Bitlocker PoC tool (#13452)

Bitlocker PoC tool to exercise drive encryption/decryption from go

This relates to #12694

tools/mdm/windows/bitlocker/bitlocker.go

@@ -0,0 +1,412 @@
+package main
+
+// Package bitlocker provides functionality for managing Bitlocker taking from Glazier project
+// https://github.com/google/glazier/blob/master/go/bitlocker/bitlocker.go
+
+import (
+	"fmt"
+
+	"github.com/go-ole/go-ole"
+	"github.com/go-ole/go-ole/oleutil"
+	"github.com/google/deck"
+	winapi "github.com/iamacarpet/go-win64api"
+	"github.com/scjalliance/comshim"
+)
+
+var (
+	// Test Helpers
+	funcBackup       = winapi.BackupBitLockerRecoveryKeys
+	funcRecoveryInfo = winapi.GetBitLockerRecoveryInfo
+)
+
+// BackupToAD backs up Bitlocker recovery keys to Active Directory.
+func BackupToAD() error {
+	infos, err := funcRecoveryInfo()
+	if err != nil {
+		return err
+	}
+	volIDs := []string{}
+	for _, i := range infos {
+		if i.ConversionStatus != 1 {
+			deck.Warningf("Skipping volume %s due to conversion status (%d).", i.DriveLetter, i.ConversionStatus)
+			continue
+		}
+		deck.Infof("Backing up Bitlocker recovery password for drive %q.", i.DriveLetter)
+		volIDs = append(volIDs, i.PersistentVolumeID)
+	}
+	return funcBackup(volIDs)
+}
+
+// Encryption Methods
+// https://docs.microsoft.com/en-us/windows/win32/secprov/getencryptionmethod-win32-encryptablevolume
+type EncryptionMethod int32
+
+const (
+	None EncryptionMethod = iota
+	AES128WithDiffuser
+	AES256WithDiffuser
+	AES128
+	AES256
+	HardwareEncryption
+	XtsAES128
+	XtsAES256
+)
+
+// Encryption Flags
+// https://docs.microsoft.com/en-us/windows/win32/secprov/encrypt-win32-encryptablevolume
+type EncryptionFlag int32
+
+const (
+	EncryptDataOnly    EncryptionFlag = 0x00000001
+	EncryptDemandWipe  EncryptionFlag = 0x00000002
+	EncryptSynchronous EncryptionFlag = 0x00010000
+
+	// Error Codes
+	ERROR_IO_DEVICE                     int32 = -2147023779
+	FVE_E_EDRIVE_INCOMPATIBLE_VOLUME    int32 = -2144272206
+	FVE_E_NO_TPM_WITH_PASSPHRASE        int32 = -2144272212
+	FVE_E_PASSPHRASE_TOO_LONG           int32 = -2144272214
+	FVE_E_POLICY_PASSPHRASE_NOT_ALLOWED int32 = -2144272278
+	FVE_E_NOT_DECRYPTED                 int32 = -2144272327
+	FVE_E_INVALID_PASSWORD_FORMAT       int32 = -2144272331
+	FVE_E_BOOTABLE_CDDVD                int32 = -2144272336
+	FVE_E_PROTECTOR_EXISTS              int32 = -2144272335
+)
+
+func encryptErrHandler(val int32) error {
+	switch val {
+	case ERROR_IO_DEVICE:
+		return fmt.Errorf("an I/O error has occurred during encryption; the device may need to be reset")
+	case FVE_E_EDRIVE_INCOMPATIBLE_VOLUME:
+		return fmt.Errorf("the drive specified does not support hardware-based encryption")
+	case FVE_E_NO_TPM_WITH_PASSPHRASE:
+		return fmt.Errorf("a TPM key protector cannot be added because a password protector exists on the drive")
+	case FVE_E_PASSPHRASE_TOO_LONG:
+		return fmt.Errorf("the passphrase cannot exceed 256 characters")
+	case FVE_E_POLICY_PASSPHRASE_NOT_ALLOWED:
+		return fmt.Errorf("Group Policy settings do not permit the creation of a password")
+	case FVE_E_NOT_DECRYPTED:
+		return fmt.Errorf("the drive must be fully decrypted to complete this operation")
+	case FVE_E_INVALID_PASSWORD_FORMAT:
+		return fmt.Errorf("the format of the recovery password provided is invalid")
+	case FVE_E_BOOTABLE_CDDVD:
+		return fmt.Errorf("BitLocker Drive Encryption detected bootable media (CD or DVD) in the computer. " +
+			"Remove the media and restart the computer before configuring BitLocker.")
