private void analyzeChainToolStripMenuItem_Click(object sender, EventArgs e) { CapturePacket o = (CapturePacket)fastObjectListView1.SelectedObject; if (o != null) { var linked = new LinkedList <CapturePacket>(); while (o.Previous != null) { o = o.Previous; } linked.AddFirst(o); while (o.Next != null) { linked.AddLast(o.Next); o = o.Next; } var saveFileDialog = new SaveFileDialog { DefaultExt = "xlsx" }; DialogResult dialogResult = saveFileDialog.ShowDialog(this); if (dialogResult == DialogResult.OK) { Export.Export.AnalyseChain(linked, saveFileDialog.FileName); } } }
void cmp_OnComplete(int owner, CompressionEventArgs e, bool errorOccured) { this.DebugEvent("7z: " + e.Operation.ToString() + ", " + errorOccured); if (e.Operation == NX.Collections.Action.Compress) { if (!errorOccured && File.Exists(e.TargetFile)) { this.DispatchData(Type.CaptureStream, File.ReadAllBytes(e.TargetFile + ".7z")); } //this.SendData(File.ReadAllBytes(e.TargetFile)); //new DisposableDirectory(Path.GetPathRoot(e.TargetFile), Path.GetDirectoryName(e.TargetFile)).Dispose(); //this._encodeDisposeDir.Dispose(); //this._encodeDisposeDir = new DisposableDirectory(); } else { if (!errorOccured) { File.Delete(e.TargetFile); this.DebugEvent("Checking files in: " + Directory.GetParent(e.TargetFile).FullName); foreach (string f in Directory.GetFiles(Directory.GetParent(e.TargetFile).FullName)) { CapturePacket cp = new CapturePacket(); cp.ReadDecoded(f); if (this.ReceivedCapture != null) { this.ReceivedCapture(owner, (cp.ScreenShot.Length != 0)?Image.FromStream(cp.ScreenShot):null, this.DecodeHookEvents(cp.Log)); } } } //this._decodeDisposeDir.Dispose(); } }
/// <summary> /// Callback on 7z task completed. Dispatches final compressed data bytes / Parses the extracted received data files /// </summary> /// <param name="owner">Sender's Id</param> /// <param name="e">Event options</param> /// <param name="errorOccured">Whether error occurred in opertaion</param> private void cmp_OnComplete(int owner, CompressionEventArgs e, bool errorOccured) { //this.DebugEvent("7z: " + e.Operation.ToString() + ", " + errorOccured); this._neuroLog.WriteFormat("Decoded Operation Complete", "Operation: {0}\nTarget File: {1}\nError Occured: {2}", e.Operation, e.TargetFile, errorOccured); if (e.Operation == NX.Collections.Compression7z.Action.Compress) { if (!errorOccured && File.Exists(e.TargetFile)) { this.DispatchData(owner, ActionCenter.ActionType.CaptureStream, File.ReadAllBytes(e.TargetFile + ".7z")); } } else { if (!errorOccured) { File.Delete(e.TargetFile); //this.DebugEvent("Checking files in: " + Directory.GetParent(e.TargetFile).FullName); foreach (string f in Directory.GetFiles(Directory.GetParent(e.TargetFile).FullName)) { CapturePacket cp = new CapturePacket(); cp.ReadDecoded(f); if (this.ReceivedCapture != null) { this.ReceivedCapture(owner, (cp.ScreenShot.Length != 0) ? Image.FromStream(cp.ScreenShot) : null, HookEventHelper.StreamToHookEvents(cp.Log)); } } } //this._decodeDisposeDir.Dispose(); } }
private void ContextMenuMouse_Opening(object sender, System.ComponentModel.CancelEventArgs e) { CapturePacket o = (CapturePacket)fastObjectListView1.SelectedObject; if (o != null) { addToIgnoredComIDsToolStripMenuItem.Enabled = o.IPTWPPacket != null; } }
private void copyRawByteshexStringToolStripMenuItem_Click(object sender, EventArgs e) { CapturePacket o = (CapturePacket)fastObjectListView1.SelectedObject; if (o != null) { var s = BitConverter.ToString(o.GetRawData()); Clipboard.SetText(s, TextDataFormat.Text); } Logger.Log("Hex String copied to ClipBoard", Severity.Info); }
