sonderau/psg-oversight-app
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

merge into: sonderau:libosquery
Branches Tags
sonderau:master sonderau:libosquery
sonderau:v1.2.0 sonderau:v1.1.4 sonderau:v1.1.3 sonderau:v1.1.2 sonderau:v1.1.1 sonderau:v1.1.0
...
pull from: sonderau:master
Branches Tags
sonderau:master sonderau:libosquery
sonderau:v1.2.0 sonderau:v1.1.4 sonderau:v1.1.3 sonderau:v1.1.2 sonderau:v1.1.1 sonderau:v1.1.0

6 Commits
libosquery ... master

Author SHA1 Message Date
sonderau
3a5cccbf62 Introduced service management changes. 2025-11-04 14:15:47 +08:00
sonderau
d880ebeedb Migration to a ServiceWorker for most tasks. 
Implementation of basic PatchComplianceTask. First real iteration, basic/raw asf.
 2025-11-04 13:55:04 +08:00
sonderau
aacd8e0293 Fixed some dependancy issues, added prelogo and adjusted init and mainwindow display to load AFTER osquery finishes it's scan. 2025-11-04 13:01:17 +08:00
sonderau
dce789db94 Resolved device list and IP addresses not working via osqueryi. 
Now also returning last boottime by doing bootup time and math from current time
 2025-11-04 08:55:00 +08:00
sonderau
cedf28199e Fix: Use AppData directory for log files to avoid permission errors 
Issue: Application crashed when installed in Program Files due to
UnauthorizedAccessException when trying to write log files to the
installation directory.

Changes:
- SystemInfo.cs: Updated error logging to use LocalApplicationData/PSG-Oversight
- OsqueryService.cs: Added GetLogPath() helper method and updated all log writes
  to use user's AppData directory instead of current directory
- Added try-catch wrappers to silently handle any remaining logging failures

All log files now write to: %LOCALAPPDATA%\PSG-Oversight\

This fixes the startup crash reported in Event Viewer when running
the installed application.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-10-29 08:17:43 +08:00
sonderau
037bd195db Release v1.2.0: Integrate osquery for enhanced system information 
Major Features:
- Integrated osquery for comprehensive system information gathering
- Added OsqueryService for executing SQL queries against system tables
- Implemented Osquery Console tab for interactive SQL queries

System Info Improvements:
- Enhanced system info collection using osquery tables
- Added support for multiple GPU detection
- Improved memory detection with proper GB formatting
- Fixed OS Architecture detection (x64/x86)
- Better network interface detection (IPv4 only)
- Human-readable timestamp formatting

UI/UX Enhancements:
- Added window resizing with corner drag support
- Implemented dynamic window sizing (SizeToContent)
- Added ScrollViewer for content overflow
- Improved IP address formatting with bullet points
- Added field labels to all system info displays
- Set minimum/maximum window size constraints

Bug Fixes:
- Fixed XAML StackPanel Spacing property issue
- Merged duplicate MainWindow constructors
- Fixed non-nullable field warnings
- Fixed EventHandler nullability signatures
- Removed redundant hostname/OS name fields
- Fixed GPU registry query to detect all GPUs

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-10-29 07:46:21 +08:00
39 changed files with 2503 additions and 631 deletions
Expand all files Collapse all files

3
.claude/settings.local.json
View File

@@ -1,7 +1,8 @@
{
"permissions": {
"allow": [
"Bash(dotnet build:*)"
"Bash(\"BuildDir\\bin\\Debug\\Assets\\osqueryi.exe\" --json \"SELECT datetime((SELECT CAST(unix_time AS INTEGER) FROM time) - total_seconds, ''unixepoch'') as boot_time FROM uptime;\")",
"Bash(git describe:*)"
],
"deny": [],
"ask": []

2
Directory.Packages.props
View File

@@ -41,5 +41,7 @@
<IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
<PrivateAssets>all</PrivateAssets>
</PackageVersion>
<PackageVersion Include="System.ServiceProcess.ServiceController" Version="9.0.3" />
<PackageVersion Include="Microsoft.Extensions.Hosting.WindowsServices" Version="9.0.3" />
</ItemGroup>
</Project>

37
LD-SysInfo/App.xaml.cs
View File

@@ -16,18 +16,47 @@ public partial class App : Application
[STAThread]
private static void Main(string[] args)
{
MainAsync(args).GetAwaiter().GetResult();
// Show splash screen with fade-in effect
var splash = new SplashScreen("Assets/splash.png");
splash.Show(false, true); // autoClose=false, topMost=true
// Allow 1 second for fade-in to complete
System.Threading.Thread.Sleep(1000);
MainAsync(args, splash).GetAwaiter().GetResult();
}
private static async Task MainAsync(string[] args)
private static async Task MainAsync(string[] args, SplashScreen splash)
{
using IHost host = CreateHostBuilder(args).Build();
await host.StartAsync().ConfigureAwait(true);
App app = new();
app.InitializeComponent();
app.MainWindow = host.Services.GetRequiredService<MainWindow>();
app.MainWindow.Visibility = Visibility.Visible;
var mainWindow = host.Services.GetRequiredService<MainWindow>();
app.MainWindow = mainWindow;
// Keep MainWindow hidden until system info loads
mainWindow.Visibility = Visibility.Hidden;
// When system info finishes loading, show MainWindow and close splash
mainWindow.SystemInfoLoaded += (s, e) =>
{
// Use dispatcher to handle UI thread timing
mainWindow.Dispatcher.BeginInvoke(async () =>
{
// Wait 1 second before starting fade-out
await Task.Delay(1000);
// Show the main window
mainWindow.Visibility = Visibility.Visible;
// Close splash with fade-out effect (1 second)
splash.Close(TimeSpan.FromMilliseconds(1000));
});
};
app.Run();
await host.StopAsync().ConfigureAwait(true);

BIN
LD-SysInfo/Assets/osqueryi.exe Normal file
View File

Binary file not shown.

BIN
LD-SysInfo/Assets/splash.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 113 KiB

47
LD-SysInfo/Config.cs Normal file
View File

@@ -0,0 +1,47 @@
#nullable disable
using System;
using System.IO;
using Newtonsoft.Json;
namespace LD_SysInfo
{
public class AppConfig
{
[JsonProperty("ServerUrl")] public string ServerUrl { get; set; } = "https://yourserver.com/api/status";
[JsonProperty("EnableLogging")] public bool EnableLogging { get; set; } = true;
[JsonProperty("KeepAlivePeriod")] public int KeepAlivePeriod { get; set; } = 30;
[JsonProperty("SystemInfoInterval")] public int SystemInfoInterval { get; set; } = 60;
[JsonProperty("ClientIdentifier")] public string ClientIdentifier { get; set; } = "your-default-client-id";
[JsonProperty("Auth")] public AuthConfig Auth { get; set; } = new();
[JsonProperty("PatchCompliance")] public PatchComplianceConfig PatchCompliance { get; set; } = new();
}
public class PatchComplianceConfig
{
[JsonProperty("Enabled")] public bool Enabled { get; set; } = false;
[JsonProperty("CheckIntervalHours")] public int CheckIntervalHours { get; set; } = 24;
[JsonProperty("LastCheckTime")] public DateTime? LastCheckTime { get; set; } = null;
}
public class AuthConfig
{
[JsonProperty("Username")] public string Username { get; set; } = "testuser";
[JsonProperty("Password")] public string Password { get; set; } = "testpassword";
}
public static class ConfigManager
{
private static readonly string ConfigPath = Path.Combine(AppContext.BaseDirectory, "config.json");
public static AppConfig LoadConfig(string? pathOverride = null)
{
string path = pathOverride ?? ConfigPath;
if (!File.Exists(path))
throw new FileNotFoundException($"Config file not found at {path}");
string json = File.ReadAllText(path);
return JsonConvert.DeserializeObject<AppConfig>(json) ?? new AppConfig();
}
}
}

18
LD-SysInfo/LD_SysInfo.csproj
View File

@@ -9,13 +9,14 @@
<UseWPF>true</UseWPF>
<StartupObject>LD_SysInfo.App</StartupObject>
<ApplicationIcon>Assets\LDShortcut.ico</ApplicationIcon>
<OutputPath>C:\Users\Sonder\source\repos\psg-oversight-app\BuildDir\bin\Debug\net8.0-windows\</OutputPath>
<OutputPath>C:\Users\Sonder\source\repos\psg-oversight-app\BuildDir\bin\Debug\</OutputPath>
<AppendTargetFrameworkToOutputPath>false</AppendTargetFrameworkToOutputPath>
<IncludeSatelliteAssembliesForPublish>false</IncludeSatelliteAssembliesForPublish>
<!-- 🔢 Version Info -->
<AssemblyVersion>1.0.0.0</AssemblyVersion>
<FileVersion>1.0.3.0</FileVersion>
<Version>1.0.3</Version>
<AssemblyVersion>1.2.0.0</AssemblyVersion>
<FileVersion>1.2.0.0</FileVersion>
<Version>1.2.0</Version>
<!-- ✅ Enables source metadata and Git info -->
<Deterministic>true</Deterministic>
@@ -48,9 +49,17 @@
<ItemGroup>
<ApplicationDefinition Remove="App.xaml" />
<None Remove="Assets\osqueryi.exe" />
<None Remove="Assets\trayicon.ico" />
<None Remove="Assets\splash.png" />
<None Remove="config.json" />
<Content Include="Assets\LDShortcut.ico" />
<Content Include="Assets\osqueryi.exe">
<CopyToOutputDirectory>Always</CopyToOutputDirectory>
</Content>
<SplashScreen Include="Assets\splash.png">
<CopyToOutputDirectory>Always</CopyToOutputDirectory>
</SplashScreen>
<Page Include="App.xaml" />
</ItemGroup>
@@ -63,6 +72,7 @@
<PackageReference Include="Microsoft.Extensions.Hosting" />
<PackageReference Include="Newtonsoft.Json" />
<PackageReference Include="System.Management" />
<PackageReference Include="System.ServiceProcess.ServiceController" />
</ItemGroup>
<ItemGroup>

