public LogRoot(BinaryReader log, long chunkOffset, uint length, EventLog parent) { this.ParentLog = parent; this.Position = log.BaseStream.Position; this.ChunkOffset = chunkOffset; this.Nodes = new List<INode>(); this.Strings = new Dictionary<long, string>(); this.CurrentOpenTags = new List<string> (); this.Length = length; while (this.Length > 0 && !this.ReachedEOS) { Console.WriteLine (this.Length); INode node = LogNode.NewNode(log, this, chunkOffset, this); this.Nodes.Add(node); this.Length -= node.Length; if (node is _x00) this.ReachedEOS = true; } this.SubstitutionArray = new SubstitutionArray(log, chunkOffset, this); }
void OpenFile(object sender, EventArgs e) { FileChooserDialog fc = new FileChooserDialog("Choose the registry hive or event log to open", this, FileChooserAction.Open, "Cancel",ResponseType.Cancel, "Open",ResponseType.Accept); if (fc.Run() == (int)ResponseType.Accept) { string file = fc.Filename; Console.WriteLine("Reading: " + file); using (FileStream stream = File.OpenRead(file)) { using (BinaryReader reader = new BinaryReader(stream)) { byte[] h = reader.ReadBytes(10); if (h[0] == 'r' && h[1] == 'e' && h[2] == 'g' && h[3] == 'f') { RegistryHive hive = new RegistryHive(file); TreeView tv = new TreeView(); _vbox.Add(tv); TreeViewColumn paths = new TreeViewColumn(); paths.Title = "Registry Keys"; CellRendererText keyCell = new CellRendererText(); paths.PackStart(keyCell, true); TreeViewColumn values = new TreeViewColumn(); values.Title = "Registry Values"; CellRendererText valuesCell = new CellRendererText(); values.PackStart(valuesCell, true); tv.AppendColumn(paths); tv.AppendColumn(values); paths.AddAttribute(keyCell, "text", 0); values.AddAttribute(valuesCell, "text", 1); TreeStore store = new TreeStore(typeof(string), typeof(string)); TreeIter root = store.AppendValues(hive.RootKey.Name); AddChildrenToView(hive.RootKey, store, root); tv.Model = store; } else if (h[4] == 'L' && h[5] == 'f' && h[6] == 'L' && h[7] == 'e') { LegacyEventLog log = new LegacyEventLog(file); TreeView tv = new TreeView(); _vbox.Add(tv); CellRendererText twText = new CellRendererText(); TreeViewColumn timeWritten = new TreeViewColumn(); timeWritten.Title = "Time Written"; timeWritten.PackStart(twText, true); timeWritten.AddAttribute(twText, "text", 0); CellRendererText tgText = new CellRendererText(); TreeViewColumn timeGenerated = new TreeViewColumn(); timeGenerated.Title = "Time Generated"; timeGenerated.PackStart(tgText, true); timeGenerated.AddAttribute(tgText, "text", 1); CellRendererText snText = new CellRendererText(); TreeViewColumn sourceName = new TreeViewColumn(); sourceName.Title = "Source Name"; sourceName.PackStart(snText, true); sourceName.AddAttribute(snText, "text", 2); CellRendererText cnText = new CellRendererText(); TreeViewColumn computerName = new TreeViewColumn(); computerName.Title = "Computer Name"; computerName.PackStart(cnText, true); computerName.AddAttribute(cnText, "text", 3); CellRendererText sText = new CellRendererText(); TreeViewColumn strings = new TreeViewColumn(); strings.Title = "Strings"; strings.PackStart(sText, true); strings.AddAttribute(sText, "text", 4); tv.AppendColumn(timeWritten); tv.AppendColumn(timeGenerated); tv.AppendColumn(sourceName); tv.AppendColumn(computerName); tv.AppendColumn(strings); TreeStore store = new TreeStore(typeof(string),typeof(string),typeof(string),typeof(string),typeof(string)); foreach (LegacyLogItem item in log.Items) store.AppendValues(item.TimeWritten.ToString(), item.TimeGenerated.ToString(), item.SourceName, item.ComputerName, item.Strings); tv.Model = store; } else if (h[0] == 'E' && h[1] == 'l' && h[2] == 'f' && h[3] == 'F' && h[4] == 'i' && h[5] == 'l' && h[6] == 'e') { EventLog log = new EventLog(fc.Filename); } else throw new Exception("Unsupported Format."); } } this.ShowAll(); } fc.Destroy(); }