+	case FVE_E_PROTECTOR_EXISTS:
+		return fmt.Errorf("key protector cannot be added; only one key protector of this type is allowed for this drive")
+	default:
+		return fmt.Errorf("error code returned during encryption: %d", val)
+	}
+}
+
+// A Volume tracks an open encryptable volume.
+type Volume struct {
+	letter  string
+	handle  *ole.IDispatch
+	wmiIntf *ole.IDispatch
+	wmiSvc  *ole.IDispatch
+}
+
+// Close frees all resources associated with a volume.
+func (v *Volume) Close() {
+	v.handle.Release()
+	v.wmiIntf.Release()
+	v.wmiSvc.Release()
+	comshim.Done()
+}
+
+// Connect connects to an encryptable volume in order to manage it.
+// You must call Close() to release the volume when finished.
+//
+// Example: bitlocker.Connect("c:")
+func Connect(driveLetter string) (Volume, error) {
+	comshim.Add(1)
+	v := Volume{letter: driveLetter}
+
+	unknown, err := oleutil.CreateObject("WbemScripting.SWbemLocator")
+	if err != nil {
+		comshim.Done()
+		return v, fmt.Errorf("CreateObject: %w", err)
+	}
+	defer unknown.Release()
+	v.wmiIntf, err = unknown.QueryInterface(ole.IID_IDispatch)
+	if err != nil {
+		comshim.Done()
+		return v, fmt.Errorf("QueryInterface: %w", err)
+	}
+	serviceRaw, err := oleutil.CallMethod(v.wmiIntf, "ConnectServer", nil, `\\.\ROOT\CIMV2\Security\MicrosoftVolumeEncryption`)
+	if err != nil {
+		v.Close()
+		return v, fmt.Errorf("ConnectServer: %w", err)
+	}
+	v.wmiSvc = serviceRaw.ToIDispatch()
+
+	raw, err := oleutil.CallMethod(v.wmiSvc, "ExecQuery", "SELECT * FROM Win32_EncryptableVolume WHERE DriveLetter = '"+driveLetter+"'")
+	if err != nil {
+		v.Close()
+		return v, fmt.Errorf("ExecQuery: %w", err)
+	}
+	result := raw.ToIDispatch()
+	defer result.Release()
+
+	itemRaw, err := oleutil.CallMethod(result, "ItemIndex", 0)
+	if err != nil {
+		v.Close()
+		return v, fmt.Errorf("failed to fetch result row while processing BitLocker info: %w", err)
+	}
+	v.handle = itemRaw.ToIDispatch()
+
+	return v, nil
+}
+
+// Encrypt encrypts the volume.
+//
+// Example: vol.Encrypt(bitlocker.XtsAES256, bitlocker.EncryptDataOnly)
+//
+// Ref: https://docs.microsoft.com/en-us/windows/win32/secprov/encrypt-win32-encryptablevolume
+func (v *Volume) Encrypt(method EncryptionMethod, flags EncryptionFlag) error {
+	resultRaw, err := oleutil.CallMethod(v.handle, "Encrypt", int32(method), int32(flags))
+	if err != nil {
+		return fmt.Errorf("Encrypt(%s): %w", v.letter, err)
+	} else if val, ok := resultRaw.Value().(int32); val != 0 || !ok {
+		return fmt.Errorf("Encrypt(%s): %w", v.letter, encryptErrHandler(val))
+	}
+
+	return nil
+}
+
+// Decrypt encrypts the volume.
