private void analyzeChainToolStripMenuItem_Click(object sender, EventArgs e)
{
CapturePacket o = (CapturePacket)fastObjectListView1.SelectedObject;
if (o != null)
{
var linked = new LinkedList <CapturePacket>();
while (o.Previous != null)
{
o = o.Previous;
}
linked.AddFirst(o);
while (o.Next != null)
{
linked.AddLast(o.Next);
o = o.Next;
}
var saveFileDialog = new SaveFileDialog {
DefaultExt = "xlsx"
};
DialogResult dialogResult = saveFileDialog.ShowDialog(this);
if (dialogResult == DialogResult.OK)
{
Export.Export.AnalyseChain(linked, saveFileDialog.FileName);
}
}
}
void cmp_OnComplete(int owner, CompressionEventArgs e, bool errorOccured)
{
this.DebugEvent("7z: " + e.Operation.ToString() + ", " + errorOccured);
if (e.Operation == NX.Collections.Action.Compress)
{
if (!errorOccured && File.Exists(e.TargetFile))
{
this.DispatchData(Type.CaptureStream, File.ReadAllBytes(e.TargetFile + ".7z"));
}
//this.SendData(File.ReadAllBytes(e.TargetFile));
//new DisposableDirectory(Path.GetPathRoot(e.TargetFile), Path.GetDirectoryName(e.TargetFile)).Dispose();
//this._encodeDisposeDir.Dispose();
//this._encodeDisposeDir = new DisposableDirectory();
}
else
{
if (!errorOccured)
{
File.Delete(e.TargetFile);
this.DebugEvent("Checking files in: " + Directory.GetParent(e.TargetFile).FullName);
foreach (string f in Directory.GetFiles(Directory.GetParent(e.TargetFile).FullName))
{
CapturePacket cp = new CapturePacket();
cp.ReadDecoded(f);
if (this.ReceivedCapture != null)
{
this.ReceivedCapture(owner, (cp.ScreenShot.Length != 0)?Image.FromStream(cp.ScreenShot):null, this.DecodeHookEvents(cp.Log));
}
}
}
//this._decodeDisposeDir.Dispose();
}
}
/// <summary>
/// Callback on 7z task completed. Dispatches final compressed data bytes / Parses the extracted received data files
/// </summary>
/// <param name="owner">Sender's Id</param>
/// <param name="e">Event options</param>
/// <param name="errorOccured">Whether error occurred in opertaion</param>
private void cmp_OnComplete(int owner, CompressionEventArgs e, bool errorOccured)
{
//this.DebugEvent("7z: " + e.Operation.ToString() + ", " + errorOccured);
this._neuroLog.WriteFormat("Decoded Operation Complete", "Operation: {0}\nTarget File: {1}\nError Occured: {2}", e.Operation, e.TargetFile, errorOccured);
if (e.Operation == NX.Collections.Compression7z.Action.Compress)
{
if (!errorOccured && File.Exists(e.TargetFile))
{
this.DispatchData(owner, ActionCenter.ActionType.CaptureStream, File.ReadAllBytes(e.TargetFile + ".7z"));
}
}
else
{
if (!errorOccured)
{
File.Delete(e.TargetFile);
//this.DebugEvent("Checking files in: " + Directory.GetParent(e.TargetFile).FullName);
foreach (string f in Directory.GetFiles(Directory.GetParent(e.TargetFile).FullName))
{
CapturePacket cp = new CapturePacket();
cp.ReadDecoded(f);
if (this.ReceivedCapture != null)
{
this.ReceivedCapture(owner, (cp.ScreenShot.Length != 0) ? Image.FromStream(cp.ScreenShot) : null, HookEventHelper.StreamToHookEvents(cp.Log));
}
}
}
//this._decodeDisposeDir.Dispose();
}
}
private void ContextMenuMouse_Opening(object sender, System.ComponentModel.CancelEventArgs e)
