private void ParseJumpListC(string file, string appid, string extension, string username, string appName, List <ShellLinkFile> lnkFiles)
{
JumpListFile jumpListFile = new JumpListFile(true);
jumpListFile.FilePath = file;
jumpListFile.FileName = System.IO.Path.GetFileName(file);
jumpListFile.AppName = appName;
for (int index = 0; index < lnkFiles.Count; index++)
{
ShellLinkFile linkFile = lnkFiles[index];
JumpList jumpList = new JumpList();
jumpList.Name = (index + 1).ToString();
jumpList.Size = 0;
var Data = lnkFiles.ToArray();
string arguments = Data[index].Arguments;
if (arguments == null)
{
arguments = "None";
}
string accesstime = Data[index].Header.AccessTime.ToString("dd/MM/yyyy HH:mm:ss");
string writetime = Data[index].Header.WriteTime.ToString("dd/MM/yyyy HH:mm:ss");
string createtime = Data[index].Header.CreationTime.ToString("dd/MM/yyyy HH:mm:ss");
string Name = Data[index].IconLocation;
string ExeName = Data[index].LinkInfo.LocalBasePath;
string myArray = username + "," + appid + "," + appName + "," + ExeName + "," + arguments + "," + extension + "," + accesstime + "," + writetime + "," + createtime;
File.AppendAllText("FM-JLP.csv", myArray + Environment.NewLine);
}
}
private void ParseJumpListA(string appid, string extension, string username, string file, string appName)
{
JumpListFile jumpListFile = new JumpListFile(false);
jumpListFile.FilePath = file;
jumpListFile.FileName = System.IO.Path.GetFileName(file);
jumpListFile.AppName = appName;
CompoundFile compoundFile = new CompoundFile(file);
CFStream cfStream = compoundFile.RootStorage.GetStream("DestList");
jumpListFile.DestListSize = cfStream.Size;
List <DestListEntry> destListEntries = ParseDestList(cfStream.GetData());
jumpListFile.DestListEntries = destListEntries;
int ii = 1;
foreach (DestListEntry destListEntry in destListEntries)
{
CFStream cfStreamJf = null;
try
{
cfStreamJf = compoundFile.RootStorage.GetStream(ii.ToString());
ShellLinkFile linkFile = ShellLinkFile.Load(cfStreamJf.GetData());
string arguments = linkFile.Arguments.ToString();
if (arguments == null)
{
arguments = "None";
}
DateTime accesstime_ = linkFile.Header.AccessTime;
string accesstime = Convert.ToDateTime(accesstime_).ToString("dd/MM/yyyy HH:mm:ss");
string writetime = linkFile.Header.WriteTime.ToString("dd/MM/yyyy HH:mm:ss");
string createtime = linkFile.Header.CreationTime.ToString("dd/MM/yyyy HH:mm:ss");
string ExeName = linkFile.LinkInfo.LocalBasePath;
string myArray = username + "," + appid + "," + appName + "," + ExeName + "," + arguments + "," + extension + "," + accesstime + "," + writetime + "," + createtime;
File.AppendAllText("FM-JLP.csv", myArray + Environment.NewLine);
if (linkFile.Header.CreationTime == DateTime.MinValue |
linkFile.Header.AccessTime == DateTime.MinValue |
linkFile.Header.WriteTime == DateTime.MinValue |
linkFile.Header.CreationTime == ShellLinkFile.WindowsEpoch |
linkFile.Header.AccessTime == ShellLinkFile.WindowsEpoch |
linkFile.Header.WriteTime == ShellLinkFile.WindowsEpoch)
{
continue;
}
if (linkFile != null)
{
JumpList jumpList = new JumpList();
jumpList.Name = destListEntry.StreamNo;
jumpList.Size = cfStreamJf.GetData().Length;
jumpList.DestListEntry = destListEntry;
jumpListFile.JumpLists.Add(jumpList);
}
}
catch { Exception ex; }
ii = ii + 1;
}
}