public LogRoot(BinaryReader log, long chunkOffset, uint length, EventLog parent)
{
this.ParentLog = parent;
this.Position = log.BaseStream.Position;
this.ChunkOffset = chunkOffset;
this.Nodes = new List<INode>();
this.Strings = new Dictionary<long, string>();
this.CurrentOpenTags = new List<string> ();
this.Length = length;
while (this.Length > 0 && !this.ReachedEOS)
{
Console.WriteLine (this.Length);
INode node = LogNode.NewNode(log, this, chunkOffset, this);
this.Nodes.Add(node);
this.Length -= node.Length;
if (node is _x00)
this.ReachedEOS = true;
}
this.SubstitutionArray = new SubstitutionArray(log, chunkOffset, this);
}
void OpenFile(object sender, EventArgs e)
{
FileChooserDialog fc = new FileChooserDialog("Choose the registry hive or event log to open",
this,
FileChooserAction.Open,
"Cancel",ResponseType.Cancel,
"Open",ResponseType.Accept);
if (fc.Run() == (int)ResponseType.Accept)
{
string file = fc.Filename;
Console.WriteLine("Reading: " + file);
using (FileStream stream = File.OpenRead(file))
{
using (BinaryReader reader = new BinaryReader(stream))
{
byte[] h = reader.ReadBytes(10);
if (h[0] == 'r' && h[1] == 'e' && h[2] == 'g' && h[3] == 'f')
{
RegistryHive hive = new RegistryHive(file);
TreeView tv = new TreeView();
_vbox.Add(tv);
TreeViewColumn paths = new TreeViewColumn();
paths.Title = "Registry Keys";
CellRendererText keyCell = new CellRendererText();
paths.PackStart(keyCell, true);
TreeViewColumn values = new TreeViewColumn();
values.Title = "Registry Values";
CellRendererText valuesCell = new CellRendererText();
values.PackStart(valuesCell, true);
tv.AppendColumn(paths);
tv.AppendColumn(values);
paths.AddAttribute(keyCell, "text", 0);
values.AddAttribute(valuesCell, "text", 1);
TreeStore store = new TreeStore(typeof(string), typeof(string));
TreeIter root = store.AppendValues(hive.RootKey.Name);
AddChildrenToView(hive.RootKey, store, root);
tv.Model = store;
}
else if (h[4] == 'L' && h[5] == 'f' && h[6] == 'L' && h[7] == 'e')
{
LegacyEventLog log = new LegacyEventLog(file);
TreeView tv = new TreeView();
_vbox.Add(tv);
CellRendererText twText = new CellRendererText();
TreeViewColumn timeWritten = new TreeViewColumn();
timeWritten.Title = "Time Written";
timeWritten.PackStart(twText, true);
timeWritten.AddAttribute(twText, "text", 0);
CellRendererText tgText = new CellRendererText();
TreeViewColumn timeGenerated = new TreeViewColumn();
timeGenerated.Title = "Time Generated";
timeGenerated.PackStart(tgText, true);
timeGenerated.AddAttribute(tgText, "text", 1);
CellRendererText snText = new CellRendererText();
TreeViewColumn sourceName = new TreeViewColumn();
sourceName.Title = "Source Name";
sourceName.PackStart(snText, true);
sourceName.AddAttribute(snText, "text", 2);
CellRendererText cnText = new CellRendererText();
TreeViewColumn computerName = new TreeViewColumn();
computerName.Title = "Computer Name";
computerName.PackStart(cnText, true);
computerName.AddAttribute(cnText, "text", 3);
CellRendererText sText = new CellRendererText();
TreeViewColumn strings = new TreeViewColumn();
strings.Title = "Strings";
strings.PackStart(sText, true);
strings.AddAttribute(sText, "text", 4);
tv.AppendColumn(timeWritten);
tv.AppendColumn(timeGenerated);
tv.AppendColumn(sourceName);
tv.AppendColumn(computerName);
tv.AppendColumn(strings);
TreeStore store = new TreeStore(typeof(string),typeof(string),typeof(string),typeof(string),typeof(string));
foreach (LegacyLogItem item in log.Items)
store.AppendValues(item.TimeWritten.ToString(), item.TimeGenerated.ToString(), item.SourceName, item.ComputerName, item.Strings);
tv.Model = store;
}
else if (h[0] == 'E' && h[1] == 'l' && h[2] == 'f' && h[3] == 'F' && h[4] == 'i' && h[5] == 'l' && h[6] == 'e')
{
EventLog log = new EventLog(fc.Filename);
}
else throw new Exception("Unsupported Format.");
}
}
this.ShowAll();
}
fc.Destroy();
}
