private static void DisplayInfo2(Info2 info, bool q, string dt)
{
if (q == false)
{
Log.Information("Source file: {SourceName}", info.SourceName);
Console.WriteLine();
Log.Information("Version: {Version}", info.Version);
Console.WriteLine();
Log.Information("File records");
}
foreach (var infoFileRecord in info.FileRecords)
{
var fn = infoFileRecord.FileNameAscii;
if (infoFileRecord.FileNameUnicode.IsNullOrEmpty() == false)
{
fn = infoFileRecord.FileNameUnicode;
}
var csv = new CsvOut
{
FileSize = infoFileRecord.FileSize,
FileName = fn,
SourceName = info.SourceName,
DeletedOn = infoFileRecord.DeletedOn.ToUniversalTime()
.ToString(dt),
FileType = "INFO2"
};
_csvOuts.Add(csv);
if (q)
{
continue;
}
Log.Information("Index: {Index}", infoFileRecord.Index);
Log.Information("Drive #: {DriveNumber}", infoFileRecord.DriveNumber);
Log.Information("File size: {FileSize:N0} ({Size})", infoFileRecord.FileSize, BytesToString(infoFileRecord.FileSize));
Log.Information("File name: {Fn}", fn);
Log.Information("Deleted on: {DeletedOn}", infoFileRecord.DeletedOn);
Console.WriteLine();
}
}
private static CsvOut GetCsvFormat(IPrefetch pf)
{
var created = _fluentCommandLineParser.Object.LocalTime
? pf.SourceCreatedOn.ToLocalTime()
: pf.SourceCreatedOn;
var modified = _fluentCommandLineParser.Object.LocalTime
? pf.SourceModifiedOn.ToLocalTime()
: pf.SourceModifiedOn;
var accessed = _fluentCommandLineParser.Object.LocalTime
? pf.SourceAccessedOn.ToLocalTime()
: pf.SourceAccessedOn;
var volDate = string.Empty;
var volName = string.Empty;
var volSerial = string.Empty;
if (pf.VolumeInformation.Count > 0)
{
var vol0Create = _fluentCommandLineParser.Object.LocalTime
? pf.VolumeInformation[0].CreationTime.ToLocalTime()
: pf.VolumeInformation[0].CreationTime;
volDate = vol0Create.ToString(_fluentCommandLineParser.Object.DateTimeFormat);
if (vol0Create.Year == 1601)
{
volDate = string.Empty;
}
volName = pf.VolumeInformation[0].DeviceName;
volSerial = pf.VolumeInformation[0].SerialNumber;
}
var lrTime = string.Empty;
if (pf.LastRunTimes.Count > 0)
{
var lr = _fluentCommandLineParser.Object.LocalTime
? pf.LastRunTimes[0].ToLocalTime()
: pf.LastRunTimes[0];
lrTime = lr.ToString(_fluentCommandLineParser.Object.DateTimeFormat);
}
var csOut = new CsvOut
{
SourceFilename = pf.SourceFilename,
SourceCreated = created.ToString(_fluentCommandLineParser.Object.DateTimeFormat),
SourceModified = modified.ToString(_fluentCommandLineParser.Object.DateTimeFormat),
SourceAccessed = accessed.ToString(_fluentCommandLineParser.Object.DateTimeFormat),
Hash = pf.Header.Hash,
ExecutableName = pf.Header.ExecutableFilename,
Size = pf.Header.FileSize.ToString(),
Version = GetDescriptionFromEnumValue(pf.Header.Version),
RunCount = pf.RunCount.ToString(),
Volume0Created = volDate,
Volume0Name = volName,
Volume0Serial = volSerial,
LastRun = lrTime,
ParsingError = pf.ParsingError
};
if (pf.LastRunTimes.Count > 1)
{
var lrt = _fluentCommandLineParser.Object.LocalTime
? pf.LastRunTimes[1].ToLocalTime()
: pf.LastRunTimes[1];