{
CapturePacket o = (CapturePacket)fastObjectListView1.SelectedObject;
if (o != null)
{
addToIgnoredComIDsToolStripMenuItem.Enabled = o.IPTWPPacket != null;
}
}
private void copyRawByteshexStringToolStripMenuItem_Click(object sender, EventArgs e)
{
CapturePacket o = (CapturePacket)fastObjectListView1.SelectedObject;
if (o != null)
{
var s = BitConverter.ToString(o.GetRawData());
Clipboard.SetText(s, TextDataFormat.Text);
}
Logger.Log("Hex String copied to ClipBoard", Severity.Info);
}
private void fastObjectListView1_SelectedIndexChanged(object sender, EventArgs e)
{
if (fastObjectListView1.SelectedObject == null)
{
return;
}
var packet = (CapturePacket)fastObjectListView1.SelectedObject;
_selectedPacket = packet;
OnPacketSelected(packet);
}
private void copyParsedDatatextStringToolStripMenuItem_Click(object sender, EventArgs e)
{
CapturePacket o = (CapturePacket)fastObjectListView1.SelectedObject;
if (o != null)
{
var s = Functions.MakeCommentString(o.ParsedData.GetDataDictionary());
Clipboard.SetText(s, TextDataFormat.Text);
}
Logger.Log("Parsed data copied to ClipBoard", Severity.Info);
}
private void ButtonMerge_Click(object sender, EventArgs e)
{
SetData();
var dialog = new SaveFileDialog();
var result = dialog.ShowDialog();
if (result == DialogResult.OK)
{
var fileName = dialog.FileName;
var fileManager = new FileManager();
fileManager.FilterFrom = DateTimeFrom;
fileManager.FilterTo = DateTimeTo;
var pcapWriter = new PCAPWriter(fileName);
bool started = false;
int pos = 0;
pcapWriter.Start();
fileManager.RawParsed += (senderx, raw) =>
{
if (!started)
{
pcapWriter.LinkLayerType = (uint)raw.LinkLayer;
started = true;
}
var capturePacket = new CapturePacket(raw);
pcapWriter.WritePacket(raw.RawData, raw.TimeStamp);
//if (capturePacket.Protocol == ProtocolType.JRU)
//{
// pcapWriter.WritePacket(raw.RawData, raw.TimeStamp);
//}
//else if (capturePacket.Protocol == ProtocolType.IPTWP && capturePacket.IPTWPPacket != null && capturePacket.IPTWPPacket.Comid != 110)
//{
// pcapWriter.WritePacket(raw.RawData, raw.TimeStamp);
//}
};
fileManager.EnumerateFiles(DataSources);
Thread.Sleep(1000);
pcapWriter.Stop();
}
}
public void EncodeCapture(CapturePacket cPacket)
{
cPacket.ParentDirectory = this._encodeDisposeDir.DirectoryPath;
this.__staticCompressionQueue.Enqueue(cPacket.WriteEncoded(null));
// Compress if limit
if (this.__staticCompressionQueue.Count == this.CaptureBufferCount)
{
this._bufferedOperator.AddTask(0, true, this._encodeDisposeDir, this.__staticCompressionQueue.ToArray());
this._encodeDisposeDir = new DisposableDirectory();
this.DebugEvent("New encodeDDir: " + this._encodeDisposeDir);
/*Compression7z cmp = new Compression7z(true);
cmp.OnComplete += new Compression7z.ProcessEventHandler(cmp_OnComplete);
cmp.CompressFiles(true, this.__staticCompressionQueue.Peek(), Compression7z.Type._7z, Compression7z.Compression.Ultra, this.__staticCompressionQueue.ToArray(), null, "h4x0r");
*/
this.__staticCompressionQueue = new Queue<string>();
}
}
private void addToIgnoredComIDsToolStripMenuItem_Click(object sender, EventArgs e)
{
