Esempio n. 1
0
 public void actionPerformed(AnActionEvent e) {
   final RegistryValue rv = myModel.getRegistryValue(myTable.getSelectedRow());
   rv.resetToDefault();
   myModel.fireTableCellUpdated(myTable.getSelectedRow(), 0);
   myModel.fireTableCellUpdated(myTable.getSelectedRow(), 1);
   myModel.fireTableCellUpdated(myTable.getSelectedRow(), 2);
   revaliateActions();
 }
Esempio n. 2
0
    @Override
    public void update(AnActionEvent e) {
      e.getPresentation().setEnabled(!myTable.isEditing() && myTable.getSelectedRow() >= 0);
      e.getPresentation().setText("Revert to Default");
      e.getPresentation().setIcon(IconLoader.getIcon("/general/remove.png"));

      if (e.getPresentation().isEnabled()) {
        final RegistryValue rv = myModel.getRegistryValue(myTable.getSelectedRow());
        e.getPresentation().setEnabled(rv.isChangedFromDefault());
      }
    }
Esempio n. 3
0
 @Override
 public boolean stopCellEditing() {
   if (myValue != null) {
     if (myValue.isBoolean()) {
       myValue.setValue(myCheckBox.isSelected());
     } else {
       myValue.setValue(myField.getText().trim());
     }
   }
   revaliateActions();
   return super.stopCellEditing();
 }
Esempio n. 4
0
 public Object getValueAt(int rowIndex, int columnIndex) {
   RegistryValue value = getRegistryValue(rowIndex);
   switch (columnIndex) {
     case 0:
       return "";
     case 1:
       return value.getKey();
     case 2:
       return value.asString();
     default:
       return value;
   }
 }
    @NotNull
    @Override
    public Component getTableCellRendererComponent(
        @NotNull JTable table,
        Object value,
        boolean isSelected,
        boolean hasFocus,
        int row,
        int column) {
      final RegistryValue v = ((MyTableModel) table.getModel()).getRegistryValue(row);
      myLabel.setIcon(null);
      myLabel.setText(null);
      myLabel.setHorizontalAlignment(SwingConstants.LEFT);
      Color fg = isSelected ? table.getSelectionForeground() : table.getForeground();
      Color bg = isSelected ? table.getSelectionBackground() : table.getBackground();

      if (v != null) {
        switch (column) {
          case 0:
            myLabel.setIcon(v.isRestartRequired() ? RESTART_ICON : null);
            myLabel.setHorizontalAlignment(SwingConstants.CENTER);
            break;
          case 1:
            myLabel.setText(v.getKey());
            break;
          case 2:
            if (v.asColor(null) != null) {
              myLabel.setIcon(createColoredIcon(v.asColor(null)));
            } else if (v.isBoolean()) {
              final JCheckBox box = new JCheckBox();
              box.setSelected(v.asBoolean());
              box.setBackground(bg);
              return box;
            } else {
              myLabel.setText(v.asString());
            }
        }

        myLabel.setOpaque(true);

        myLabel.setFont(
            myLabel.getFont().deriveFont(v.isChangedFromDefault() ? Font.BOLD : Font.PLAIN));
        myLabel.setForeground(fg);
        myLabel.setBackground(bg);
      }

      return myLabel;
    }
Esempio n. 6
0
 @Nullable
 public Component getTableCellEditorComponent(
     JTable table, Object value, boolean isSelected, int row, int column) {
   myValue = ((MyTableModel) table.getModel()).getRegistryValue(row);
   if (myValue.asColor(null) != null) {
     final Color color =
         ColorChooser.chooseColor(
             table, "Choose color", ((RegistryValue) value).asColor(Color.WHITE));
     if (color != null) {
       myValue.setValue(color.getRed() + "," + color.getGreen() + "," + color.getBlue());
     }
     return null;
   } else if (myValue.isBoolean()) {
     myCheckBox.setSelected(myValue.asBoolean());
     myCheckBox.setBackground(table.getBackground());
     return myCheckBox;
   } else {
     myField.setText(myValue.asString());
     myField.setBorder(null);
     myField.selectAll();
     return myField;
   }
 }
Esempio n. 7
0
  /**
   * Test the Registry object against one registry file.
   *
   * @param a_regInfo The registry file
   * @return Result of the test
   */
  private ObservableResult testRegistryFile(RegistryFileInfo a_regInfo) {
    try {
      RegistryKey root = openRegistry(a_regInfo.tempFileName);
      RegistryKey result = findKey(root, obj.getKey().getValue().toString());

