sonderau/psg-oversight-app
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: sonderau:v1.1.3
Branches Tags
sonderau:master sonderau:libosquery
sonderau:v1.2.0 sonderau:v1.1.4 sonderau:v1.1.3 sonderau:v1.1.2 sonderau:v1.1.1 sonderau:v1.1.0
...
compare: sonderau:037bd195dbb949d7cc3f1ce92d91847df34cc4be
Branches Tags
sonderau:master sonderau:libosquery
sonderau:v1.2.0 sonderau:v1.1.4 sonderau:v1.1.3 sonderau:v1.1.2 sonderau:v1.1.1 sonderau:v1.1.0

3 Commits
v1.1.3 ... 037bd195db

Author SHA1 Message Date
sonderau
037bd195db Release v1.2.0: Integrate osquery for enhanced system information 
Major Features:
- Integrated osquery for comprehensive system information gathering
- Added OsqueryService for executing SQL queries against system tables
- Implemented Osquery Console tab for interactive SQL queries

System Info Improvements:
- Enhanced system info collection using osquery tables
- Added support for multiple GPU detection
- Improved memory detection with proper GB formatting
- Fixed OS Architecture detection (x64/x86)
- Better network interface detection (IPv4 only)
- Human-readable timestamp formatting

UI/UX Enhancements:
- Added window resizing with corner drag support
- Implemented dynamic window sizing (SizeToContent)
- Added ScrollViewer for content overflow
- Improved IP address formatting with bullet points
- Added field labels to all system info displays
- Set minimum/maximum window size constraints

Bug Fixes:
- Fixed XAML StackPanel Spacing property issue
- Merged duplicate MainWindow constructors
- Fixed non-nullable field warnings
- Fixed EventHandler nullability signatures
- Removed redundant hostname/OS name fields
- Fixed GPU registry query to detect all GPUs

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-10-29 07:46:21 +08:00
sonderau
fada3ace65 Add osquery submodule and link libosquery 2025-10-15 12:12:23 +08:00
sonderau
ef67d76e54 Dropped the userInstalledApplications entirely. 2025-10-13 11:05:23 +08:00
12 changed files with 639 additions and 547 deletions
Expand all files Collapse all files

4
.claude/settings.local.json
View File

@@ -1,7 +1,9 @@
{ {
"permissions": { "permissions": {
"allow": [ "allow": [
"Bash(dotnet build:*)" "Bash(dotnet build:*)",
"Bash(git add:*)",
"Bash(git commit -m \"$(cat <<''EOF''\nRelease v1.2.0: Integrate osquery for enhanced system information\n\nMajor Features:\n- Integrated osquery for comprehensive system information gathering\n- Added OsqueryService for executing SQL queries against system tables\n- Implemented Osquery Console tab for interactive SQL queries\n\nSystem Info Improvements:\n- Enhanced system info collection using osquery tables\n- Added support for multiple GPU detection\n- Improved memory detection with proper GB formatting\n- Fixed OS Architecture detection (x64/x86)\n- Better network interface detection (IPv4 only)\n- Human-readable timestamp formatting\n\nUI/UX Enhancements:\n- Added window resizing with corner drag support\n- Implemented dynamic window sizing (SizeToContent)\n- Added ScrollViewer for content overflow\n- Improved IP address formatting with bullet points\n- Added field labels to all system info displays\n- Set minimum/maximum window size constraints\n\nBug Fixes:\n- Fixed XAML StackPanel Spacing property issue\n- Merged duplicate MainWindow constructors\n- Fixed non-nullable field warnings\n- Fixed EventHandler nullability signatures\n- Removed redundant hostname/OS name fields\n- Fixed GPU registry query to detect all GPUs\n\n🤖 Generated with [Claude Code](https://claude.com/claude-code)\n\nCo-Authored-By: Claude <noreply@anthropic.com>\nEOF\n)\")"
], ],
"deny": [], "deny": [],
"ask": [] "ask": []

3
.gitmodules vendored Normal file
View File

@@ -0,0 +1,3 @@
[submodule "deps/osquery"]
path = deps/osquery
url = https://github.com/osquery/osquery.git

BIN
LD-SysInfo/Assets/osqueryi.exe Normal file
View File

Binary file not shown.

39
LD-SysInfo/Config.cs Normal file
View File

@@ -0,0 +1,39 @@
#nullable disable
using System;
using System.IO;
using Newtonsoft.Json;
namespace LD_SysInfo
{
public class AppConfig
{
[JsonProperty("ServerUrl")] public string ServerUrl { get; set; } = "https://yourserver.com/api/status";
[JsonProperty("EnableLogging")] public bool EnableLogging { get; set; } = true;
[JsonProperty("KeepAlivePeriod")] public int KeepAlivePeriod { get; set; } = 30;
[JsonProperty("SystemInfoInterval")] public int SystemInfoInterval { get; set; } = 60;
[JsonProperty("ClientIdentifier")] public string ClientIdentifier { get; set; } = "your-default-client-id";
[JsonProperty("Auth")] public AuthConfig Auth { get; set; } = new();
}
public class AuthConfig
{
[JsonProperty("Username")] public string Username { get; set; } = "testuser";
[JsonProperty("Password")] public string Password { get; set; } = "testpassword";
}
public static class ConfigManager
{
private static readonly string ConfigPath = Path.Combine(AppContext.BaseDirectory, "config.json");
public static AppConfig LoadConfig(string? pathOverride = null)
{
string path = pathOverride ?? ConfigPath;
if (!File.Exists(path))
throw new FileNotFoundException($"Config file not found at {path}");
string json = File.ReadAllText(path);
return JsonConvert.DeserializeObject<AppConfig>(json) ?? new AppConfig();
}
}
}

10
LD-SysInfo/LD_SysInfo.csproj
View File

@@ -13,9 +13,9 @@
<IncludeSatelliteAssembliesForPublish>false</IncludeSatelliteAssembliesForPublish> <IncludeSatelliteAssembliesForPublish>false</IncludeSatelliteAssembliesForPublish>
<!-- 🔢 Version Info --> <!-- 🔢 Version Info -->
<AssemblyVersion>1.0.0.0</AssemblyVersion> <AssemblyVersion>1.2.0.0</AssemblyVersion>
<FileVersion>1.0.3.0</FileVersion> <FileVersion>1.2.0.0</FileVersion>
<Version>1.0.3</Version> <Version>1.2.0</Version>
<!-- ✅ Enables source metadata and Git info --> <!-- ✅ Enables source metadata and Git info -->
<Deterministic>true</Deterministic> <Deterministic>true</Deterministic>
@@ -48,9 +48,13 @@
<ItemGroup> <ItemGroup>
<ApplicationDefinition Remove="App.xaml" /> <ApplicationDefinition Remove="App.xaml" />
<None Remove="Assets\osqueryi.exe" />
<None Remove="Assets\trayicon.ico" /> <None Remove="Assets\trayicon.ico" />
<None Remove="config.json" /> <None Remove="config.json" />
<Content Include="Assets\LDShortcut.ico" /> <Content Include="Assets\LDShortcut.ico" />
<Content Include="Assets\osqueryi.exe">
<CopyToOutputDirectory>Always</CopyToOutputDirectory>
</Content>
<Page Include="App.xaml" /> <Page Include="App.xaml" />
</ItemGroup> </ItemGroup>