csOut.PreviousRun0 = lrt.ToString(_fluentCommandLineParser.Object.DateTimeFormat);
}
if (pf.LastRunTimes.Count > 2)
{
var lrt = _fluentCommandLineParser.Object.LocalTime
? pf.LastRunTimes[2].ToLocalTime()
: pf.LastRunTimes[2];
csOut.PreviousRun1 = lrt.ToString(_fluentCommandLineParser.Object.DateTimeFormat);
}
if (pf.LastRunTimes.Count > 3)
{
var lrt = _fluentCommandLineParser.Object.LocalTime
? pf.LastRunTimes[3].ToLocalTime()
: pf.LastRunTimes[3];
csOut.PreviousRun2 = lrt.ToString(_fluentCommandLineParser.Object.DateTimeFormat);
}
if (pf.LastRunTimes.Count > 4)
{
var lrt = _fluentCommandLineParser.Object.LocalTime
? pf.LastRunTimes[4].ToLocalTime()
: pf.LastRunTimes[4];
csOut.PreviousRun3 = lrt.ToString(_fluentCommandLineParser.Object.DateTimeFormat);
}
if (pf.LastRunTimes.Count > 5)
{
var lrt = _fluentCommandLineParser.Object.LocalTime
? pf.LastRunTimes[5].ToLocalTime()
: pf.LastRunTimes[5];
csOut.PreviousRun4 = lrt.ToString(_fluentCommandLineParser.Object.DateTimeFormat);
}
if (pf.LastRunTimes.Count > 6)
{
var lrt = _fluentCommandLineParser.Object.LocalTime
? pf.LastRunTimes[6].ToLocalTime()
: pf.LastRunTimes[6];
csOut.PreviousRun5 = lrt.ToString(_fluentCommandLineParser.Object.DateTimeFormat);
}
if (pf.LastRunTimes.Count > 7)
{
var lrt = _fluentCommandLineParser.Object.LocalTime
? pf.LastRunTimes[7].ToLocalTime()
: pf.LastRunTimes[7];
csOut.PreviousRun6 = lrt.ToString(_fluentCommandLineParser.Object.DateTimeFormat);
}
if (pf.VolumeInformation.Count > 1)
{
var vol1 = _fluentCommandLineParser.Object.LocalTime
? pf.VolumeInformation[1].CreationTime.ToLocalTime()
: pf.VolumeInformation[1].CreationTime;
csOut.Volume1Created = vol1.ToString(_fluentCommandLineParser.Object.DateTimeFormat);
csOut.Volume1Name = pf.VolumeInformation[1].DeviceName;
csOut.Volume1Serial = pf.VolumeInformation[1].SerialNumber;
}
if (pf.VolumeInformation.Count > 2)
{
csOut.Note = "File contains > 2 volumes! Please inspect output from main program for full details!";
}
var sbDirs = new StringBuilder();
foreach (var volumeInfo in pf.VolumeInformation)
{
sbDirs.Append(string.Join(", ", volumeInfo.DirectoryNames));
}
if (pf.ParsingError)
{
return(csOut);
}
csOut.Directories = sbDirs.ToString();
csOut.FilesLoaded = string.Join(", ", pf.Filenames);
return(csOut);
}
private static CsvOut GetCsvFormat(IPrefetch pf)
{
var created = _fluentCommandLineParser.Object.LocalTime
? pf.SourceCreatedOn.ToLocalTime()
: pf.SourceCreatedOn;
var modified = _fluentCommandLineParser.Object.LocalTime
? pf.SourceModifiedOn.ToLocalTime()
: pf.SourceModifiedOn;
var accessed = _fluentCommandLineParser.Object.LocalTime
? pf.SourceAccessedOn.ToLocalTime()
: pf.SourceAccessedOn;
var vol0Create = _fluentCommandLineParser.Object.LocalTime
? pf.VolumeInformation[0].CreationTime.ToLocalTime()
: pf.VolumeInformation[0].CreationTime;
var lr = _fluentCommandLineParser.Object.LocalTime
? pf.LastRunTimes[0].ToLocalTime()
: pf.LastRunTimes[0];
var csOut = new CsvOut
{
SourceFilename = pf.SourceFilename,
SourceCreated = created.ToString(_fluentCommandLineParser.Object.DateTimeFormat),