311
LD-SysInfo/MainWindow.xaml
View File

@@ -11,11 +11,15 @@
mc:Ignorable="d"
Title="PSG - Oversight"
Height="500"
Width="400"
SizeToContent="Height"
Width="420"
MinHeight="400"
MinWidth="350"
MaxHeight="800"
Icon="Assets/trayicon.ico"
WindowStyle="None"
AllowsTransparency="True"
ResizeMode="CanResizeWithGrip"
Background="Transparent"
Foreground="{DynamicResource TextDarkBrush}">
@@ -137,8 +141,41 @@
</Setter>
</Style>
<!-- 🔵 Small Rounded Button Style for Service Tab -->
<Style x:Key="SmallRoundedButtonStyle" TargetType="Button">
<Setter Property="Background" Value="{DynamicResource PrimaryBrush}"/>
<Setter Property="Foreground" Value="{DynamicResource TextLightBrush}"/>
<Setter Property="BorderBrush" Value="Transparent"/>
<Setter Property="BorderThickness" Value="0"/>
<Setter Property="FontSize" Value="14"/>
<Setter Property="Padding" Value="12,8"/>
<Setter Property="Margin" Value="4"/>
<Setter Property="Template">
<Setter.Value>
<ControlTemplate TargetType="Button">
<Border Background="{TemplateBinding Background}"
CornerRadius="8"
Padding="{TemplateBinding Padding}">
<ContentPresenter HorizontalAlignment="Center" VerticalAlignment="Center"/>
</Border>
<ControlTemplate.Triggers>
<Trigger Property="IsMouseOver" Value="True">
<Setter Property="Background" Value="{DynamicResource HoverBrush}"/>
</Trigger>
<Trigger Property="IsPressed" Value="True">
<Setter Property="Background" Value="#2E5FA8"/>
</Trigger>
<Trigger Property="IsEnabled" Value="False">
<Setter Property="Background" Value="#808080"/>
<Setter Property="Foreground" Value="#C0C0C0"/>
</Trigger>
</ControlTemplate.Triggers>
</ControlTemplate>
</Setter.Value>
</Setter>
</Style>
<Style TargetType="TextBox">
<Setter Property="Foreground" Value="{DynamicResource TextDarkBrush}" />
<Setter Property="Background" Value="{DynamicResource PaperDarkBrush}" />
@@ -225,7 +262,9 @@
<TabItem Header="SysInfo" FontSize="16"/>
<TabItem Header="InstalledApps" FontSize="16"/>
<TabItem Header="Status" FontSize="16"/>
</TabControl>
<TabItem Header="Osquery" FontSize="16"/>
<TabItem Header="Service" FontSize="16"/>
</TabControl>
<!--
<Button Grid.Column="1"
@@ -263,61 +302,65 @@
</TabControl.Resources>
<!-- 🔹 SysInfo Tab -->
<TabItem Header="SysInfo">
<StackPanel Margin="5,0,5,0" VerticalAlignment="Top">
<TextBlock x:Name="HostnameTextBlock" Text="Hostname" FontSize="12" Margin="5" Foreground="{DynamicResource TextBrush}" />
<TextBlock x:Name="OSNameTextBlock" Text="OS Name" FontSize="12" Margin="5" Foreground="{DynamicResource TextBrush}" />
<TextBlock x:Name="OSVersionTextBlock" Text="OS Version" FontSize="12" Margin="5" Foreground="{DynamicResource TextBrush}" />
<TextBlock x:Name="WindowsVersionTextBlock" Text="Windows Version" FontSize="12" Margin="5" Foreground="{DynamicResource TextBrush}" />
<TextBlock x:Name="WindowsBuildTextBlock" Text="Windows Build" FontSize="12" Margin="5" Foreground="{DynamicResource TextBrush}" />
<TextBlock x:Name="OSArchitectureTextBlock" Text="OS Architecture" FontSize="12" Margin="5" Foreground="{DynamicResource TextBrush}" />
<TextBlock x:Name="ProcessorNameTextBlock" Text="Processor Name" FontSize="12" Margin="5" Foreground="{DynamicResource TextBrush}" />
<TextBlock x:Name="ProcessorArchitectureTextBlock" Text="Processor Architecture" FontSize="12" Margin="5" Foreground="{DynamicResource TextBrush}" />
<TabItem Header="SysInfo">
<ScrollViewer VerticalScrollBarVisibility="Auto" HorizontalScrollBarVisibility="Disabled">
<StackPanel Margin="5,0,5,0" VerticalAlignment="Top">
<TextBlock x:Name="HostnameTextBlock" Text="Hostname" FontSize="12" Margin="5" Foreground="{DynamicResource TextBrush}" />
<TextBlock x:Name="OSNameTextBlock" Text="OS Name" FontSize="12" Margin="5" Foreground="{DynamicResource TextBrush}" />
<TextBlock x:Name="OSVersionTextBlock" Text="OS Version" FontSize="12" Margin="5" Foreground="{DynamicResource TextBrush}" />
<TextBlock x:Name="WindowsVersionTextBlock" Text="Windows Version" FontSize="12" Margin="5" Foreground="{DynamicResource TextBrush}" />
<TextBlock x:Name="WindowsBuildTextBlock" Text="Windows Build" FontSize="12" Margin="5" Foreground="{DynamicResource TextBrush}" />
<TextBlock x:Name="OSArchitectureTextBlock" Text="OS Architecture" FontSize="12" Margin="5" Foreground="{DynamicResource TextBrush}" />
<TextBlock x:Name="ProcessorNameTextBlock" Text="Processor Name" FontSize="12" Margin="5" Foreground="{DynamicResource TextBrush}" />
<TextBlock x:Name="ProcessorArchitectureTextBlock" Text="Processor Architecture" FontSize="12" Margin="5" Foreground="{DynamicResource TextBrush}" />
<Button Content="Export to CSV"
Style="{StaticResource CustomRaisedButton}"
Background="{DynamicResource PrimaryBrush}"
Foreground="{DynamicResource SelectedLightBrush}"
Click="ExportToCsvButton_Click"
Width="200"
Margin="5"
HorizontalAlignment="Left" />
<!-- New fields -->
<TextBlock x:Name="MemoryTextBlock" Text="Total Memory" FontSize="12" Margin="5" Foreground="{DynamicResource TextBrush}" />
<TextBlock x:Name="GpuTextBlock" Text="GPU(s)" FontSize="12" Margin="5" Foreground="{DynamicResource TextBrush}" TextWrapping="Wrap" />
<TextBlock x:Name="IpTextBlock" Text="IP Addresses" FontSize="12" Margin="5" Foreground="{DynamicResource TextBrush}" TextWrapping="Wrap" />
<TextBlock x:Name="CollectedAtTextBlock" Text="Last updated: N/A" FontSize="12" Margin="8,10,5,5" Foreground="{DynamicResource TextDarkBrush}" FontStyle="Italic" />
<Button Content="Save System Info"
Style="{StaticResource CustomRaisedButton}"
Background="{DynamicResource PrimaryBrush}"
Foreground="{DynamicResource SelectedLightBrush}"
Click="StoreSystemInfoButton_Click"
Width="200"
Margin="5"
HorizontalAlignment="Left" />
<StackPanel Orientation="Horizontal" Margin="5,8,5,5" HorizontalAlignment="Left">
<Button Content="Refresh now"
Style="{StaticResource CustomRaisedButton}"
Background="{DynamicResource PrimaryBrush}"
Foreground="{DynamicResource SelectedLightBrush}"
Click="RefreshButton_Click"
Width="120"
Margin="0,0,8,0" />
<Button Content="Export to CSV"
Style="{StaticResource CustomRaisedButton}"
Background="{DynamicResource PrimaryBrush}"
Foreground="{DynamicResource SelectedLightBrush}"
Click="ExportToCsvButton_Click"
Width="120"
Margin="0,0,8,0" />
<Button Content="Save System Info"
Style="{StaticResource CustomRaisedButton}"
Background="{DynamicResource PrimaryBrush}"
Foreground="{DynamicResource SelectedLightBrush}"
Click="StoreSystemInfoButton_Click"
Width="120" />
</StackPanel>
<CheckBox
x:Name="IncludeInstalledAppsCheckBox"
Content="Include installed Apps?"
FontSize="14"
Margin="5"
Foreground="{DynamicResource TextDarkBrush}"
Style="{StaticResource MaterialDesignCheckBox}" />
<CheckBox x:Name="IncludeInstalledAppsCheckBox"
Content="Include installed Apps?"
FontSize="14"
Margin="5"
Foreground="{DynamicResource TextDarkBrush}"
Style="{StaticResource MaterialDesignCheckBox}" />
<TextBlock x:Name="StatusTextBlock"
FontSize="14"
FontWeight="SemiBold"
Margin="10,5"
Foreground="{DynamicResource ErrorBrush}" />
</StackPanel>
</ScrollViewer>
</TabItem>
<TextBlock x:Name="StatusTextBlock"
FontSize="14"
FontWeight="SemiBold"
Margin="10,5"
Foreground="{DynamicResource ErrorBrush}" />
</StackPanel>
</TabItem>
<!-- 🔹 InstalledApps Tab -->
<!-- 🔹 InstalledApps Tab -->
<TabItem Header="InstalledApps">
<StackPanel Margin="10">
<ListBox x:Name="InstalledAppsListBox" Height="300" Width="350" Margin="5">
@@ -401,7 +444,167 @@
</StackPanel>
</TabItem>
</TabControl>
<!-- 🔹 Osquery Console Tab -->
<TabItem Header="Osquery">
<Grid Background="{DynamicResource BackgroundDarkBrush}" Margin="10">
<Grid.RowDefinitions>
<RowDefinition Height="Auto"/>
<RowDefinition Height="Auto"/>
<RowDefinition Height="*"/>
</Grid.RowDefinitions>
<TextBlock Text="Enter Osquery SQL:" FontWeight="Bold" Margin="0,0,0,4" Foreground="{DynamicResource TextLightBrush}"/>
<TextBox x:Name="OsqueryQueryBox"
Grid.Row="1"
Height="60"
TextWrapping="Wrap"
VerticalScrollBarVisibility="Auto"
Background="#252526"
Foreground="White"
FontFamily="Consolas"
FontSize="14"
AcceptsReturn="True"
Text="SELECT * FROM system_info;" />
<Button Grid.Row="1"
Content="Run Query"
HorizontalAlignment="Right"
VerticalAlignment="Top"
Width="120"
Margin="0,4,0,0"
Click="RunOsqueryQuery_Click"/>
<TextBox x:Name="OsqueryOutputBox"
Grid.Row="2"
Margin="0,10,0,0"
TextWrapping="Wrap"
VerticalScrollBarVisibility="Auto"
HorizontalScrollBarVisibility="Auto"
Background="#1e1e1e"
Foreground="#dcdcdc"
FontFamily="Consolas"
FontSize="13"
AcceptsReturn="True"
IsReadOnly="True"
Text="Results will appear here..." />
</Grid>
</TabItem>
<!-- 🔹 Service Tab -->
<TabItem Header="Service">
<Grid Background="{DynamicResource BackgroundDarkBrush}" Margin="10">
<Grid.RowDefinitions>
<RowDefinition Height="Auto"/>
<RowDefinition Height="Auto"/>
<RowDefinition Height="*"/>
</Grid.RowDefinitions>
<!-- Service Status Section -->
<Border Grid.Row="0" Background="{DynamicResource CardBackgroundBrush}"
CornerRadius="8" Padding="15" Margin="0,0,0,15">
<StackPanel>
<TextBlock Text="PSG-Oversight Service Status"
FontSize="16" FontWeight="Bold"
Foreground="{DynamicResource TextDarkBrush}"
Margin="0,0,0,10"/>
<StackPanel Orientation="Horizontal" Margin="0,5">
<TextBlock Text="Status:" FontWeight="Bold" Width="100"
Foreground="{DynamicResource TextDarkBrush}"/>
<TextBlock x:Name="ServiceStatusText" Text="Unknown"
Foreground="{DynamicResource AccentBrush}"/>
</StackPanel>
<StackPanel Orientation="Horizontal" Margin="0,5">
<TextBlock Text="Last Check:" FontWeight="Bold" Width="100"
Foreground="{DynamicResource TextDarkBrush}"/>
<TextBlock x:Name="ServiceLastCheckText" Text="Never"
Foreground="{DynamicResource TextDarkBrush}"/>
</StackPanel>
<WrapPanel Margin="0,10,0,0">
<Button Content="Refresh Status" Click="RefreshServiceStatus_Click"
Style="{StaticResource SmallRoundedButtonStyle}"
Width="150" HorizontalAlignment="Left"/>
<Button Content="Install Service" Click="InstallService_Click"
Style="{StaticResource SmallRoundedButtonStyle}"
Width="150" HorizontalAlignment="Left"/>
<Button Content="Uninstall Service" Click="UninstallService_Click"
Style="{StaticResource SmallRoundedButtonStyle}"
Width="150" HorizontalAlignment="Left"/>
<Button Content="Start Service" Click="StartService_Click"
Style="{StaticResource SmallRoundedButtonStyle}"
Width="150" HorizontalAlignment="Left"/>
<Button Content="Stop Service" Click="StopService_Click"
Style="{StaticResource SmallRoundedButtonStyle}"
Width="150" HorizontalAlignment="Left"/>
</WrapPanel>
</StackPanel>
</Border>
<!-- Test Operations Section -->
<Border Grid.Row="1" Background="{DynamicResource CardBackgroundBrush}"
CornerRadius="8" Padding="15" Margin="0,0,0,15">
<StackPanel>
<TextBlock Text="Test Operations"
FontSize="16" FontWeight="Bold"
Foreground="{DynamicResource TextDarkBrush}"
Margin="0,0,0,10"/>
<TextBlock Text="Click buttons below to test service operations:"
TextWrapping="Wrap"
Foreground="{DynamicResource TextDarkBrush}"
Margin="0,0,0,10"/>
<Button Content="🔍 Run Patch Compliance Check Now"
Click="TestPatchCompliance_Click"
Style="{StaticResource SmallRoundedButtonStyle}"
Margin="0,5" Width="280" HorizontalAlignment="Left"/>
<Button Content="📊 View Task Scheduler State"
Click="ViewSchedulerState_Click"
Style="{StaticResource SmallRoundedButtonStyle}"
Margin="0,5" Width="280" HorizontalAlignment="Left"/>
<Button Content="🔄 Test API Connection"
Click="TestAPIConnection_Click"
Style="{StaticResource SmallRoundedButtonStyle}"
Margin="0,5" Width="280" HorizontalAlignment="Left"/>
</StackPanel>
</Border>
<!-- Log Output Section -->
<Border Grid.Row="2" Background="{DynamicResource CardBackgroundBrush}"
CornerRadius="8" Padding="15">
<Grid>
<Grid.RowDefinitions>
<RowDefinition Height="Auto"/>
<RowDefinition Height="*"/>
</Grid.RowDefinitions>
<TextBlock Grid.Row="0" Text="Service Logs"
FontSize="14" FontWeight="Bold"
Foreground="{DynamicResource TextDarkBrush}"
Margin="0,0,0,10"/>
<ScrollViewer Grid.Row="1" VerticalScrollBarVisibility="Auto">
<TextBox x:Name="ServiceLogOutput"
Background="#1e1e1e"
Foreground="#dcdcdc"
FontFamily="Consolas"
FontSize="12"
AcceptsReturn="True"
IsReadOnly="True"
TextWrapping="Wrap"
MinHeight="200"
Text="Service logs will appear here..."/>
</ScrollViewer>
</Grid>
</Border>
</Grid>
</TabItem>
</TabControl>
</Border>
<!-- ✅ Tray Icon (not inside Grid) -->