93
LD-SysInfo/MainWindow.xaml
View File

@@ -11,11 +11,15 @@
mc:Ignorable="d" mc:Ignorable="d"
Title="PSG - Oversight" Title="PSG - Oversight"
Height="500" SizeToContent="Height"
Width="400" Width="420"
MinHeight="400"
MinWidth="350"
MaxHeight="800"
Icon="Assets/trayicon.ico" Icon="Assets/trayicon.ico"
WindowStyle="None" WindowStyle="None"
AllowsTransparency="True" AllowsTransparency="True"
ResizeMode="CanResizeWithGrip"
Background="Transparent" Background="Transparent"
Foreground="{DynamicResource TextDarkBrush}"> Foreground="{DynamicResource TextDarkBrush}">
@@ -225,6 +229,7 @@
<TabItem Header="SysInfo" FontSize="16"/> <TabItem Header="SysInfo" FontSize="16"/>
<TabItem Header="InstalledApps" FontSize="16"/> <TabItem Header="InstalledApps" FontSize="16"/>
<TabItem Header="Status" FontSize="16"/> <TabItem Header="Status" FontSize="16"/>
<TabItem Header="Osquery" FontSize="16"/>
</TabControl> </TabControl>
<!-- <!--
@@ -264,6 +269,7 @@
<!-- 🔹 SysInfo Tab --> <!-- 🔹 SysInfo Tab -->
<TabItem Header="SysInfo"> <TabItem Header="SysInfo">
<ScrollViewer VerticalScrollBarVisibility="Auto" HorizontalScrollBarVisibility="Disabled">
<StackPanel Margin="5,0,5,0" VerticalAlignment="Top"> <StackPanel Margin="5,0,5,0" VerticalAlignment="Top">
<TextBlock x:Name="HostnameTextBlock" Text="Hostname" FontSize="12" Margin="5" Foreground="{DynamicResource TextBrush}" /> <TextBlock x:Name="HostnameTextBlock" Text="Hostname" FontSize="12" Margin="5" Foreground="{DynamicResource TextBrush}" />
<TextBlock x:Name="OSNameTextBlock" Text="OS Name" FontSize="12" Margin="5" Foreground="{DynamicResource TextBrush}" /> <TextBlock x:Name="OSNameTextBlock" Text="OS Name" FontSize="12" Margin="5" Foreground="{DynamicResource TextBrush}" />
@@ -275,46 +281,49 @@
<TextBlock x:Name="ProcessorArchitectureTextBlock" Text="Processor Architecture" FontSize="12" Margin="5" Foreground="{DynamicResource TextBrush}" /> <TextBlock x:Name="ProcessorArchitectureTextBlock" Text="Processor Architecture" FontSize="12" Margin="5" Foreground="{DynamicResource TextBrush}" />
<!-- New fields -->
<TextBlock x:Name="MemoryTextBlock" Text="Total Memory" FontSize="12" Margin="5" Foreground="{DynamicResource TextBrush}" />
<TextBlock x:Name="GpuTextBlock" Text="GPU(s)" FontSize="12" Margin="5" Foreground="{DynamicResource TextBrush}" TextWrapping="Wrap" />
<TextBlock x:Name="IpTextBlock" Text="IP Addresses" FontSize="12" Margin="5" Foreground="{DynamicResource TextBrush}" TextWrapping="Wrap" />
<TextBlock x:Name="CollectedAtTextBlock" Text="Last updated: N/A" FontSize="12" Margin="8,10,5,5" Foreground="{DynamicResource TextDarkBrush}" FontStyle="Italic" />
<StackPanel Orientation="Horizontal" Margin="5,8,5,5" HorizontalAlignment="Left">
<Button Content="Refresh now"
Style="{StaticResource CustomRaisedButton}"
Background="{DynamicResource PrimaryBrush}"
Foreground="{DynamicResource SelectedLightBrush}"
Click="RefreshButton_Click"
Width="120"
Margin="0,0,8,0" />
<Button Content="Export to CSV" <Button Content="Export to CSV"
Style="{StaticResource CustomRaisedButton}" Style="{StaticResource CustomRaisedButton}"
Background="{DynamicResource PrimaryBrush}" Background="{DynamicResource PrimaryBrush}"
Foreground="{DynamicResource SelectedLightBrush}" Foreground="{DynamicResource SelectedLightBrush}"
Click="ExportToCsvButton_Click" Click="ExportToCsvButton_Click"
Width="200" Width="120"
Margin="5" Margin="0,0,8,0" />
HorizontalAlignment="Left" />
<Button Content="Save System Info" <Button Content="Save System Info"
Style="{StaticResource CustomRaisedButton}" Style="{StaticResource CustomRaisedButton}"
Background="{DynamicResource PrimaryBrush}" Background="{DynamicResource PrimaryBrush}"
Foreground="{DynamicResource SelectedLightBrush}" Foreground="{DynamicResource SelectedLightBrush}"
Click="StoreSystemInfoButton_Click" Click="StoreSystemInfoButton_Click"
Width="200" Width="120" />
Margin="5" </StackPanel>
HorizontalAlignment="Left" />
<CheckBox <CheckBox x:Name="IncludeInstalledAppsCheckBox"
x:Name="IncludeInstalledAppsCheckBox"
Content="Include installed Apps?" Content="Include installed Apps?"
FontSize="14" FontSize="14"
Margin="5" Margin="5"
Foreground="{DynamicResource TextDarkBrush}" Foreground="{DynamicResource TextDarkBrush}"
Style="{StaticResource MaterialDesignCheckBox}" /> Style="{StaticResource MaterialDesignCheckBox}" />
<TextBlock x:Name="StatusTextBlock" <TextBlock x:Name="StatusTextBlock"
FontSize="14" FontSize="14"
FontWeight="SemiBold" FontWeight="SemiBold"
Margin="10,5" Margin="10,5"
Foreground="{DynamicResource ErrorBrush}" /> Foreground="{DynamicResource ErrorBrush}" />
</StackPanel> </StackPanel>
</ScrollViewer>
</TabItem> </TabItem>
<!-- 🔹 InstalledApps Tab --> <!-- 🔹 InstalledApps Tab -->
@@ -401,6 +410,52 @@
</StackPanel> </StackPanel>
</TabItem> </TabItem>
<!-- 🔹 Osquery Console Tab -->
<TabItem Header="Osquery">
<Grid Background="{DynamicResource BackgroundDarkBrush}" Margin="10">
<Grid.RowDefinitions>
<RowDefinition Height="Auto"/>
<RowDefinition Height="Auto"/>
<RowDefinition Height="*"/>
</Grid.RowDefinitions>
<TextBlock Text="Enter Osquery SQL:" FontWeight="Bold" Margin="0,0,0,4" Foreground="{DynamicResource TextLightBrush}"/>
<TextBox x:Name="OsqueryQueryBox"
Grid.Row="1"
Height="60"
TextWrapping="Wrap"
VerticalScrollBarVisibility="Auto"
Background="#252526"
Foreground="White"
FontFamily="Consolas"
FontSize="14"
AcceptsReturn="True"
Text="SELECT * FROM system_info;" />
<Button Grid.Row="1"
Content="Run Query"
HorizontalAlignment="Right"
VerticalAlignment="Top"
Width="120"
Margin="0,4,0,0"
Click="RunOsqueryQuery_Click"/>
<TextBox x:Name="OsqueryOutputBox"
Grid.Row="2"
Margin="0,10,0,0"
TextWrapping="Wrap"
VerticalScrollBarVisibility="Auto"
HorizontalScrollBarVisibility="Auto"
Background="#1e1e1e"
Foreground="#dcdcdc"
FontFamily="Consolas"
FontSize="13"
AcceptsReturn="True"
IsReadOnly="True"
Text="Results will appear here..." />
</Grid>
</TabItem>
</TabControl> </TabControl>
</Border> </Border>