CapturePacket o = (CapturePacket)fastObjectListView1.SelectedObject;
if (o?.IPTWPPacket != null)
{
var s = o.IPTWPPacket.Comid.ToString();
if (string.IsNullOrEmpty(Settings.IgnoreComid))
{
Settings.IgnoreComid = s;
}
else
{
Settings.IgnoreComid += "," + s;
}
UpdateFilter();
}
}
public void EncodeCapture(CapturePacket cPacket)
{
cPacket.ParentDirectory = this._encodeDisposeDir.DirectoryPath;
this.__staticCompressionQueue.Enqueue(cPacket.WriteEncoded(null));
// Compress if limit
if (this.__staticCompressionQueue.Count == this.CaptureBufferCount)
{
this._bufferedOperator.AddTask(0, true, this._encodeDisposeDir, this.__staticCompressionQueue.ToArray());
this._encodeDisposeDir = new DisposableDirectory();
this.DebugEvent("New encodeDDir: " + this._encodeDisposeDir);
/*Compression7z cmp = new Compression7z(true);
* cmp.OnComplete += new Compression7z.ProcessEventHandler(cmp_OnComplete);
* cmp.CompressFiles(true, this.__staticCompressionQueue.Peek(), Compression7z.Type._7z, Compression7z.Compression.Ultra, this.__staticCompressionQueue.ToArray(), null, "h4x0r");
*/
this.__staticCompressionQueue = new Queue <string>();
}
}
public List <CapturePacket> Import(string path)
{
var list = new List <CapturePacket>();
string text = File.ReadAllText(path);
CapturePacket prev = null;
uint sortIndex = 1;
var ss27Parser = new SS27Parser();
foreach (Match match in _regex.Matches(text))
{
string value = match.Groups["hex"].Value;
string hexstring = value.Replace(" ", "");
byte[] bytearray = StringToByteArray(hexstring);
var ss27 = (SS27Packet)ss27Parser.ParseData(bytearray);
var capturePacket = new CapturePacket(ProtocolType.JRU, ss27.MsgType.ToString(), ss27.DateTime);
capturePacket.ParsedData = new ParsedDataSet()
{
ParsedFields = new List <ParsedField>(ss27.Header)
};
capturePacket.No = sortIndex++;
capturePacket.SS27Packet = ss27;
// add to the chain
//if (prev != null)
// deviceLog.Previous = prev;
//prev = deviceLog;
list.Add(capturePacket);
}
return(list);
}
/// <summary>
/// Encodes/Buffers the capture packet and prepares for it's transmission
/// </summary>
/// <param name="id">Client Id</param>
/// <param name="cPacket">Capture packet containing encapsulated screen & event logs</param>
/// <param name="isSingleCapture">Live stream or buffered stream</param>
public void EncodeCapture(int id, CapturePacket cPacket, bool isSingleCapture)
{
//this._neuroLog.WriteFormat("Encoding Capture", "Id: {0}\nSingle Capture: {1}\nShrink Factor: {2}\nCapture Packet: {3}", id, isSingleCapture, this.CaptureShrinkFactor, cPacket);
if (isSingleCapture)
{
this.DispatchData(id, ActionCenter.ActionType.CaptureLive, cPacket.Encode().ToArray());
}
else
{
cPacket.ParentDirectory = this._encodeDisposeDir.DirectoryPath;
this._bufferCompressionQueue.Enqueue(cPacket.WriteEncoded(null));
if (this._bufferCompressionQueue.Count == this.CaptureBufferCount) // Compress and transmit if buffer limit reached
{
this._bufferedOperator.AddTask(0, true, this._encodeDisposeDir, this._bufferCompressionQueue.ToArray());
// Create fresh queue
this._encodeDisposeDir = new DisposableDirectory();
