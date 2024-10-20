Another 4104 Powershell script:

$sb = New-Object System.Text.StringBuilder $textToEscape.Length;

for($i=0; $i -lt $textToEscape.Length; $i++)

{

$curChar = $textToEscape[$i];

if($curChar -eq '

')

{

$null = $sb.Append("\par");

}

elseif(($curChar -lt 0x20) -or ($curChar -eq '{') -or ($curChar -eq '}') -or ($curChar -eq '\\'))

{

$null = $sb.Append("\'");

$null = $sb.Append(([int]$curChar).ToString("X2", [System.Globalization.CultureInfo]::InvariantCulture));

}

elseif($curChar -lt 0x80)

{

$null = $sb.Append($curChar);

}

else

{

$null = $sb.Append("\u");

$null = $sb.Append(([int]$curChar).ToString([System.Globalization.CultureInfo]::InvariantCulture));

$null = $sb.Append('?');

}

}

return $sb.ToString();

}

function IsValidURL($URL)

{

&{

$uri = [System.URI]($URL);

$scheme = $uri.scheme;

if(($scheme -eq "http" ) -or ($scheme -eq "https") -or ($scheme -eq "ftp"))

{

return $uri.ToString();

}

else

{

return $null;

}

}

trap [Exception]

{

return $null;

}

}

function GetDefaultBrowser()

{

[string]$assocString = $null

$dll = "NetworkDiagnosticSnapIn.dll"

try

{

RegSnapin $dll



$assocString = [Microsoft.Windows.Diagnosis.Network.AssociationInfo]::GetAssociation("http","open");

trap [Exception]

{

$assocString = $null;

}

}

finally

{

UnregSnapin $dll

}

return $assocString;

}

function GetWebNDFIncidentData($URL, $DefaultConnectivity)

{

#build entry point parameters

$haXML = "<HelperAttributes><HelperAttribute><Name>URL</Name><Type>AT_STRING</Type><Value><![CDATA[" + $URL + "]]></Value></HelperAttribute>"

if($DefaultConnectivity)

{

#sqm explorer as the client rather than sdiaghost.exe

$haXML += "<HelperAttribute><Name>NDFSQMCallerApplication</Name><Type>AT_STRING</Type><Value>Windows\Explorer.EXE</Value></HelperAttribute>"

$defaultBrowser = GetDefaultBrowser;

if($defaultBrowser)

{

$haXML += "<HelperAttribute><Name>AppID</Name><Type>AT_STRING</Type><Value>"+ $defaultBrowser + "</Value></HelperAttribute>"

}

}

$haXML += "</HelperAttributes>"

return @{"HelperClassName" = "WinInetHelperClass"; "HelperAttributes" =$haXML}

}

function GetValidURL($CandidateURL)

{

$toReturn = $null

$url = IsValidURL $CandidateURL

if($url -eq $null)

{

if($CandidateURL.IndexOf("://") -eq -1)

{

$updatedURL = "http://" + $CandidateURL

$url = IsValidURL $updatedURL

if($url)

{

$toReturn = $url

}

}

}

else

{

$toReturn = $url

}

return $toReturn

}

function GetErrorRTF($Description, $Error)

{

$escapedDesc = EscapeForRTF $Description;

$escapedError = EscapeForRTF $Error;

$rtf = LoadResourceString($ERROR_MSG_RTF_RESOURCE);

return $rtf.Replace("%DESC%", $escapedDesc).Replace("%ERROR%", $escapedError);

}

function WebEntry()

{

$IT_WebChoice = Get-DiagInput -ID "IT_WebChoice"

if($IT_WebChoice -eq $null)

{

#Failed retriving Web Choice

return $null

}

$IT_URL = $DefaultDiagURL

if(!($IT_WebChoice -eq "Internet"))

{

$IT_URL = Get-DiagInput -ID "IT_URL"

if($IT_URL -eq $null) {

#Failed retriving URL

return $null

}

#verify that it is a valid URL

$validURL = GetValidURL $IT_URL[0]

while($validURL -eq $null)

{

#build the RTF text

$replacedError = [System.String]::Format([System.Globalization.CultureInfo]::InvariantCulture, $localizationString.interaction_InvalidURL_FormatError, $IT_URL[0]);

$RTFText = GetErrorRTF ($localizationString.interaction_InvalidURL_Desc) ($replacedError);

#reprompt for input

$IT_URL = Get-DiagInput -ID "IT_Invalid_URL" -p @{"URL" = $IT_URL; "RTFText" = $RTFText}

if($IT_URL -eq $null) {

#Failed retriving URL

return $null

}

$validURL = GetValidURL $IT_URL[0]

}

}

return GetWebNDFIncidentData $validURL $false

}

function IsUNCFormat($UNC)

{

&{

$uri = [System.URI]($UNC);

$scheme = $uri.scheme;

if(($scheme -eq "file" ))