183
LD-SysInfo/MainWindow.xaml.cs
View File

@@ -38,21 +38,23 @@ namespace LD_SysInfo
{ {
private static readonly HttpClient httpClient = new HttpClient(); private static readonly HttpClient httpClient = new HttpClient();
private static AppConfig _config; private static AppConfig _config = null!; // Initialized in LoadConfig
private static string jwtToken = null; // 🔹 Store the JWT token globally in the app private static string? jwtToken = null; // 🔹 Store the JWT token globally in the app
private readonly DispatcherTimer messageClearTimer; private readonly DispatcherTimer messageClearTimer = null!; // Initialized in constructor
private readonly DispatcherTimer postTimer; private readonly DispatcherTimer postTimer = null!; // Initialized in constructor
private readonly DispatcherTimer keepAliveTimer; private readonly DispatcherTimer keepAliveTimer = null!; // Initialized in constructor
private readonly DispatcherTimer tokenRefreshTimer; private readonly DispatcherTimer tokenRefreshTimer = null!; // Initialized in constructor
private readonly Uri LightThemeUri = new Uri("pack://application:,,,/Themes/LightTheme.xaml", UriKind.Absolute); private readonly Uri LightThemeUri = new Uri("pack://application:,,,/Themes/LightTheme.xaml", UriKind.Absolute);
private readonly Uri DarkThemeUri = new Uri("pack://application:,,,/Themes/DarkTheme.xaml", UriKind.Absolute); private readonly Uri DarkThemeUri = new Uri("pack://application:,,,/Themes/DarkTheme.xaml", UriKind.Absolute);
private bool isDarkTheme = false; private bool isDarkTheme = false;
private SystemInfo _cachedSystemInfo = null!; // Initialized in DisplaySystemInfo
private static readonly string ConfigPath = Path.Combine(AppContext.BaseDirectory, "config.json"); private static readonly string ConfigPath = Path.Combine(AppContext.BaseDirectory, "config.json");
public MainWindow() public MainWindow()
{ {
// ⚠️ Temporary SSL Certificate Bypass - For Testing Only // ⚠️ Temporary SSL Certificate Bypass - For Testing Only
System.Net.ServicePointManager.ServerCertificateValidationCallback += (sender, cert, chain, sslPolicyErrors) => true; System.Net.ServicePointManager.ServerCertificateValidationCallback += (sender, cert, chain, sslPolicyErrors) => true;
@@ -109,9 +111,35 @@ namespace LD_SysInfo
tokenRefreshTimer.Tick += TokenRefreshTimer_Tick; tokenRefreshTimer.Tick += TokenRefreshTimer_Tick;
tokenRefreshTimer.Start(); tokenRefreshTimer.Start();
// Ensure initial refresh occurs after UI is ready
this.Loaded += async (s, e) =>
{
// Small delay so UI visuals finish initializing
await Task.Delay(50);
await RefreshSystemInfoAsync();
};
} }
private async void RunOsqueryQuery_Click(object sender, RoutedEventArgs e)
{
OsqueryOutputBox.Text = "Running query...";
string sql = OsqueryQueryBox.Text.Trim();
try
{
var result = await Task.Run(() => OsqueryService.Query(sql));
string prettyJson = System.Text.Json.JsonSerializer.Serialize(result,
new System.Text.Json.JsonSerializerOptions { WriteIndented = true });
OsqueryOutputBox.Text = prettyJson;
}
catch (Exception ex)
{
OsqueryOutputBox.Text = $"❌ Error running query:\n{ex}";
}
}
private void LoadConfig() private void LoadConfig()
{ {
@@ -120,7 +148,7 @@ namespace LD_SysInfo
//System.Windows.MessageBox.Show($"DEBUG: AppContext.BaseDirectory = {AppContext.BaseDirectory}"); //System.Windows.MessageBox.Show($"DEBUG: AppContext.BaseDirectory = {AppContext.BaseDirectory}");
//System.Windows.MessageBox.Show($"DEBUG: ConfigPath = {ConfigPath}"); //System.Windows.MessageBox.Show($"DEBUG: ConfigPath = {ConfigPath}");
if (!File.Exists((string?)ConfigPath)) if (!File.Exists(ConfigPath))
{ {
System.Windows.MessageBox.Show("❌ config.json not found at resolved path!"); System.Windows.MessageBox.Show("❌ config.json not found at resolved path!");
} }
@@ -226,7 +254,7 @@ namespace LD_SysInfo
string logDir = Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData), "LD_SysInfo", "Logs"); string logDir = Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData), "LD_SysInfo", "Logs");
Directory.CreateDirectory(logDir); // Ensure directory exists Directory.CreateDirectory(logDir); // Ensure directory exists
string logFile = Path.Combine(logDir, $"log_{DateTime.Now:yyyyMMdd_HHmmss}.txt"); string logFile = Path.Combine(logDir, $"log_{DateTime.Now:yyyyMMdd_HHmms}.txt");
File.WriteAllText(logFile, "=== LD SysInfo Diagnostic Log ===\n"); File.WriteAllText(logFile, "=== LD SysInfo Diagnostic Log ===\n");
File.AppendAllText(logFile, $"Timestamp: {DateTime.Now}\n"); File.AppendAllText(logFile, $"Timestamp: {DateTime.Now}\n");
@@ -244,21 +272,15 @@ namespace LD_SysInfo
private void DisplaySystemInfo() private void DisplaySystemInfo()
{ {
var sysInfo = SystemInfo.GetSystemInfo(); _cachedSystemInfo = SystemInfo.GetSystemInfo();
OSNameTextBlock.Text = $"OS Name: {sysInfo.OSName}"; UpdateSysInfoUI(_cachedSystemInfo);
OSVersionTextBlock.Text = $"OS Version: {sysInfo.OSVersion}";
WindowsVersionTextBlock.Text = $"Windows Version: {sysInfo.WindowsVersion}";
WindowsBuildTextBlock.Text = $"Windows Build: {sysInfo.WindowsBuild}";
OSArchitectureTextBlock.Text = $"OS Architecture: {sysInfo.OSArchitecture}";
ProcessorNameTextBlock.Text = $"Processor Name: {sysInfo.ProcessorName}";
ProcessorArchitectureTextBlock.Text = $"Processor Architecture: {sysInfo.ProcessorArchitecture}";
HostnameTextBlock.Text = $"Hostname: {sysInfo.Hostname}";
} }
private void LoadInstalledAppsButton_Click(object sender, RoutedEventArgs e) private void LoadInstalledAppsButton_Click(object sender, RoutedEventArgs e)
{ {
var applications = SystemInfo.GetInstalledApplicationsFromRegistry(); var sysInfo = SystemInfo.GetSystemInfo();
InstalledAppsListBox.ItemsSource = applications; InstalledAppsListBox.ItemsSource = sysInfo.InstalledApplications;
} }
private async void StoreSystemInfoButton_Click(object sender, RoutedEventArgs e) private async void StoreSystemInfoButton_Click(object sender, RoutedEventArgs e)
@@ -272,7 +294,7 @@ namespace LD_SysInfo
try try
{ {
var sysInfo = SystemInfo.GetSystemInfo(); var sysInfo = SystemInfo.GetSystemInfo();
var applications = SystemInfo.GetInstalledApplicationsFromRegistry(); var applications = sysInfo.InstalledApplications;
var formattedApplications = new List<object>(); var formattedApplications = new List<object>();
foreach (var app in applications) foreach (var app in applications)
@@ -337,7 +359,6 @@ namespace LD_SysInfo
lastBootTime = sysInfo.LastBootTime, lastBootTime = sysInfo.LastBootTime,