+//
+// Example: vol.Decrypt()
+//
+// Ref: https://learn.microsoft.com/en-us/windows/win32/secprov/decrypt-win32-encryptablevolume
+func (v *Volume) Decrypt() error {
+	resultRaw, err := oleutil.CallMethod(v.handle, "Decrypt")
+	if err != nil {
+		return fmt.Errorf("Decrypt(%s): %w", v.letter, err)
+	} else if val, ok := resultRaw.Value().(int32); val != 0 || !ok {
+		return fmt.Errorf("Decrypt(%s): %w", v.letter, encryptErrHandler(val))
+	}
+
+	return nil
+}
+
+// DiscoveryVolumeType specifies the type of discovery volume to be used by Prepare.
+//
+// Ref: https://docs.microsoft.com/en-us/windows/win32/secprov/preparevolume-win32-encryptablevolume
+type DiscoveryVolumeType string
+
+const (
+	// VolumeTypeNone indicates no discovery volume. This value creates a native BitLocker volume.
+	VolumeTypeNone DiscoveryVolumeType = "<none>"
+	// VolumeTypeDefault indicates the default behavior.
+	VolumeTypeDefault DiscoveryVolumeType = "<default>"
+	// VolumeTypeFAT32 creates a FAT32 discovery volume.
+	VolumeTypeFAT32 DiscoveryVolumeType = "FAT32"
+)
+
+// ForceEncryptionType specifies the encryption type to be used when calling Prepare on the volume.
+//
+// Ref: https://docs.microsoft.com/en-us/windows/win32/secprov/preparevolume-win32-encryptablevolume
+type ForceEncryptionType int32
+
+const (
+	// EncryptionTypeUnspecified indicates that the encryption type is not specified.
+	EncryptionTypeUnspecified ForceEncryptionType = 0
+	// EncryptionTypeSoftware specifies software encryption.
+	EncryptionTypeSoftware ForceEncryptionType = 1
+	// EncryptionTypeHardware specifies hardware encryption.
+	EncryptionTypeHardware ForceEncryptionType = 2
+)
+
+// Prepare prepares a new Bitlocker Volume. This should be called BEFORE any key protectors are added.
+//
+// Example: vol.Prepare(bitlocker.VolumeTypeDefault, bitlocker.EncryptionTypeHardware)
+//
+// Ref: https://docs.microsoft.com/en-us/windows/win32/secprov/preparevolume-win32-encryptablevolume
+func (v *Volume) Prepare(volType DiscoveryVolumeType, encType ForceEncryptionType) error {
+	resultRaw, err := oleutil.CallMethod(v.handle, "PrepareVolume", string(volType), int32(encType))
+	if err != nil {
+		return fmt.Errorf("PrepareVolume(%s): %w", v.letter, err)
+	} else if val, ok := resultRaw.Value().(int32); val != 0 || !ok {
+		return fmt.Errorf("PrepareVolume(%s): %w", v.letter, encryptErrHandler(val))
+	}
+	return nil
+}
+
+// ProtectWithNumericalPassword adds a numerical password key protector.
+//
+// Leave password as a blank string to have one auto-generated by Windows. (Recommended)
+//
+// In Powershell this is referred to as a RecoveryPasswordProtector.
+//
+// Ref: https://docs.microsoft.com/en-us/windows/win32/secprov/protectkeywithnumericalpassword-win32-encryptablevolume
+func (v *Volume) ProtectWithNumericalPassword(password string) error {
+	var volumeKeyProtectorID ole.VARIANT
+	ole.VariantInit(&volumeKeyProtectorID)
+	var resultRaw *ole.VARIANT
+	var err error
+	if password != "" {
+		resultRaw, err = oleutil.CallMethod(v.handle, "ProtectKeyWithNumericalPassword", nil, password, &volumeKeyProtectorID)
+	} else {
+		resultRaw, err = oleutil.CallMethod(v.handle, "ProtectKeyWithNumericalPassword", nil, nil, &volumeKeyProtectorID)
+	}
+	if err != nil {
+		return fmt.Errorf("ProtectKeyWithNumericalPassword(%s): %w", v.letter, err)
+	} else if val, ok := resultRaw.Value().(int32); val != 0 || !ok {
+		return fmt.Errorf("ProtectKeyWithNumericalPassword(%s): %w", v.letter, encryptErrHandler(val))
+	}
+
+	return nil
+}
+
+// ProtectWithPassphrase adds a passphrase key protector.