514
LD-SysInfo/MainWindow.xaml.cs
View File

@@ -38,21 +38,26 @@ namespace LD_SysInfo
{
private static readonly HttpClient httpClient = new HttpClient();
private static AppConfig _config;
private static string jwtToken = null; // 🔹 Store the JWT token globally in the app
private readonly DispatcherTimer messageClearTimer;
private readonly DispatcherTimer postTimer;
private readonly DispatcherTimer keepAliveTimer;
private readonly DispatcherTimer tokenRefreshTimer;
private static AppConfig _config = null!; // Initialized in LoadConfig
private static string? jwtToken = null; // 🔹 Store the JWT token globally in the app
private readonly DispatcherTimer messageClearTimer = null!; // Initialized in constructor
private readonly DispatcherTimer postTimer = null!; // Initialized in constructor
private readonly DispatcherTimer keepAliveTimer = null!; // Initialized in constructor
private readonly DispatcherTimer tokenRefreshTimer = null!; // Initialized in constructor
private readonly Uri LightThemeUri = new Uri("pack://application:,,,/Themes/LightTheme.xaml", UriKind.Absolute);
private readonly Uri DarkThemeUri = new Uri("pack://application:,,,/Themes/DarkTheme.xaml", UriKind.Absolute);
private bool isDarkTheme = false;
private SystemInfo _cachedSystemInfo = null!; // Initialized in DisplaySystemInfo
private static readonly string ConfigPath = Path.Combine(AppContext.BaseDirectory, "config.json");
// Event to signal when system info loading is complete
public event EventHandler? SystemInfoLoaded;
public MainWindow()
{
// ⚠️ Temporary SSL Certificate Bypass - For Testing Only
System.Net.ServicePointManager.ServerCertificateValidationCallback += (sender, cert, chain, sslPolicyErrors) => true;
@@ -76,7 +81,10 @@ namespace LD_SysInfo
VersionTextBlock.Text = "v0.0.0";
}
LoadConfig();
DisplaySystemInfo();
// Load system info asynchronously to avoid blocking UI
Task.Run(async () => await DisplaySystemInfoAsync());
AutoLogin();
// 🔍 Perform initial connectivity check
@@ -109,9 +117,35 @@ namespace LD_SysInfo
tokenRefreshTimer.Tick += TokenRefreshTimer_Tick;
tokenRefreshTimer.Start();
// Ensure initial refresh occurs after UI is ready
this.Loaded += async (s, e) =>
{
// Small delay so UI visuals finish initializing
await Task.Delay(50);
await RefreshSystemInfoAsync();
};
}
private async void RunOsqueryQuery_Click(object sender, RoutedEventArgs e)
{
OsqueryOutputBox.Text = "Running query...";
string sql = OsqueryQueryBox.Text.Trim();
try
{
var result = await Task.Run(() => OsqueryService.Query(sql));
string prettyJson = System.Text.Json.JsonSerializer.Serialize(result,
new System.Text.Json.JsonSerializerOptions { WriteIndented = true });
OsqueryOutputBox.Text = prettyJson;
}
catch (Exception ex)
{
OsqueryOutputBox.Text = $"❌ Error running query:\n{ex}";
}
}
private void LoadConfig()
{
@@ -120,7 +154,7 @@ namespace LD_SysInfo
//System.Windows.MessageBox.Show($"DEBUG: AppContext.BaseDirectory = {AppContext.BaseDirectory}");
//System.Windows.MessageBox.Show($"DEBUG: ConfigPath = {ConfigPath}");
if (!File.Exists((string?)ConfigPath))
if (!File.Exists(ConfigPath))
{
System.Windows.MessageBox.Show("❌ config.json not found at resolved path!");
}
@@ -226,7 +260,7 @@ namespace LD_SysInfo
string logDir = Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData), "LD_SysInfo", "Logs");
Directory.CreateDirectory(logDir); // Ensure directory exists
string logFile = Path.Combine(logDir, $"log_{DateTime.Now:yyyyMMdd_HHmmss}.txt");
string logFile = Path.Combine(logDir, $"log_{DateTime.Now:yyyyMMdd_HHmms}.txt");
File.WriteAllText(logFile, "=== LD SysInfo Diagnostic Log ===\n");
File.AppendAllText(logFile, $"Timestamp: {DateTime.Now}\n");
@@ -242,23 +276,33 @@ namespace LD_SysInfo
}
}
private async Task DisplaySystemInfoAsync()
{
// Run system info collection on background thread
var sysInfo = await Task.Run(() => SystemInfo.GetSystemInfo());
// Update UI on UI thread
await Dispatcher.InvokeAsync(() =>
{
_cachedSystemInfo = sysInfo;
UpdateSysInfoUI(_cachedSystemInfo);
// Notify that system info has loaded
SystemInfoLoaded?.Invoke(this, EventArgs.Empty);
});
}
private void DisplaySystemInfo()
{
var sysInfo = SystemInfo.GetSystemInfo();
OSNameTextBlock.Text = $"OS Name: {sysInfo.OSName}";
OSVersionTextBlock.Text = $"OS Version: {sysInfo.OSVersion}";
WindowsVersionTextBlock.Text = $"Windows Version: {sysInfo.WindowsVersion}";
WindowsBuildTextBlock.Text = $"Windows Build: {sysInfo.WindowsBuild}";
OSArchitectureTextBlock.Text = $"OS Architecture: {sysInfo.OSArchitecture}";
ProcessorNameTextBlock.Text = $"Processor Name: {sysInfo.ProcessorName}";
ProcessorArchitectureTextBlock.Text = $"Processor Architecture: {sysInfo.ProcessorArchitecture}";
HostnameTextBlock.Text = $"Hostname: {sysInfo.Hostname}";
_cachedSystemInfo = SystemInfo.GetSystemInfo();
UpdateSysInfoUI(_cachedSystemInfo);
}
private void LoadInstalledAppsButton_Click(object sender, RoutedEventArgs e)
{
var applications = SystemInfo.GetInstalledApplicationsFromRegistry();
InstalledAppsListBox.ItemsSource = applications;
var sysInfo = SystemInfo.GetSystemInfo();
InstalledAppsListBox.ItemsSource = sysInfo.InstalledApplications;
}
private async void StoreSystemInfoButton_Click(object sender, RoutedEventArgs e)
@@ -272,7 +316,7 @@ namespace LD_SysInfo
try
{
var sysInfo = SystemInfo.GetSystemInfo();
var applications = SystemInfo.GetInstalledApplicationsFromRegistry();
var applications = sysInfo.InstalledApplications;
var formattedApplications = new List<object>();
foreach (var app in applications)
@@ -469,7 +513,7 @@ namespace LD_SysInfo
writer.WriteLine("Installed Applications:");
writer.WriteLine("Name,Version,Publisher");
var applications = SystemInfo.GetInstalledApplicationsFromRegistry();
var applications = sysInfo.InstalledApplications;
foreach (var app in applications)
{
writer.WriteLine($"{app.Name},{app.Version},{app.Publisher}");
@@ -565,7 +609,16 @@ namespace LD_SysInfo
messageClearTimer.Stop();
}
private async void PostTimer_Tick(object sender, EventArgs e)
private void OpenOsqueryConsole_Click(object sender, RoutedEventArgs e)
{
var console = new OsqueryConsole
{
Owner = this
};
console.ShowDialog();
}
private async void PostTimer_Tick(object? sender, EventArgs e)
{
if (string.IsNullOrEmpty(ApiClient.GetJwtToken())) // Ensure authentication is active
{
@@ -575,8 +628,9 @@ namespace LD_SysInfo
var apiClient = new ApiClient(_config); // Create an instance of ApiClient
var sysInfo = SystemInfo.GetSystemInfo();
var applications = SystemInfo.GetInstalledApplicationsFromRegistry();
_cachedSystemInfo = SystemInfo.GetSystemInfo();
var sysInfo = _cachedSystemInfo;
var applications = sysInfo.InstalledApplications;
var formattedApplications = new List<object>();
foreach (var app in applications)
@@ -670,7 +724,7 @@ namespace LD_SysInfo
}
}
private async void KeepAliveTimer_Tick(object sender, EventArgs e)
private async void KeepAliveTimer_Tick(object? sender, EventArgs e)
{
var apiClient = new ApiClient(_config);
bool isConnected = await apiClient.CheckConnectivity();
@@ -693,12 +747,12 @@ namespace LD_SysInfo
}
private void MessageClearTimer_Tick(object sender, EventArgs e)
private void MessageClearTimer_Tick(object? sender, EventArgs e)
{
FadeOutStatusMessage(); // Trigger the fade-out effect
}
private async void TokenRefreshTimer_Tick(object sender, EventArgs e)
private async void TokenRefreshTimer_Tick(object? sender, EventArgs e)
{
if (string.IsNullOrEmpty(ApiClient.GetJwtToken()))
{
@@ -751,5 +805,409 @@ namespace LD_SysInfo
base.OnStateChanged(e);
}
private void UpdateSysInfoUI(SystemInfo sysInfo)
{
if (sysInfo == null) return;
HostnameTextBlock.Text = $"Hostname: {(string.IsNullOrEmpty(sysInfo.Hostname) ? "N/A" : sysInfo.Hostname)}";
OSNameTextBlock.Text = $"OS Name: {(string.IsNullOrEmpty(sysInfo.OSName) ? "N/A" : sysInfo.OSName)}";
OSVersionTextBlock.Text = $"OS Version: {(string.IsNullOrEmpty(sysInfo.OSVersion) ? "N/A" : sysInfo.OSVersion)}";
WindowsVersionTextBlock.Text = $"Windows Version: {(string.IsNullOrEmpty(sysInfo.WindowsVersion) ? "N/A" : sysInfo.WindowsVersion)}";
WindowsBuildTextBlock.Text = $"Windows Build: {(string.IsNullOrEmpty(sysInfo.WindowsBuild) ? "N/A" : sysInfo.WindowsBuild)}";
OSArchitectureTextBlock.Text = $"OS Architecture: {(string.IsNullOrEmpty(sysInfo.OSArchitecture) ? "N/A" : sysInfo.OSArchitecture)}";
ProcessorNameTextBlock.Text = $"Processor Name: {(string.IsNullOrEmpty(sysInfo.ProcessorName) ? "N/A" : sysInfo.ProcessorName)}";
ProcessorArchitectureTextBlock.Text = $"Processor Architecture: {(string.IsNullOrEmpty(sysInfo.ProcessorArchitecture) ? "N/A" : sysInfo.ProcessorArchitecture)}";
// Memory
MemoryTextBlock.Text = $"Total Memory: {(string.IsNullOrEmpty(sysInfo.TotalMemory) ? "N/A" : sysInfo.TotalMemory)}";
// GPUs (join multiple models)
GpuTextBlock.Text = (sysInfo.GpuNames == null || sysInfo.GpuNames.Count == 0)
? "GPU(s): N/A"
: $"GPU(s): {string.Join(", ", sysInfo.GpuNames)}";
// IP addresses - format each on its own line for readability
if (sysInfo.IpAddresses == null || sysInfo.IpAddresses.Count == 0)
{
IpTextBlock.Text = "IP Addresses: N/A";
}
else
{
var parts = new List<string>();
foreach (var ni in sysInfo.IpAddresses)
{
var ip = string.IsNullOrEmpty(ni.IpAddress) ? "N/A" : ni.IpAddress;
parts.Add($" • {ip}");
}
IpTextBlock.Text = $"IP Addresses:\n{string.Join("\n", parts)}";
}
// CollectedAt / Last updated
CollectedAtTextBlock.Text = !string.IsNullOrEmpty(sysInfo.CollectedAt)
? $"Last updated: {sysInfo.CollectedAt}"
: $"Last updated: {DateTimeOffset.Now:g}";
}
private async Task RefreshSystemInfoAsync()
{
try
{
// Show immediate feedback
Dispatcher.Invoke(() =>
{
StatusTextBlock.Text = "Collecting system info...";
try { StatusTextBlock.Foreground = (SolidColorBrush)FindResource("StatusConnectedBrush"); } catch { StatusTextBlock.Foreground = new SolidColorBrush(Colors.Black); }
});
// Run osquery work off the UI thread
var info = await Task.Run(() => SystemInfo.GetSystemInfo());
_cachedSystemInfo = info;
// Update UI on UI thread
Dispatcher.Invoke(() =>
{
UpdateSysInfoUI(info);
CollectedAtTextBlock.Text = !string.IsNullOrEmpty(info.CollectedAt)
? $"Last updated: {info.CollectedAt}"
: $"Last updated: {DateTimeOffset.Now:g}";
StatusTextBlock.Text = "✅ System info refreshed";
try { StatusTextBlock.Foreground = (SolidColorBrush)FindResource("StatusConnectedBrush"); } catch { StatusTextBlock.Foreground = new SolidColorBrush(Colors.Green); }
});
}
catch (Exception ex)
{
Dispatcher.Invoke(() =>
{
StatusTextBlock.Text = $"❌ Refresh failed: {ex.Message}";
StatusTextBlock.Foreground = new SolidColorBrush(Colors.Red);
});
}
}
private async void RefreshButton_Click(object sender, RoutedEventArgs e)
{
// Disable the button while running (UI lookup)
if (sender is System.Windows.Controls.Button b)
{
b.IsEnabled = false;
}
await RefreshSystemInfoAsync();
if (sender is System.Windows.Controls.Button b2)
{
b2.IsEnabled = true;
}
}
// ============================
// Service Tab Event Handlers
// ============================
private void RefreshServiceStatus_Click(object sender, RoutedEventArgs e)
{
try
{
var serviceName = "PSG-Oversight";
var service = System.ServiceProcess.ServiceController.GetServices()
.FirstOrDefault(s => s.ServiceName == serviceName);
if (service != null)
{
ServiceStatusText.Text = service.Status.ToString();
ServiceStatusText.Foreground = service.Status == System.ServiceProcess.ServiceControllerStatus.Running
? new SolidColorBrush(Colors.Green)
: new SolidColorBrush(Colors.Red);
}
else
{
ServiceStatusText.Text = "Not Installed";
ServiceStatusText.Foreground = new SolidColorBrush(Colors.Orange);
}
ServiceLastCheckText.Text = DateTime.Now.ToString("yyyy-MM-dd HH:mm:ss");
}
catch (Exception ex)
{
ServiceStatusText.Text = $"Error: {ex.Message}";
ServiceStatusText.Foreground = new SolidColorBrush(Colors.Red);
}
}
private async void TestPatchCompliance_Click(object sender, RoutedEventArgs e)
{
ServiceLogOutput.Text = "Running Patch Compliance check...\n\n";
try
{
// Create instances of services
var apiClient = new Services.ApiClient(_config);
var patchTask = new Services.PatchComplianceTask(_config, apiClient);
// Execute the task
await patchTask.ExecuteAsync();
ServiceLogOutput.Text += $"[{DateTime.Now}] Patch compliance check completed successfully.\n";
ServiceLogOutput.Text += "Check %LOCALAPPDATA%\\PSG-Oversight\\patch_compliance.log for details.\n";
}
catch (Exception ex)
{
ServiceLogOutput.Text += $"[{DateTime.Now}] ERROR: {ex.Message}\n";
ServiceLogOutput.Text += $"Stack Trace:\n{ex.StackTrace}\n";
}
}
private void ViewSchedulerState_Click(object sender, RoutedEventArgs e)
{
try
{
var stateFilePath = Path.Combine(
Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData),
"PSG-Oversight",
"task_scheduler_state.json"
);
if (File.Exists(stateFilePath))
{
var json = File.ReadAllText(stateFilePath);
var formatted = JsonConvert.SerializeObject(
JsonConvert.DeserializeObject(json),
Formatting.Indented
);
ServiceLogOutput.Text = $"Task Scheduler State:\n\n{formatted}";
}
else
{
ServiceLogOutput.Text = "Task scheduler state file not found.\nThe service may not have run any tasks yet.";
}
}
catch (Exception ex)
{
ServiceLogOutput.Text = $"Error reading scheduler state:\n{ex.Message}";
}
}
private async void TestAPIConnection_Click(object sender, RoutedEventArgs e)
{
ServiceLogOutput.Text = "Testing API connection...\n\n";
try
{
var apiClient = new Services.ApiClient(_config);
// Test connectivity
bool isConnected = await apiClient.CheckConnectivity();
if (isConnected)
{
ServiceLogOutput.Text += $"[{DateTime.Now}] ✅ API is reachable!\n";
ServiceLogOutput.Text += $"Server URL: {_config.ServerUrl}\n";
}
else
{
ServiceLogOutput.Text += $"[{DateTime.Now}] ❌ API is NOT reachable!\n";
ServiceLogOutput.Text += $"Server URL: {_config.ServerUrl}\n";
}
}
catch (Exception ex)
{
ServiceLogOutput.Text += $"[{DateTime.Now}] ERROR: {ex.Message}\n";
}
}
private void InstallService_Click(object sender, RoutedEventArgs e)
{
ServiceLogOutput.Text = "Installing PSG-Oversight service...\n\n";
try
{
// Get the path to OversightService.exe
var exePath = Path.Combine(
AppDomain.CurrentDomain.BaseDirectory,
"..", "..", "..", "..", "OversightService", "bin", "Debug", "net8.0", "OversightService.exe"
);
exePath = Path.GetFullPath(exePath);
if (!File.Exists(exePath))
{
ServiceLogOutput.Text += $"ERROR: OversightService.exe not found at:\n{exePath}\n\n";
ServiceLogOutput.Text += "Please build the OversightService project first.";
return;
}
// Create the service using sc.exe
var startInfo = new System.Diagnostics.ProcessStartInfo
{
FileName = "sc.exe",
Arguments = $"create PSG-Oversight binPath=\"{exePath}\" start=auto DisplayName=\"PSG Oversight Service\"",
UseShellExecute = false,
RedirectStandardOutput = true,
RedirectStandardError = true,
CreateNoWindow = true,
Verb = "runas" // Request admin elevation
};
var process = System.Diagnostics.Process.Start(startInfo);
process.WaitForExit();
var output = process.StandardOutput.ReadToEnd();
var error = process.StandardError.ReadToEnd();
ServiceLogOutput.Text += output;
if (!string.IsNullOrEmpty(error))
{
ServiceLogOutput.Text += $"ERROR: {error}\n";
}
if (process.ExitCode == 0)
{
ServiceLogOutput.Text += "\n✅ Service installed successfully!\n";
RefreshServiceStatus_Click(sender, e);
}
else
{
ServiceLogOutput.Text += $"\n❌ Service installation failed with exit code: {process.ExitCode}\n";
}
}
catch (Exception ex)
{
ServiceLogOutput.Text += $"ERROR: {ex.Message}\n";
ServiceLogOutput.Text += "\nNote: This operation requires administrator privileges.\n";
}
}
private void UninstallService_Click(object sender, RoutedEventArgs e)
{
ServiceLogOutput.Text = "Uninstalling PSG-Oversight service...\n\n";
try
{
// Stop the service first if it's running
try
{
var service = System.ServiceProcess.ServiceController.GetServices()
.FirstOrDefault(s => s.ServiceName == "PSG-Oversight");
if (service != null && service.Status == System.ServiceProcess.ServiceControllerStatus.Running)
{
ServiceLogOutput.Text += "Stopping service first...\n";
service.Stop();
service.WaitForStatus(System.ServiceProcess.ServiceControllerStatus.Stopped, TimeSpan.FromSeconds(30));
ServiceLogOutput.Text += "Service stopped.\n\n";
}
}
catch { }
// Delete the service using sc.exe
var startInfo = new System.Diagnostics.ProcessStartInfo
{
FileName = "sc.exe",
Arguments = "delete PSG-Oversight",
UseShellExecute = false,
RedirectStandardOutput = true,
RedirectStandardError = true,
CreateNoWindow = true,
Verb = "runas" // Request admin elevation
};
var process = System.Diagnostics.Process.Start(startInfo);
process.WaitForExit();
var output = process.StandardOutput.ReadToEnd();
var error = process.StandardError.ReadToEnd();
ServiceLogOutput.Text += output;
if (!string.IsNullOrEmpty(error))
{
ServiceLogOutput.Text += $"ERROR: {error}\n";
}
if (process.ExitCode == 0)
{
ServiceLogOutput.Text += "\n✅ Service uninstalled successfully!\n";
RefreshServiceStatus_Click(sender, e);
}
else
{
ServiceLogOutput.Text += $"\n❌ Service uninstallation failed with exit code: {process.ExitCode}\n";
}
}
catch (Exception ex)
{
ServiceLogOutput.Text += $"ERROR: {ex.Message}\n";
ServiceLogOutput.Text += "\nNote: This operation requires administrator privileges.\n";
}
}
private void StartService_Click(object sender, RoutedEventArgs e)
{
ServiceLogOutput.Text = "Starting PSG-Oversight service...\n\n";
try
{
var service = System.ServiceProcess.ServiceController.GetServices()
.FirstOrDefault(s => s.ServiceName == "PSG-Oversight");
if (service == null)
{
ServiceLogOutput.Text += "ERROR: Service is not installed.\n";
return;
}
if (service.Status == System.ServiceProcess.ServiceControllerStatus.Running)
{
ServiceLogOutput.Text += "Service is already running.\n";
return;
}
service.Start();
service.WaitForStatus(System.ServiceProcess.ServiceControllerStatus.Running, TimeSpan.FromSeconds(30));
ServiceLogOutput.Text += "✅ Service started successfully!\n";
RefreshServiceStatus_Click(sender, e);
}
catch (Exception ex)
{
ServiceLogOutput.Text += $"ERROR: {ex.Message}\n";
ServiceLogOutput.Text += "\nNote: This operation may require administrator privileges.\n";
}
}
private void StopService_Click(object sender, RoutedEventArgs e)
{
ServiceLogOutput.Text = "Stopping PSG-Oversight service...\n\n";
try
{
var service = System.ServiceProcess.ServiceController.GetServices()
.FirstOrDefault(s => s.ServiceName == "PSG-Oversight");
if (service == null)
{
ServiceLogOutput.Text += "ERROR: Service is not installed.\n";
return;
}
if (service.Status == System.ServiceProcess.ServiceControllerStatus.Stopped)
{
ServiceLogOutput.Text += "Service is already stopped.\n";
return;
}
service.Stop();
service.WaitForStatus(System.ServiceProcess.ServiceControllerStatus.Stopped, TimeSpan.FromSeconds(30));
ServiceLogOutput.Text += "✅ Service stopped successfully!\n";
RefreshServiceStatus_Click(sender, e);
}
catch (Exception ex)
{
ServiceLogOutput.Text += $"ERROR: {ex.Message}\n";
ServiceLogOutput.Text += "\nNote: This operation may require administrator privileges.\n";
}
}
}
}