drives = sysInfo.Drives, drives = sysInfo.Drives,
installedApplications = formattedApplications, installedApplications = formattedApplications,
userInstalledApplications = formattedUserApplications,
windowsUpdates = formattedWindowsUpdates, windowsUpdates = formattedWindowsUpdates,
appXPackages = formattedAppXPackages appXPackages = formattedAppXPackages
}; };
@@ -470,7 +491,7 @@ namespace LD_SysInfo
writer.WriteLine("Installed Applications:"); writer.WriteLine("Installed Applications:");
writer.WriteLine("Name,Version,Publisher"); writer.WriteLine("Name,Version,Publisher");
var applications = SystemInfo.GetInstalledApplicationsFromRegistry(); var applications = sysInfo.InstalledApplications;
foreach (var app in applications) foreach (var app in applications)
{ {
writer.WriteLine($"{app.Name},{app.Version},{app.Publisher}"); writer.WriteLine($"{app.Name},{app.Version},{app.Publisher}");
@@ -566,7 +587,16 @@ namespace LD_SysInfo
messageClearTimer.Stop(); messageClearTimer.Stop();
} }
private async void PostTimer_Tick(object sender, EventArgs e) private void OpenOsqueryConsole_Click(object sender, RoutedEventArgs e)
{
var console = new OsqueryConsole
{
Owner = this
};
console.ShowDialog();
}
private async void PostTimer_Tick(object? sender, EventArgs e)
{ {
if (string.IsNullOrEmpty(ApiClient.GetJwtToken())) // Ensure authentication is active if (string.IsNullOrEmpty(ApiClient.GetJwtToken())) // Ensure authentication is active
{ {
@@ -576,8 +606,9 @@ namespace LD_SysInfo
var apiClient = new ApiClient(_config); // Create an instance of ApiClient var apiClient = new ApiClient(_config); // Create an instance of ApiClient
var sysInfo = SystemInfo.GetSystemInfo(); _cachedSystemInfo = SystemInfo.GetSystemInfo();
var applications = SystemInfo.GetInstalledApplicationsFromRegistry(); var sysInfo = _cachedSystemInfo;
var applications = sysInfo.InstalledApplications;
var formattedApplications = new List<object>(); var formattedApplications = new List<object>();
foreach (var app in applications) foreach (var app in applications)
@@ -671,7 +702,7 @@ namespace LD_SysInfo
} }
} }
private async void KeepAliveTimer_Tick(object sender, EventArgs e) private async void KeepAliveTimer_Tick(object? sender, EventArgs e)
{ {
var apiClient = new ApiClient(_config); var apiClient = new ApiClient(_config);
bool isConnected = await apiClient.CheckConnectivity(); bool isConnected = await apiClient.CheckConnectivity();
@@ -694,12 +725,12 @@ namespace LD_SysInfo
} }
private void MessageClearTimer_Tick(object sender, EventArgs e) private void MessageClearTimer_Tick(object? sender, EventArgs e)
{ {
FadeOutStatusMessage(); // Trigger the fade-out effect FadeOutStatusMessage(); // Trigger the fade-out effect
} }
private async void TokenRefreshTimer_Tick(object sender, EventArgs e) private async void TokenRefreshTimer_Tick(object? sender, EventArgs e)
{ {
if (string.IsNullOrEmpty(ApiClient.GetJwtToken())) if (string.IsNullOrEmpty(ApiClient.GetJwtToken()))
{ {
@@ -752,5 +783,101 @@ namespace LD_SysInfo
base.OnStateChanged(e); base.OnStateChanged(e);
} }
private void UpdateSysInfoUI(SystemInfo sysInfo)
{
if (sysInfo == null) return;
HostnameTextBlock.Text = $"Hostname: {(string.IsNullOrEmpty(sysInfo.Hostname) ? "N/A" : sysInfo.Hostname)}";
OSNameTextBlock.Text = $"OS Name: {(string.IsNullOrEmpty(sysInfo.OSName) ? "N/A" : sysInfo.OSName)}";
OSVersionTextBlock.Text = $"OS Version: {(string.IsNullOrEmpty(sysInfo.OSVersion) ? "N/A" : sysInfo.OSVersion)}";
WindowsVersionTextBlock.Text = $"Windows Version: {(string.IsNullOrEmpty(sysInfo.WindowsVersion) ? "N/A" : sysInfo.WindowsVersion)}";
WindowsBuildTextBlock.Text = $"Windows Build: {(string.IsNullOrEmpty(sysInfo.WindowsBuild) ? "N/A" : sysInfo.WindowsBuild)}";
OSArchitectureTextBlock.Text = $"OS Architecture: {(string.IsNullOrEmpty(sysInfo.OSArchitecture) ? "N/A" : sysInfo.OSArchitecture)}";
ProcessorNameTextBlock.Text = $"Processor Name: {(string.IsNullOrEmpty(sysInfo.ProcessorName) ? "N/A" : sysInfo.ProcessorName)}";
ProcessorArchitectureTextBlock.Text = $"Processor Architecture: {(string.IsNullOrEmpty(sysInfo.ProcessorArchitecture) ? "N/A" : sysInfo.ProcessorArchitecture)}";
// Memory
MemoryTextBlock.Text = $"Total Memory: {(string.IsNullOrEmpty(sysInfo.TotalMemory) ? "N/A" : sysInfo.TotalMemory)}";
// GPUs (join multiple models)
GpuTextBlock.Text = (sysInfo.GpuNames == null || sysInfo.GpuNames.Count == 0)
? "GPU(s): N/A"
: $"GPU(s): {string.Join(", ", sysInfo.GpuNames)}";
// IP addresses - format each on its own line for readability
if (sysInfo.IpAddresses == null || sysInfo.IpAddresses.Count == 0)
{
IpTextBlock.Text = "IP Addresses: N/A";
}
else
{
var parts = new List<string>();
foreach (var ni in sysInfo.IpAddresses)
{
var ip = string.IsNullOrEmpty(ni.IpAddress) ? "N/A" : ni.IpAddress;
parts.Add($" • {ip}");
}
IpTextBlock.Text = $"IP Addresses:\n{string.Join("\n", parts)}";
}
// CollectedAt / Last updated
CollectedAtTextBlock.Text = !string.IsNullOrEmpty(sysInfo.CollectedAt)
? $"Last updated: {sysInfo.CollectedAt}"
: $"Last updated: {DateTimeOffset.Now:g}";
}
private async Task RefreshSystemInfoAsync()
{
try
{
// Show immediate feedback
Dispatcher.Invoke(() =>
{
StatusTextBlock.Text = "Collecting system info...";
try { StatusTextBlock.Foreground = (SolidColorBrush)FindResource("StatusConnectedBrush"); } catch { StatusTextBlock.Foreground = new SolidColorBrush(Colors.Black); }
});
// Run osquery work off the UI thread
var info = await Task.Run(() => SystemInfo.GetSystemInfo());
_cachedSystemInfo = info;
// Update UI on UI thread
Dispatcher.Invoke(() =>
{
UpdateSysInfoUI(info);
CollectedAtTextBlock.Text = !string.IsNullOrEmpty(info.CollectedAt)
? $"Last updated: {info.CollectedAt}"
: $"Last updated: {DateTimeOffset.Now:g}";
StatusTextBlock.Text = "✅ System info refreshed";
try { StatusTextBlock.Foreground = (SolidColorBrush)FindResource("StatusConnectedBrush"); } catch { StatusTextBlock.Foreground = new SolidColorBrush(Colors.Green); }
});
}
catch (Exception ex)
{
Dispatcher.Invoke(() =>
{
StatusTextBlock.Text = $"❌ Refresh failed: {ex.Message}";
StatusTextBlock.Foreground = new SolidColorBrush(Colors.Red);
});
}
}
private async void RefreshButton_Click(object sender, RoutedEventArgs e)
{
// Disable the button while running (UI lookup)
if (sender is System.Windows.Controls.Button b)
{
b.IsEnabled = false;
}
await RefreshSystemInfoAsync();
if (sender is System.Windows.Controls.Button b2)
{
b2.IsEnabled = true;
}
}
} }
} }