      if (result == null) {

        // Take another shot looking for the key minus the first part of the path (sometimes the
        // hive file name is here). This should only happen if the hive name started
        // with "HKEY"
        if ((obj.getHive() != null)
            && obj.getHive().getValue().toString().startsWith("HKEY")) { // NON-NLS
          String[] parts = obj.getKey().getValue().toString().split("\\\\");
          String newKey = "";
          for (int i = 1; i < parts.length; i++) {
            if (newKey.length() > 0) {
              newKey += "\\";
            }
            newKey += parts[i];
          }
          result = findKey(root, newKey);
        }

        if (result == null) {
          return new ObservableResult(
              id,
              "RegistryObject: Could not find key " + obj.getKey().getValue(), // NON-NLS
              spacing,
              ObservableResult.ObservableState.FALSE,
              null);
        }
      }

      if ((obj.getValues() == null) || (obj.getValues().getValues().isEmpty())) {
        // No values to test
        List<StixArtifactData> artData = new ArrayList<StixArtifactData>();
        artData.add(
            new StixArtifactData(a_regInfo.abstractFile.getId(), id, "Registry")); // NON-NLS
        return new ObservableResult(
            id,
            "RegistryObject: Found key " + obj.getKey().getValue(), // NON-NLS
            spacing,
            ObservableResult.ObservableState.TRUE,
            artData);
      }

      // Test all the values
      for (org.mitre.cybox.objects.RegistryValueType stixRegValue : obj.getValues().getValues()) {
        try {
          for (RegistryValue valFromFile : result.getValueList()) {

            // Test if the name field matches (if present)
            boolean nameSuccess = true; // True if the name matches or isn't present
            if (stixRegValue.getName() != null) {
              try {
                nameSuccess = compareStringObject(stixRegValue.getName(), valFromFile.getName());
              } catch (UnsupportedEncodingException ex) {
                nameSuccess = false;
              }
            }

            boolean valueSuccess = true;
            if (nameSuccess && (stixRegValue.getData() != null)) {
              switch (valFromFile.getValueType()) {
                case REG_SZ:
                case REG_EXPAND_SZ:
                  try {
                    valueSuccess =
                        compareStringObject(
                            stixRegValue.getData(), valFromFile.getValue().getAsString());
                  } catch (UnsupportedEncodingException ex) {
                    valueSuccess = false;
                  }
                  break;
                case REG_DWORD:
                case REG_BIG_ENDIAN:
                case REG_QWORD:

                  // Only support "equals" for now.
                  if ((stixRegValue.getData().getCondition() == null)
                      || (stixRegValue.getData().getCondition() == ConditionTypeEnum.EQUALS)) {

                    // Try to convert the STIX string to a long
                    try {
                      long stixValue = Long.decode(stixRegValue.getData().getValue().toString());

                      try {
                        valueSuccess = (stixValue == valFromFile.getValue().getAsNumber());
                      } catch (UnsupportedEncodingException ex) {
                        valueSuccess = false;
                      }
                    } catch (NumberFormatException ex) {
                      // We probably weren't looking at a numeric field to begin with,
                      // so getting this exception isn't really an error.
                      valueSuccess = false;
                    }
                  } else {
                    valueSuccess = false;
                  }

                  break;
                default:
                  // Nothing to do here. These are the types we don't handle:
                  // REG_BIN, REG_FULL_RESOURCE_DESCRIPTOR, REG_LINK, REG_MULTI_SZ, REG_NONE,
                  // REG_RESOURCE_LIST, REG_RESOURCE_REQUIREMENTS_LIST
              }
            }

            if (nameSuccess && valueSuccess) {
              // Found a match for all values
              List<StixArtifactData> artData = new ArrayList<StixArtifactData>();
              artData.add(
                  new StixArtifactData(a_regInfo.abstractFile.getId(), id, "Registry")); // NON-NLS
              return new ObservableResult(
                  id,
                  "RegistryObject: Found key "
                      + obj.getKey().getValue() // NON-NLS
                      + " and value "
                      + stixRegValue.getName().getValue().toString() // NON-NLS
                      + " = "
                      + stixRegValue.getData().getValue().toString(),
                  spacing,
                  ObservableResult.ObservableState.TRUE,
                  artData);
            }
          }
        } catch (Exception ex) {
          // Broad catch here becase the registry parser can create all kinds of exceptions beyond
          // what it reports.
          return new ObservableResult(
              id,
              "RegistryObject: Exception during evaluation: " + ex.getLocalizedMessage(), // NON-NLS
              spacing,
              ObservableResult.ObservableState.INDETERMINATE,
              null);
        }
      }
    } catch (TskCoreException ex) {
      return new ObservableResult(
          id,
          "RegistryObject: Exception during evaluation: " + ex.getLocalizedMessage(), // NON-NLS
          spacing,
          ObservableResult.ObservableState.INDETERMINATE,
          null);
    }

    return new ObservableResult(
        id,
        "RegistryObject: Not done", // NON-NLS
        spacing,
        ObservableResult.ObservableState.INDETERMINATE,
        null);
  }