SourceModified = modified.ToString(_fluentCommandLineParser.Object.DateTimeFormat),
SourceAccessed = accessed.ToString(_fluentCommandLineParser.Object.DateTimeFormat),
Hash = pf.Header.Hash,
ExecutableName = pf.Header.ExecutableFilename,
Size = pf.Header.FileSize.ToString(),
Version = GetDescriptionFromEnumValue(pf.Header.Version),
RunCount = pf.RunCount.ToString(),
Volume0Created = vol0Create.ToString(_fluentCommandLineParser.Object.DateTimeFormat),
Volume0Name = pf.VolumeInformation[0].DeviceName,
Volume0Serial = pf.VolumeInformation[0].SerialNumber,
LastRun = lr.ToString(_fluentCommandLineParser.Object.DateTimeFormat)
};
if (pf.LastRunTimes.Count > 1)
{
var lrt = _fluentCommandLineParser.Object.LocalTime
? pf.LastRunTimes[1].ToLocalTime()
: pf.LastRunTimes[1];
csOut.PreviousRun0 = lrt.ToString(_fluentCommandLineParser.Object.DateTimeFormat);
}
if (pf.LastRunTimes.Count > 2)
{
var lrt = _fluentCommandLineParser.Object.LocalTime
? pf.LastRunTimes[2].ToLocalTime()
: pf.LastRunTimes[2];
csOut.PreviousRun1 = lrt.ToString(_fluentCommandLineParser.Object.DateTimeFormat);
}
if (pf.LastRunTimes.Count > 3)
{
var lrt = _fluentCommandLineParser.Object.LocalTime
? pf.LastRunTimes[3].ToLocalTime()
: pf.LastRunTimes[3];
csOut.PreviousRun2 = lrt.ToString(_fluentCommandLineParser.Object.DateTimeFormat);
}
if (pf.LastRunTimes.Count > 4)
{
var lrt = _fluentCommandLineParser.Object.LocalTime
? pf.LastRunTimes[4].ToLocalTime()
: pf.LastRunTimes[4];
csOut.PreviousRun3 = lrt.ToString(_fluentCommandLineParser.Object.DateTimeFormat);
}
if (pf.LastRunTimes.Count > 5)
{
var lrt = _fluentCommandLineParser.Object.LocalTime
? pf.LastRunTimes[5].ToLocalTime()
: pf.LastRunTimes[5];
csOut.PreviousRun4 = lrt.ToString(_fluentCommandLineParser.Object.DateTimeFormat);
}
if (pf.LastRunTimes.Count > 6)
{
var lrt = _fluentCommandLineParser.Object.LocalTime
? pf.LastRunTimes[6].ToLocalTime()
: pf.LastRunTimes[6];
csOut.PreviousRun5 = lrt.ToString(_fluentCommandLineParser.Object.DateTimeFormat);
}
if (pf.LastRunTimes.Count > 7)
{
var lrt = _fluentCommandLineParser.Object.LocalTime
? pf.LastRunTimes[7].ToLocalTime()
: pf.LastRunTimes[7];
csOut.PreviousRun6 = lrt.ToString(_fluentCommandLineParser.Object.DateTimeFormat);
}
if (pf.VolumeCount > 1)
{
var vol1 = _fluentCommandLineParser.Object.LocalTime
? pf.VolumeInformation[1].CreationTime.ToLocalTime()
: pf.VolumeInformation[1].CreationTime;
csOut.Volume1Created = vol1.ToString(_fluentCommandLineParser.Object.DateTimeFormat);
csOut.Volume1Name = pf.VolumeInformation[1].DeviceName;
csOut.Volume1Serial = pf.VolumeInformation[1].SerialNumber;
}
if (pf.VolumeCount > 2)
{
csOut.Note = "File contains > 2 volumes! Please inspect output from main program for full details!";
}
var sbDirs = new StringBuilder();
foreach (var volumeInfo in pf.VolumeInformation)
{
sbDirs.Append(string.Join(", ", volumeInfo.DirectoryNames));
}
csOut.Directories = sbDirs.ToString();
csOut.FilesLoaded = string.Join(", ", pf.Filenames);
return csOut;
}
private static void Main(string[] args)
{
SetupNLog();