50
LD-SysInfo/OsqueryConsole.xaml Normal file
View File

@@ -0,0 +1,50 @@
<Window x:Class="LD_SysInfo.OsqueryConsole"
xmlns="http://schemas.microsoft.com/winfx/2006/xaml/presentation"
xmlns:x="http://schemas.microsoft.com/winfx/2006/xaml"
Title="Osquery Console" Height="600" Width="800"
Background="#1e1e1e" Foreground="White"
WindowStartupLocation="CenterOwner">
<Grid Margin="10">
<Grid.RowDefinitions>
<RowDefinition Height="Auto"/>
<RowDefinition Height="Auto"/>
<RowDefinition Height="*"/>
</Grid.RowDefinitions>
<TextBlock Text="Enter Osquery SQL:" FontWeight="Bold" Margin="0,0,0,4"/>
<TextBox x:Name="QueryBox"
Grid.Row="1"
Height="60"
TextWrapping="Wrap"
VerticalScrollBarVisibility="Auto"
Background="#252526"
Foreground="White"
FontFamily="Consolas"
FontSize="14"
AcceptsReturn="True"
Text="SELECT * FROM system_info;" />
<Button Grid.Row="1"
Content="Run Query"
HorizontalAlignment="Right"
VerticalAlignment="Top"
Width="120"
Margin="0,4,0,0"
Click="RunQuery_Click"/>
<TextBox x:Name="OutputBox"
Grid.Row="2"
Margin="0,10,0,0"
TextWrapping="Wrap"
VerticalScrollBarVisibility="Auto"
HorizontalScrollBarVisibility="Auto"
Background="#1e1e1e"
Foreground="#dcdcdc"
FontFamily="Consolas"
FontSize="13"
AcceptsReturn="True"
IsReadOnly="True"
Text="Results will appear here..." />
</Grid>
</Window>

37
LD-SysInfo/OsqueryConsole.xaml.cs Normal file
View File

@@ -0,0 +1,37 @@
using System;
using System.Text.Json;
using System.Threading.Tasks;
using System.Windows;
using LD_SysInfo.Services;
namespace LD_SysInfo
{
public partial class OsqueryConsole : Window
{
public OsqueryConsole()
{
InitializeComponent();
}
private async void RunQuery_Click(object sender, RoutedEventArgs e)
{
OutputBox.Text = "Running query...";
string sql = QueryBox.Text.Trim();
try
{
var result = await Task.Run(() => OsqueryService.Query(sql));
string prettyJson = JsonSerializer.Serialize(result,
new JsonSerializerOptions { WriteIndented = true });
OutputBox.Text = prettyJson;
}
catch (Exception ex)
{
OutputBox.Text = $"❌ Error running query:\n{ex}";
}
}
}
}

78
LD-SysInfo/Services/OsqueryService.cs Normal file
View File

@@ -0,0 +1,78 @@
using System;
using System.Collections.Generic;
using System.Diagnostics;
using System.IO;
using Newtonsoft.Json.Linq;
namespace LD_SysInfo.Services
{
public static class OsqueryService
{
private static string GetOsqueryPath()
{
var baseDir = AppContext.BaseDirectory;
var path = Path.Combine(baseDir, "Assets", "osqueryi.exe");
if (!File.Exists(path))
{
File.AppendAllText("osquery_error.log", $"[{DateTime.Now}] ❌ osqueryi.exe not found at {path}\n");
throw new FileNotFoundException("osqueryi.exe not found", path);
}
return path;
}
private static string RunQuery(string sql)
{
var processInfo = new ProcessStartInfo
{
FileName = GetOsqueryPath(),
Arguments = $"--json \"{sql}\"",
RedirectStandardOutput = true,
UseShellExecute = false,
CreateNoWindow = true
};
using var process = Process.Start(processInfo); // ✅ FIXED — actually start the process
if (process == null)
throw new Exception("Failed to start osquery process");
string output = process.StandardOutput.ReadToEnd();
process.WaitForExit();
// Optional debug logging
File.AppendAllText("osquery_debug.log",
$"[{DateTime.Now}] Ran query: {sql}\nOutput length: {output.Length}\n");
return output;
}
public static List<Dictionary<string, string>> Query(string sql)
{
string json = RunQuery(sql);
try
{
var jArray = JArray.Parse(json);
var results = new List<Dictionary<string, string>>();
foreach (var obj in jArray)
{
var dict = new Dictionary<string, string>();
foreach (var prop in (JObject)obj)
dict[prop.Key] = prop.Value?.ToString() ?? "";
results.Add(dict);
}
return results;
}
catch (Exception ex)
{
File.AppendAllText("osquery_error.log",
$"[{DateTime.Now}] ⚠️ JSON parse failed for query '{sql}': {ex.Message}\n");
return new List<Dictionary<string, string>>();
}
}
}
}