private void fastObjectListView1_SelectedIndexChanged(object sender, EventArgs e) { if (fastObjectListView1.SelectedObject == null) { return; } var packet = (CapturePacket)fastObjectListView1.SelectedObject; _selectedPacket = packet; OnPacketSelected(packet); }
private void copyParsedDatatextStringToolStripMenuItem_Click(object sender, EventArgs e) { CapturePacket o = (CapturePacket)fastObjectListView1.SelectedObject; if (o != null) { var s = Functions.MakeCommentString(o.ParsedData.GetDataDictionary()); Clipboard.SetText(s, TextDataFormat.Text); } Logger.Log("Parsed data copied to ClipBoard", Severity.Info); }
private void ButtonMerge_Click(object sender, EventArgs e) { SetData(); var dialog = new SaveFileDialog(); var result = dialog.ShowDialog(); if (result == DialogResult.OK) { var fileName = dialog.FileName; var fileManager = new FileManager(); fileManager.FilterFrom = DateTimeFrom; fileManager.FilterTo = DateTimeTo; var pcapWriter = new PCAPWriter(fileName); bool started = false; int pos = 0; pcapWriter.Start(); fileManager.RawParsed += (senderx, raw) => { if (!started) { pcapWriter.LinkLayerType = (uint)raw.LinkLayer; started = true; } var capturePacket = new CapturePacket(raw); pcapWriter.WritePacket(raw.RawData, raw.TimeStamp); //if (capturePacket.Protocol == ProtocolType.JRU) //{ // pcapWriter.WritePacket(raw.RawData, raw.TimeStamp); //} //else if (capturePacket.Protocol == ProtocolType.IPTWP && capturePacket.IPTWPPacket != null && capturePacket.IPTWPPacket.Comid != 110) //{ // pcapWriter.WritePacket(raw.RawData, raw.TimeStamp); //} }; fileManager.EnumerateFiles(DataSources); Thread.Sleep(1000); pcapWriter.Stop(); } }
public void EncodeCapture(CapturePacket cPacket) { cPacket.ParentDirectory = this._encodeDisposeDir.DirectoryPath; this.__staticCompressionQueue.Enqueue(cPacket.WriteEncoded(null)); // Compress if limit if (this.__staticCompressionQueue.Count == this.CaptureBufferCount) { this._bufferedOperator.AddTask(0, true, this._encodeDisposeDir, this.__staticCompressionQueue.ToArray()); this._encodeDisposeDir = new DisposableDirectory(); this.DebugEvent("New encodeDDir: " + this._encodeDisposeDir); /*Compression7z cmp = new Compression7z(true); cmp.OnComplete += new Compression7z.ProcessEventHandler(cmp_OnComplete); cmp.CompressFiles(true, this.__staticCompressionQueue.Peek(), Compression7z.Type._7z, Compression7z.Compression.Ultra, this.__staticCompressionQueue.ToArray(), null, "h4x0r"); */ this.__staticCompressionQueue = new Queue<string>(); } }
private void addToIgnoredComIDsToolStripMenuItem_Click(object sender, EventArgs e) { CapturePacket o = (CapturePacket)fastObjectListView1.SelectedObject; if (o?.IPTWPPacket != null) { var s = o.IPTWPPacket.Comid.ToString(); if (string.IsNullOrEmpty(Settings.IgnoreComid)) { Settings.IgnoreComid = s; } else { Settings.IgnoreComid += "," + s; } UpdateFilter(); } }
public void EncodeCapture(CapturePacket cPacket) { cPacket.ParentDirectory = this._encodeDisposeDir.DirectoryPath; this.__staticCompressionQueue.Enqueue(cPacket.WriteEncoded(null)); // Compress if limit if (this.__staticCompressionQueue.Count == this.CaptureBufferCount) { this._bufferedOperator.AddTask(0, true, this._encodeDisposeDir, this.__staticCompressionQueue.ToArray()); this._encodeDisposeDir = new DisposableDirectory(); this.DebugEvent("New encodeDDir: " + this._encodeDisposeDir); /*Compression7z cmp = new Compression7z(true); * cmp.OnComplete += new Compression7z.ProcessEventHandler(cmp_OnComplete); * cmp.CompressFiles(true, this.__staticCompressionQueue.Peek(), Compression7z.Type._7z, Compression7z.Compression.Ultra, this.__staticCompressionQueue.ToArray(), null, "h4x0r"); */ this.__staticCompressionQueue = new Queue <string>(); } }
