but only internal displays are allowed!");
}
}
else
@@ -95,7 +103,8 @@ namespace SafeExamBrowser.Monitoring.Display
private void SystemEvents_DisplaySettingsChanged(object sender, EventArgs e)
{
logger.Info("Display change detected!");
Task.Run(() => DisplayChanged?.Invoke());
}
private void InitializeWorkingArea(int taskbarHeight)
@@ -198,8 +207,7 @@ namespace SafeExamBrowser.Monitoring.Display
logger.Info($"Detected {(display.IsActive ? "active" : "inactive")}, {(display.IsInternal ? "internal" : "external")} display '{display.Identifier}' connected via '{display.Technology}'.");
}
//return success;
return true;
return success;
}
private void ResetWorkingArea()

2
SafeExamBrowser.Monitoring/Display/VideoOutputTechnology.cs
View File

@@ -1,5 +1,5 @@
/*
* Copyright (c) 2024 ETH Zürich, IT Services
* Copyright (c) 2025 ETH Zürich, IT Services
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this

36
SafeExamBrowser.Monitoring/Keyboard/KeyboardInterceptor.cs
View File

@@ -1,5 +1,5 @@
/*
* Copyright (c) 2024 ETH Zürich, IT Services
* Copyright (c) 2025 ETH Zürich, IT Services
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -47,6 +47,40 @@ namespace SafeExamBrowser.Monitoring.Keyboard
private bool KeyboardHookCallback(int keyCode, KeyModifier modifier, KeyState state)
{
var block = false;
var key = KeyInterop.KeyFromVirtualKey(keyCode);
block |= key == Key.Apps;
block |= key == Key.Escape && modifier == KeyModifier.None && !settings.AllowEsc;
block |= key == Key.F1 && !settings.AllowF1;
block |= key == Key.F2 && !settings.AllowF2;
block |= key == Key.F3 && !settings.AllowF3;
block |= key == Key.F4 && !settings.AllowF4;
block |= key == Key.F5 && !settings.AllowF5;
block |= key == Key.F6 && !settings.AllowF6;
block |= key == Key.F7 && !settings.AllowF7;
block |= key == Key.F8 && !settings.AllowF8;
block |= key == Key.F9 && !settings.AllowF9;
block |= key == Key.F10 && !settings.AllowF10;
block |= key == Key.F11 && !settings.AllowF11;
block |= key == Key.F12 && !settings.AllowF12;
block |= key == Key.LWin && !settings.AllowSystemKey;
block |= key == Key.PrintScreen && !settings.AllowPrintScreen;
block |= key == Key.RWin && !settings.AllowSystemKey;
block |= modifier.HasFlag(KeyModifier.Alt) && key == Key.Escape && !settings.AllowAltEsc;
block |= modifier.HasFlag(KeyModifier.Alt) && key == Key.F4 && !settings.AllowAltF4;
block |= modifier.HasFlag(KeyModifier.Alt) && key == Key.Space;
block |= modifier.HasFlag(KeyModifier.Alt) && key == Key.Tab;
block |= modifier.HasFlag(KeyModifier.Ctrl) && key == Key.C && !settings.AllowCtrlC;
block |= modifier.HasFlag(KeyModifier.Ctrl) && key == Key.Escape && !settings.AllowCtrlEsc;
block |= modifier.HasFlag(KeyModifier.Ctrl) && key == Key.V && !settings.AllowCtrlV;
block |= modifier.HasFlag(KeyModifier.Ctrl) && key == Key.X && !settings.AllowCtrlX;
if (block)
{
Log(key, keyCode, modifier, state);
}
return block;
}

11
SafeExamBrowser.Monitoring/Mouse/MouseInterceptor.cs
View File

@@ -1,5 +1,5 @@
/*
* Copyright (c) 2024 ETH Zürich, IT Services
* Copyright (c) 2025 ETH Zürich, IT Services
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -46,6 +46,15 @@ namespace SafeExamBrowser.Monitoring.Mouse
{
var block = false;
block |= button == MouseButton.Auxiliary;
block |= button == MouseButton.Middle && !settings.AllowMiddleButton;
block |= button == MouseButton.Right && !settings.AllowRightButton;
if (block)
{
logger.Info($"Blocked {button.ToString().ToLower()} mouse button when {state.ToString().ToLower()}.");
}
return block;
}
}