660
LD-SysInfo/SystemInfo.cs
View File

@@ -1,532 +1,228 @@
using Microsoft.Win32; #nullable disable
using System.IO;
using System.Management;
using System.Diagnostics;
using System.Net.NetworkInformation;
using Newtonsoft.Json; using Newtonsoft.Json;
using System.Windows; using System;
using System.Collections.Generic;
using System.Diagnostics;
using System.IO;
using System.Linq;
using Newtonsoft.Json.Linq;
using LD_SysInfo.Services;
namespace LD_SysInfo namespace LD_SysInfo
{ {
public class AppConfig // Extension method for safe dictionary access
public static class DictionaryExtensions
{ {
[JsonProperty("ServerUrl")] public static string GetValueOrDefault(this Dictionary<string, string> dict, string key)
public string ServerUrl { get; set; } = "https://yourserver.com/api/status";
[JsonProperty("EnableLogging")]
public bool EnableLogging { get; set; } = true;
[JsonProperty("KeepAlivePeriod")]
public int KeepAlivePeriod { get; set; } = 30; // Ping/heartbeat every 30 seconds
[JsonProperty("SystemInfoInterval")]
public int SystemInfoInterval { get; set; } = 60; // Full system info POST every 60 seconds
[JsonProperty("ClientIdentifier")]
public string ClientIdentifier { get; set; } = "your-default-client-id";
[JsonProperty("Auth")]
public AuthConfig Auth { get; set; } = new AuthConfig();
}
public class AuthConfig
{ {
[JsonProperty("Username")] return dict.ContainsKey(key) ? dict[key] : "";
public string Username { get; set; } = "testuser";
[JsonProperty("Password")]
public string Password { get; set; } = "testpassword";
}
public static class ConfigManager
{
private static readonly string ConfigPath =
Path.Combine(AppContext.BaseDirectory, "config.json");
public static AppConfig LoadConfig(string configPath)
{
//System.Windows.MessageBox.Show($"[DEBUG] Calling LoadConfig from:\n{ConfigPath}");
if (File.Exists(ConfigPath))
{
string json = File.ReadAllText(ConfigPath);
return JsonConvert.DeserializeObject<AppConfig>(json);
}
throw new FileNotFoundException("❌ Config file not found at:\n" + ConfigPath);
} }
} }
public class InstalledApplication public class InstalledApplication
{ {
public string Name { get; set; } [JsonProperty("name")] public string Name { get; set; }
public string Version { get; set; } [JsonProperty("version")] public string Version { get; set; }
public string Publisher { get; set; } [JsonProperty("publisher")] public string Publisher { get; set; }
} }
public class WindowsUpdate public class WindowsUpdate
{ {
[JsonProperty("hotFixID")] [JsonProperty("hotFixID")] public string HotFixID { get; set; }
public string HotFixID { get; set; } [JsonProperty("description")] public string Description { get; set; }
[JsonProperty("installedOn")] public string InstalledOn { get; set; }
[JsonProperty("description")] [JsonProperty("installedBy")] public string InstalledBy { get; set; } // 🔹 added back for compatibility
public string Description { get; set; }
[JsonProperty("installedOn")]
public string InstalledOn { get; set; }
[JsonProperty("installedBy")]
public string InstalledBy { get; set; }
} }
public class AppXPackage public class AppXPackage
{ {
[JsonProperty("name")] [JsonProperty("name")] public string Name { get; set; }
public string Name { get; set; } [JsonProperty("version")] public string Version { get; set; }
[JsonProperty("publisher")] public string Publisher { get; set; }
[JsonProperty("version")] [JsonProperty("packageFullName")] public string PackageFullName { get; set; }
public string Version { get; set; }
[JsonProperty("publisher")]
public string Publisher { get; set; }
[JsonProperty("packageFullName")]
public string PackageFullName { get; set; }
} }
public class DriveInfoSummary public class DriveInfoSummary
{ {
[JsonProperty("name")] [JsonProperty("name")] public string Name { get; set; }
public string Name { get; set; } [JsonProperty("totalSizeGB")] public double TotalSizeGB { get; set; }
[JsonProperty("freeSpaceGB")] public double FreeSpaceGB { get; set; }
[JsonProperty("totalSizeGB")] [JsonProperty("driveType")] public string DriveType { get; set; }
public double TotalSizeGB { get; set; }
[JsonProperty("freeSpaceGB")]
public double FreeSpaceGB { get; set; }
[JsonProperty("driveType")]
public string DriveType { get; set; }
} }
public class NetworkInterfaceInfo public class NetworkInterfaceInfo
{ {
[JsonProperty("interfaceName")] [JsonProperty("interfaceName")] public string InterfaceName { get; set; }
public string InterfaceName { get; set; } [JsonProperty("ipAddress")] public string IpAddress { get; set; }
[JsonProperty("macAddress")] public string MacAddress { get; set; }
[JsonProperty("ipAddress")]
public string IpAddress { get; set; }
[JsonProperty("macAddress")]
public string MacAddress { get; set; }
} }
public class SystemInfo public class SystemInfo
{ {
[JsonProperty("osName")] [JsonProperty("hostname")] public string Hostname { get; set; }
public string OSName { get; set; } [JsonProperty("osName")] public string OSName { get; set; }
[JsonProperty("osVersion")] public string OSVersion { get; set; }
[JsonProperty("windowsVersion")] public string WindowsVersion { get; set; }
[JsonProperty("windowsBuild")] public string WindowsBuild { get; set; }
[JsonProperty("osArchitecture")] public string OSArchitecture { get; set; }
[JsonProperty("processorName")] public string ProcessorName { get; set; }
[JsonProperty("processorArchitecture")] public string ProcessorArchitecture { get; set; }
[JsonProperty("gpuNames")] public List<string> GpuNames { get; set; } = new();
[JsonProperty("totalMemory")] public string TotalMemory { get; set; }
[JsonProperty("ipAddresses")] public List<NetworkInterfaceInfo> IpAddresses { get; set; } = new();
[JsonProperty("lastBootTime")] public string LastBootTime { get; set; }
[JsonProperty("collectedAt")] public string CollectedAt { get; set; }
[JsonProperty("osVersion")] [JsonProperty("installedApplications")] public List<InstalledApplication> InstalledApplications { get; set; } = new();
public string OSVersion { get; set; } [JsonProperty("userInstalledApplications")] public List<InstalledApplication> UserInstalledApplications { get; set; } = new();
[JsonProperty("windowsUpdates")] public List<WindowsUpdate> WindowsUpdates { get; set; } = new();
[JsonProperty("windowsVersion")] [JsonProperty("appXPackages")] public List<AppXPackage> AppXPackages { get; set; } = new();
public string WindowsVersion { get; set; } [JsonProperty("drives")] public List<DriveInfoSummary> Drives { get; set; } = new();
[JsonProperty("windowsBuild")]
public string WindowsBuild { get; set; }
[JsonProperty("osArchitecture")]
public string OSArchitecture { get; set; }
[JsonProperty("processorName")]
public string ProcessorName { get; set; }
[JsonProperty("processorArchitecture")]
public string ProcessorArchitecture { get; set; }
[JsonProperty("hostname")]
public string Hostname { get; set; }
[JsonProperty("gpuNames")]
public List<string> GpuNames { get; set; }
[JsonProperty("totalMemory")]
public string TotalMemory { get; set; }
[JsonProperty("ipAddresses")]
public List<NetworkInterfaceInfo> IpAddresses { get; set; } = new();
[JsonProperty("lastBootTime")]
public string LastBootTime { get; set; }
[JsonProperty("collectedAt")]
public string CollectedAt { get; set; }