_logger = LogManager.GetLogger("MFTECmd");
_fluentCommandLineParser = new FluentCommandLineParser <Args>
{
IsCaseSensitive = false
};
_fluentCommandLineParser.Setup(arg => arg.FileName)
.As('f')
.WithDescription("File to process. This or -d required\r\n");
_fluentCommandLineParser.Setup(arg => arg.Directory)
.As('d')
.WithDescription("Directory to process. This or -f required");
_fluentCommandLineParser.Setup(arg => arg.CsvOut)
.As("csv")
.WithDescription(
"Directory to save CSV formatted results to. Required\r\n");
_fluentCommandLineParser.Setup(arg => arg.Debug)
.As("debug")
.WithDescription("Show debug information during processing").SetDefault(false);
_fluentCommandLineParser.Setup(arg => arg.Trace)
.As("trace")
.WithDescription("Show trace information during processing\r\n").SetDefault(false);
var header =
$"EmailCounter version {Assembly.GetExecutingAssembly().GetName().Version}" +
"\r\n\r\nAuthor: Eric Zimmerman ([email protected])";
var footer = @"Examples: EmailCounter.exe -f ""C:\Temp\someFile.txt"" --csv ""c:\temp\out"" " +
"\r\n\t " +
"\r\n\t" +
" Short options (single letter) are prefixed with a single dash. Long commands are prefixed with two dashes\r\n";
_fluentCommandLineParser.SetupHelp("?", "help")
.WithHeader(header)
.Callback(text => _logger.Info(text + "\r\n" + footer));
var result = _fluentCommandLineParser.Parse(args);
if (result.HelpCalled)
{
return;
}
if (result.HasErrors)
{
_logger.Error("");
_logger.Error(result.ErrorText);
_fluentCommandLineParser.HelpOption.ShowHelp(_fluentCommandLineParser.Options);
return;
}
if (_fluentCommandLineParser.Object.FileName.IsNullOrEmpty() &&
_fluentCommandLineParser.Object.Directory.IsNullOrEmpty())
{
_fluentCommandLineParser.HelpOption.ShowHelp(_fluentCommandLineParser.Options);
_logger.Warn("-f or -d is required. Exiting");
return;
}
var files = new List <string>();
if (_fluentCommandLineParser.Object.FileName.IsNullOrEmpty() == false)
{
if (File.Exists(_fluentCommandLineParser.Object.FileName))
{
files.Add(_fluentCommandLineParser.Object.FileName);
}
else
{
_logger.Warn($"File '{_fluentCommandLineParser.Object.FileName}' does not exist. Exiting");
Environment.Exit(0);
}
}
else
{
if (Directory.Exists(_fluentCommandLineParser.Object.Directory))
{
files = Directory.GetFiles(_fluentCommandLineParser.Object.Directory, "*",
SearchOption.AllDirectories).ToList();
}
else
{
_logger.Warn($"Directory '{_fluentCommandLineParser.Object.Directory}' does not exist. Exiting");
Environment.Exit(0);
}
}
_logger.Info(header);
_logger.Info("");
_logger.Info($"Command line: {string.Join(" ", Environment.GetCommandLineArgs().Skip(1))}\r\n");
if (_fluentCommandLineParser.Object.Debug)
{
LogManager.Configuration.LoggingRules.First().EnableLoggingForLevel(LogLevel.Debug);
}
if (_fluentCommandLineParser.Object.Trace)
{
LogManager.Configuration.LoggingRules.First().EnableLoggingForLevel(LogLevel.Trace);
}
LogManager.ReconfigExistingLoggers();
var regexObj = new Regex(@"\b[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,}\b", RegexOptions.IgnoreCase);