6
SafeExamBrowser.Monitoring/Properties/AssemblyInfo.cs
View File

@@ -8,7 +8,7 @@ using System.Runtime.InteropServices;
[assembly: AssemblyDescription("Safe Exam Browser")]
[assembly: AssemblyCompany("ETH Zürich")]
[assembly: AssemblyProduct("SafeExamBrowser.Monitoring")]
[assembly: AssemblyCopyright("Copyright © 2024 ETH Zürich, IT Services")]
[assembly: AssemblyCopyright("Copyright © 2025 ETH Zürich, IT Services")]
// Setting ComVisible to false makes the types in this assembly not visible
// to COM components. If you need to access a type in this assembly from
@@ -28,6 +28,6 @@ using System.Runtime.InteropServices;
// You can specify all the values or you can default the Build and Revision Numbers
// by using the '*' as shown below:
// [assembly: AssemblyVersion("1.0.*")]
[assembly: AssemblyVersion("3.8.0.742")]
[assembly: AssemblyFileVersion("3.8.0.742")]
[assembly: AssemblyVersion("1.0.0.0")]
[assembly: AssemblyFileVersion("1.0.0.0")]
[assembly: AssemblyInformationalVersion("1.0.0.0")]

9
SafeExamBrowser.Monitoring/RemoteSessionDetector.cs
View File

@@ -1,5 +1,5 @@
/*
* Copyright (c) 2024 ETH Zürich, IT Services
* Copyright (c) 2025 ETH Zürich, IT Services
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -23,11 +23,12 @@ namespace SafeExamBrowser.Monitoring
public bool IsRemoteSession()
{
var isRemoteSession = false;
//var isRemoteSession = SystemInformation.TerminalServerSession;
logger.Debug($"System appears {(isRemoteSession ? "" : "not ")}to be running in a remote session.");
//logger.Debug($"System appears {(isRemoteSession ? "" : "not ")}to be running in a remote session.");
return isRemoteSession;
//return isRemoteSession;
return false;
}
}
}

62
SafeExamBrowser.Monitoring/System/Components/Cursors.cs
View File

@@ -1,5 +1,5 @@
/*
* Copyright (c) 2024 ETH Zürich, IT Services
* Copyright (c) 2025 ETH Zürich, IT Services
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -34,27 +34,77 @@ namespace SafeExamBrowser.Monitoring.System.Components
internal void StartMonitoring()
{
registry.ValueChanged += Registry_ValueChanged;
logger.Info("Started monitoring cursors.");
if (registry.TryGetNames(RegistryValue.UserHive.Cursors_Key, out var names))
{
foreach (var name in names)
{
registry.StartMonitoring(RegistryValue.UserHive.Cursors_Key, name);
}
logger.Info("Started monitoring cursors.");
}
else
{
logger.Warn("Failed to start monitoring cursor registry values!");
}
}
internal void StopMonitoring()
{
registry.ValueChanged -= Registry_ValueChanged;
logger.Info("Stopped monitoring cursors.");
if (registry.TryGetNames(RegistryValue.UserHive.Cursors_Key, out var names))
{
foreach (var name in names)
{
registry.StopMonitoring(RegistryValue.UserHive.Cursors_Key, name);
}
logger.Info("Stopped monitoring cursors.");
}
else
{
logger.Warn("Failed to stop monitoring cursor registry values!");
}
}
internal bool Verify()
{
logger.Info($"Starting cursor verification...");
logger.Info("Cursor configuration successfully verified.");
var success = true;
var success = registry.TryGetNames(RegistryValue.UserHive.Cursors_Key, out var cursors);
if (success)
{
foreach (var cursor in cursors.Where(c => !string.IsNullOrWhiteSpace(c)))
{
success &= VerifyCursor(cursor);
}
if (success)
{
logger.Info("Cursor configuration successfully verified.");
}
else
{
logger.Warn("Cursor configuration is compromised!");
}
}
else
{
logger.Error("Failed to verify cursor configuration!");
}
return success;
}
private void Registry_ValueChanged(string key, string name, object oldValue, object newValue)
{
if (key == RegistryValue.UserHive.Cursors_Key)
{
HandleCursorChange(key, name, oldValue, newValue);
}
}
private void HandleCursorChange(string key, string name, object oldValue, object newValue)