50
LD-SysInfo/OsqueryConsole.xaml Normal file
View File

@@ -0,0 +1,50 @@
<Window x:Class="LD_SysInfo.OsqueryConsole"
xmlns="http://schemas.microsoft.com/winfx/2006/xaml/presentation"
xmlns:x="http://schemas.microsoft.com/winfx/2006/xaml"
Title="Osquery Console" Height="600" Width="800"
Background="#1e1e1e" Foreground="White"
WindowStartupLocation="CenterOwner">
<Grid Margin="10">
<Grid.RowDefinitions>
<RowDefinition Height="Auto"/>
<RowDefinition Height="Auto"/>
<RowDefinition Height="*"/>
</Grid.RowDefinitions>
<TextBlock Text="Enter Osquery SQL:" FontWeight="Bold" Margin="0,0,0,4"/>
<TextBox x:Name="QueryBox"
Grid.Row="1"
Height="60"
TextWrapping="Wrap"
VerticalScrollBarVisibility="Auto"
Background="#252526"
Foreground="White"
FontFamily="Consolas"
FontSize="14"
AcceptsReturn="True"
Text="SELECT * FROM system_info;" />
<Button Grid.Row="1"
Content="Run Query"
HorizontalAlignment="Right"
VerticalAlignment="Top"
Width="120"
Margin="0,4,0,0"
Click="RunQuery_Click"/>
<TextBox x:Name="OutputBox"
Grid.Row="2"
Margin="0,10,0,0"
TextWrapping="Wrap"
VerticalScrollBarVisibility="Auto"
HorizontalScrollBarVisibility="Auto"
Background="#1e1e1e"
Foreground="#dcdcdc"
FontFamily="Consolas"
FontSize="13"
AcceptsReturn="True"
IsReadOnly="True"
Text="Results will appear here..." />
</Grid>
</Window>

37
LD-SysInfo/OsqueryConsole.xaml.cs Normal file
View File

@@ -0,0 +1,37 @@
using System;
using System.Text.Json;
using System.Threading.Tasks;
using System.Windows;
using LD_SysInfo.Services;
namespace LD_SysInfo
{
public partial class OsqueryConsole : Window
{
public OsqueryConsole()
{
InitializeComponent();
}
private async void RunQuery_Click(object sender, RoutedEventArgs e)
{
OutputBox.Text = "Running query...";
string sql = QueryBox.Text.Trim();
try
{
var result = await Task.Run(() => OsqueryService.Query(sql));
string prettyJson = JsonSerializer.Serialize(result,
new JsonSerializerOptions { WriteIndented = true });
OutputBox.Text = prettyJson;
}
catch (Exception ex)
{
OutputBox.Text = $"❌ Error running query:\n{ex}";
}
}
}
}

38
LD-SysInfo/Services/ApiClient.cs
View File

@@ -264,6 +264,44 @@ namespace LD_SysInfo.Services
return response;
}
/// <summary>
/// Sends Windows update history (patch compliance data) to the backend API
/// </summary>
public async Task<bool> PostPatchComplianceAsync(object patchData)
{
try
{
if (string.IsNullOrEmpty(jwtToken))
{
Console.WriteLine("❌ Not authenticated. Cannot send patch compliance data.");
return false;
}
var jsonContent = JsonConvert.SerializeObject(patchData);
var content = new StringContent(jsonContent, Encoding.UTF8, "application/json");
var response = await SendWithAutoReauthAsync(() =>
httpClient.PostAsync(BuildUrl("/api/patch-compliance"), content)
);
if (response.IsSuccessStatusCode)
{
Console.WriteLine("✅ Patch compliance data sent successfully.");
return true;
}
else
{
Console.WriteLine($"❌ Failed to send patch compliance data: {response.StatusCode}");
return false;
}
}
catch (Exception ex)
{
Console.WriteLine($"❌ Exception sending patch compliance data: {ex.Message}");
return false;
}
}
}
}

97
LD-SysInfo/Services/OsqueryService.cs Normal file
View File

@@ -0,0 +1,97 @@
using System;
using System.Collections.Generic;
using System.Diagnostics;
using System.IO;
using Newtonsoft.Json.Linq;
namespace LD_SysInfo.Services
{
public static class OsqueryService
{
private static string GetLogPath(string filename)
{
string logDir = Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData), "PSG-Oversight");
Directory.CreateDirectory(logDir);
return Path.Combine(logDir, filename);
}
private static string GetOsqueryPath()
{
var baseDir = AppContext.BaseDirectory;
var path = Path.Combine(baseDir, "Assets", "osqueryi.exe");
if (!File.Exists(path))
{
try
{
File.AppendAllText(GetLogPath("osquery_error.log"), $"[{DateTime.Now}] ❌ osqueryi.exe not found at {path}\n");
}
catch { /* Silently fail if we can't write logs */ }
throw new FileNotFoundException("osqueryi.exe not found", path);
}
return path;
}
private static string RunQuery(string sql)
{
var processInfo = new ProcessStartInfo
{
FileName = GetOsqueryPath(),
Arguments = $"--json \"{sql}\"",
RedirectStandardOutput = true,
UseShellExecute = false,
CreateNoWindow = true
};
using var process = Process.Start(processInfo); // ✅ FIXED — actually start the process
if (process == null)
throw new Exception("Failed to start osquery process");
string output = process.StandardOutput.ReadToEnd();
process.WaitForExit();
// Optional debug logging
try
{
File.AppendAllText(GetLogPath("osquery_debug.log"),
$"[{DateTime.Now}] Ran query: {sql}\nOutput length: {output.Length}\n");
}
catch { /* Silently fail if we can't write logs */ }
return output;
}
public static List<Dictionary<string, string>> Query(string sql)
{
string json = RunQuery(sql);
try
{
var jArray = JArray.Parse(json);
var results = new List<Dictionary<string, string>>();
foreach (var obj in jArray)
{
var dict = new Dictionary<string, string>();
foreach (var prop in (JObject)obj)
dict[prop.Key] = prop.Value?.ToString() ?? "";
results.Add(dict);
}
return results;
}
catch (Exception ex)
{
try
{
File.AppendAllText(GetLogPath("osquery_error.log"),
$"[{DateTime.Now}] ⚠️ JSON parse failed for query '{sql}': {ex.Message}\n");
}
catch { /* Silently fail if we can't write logs */ }
return new List<Dictionary<string, string>>();
}
}
}
}

152
LD-SysInfo/Services/OsqueryTaskScheduler.cs Normal file
View File

@@ -0,0 +1,152 @@
using System;
using System.Collections.Generic;
using System.Linq;
using System.Threading;
using System.Threading.Tasks;
using System.IO;
using Newtonsoft.Json;
namespace LD_SysInfo.Services
{
/// <summary>
/// Manages scheduled osquery-based tasks
/// Designed to be portable to Windows Service (OversightService) later
/// </summary>
public class OsqueryTaskScheduler
{
private readonly List<IScheduledTask> _tasks = new();
private readonly Timer _timer;
private readonly string _stateFilePath;
private bool _isRunning;
public OsqueryTaskScheduler()
{
// Store task state in AppData to persist last run times
var appDataDir = Path.Combine(
Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData),
"PSG-Oversight"
);
Directory.CreateDirectory(appDataDir);
_stateFilePath = Path.Combine(appDataDir, "task_scheduler_state.json");
// Check every minute for tasks that need to run
_timer = new Timer(CheckAndRunTasks, null, TimeSpan.Zero, TimeSpan.FromMinutes(1));
}
/// <summary>
/// Register a task with the scheduler
/// </summary>
public void RegisterTask(IScheduledTask task)
{
_tasks.Add(task);
LoadTaskState(task);
}
/// <summary>
/// Start the scheduler
/// </summary>
public void Start()
{
_isRunning = true;
}
/// <summary>
/// Stop the scheduler
/// </summary>
public void Stop()
{
_isRunning = false;
_timer?.Change(Timeout.Infinite, Timeout.Infinite);
}
private async void CheckAndRunTasks(object? state)
{
if (!_isRunning) return;
foreach (var task in _tasks.Where(t => t.ShouldRun()))
{
try
{
await task.ExecuteAsync();
task.LastRun = DateTime.Now;
SaveTaskState(task);
}
catch (Exception ex)
{
LogError($"Task '{task.TaskName}' failed: {ex.Message}");
}
}
}
private void LoadTaskState(IScheduledTask task)
{
try
{
if (!File.Exists(_stateFilePath)) return;
var json = File.ReadAllText(_stateFilePath);
var states = JsonConvert.DeserializeObject<Dictionary<string, DateTime>>(json);
if (states != null && states.TryGetValue(task.TaskName, out var lastRun))
{
task.LastRun = lastRun;
}
}
catch (Exception ex)
{
LogError($"Failed to load task state: {ex.Message}");
}
}
private void SaveTaskState(IScheduledTask task)
{
try
{
Dictionary<string, DateTime> states;
if (File.Exists(_stateFilePath))
{
var json = File.ReadAllText(_stateFilePath);
states = JsonConvert.DeserializeObject<Dictionary<string, DateTime>>(json)
?? new Dictionary<string, DateTime>();
}
else
{
states = new Dictionary<string, DateTime>();
}
states[task.TaskName] = task.LastRun ?? DateTime.Now;
var updatedJson = JsonConvert.SerializeObject(states, Formatting.Indented);
File.WriteAllText(_stateFilePath, updatedJson);
}
catch (Exception ex)
{
LogError($"Failed to save task state: {ex.Message}");
}
}
private void LogError(string message)
{
try
{
var logDir = Path.Combine(
Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData),
"PSG-Oversight"
);
var logPath = Path.Combine(logDir, "scheduler_error.log");
File.AppendAllText(logPath, $"[{DateTime.Now}] {message}\n");
}
catch
{
// Silently fail if we can't write logs
}
}
public void Dispose()
{
Stop();
_timer?.Dispose();
}
}
}