+//
+// Ref: https://docs.microsoft.com/en-us/windows/win32/secprov/protectkeywithpassphrase-win32-encryptablevolume
+func (v *Volume) ProtectWithPassphrase(passphrase string) error {
+	var volumeKeyProtectorID ole.VARIANT
+	ole.VariantInit(&volumeKeyProtectorID)
+	resultRaw, err := oleutil.CallMethod(v.handle, "ProtectKeyWithPassphrase", nil, passphrase, &volumeKeyProtectorID)
+	if err != nil {
+		return fmt.Errorf("ProtectWithPassphrase(%s): %w", v.letter, err)
+	} else if val, ok := resultRaw.Value().(int32); val != 0 || !ok {
+		return fmt.Errorf("ProtectWithPassphrase(%s): %w", v.letter, encryptErrHandler(val))
+	}
+
+	return nil
+}
+
+// ProtectWithTPM adds the TPM key protector.
+//
+// Ref: https://docs.microsoft.com/en-us/windows/win32/secprov/protectkeywithtpm-win32-encryptablevolume
+func (v *Volume) ProtectWithTPM(platformValidationProfile *[]uint8) error {
+	var volumeKeyProtectorID ole.VARIANT
+	ole.VariantInit(&volumeKeyProtectorID)
+	var resultRaw *ole.VARIANT
+	var err error
+	if platformValidationProfile == nil {
+		resultRaw, err = oleutil.CallMethod(v.handle, "ProtectKeyWithTPM", nil, nil, &volumeKeyProtectorID)
+	} else {
+		resultRaw, err = oleutil.CallMethod(v.handle, "ProtectKeyWithTPM", nil, *platformValidationProfile, &volumeKeyProtectorID)
+	}
+	if err != nil {
+		return fmt.Errorf("ProtectKeyWithTPM(%s): %w", v.letter, err)
+	} else if val, ok := resultRaw.Value().(int32); val != 0 || !ok {
+		return fmt.Errorf("ProtectKeyWithTPM(%s): %w", v.letter, encryptErrHandler(val))
+	}
+
+	return nil
+}
+
+// Encryption Status
+type EncryptionStatus struct {
+	ProtectionStatusDesc string
+	ConversionStatusDesc string
+	EncryptionPercentage string
+	EncryptionFlags      string
+	WipingStatusDesc     string
+	WipingPercentage     string
+}
+
+// getConversionStatusDescription returns the current status of the volume
+// https://learn.microsoft.com/en-us/windows/win32/secprov/getconversionstatus-win32-encryptablevolume
+func getConversionStatusDescription(input string) string {
+
+	switch input {
+	case "0":
+		return "FullyDecrypted"
+	case "1":
+		return "FullyEncrypted"
+	case "2":
+		return "EncryptionInProgress"
+	case "3":
+		return "DecryptionInProgress"
+	case "4":
+		return "EncryptionPaused"
+	case "5":
+		return "DecryptionPaused"
+	}
+
+	return "Status " + input
+}
+
+// getWipingStatusDescription returns the current wiping status of the volume
+// https://learn.microsoft.com/en-us/windows/win32/secprov/getconversionstatus-win32-encryptablevolume
+func getWipingStatusDescription(input string) string {
+
+	switch input {
+	case "0":
+		return "FreeSpaceNotWiped"
+	case "1":
+		return "FreeSpaceWiped"
+	case "2":
+		return "FreeSpaceWipingInProgress"
+	case "3":
+		return "FreeSpaceWipingPaused"
+	}
+
+	return "Status " + input
+}
+
+// getProtectionStatusDescription returns the current protection status of the volume
+// https://learn.microsoft.com/en-us/windows/win32/secprov/getprotectionstatus-win32-encryptablevolume