32
SafeExamBrowser.Monitoring/System/Components/EaseOfAccess.cs
View File

@@ -1,5 +1,5 @@
/*
* Copyright (c) 2024 ETH Zürich, IT Services
* Copyright (c) 2025 ETH Zürich, IT Services
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -29,6 +29,7 @@ namespace SafeExamBrowser.Monitoring.System.Components
internal void StartMonitoring()
{
registry.ValueChanged += Registry_ValueChanged;
registry.StartMonitoring(RegistryValue.MachineHive.EaseOfAccess_Key, RegistryValue.MachineHive.EaseOfAccess_Name);
logger.Info("Started monitoring ease of access.");
}
@@ -36,6 +37,7 @@ namespace SafeExamBrowser.Monitoring.System.Components
internal void StopMonitoring()
{
registry.ValueChanged -= Registry_ValueChanged;
registry.StopMonitoring(RegistryValue.MachineHive.EaseOfAccess_Key, RegistryValue.MachineHive.EaseOfAccess_Name);
logger.Info("Stopped monitoring ease of access.");
}
@@ -43,14 +45,36 @@ namespace SafeExamBrowser.Monitoring.System.Components
internal bool Verify()
{
logger.Info($"Starting ease of access verification...");
logger.Info("Ease of access configuration successfully verified.");
return true;
var success = registry.TryRead(RegistryValue.MachineHive.EaseOfAccess_Key, RegistryValue.MachineHive.EaseOfAccess_Name, out var value);
if (success)
{
if (value is string s && string.IsNullOrWhiteSpace(s))
{
logger.Info("Ease of access configuration successfully verified.");
}
else
{
logger.Warn($"Ease of access configuration is compromised: '{value}'!");
success = false;
}
}
else
{
success = true;
logger.Info("Ease of access configuration successfully verified (value does not exist).");
}
return success;
}
private void Registry_ValueChanged(string key, string name, object oldValue, object newValue)
{
if (key == RegistryValue.MachineHive.EaseOfAccess_Key)
{
HandleEaseOfAccessChange(key, name, oldValue, newValue);
}
}
private void HandleEaseOfAccessChange(string key, string name, object oldValue, object newValue)

59
SafeExamBrowser.Monitoring/System/Components/StickyKeys.cs
View File

@@ -1,5 +1,5 @@
/*
* Copyright (c) 2024 ETH Zürich, IT Services
* Copyright (c) 2025 ETH Zürich, IT Services
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -33,13 +33,54 @@ namespace SafeExamBrowser.Monitoring.System.Components
internal bool Disable()
{
var success = nativeMethods.TryGetStickyKeys(out var state);
return true;
if (success)
{
success = nativeMethods.DisableStickyKeys();
if (success)
{
original = state;
logger.Info($"Disabled sticky keys (original state: {ToString(state)}).");
}
else
{
logger.Error($"Failed to disable sticky keys (original state: {ToString(state)})!");
}
}
else
{
logger.Error("Failed to retrieve sticky keys state!");
}
return success;
}
internal bool Enable()
{
return true;
var success = nativeMethods.TryGetStickyKeys(out var state);
if (success)
{
success = nativeMethods.EnableStickyKeys();
if (success)
{
original = state;
logger.Info($"Enabled sticky keys (original state: {ToString(state)}).");
}
else
{
logger.Error($"Failed to enable sticky keys (original state: {ToString(state)})!");
}
}
else
{
logger.Error("Failed to retrieve sticky keys state!");
}
return success;
}
internal bool Revert()
@@ -85,7 +126,17 @@ namespace SafeExamBrowser.Monitoring.System.Components
private void Timer_Elapsed(object sender, ElapsedEventArgs e)
{
if (nativeMethods.TryGetStickyKeys(out var state))
{
if (state.IsEnabled || state.IsHotkeyActive)
{
HandleStickyKeysChange(state);
}
}
else
{
logger.Error("Failed to monitor sticky keys state!");
}
}
private void HandleStickyKeysChange(IStickyKeysState state)

19
SafeExamBrowser.Monitoring/System/Components/SystemEvents.cs
View File

@@ -1,5 +1,5 @@
/*
* Copyright (c) 2024 ETH Zürich, IT Services
* Copyright (c) 2025 ETH Zürich, IT Services
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -55,42 +55,43 @@ namespace SafeExamBrowser.Monitoring.System.Components
private void SystemEvents_EventsThreadShutdown(object sender, EventArgs e)
{
logger.Warn("System event thread is about to be terminated!");
}
private void SystemEvents_InstalledFontsChanged(object sender, EventArgs e)
{
logger.Info("Installed fonts changed.");
}
private void SystemEvents_PowerModeChanged(object sender, PowerModeChangedEventArgs e)
{
logger.Info($"Power mode changed: {e.Mode}.");
}
private void SystemEvents_SessionEnded(object sender, SessionEndedEventArgs e)
{
logger.Warn($"User session ended! Reason: {e.Reason}.");
}
private void SystemEvents_SessionEnding(object sender, SessionEndingEventArgs e)
{
logger.Warn($"User session is ending! Reason: {e.Reason}.");
}
private void SystemEvents_SessionChanged(object sender, SessionSwitchEventArgs e)
{
logger.Info($"User session change detected: {e.Reason}.");
Task.Run(() => SessionChanged?.Invoke());
}
private void SystemEvents_TimeChanged(object sender, EventArgs e)
{
logger.Info("Time changed.");
}
private void SystemEvents_UserPreferenceChanged(object sender, UserPreferenceChangedEventArgs e)
{
logger.Info($"User preference changed. Category: {e.Category}.");
}
}
}