132
LD-SysInfo/Services/PatchComplianceTask.cs Normal file
View File

@@ -0,0 +1,132 @@
using System;
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;
namespace LD_SysInfo.Services
{
/// <summary>
/// Scheduled task that collects Windows update history using osquery
/// and sends it to the backend API
/// </summary>
public class PatchComplianceTask : ScheduledTask
{
private readonly AppConfig _config;
private readonly ApiClient _apiClient;
public override string TaskName => "PatchCompliance";
public override TimeSpan Interval =>
TimeSpan.FromHours(_config.PatchCompliance.CheckIntervalHours);
public PatchComplianceTask(AppConfig config, ApiClient apiClient)
{
_config = config;
_apiClient = apiClient;
// Initialize LastRun from config if available
LastRun = _config.PatchCompliance.LastCheckTime;
}
public override bool ShouldRun()
{
// Don't run if disabled in config
if (!_config.PatchCompliance.Enabled)
return false;
return base.ShouldRun();
}
public override async Task ExecuteAsync()
{
try
{
// Query windows_update_history from osquery
var updates = OsqueryService.Query(@"
SELECT
date,
title,
update_id
FROM windows_update_history
ORDER BY date DESC;
");
if (!updates.Any())
{
LogInfo("No Windows update history found.");
return;
}
// Transform to API-friendly format
var patchData = updates.Select(u => new
{
date = u.GetValueOrDefault("date"),
title = u.GetValueOrDefault("title"),
updateId = u.GetValueOrDefault("update_id")
}).ToList();
LogInfo($"Collected {patchData.Count} Windows updates.");
// Send to API
await _apiClient.PostPatchComplianceAsync(patchData);
// Update config with last check time
_config.PatchCompliance.LastCheckTime = DateTime.Now;
SaveConfig();
LogInfo("Patch compliance data sent successfully.");
}
catch (Exception ex)
{
LogError($"PatchComplianceTask failed: {ex.Message}");
throw;
}
}
private void SaveConfig()
{
try
{
var configPath = System.IO.Path.Combine(AppContext.BaseDirectory, "config.json");
var json = Newtonsoft.Json.JsonConvert.SerializeObject(_config, Newtonsoft.Json.Formatting.Indented);
System.IO.File.WriteAllText(configPath, json);
}
catch (Exception ex)
{
LogError($"Failed to save config: {ex.Message}");
}
}
private void LogInfo(string message)
{
if (!_config.EnableLogging) return;
try
{
var logDir = System.IO.Path.Combine(
Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData),
"PSG-Oversight"
);
System.IO.Directory.CreateDirectory(logDir);
var logPath = System.IO.Path.Combine(logDir, "patch_compliance.log");
System.IO.File.AppendAllText(logPath, $"[{DateTime.Now}] INFO: {message}\n");
}
catch { }
}
private void LogError(string message)
{
try
{
var logDir = System.IO.Path.Combine(
Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData),
"PSG-Oversight"
);
System.IO.Directory.CreateDirectory(logDir);
var logPath = System.IO.Path.Combine(logDir, "patch_compliance.log");
System.IO.File.AppendAllText(logPath, $"[{DateTime.Now}] ERROR: {message}\n");
}
catch { }
}
}
}

35
LD-SysInfo/Services/ScheduledTask.cs Normal file
View File

@@ -0,0 +1,35 @@
using System;
using System.Threading.Tasks;
namespace LD_SysInfo.Services
{
/// <summary>
/// Base interface for scheduled tasks
/// </summary>
public interface IScheduledTask
{
string TaskName { get; }
TimeSpan Interval { get; }
DateTime? LastRun { get; set; }
Task ExecuteAsync();
bool ShouldRun();
}
/// <summary>
/// Base class for scheduled tasks with common logic
/// </summary>
public abstract class ScheduledTask : IScheduledTask
{
public abstract string TaskName { get; }
public abstract TimeSpan Interval { get; }
public DateTime? LastRun { get; set; }
public abstract Task ExecuteAsync();
public virtual bool ShouldRun()
{
if (LastRun == null) return true;
return DateTime.Now - LastRun >= Interval;
}
}
}