//this.DebugEvent("New encodeDDir: " + this._encodeDisposeDir);
this._bufferCompressionQueue = new Queue <string>();
}
}
}
/// <summary>
/// Decodes the capture data received over the network stream
/// </summary>
/// <param name="owner">Sender's Id</param>
/// <param name="bytes">Data bytes</param>
/// <param name="isSingleCapture">Live stream or buffered stream</param>
public void DecodeCapture(int owner, byte[] bytes, bool isSingleCapture)
{
//this._neuroLog.WriteFormat("Decoding Capture", "Owner: {0}\nSingle Capture: {1}", owner, isSingleCapture);
if (isSingleCapture)
{
CapturePacket cp = new CapturePacket();
cp.Decode(new MemoryStream(bytes));
//this._neuroLog.WriteFormat("Decoded Capture Packet", "Capture Packet: {0}", cp);
if (this.ReceivedCapture != null)
{
this.ReceivedCapture(owner, (cp.ScreenShot.Length != 0) ? Image.FromStream(cp.ScreenShot) : null, HookEventHelper.StreamToHookEvents(cp.Log));
}
}
else
{
this._decodeDisposeDir = new DisposableDirectory();
//this.DebugEvent("New decodeDDir: " + this._decodeDisposeDir);
string fileName = Path.Combine(this._decodeDisposeDir.DirectoryPath, Path.GetRandomFileName()) + ".7z";
File.WriteAllBytes(fileName, bytes); // Write file bytes to disk
this._bufferedOperator.AddTask(owner, false, this._decodeDisposeDir, new string[] { fileName }); // Queue extraction task
this._neuroLog.WriteFormat("Decoded Capture Queued", "File: {0}", fileName);
//this.DebugEvent("Extract: " + fileName);
}
}
public void Add(CapturePacket o)
{
// Connect up the chain
if (o.IPTWPPacket != null)
{
var tupleKey = new Tuple <uint, IPAddress>(o.IPTWPPacket.Comid, new IPAddress(o.Source));
if (_lastKnowns.ContainsKey(tupleKey))
{
o.Previous = _lastKnowns[tupleKey];
_lastKnowns[tupleKey].Next = o;
_lastKnowns[tupleKey] = o;
}
else
{
_lastKnowns.Add(tupleKey, o);
}
}
lock (_listAddLock)
{
_listAddBuffer.Add(o);
}
}
void cmp_OnComplete(int owner, CompressionEventArgs e, bool errorOccured)
{
this.DebugEvent("7z: " + e.Operation.ToString() + ", " + errorOccured);
if (e.Operation == NX.Collections.Action.Compress)
{
if (!errorOccured && File.Exists(e.TargetFile))
this.DispatchData(Type.CaptureStream, File.ReadAllBytes(e.TargetFile+".7z"));
//this.SendData(File.ReadAllBytes(e.TargetFile));
//new DisposableDirectory(Path.GetPathRoot(e.TargetFile), Path.GetDirectoryName(e.TargetFile)).Dispose();
//this._encodeDisposeDir.Dispose();
//this._encodeDisposeDir = new DisposableDirectory();
}
else
{
if (!errorOccured)
{
File.Delete(e.TargetFile);
this.DebugEvent("Checking files in: " + Directory.GetParent(e.TargetFile).FullName);
foreach (string f in Directory.GetFiles(Directory.GetParent(e.TargetFile).FullName))
{
CapturePacket cp = new CapturePacket();
cp.ReadDecoded(f);
if(this.ReceivedCapture!=null)
this.ReceivedCapture(owner, (cp.ScreenShot.Length != 0)?Image.FromStream(cp.ScreenShot):null, this.DecodeHookEvents(cp.Log));
}
}
//this._decodeDisposeDir.Dispose();
}
}
public PacketSelectedEventArgs(CapturePacket packet)
{
Packet = packet;
}
protected virtual void OnPacketSelected(CapturePacket packet)
{
var e = new PacketSelectedEventArgs(packet);