+func getProtectionStatusDescription(input string) string {
+
+	switch input {
+	case "0":
+		return "Unprotected"
+	case "1":
+		return "Protected"
+	case "2":
+		return "Unknown"
+	}
+
+	return "Status " + input
+}
+
+// intToPercentage converts an int to a percentage string
+func intToPercentage(num int32) string {
+	percentage := float64(num) / 10000.0
+	return fmt.Sprintf("%.2f%%", percentage)
+}
+
+// GetBitlockerStatus returns the current status of the volume
+//
+// Ref: https://learn.microsoft.com/en-us/windows/win32/secprov/getprotectionstatus-win32-encryptablevolume
+// Ref: https://learn.microsoft.com/en-us/windows/win32/secprov/getconversionstatus-win32-encryptablevolume
+func (v *Volume) GetBitlockerStatus() (*EncryptionStatus, error) {
+
+	var conversionStatus int32 = 0
+	var encryptionPercentage int32 = 0
+	var encryptionFlags int32 = 0
+	var wipingStatus int32 = 0
+	var wipingPercentage int32 = 0
+	var precisionFactor int32 = 4
+	var protectionStatus int32 = 0
+
+	resultRaw, err := oleutil.CallMethod(v.handle, "GetConversionStatus", &conversionStatus, &encryptionPercentage, &encryptionFlags, &wipingStatus, &wipingPercentage, precisionFactor)
+	if err != nil {
+		return nil, fmt.Errorf("GetConversionStatus(%s): %w", v.letter, err)
+	} else if val, ok := resultRaw.Value().(int32); val != 0 || !ok {
+		return nil, fmt.Errorf("GetConversionStatus(%s): %w", v.letter, encryptErrHandler(val))
+	}
+
+	resultRaw, err = oleutil.CallMethod(v.handle, "GetProtectionStatus", &protectionStatus)
+	if err != nil {
+		return nil, fmt.Errorf("GetProtectionStatus(%s): %w", v.letter, err)
+	} else if val, ok := resultRaw.Value().(int32); val != 0 || !ok {
+		return nil, fmt.Errorf("GetProtectionStatus(%s): %w", v.letter, encryptErrHandler(val))
+	}
+
+	// Creating the encryption status struct
+	encStatus := &EncryptionStatus{
+		ProtectionStatusDesc: getProtectionStatusDescription(fmt.Sprintf("%d", protectionStatus)),
+		ConversionStatusDesc: getConversionStatusDescription(fmt.Sprintf("%d", conversionStatus)),
+		EncryptionPercentage: intToPercentage(encryptionPercentage),
+		EncryptionFlags:      fmt.Sprintf("%d", encryptionFlags),
+		WipingStatusDesc:     getWipingStatusDescription(fmt.Sprintf("%d", wipingStatus)),
+		WipingPercentage:     intToPercentage(wipingPercentage),
+	}
+
+	return encStatus, nil
+}

tools/mdm/windows/bitlocker/core.go

@@ -0,0 +1,132 @@
+package main
+
+import (
+	"flag"
+	"fmt"
+)
+
+func BitlockerEncryptionNumericalPassword(encryptionPassword string) error {
+
+	// Connect to the volume
+	vol, err := Connect("c:")
+	if err != nil {
+		return fmt.Errorf("there was an error connecting to the volume - error: %v", err)
+	}
+	defer vol.Close()
+
+	// Prepare for encryption
+	if err := vol.Prepare(VolumeTypeDefault, EncryptionTypeSoftware); err != nil {
+		return fmt.Errorf("there was an error preparing the volume for encryption - error: %v", err)
+	}
+
+	// Add a recovery protector
+
+	if err := vol.ProtectWithNumericalPassword(encryptionPassword); err != nil {