634
LD-SysInfo/SystemInfo.cs
View File

@@ -1,532 +1,238 @@
using Microsoft.Win32;
using System.IO;
using System.Management;
using System.Diagnostics;
using System.Net.NetworkInformation;
#nullable disable
using Newtonsoft.Json;
using System.Windows;
using System;
using System.Collections.Generic;
using System.Diagnostics;
using System.IO;
using System.Linq;
using Newtonsoft.Json.Linq;
using LD_SysInfo.Services;
namespace LD_SysInfo
{
public class AppConfig
// Extension method for safe dictionary access
public static class DictionaryExtensions
{
[JsonProperty("ServerUrl")]
public string ServerUrl { get; set; } = "https://yourserver.com/api/status";
[JsonProperty("EnableLogging")]
public bool EnableLogging { get; set; } = true;
[JsonProperty("KeepAlivePeriod")]
public int KeepAlivePeriod { get; set; } = 30; // Ping/heartbeat every 30 seconds
[JsonProperty("SystemInfoInterval")]
public int SystemInfoInterval { get; set; } = 60; // Full system info POST every 60 seconds
[JsonProperty("ClientIdentifier")]
public string ClientIdentifier { get; set; } = "your-default-client-id";
[JsonProperty("Auth")]
public AuthConfig Auth { get; set; } = new AuthConfig();
}
public class AuthConfig
{
[JsonProperty("Username")]
public string Username { get; set; } = "testuser";
[JsonProperty("Password")]
public string Password { get; set; } = "testpassword";
}
public static class ConfigManager
{
private static readonly string ConfigPath =
Path.Combine(AppContext.BaseDirectory, "config.json");
public static AppConfig LoadConfig(string configPath)
public static string GetValueOrDefault(this Dictionary<string, string> dict, string key)
{
//System.Windows.MessageBox.Show($"[DEBUG] Calling LoadConfig from:\n{ConfigPath}");
if (File.Exists(ConfigPath))
{
string json = File.ReadAllText(ConfigPath);
return JsonConvert.DeserializeObject<AppConfig>(json);
}
throw new FileNotFoundException("❌ Config file not found at:\n" + ConfigPath);
return dict.ContainsKey(key) ? dict[key] : "";
}
}
public class InstalledApplication
{
public string Name { get; set; }
public string Version { get; set; }
public string Publisher { get; set; }
[JsonProperty("name")] public string Name { get; set; }
[JsonProperty("version")] public string Version { get; set; }
[JsonProperty("publisher")] public string Publisher { get; set; }
}
public class WindowsUpdate
{
[JsonProperty("hotFixID")]
public string HotFixID { get; set; }
[JsonProperty("description")]
public string Description { get; set; }
[JsonProperty("installedOn")]
public string InstalledOn { get; set; }
[JsonProperty("installedBy")]
public string InstalledBy { get; set; }
[JsonProperty("hotFixID")] public string HotFixID { get; set; }
[JsonProperty("description")] public string Description { get; set; }
[JsonProperty("installedOn")] public string InstalledOn { get; set; }
[JsonProperty("installedBy")] public string InstalledBy { get; set; } // 🔹 added back for compatibility
}
public class AppXPackage
{
[JsonProperty("name")]
public string Name { get; set; }
[JsonProperty("version")]
public string Version { get; set; }
[JsonProperty("publisher")]
public string Publisher { get; set; }
[JsonProperty("packageFullName")]
public string PackageFullName { get; set; }
[JsonProperty("name")] public string Name { get; set; }
[JsonProperty("version")] public string Version { get; set; }
[JsonProperty("publisher")] public string Publisher { get; set; }
[JsonProperty("packageFullName")] public string PackageFullName { get; set; }
}
public class DriveInfoSummary
{
[JsonProperty("name")]
public string Name { get; set; }
[JsonProperty("totalSizeGB")]
public double TotalSizeGB { get; set; }
[JsonProperty("freeSpaceGB")]
public double FreeSpaceGB { get; set; }
[JsonProperty("driveType")]
public string DriveType { get; set; }
[JsonProperty("name")] public string Name { get; set; }
[JsonProperty("totalSizeGB")] public double TotalSizeGB { get; set; }
[JsonProperty("freeSpaceGB")] public double FreeSpaceGB { get; set; }
[JsonProperty("driveType")] public string DriveType { get; set; }
}
public class NetworkInterfaceInfo
{
[JsonProperty("interfaceName")]
public string InterfaceName { get; set; }
[JsonProperty("ipAddress")]
public string IpAddress { get; set; }
[JsonProperty("macAddress")]
public string MacAddress { get; set; }
[JsonProperty("interfaceName")] public string InterfaceName { get; set; }
[JsonProperty("ipAddress")] public string IpAddress { get; set; }
[JsonProperty("macAddress")] public string MacAddress { get; set; }
}
public class SystemInfo
{
[JsonProperty("osName")]
public string OSName { get; set; }
[JsonProperty("hostname")] public string Hostname { get; set; }
[JsonProperty("osName")] public string OSName { get; set; }
[JsonProperty("osVersion")] public string OSVersion { get; set; }
[JsonProperty("windowsVersion")] public string WindowsVersion { get; set; }
[JsonProperty("windowsBuild")] public string WindowsBuild { get; set; }
[JsonProperty("osArchitecture")] public string OSArchitecture { get; set; }
[JsonProperty("processorName")] public string ProcessorName { get; set; }
[JsonProperty("processorArchitecture")] public string ProcessorArchitecture { get; set; }
[JsonProperty("gpuNames")] public List<string> GpuNames { get; set; } = new();
[JsonProperty("totalMemory")] public string TotalMemory { get; set; }
[JsonProperty("ipAddresses")] public List<NetworkInterfaceInfo> IpAddresses { get; set; } = new();
[JsonProperty("lastBootTime")] public string LastBootTime { get; set; }
[JsonProperty("collectedAt")] public string CollectedAt { get; set; }
[JsonProperty("osVersion")]
public string OSVersion { get; set; }
[JsonProperty("windowsVersion")]
public string WindowsVersion { get; set; }
[JsonProperty("windowsBuild")]
public string WindowsBuild { get; set; }
[JsonProperty("osArchitecture")]
public string OSArchitecture { get; set; }
[JsonProperty("processorName")]
public string ProcessorName { get; set; }
[JsonProperty("processorArchitecture")]
public string ProcessorArchitecture { get; set; }
[JsonProperty("hostname")]
public string Hostname { get; set; }
[JsonProperty("gpuNames")]
public List<string> GpuNames { get; set; }
[JsonProperty("totalMemory")]
public string TotalMemory { get; set; }
[JsonProperty("ipAddresses")]
public List<NetworkInterfaceInfo> IpAddresses { get; set; } = new();
[JsonProperty("lastBootTime")]
public string LastBootTime { get; set; }
[JsonProperty("collectedAt")]
public string CollectedAt { get; set; }
[JsonProperty("installedApplications")]
public List<InstalledApplication> InstalledApplications { get; set; }
[JsonProperty("userInstalledApplications")]
public List<InstalledApplication> UserInstalledApplications { get; set; } = new();
[JsonProperty("windowsUpdates")]
public List<WindowsUpdate> WindowsUpdates { get; set; } = new();
[JsonProperty("appXPackages")]
public List<AppXPackage> AppXPackages { get; set; } = new();
[JsonProperty("drives")]
public List<DriveInfoSummary> Drives { get; set; } = new();
private const string WindowsCurrentVersionKey = @"SOFTWARE\Microsoft\Windows NT\CurrentVersion";
[JsonProperty("installedApplications")] public List<InstalledApplication> InstalledApplications { get; set; } = new();
[JsonProperty("userInstalledApplications")] public List<InstalledApplication> UserInstalledApplications { get; set; } = new();
[JsonProperty("windowsUpdates")] public List<WindowsUpdate> WindowsUpdates { get; set; } = new();
[JsonProperty("appXPackages")] public List<AppXPackage> AppXPackages { get; set; } = new();
[JsonProperty("drives")] public List<DriveInfoSummary> Drives { get; set; } = new();
public static SystemInfo GetSystemInfo()
{
var sysInfo = new SystemInfo();
var info = new SystemInfo { CollectedAt = DateTime.Now.ToString("MMM dd, yyyy h:mm tt") };
try
{
// Capture collection timestamp with timezone info
sysInfo.CollectedAt = DateTimeOffset.Now.ToString("o");
sysInfo.Hostname = Environment.MachineName;
sysInfo.OSName = GetOSFriendlyName();
sysInfo.OSVersion = Environment.OSVersion.Version.ToString();
sysInfo.WindowsVersion = GetRegistryValue(WindowsCurrentVersionKey, "DisplayVersion");
sysInfo.WindowsBuild = GetRegistryValue(WindowsCurrentVersionKey, "CurrentBuild");
sysInfo.OSArchitecture = Environment.Is64BitOperatingSystem ? "x64" : "x86";
sysInfo.ProcessorName = GetProcessorName();
sysInfo.ProcessorArchitecture = Environment.Is64BitProcess ? "x64" : "x86";
sysInfo.GpuNames = GetGpuNames();
sysInfo.TotalMemory = GetTotalMemory();
var allInterfaces = GetNetworkInterfaces();
sysInfo.IpAddresses = allInterfaces
.Where(i => !string.IsNullOrWhiteSpace(i.InterfaceName))
.ToList();
sysInfo.LastBootTime = GetLastBootTime();
PopulateDriveInfo(sysInfo);
// Populate new collections for comprehensive system information
sysInfo.UserInstalledApplications = GetUserInstalledApplications();
sysInfo.WindowsUpdates = GetInstalledPatches();
sysInfo.AppXPackages = GetAppXPackages();
}
catch (Exception ex)
{
string logPath = Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData), "LD_SysInfo", "SysInfo_ErrorLog.txt");
Directory.CreateDirectory(Path.GetDirectoryName(logPath));
File.AppendAllText(logPath, $"[{DateTime.Now}] ERROR: {ex.Message}\n");
}
return sysInfo;
}
private static void PopulateDriveInfo(SystemInfo info)
{
foreach (var drive in DriveInfo.GetDrives())
{
if (!drive.IsReady) continue;
info.Drives.Add(new DriveInfoSummary
// ✅ Base system info - using correct osquery column names
var sys = OsqueryService.Query("SELECT * FROM system_info;").FirstOrDefault();
if (sys != null)
{
Name = drive.Name,
TotalSizeGB = Math.Round(drive.TotalSize / (1024.0 * 1024 * 1024), 2),
FreeSpaceGB = Math.Round(drive.AvailableFreeSpace / (1024.0 * 1024 * 1024), 2),
DriveType = drive.DriveType.ToString()
});
}
}
info.Hostname = sys.GetValueOrDefault("hostname");
// OSName removed - was redundant with hostname
private static string GetRegistryValue(string key, string valueName)
{
using RegistryKey rk = Registry.LocalMachine.OpenSubKey(key);
return rk?.GetValue(valueName)?.ToString();
}
private static string GetOSFriendlyName()
{
string productName = GetRegistryValue(WindowsCurrentVersionKey, "ProductName");
string build = GetRegistryValue(WindowsCurrentVersionKey, "CurrentBuild");
if (int.TryParse(build, out int buildNumber) && buildNumber >= 22000)
return "Windows 11 Pro";
return productName ?? "Unknown OS";
}
private static string GetProcessorName()
{
const string key = @"HARDWARE\DESCRIPTION\System\CentralProcessor\0";
return GetRegistryValue(key, "ProcessorNameString");
}
private static List<string> GetGpuNames()
{
var gpuNames = new List<string>();
try
{
using var searcher = new ManagementObjectSearcher("SELECT Name FROM Win32_VideoController");
foreach (var obj in searcher.Get())
{
string name = obj["Name"]?.ToString();
if (!string.IsNullOrEmpty(name))
// Windows version info from os_version table
var osVer = OsqueryService.Query("SELECT * FROM os_version;").FirstOrDefault();
if (osVer != null)
{
gpuNames.Add(name);
info.OSVersion = osVer.GetValueOrDefault("version");
info.WindowsVersion = osVer.GetValueOrDefault("name");
info.WindowsBuild = osVer.GetValueOrDefault("build");
// Get proper OS name from os_version
info.OSName = osVer.GetValueOrDefault("name"); // e.g., "Windows 10 Pro"
}
info.ProcessorName = sys.GetValueOrDefault("cpu_brand");
info.ProcessorArchitecture = sys.GetValueOrDefault("cpu_type");
// Fix OS Architecture - should be x64, x86, etc.
info.OSArchitecture = sys.GetValueOrDefault("cpu_subtype");
if (string.IsNullOrEmpty(info.OSArchitecture) || info.OSArchitecture == "-1")
{
// Fallback: determine from cpu_type or use platform info
var platform = sys.GetValueOrDefault("cpu_type");
info.OSArchitecture = platform.Contains("64") ? "x64" : "x86";
}
}
}
catch (Exception ex)
{
gpuNames.Add($"Error: {ex.Message}");
}
return gpuNames;
}
private static string GetTotalMemory()
{
try
{
using var searcher = new ManagementObjectSearcher("SELECT TotalPhysicalMemory FROM Win32_ComputerSystem");
foreach (var obj in searcher.Get())
// ✅ Memory - query physical_memory table and sum up total
var memResults = OsqueryService.Query("SELECT SUM(size) as total_bytes FROM physical_memory;").FirstOrDefault();
if (memResults != null && memResults.ContainsKey("total_bytes"))
{
long bytes = Convert.ToInt64(obj["TotalPhysicalMemory"]);
return $"{bytes / (1024 * 1024)} MB";
}
}
catch { }
return null;
}
private static List<NetworkInterfaceInfo> GetNetworkInterfaces()
{
var interfaces = new List<NetworkInterfaceInfo>();
try
{
foreach (var adapter in NetworkInterface.GetAllNetworkInterfaces())
{
if (adapter.OperationalStatus != OperationalStatus.Up) continue;
var ip = adapter.GetIPProperties().UnicastAddresses
.FirstOrDefault(a => a.Address.AddressFamily == System.Net.Sockets.AddressFamily.InterNetwork);
var mac = adapter.GetPhysicalAddress();
var macAddress = mac?.GetAddressBytes().Length > 0
? string.Join(":", mac.GetAddressBytes().Select(b => b.ToString("X2")))
: null;
if (ip != null || macAddress != null)
if (long.TryParse(memResults["total_bytes"], out long memBytes))
{
interfaces.Add(new NetworkInterfaceInfo
double memGB = Math.Round(memBytes / (1024.0 * 1024.0 * 1024.0), 2);
info.TotalMemory = $"{memGB} GB";
}
}
// Fallback: try WMI-based system_info table
if (string.IsNullOrEmpty(info.TotalMemory))
{
var sysInfo = OsqueryService.Query("SELECT physical_memory FROM system_info;").FirstOrDefault();
if (sysInfo != null && sysInfo.ContainsKey("physical_memory"))
{
if (long.TryParse(sysInfo["physical_memory"], out long memBytes))
{
InterfaceName = adapter.Name,
IpAddress = ip?.Address.ToString(),
MacAddress = macAddress
});
double memGB = Math.Round(memBytes / (1024.0 * 1024.0 * 1024.0), 2);
info.TotalMemory = $"{memGB} GB";
}
}
}
}
catch (Exception ex)
{
Console.WriteLine($"❌ Failed to gather network interfaces: {ex.Message}");
}
return interfaces;
}
private static string GetLastBootTime()
{
try
{
using var searcher = new ManagementObjectSearcher("SELECT LastBootUpTime FROM Win32_OperatingSystem WHERE Primary='true'");
foreach (var obj in searcher.Get())
{
string lastBoot = obj["LastBootUpTime"]?.ToString();
// Convert to local time and ensure timezone info is preserved
DateTime localBootTime = ManagementDateTimeConverter.ToDateTime(lastBoot);
// Use DateTimeOffset to ensure timezone information is included
DateTimeOffset bootTimeWithZone = new DateTimeOffset(localBootTime, TimeZoneInfo.Local.GetUtcOffset(localBootTime));
return bootTimeWithZone.ToString("o");
}
}
catch { }
return null;
}
public static List<InstalledApplication> GetInstalledApplicationsFromRegistry()
{
var applications = new List<InstalledApplication>();
string[] registryKeys = {
@"SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall",
@"SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall"
};
foreach (string key in registryKeys)
{
using var regKey = Registry.LocalMachine.OpenSubKey(key);
if (regKey == null) continue;
foreach (string subKeyName in regKey.GetSubKeyNames())
{
using var subKey = regKey.OpenSubKey(subKeyName);
string name = subKey?.GetValue("DisplayName")?.ToString();
if (!string.IsNullOrWhiteSpace(name))
// ✅ Drives
info.Drives = OsqueryService.Query("SELECT device_id, size, free_space, type FROM logical_drives;")
.Select(d => new DriveInfoSummary
{
applications.Add(new InstalledApplication
{
Name = name,
Version = subKey?.GetValue("DisplayVersion")?.ToString(),
Publisher = subKey?.GetValue("Publisher")?.ToString()
});
}
}
}
Name = d.GetValueOrDefault("device_id"),
TotalSizeGB = d.ContainsKey("size") && double.TryParse(d["size"], out double size)
? Math.Round(size / (1024.0 * 1024.0 * 1024.0), 2) : 0,
FreeSpaceGB = d.ContainsKey("free_space") && double.TryParse(d["free_space"], out double free)
? Math.Round(free / (1024.0 * 1024.0 * 1024.0), 2) : 0,
DriveType = d.GetValueOrDefault("type")
}).ToList();
return applications;
}
// ✅ GPU info - query registry for all GPUs
var gpuQuery = OsqueryService.Query(@"
SELECT data
FROM registry
WHERE path LIKE 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\%\DriverDesc';");
/// <summary>
/// Gets user-context installed applications from HKEY_CURRENT_USER registry.
/// </summary>
public static List<InstalledApplication> GetUserInstalledApplications()
{
var applications = new List<InstalledApplication>();
string registryKey = @"Software\Microsoft\Windows\CurrentVersion\Uninstall";
info.GpuNames = gpuQuery
.Select(g => g.GetValueOrDefault("data"))
.Where(s => !string.IsNullOrEmpty(s))
.Distinct() // Remove duplicates
.ToList();
try
{
using var regKey = Registry.CurrentUser.OpenSubKey(registryKey);
if (regKey == null) return applications;
// ✅ Network interfaces - IPv4 only, with better formatting
var ipResults = OsqueryService.Query(
"SELECT interface, address FROM interface_addresses WHERE address NOT LIKE '127.%' AND address NOT LIKE '%:%';");
foreach (string subKeyName in regKey.GetSubKeyNames())
{
using var subKey = regKey.OpenSubKey(subKeyName);
string name = subKey?.GetValue("DisplayName")?.ToString();
if (!string.IsNullOrWhiteSpace(name))
info.IpAddresses = ipResults
.Select(i => new NetworkInterfaceInfo
{
applications.Add(new InstalledApplication
{
Name = name,
Version = subKey?.GetValue("DisplayVersion")?.ToString(),
Publisher = subKey?.GetValue("Publisher")?.ToString()
});
}
}
}
catch (Exception ex)
{
Console.WriteLine($"❌ Failed to gather user-installed applications: {ex.Message}");
}
InterfaceName = i.GetValueOrDefault("interface"),
IpAddress = i.GetValueOrDefault("address"),
MacAddress = ""
})
.Where(ni => !string.IsNullOrEmpty(ni.IpAddress))
.ToList();
return applications;
}
// ✅ Last boot time - calculate from current time minus uptime
info.LastBootTime = OsqueryService.Query("SELECT datetime((SELECT CAST(unix_time AS INTEGER) FROM time) - total_seconds, 'unixepoch') as boot_time FROM uptime;")
.FirstOrDefault()?.GetValueOrDefault("boot_time");
/// <summary>
/// Gets Windows Updates and patches installed on the system using WMI.
/// </summary>
public static List<WindowsUpdate> GetInstalledPatches()
{
var patches = new List<WindowsUpdate>();
try
{
using var searcher = new ManagementObjectSearcher(
"SELECT HotFixID, Description, InstalledOn, InstalledBy FROM Win32_QuickFixEngineering");
foreach (var obj in searcher.Get())
{
patches.Add(new WindowsUpdate
// ✅ Installed apps (user + system)
info.InstalledApplications = OsqueryService.Query("SELECT name, version, publisher FROM programs;")
.Select(a => new InstalledApplication
{
HotFixID = obj["HotFixID"]?.ToString(),
Description = obj["Description"]?.ToString(),
InstalledOn = obj["InstalledOn"]?.ToString(),
InstalledBy = obj["InstalledBy"]?.ToString()
});
}
}
catch (Exception ex)
{
Console.WriteLine($"❌ Failed to gather Windows Updates: {ex.Message}");
}
Name = a["name"],
Version = a["version"],
Publisher = a["publisher"]
}).ToList();
return patches;
}
info.UserInstalledApplications = info.InstalledApplications
.Where(a => !string.IsNullOrEmpty(a.Publisher))
.ToList();
/// <summary>
/// Gets Windows Store (AppX) packages installed on the system using WMI.
/// Note: This may require elevated permissions for complete results.
/// </summary>
public static List<AppXPackage> GetAppXPackages()
{
var packages = new List<AppXPackage>();
try
{
// Try using Win32_InstalledStoreProgram (Windows 10+)
using var searcher = new ManagementObjectSearcher(
"SELECT Name, Version, Publisher FROM Win32_InstalledStoreProgram");
foreach (var obj in searcher.Get())
{
var name = obj["Name"]?.ToString();
if (!string.IsNullOrWhiteSpace(name))
// ✅ AppX packages (Windows Store)
info.AppXPackages = OsqueryService.Query("SELECT name, version, publisher, package_id FROM appx_packages;")
.Select(p => new AppXPackage
{
packages.Add(new AppXPackage
{
Name = name,
Version = obj["Version"]?.ToString(),
Publisher = obj["Publisher"]?.ToString(),
PackageFullName = name // Win32_InstalledStoreProgram doesn't provide PackageFullName
});
}
Name = p["name"],
Version = p["version"],
Publisher = p["publisher"],
PackageFullName = p["package_id"]
}).ToList();
// ✅ Windows Updates (patches)
info.WindowsUpdates = OsqueryService.Query("SELECT hotfix_id, description, installed_on FROM patches;")
.Select(p => new WindowsUpdate
{
HotFixID = p["hotfix_id"],
Description = p["description"],
InstalledOn = p["installed_on"],
InstalledBy = Environment.UserName
}).ToList();
}
catch (Exception ex)
{
try
{
string logDir = Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData), "PSG-Oversight");
Directory.CreateDirectory(logDir);
string logPath = Path.Combine(logDir, "osquery_error.log");
File.AppendAllText(logPath, $"[{DateTime.Now}] {ex}\n");
}
catch
{
// Silently fail if we can't write logs
}
}
catch (Exception ex)
{
Console.WriteLine($"❌ Failed to gather AppX packages: {ex.Message}");
}
return packages;
return info;
}
/// <summary>
/// Checks if a specific Windows Update patch is installed on the system.
/// </summary>
/// <param name="kbNumber">The KB number to check (e.g., "KB5034441")</param>
/// <returns>True if the patch is installed, false otherwise</returns>
public static bool IsPatchInstalled(string kbNumber)
{
if (string.IsNullOrWhiteSpace(kbNumber))
return false;
try
{
// Normalize KB number format
string normalizedKB = kbNumber.ToUpper().Trim();
if (!normalizedKB.StartsWith("KB"))
normalizedKB = "KB" + normalizedKB;
using var searcher = new ManagementObjectSearcher(
$"SELECT HotFixID FROM Win32_QuickFixEngineering WHERE HotFixID = '{normalizedKB}'");
return searcher.Get().Count > 0;
}
catch (Exception ex)
{
Console.WriteLine($"❌ Failed to check patch {kbNumber}: {ex.Message}");
return false;
}
}
}
}

BIN
LD_SysInfo_Installer/Assets/LDShortcut.ico
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 324 KiB

BIN
LD_SysInfo_Installer/Assets/trayicon.ico
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 1.6 KiB

BIN
LD_SysInfo_Installer/Assets/windowsdesktop-runtime-8.0.13-win-x64.exe
View File

Binary file not shown.

BIN
LD_SysInfo_Installer/LD-SysInfo.exe
View File

Binary file not shown.

35
LD_SysInfo_Installer/LD_SysInfo_Installer.wixproj
View File

@@ -1,35 +0,0 @@
<Project Sdk="WixToolset.Sdk/5.0.2">
<PropertyGroup>
<Platform Condition=" '$(Platform)' == '' ">x64</Platform>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x86'">
<SuppressAllWarnings>false</SuppressAllWarnings>
<Pedantic>true</Pedantic>
</PropertyGroup>
<ItemGroup>
<Compile Include="Product.wxs" />
</ItemGroup>
<ItemGroup>
<Folder Include="Assets" />
</ItemGroup>
<ItemGroup>
<Content Include="Assets\LDShortcut.ico" />
<Content Include="Assets\windowsdesktop-runtime-8.0.13-win-x64.exe">
<CopyToOutputDirectory>Always</CopyToOutputDirectory>
</Content>
</ItemGroup>
<ItemGroup>
<ProjectReference Include="..\LD-SysInfo\LD-SysInfo.csproj">
<Name>LD-SysInfo</Name>
<Project>{604bf69a-6bff-4637-88b5-78936c7eb68f}</Project>
<Private>True</Private>
<DoNotHarvest>True</DoNotHarvest>
<RefProjectOutputGroups>Binaries;Content;Satellites</RefProjectOutputGroups>
<RefTargetDir>INSTALLFOLDER</RefTargetDir>
</ProjectReference>
</ItemGroup>
<ItemGroup>
<PackageReference Include="WixToolset.UI.wixext" Version="5.0.2" />
</ItemGroup>
<Target Name="CollectSuggestedVisualStudioComponentIds" />
</Project>