PacketSelected?.Invoke(this, e);
}
public void SetObject(CapturePacket originalpacket)
{
uint ticker = 0;
textBoxComid.Text = string.Empty;
textBoxRAW.Text = string.Empty;
textBoxSize.Text = string.Empty;
textBoxType.Text = string.Empty;
var dataLines = new List <DataLine>();
try
{
var extensiveData = CapturePacket.ExtractParsedData(originalpacket, out var displayfields, true);
if (originalpacket.IPTWPPacket != null)
{
var udp = (UdpPacket)originalpacket.Packet.PayloadPacket.PayloadPacket;
var iptPayload = IPTWPPacket.GetIPTPayload(udp, originalpacket.IPTWPPacket);
var iptHeader = IPTWPPacket.ExtractHeader(udp.PayloadData);
textBoxComid.Text = originalpacket.IPTWPPacket.Comid.ToString();
textBoxSize.Text = originalpacket.IPTWPPacket.IPTWPSize.ToString();
textBoxType.Text = originalpacket.IPTWPPacket.IPTWPType.ToString();
if (originalpacket.IPTWPPacket.IPTWPType == IPTTypes.MA)
{
dataLines.Add(new DataLine(ticker++)
{
IsCategory = true, Name = "IPTCom Message Acknowledgement"
});
var ackCode = BitConverter.ToUInt16(new[] { iptPayload[1], iptPayload[0] }, 0);
var ackSeq = BitConverter.ToUInt16(new[] { iptPayload[3], iptPayload[2] }, 0);
switch (ackCode)
{
case 0:
dataLines.Add(new DataLine(ticker++)
{
Name = "Ack Code", Value = "OK"
});
break;
case 1:
dataLines.Add(new DataLine(ticker++)
{
Name = "Ack Code", Value = "NACK, wrong frame check sequence in data part"
});
break;
case 2:
dataLines.Add(new DataLine(ticker++)
{
Name = "Ack Code", Value = "NACK, destination unknown / not listening"
});
break;
case 3:
dataLines.Add(new DataLine(ticker++)
{
Name = "Ack Code", Value = "NACK, wrong data / configuration mismatch"
});
break;
case 4:
dataLines.Add(new DataLine(ticker++)
{
Name = "Ack Code", Value = "NACK, buffer not available"
});
break;
default:
dataLines.Add(new DataLine(ticker++)
{
Name = "Ack Code", Value = "Invalid code: " + ackCode
});
break;
}
dataLines.Add(new DataLine(ticker++)
{
Name = "Ack Sequence", Value = ackSeq.ToString()
});
}
if (extensiveData != null && extensiveData.ParsedFields.Count > 0
) // a parser has chugged out something
{
dataLines.Add(new DataLine(ticker++)
{
IsCategory = true, Name = "IPTCom Data"
});
foreach (var field in extensiveData.ParsedFields)
{
bool changed = false;
if (originalpacket.Previous != null && originalpacket.IPTWPPacket.IPTWPType == IPTTypes.PD)
{
// not checking for null because frankly it shouldn't happen and we want an exception
changed = !originalpacket.Previous.ParsedData.GetField(field.Name).Value
.Equals(field.Value);
}
dataLines.Add(new DataLine(field, ticker++)
{
Changed = changed
});
}
}
}
if (originalpacket.SS27Packet != null)
{
dataLines.Add(new DataLine(ticker++)
{
IsCategory = true, Name = "JRU Data"
});
dataLines.Add(new DataLine(ticker++)
{
IsCategory = true, Name = "Header"
});
dataLines.Add(new DataLine(ticker++)
{
Name = "Timestamp",
Value = originalpacket.SS27Packet.DateTime.ToString() + ":" +
originalpacket.SS27Packet.DateTime.Millisecond
});
dataLines.Add(new DataLine(ticker++)
{
Name = "Level", Value = originalpacket.SS27Packet.Level
});
dataLines.Add(new DataLine(ticker++)