[JsonProperty("installedApplications")]
public List<InstalledApplication> InstalledApplications { get; set; }
[JsonProperty("userInstalledApplications")]
public List<InstalledApplication> UserInstalledApplications { get; set; } = new();
[JsonProperty("windowsUpdates")]
public List<WindowsUpdate> WindowsUpdates { get; set; } = new();
[JsonProperty("appXPackages")]
public List<AppXPackage> AppXPackages { get; set; } = new();
[JsonProperty("drives")]
public List<DriveInfoSummary> Drives { get; set; } = new();
private const string WindowsCurrentVersionKey = @"SOFTWARE\Microsoft\Windows NT\CurrentVersion";
public static SystemInfo GetSystemInfo() public static SystemInfo GetSystemInfo()
{ {
var sysInfo = new SystemInfo(); var info = new SystemInfo { CollectedAt = DateTime.Now.ToString("MMM dd, yyyy h:mm tt") };
try try
{ {
// Capture collection timestamp with timezone info // ✅ Base system info - using correct osquery column names
sysInfo.CollectedAt = DateTimeOffset.Now.ToString("o"); var sys = OsqueryService.Query("SELECT * FROM system_info;").FirstOrDefault();
if (sys != null)
{
info.Hostname = sys.GetValueOrDefault("hostname");
// OSName removed - was redundant with hostname
sysInfo.Hostname = Environment.MachineName; // Windows version info from os_version table
sysInfo.OSName = GetOSFriendlyName(); var osVer = OsqueryService.Query("SELECT * FROM os_version;").FirstOrDefault();
sysInfo.OSVersion = Environment.OSVersion.Version.ToString(); if (osVer != null)
sysInfo.WindowsVersion = GetRegistryValue(WindowsCurrentVersionKey, "DisplayVersion"); {
sysInfo.WindowsBuild = GetRegistryValue(WindowsCurrentVersionKey, "CurrentBuild"); info.OSVersion = osVer.GetValueOrDefault("version");
sysInfo.OSArchitecture = Environment.Is64BitOperatingSystem ? "x64" : "x86"; info.WindowsVersion = osVer.GetValueOrDefault("name");
sysInfo.ProcessorName = GetProcessorName(); info.WindowsBuild = osVer.GetValueOrDefault("build");
sysInfo.ProcessorArchitecture = Environment.Is64BitProcess ? "x64" : "x86";
sysInfo.GpuNames = GetGpuNames(); // Get proper OS name from os_version
sysInfo.TotalMemory = GetTotalMemory(); info.OSName = osVer.GetValueOrDefault("name"); // e.g., "Windows 10 Pro"
var allInterfaces = GetNetworkInterfaces(); }
sysInfo.IpAddresses = allInterfaces
.Where(i => !string.IsNullOrWhiteSpace(i.InterfaceName)) info.ProcessorName = sys.GetValueOrDefault("cpu_brand");
info.ProcessorArchitecture = sys.GetValueOrDefault("cpu_type");
// Fix OS Architecture - should be x64, x86, etc.
info.OSArchitecture = sys.GetValueOrDefault("cpu_subtype");
if (string.IsNullOrEmpty(info.OSArchitecture) || info.OSArchitecture == "-1")
{
// Fallback: determine from cpu_type or use platform info
var platform = sys.GetValueOrDefault("cpu_type");
info.OSArchitecture = platform.Contains("64") ? "x64" : "x86";
}
}
// ✅ Memory - query physical_memory table and sum up total
var memResults = OsqueryService.Query("SELECT SUM(size) as total_bytes FROM physical_memory;").FirstOrDefault();
if (memResults != null && memResults.ContainsKey("total_bytes"))
{
if (long.TryParse(memResults["total_bytes"], out long memBytes))
{
double memGB = Math.Round(memBytes / (1024.0 * 1024.0 * 1024.0), 2);
info.TotalMemory = $"{memGB} GB";
}
}
// Fallback: try WMI-based system_info table
if (string.IsNullOrEmpty(info.TotalMemory))
{
var sysInfo = OsqueryService.Query("SELECT physical_memory FROM system_info;").FirstOrDefault();
if (sysInfo != null && sysInfo.ContainsKey("physical_memory"))
{
if (long.TryParse(sysInfo["physical_memory"], out long memBytes))
{
double memGB = Math.Round(memBytes / (1024.0 * 1024.0 * 1024.0), 2);
info.TotalMemory = $"{memGB} GB";
}
}
}
// ✅ Drives
info.Drives = OsqueryService.Query("SELECT device, size, free_space, type FROM logical_drives;")
.Select(d => new DriveInfoSummary
{
Name = d.GetValueOrDefault("device"),
TotalSizeGB = d.ContainsKey("size") && double.TryParse(d["size"], out double size)
? Math.Round(size / (1024.0 * 1024.0 * 1024.0), 2) : 0,
FreeSpaceGB = d.ContainsKey("free_space") && double.TryParse(d["free_space"], out double free)
? Math.Round(free / (1024.0 * 1024.0 * 1024.0), 2) : 0,
DriveType = d.GetValueOrDefault("type")
}).ToList();
// ✅ GPU info - query registry for all GPUs
var gpuQuery = OsqueryService.Query(@"
SELECT data
FROM registry
WHERE path LIKE 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\%\DriverDesc';");
info.GpuNames = gpuQuery
.Select(g => g.GetValueOrDefault("data"))
.Where(s => !string.IsNullOrEmpty(s))
.Distinct() // Remove duplicates
.ToList(); .ToList();
sysInfo.LastBootTime = GetLastBootTime();
PopulateDriveInfo(sysInfo); // ✅ Network interfaces - IPv4 only, with better formatting
var ipResults = OsqueryService.Query(
"SELECT interface, address FROM interface_addresses WHERE address NOT LIKE '127.%' AND address NOT LIKE '%:%';");
// Populate new collections for comprehensive system information info.IpAddresses = ipResults
sysInfo.UserInstalledApplications = GetUserInstalledApplications(); .Select(i => new NetworkInterfaceInfo
sysInfo.WindowsUpdates = GetInstalledPatches(); {
sysInfo.AppXPackages = GetAppXPackages(); InterfaceName = i.GetValueOrDefault("interface"),
IpAddress = i.GetValueOrDefault("address"),
MacAddress = ""
})
.Where(ni => !string.IsNullOrEmpty(ni.IpAddress))
.ToList();
// ✅ Last boot time
info.LastBootTime = OsqueryService.Query("SELECT datetime(boot_time, 'unixepoch') AS last_boot FROM uptime;")
.FirstOrDefault()?.GetValueOrDefault("last_boot");
// ✅ Installed apps (user + system)
info.InstalledApplications = OsqueryService.Query("SELECT name, version, publisher FROM programs;")
.Select(a => new InstalledApplication
{
Name = a["name"],
Version = a["version"],
Publisher = a["publisher"]
}).ToList();
info.UserInstalledApplications = info.InstalledApplications
.Where(a => !string.IsNullOrEmpty(a.Publisher))
.ToList();
// ✅ AppX packages (Windows Store)
info.AppXPackages = OsqueryService.Query("SELECT name, version, publisher, package_id FROM appx_packages;")
.Select(p => new AppXPackage
{
Name = p["name"],
Version = p["version"],
Publisher = p["publisher"],
PackageFullName = p["package_id"]
}).ToList();
// ✅ Windows Updates (patches)
info.WindowsUpdates = OsqueryService.Query("SELECT hotfix_id, description, installed_on FROM patches;")
.Select(p => new WindowsUpdate
{
HotFixID = p["hotfix_id"],
Description = p["description"],
InstalledOn = p["installed_on"],
InstalledBy = Environment.UserName
}).ToList();
} }
catch (Exception ex) catch (Exception ex)
{ {
string logPath = Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData), "LD_SysInfo", "SysInfo_ErrorLog.txt"); File.AppendAllText("osquery_error.log", $"[{DateTime.Now}] {ex}\n");
Directory.CreateDirectory(Path.GetDirectoryName(logPath));
File.AppendAllText(logPath, $"[{DateTime.Now}] ERROR: {ex.Message}\n");
} }
return sysInfo; return info;
} }
private static void PopulateDriveInfo(SystemInfo info)
{
foreach (var drive in DriveInfo.GetDrives())
{
if (!drive.IsReady) continue;
info.Drives.Add(new DriveInfoSummary
{
Name = drive.Name,
TotalSizeGB = Math.Round(drive.TotalSize / (1024.0 * 1024 * 1024), 2),
FreeSpaceGB = Math.Round(drive.AvailableFreeSpace / (1024.0 * 1024 * 1024), 2),