36
LD_SysInfo_Installer/Product.wxs
View File

@@ -1,36 +0,0 @@
<?xml version='1.0' encoding='utf-8'?>
<Wix xmlns="http://wixtoolset.org/schemas/v4/wxs">
<Package
Name="LD SystemInfo"
Language="1033"
Version="1.0.0.1"
Manufacturer="Paragon Systems Group"
UpgradeCode="9D09C022-75B6-47B5-A211-59B7CE8E7B6B"
InstallerVersion="500">
<MajorUpgrade DowngradeErrorMessage="A newer version of [ProductName] is already installed." />
<Feature Id="MainFeature" Title="LD SysInfo" Level="1">
<ComponentRef Id="MainExecutable" />
<ComponentRef Id="AssetsComponent" />
</Feature>
<StandardDirectory Id="ProgramFiles64Folder">
<Directory Id="INSTALLFOLDER" Name="LD_SysInfo">
<Directory Id="AppFolder" Name="App">
<Component Id="MainExecutable" Guid="B769A39D-4807-4D12-B0CB-808E037DFA21" >
<File Id="MainEXE" Name="LD-SysInfo.exe" Source="LD-SysInfo.exe" KeyPath="yes" />
<RegistryValue Root="HKLM" Key="Software\LD_SysInfo" Name="Installed" Type="integer" Value="1" />
</Component>
</Directory>
<Directory Id="AssetsFolder" Name="Assets">
<Component Id="AssetsComponent" Guid="5E6F1D88-36E6-44F1-BD4C-BFC58B47A10D">
<File Id="TrayIconIco" Name="trayicon.ico" Source="Assets\trayicon.ico" />
<File Id="LDShortcutIconFile" Name="LDShortcut.ico" Source="Assets\LDShortcut.ico" KeyPath="yes" />
</Component>
</Directory>
</Directory>
</StandardDirectory>
</Package>
</Wix>

9
OversightInstaller/HarvestedFiles.wxs
View File

@@ -1,6 +1,8 @@
<Wix xmlns="http://wixtoolset.org/schemas/v4/wxs">
<Fragment>
<DirectoryRef Id="INSTALLFOLDER">
<Directory Id="AssetsDir" Name="Assets" />
<Component Id="cmpUPL4zyYGpfRaDjFUWL7r0.VHZKs" Guid="F0E00FBB-B63A-4DED-A177-8E79C2A4C1CB">
<File Id="fil_giGueDAhkHg7IGVpG9lWyNnt9g" KeyPath="yes" Source="C:\Users\Sonder\source\repos\psg-oversight-app\PublishDir\config.json" />
</Component>
@@ -25,6 +27,12 @@
<Component Id="cmppJtSGEjpkqcE6B80qiNcp7uzu_E" Guid="7296EA6A-9666-4934-896D-EB3CFE7DADD9">
<File Id="filBmC5aLvP1Wdue27MeciP9pIZ9E0" KeyPath="yes" Source="C:\Users\Sonder\source\repos\psg-oversight-app\PublishDir\wpfgfx_cor3.dll" />
</Component>
<Component Id="cmpOsqueryiExe" Guid="78D245E5-73F1-4D1B-AC1D-E17FAB258CFD"
Directory="AssetsDir">
<File Id="filOsqueryiExe" KeyPath="yes"
Source="C:\Users\Sonder\source\repos\psg-oversight-app\PublishDir\Assets\osqueryi.exe" />
</Component>
</DirectoryRef>
</Fragment>
<Fragment>
@@ -37,6 +45,7 @@
<ComponentRef Id="cmp9p11pVvfHzWT3MHfTpVVHhJz4Mc" />
<ComponentRef Id="cmpIlHre.6vyW_rNEMiyejz2LzF40A" />
<ComponentRef Id="cmppJtSGEjpkqcE6B80qiNcp7uzu_E" />
<ComponentRef Id="cmpOsqueryiExe" />
</ComponentGroup>
</Fragment>
</Wix>

1
OversightInstaller/OversightInstaller.wixproj
View File

@@ -50,6 +50,7 @@
<Content Include="Assets\DLShortcut.ico" CopyToOutputDirectory="Always" />
<Content Include="Assets\trayicon.ico" CopyToOutputDirectory="Always" />
<Content Include="bpl.rtf" CopyToOutputDirectory="Always" />
<Content Include="Assets\osqueryi.exe" CopyToOutputDirectory="Always" />
<None Include="Assets\windowsdesktop-runtime-8.0.13-win-x64.exe" />
</ItemGroup>

1
OversightInstaller/Package.wxs
View File

@@ -89,6 +89,7 @@
<Feature Id="Main" Title="DL SysInfo" Level="1">
<ComponentGroupRef Id="AppFiles" />
<ComponentRef Id="StartMenuShortcutComponent" />
<ComponentRef Id="cmpOsqueryiExe" />
<ComponentRef Id="AppMetadata" />
</Feature>

47
OversightService/Config.cs Normal file
View File

@@ -0,0 +1,47 @@
#nullable disable
using System;
using System.IO;
using Newtonsoft.Json;
namespace OversightService
{
public class AppConfig
{
[JsonProperty("ServerUrl")] public string ServerUrl { get; set; } = "https://yourserver.com/api/status";
[JsonProperty("EnableLogging")] public bool EnableLogging { get; set; } = true;
[JsonProperty("KeepAlivePeriod")] public int KeepAlivePeriod { get; set; } = 30;
[JsonProperty("SystemInfoInterval")] public int SystemInfoInterval { get; set; } = 60;
[JsonProperty("ClientIdentifier")] public string ClientIdentifier { get; set; } = "your-default-client-id";
[JsonProperty("Auth")] public AuthConfig Auth { get; set; } = new();
[JsonProperty("PatchCompliance")] public PatchComplianceConfig PatchCompliance { get; set; } = new();
}
public class PatchComplianceConfig
{
[JsonProperty("Enabled")] public bool Enabled { get; set; } = false;
[JsonProperty("CheckIntervalHours")] public int CheckIntervalHours { get; set; } = 24;
[JsonProperty("LastCheckTime")] public DateTime? LastCheckTime { get; set; } = null;
}
public class AuthConfig
{
[JsonProperty("Username")] public string Username { get; set; } = "testuser";
[JsonProperty("Password")] public string Password { get; set; } = "testpassword";
}
public static class ConfigManager
{
private static readonly string ConfigPath = Path.Combine(AppContext.BaseDirectory, "config.json");
public static AppConfig LoadConfig(string? pathOverride = null)
{
string path = pathOverride ?? ConfigPath;
if (!File.Exists(path))
throw new FileNotFoundException($"Config file not found at {path}");
string json = File.ReadAllText(path);
return JsonConvert.DeserializeObject<AppConfig>(json) ?? new AppConfig();
}
}
}

36
OversightService/EncryptionHelper.cs Normal file
View File

@@ -0,0 +1,36 @@
using System;
using System.IO;
using System.Security.Cryptography;
using System.Text;
namespace OversightService
{
public class EncryptionHelper
{
private static readonly byte[] Key = Encoding.UTF8.GetBytes("HWJGbwmF2pWdXySDExMNEbJSrXn0YCBF"); // 32 bytes for AES-256
private static readonly byte[] IV = Encoding.UTF8.GetBytes("VWYRtYCfch0sKs6k"); // 16 bytes
public static string EncryptData(string plainText)
{
using (Aes aes = Aes.Create())
{
aes.Key = Key;
aes.IV = IV;
aes.Mode = CipherMode.CBC;
aes.Padding = PaddingMode.PKCS7;
using (MemoryStream ms = new MemoryStream())
using (CryptoStream cs = new CryptoStream(ms, aes.CreateEncryptor(), CryptoStreamMode.Write))
{
using (StreamWriter sw = new StreamWriter(cs, new UTF8Encoding(false))) // Disable BOM
{
sw.Write(plainText);
}
byte[] encryptedBytes = ms.ToArray();
string encryptedBase64 = Convert.ToBase64String(encryptedBytes);
return encryptedBase64;
}
}
}
}
}

22
OversightService/OversightService.csproj
View File

@@ -7,7 +7,29 @@
<UserSecretsId>dotnet-OversightService-9352272b-722c-4a12-acc2-8c9b146e5292</UserSecretsId>
</PropertyGroup>
<PropertyGroup>
<EnableDefaultContentItems>false</EnableDefaultContentItems>
</PropertyGroup>
<ItemGroup>
<PackageReference Include="Microsoft.Extensions.Hosting" />
<PackageReference Include="Microsoft.Extensions.Hosting.WindowsServices" />
<PackageReference Include="Newtonsoft.Json" />
</ItemGroup>
<ItemGroup>
<Content Include="osqueryi.exe">
<CopyToOutputDirectory>Always</CopyToOutputDirectory>
</Content>
<Content Include="config.json">
<CopyToOutputDirectory>Always</CopyToOutputDirectory>
</Content>
<Content Include="appsettings.json">
<CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
</Content>
<Content Include="appsettings.Development.json">
<CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
</Content>
</ItemGroup>
</Project>

7
OversightService/Program.cs
View File

@@ -1,6 +1,13 @@
using OversightService;
var builder = Host.CreateApplicationBuilder(args);
// Configure Windows Service with custom service name
builder.Services.AddWindowsService(options =>
{
options.ServiceName = "PSG-Oversight";
});
builder.Services.AddHostedService<Worker>();
var host = builder.Build();

317
OversightService/Services/ApiClient.cs Normal file
View File

@@ -0,0 +1,317 @@
using System;
using System.IO;
using System.Net.Http;
using System.Security.Cryptography.X509Certificates;
using System.Net.Security;
using System.Text;
using System.Threading.Tasks;
using Newtonsoft.Json;
namespace OversightService.Services
{
public class ApiClient
{
/// <summary>
/// Constructs the full URL for API requests.
/// </summary>
private static readonly HttpClient httpClient = CreateHttpClient();
private readonly AppConfig _config;
private static string jwtToken = null; // 🔹 Store the JWT token globally
public ApiClient(AppConfig config)
{
_config = config ?? throw new ArgumentNullException(nameof(config));
}
private void Log(string message)
{
try
{
var logDir = Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData), "PSG-Oversight");
Directory.CreateDirectory(logDir);
var logPath = Path.Combine(logDir, "api_client.log");
File.AppendAllText(logPath, $"[{DateTime.Now}] {message}\n");
}
catch { }
}
private string BuildUrl(string route)
{
return $"{_config.ServerUrl.TrimEnd('/')}/{route.TrimStart('/')}";
}
/// <summary>
/// Creates an HttpClient that bypasses SSL validation (for testing purposes only).
/// </summary>
public static HttpClient CreateHttpClient()
{
HttpClientHandler handler = new HttpClientHandler
{
ServerCertificateCustomValidationCallback = (httpRequestMessage, cert, certChain, sslPolicyErrors) =>
{
return true; // 🔥 Ignores all SSL certificate warnings (TEMPORARY!)
}
};
return new HttpClient(handler);
}
/// <summary>
/// Sets the JWT token to be used for subsequent requests.
/// </summary>
public static void SetJwtToken(string token)
{
jwtToken = token;
httpClient.DefaultRequestHeaders.Authorization =
new System.Net.Http.Headers.AuthenticationHeaderValue("Bearer", jwtToken);
}
/// <summary>
/// Gets the JWT token to be used for subsequent requests.
/// </summary>
public static string GetJwtToken()
{
return jwtToken;
}
/// <summary>
/// Authenticates with the API using credentials from config.json.
/// </summary>
public async Task<LoginResponse> AuthenticateAsync(string username, string password)
{
try
{
string encryptedUsername = EncryptionHelper.EncryptData(username);
string encryptedPassword = EncryptionHelper.EncryptData(password);
var payload = new
{
username = encryptedUsername,
password = encryptedPassword
};
string jsonContent = JsonConvert.SerializeObject(payload);
var content = new StringContent(jsonContent, Encoding.UTF8, "application/json");
HttpResponseMessage response = await httpClient.PostAsync(BuildUrl("/api/auth/login"), content);
string rawResponse = await response.Content.ReadAsStringAsync();
if (!response.IsSuccessStatusCode)
{
Log($"❌ Authentication failed: {response.StatusCode} - {rawResponse}");
return null;
}
var loginResponse = JsonConvert.DeserializeObject<LoginResponse>(rawResponse);
if (!string.IsNullOrEmpty(loginResponse?.Token))
{
SetJwtToken(loginResponse.Token);
}
return loginResponse;
}
catch (Exception ex)
{
Log($"❌ Exception during login: {ex.Message}");
return null;
}
}
/// <summary>
/// Checks connectivity to the server using the stored JWT token.
/// </summary>
public async Task<bool> CheckConnectivity()
{
string testUrl = "https://localhost:8443/api/system/ping-status"; // Your HTTPS URL with port 8443
try
{
if (string.IsNullOrEmpty(jwtToken))
{
throw new Exception("No JWT token stored. Please authenticate first.");
}
var response = await SendWithAutoReauthAsync(() =>
httpClient.GetAsync(testUrl)
);
if (response.IsSuccessStatusCode)
{
return true;
}
else
{
Log($"❌ Server Unreachable: {response.StatusCode}");
return false;
}
}
catch (Exception ex)
{
Log($"❌ Connection Error: {ex.Message}");
return false;
}
}
/// <summary>
/// Sends the collected data to the server.
/// </summary>
public async Task<string> StoreSystemInfoAsync(string encryptedData)
{
try
{
if (string.IsNullOrEmpty(jwtToken))
return "❌ Error: Not authenticated. Please log in first.";
var payload = new { data = encryptedData };
string jsonContent = JsonConvert.SerializeObject(payload);
var content = new StringContent(jsonContent, Encoding.UTF8, "application/json");
var response = await SendWithAutoReauthAsync(() =>
httpClient.PostAsync(BuildUrl("/api/system-info"), content)
);
if (response.IsSuccessStatusCode)
return await response.Content.ReadAsStringAsync();
else
return $"❌ Error: {response.StatusCode} - {await response.Content.ReadAsStringAsync()}";
}
catch (Exception ex)
{
return $"❌ Exception: {ex.Message}";
}
}
/// <summary>
/// Refreshes the current JWT token without requiring username/password.
/// </summary>
public async Task<bool> RefreshTokenAsync()
{
try
{
if (string.IsNullOrEmpty(jwtToken))
{
Log("⚠️ No token to refresh.");
return false;
}
HttpResponseMessage response = await httpClient.PostAsync(BuildUrl("/api/auth/refresh"), null);
string rawResponse = await response.Content.ReadAsStringAsync();
if (!response.IsSuccessStatusCode)
{
Log($"❌ Token refresh failed: {response.StatusCode} - {rawResponse}");
return false;
}
// Parse the response to get the new token if provided in body
// Note: Your server sets it via cookie, but may also return it in response
try
{
var refreshResponse = JsonConvert.DeserializeObject<Dictionary<string, string>>(rawResponse);
if (refreshResponse?.ContainsKey("token") == true)
{
SetJwtToken(refreshResponse["token"]);
}
}
catch
{
// Token might only be in cookie, which is fine
}
Log("✅ Token refreshed successfully.");
return true;
}
catch (Exception ex)
{
Log($"❌ Exception during token refresh: {ex.Message}");
return false;
}
}
/// <summary>
/// Sends the collected data to the server with automatic token refresh and re-auth.
/// </summary>
private async Task<HttpResponseMessage> SendWithAutoReauthAsync(Func<Task<HttpResponseMessage>> requestFunc)
{
var response = await requestFunc();
if (response.StatusCode == System.Net.HttpStatusCode.Unauthorized)
{
Log("⚠️ Token expired or invalid. Attempting token refresh...");
// Try refreshing the token first (faster than full re-auth)
bool refreshed = await RefreshTokenAsync();
if (refreshed)
{
// Retry original request after refresh
response = await requestFunc();
if (response.IsSuccessStatusCode)
{
return response;
}
}
// If refresh failed or didn't work, fall back to full re-authentication
Log("⚠️ Token refresh failed. Attempting full re-auth...");
var loginResponse = await AuthenticateAsync(_config.Auth.Username, _config.Auth.Password);
if (loginResponse == null || string.IsNullOrEmpty(loginResponse.Token))
{
Log("❌ Re-authentication failed.");
return response; // Return original 401 response
}
// Retry original request after reauth
response = await requestFunc();
}
return response;
}
/// <summary>
/// Sends Windows update history (patch compliance data) to the backend API
/// </summary>
public async Task<bool> PostPatchComplianceAsync(object patchData)
{
try
{
if (string.IsNullOrEmpty(jwtToken))
{
Log("❌ Not authenticated. Cannot send patch compliance data.");
return false;
}
var jsonContent = JsonConvert.SerializeObject(patchData);
var content = new StringContent(jsonContent, Encoding.UTF8, "application/json");
var response = await SendWithAutoReauthAsync(() =>
httpClient.PostAsync(BuildUrl("/api/patch-compliance"), content)
);
if (response.IsSuccessStatusCode)
{
Log("✅ Patch compliance data sent successfully.");
return true;
}
else
{
Log($"❌ Failed to send patch compliance data: {response.StatusCode}");
return false;
}
}
catch (Exception ex)
{
Log($"❌ Exception sending patch compliance data: {ex.Message}");
return false;
}
}
}
}

