private void init_dtFileFiltersConfig()
{
dtFileFiltersConfig = FindFileFilter.init_dtConfig();
}
/// <summary>
/// Find Files and Directories in the immediate folder - handles long path names, expects local or UNC path
/// </summary>
/// <param name="dirName">Directory to search in UNC path or local path format</param>
/// <param name="dtFilters">Data table with "Enabled" and "FileFilter" columns required</param>
/// <param name="checkSubFolders">Recursively check all sub folders</param>
/// <returns></returns>
public static List <ContentDetectorLib.FileResult> FindImmediateFilesAndDirs(string dirName, DataTable dtFilters, bool checkSubFolders)
{
string strDirConverted = LongPathPrepend(dirName);
List <ContentDetectorLib.FileResult> results = new List <ContentDetectorLib.FileResult>();
IntPtr findHandle = INVALID_HANDLE_VALUE;
bool blIgnoreFile = false;
WIN32_FIND_DATA findData;
if (dtFilters != null)
{
//For Each File filter find them in the current folder
foreach (DataRow row in dtFilters.Rows)
{
try
{
FindFileFilter filter = new FindFileFilter(row);
if (filter.Enabled && filter.FileFilter != "")
{
//Valid File Filter?
if (VerifyPattern(filter.FileFilter) && Delimon.Win32.IO.Directory.Exists(dirName))
{
try
{
//Search for the file filter in the current directory
if (filter.ObjectType == ContentDetectorLib.Common.FileFilterObjectType.Folder)
{
findHandle = FindFirstFileEx(strDirConverted + @"\" + filter.FileFilter, FINDEX_INFO_LEVELS.FindExInfoBasic, out findData, FINDEX_SEARCH_OPS.FindExSearchLimitToDirectories, IntPtr.Zero, FIND_FIRST_EX_LARGE_FETCH);
}
else
{
findHandle = FindFirstFileEx(strDirConverted + @"\" + filter.FileFilter, FINDEX_INFO_LEVELS.FindExInfoBasic, out findData, FINDEX_SEARCH_OPS.FindExSearchNameMatch, IntPtr.Zero, FIND_FIRST_EX_LARGE_FETCH);
}
if (findHandle != INVALID_HANDLE_VALUE)
{
bool found;
do
{
string currentFileName = findData.cFileName;
blIgnoreFile = false;
char[] delimiters = new char[] { ';' };
if (filter.ExcludeFiles != "")
{
string[] strArr_excludedfiles = filter.ExcludeFiles.Split(delimiters, StringSplitOptions.RemoveEmptyEntries);
if (!(strArr_excludedfiles == null || strArr_excludedfiles.Length == 0))
{
//loop through excluded folders
foreach (string strExclude in strArr_excludedfiles)
{
if (currentFileName.ToLower() == strExclude.ToLower())
{
blIgnoreFile = true;
}
}
}
}
if (!blIgnoreFile)
{
// if this is a directory, add directory found to the results.
if (((int)findData.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY) != 0)
{
if (filter.ObjectType == ContentDetectorLib.Common.FileFilterObjectType.Folder || filter.ObjectType == ContentDetectorLib.Common.FileFilterObjectType.Both)
{
if (currentFileName != "." && currentFileName != "..")
{
string strFilePath = RemovePrependGetPath(Path.Combine(dirName, currentFileName));
try
{
Delimon.Win32.IO.DirectoryInfo ddir = new Delimon.Win32.IO.DirectoryInfo(strFilePath);
ContentDetectorLib.FileResult fr1 = new ContentDetectorLib.FileResult(ddir);
fr1.FileFilterSearched = filter.FileFilter;
results.Add(fr1);
//results.Add("\"" + strFilePath + "\"" + ",FolderCreated: " + ddir.CreationTime.ToString("G") + ",Owner: " + strOwner);
}
catch (Exception)
{
ContentDetectorLib.FileResult fr1 = new ContentDetectorLib.FileResult();
fr1.FileFilterSearched = filter.FileFilter;
fr1.ObjectType = ContentDetectorLib.Common.FileFilterObjectType.Folder;
fr1.FullPath = strFilePath;
results.Add(fr1);
}
}
}
}
// it’s a file; add it to the results
else
{
if (filter.ObjectType == ContentDetectorLib.Common.FileFilterObjectType.File || filter.ObjectType == ContentDetectorLib.Common.FileFilterObjectType.Both)
{
string strFilePath = RemovePrependGetPath(Path.Combine(dirName, currentFileName));
Delimon.Win32.IO.FileInfo dfile;
try
{
dfile = new Delimon.Win32.IO.FileInfo(strFilePath);
if (filter.DeleteFilesFound)
{
ContentDetectorLib.FileResult fr1 = new ContentDetectorLib.FileResult(dfile);
fr1.FileFilterSearched = filter.FileFilter;
fr1.Deleted = true;
results.Add(fr1);
//Delete the ransomware related file
//results.Add("File Deleted: " + "\"" + strFilePath + "\"" + ",FileCreated: " + dfile.CreationTime.ToString("G") + ",Owner: " + strOwner);
dfile.Delete();
}
else
{
ContentDetectorLib.FileResult fr1 = new ContentDetectorLib.FileResult(dfile);
fr1.FileFilterSearched = filter.FileFilter;
results.Add(fr1);
//Document the file found
//results.Add("\"" + strFilePath + "\"" + ",FileCreated: " + dfile.CreationTime.ToString("G") + ",Owner: " + strOwner);
}
}
catch (Exception)
{
ContentDetectorLib.FileResult fr1 = new ContentDetectorLib.FileResult();
fr1.FileFilterSearched = filter.FileFilter;
fr1.FullPath = strFilePath;
fr1.ObjectType = ContentDetectorLib.Common.FileFilterObjectType.None;
fr1.Comment = "\"" + strFilePath + "\"";
results.Add(fr1);
//results.Add("\"" + strFilePath + "\"");
}
}
}
}
// find next if any
found = FindNextFile(findHandle, out findData);
}while (found);
}
}
finally
{
// close the find handle
FindClose(findHandle);
}
}
else
{
//invalid search filter
if (results.Count == 0)
{
ContentDetectorLib.FileResult fr1 = new ContentDetectorLib.FileResult();
fr1.FileFilterSearched = filter.FileFilter;
fr1.ObjectType = ContentDetectorLib.Common.FileFilterObjectType.None;
fr1.Comment = "Invalid Search Filter or Directory Problem: " + filter.FileFilter + " " + dirName;
results.Add(fr1);
//results.Add("Invalid Search Filter or Directory Problem: " + filter.FileFilter + " " + dirName);
}
}
}
}
catch
{
}
}
}
return(results);
}