DriveType = drive.DriveType.ToString()
});
}
}
private static string GetRegistryValue(string key, string valueName)
{
using RegistryKey rk = Registry.LocalMachine.OpenSubKey(key);
return rk?.GetValue(valueName)?.ToString();
}
private static string GetOSFriendlyName()
{
string productName = GetRegistryValue(WindowsCurrentVersionKey, "ProductName");
string build = GetRegistryValue(WindowsCurrentVersionKey, "CurrentBuild");
if (int.TryParse(build, out int buildNumber) && buildNumber >= 22000)
return "Windows 11 Pro";
return productName ?? "Unknown OS";
}
private static string GetProcessorName()
{
const string key = @"HARDWARE\DESCRIPTION\System\CentralProcessor\0";
return GetRegistryValue(key, "ProcessorNameString");
}
private static List<string> GetGpuNames()
{
var gpuNames = new List<string>();
try
{
using var searcher = new ManagementObjectSearcher("SELECT Name FROM Win32_VideoController");
foreach (var obj in searcher.Get())
{
string name = obj["Name"]?.ToString();
if (!string.IsNullOrEmpty(name))
{
gpuNames.Add(name);
}
}
}
catch (Exception ex)
{
gpuNames.Add($"Error: {ex.Message}");
}
return gpuNames;
}
private static string GetTotalMemory()
{
try
{
using var searcher = new ManagementObjectSearcher("SELECT TotalPhysicalMemory FROM Win32_ComputerSystem");
foreach (var obj in searcher.Get())
{
long bytes = Convert.ToInt64(obj["TotalPhysicalMemory"]);
return $"{bytes / (1024 * 1024)} MB";
}
}
catch { }
return null;
}
private static List<NetworkInterfaceInfo> GetNetworkInterfaces()
{
var interfaces = new List<NetworkInterfaceInfo>();
try
{
foreach (var adapter in NetworkInterface.GetAllNetworkInterfaces())
{
if (adapter.OperationalStatus != OperationalStatus.Up) continue;
var ip = adapter.GetIPProperties().UnicastAddresses
.FirstOrDefault(a => a.Address.AddressFamily == System.Net.Sockets.AddressFamily.InterNetwork);
var mac = adapter.GetPhysicalAddress();
var macAddress = mac?.GetAddressBytes().Length > 0
? string.Join(":", mac.GetAddressBytes().Select(b => b.ToString("X2")))
: null;
if (ip != null || macAddress != null)
{
interfaces.Add(new NetworkInterfaceInfo
{
InterfaceName = adapter.Name,
IpAddress = ip?.Address.ToString(),
MacAddress = macAddress
});
}
}
}
catch (Exception ex)
{
Console.WriteLine($"❌ Failed to gather network interfaces: {ex.Message}");
}
return interfaces;
}
private static string GetLastBootTime()
{
try
{
using var searcher = new ManagementObjectSearcher("SELECT LastBootUpTime FROM Win32_OperatingSystem WHERE Primary='true'");
foreach (var obj in searcher.Get())
{
string lastBoot = obj["LastBootUpTime"]?.ToString();
// Convert to local time and ensure timezone info is preserved
DateTime localBootTime = ManagementDateTimeConverter.ToDateTime(lastBoot);
// Use DateTimeOffset to ensure timezone information is included
DateTimeOffset bootTimeWithZone = new DateTimeOffset(localBootTime, TimeZoneInfo.Local.GetUtcOffset(localBootTime));
return bootTimeWithZone.ToString("o");
}
}
catch { }
return null;
}
public static List<InstalledApplication> GetInstalledApplicationsFromRegistry()
{
var applications = new List<InstalledApplication>();
string[] registryKeys = {
@"SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall",
@"SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall"
};
foreach (string key in registryKeys)
{
using var regKey = Registry.LocalMachine.OpenSubKey(key);
if (regKey == null) continue;
foreach (string subKeyName in regKey.GetSubKeyNames())
{
using var subKey = regKey.OpenSubKey(subKeyName);
string name = subKey?.GetValue("DisplayName")?.ToString();
if (!string.IsNullOrWhiteSpace(name))
{
applications.Add(new InstalledApplication
{
Name = name,
Version = subKey?.GetValue("DisplayVersion")?.ToString(),
Publisher = subKey?.GetValue("Publisher")?.ToString()
});
}
}
}
return applications;
}
/// <summary>
/// Gets user-context installed applications from HKEY_CURRENT_USER registry.
/// </summary>
public static List<InstalledApplication> GetUserInstalledApplications()
{
var applications = new List<InstalledApplication>();
string registryKey = @"Software\Microsoft\Windows\CurrentVersion\Uninstall";
try
{
using var regKey = Registry.CurrentUser.OpenSubKey(registryKey);
if (regKey == null) return applications;
foreach (string subKeyName in regKey.GetSubKeyNames())
{
using var subKey = regKey.OpenSubKey(subKeyName);
string name = subKey?.GetValue("DisplayName")?.ToString();
if (!string.IsNullOrWhiteSpace(name))
{
applications.Add(new InstalledApplication
{
Name = name,
Version = subKey?.GetValue("DisplayVersion")?.ToString(),
Publisher = subKey?.GetValue("Publisher")?.ToString()
});
}
}
}
catch (Exception ex)
{
Console.WriteLine($"❌ Failed to gather user-installed applications: {ex.Message}");
}
return applications;
}
/// <summary>
/// Gets Windows Updates and patches installed on the system using WMI.
/// </summary>
public static List<WindowsUpdate> GetInstalledPatches()
{
var patches = new List<WindowsUpdate>();
try
{
using var searcher = new ManagementObjectSearcher(
"SELECT HotFixID, Description, InstalledOn, InstalledBy FROM Win32_QuickFixEngineering");
foreach (var obj in searcher.Get())
{
patches.Add(new WindowsUpdate
{
HotFixID = obj["HotFixID"]?.ToString(),
Description = obj["Description"]?.ToString(),
InstalledOn = obj["InstalledOn"]?.ToString(),
InstalledBy = obj["InstalledBy"]?.ToString()
});
}
}
catch (Exception ex)
{
Console.WriteLine($"❌ Failed to gather Windows Updates: {ex.Message}");
}
return patches;
}
/// <summary>
/// Gets Windows Store (AppX) packages installed on the system using WMI.
/// Note: This may require elevated permissions for complete results.
/// </summary>
public static List<AppXPackage> GetAppXPackages()
{
var packages = new List<AppXPackage>();
try
{
// Try using Win32_InstalledStoreProgram (Windows 10+)
using var searcher = new ManagementObjectSearcher(
"SELECT Name, Version, Publisher FROM Win32_InstalledStoreProgram");
foreach (var obj in searcher.Get())
{
var name = obj["Name"]?.ToString();
if (!string.IsNullOrWhiteSpace(name))
{
packages.Add(new AppXPackage
{
Name = name,
Version = obj["Version"]?.ToString(),
Publisher = obj["Publisher"]?.ToString(),
PackageFullName = name // Win32_InstalledStoreProgram doesn't provide PackageFullName
});
}
}
}
catch (Exception ex)
{
Console.WriteLine($"❌ Failed to gather AppX packages: {ex.Message}");
}
return packages;
}
/// <summary>
/// Checks if a specific Windows Update patch is installed on the system.
/// </summary>
/// <param name="kbNumber">The KB number to check (e.g., "KB5034441")</param>
/// <returns>True if the patch is installed, false otherwise</returns>
public static bool IsPatchInstalled(string kbNumber)
{
if (string.IsNullOrWhiteSpace(kbNumber))
return false;
try
{
// Normalize KB number format
string normalizedKB = kbNumber.ToUpper().Trim();
if (!normalizedKB.StartsWith("KB"))
normalizedKB = "KB" + normalizedKB;
using var searcher = new ManagementObjectSearcher(
$"SELECT HotFixID FROM Win32_QuickFixEngineering WHERE HotFixID = '{normalizedKB}'");
return searcher.Get().Count > 0;
}
catch (Exception ex)
{
Console.WriteLine($"❌ Failed to check patch {kbNumber}: {ex.Message}");
return false;
}
}
} }
} }

1
deps/osquery vendored Submodule

Submodule deps/osquery added at e8f154ef31