{

if($uri.IsUnc)

{

return $uri.LocalPath;

}

}

return $null;

}

trap [Exception]

{

return $null;

}

}

#function assumes passed in UNC is in \\host\share form (share can be missing)

function ContainsInvalidUNCChars($UNC)

{

&{

#will return an exception if the string has invalid characters

$ignoreResult = [System.IO.Path]::IsPathRooted($UNC)

#check the path for invalid characters

#remove the starting slashes

$tmp = $UNC.Substring(2)

$nextSlash = $tmp.IndexOf("\")

if(($nextSlash -lt 0) -or ($nextSlash -eq ($nextSlash.Length - 1)))

{

#string only contains hostname

#hostname is already validated in IsUNCFormat function

return $false

}

#remove host and backslash after host

$UNCPath = $tmp.Substring($nextSlash+1)

#under certain circumstances some of these make it through the above check

#so we do a direct sanity check here

if(!($UNCPath.IndexOfAny(@('/',':','*','?','"','<','>','|')) -eq -1))

{

return $true;

}

return $false;

}

trap [Exception]

{

return $true;

}

}

function GetValidUNC($CandidateUNC)

{

$toReturn = $null

#is it valid

$unc = IsUNCFormat $CandidateUNC

if($unc)

{

$invalidChars = ContainsInvalidUNCChars $unc

if($invalidChars)

{

$toReturn = -1;

}

else

{

$toReturn = $unc

}

}

return $toReturn;

}



function GetUNCNDFIncidentData($UNC)

{

#build entry point parameters

$haXML = "<HelperAttributes><HelperAttribute><Name>UNCPath</Name><Type>AT_STRING</Type><Value><![CDATA[" + $UNC + "]]></Value></HelperAttribute></HelperAttributes>"

return @{"HelperClassName" = "SMBHelperClass"; "HelperAttributes" =$haXML}

}

function FileSharingEntry()

{

$IT_UNC = Get-DiagInput -ID "IT_UNC"

if($IT_UNC -eq $null) {

#Failed retriving UNC path

return $null

}

#assign input to non-array variable to facilitate usage and transform

$validUNC = GetValidUNC $IT_UNC[0]

while((!$validUNC) -or ($validUNC -eq -1))

{

#build the RTF text

#use original entry for re-prompt even though "file://" UNC may have been transformed

$replacedError = "";

if(!$validUNC)

{

$replacedError = [System.String]::Format([System.Globalization.CultureInfo]::InvariantCulture, $localizationString.interaction_InvalidUNC_FormatError, $IT_UNC[0]);

}

else

{

$replacedError = [System.String]::Format([System.Globalization.CultureInfo]::InvariantCulture, $localizationString.interaction_InvalidUNC_CharError, $IT_UNC[0]);

}

$RTFText = GetErrorRTF ($localizationString.interaction_InvalidUNC_Desc) ($replacedError);

#reprompt for input

$IT_UNC = Get-DiagInput -ID "IT_Invalid_UNC" -p @{"UNC" = $IT_UNC; "RTFText" = $RTFText}

if($IT_UNC -eq $null) {

#Failed retriving UNC path

return $null

}

$validUNC = GetValidUNC $IT_UNC[0]

}

return GetUNCNDFIncidentData $validUNC

}

function NetworkAdapterEntry()

{

#enumerate interfaces to build options list

$interfaces = get-wmiobject -class Win32_NetworkAdapter

#hash table with options

$optionList = @()

foreach($curInterface in $interfaces)

{

if($curInterface.GUID -ne $null)

{

$curHash = @{"Name"=$curInterface.NetConnectionID}

$curHash += @{"Description"=$curInterface.NetConnectionID}

$curHash += @{"Value"=$curInterface.GUID}

$optionList += @($curHash)

}

}

if($optionList.Count -gt 1)

{

#add zero guid entry to check all interfaces

$optionList += @(@{"Name"=$localizationString.interaction_AllAdapters; "Description"=$localizationString.interaction_AllAdapters; "Value"="{00000000-0000-0000-0000-000000000000}"; "ExtensionPoint"="<Default />"})

#get interface selection from user

$IT_NetworkAdapter = Get-DiagInput -ID "IT_NetworkAdapter" -c $optionList

if($IT_NetworkAdapter -eq $null) {

throw "Failed retriving Network Connetion ID from user"

}

}

elseif($optionList.Count -eq 1)

{

$IT_NetworkAdapter = $optionList[0]["Value"]

}

else

{

#No NICs, do zero GUID diag

$IT_NetworkAdapter = "{00000000-0000-0000-0000-000000000000}"

}

#build entry point parameters

$haXML = "<HelperAttributes><HelperAttribute><Name>guid</Name><Type>AT_GUID</Type><Value>" + $IT_NetworkAdapter + "</Value></HelperAttribute></HelperAttributes>"

return @{"HelperClassName" = "NetConnection"; "HelperAttributes" =$haXML}

}

function WinsockEntry()

