StreamReaderHelper.ReadUInt32 C# (CSharp) Exemples de code

Exemple #1

0

Afficher le fichier

        /// <summary>
        /// Performs the parsing of the cache entry data
        /// </summary>
        public void Update(byte[] data)
        {
            using (MemoryStream memoryStream = new MemoryStream(data))
            {
                memoryStream.Seek(0, SeekOrigin.Begin);

                // No size size values are included in these entries, so search for utf-16 terminator.
                int[] ret = data.Slice(0, 0 + (Global.MAX_PATH + 8)).Locate(new byte[] { 00, 00 });

                if (ret.Length == 0)
                {
                    return;
                }

                string path = Encoding.Unicode.GetString(data.Slice(0, (UInt32)(0 + ret[0] + 1)));
                path = path.Replace("\\??\\", string.Empty);

                if (path.Trim().Length == 0)
                {
                    return;
                }

                Path = path;

                UInt32 entryOffset = 0 + Global.MAX_PATH + 8;
                memoryStream.Seek(entryOffset, SeekOrigin.Begin);

                try
                {
                    UInt32 lowDateTime  = StreamReaderHelper.ReadUInt32(memoryStream);
                    UInt32 highDateTime = StreamReaderHelper.ReadUInt32(memoryStream);
                    long   hFT2         = (((long)highDateTime) << 32) + lowDateTime;
                    ModDateTime = DateTime.FromFileTimeUtc(hFT2);
                }
                catch (Exception)
                {
                    ModDateTime = DateTime.MinValue;
                }

                FileSize = StreamReaderHelper.ReadUInt64(memoryStream);
                if (FileSize == 0)
                {
                    return;
                }

                try
                {
                    UInt32 lowDateTime  = StreamReaderHelper.ReadUInt32(memoryStream);
                    UInt32 highDateTime = StreamReaderHelper.ReadUInt32(memoryStream);
                    long   hFT2         = (((long)highDateTime) << 32) + lowDateTime;
                    ExecDateTime = DateTime.FromFileTimeUtc(hFT2);
                }
                catch (Exception)
                {
                    ExecDateTime = DateTime.MinValue;
                }
            }
        }

Exemple #2

0

Afficher le fichier

        /// <summary>
        /// Performs the parsing of the cache entry data
        /// </summary>
        public void Update(byte[] data)
        {
            using (MemoryStream memoryStream = new MemoryStream(data))
            {
                memoryStream.Seek(0, SeekOrigin.Begin);

                if (Is32Bit == true)
                {
                    Length    = StreamReaderHelper.ReadUInt16(memoryStream);
                    MaxLength = StreamReaderHelper.ReadUInt16(memoryStream);
                    Offset    = StreamReaderHelper.ReadUInt32(memoryStream);

                    try
                    {
                        UInt32 lowDateTime  = StreamReaderHelper.ReadUInt32(memoryStream);
                        UInt32 highDateTime = StreamReaderHelper.ReadUInt32(memoryStream);
                        long   hFT2         = (((long)highDateTime) << 32) + lowDateTime;
                        DateTime = DateTime.FromFileTimeUtc(hFT2);
                    }
                    catch (Exception)
                    {
                        DateTime = DateTime.MinValue;
                    }

                    FileFlags  = StreamReaderHelper.ReadUInt32(memoryStream);
                    Flags      = StreamReaderHelper.ReadUInt32(memoryStream);
                    BlobSize   = StreamReaderHelper.ReadUInt32(memoryStream);
                    BlobOffset = StreamReaderHelper.ReadUInt32(memoryStream);
                }
                else
                {
                    Length    = StreamReaderHelper.ReadUInt16(memoryStream);
                    MaxLength = StreamReaderHelper.ReadUInt16(memoryStream);

                    memoryStream.Seek(4, SeekOrigin.Current);

                    Offset = StreamReaderHelper.ReadUInt64(memoryStream);

                    try
                    {
                        UInt32 lowDateTime  = StreamReaderHelper.ReadUInt32(memoryStream);
                        UInt32 highDateTime = StreamReaderHelper.ReadUInt32(memoryStream);
                        long   hFT2         = (((long)highDateTime) << 32) + lowDateTime;
                        DateTime = DateTime.FromFileTimeUtc(hFT2);
                    }
                    catch (Exception)
                    {
                        DateTime = DateTime.MinValue;
                    }

                    FileFlags  = StreamReaderHelper.ReadUInt32(memoryStream);
                    Flags      = StreamReaderHelper.ReadUInt32(memoryStream);
                    BlobSize   = StreamReaderHelper.ReadUInt64(memoryStream);
                    BlobOffset = StreamReaderHelper.ReadUInt64(memoryStream);
                }
            }

            // Test to see if the file may have been executed.
            if ((FileFlags & Global.CSRSS_FLAG) == Global.CSRSS_FLAG)
            {
                ProcessExec = true;
            }
            else
            {
                ProcessExec = false;
            }
        }

Exemple #3

0

Afficher le fichier

Fichier : CacheEntryNt5.cs Projet : cephurs/shimcacheparser-1

        /// <summary>
        /// Performs the parsing of the cache entry data
        /// </summary>
        public void Update(byte[] data)
        {
            using (MemoryStream memoryStream = new MemoryStream(data))
            {
                memoryStream.Seek(0, SeekOrigin.Begin);

                Length    = StreamReaderHelper.ReadUInt16(memoryStream);
                MaxLength = StreamReaderHelper.ReadUInt16(memoryStream);

                if (Is32Bit == true)
                {
                    Offset = StreamReaderHelper.ReadUInt32(memoryStream);

                    try
                    {
                        UInt32 lowDateTime  = StreamReaderHelper.ReadUInt32(memoryStream);
                        UInt32 highDateTime = StreamReaderHelper.ReadUInt32(memoryStream);
                        long   hFT2         = (((long)highDateTime) << 32) + lowDateTime;
                        DateTime = DateTime.FromFileTimeUtc(hFT2);
                    }
                    catch (Exception)
                    {
                        DateTime = DateTime.MinValue;
                    }

                    FileSizeLow  = StreamReaderHelper.ReadUInt32(memoryStream);
                    FileSizeHigh = StreamReaderHelper.ReadUInt32(memoryStream);
                }
                else
                {
                    memoryStream.Seek(4, SeekOrigin.Current);

                    Offset = StreamReaderHelper.ReadUInt64(memoryStream);

                    try
                    {
                        UInt32 lowDateTime  = StreamReaderHelper.ReadUInt32(memoryStream);
                        UInt32 highDateTime = StreamReaderHelper.ReadUInt32(memoryStream);
                        long   hFT2         = (((long)highDateTime) << 32) + lowDateTime;
                        DateTime = DateTime.FromFileTimeUtc(hFT2);
                    }
                    catch (Exception)
                    {
                        DateTime = DateTime.MinValue;
                    }

                    FileSizeLow  = StreamReaderHelper.ReadUInt32(memoryStream);
                    FileSizeHigh = StreamReaderHelper.ReadUInt32(memoryStream);
                }
            }

            // It contains file data.
            if (_containsFileSize == false)
            {
                // Check the CSRSS flag.
                if ((FileSizeLow & Global.CSRSS_FLAG) == Global.CSRSS_FLAG)
                {
                    ProcessExec = true;
                }
                else
                {
                    ProcessExec = false;
                }
            }
        }

C# (CSharp) StreamReaderHelper.ReadUInt32 Exemples