static void Main(string[] args)
        {
            string[] fExt = new string[1];
            fExt[0] = "exe";

            Dictionary <ulong, FileNameAndParentFrn> mDict = new Dictionary <ulong, FileNameAndParentFrn>();

            EnumerateVolume.PInvokeWin32 mft = new EnumerateVolume.PInvokeWin32();
            mft.Drive = "C:";
            mft.EnumerateVolume(out mDict, new string[] { "*" });
            foreach (KeyValuePair <UInt64, FileNameAndParentFrn> entry in mDict)
            {
                FileNameAndParentFrn file = (FileNameAndParentFrn)entry.Value;

                Console.WriteLine(file.Name + " " + file.ParentFrn);
            }

            Console.WriteLine("DONE");
            Console.ReadKey();
        }
Esempio n. 2
0
        static void Main(string[] args)
        {
            try
            {
                Console.WriteLine("### " + Constants.APP_SIGNATURE + " ###");
                Console.WriteLine("### " + Constants.APP_URL + " ###\n");
                Console.Write("Processing...\r");

                Int32 unixTimestampInit = (Int32)(DateTime.UtcNow.Subtract(new DateTime(1970, 1, 1))).TotalSeconds;

                string driveLetter   = Properties.Settings.Default.search_volume;
                string fileNamePath  = Properties.Settings.Default.report_folder;
                string fileExtension = Properties.Settings.Default.search_extensions;
                bool   calcMd5       = Properties.Settings.Default.calc_md5;

                string fileNamePathRecommendation = "report_folder (" + fileNamePath + ") must be a valid folder, and the current user must have write access in it. The valid slash must be / and NOT \\.";

                if (!Directory.Exists(fileNamePath))
                {
                    Utils.Instance.ThrowErr(fileNamePathRecommendation);
                }
                else if (fileNamePath[fileNamePath.Length - 1] == '/')
                {
                    fileNamePath = fileNamePath.Substring(0, fileNamePath.Length - 1);
                }


                if (driveLetter.Length > 1 || driveLetter.Contains(":") || fileNamePath.Contains("\\") || !fileExtension.Contains(".") || fileExtension.Contains("*"))
                {
                    Utils.Instance.ThrowErr("\n\nCheck the config file:\n\n1. search_volume (" + driveLetter + ") must be JUST a NTFS volume/drive letter WITHOUT ':', like C, D, F, G, etc. The current user must have administration rights over this volume.\n\n" +
                                            "2. " + fileNamePathRecommendation + "\n\n" +
                                            "3. search_extensions (" + fileExtension + ") is the representation of a file extension, like .txt, .pdf, .doc, etc, WITH dot (.) WITHOUT asterisk (*).");
                }


                nameLst = new List <string>();
                Dictionary <ulong, FileNameAndParentFrn> mDict = new Dictionary <ulong, FileNameAndParentFrn>();

                long totalBytes = 0l;
                EnumerateVolume.PInvokeWin32 mft = new EnumerateVolume.PInvokeWin32();
                mft.Drive = driveLetter;
                mft.Drive = mft.Drive + ":";
                mft.EnumerateVolume(out mDict);
                StringBuilder sb               = new StringBuilder();
                StringBuilder pathSb           = null;
                String        jsonFileNamePath = fileNamePath + "/" + driveLetter + "." + unixTimestampInit + ".json";

                Console.Write("Volume: " + driveLetter + "\t\t\n");
                Console.WriteLine("Report folder: " + fileNamePath);
                Console.WriteLine("Extension: " + fileExtension);

                long totalDriveSize = 0;

                try
                {
                    totalDriveSize = Utils.Instance.GetDriveTotalSize(driveLetter);
                }
                catch (Exception e)
                {
                    Utils.Instance.LogException(e);
                }

                if (File.Exists(jsonFileNamePath))
                {
                    File.Delete(jsonFileNamePath);
                    Console.WriteLine("Old file deleted: " + jsonFileNamePath);
                }

                finalNameLst = new List <string>();
                Console.WriteLine("MFT items: " + mDict.Count);
                foreach (KeyValuePair <UInt64, FileNameAndParentFrn> entry in mDict)
                {
                    FileNameAndParentFrn file = (FileNameAndParentFrn)entry.Value;
                    pathSb = new StringBuilder();

                    string extractedExtension = Utils.Instance.ExtractExtension(file.Name);

                    if (extractedExtension != null && fileExtension.ToLower().Contains(extractedExtension.ToLower()))
                    {
                        pathSb.Append(driveLetter + ":\\");
                        Utils.Instance.SearchId(file.ParentFrn, mDict);