{

$IT_RemoteAddress = Get-DiagInput -ID "IT_RemoteAddress"

if($IT_RemoteAddress -eq $null -or $IT_RemoteAddress[0].Length -eq 0) {

#Failed retriving Remote Address

return $null

}

$IT_Protocol = Get-DiagInput -ID "IT_Protocol"

if($IT_Protocol -eq $null -or $IT_Protocol[0].Length -eq 0) {

#Failed retriving Remote Port

return $null

}

$IT_ApplicationID = Get-DiagInput -ID "IT_ApplicationID"

if($IT_ApplicationID -eq $null -or $IT_ApplicationID[0].Length -eq 0) {

#Failed retriving Application ID

return $null

}

#build entry point parameters

$haXML = "<HelperAttributes><HelperAttribute><Name>remoteaddr</Name><Type>AT_SOCKADDR</Type><Value>" + $IT_RemoteAddress + "</Value></HelperAttribute>";

$haXML += "<HelperAttribute><Name>protocol</Name><Type>AT_UINT32</Type><Value>" + $IT_Protocol + "</Value></HelperAttribute>";

$haXML += "<HelperAttribute><Name>localaddr</Name><Type>AT_SOCKADDR</Type><Value>0.0.0.0</Value></HelperAttribute>";

$haXML += "<HelperAttribute><Name>appid</Name><Type>AT_STRING</Type><Value>" + $IT_ApplicationID + "</Value></HelperAttribute>";

$haXML += "</HelperAttributes>";

return @{"HelperClassName" = "Winsock"; "HelperAttributes" =$haXML}

}

function GroupingEntry()

{

$IT_GroupName = Get-DiagInput -ID "IT_GroupName"

if($IT_GroupName -eq $null -or $IT_GroupName[0].Length -eq 0) {

#Failed retriving Remote Address

return $null

}

#build entry point parameters

$haXML = "<HelperAttributes><HelperAttribute><Name>groupname</Name><Type>AT_STRING</Type><Value>" + $IT_GroupName + "</Value></HelperAttribute></HelperAttributes>"

return @{"HelperClassName" = "GroupingHelperClass"; "HelperAttributes" =$haXML}

}

function GetValidExePath($File)

{

&{

$uri = [System.URI]($File);

$scheme = $uri.scheme;

if(($scheme -eq "file" ))

{

#make sure it send in .exe

if($File.ToLower().IndexOf(".exe") -eq ($File.Length - 4))

{

return $File;

}

}

return $null;

}

trap [Exception]

{

return $null;

}

}

function InboundEntry()

{

$staticOptionRes = @($INBOUND_FILESHARE_RESOURCE, $INBOUND_REMOTEDESKTOP_RESOURCE, $INBOUND_DISCOVERY_RESOURCE)

$staticOptions = @($INBOUND_FILESHARE_PARAM, $INBOUND_REMOTEDESKTOP_PARAM, $INBOUND_DISCOVERY_PARAM)

# If defined for the corresponding option, the item will be filtered out if the current sku matches anything in the list

# Sku values as defined in the OperatingSystemSKU property of Win32_OperatingSystem

$SKUFilters = @($null, @(2,3,5,11), $null)

#get the SKU, to filter out inappropriate static options

$SKUObject = get-wmiobject -class Win32_OperatingSystem -property "OperatingSystemSKU"

$SKU = $SKUObject.OperatingSystemSKU

$optionList = @()

$curOptionIndex = 0

for($curStaticOption = 0; $curStaticOption -lt $staticOptions.Length; $curStaticOption++)

{

$SKUFilter = $SKUFilters[$curStaticOption]

if($SKUFilter)

{

if($SKUFilter -contains $SKU)

{

#should filter out this option from the list because it is not present in the SKU

continue;

}

}

$curApp = LoadResourceString($staticOptionRes[$curStaticOption])

$curHash = @{}

$curHash.Add("Name",$curApp)

$curHash.Add("Value",$curOptionIndex)

$curHash.Add("Description",$curApp)

$curHash.Add("HelperAttributeName","serviceid")

$curHash.Add("HelperAttributeValue",$staticOptions[$curStaticOption])

$optionList += $curHash

$curOptionIndex++

}

#add dynamic options (do not fail if call fails)

$script:ExpectingException = $true



$dll = "NetworkDiagnosticSnapIn.dll"

try

{

RegSnapin $dll



$droppedApps = [Microsoft.Windows.Diagnosis.Network.FirewallApi.ManagedMethods]::GetDiagnosticAppInfo()

$script:ExpectingException = $false

if($droppedApps)

{

foreach($droppedApp in $droppedApps)

{

#omit svchosts since we cannot display a friendly name for them

if($droppedApp.Path.IndexOf("svchost") -eq -1)

{

$appEntryDisplayStr = [System.String]::Format([System.Globalization.Cul

