Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix issues with parsing of Service binary paths #14

Closed
wants to merge 1 commit into from
Closed

Fix issues with parsing of Service binary paths #14

wants to merge 1 commit into from

Conversation

OJ
Copy link

@OJ OJ commented Sep 17, 2018

Seatbelt parses and enumerates services via WMI, and attempts to pull information out of the binaries that the service points to. There were a few issues with the approach that was taken:

  • It didn't cover cases where service paths were quoted or had spaces (such as Motorola's Bluetooh OBEX Service).
  • It didn't handle cases where service binaries didn't have an extension (such as Carbon Black's Sensor agent).
  • It didn't seem to correctly handle arguments passed to the service.
  • When errors were encountered while parsing the file information, there was no try/catch around a single case, and hence the entire service parsing loop was exited (resulting in the rest of the services not being enumerated).

This PR attempts to fix this problem. It should handle quoted service paths, files without extensions, and cases where arguments are passed to the service exe.

There are some thorough comments on the approach in the code, but basically it does the following:

  1. Assumes that if a quote exists it's in the binary path, and makes use of that assumption, by taking what's after the first quote (based on a simple split). This might fail if the service binary isn't quoted, but an argument is quoted.
  2. Assumes from there that anything before the first space is the target binary.
  3. Catches the exception in the file version info call so that we don't bail on the whole loop.

This approach makes it work in the cases I saw breakages on a recent machine I ran it on.

Thoughts and feedback welcome. Thanks!

@OJ
Fix issues with parsing of Service binary paths
a442ff5 
Seatbelt parses and enumerates services via WMI, and attempts to pull information out of the binaries that the service points to. There were a few issues with the approach that was taken:

* It didn't cover cases where service paths were quoted or had spaces (such as Motorola's Bluetooh OBEX Service).
* It didn't handle cases where service binaries didn't have an extension (such as Carbon Black's Sensor agent).
* It didn't seem to correctly handle arguments passed to the service.
* When errors were encountered while parsing the file information, there was no try/catch around a single case, and hence the entire service parsing loop was exited (resulting in the rest of the services not being enumerated).

This PR attempts to fix this problem. It should handle quoted service paths, files without extensions, and cases where arguments are passed to the service exe.

Thoughts and feedback welcome. Thanks!
@OJ
Copy link
Author

OJ commented Sep 27, 2018

BUMP!

@leechristensen
Copy link
Member

Tracking and has been added into the rearchitected version. Should have the new release out within a week :)

@OJ
Copy link
Author

OJ commented Sep 28, 2018

Rearchitected version?

@mark-s mark-s mentioned this pull request Oct 20, 2018
Closed
@OJ OJ closed this Feb 7, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@OJ @leechristensen