+		return fmt.Errorf("there was an error adding a recovery protector - error: %v", err)
+	}
+
+	// Protect with TPM
+	if err := vol.ProtectWithTPM(nil); err != nil {
+		return fmt.Errorf("there was an error protecting with TPM - error: %v", err)
+	}
+
+	// Start encryption
+	if err := vol.Encrypt(XtsAES256, EncryptDataOnly); err != nil {
+		return fmt.Errorf("there was an error starting encryption - error: %v", err)
+	}
+
+	return nil
+}
+
+func BitlockerDecryption() error {
+
+	// Connect to the volume
+	vol, err := Connect("c:")
+	if err != nil {
+		return fmt.Errorf("there was an error connecting to the volume - error: %v", err)
+	}
+	defer vol.Close()
+
+	// Start decryption
+	if err := vol.Decrypt(); err != nil {
+		return fmt.Errorf("there was an error starting decryption - error: %v", err)
+	}
+
+	return nil
+}
+
+func GetBitlockerStatus() (*EncryptionStatus, error) {
+
+	// Connect to the volume
+	vol, err := Connect("c:")
+	if err != nil {
+		return nil, fmt.Errorf("there was an error connecting to the volume - error: %v", err)
+	}
+	defer vol.Close()
+
+	// Get volume status
+	status, err := vol.GetBitlockerStatus()
+	if err != nil {
+		return nil, fmt.Errorf("there was an error starting decryption - error: %v", err)
+	}
+
+	return status, nil
+}
+
+func main() {
+
+	enableBitlocker := flag.Bool("encrypt", false, "encrypt the drive")
+	disableBitlocker := flag.Bool("decrypt", false, "decrypt the drive")
+	statusBitlocker := flag.Bool("status", true, "get drive status")
+
+	flag.Parse()
+
+	if *enableBitlocker {
+		fmt.Println("About to attempt enabling bitlocker")
+
+		//This needs to be generated with algorithm defined at
+		//https://learn.microsoft.com/en-us/windows/win32/secprov/getkeyprotectornumericalpassword-win32-encryptablevolume
+		newPassword := "527230-472395-606199-107525-536789-168927-479336-471856"
+
+		err := BitlockerEncryptionNumericalPassword(newPassword)
+		if err != nil {
+			fmt.Printf("bitlocker encryption error - %v\n", err)
+			return
+		}
+
+		fmt.Println("Bitlocker encryption started!")
+
+	} else if *disableBitlocker {
+		fmt.Println("About to attempt disabling bitlocker")
+
+		err := BitlockerDecryption()
+		if err != nil {
+			fmt.Printf("bitlocker decryption error - %v\n", err)
+			return
+		}
+
+		fmt.Println("Bitlocker decryption started!")
+
+	} else if *statusBitlocker {
+		fmt.Println("About to get encryption status bitlocker")
+
+		status, err := GetBitlockerStatus()
+		if err != nil {
+			fmt.Printf("bitlocker decryption error - %v\n", err)
+			return
+		}
+
+		fmt.Println("Protection status: ", status.ProtectionStatusDesc)
+		fmt.Println("Conversion status: ", status.ConversionStatusDesc)
+		fmt.Println("Encryption Flags: ", status.EncryptionFlags)
+		fmt.Println("Wiping Status description: ", status.WipingStatusDesc)
+		fmt.Println("Encryption percentage complete: ", status.EncryptionPercentage)
+		fmt.Println("Wiping percentage complete: ", status.WipingPercentage)
+
+		fmt.Println("Bitlocker encryption status gathered!")