9
OversightService/Services/LoginResponse.cs Normal file
View File

@@ -0,0 +1,9 @@
namespace OversightService.Services
{
public class LoginResponse
{
public string Token { get; set; }
public string Username { get; set; }
public int UserId { get; set; }
}
}

97
OversightService/Services/OsqueryService.cs Normal file
View File

@@ -0,0 +1,97 @@
using System;
using System.Collections.Generic;
using System.Diagnostics;
using System.IO;
using Newtonsoft.Json.Linq;
namespace OversightService.Services
{
public static class OsqueryService
{
private static string GetLogPath(string filename)
{
string logDir = Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData), "PSG-Oversight");
Directory.CreateDirectory(logDir);
return Path.Combine(logDir, filename);
}
private static string GetOsqueryPath()
{
var baseDir = AppContext.BaseDirectory;
var path = Path.Combine(baseDir, "Assets", "osqueryi.exe");
if (!File.Exists(path))
{
try
{
File.AppendAllText(GetLogPath("osquery_error.log"), $"[{DateTime.Now}] ❌ osqueryi.exe not found at {path}\n");
}
catch { /* Silently fail if we can't write logs */ }
throw new FileNotFoundException("osqueryi.exe not found", path);
}
return path;
}
private static string RunQuery(string sql)
{
var processInfo = new ProcessStartInfo
{
FileName = GetOsqueryPath(),
Arguments = $"--json \"{sql}\"",
RedirectStandardOutput = true,
UseShellExecute = false,
CreateNoWindow = true
};
using var process = Process.Start(processInfo); // ✅ FIXED — actually start the process
if (process == null)
throw new Exception("Failed to start osquery process");
string output = process.StandardOutput.ReadToEnd();
process.WaitForExit();
// Optional debug logging
try
{
File.AppendAllText(GetLogPath("osquery_debug.log"),
$"[{DateTime.Now}] Ran query: {sql}\nOutput length: {output.Length}\n");
}
catch { /* Silently fail if we can't write logs */ }
return output;
}
public static List<Dictionary<string, string>> Query(string sql)
{
string json = RunQuery(sql);
try
{
var jArray = JArray.Parse(json);
var results = new List<Dictionary<string, string>>();
foreach (var obj in jArray)
{
var dict = new Dictionary<string, string>();
foreach (var prop in (JObject)obj)
dict[prop.Key] = prop.Value?.ToString() ?? "";
results.Add(dict);
}
return results;
}
catch (Exception ex)
{
try
{
File.AppendAllText(GetLogPath("osquery_error.log"),
$"[{DateTime.Now}] ⚠️ JSON parse failed for query '{sql}': {ex.Message}\n");
}
catch { /* Silently fail if we can't write logs */ }
return new List<Dictionary<string, string>>();
}
}
}
}

152
OversightService/Services/OsqueryTaskScheduler.cs Normal file
View File

@@ -0,0 +1,152 @@
using System;
using System.Collections.Generic;
using System.Linq;
using System.Threading;
using System.Threading.Tasks;
using System.IO;
using Newtonsoft.Json;
namespace OversightService.Services
{
/// <summary>
/// Manages scheduled osquery-based tasks
/// Designed to be portable to Windows Service (OversightService) later
/// </summary>
public class OsqueryTaskScheduler
{
private readonly List<IScheduledTask> _tasks = new();
private readonly Timer _timer;
private readonly string _stateFilePath;
private bool _isRunning;
public OsqueryTaskScheduler()
{
// Store task state in AppData to persist last run times
var appDataDir = Path.Combine(
Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData),
"PSG-Oversight"
);
Directory.CreateDirectory(appDataDir);
_stateFilePath = Path.Combine(appDataDir, "task_scheduler_state.json");
// Check every minute for tasks that need to run
_timer = new Timer(CheckAndRunTasks, null, TimeSpan.Zero, TimeSpan.FromMinutes(1));
}
/// <summary>
/// Register a task with the scheduler
/// </summary>
public void RegisterTask(IScheduledTask task)
{
_tasks.Add(task);
LoadTaskState(task);
}
/// <summary>
/// Start the scheduler
/// </summary>
public void Start()
{
_isRunning = true;
}
/// <summary>
/// Stop the scheduler
/// </summary>
public void Stop()
{
_isRunning = false;
_timer?.Change(Timeout.Infinite, Timeout.Infinite);
}
private async void CheckAndRunTasks(object? state)
{
if (!_isRunning) return;
foreach (var task in _tasks.Where(t => t.ShouldRun()))
{
try
{
await task.ExecuteAsync();
task.LastRun = DateTime.Now;
SaveTaskState(task);
}
catch (Exception ex)
{
LogError($"Task '{task.TaskName}' failed: {ex.Message}");
}
}
}
private void LoadTaskState(IScheduledTask task)
{
try
{
if (!File.Exists(_stateFilePath)) return;
var json = File.ReadAllText(_stateFilePath);
var states = JsonConvert.DeserializeObject<Dictionary<string, DateTime>>(json);
if (states != null && states.TryGetValue(task.TaskName, out var lastRun))
{
task.LastRun = lastRun;
}
}
catch (Exception ex)
{
LogError($"Failed to load task state: {ex.Message}");
}
}
private void SaveTaskState(IScheduledTask task)
{
try
{
Dictionary<string, DateTime> states;
if (File.Exists(_stateFilePath))
{
var json = File.ReadAllText(_stateFilePath);
states = JsonConvert.DeserializeObject<Dictionary<string, DateTime>>(json)
?? new Dictionary<string, DateTime>();
}
else
{
states = new Dictionary<string, DateTime>();
}
states[task.TaskName] = task.LastRun ?? DateTime.Now;
var updatedJson = JsonConvert.SerializeObject(states, Formatting.Indented);
File.WriteAllText(_stateFilePath, updatedJson);
}
catch (Exception ex)
{
LogError($"Failed to save task state: {ex.Message}");
}
}
private void LogError(string message)
{
try
{
var logDir = Path.Combine(
Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData),
"PSG-Oversight"
);
var logPath = Path.Combine(logDir, "scheduler_error.log");
File.AppendAllText(logPath, $"[{DateTime.Now}] {message}\n");
}
catch
{
// Silently fail if we can't write logs
}
}
public void Dispose()
{
Stop();
_timer?.Dispose();
}
}
}

132
OversightService/Services/PatchComplianceTask.cs Normal file
View File

@@ -0,0 +1,132 @@
using System;
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;
namespace OversightService.Services
{
/// <summary>
/// Scheduled task that collects Windows update history using osquery
/// and sends it to the backend API
/// </summary>
public class PatchComplianceTask : ScheduledTask
{
private readonly AppConfig _config;
private readonly ApiClient _apiClient;
public override string TaskName => "PatchCompliance";
public override TimeSpan Interval =>
TimeSpan.FromHours(_config.PatchCompliance.CheckIntervalHours);
public PatchComplianceTask(AppConfig config, ApiClient apiClient)
{
_config = config;
_apiClient = apiClient;
// Initialize LastRun from config if available
LastRun = _config.PatchCompliance.LastCheckTime;
}
public override bool ShouldRun()
{
// Don't run if disabled in config
if (!_config.PatchCompliance.Enabled)
return false;
return base.ShouldRun();
}
public override async Task ExecuteAsync()
{
try
{
// Query windows_update_history from osquery
var updates = OsqueryService.Query(@"
SELECT
date,
title,
update_id
FROM windows_update_history
ORDER BY date DESC;
");
if (!updates.Any())
{
LogInfo("No Windows update history found.");
return;
}
// Transform to API-friendly format
var patchData = updates.Select(u => new
{
date = u.GetValueOrDefault("date"),
title = u.GetValueOrDefault("title"),
updateId = u.GetValueOrDefault("update_id")
}).ToList();
LogInfo($"Collected {patchData.Count} Windows updates.");
// Send to API
await _apiClient.PostPatchComplianceAsync(patchData);
// Update config with last check time
_config.PatchCompliance.LastCheckTime = DateTime.Now;
SaveConfig();
LogInfo("Patch compliance data sent successfully.");
}
catch (Exception ex)
{
LogError($"PatchComplianceTask failed: {ex.Message}");
throw;
}
}
private void SaveConfig()
{
try
{
var configPath = System.IO.Path.Combine(AppContext.BaseDirectory, "config.json");
var json = Newtonsoft.Json.JsonConvert.SerializeObject(_config, Newtonsoft.Json.Formatting.Indented);
System.IO.File.WriteAllText(configPath, json);
}
catch (Exception ex)
{
LogError($"Failed to save config: {ex.Message}");
}
}
private void LogInfo(string message)
{
if (!_config.EnableLogging) return;
try
{
var logDir = System.IO.Path.Combine(
Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData),
"PSG-Oversight"
);
System.IO.Directory.CreateDirectory(logDir);
var logPath = System.IO.Path.Combine(logDir, "patch_compliance.log");
System.IO.File.AppendAllText(logPath, $"[{DateTime.Now}] INFO: {message}\n");
}
catch { }
}
private void LogError(string message)
{
try
{
var logDir = System.IO.Path.Combine(
Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData),
"PSG-Oversight"
);
System.IO.Directory.CreateDirectory(logDir);
var logPath = System.IO.Path.Combine(logDir, "patch_compliance.log");
System.IO.File.AppendAllText(logPath, $"[{DateTime.Now}] ERROR: {message}\n");
}
catch { }
}
}
}

35
OversightService/Services/ScheduledTask.cs Normal file
View File

@@ -0,0 +1,35 @@
using System;
using System.Threading.Tasks;
namespace OversightService.Services
{
/// <summary>
/// Base interface for scheduled tasks
/// </summary>
public interface IScheduledTask
{
string TaskName { get; }
TimeSpan Interval { get; }
DateTime? LastRun { get; set; }
Task ExecuteAsync();
bool ShouldRun();
}
/// <summary>
/// Base class for scheduled tasks with common logic
/// </summary>
public abstract class ScheduledTask : IScheduledTask
{
public abstract string TaskName { get; }
public abstract TimeSpan Interval { get; }
public DateTime? LastRun { get; set; }
public abstract Task ExecuteAsync();
public virtual bool ShouldRun()
{
if (LastRun == null) return true;
return DateTime.Now - LastRun >= Interval;
}
}
}

77
OversightService/Worker.cs
View File

@@ -1,8 +1,12 @@
using OversightService.Services;
namespace OversightService
{
public class Worker : BackgroundService
{
private readonly ILogger<Worker> _logger;
private OsqueryTaskScheduler? _taskScheduler;
private AppConfig? _config;
public Worker(ILogger<Worker> logger)
{
@@ -11,14 +15,77 @@ namespace OversightService
protected override async Task ExecuteAsync(CancellationToken stoppingToken)
{
_logger.LogInformation("OversightService starting...");
try
{
// Load configuration
_config = LoadConfig();
_logger.LogInformation("Configuration loaded successfully.");
// Initialize osquery task scheduler
InitializeTaskScheduler();
_logger.LogInformation("Task scheduler initialized successfully.");
}
catch (Exception ex)
{
_logger.LogError(ex, "Failed to initialize OversightService");
throw;
}
// Keep service running
while (!stoppingToken.IsCancellationRequested)
{
if (_logger.IsEnabled(LogLevel.Information))
{
_logger.LogInformation("Worker running at: {time}", DateTimeOffset.Now);
}
await Task.Delay(1000, stoppingToken);
await Task.Delay(TimeSpan.FromMinutes(1), stoppingToken);
}
// Cleanup on shutdown
_logger.LogInformation("OversightService stopping...");
_taskScheduler?.Stop();
}
private AppConfig LoadConfig()
{
var configPath = Path.Combine(AppContext.BaseDirectory, "config.json");
if (!File.Exists(configPath))
{
throw new FileNotFoundException($"Config file not found at {configPath}");
}
var json = File.ReadAllText(configPath);
var config = Newtonsoft.Json.JsonConvert.DeserializeObject<AppConfig>(json);
if (config == null)
{
throw new InvalidOperationException("Failed to deserialize config.json");
}
return config;
}
private void InitializeTaskScheduler()
{
if (_config == null)
{
throw new InvalidOperationException("Config must be loaded before initializing scheduler");
}
_taskScheduler = new OsqueryTaskScheduler();
// Register patch compliance task if enabled
if (_config.PatchCompliance.Enabled)
{
var apiClient = new ApiClient(_config);
var patchTask = new PatchComplianceTask(_config, apiClient);
_taskScheduler.RegisterTask(patchTask);
_logger.LogInformation("Patch compliance task registered (interval: {hours} hours)",
_config.PatchCompliance.CheckIntervalHours);
}
// Start the scheduler
_taskScheduler.Start();
}
}
}

14
OversightService/config.json Normal file
View File

@@ -0,0 +1,14 @@
{
"ServerUrl": "https://yourserver.com/api/status",
"EnableLogging": true,
"ClientIdentifier": "your-default-client-id",
"Auth": {
"Username": "testuser",
"Password": "testpassword"
},
"PatchCompliance": {
"Enabled": true,
"CheckIntervalHours": 24,
"LastCheckTime": null
}
}

BIN
OversightService/osqueryi.exe Normal file
View File

Binary file not shown.