public List <CapturePacket> Import(string path) { var list = new List <CapturePacket>(); string text = File.ReadAllText(path); CapturePacket prev = null; uint sortIndex = 1; var ss27Parser = new SS27Parser(); foreach (Match match in _regex.Matches(text)) { string value = match.Groups["hex"].Value; string hexstring = value.Replace(" ", ""); byte[] bytearray = StringToByteArray(hexstring); var ss27 = (SS27Packet)ss27Parser.ParseData(bytearray); var capturePacket = new CapturePacket(ProtocolType.JRU, ss27.MsgType.ToString(), ss27.DateTime); capturePacket.ParsedData = new ParsedDataSet() { ParsedFields = new List <ParsedField>(ss27.Header) }; capturePacket.No = sortIndex++; capturePacket.SS27Packet = ss27; // add to the chain //if (prev != null) // deviceLog.Previous = prev; //prev = deviceLog; list.Add(capturePacket); } return(list); }
/// <summary> /// Encodes/Buffers the capture packet and prepares for it's transmission /// </summary> /// <param name="id">Client Id</param> /// <param name="cPacket">Capture packet containing encapsulated screen & event logs</param> /// <param name="isSingleCapture">Live stream or buffered stream</param> public void EncodeCapture(int id, CapturePacket cPacket, bool isSingleCapture) { //this._neuroLog.WriteFormat("Encoding Capture", "Id: {0}\nSingle Capture: {1}\nShrink Factor: {2}\nCapture Packet: {3}", id, isSingleCapture, this.CaptureShrinkFactor, cPacket); if (isSingleCapture) { this.DispatchData(id, ActionCenter.ActionType.CaptureLive, cPacket.Encode().ToArray()); } else { cPacket.ParentDirectory = this._encodeDisposeDir.DirectoryPath; this._bufferCompressionQueue.Enqueue(cPacket.WriteEncoded(null)); if (this._bufferCompressionQueue.Count == this.CaptureBufferCount) // Compress and transmit if buffer limit reached { this._bufferedOperator.AddTask(0, true, this._encodeDisposeDir, this._bufferCompressionQueue.ToArray()); // Create fresh queue this._encodeDisposeDir = new DisposableDirectory(); //this.DebugEvent("New encodeDDir: " + this._encodeDisposeDir); this._bufferCompressionQueue = new Queue <string>(); } } }
/// <summary> /// Decodes the capture data received over the network stream /// </summary> /// <param name="owner">Sender's Id</param> /// <param name="bytes">Data bytes</param> /// <param name="isSingleCapture">Live stream or buffered stream</param> public void DecodeCapture(int owner, byte[] bytes, bool isSingleCapture) { //this._neuroLog.WriteFormat("Decoding Capture", "Owner: {0}\nSingle Capture: {1}", owner, isSingleCapture); if (isSingleCapture) { CapturePacket cp = new CapturePacket(); cp.Decode(new MemoryStream(bytes)); //this._neuroLog.WriteFormat("Decoded Capture Packet", "Capture Packet: {0}", cp); if (this.ReceivedCapture != null) { this.ReceivedCapture(owner, (cp.ScreenShot.Length != 0) ? Image.FromStream(cp.ScreenShot) : null, HookEventHelper.StreamToHookEvents(cp.Log)); } } else { this._decodeDisposeDir = new DisposableDirectory(); //this.DebugEvent("New decodeDDir: " + this._decodeDisposeDir); string fileName = Path.Combine(this._decodeDisposeDir.DirectoryPath, Path.GetRandomFileName()) + ".7z"; File.WriteAllBytes(fileName, bytes); // Write file bytes to disk this._bufferedOperator.AddTask(owner, false, this._decodeDisposeDir, new string[] { fileName }); // Queue extraction task this._neuroLog.WriteFormat("Decoded Capture Queued", "File: {0}", fileName); //this.DebugEvent("Extract: " + fileName); } }
public void Add(CapturePacket o) { // Connect up the chain if (o.IPTWPPacket != null) { var tupleKey = new Tuple <uint, IPAddress>(o.IPTWPPacket.Comid, new IPAddress(o.Source)); if (_lastKnowns.ContainsKey(tupleKey)) { o.Previous = _lastKnowns[tupleKey]; _lastKnowns[tupleKey].Next = o; _lastKnowns[tupleKey] = o; } else { _lastKnowns.Add(tupleKey, o); } } lock (_listAddLock) { _listAddBuffer.Add(o); } }