2
SafeExamBrowser.Monitoring/System/SystemSentinel.cs
View File

@@ -1,5 +1,5 @@
/*
* Copyright (c) 2024 ETH Zürich, IT Services
* Copyright (c) 2025 ETH Zürich, IT Services
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this

112
SafeExamBrowser.Monitoring/VirtualMachineDetector.cs
View File

@@ -1,5 +1,5 @@
/*
* Copyright (c) 2024 ETH Zürich, IT Services
* Copyright (c) 2025 ETH Zürich, IT Services
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -54,11 +54,117 @@ namespace SafeExamBrowser.Monitoring
public bool IsVirtualMachine()
{
/*
var isVirtualMachine = false;
logger.Debug($"Computer '{systemInfo.Name}' appears {(isVirtualMachine ? "" : "not ")}to be a virtual machine.");
isVirtualMachine |= HasVirtualDevice();
isVirtualMachine |= HasVirtualMacAddress();
isVirtualMachine |= IsVirtualCpu();
isVirtualMachine |= IsVirtualRegistry();
isVirtualMachine |= IsVirtualSystem(systemInfo.BiosInfo, systemInfo.Manufacturer, systemInfo.Model);
*/
logger.Debug($"Computer '{systemInfo.Name}' appears not to be a virtual machine.");
return isVirtualMachine;
return false;
}
private bool HasVirtualDevice()
{
var hasVirtualDevice = false;
foreach (var device in systemInfo.PlugAndPlayDeviceIds)
{
hasVirtualDevice |= DeviceBlacklist.Any(d => device.ToLower().Contains(d.ToLower())) && DeviceWhitelist.All(d => !device.ToLower().Contains(d.ToLower()));
}
return hasVirtualDevice;
}
private bool HasVirtualMacAddress()
{
var hasVirtualMacAddress = false;
var macAddress = systemInfo.MacAddress;
if (macAddress != null && macAddress.Length > 2)
{
hasVirtualMacAddress |= macAddress.StartsWith(MANIPULATED);
hasVirtualMacAddress |= macAddress.StartsWith(QEMU_MAC_PREFIX);
hasVirtualMacAddress |= macAddress.StartsWith(VIRTUALBOX_MAC_PREFIX);
}
return hasVirtualMacAddress;
}
private bool IsVirtualCpu()
{
var isVirtualCpu = false;
isVirtualCpu |= systemInfo.CpuName.ToLower().Contains(" kvm ");
return isVirtualCpu;
}
private bool IsVirtualRegistry()
{
var isVirtualRegistry = false;
isVirtualRegistry |= HasLocalVirtualMachineDeviceCache();
return isVirtualRegistry;
}
private bool IsVirtualSystem(string biosInfo, string manufacturer, string model)
{
var isVirtualSystem = false;
biosInfo = biosInfo.ToLower();
manufacturer = manufacturer.ToLower();
model = model.ToLower();
isVirtualSystem |= biosInfo.Contains("hyper-v");
isVirtualSystem |= biosInfo.Contains("virtualbox");
isVirtualSystem |= biosInfo.Contains("vmware");
isVirtualSystem |= biosInfo.Contains("ovmf");
isVirtualSystem |= biosInfo.Contains("edk ii unknown");
isVirtualSystem |= manufacturer.Contains("microsoft corporation") && !model.Contains("surface");
isVirtualSystem |= manufacturer.Contains("parallels software");
isVirtualSystem |= manufacturer.Contains("qemu");
isVirtualSystem |= manufacturer.Contains("vmware");
isVirtualSystem |= model.Contains("virtualbox");
isVirtualSystem |= model.Contains("Q35 +");
return isVirtualSystem;
}
private bool HasLocalVirtualMachineDeviceCache()
{
var deviceName = Environment.GetEnvironmentVariable("COMPUTERNAME");
var hasDeviceCache = false;
var hasDeviceCacheKeys = registry.TryGetSubKeys(RegistryValue.UserHive.DeviceCache_Key, out var deviceCacheKeys);
if (deviceName != default && hasDeviceCacheKeys)
{
foreach (var cacheId in deviceCacheKeys)
{
var cacheIdKey = $@"{RegistryValue.UserHive.DeviceCache_Key}\{cacheId}";
var didReadKeys = true;
didReadKeys &= registry.TryRead(cacheIdKey, "DeviceName", out var cacheDeviceName);
if (didReadKeys && deviceName.ToLower() == ((string) cacheDeviceName).ToLower())
{
didReadKeys &= registry.TryRead(cacheIdKey, "DeviceMake", out var cacheDeviceManufacturer);
didReadKeys &= registry.TryRead(cacheIdKey, "DeviceModel", out var cacheDeviceModel);
if (didReadKeys)
{
hasDeviceCache |= IsVirtualSystem("", (string) cacheDeviceManufacturer, (string) cacheDeviceModel);
}
}
}
}
return hasDeviceCache;
}
}
}