+
+	} else {
+		fmt.Println("You must specify either -encrypt, -decrypt or -status")
+		return
+	}
+}

tools/mdm/windows/bitlocker/go.mod

@@ -0,0 +1,18 @@
+module bitlocker
+
+go 1.19
+
+require github.com/go-ole/go-ole v1.3.0
+
+require (
+	github.com/google/cabbie v1.0.2 // indirect
+	github.com/google/glazier v0.0.0-20211029225403-9f766cca891d // indirect
+)
+
+require (
+	github.com/google/deck v1.1.0
+	github.com/google/uuid v1.3.1
+	github.com/iamacarpet/go-win64api v0.0.0-20230324134531-ef6dbdd6db97
+	github.com/scjalliance/comshim v0.0.0-20230315213746-5e51f40bd3b9
+	golang.org/x/sys v0.6.0 // indirect
+)

tools/mdm/windows/bitlocker/go.sum

@@ -0,0 +1,105 @@
+bitbucket.org/creachadair/stringset v0.0.9/go.mod h1:t+4WcQ4+PXTa8aQdNKe40ZP6iwesoMFWAxPGd3UGjyY=
+github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
+github.com/StackExchange/wmi v1.2.0/go.mod h1:3eOhrUMpNV+6aFIbp5/iudMxNCF27Vw2OZgy4xEx0Fg=
+github.com/capnspacehook/taskmaster v0.0.0-20210519235353-1629df7c85e9/go.mod h1:257CYs3Wd/CTlLQ3c72jKv+fFE2MV3WPNnV5jiroYUU=
+github.com/creachadair/staticfile v0.1.3/go.mod h1:a3qySzCIXEprDGxk6tSxSI+dBBdLzqeBOMhZ+o2d3pM=
+github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
+github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
+github.com/go-ole/go-ole v1.2.4/go.mod h1:XCwSNxSkXRo4vlyPy93sltvi/qJq0jqQhjqQNIwKuxM=
+github.com/go-ole/go-ole v1.2.5/go.mod h1:pprOEPIfldk/42T2oK7lQ4v4JSDwmV0As9GaiUsvbm0=
+github.com/go-ole/go-ole v1.2.6/go.mod h1:pprOEPIfldk/42T2oK7lQ4v4JSDwmV0As9GaiUsvbm0=
+github.com/go-ole/go-ole v1.3.0 h1:Dt6ye7+vXGIKZ7Xtk4s6/xVdGDQynvom7xCFEdWr6uE=
+github.com/go-ole/go-ole v1.3.0/go.mod h1:5LS6F96DhAwUc7C+1HLexzMXY1xGRSryjyPPKW6zv78=
+github.com/godbus/dbus v4.1.0+incompatible/go.mod h1:/YcGZj5zSblfDWMMoOzV4fas9FZnQYTkDnsGvmh2Grw=
+github.com/golang/glog v0.0.0-20210429001901-424d2337a529/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
+github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8=
+github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA=
+github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs=
+github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w=
+github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0=
+github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
+github.com/google/aukera v0.0.0-20201117230544-d145c8357fea/go.mod h1:oXqTZORBzdwQ6L32YjJmaPajqIV/hoGEouwpFMf4cJE=
+github.com/google/cabbie v1.0.2 h1:UtB+Nn6fPB43wGg5xs4tgU+P3hTZ6KsulgtaHtqZZfs=
+github.com/google/cabbie v1.0.2/go.mod h1:6MmHaUrgfabehCHAIaxdrbmvHSxUVXj3Abs08FMABSo=
+github.com/google/deck v1.1.0 h1:kePIz/wtlpsFSx3+sEmYnlBPudF0x3u0QqB91EC8l38=
+github.com/google/deck v1.1.0/go.mod h1:VyLix33qBTXGsn4vbF85lWLv/9ushseSAoqS27uX6Zg=
+github.com/google/glazier v0.0.0-20210617205946-bf91b619f5d4/go.mod h1:g7oyIhindbeebnBh0hbFua5rv6XUt/nweDwIWdvxirg=
+github.com/google/glazier v0.0.0-20211029225403-9f766cca891d h1:GBIF4RkD4E9USvSRT4O4tBCT77JExIr+qnruI9nkJQo=
+github.com/google/glazier v0.0.0-20211029225403-9f766cca891d/go.mod h1:h2R3DLUecGbLSyi6CcxBs5bdgtJhgK+lIffglvAcGKg=
+github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
+github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
+github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/logger v1.1.0/go.mod h1:w7O8nrRr0xufejBlQMI83MXqRusvREoJdaAxV+CoAB4=
+github.com/google/logger v1.1.1/go.mod h1:BkeJZ+1FhQ+/d087r4dzojEg1u2ZX+ZqG1jTUrLM+zQ=