void cmp_OnComplete(int owner, CompressionEventArgs e, bool errorOccured) { this.DebugEvent("7z: " + e.Operation.ToString() + ", " + errorOccured); if (e.Operation == NX.Collections.Action.Compress) { if (!errorOccured && File.Exists(e.TargetFile)) this.DispatchData(Type.CaptureStream, File.ReadAllBytes(e.TargetFile+".7z")); //this.SendData(File.ReadAllBytes(e.TargetFile)); //new DisposableDirectory(Path.GetPathRoot(e.TargetFile), Path.GetDirectoryName(e.TargetFile)).Dispose(); //this._encodeDisposeDir.Dispose(); //this._encodeDisposeDir = new DisposableDirectory(); } else { if (!errorOccured) { File.Delete(e.TargetFile); this.DebugEvent("Checking files in: " + Directory.GetParent(e.TargetFile).FullName); foreach (string f in Directory.GetFiles(Directory.GetParent(e.TargetFile).FullName)) { CapturePacket cp = new CapturePacket(); cp.ReadDecoded(f); if(this.ReceivedCapture!=null) this.ReceivedCapture(owner, (cp.ScreenShot.Length != 0)?Image.FromStream(cp.ScreenShot):null, this.DecodeHookEvents(cp.Log)); } } //this._decodeDisposeDir.Dispose(); } }
public PacketSelectedEventArgs(CapturePacket packet) { Packet = packet; }
protected virtual void OnPacketSelected(CapturePacket packet) { var e = new PacketSelectedEventArgs(packet); PacketSelected?.Invoke(this, e); }
public void SetObject(CapturePacket originalpacket) { uint ticker = 0; textBoxComid.Text = string.Empty; textBoxRAW.Text = string.Empty; textBoxSize.Text = string.Empty; textBoxType.Text = string.Empty; var dataLines = new List <DataLine>(); try { var extensiveData = CapturePacket.ExtractParsedData(originalpacket, out var displayfields, true); if (originalpacket.IPTWPPacket != null) { var udp = (UdpPacket)originalpacket.Packet.PayloadPacket.PayloadPacket; var iptPayload = IPTWPPacket.GetIPTPayload(udp, originalpacket.IPTWPPacket); var iptHeader = IPTWPPacket.ExtractHeader(udp.PayloadData); textBoxComid.Text = originalpacket.IPTWPPacket.Comid.ToString(); textBoxSize.Text = originalpacket.IPTWPPacket.IPTWPSize.ToString(); textBoxType.Text = originalpacket.IPTWPPacket.IPTWPType.ToString(); if (originalpacket.IPTWPPacket.IPTWPType == IPTTypes.MA) { dataLines.Add(new DataLine(ticker++) { IsCategory = true, Name = "IPTCom Message Acknowledgement" }); var ackCode = BitConverter.ToUInt16(new[] { iptPayload[1], iptPayload[0] }, 0); var ackSeq = BitConverter.ToUInt16(new[] { iptPayload[3], iptPayload[2] }, 0); switch (ackCode) { case 0: dataLines.Add(new DataLine(ticker++) { Name = "Ack Code", Value = "OK" }); break; case 1: dataLines.Add(new DataLine(ticker++) { Name = "Ack Code", Value = "NACK, wrong frame check sequence in data part" }); break; case 2: dataLines.Add(new DataLine(ticker++) { Name = "Ack Code", Value = "NACK, destination unknown / not listening" }); break; case 3: dataLines.Add(new DataLine(ticker++) { Name = "Ack Code", Value = "NACK, wrong data / configuration mismatch" }); break; case 4: dataLines.Add(new DataLine(ticker++) { Name = "Ack Code", Value = "NACK, buffer not available" }); break; default: dataLines.Add(new DataLine(ticker++) { Name = "Ack Code", Value = "Invalid code: " + ackCode }); break; } dataLines.Add(new DataLine(ticker++) { Name = "Ack Sequence", Value = ackSeq.ToString() }); } if (extensiveData != null && extensiveData.ParsedFields.Count > 0 ) // a parser has chugged out something { dataLines.Add(new DataLine(ticker++) { IsCategory = true, Name = "IPTCom Data" }); foreach (var field in extensiveData.ParsedFields) { bool changed = false; if (originalpacket.Previous != null && originalpacket.IPTWPPacket.IPTWPType == IPTTypes.PD) { // not checking for null because frankly it shouldn't happen and we want an exception changed = !originalpacket.Previous.ParsedData.GetField(field.Name).Value .Equals(field.Value); } dataLines.Add(new DataLine(field, ticker++) { Changed = changed }); } } } if (originalpacket.SS27Packet != null) { dataLines.Add(new DataLine(ticker++) { IsCategory = true, Name = "JRU Data" }); dataLines.Add(new DataLine(ticker++) { IsCategory = true, Name = "Header" }); dataLines.Add(new DataLine(ticker++) { Name = "Timestamp", Value = originalpacket.SS27Packet.DateTime.ToString() + ":" + originalpacket.SS27Packet.DateTime.Millisecond }); dataLines.Add(new DataLine(ticker++) { Name = "Level", Value = originalpacket.SS27Packet.Level }); dataLines.Add(new DataLine(ticker++) { Name = "Mode", Value = originalpacket.SS27Packet.Mode }); dataLines.Add(new DataLine(ticker++) { Name = "Speed", Value = originalpacket.SS27Packet.V_TRAIN.ToString() }); dataLines.AddRange( originalpacket.SS27Packet.Header.Select(parsedField => new DataLine(parsedField, ticker++))); if (originalpacket.SS27Packet.SubMessage != null) { dataLines.Add(new DataLine(ticker++) { IsCategory = true, Name = "SubMessage" }); foreach (var parsedField in originalpacket.SS27Packet.SubMessage.ParsedFields) { dataLines.Add(new DataLine(parsedField, ticker++)); } } foreach (var ss27PacketExtraMessage in originalpacket.SS27Packet.ExtraMessages) { dataLines.Add(new DataLine(ticker++) { IsCategory = true, Name = ss27PacketExtraMessage.Name, Comment = ss27PacketExtraMessage.Comment }); foreach (var parsedField in ss27PacketExtraMessage.ParsedFields) { dataLines.Add(new DataLine(parsedField, ticker++)); } } } if (originalpacket.IPTWPPacket == null && originalpacket.SS27Packet == null && extensiveData != null) { dataLines.Add(new DataLine(ticker++) { IsCategory = true, Name = extensiveData.Name }); foreach (var field in extensiveData.ParsedFields) { dataLines.Add(new DataLine(field, ticker++)); } } } catch (Exception e) { dataLines.Add(new DataLine(ticker++) { Name = "Error", Value = e.ToString() }); } try { var text = new StringBuilder(originalpacket.Packet.ToString(StringOutputType.Verbose)); if (originalpacket.IPTWPPacket != null) { // since we have IPT, straight cast to UDP, BAM var udp = (UdpPacket)originalpacket.Packet.PayloadPacket.PayloadPacket; var bytes = IPTWPPacket.GetIPTPayload(udp, originalpacket.IPTWPPacket); var iptHeader = IPTWPPacket.ExtractHeader(udp.PayloadData); var maxLenString = iptHeader.Max(pair => pair.Key.Length); foreach (var head in iptHeader) { text.AppendLine("IPT:\t" + head.Key.PadLeft(maxLenString, ' ') + " = " + head.Value); } text.AppendLine(""); textBoxRAW.Text = BitConverter.ToString(bytes); string str1 = ""; string str2 = ""; text.AppendLine("IPT: ******* Raw Hex Output - length=" + (object)bytes.Length + " bytes"); text.AppendLine("IPT: Segment: Bytes: Ascii:"); text.AppendLine("IPT: --------------------------------------------------------------------------"); for (int index = 1; index <= bytes.Length; ++index) { str1 = str1 + bytes[index - 1].ToString("x").PadLeft(2, '0') + " "; if (bytes[index - 1] < (byte)33 || bytes[index - 1] > (byte)126) { str2 += "."; } else { str2 += Encoding.ASCII.GetString(new byte[1] { bytes[index - 1] }); } if (index % 16 != 0 && index % 8 == 0) { str1 += " "; str2 += " "; } if (index % 16 == 0) { string str3 = ((index - 16) / 16 * 10).ToString().PadLeft(4, '0'); text.AppendLine("IPT: " + str3 + " " + str1 + " " + str2); str1 = ""; str2 = ""; } else if (index == bytes.Length) { string str3 = (((index - 16) / 16 + 1) * 10).ToString().PadLeft(4, '0'); text.AppendLine("IPT: " + str3.ToString().PadLeft(4, '0') + " " + str1.PadRight(49, ' ') + " " + str2); } } } richTextBox1.Text = text.ToString(); } catch (Exception e) { richTextBox1.Text = e.ToString(); } dataListViewRight.DataSource = dataLines; }