{
Name = "Mode", Value = originalpacket.SS27Packet.Mode
});
dataLines.Add(new DataLine(ticker++)
{
Name = "Speed", Value = originalpacket.SS27Packet.V_TRAIN.ToString()
});
dataLines.AddRange(
originalpacket.SS27Packet.Header.Select(parsedField => new DataLine(parsedField, ticker++)));
if (originalpacket.SS27Packet.SubMessage != null)
{
dataLines.Add(new DataLine(ticker++)
{
IsCategory = true, Name = "SubMessage"
});
foreach (var parsedField in originalpacket.SS27Packet.SubMessage.ParsedFields)
{
dataLines.Add(new DataLine(parsedField, ticker++));
}
}
foreach (var ss27PacketExtraMessage in originalpacket.SS27Packet.ExtraMessages)
{
dataLines.Add(new DataLine(ticker++)
{
IsCategory = true,
Name = ss27PacketExtraMessage.Name,
Comment = ss27PacketExtraMessage.Comment
});
foreach (var parsedField in ss27PacketExtraMessage.ParsedFields)
{
dataLines.Add(new DataLine(parsedField, ticker++));
}
}
}
if (originalpacket.IPTWPPacket == null && originalpacket.SS27Packet == null && extensiveData != null)
{
dataLines.Add(new DataLine(ticker++)
{
IsCategory = true, Name = extensiveData.Name
});
foreach (var field in extensiveData.ParsedFields)
{
dataLines.Add(new DataLine(field, ticker++));
}
}
}
catch (Exception e)
{
dataLines.Add(new DataLine(ticker++)
{
Name = "Error", Value = e.ToString()
});
}
try
{
var text = new StringBuilder(originalpacket.Packet.ToString(StringOutputType.Verbose));
if (originalpacket.IPTWPPacket != null)
{
// since we have IPT, straight cast to UDP, BAM
var udp = (UdpPacket)originalpacket.Packet.PayloadPacket.PayloadPacket;
var bytes = IPTWPPacket.GetIPTPayload(udp, originalpacket.IPTWPPacket);
var iptHeader = IPTWPPacket.ExtractHeader(udp.PayloadData);
var maxLenString = iptHeader.Max(pair => pair.Key.Length);
foreach (var head in iptHeader)
{
text.AppendLine("IPT:\t" + head.Key.PadLeft(maxLenString, ' ') + " = " + head.Value);
}
text.AppendLine("");
textBoxRAW.Text = BitConverter.ToString(bytes);
string str1 = "";
string str2 = "";
text.AppendLine("IPT: ******* Raw Hex Output - length=" + (object)bytes.Length + " bytes");
text.AppendLine("IPT: Segment: Bytes: Ascii:");
text.AppendLine("IPT: --------------------------------------------------------------------------");
for (int index = 1; index <= bytes.Length; ++index)
{
str1 = str1 + bytes[index - 1].ToString("x").PadLeft(2, '0') + " ";
if (bytes[index - 1] < (byte)33 || bytes[index - 1] > (byte)126)
{
str2 += ".";
}
else
{
str2 += Encoding.ASCII.GetString(new byte[1]
{
bytes[index - 1]
});
}
if (index % 16 != 0 && index % 8 == 0)
{
str1 += " ";
str2 += " ";
}
if (index % 16 == 0)
{
string str3 = ((index - 16) / 16 * 10).ToString().PadLeft(4, '0');
text.AppendLine("IPT: " + str3 + " " + str1 + " " + str2);
str1 = "";
str2 = "";
}
else if (index == bytes.Length)
{
string str3 = (((index - 16) / 16 + 1) * 10).ToString().PadLeft(4, '0');
text.AppendLine("IPT: " + str3.ToString().PadLeft(4, '0') + " " + str1.PadRight(49, ' ') +
" " + str2);
}
}
}
richTextBox1.Text = text.ToString();
}
catch (Exception e)
{
richTextBox1.Text = e.ToString();
}
dataListViewRight.DataSource = dataLines;
}