+github.com/google/subcommands v1.2.0/go.mod h1:ZjhPrFU+Olkh9WazFPsl27BQ4UPiG37m3yTrtFlrHVk=
+github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/google/uuid v1.3.1 h1:KjJaJ9iWZ3jOFZIf1Lqf4laDRCasjl0BCmnEGxkdLb4=
+github.com/google/uuid v1.3.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/google/winops v0.0.0-20210803215038-c8511b84de2b/go.mod h1:ShbX8v8clPm/3chw9zHVwtW3QhrFpL8mXOwNxClt4pg=
+github.com/groob/plist v0.0.0-20210519001750-9f754062e6d6/go.mod h1:itkABA+w2cw7x5nYUS/pLRef6ludkZKOigbROmCTaFw=
+github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
+github.com/iamacarpet/go-win64api v0.0.0-20210311141720-fe38760bed28/go.mod h1:oGJx9dz0Ny7HC7U55RZ0Smd6N9p3hXP/+hOFtuYrAxM=
+github.com/iamacarpet/go-win64api v0.0.0-20230324134531-ef6dbdd6db97 h1:VjwKCN2PMLlMKM2k9AW8QQsfmEH43ldlX+JGeWW9cEE=
+github.com/iamacarpet/go-win64api v0.0.0-20230324134531-ef6dbdd6db97/go.mod h1:B7zFQPAznj+ujXel5X+LUoK3LgY6VboCdVYHZNn7gpg=
+github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A=
+github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
+github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk=
+github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY=
+github.com/onsi/gomega v1.10.2/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo=
+github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/rickb777/date v1.14.2/go.mod h1:swmf05C+hN+m8/Xh7gEq3uB6QJDNc5pQBWojKdHetOs=
+github.com/rickb777/plural v1.2.2/go.mod h1:xyHbelv4YvJE51gjMnHvk+U2e9zIysg6lTnSQK8XUYA=
+github.com/robfig/cron/v3 v3.0.1/go.mod h1:eQICP3HwyT7UooqI/z+Ov+PtYAWygg1TEWWzGIFLtro=
+github.com/scjalliance/comshim v0.0.0-20190308082608-cf06d2532c4e/go.mod h1:9Tc1SKnfACJb9N7cw2eyuI6xzy845G7uZONBsi5uPEA=
+github.com/scjalliance/comshim v0.0.0-20230315213746-5e51f40bd3b9 h1:rc/CcqLH3lh8n+csdOuDfP+NuykE0U6AeYSJJHKDgSg=
+github.com/scjalliance/comshim v0.0.0-20230315213746-5e51f40bd3b9/go.mod h1:a/83NAfUXvEuLpmxDssAXxgUgrEy12MId3Wd7OTs76s=
+golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
+golang.org/x/net v0.0.0-20201006153459-a7d1128ccaa0/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
+golang.org/x/net v0.0.0-20210614182718-04defd469f4e/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
+golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190904154756-749cb33beabd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200622182413-4b0db7f3f76b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210426230700-d19ff857e887/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210601080250-7ecdf8ef093b/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20211107104306-e0b2ad06fe42/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.1.0 h1:kunALQeHf1/185U1i0GOB/fy1IPRDDpuoOOqRReG57U=
+golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.6.0 h1:MVltZSvRTcU2ljQOhs94SXPftV6DCNnZViHeQps87pQ=
+golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
+golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
+google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
+google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
+google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE=
+google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo=
+google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys=
+gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw=
+gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=