pkhazov/Sigma-C2
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
88e433a3d315ad1c3e388fef02d29c0b6f7e8948
Sigma-C2/agent/info.c

130 lines
4.3 KiB
C
Raw Blame History

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <windows.h>
#include <iphlpapi.h>
#include "transport.h"
#define SYSINFO_METHOD_REGISTRY TRUE // TRUE = use registry method, FALSE = use systeminfo cmd
void CollectSystemInfo(char *osVersion, char *architecture, char *hostname, char *username, char *localIP, char* procname, unsigned long* pid) {
#ifdef SYSINFO_METHOD_REGISTRY
#if SYSINFO_METHOD_REGISTRY == TRUE
// OS Version registry method
HKEY hKey;
DWORD bufferSize = 256;
char tempOSName[256] = "Unknown OS Name";
char tempOSVersion[256] = "Unknown OS Version";
char tempCurrentBuild[256] = "Unknown Current Build";
// Open the registry key
if (RegOpenKeyExA(HKEY_LOCAL_MACHINE, "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion", 0, KEY_READ, &hKey) == ERROR_SUCCESS) {
// Get ProductName (OS Name)
bufferSize = sizeof(tempOSName);
if (RegQueryValueExA(hKey, "ProductName", NULL, NULL, (LPBYTE)tempOSName, &bufferSize) != ERROR_SUCCESS) {
strcpy(tempOSName, "Unknown OS Name");
}
// Get DisplayVersion (OS Version)
bufferSize = sizeof(tempOSVersion);
if (RegQueryValueExA(hKey, "DisplayVersion", NULL, NULL, (LPBYTE)tempOSVersion, &bufferSize) != ERROR_SUCCESS) {
strcpy(tempOSVersion, "Unknown OS Version");
}
// Get CurrentBuild (sometimes different from BuildNumber)
bufferSize = sizeof(tempCurrentBuild);
if (RegQueryValueExA(hKey, "CurrentBuild", NULL, NULL, (LPBYTE)tempCurrentBuild, &bufferSize) != ERROR_SUCCESS) {
strcpy(tempCurrentBuild, "Unknown Current Build");
}
RegCloseKey(hKey);
// Format the complete version string
snprintf(osVersion, 256, "%s (Version %s) Build %s", tempOSName, tempOSVersion, tempCurrentBuild);
}
else {
strcpy(osVersion, "Unknown OS");
}
#endif
#endif
#ifdef SYSINFO_METHOD_REGISTRY
#if SYSINFO_METHOD_REGISTRY == FALSE
// OS Version CMD method
FILE *fp;
char buffer[512];
char command[] = "systeminfo | findstr /B /C:\"OS Name\" /C:\"OS Version\"";
char tempOSName[128] = "Unknown OS Name";
char tempOSVersion[128] = "Unknown OS Version";
fp = _popen(command, "r");
if (fp == NULL) {
fprintf(stderr, "Failed to run command.\n");
strcpy(osVersion, "Unknown OS");
} else {
while (fgets(buffer, sizeof(buffer), fp) != NULL) {
if (strstr(buffer, "OS Name:")) {
sscanf(buffer, "OS Name: %[^\n]", tempOSName);
} else if (strstr(buffer, "OS Version:")) {
sscanf(buffer, "OS Version: %[^\n]", tempOSVersion);
}
}
_pclose(fp);
snprintf(osVersion, 256, "%s %s", tempOSName, tempOSVersion);
printf("tempOSName: %s\n", tempOSName);
printf("tempOSVersion: %s\n", tempOSVersion);
}
#endif
#endif
// Get PID and name
strncpy(procname, _pgmptr, 128);
procname[127] = '\0'; // Ensure null termination
*pid = GetCurrentProcessId();
printf("Proc name: %s\n", procname);
printf("PID: %lu\n", *pid);
// Architecture
SYSTEM_INFO sysInfo;
GetSystemInfo(&sysInfo);
switch(sysInfo.wProcessorArchitecture) {
case PROCESSOR_ARCHITECTURE_AMD64:
strcpy(architecture, "x64");
break;
case PROCESSOR_ARCHITECTURE_INTEL:
strcpy(architecture, "x86");
break;
case PROCESSOR_ARCHITECTURE_ARM64:
strcpy(architecture, "ARM64");
break;
default:
strcpy(architecture, "Unknown");
}
// Hostname
DWORD hostnameLen = 128;
GetComputerNameA(hostname, &hostnameLen);
// Username
DWORD usernameLen = 128;
GetUserNameA(username, &usernameLen);
// Local IP (first non-loopback)
ULONG outBufLen = 0;
GetAdaptersInfo(NULL, &outBufLen);
PIP_ADAPTER_INFO pAdapterInfo = malloc(outBufLen);
GetAdaptersInfo(pAdapterInfo, &outBufLen);
strcpy(localIP, "Unknown");
for (PIP_ADAPTER_INFO pAdapter = pAdapterInfo; pAdapter; pAdapter = pAdapter->Next) {
if (strcmp(pAdapter->IpAddressList.IpAddress.String, "127.0.0.1") != 0) {
strcpy(localIP, pAdapter->IpAddressList.IpAddress.String);
break;
}
}
free(pAdapterInfo);
}
Reference in New Issue View Git Blame Copy Permalink