var outName = $"{DateTimeOffset.UtcNow:yyyyMMddHHmmss}_EmailCounter_Output.csv";
var outFile = Path.Combine(_fluentCommandLineParser.Object.CsvOut, outName);
if (Directory.Exists(_fluentCommandLineParser.Object.CsvOut) == false)
{
Directory.CreateDirectory(_fluentCommandLineParser.Object.CsvOut);
}
_logger.Warn($"CSV output will be saved to '{outFile}'\r\n");
var swCsv = new StreamWriter(outFile, false, Encoding.UTF8);
var _csvWriter = new CsvWriter(swCsv);
var foo = _csvWriter.Configuration.AutoMap <CsvOut>();
_csvWriter.Configuration.RegisterClassMap(foo);
_csvWriter.WriteHeader <CsvOut>();
_csvWriter.NextRecord();
var emails = new Dictionary <string, int>();
_logger.Fatal($"Files found: {files.Count:N0}");
Console.WriteLine();
foreach (var file in files)
{
try
{
_logger.Info($"Processing '{file}'");
foreach (var readLine in File.ReadLines(file))
{
var matchResult = regexObj.Match(readLine);
while (matchResult.Success)
{
var key = matchResult.Value.ToLowerInvariant();
if (emails.ContainsKey(key) == false)
{
_logger.Debug($"Found new email address '{key}'!");
emails.Add(key, 0);
}
emails[key] += 1;
matchResult = matchResult.NextMatch();
}
}
}
catch (Exception e)
{
_logger.Error($"Unable to process file '{file}'. Error: {e.Message}");
}
}
_logger.Debug("Writing results to CSV...");
foreach (var email in emails.OrderBy(t => t.Value))
{
var csvo = new CsvOut();
csvo.EmailAddress = email.Key;
csvo.Count = email.Value;
_csvWriter.WriteRecord(csvo);
_csvWriter.NextRecord();
}
_csvWriter.Flush();
swCsv.Flush();
swCsv.Close();
var suffix = "s";
if (files.Count == 1)
{
suffix = string.Empty;
}
Console.WriteLine();
_logger.Fatal($"Finished. Found {emails.Count:N0} unique emails in {files.Count:N0} file{suffix}");
Console.WriteLine();
}
private static void DisplayDollarI(DollarI di, string dt, bool q)
{
var csv = new CsvOut
{
FileSize = di.FileSize,
FileName = di.Filename,
SourceName = di.SourceName,
DeletedOn = di.DeletedOn.ToUniversalTime().ToString(dt),
FileType = "$I"
};
_csvOuts.Add(csv);
foreach (var diDirectoryFile in di.DirectoryFiles)
{
csv = new CsvOut
{
FileSize = diDirectoryFile.FileSize,
FileName = diDirectoryFile.FileName,
SourceName = di.SourceName,
DeletedOn = di.DeletedOn.ToUniversalTime().ToString(dt),
FileType = "$I"
};
_csvOuts.Add(csv);
}
if (q)
{
return;
}
Log.Information("Source file: {SourceName}", di.SourceName);
var os = "Pre-Windows 10";
if (di.Format == 2)
{
os = "Windows 10/11";
}
Console.WriteLine();
Log.Information("Version: {Format} ({Os})", di.Format, os);
Log.Information("File size: {FileSize:N0} ({Size})", di.FileSize, BytesToString(di.FileSize));
Log.Information("File name: {Filename}", di.Filename);
Log.Information(
"Deleted on: {DeletedOn}", di.DeletedOn);
if (di.DirectoryFiles.Count > 0)
{
Console.WriteLine();
Log.Information("Subfiles in {Filename}", di.Filename);
}
foreach (var diDirectoryFile in di.DirectoryFiles)
{
Log.Information("File name: {FileName} Size: {FileSize:N0} ({Size})", diDirectoryFile.FileName, diDirectoryFile.FileSize, BytesToString(diDirectoryFile.FileSize));
}
}