private void saveAsToolStripMenuItem_Click(object sender, EventArgs e)
{
if (curNode == null)
{
return;
}
if (saveDlg.ShowDialog() != DialogResult.OK)
{
return;
}
try{
DataBlock db = (DataBlock)curNode.Tag;
if (db.LoadData())
{
byte[] body = db.GetBinaryBody();
File.WriteAllBytes(saveDlg.FileName, body);
db.FreeData();
}
MessageBox.Show("Saved!");
}catch (Exception ex)
{
MessageBox.Show("Failed: " + ex.Message);
}
}
private void TvNodeClick(TreeNode n)
{
TcpRecon tr = null;
bool viewOnly = true;
if (curdb != null)
{
curdb.FreeData(); curdb = null;
}
if (n.Tag is TcpRecon)
{
tr = (TcpRecon)n.Tag;
if (he.LoadedFile != tr.dumpFile)
{
he.LoadFile(ref tr.dumpFile, ref viewOnly);
}
}
else
{
DataBlock db = (DataBlock)n.Tag;
curdb = db;
if (he.LoadedFile != db.recon.dumpFile)
{
he.LoadFile(ref db.recon.dumpFile, ref viewOnly);
}
he.scrollTo(db.startOffset);
he.set_SelStart(ref db.startOffset);
he.set_SelLength(ref db.length);
tabs_SelectedIndexChanged(null, null);
}
}
private void searchContentBodyToolStripMenuItem_Click(object sender, EventArgs e)
{
pb.Value = 0;
pb2.Value = 0;
int i = 0, j = 0;
string match = InputBox("Search for");
if (match.Length == 0)
{
return;
}
FrmList fl = new FrmList();
fl.parent = this;
fl.lv.Items.Clear();
foreach (TreeNode n in tv.Nodes)
{
i++;
setpb(i, tv.Nodes.Count, 1);
n.Checked = false;
foreach (TreeNode nn in n.Nodes)
{
j++;
setpb(j, n.Nodes.Count, 2);
nn.Checked = false;
DataBlock db = (DataBlock)nn.Tag;
if (db.LoadData())
{
string body = db.HttpHeader + "\r\n\r\n" + db.GetBody();
if (body.IndexOf(match, StringComparison.CurrentCultureIgnoreCase) > 0)
{
string txt = db.HttpFirstLine;
if (txt.Length == 0)
{
txt = "Data: " + body.Length.ToString();
}
setNodeColor(nn, 1);
setNodeColor(n, 2);
nn.Checked = true;
ListViewItem li2 = fl.lv.Items.Add(txt);
li2.Tag = nn;
}
db.FreeData();
}
}
}
pb.Value = 0;
pb2.Value = 0;
fl.Show();
}
private void extractStreamsToolStripMenuItem_Click(object sender, EventArgs e)
{
fDlg.SelectedPath = outDir;
if (fDlg.ShowDialog() != DialogResult.OK)
{
return;
}
string pDir = fDlg.SelectedPath + "\\";
int i = 0, j = 0;
foreach (TreeNode n in tv.Nodes)
{
if (n.Checked) //parent stream node, extract all its children
{
foreach (TreeNode nn in n.Nodes)
{
DataBlock db = (DataBlock)nn.Tag;
if (db.LoadData())
{
db.SaveToFile(pDir + n.Text + "_" + i + ".bin");
db.FreeData();
j++;
}
i++;
}
}
else //scan its subnodes to see if any of them are selected..
{
foreach (TreeNode nn in n.Nodes)
{
if (nn.Checked)
{
DataBlock db = (DataBlock)nn.Tag;
if (db.LoadData())
{
db.SaveToFile(pDir + n.Text + "_" + i + ".bin");
db.FreeData();
j++;
}
i++;
}
}
}
}
MessageBox.Show(string.Format("Extraction Complete {0}/{1} blocks extracted.", j, i));
}
private void extractStreamsToolStripMenuItem_Click(object sender, EventArgs e)
{
//note we have simplified the output file name...does not include ip..
//user dont extract multi ip streams..fix latter
//should the name be client 1, server 1 or client 1 , server 2 client 3 ?
fDlg.SelectedPath = outDir;
if (fDlg.ShowDialog() != DialogResult.OK)
{
return;
}
string pDir = fDlg.SelectedPath + "\\";
int c = 0, s = 0, saved = 0, total = 0, failed = 0;
TcpRecon recon;
string name = "";
foreach (TreeNode n in tv.Nodes)
{
if (n.Checked) //parent stream node, extract all its children
{
recon = (TcpRecon)n.Tag;
foreach (TreeNode nn in n.Nodes)
{
DataBlock db = (DataBlock)nn.Tag;
if (db.LoadData())
{
if (db.SourceAddress == recon.ServerAddress)
{
name = "server_" + string.Format("{0:D4}", s++);
}
else
{
name = "client_" + string.Format("{0:D4}", c++);
}
if (!db.SaveToFile(pDir + name + ".bin"))
{
failed++;
}
db.FreeData();
saved++;
}
total++;
}
}
else //scan its subnodes to see if any of them are selected..
{
foreach (TreeNode nn in n.Nodes)
{
recon = (TcpRecon)n.Tag;
if (nn.Checked)
{
DataBlock db = (DataBlock)nn.Tag;
if (db.LoadData())
{
if (db.SourceAddress == recon.ServerAddress)
{
name = "server_" + string.Format("{0:D4}", s++);
}
else
{
name = "client_" + string.Format("{0:D4}", c++);
}
if (!db.SaveToFile(pDir + name + ".bin"))
{
failed++;
}
db.FreeData();
saved++;
}
total++;
}
}
}
}
MessageBox.Show(string.Format("Extraction Complete Saved:{0} Total:{1} Fails:{2} blocks extracted.", saved, total - 1, failed));
}