                        nameLst.Reverse();

                        foreach (var item in nameLst)
                        {
                            pathSb.Append(item + "\\");
                        }

                        pathSb.Append(file.Name);

                        finalNameLst.Add(pathSb.ToString());



                        Console.Write("File references found: " + finalNameLst.Count + "\r");

                        nameLst.Clear();
                    }
                }

                Console.WriteLine();
                sb.AppendLine("{\"initTime\": " + unixTimestampInit + ", \"search_volume\": \"" + driveLetter + "\", \"report_folder\": \"" + fileNamePath + "\", \"search_extensions\": \"" + fileExtension + "\", \"totalDriveSize\": " + totalDriveSize + ", \"objectLst\": [");
                String comma                     = ", ";
                int    notFoundCount             = 0;
                int    ownerExceptionCount       = 0;
                int    machineNameExceptionCount = 0;
                int    fqdnExceptionCount        = 0;
                int    md5ExceptionCount         = 0;
                for (int i = 0; i < finalNameLst.Count; i++)
                {
                    String item = finalNameLst[i];

                    if (File.Exists(item))
                    {
                        if (i + 1 == finalNameLst.Count)
                        {
                            comma = "";
                        }
                        long     fileSize         = new FileInfo(item).Length;
                        DateTime fileCreationDate = File.GetCreationTime(item);
                        DateTime fileUpdateDate   = File.GetLastWriteTime(item);
                        string   owner            = "n/a";
                        string   machineName      = "n/a";
                        string   fqdn             = "n/a";
                        string   md5Hash          = "";


                        if (calcMd5)
                        {
                            try
                            {
                                byte[] byteArray = File.ReadAllBytes(item);
                                string strMd5    = Utils.Instance.ByteArrayToMd5HashString(byteArray);
                                md5Hash = ", \"md5\": \"" + strMd5 + "\"";
                            }
                            catch (Exception e)
                            {
                                md5ExceptionCount++;
                                md5Hash = ", \"md5\": \"n/a\"";
                                Utils.Instance.LogException(e);
                            }
                        }


                        try { owner = Utils.Instance.GetOwnerName(item); }
                        catch (Exception e)
                        {
                            ownerExceptionCount++;
                            Utils.Instance.LogException(e);
                        } finally { owner = Uri.EscapeDataString(owner); }

                        try { machineName = Environment.MachineName; }
                        catch (Exception e)
                        {
                            machineNameExceptionCount++;
                            Utils.Instance.LogException(e);
                        }  finally { machineName = Uri.EscapeDataString(machineName); }

                        try { fqdn = Utils.Instance.GetFQDN(); }
                        catch (Exception e)
                        {
                            fqdnExceptionCount++;
                            Utils.Instance.LogException(e);
                        }
                        finally { fqdn = Uri.EscapeDataString(fqdn); }

                        sb.AppendLine("{ \"fileName\": \"" + Uri.EscapeDataString(item) + "\", \"fileSize\": " + fileSize + ", \"fileCreationDate\": \"" + fileCreationDate + "\", \"fileUpdateDate\": \"" + fileUpdateDate + "\", \"fileAuthor\": \"" + owner + "\", \"fqdn\": \"" + fqdn + "\" " + md5Hash + "}" + comma);
                        totalBytes = fileSize + totalBytes;
                    }
                    else
                    {
                        notFoundCount++;
                    }

                    Console.Write("Inspecting file: " + (i + 1) + "/" + finalNameLst.Count + "\r");
                }
                Int32 unixTimestampEnd = (Int32)(DateTime.UtcNow.Subtract(new DateTime(1970, 1, 1))).TotalSeconds;
                sb.AppendLine("], \"endTime\": " + unixTimestampEnd + " }");

                Utils.Instance.WriteToFile(sb.ToString(), jsonFileNamePath);

                Console.WriteLine("\nFile references not found: " + notFoundCount);
                Console.WriteLine("FQDN resolution errors: " + fqdnExceptionCount);
                Console.WriteLine("Machine Name resolution errors: " + machineNameExceptionCount);
                Console.WriteLine("File ownership resolution errors: " + ownerExceptionCount);
                Console.WriteLine("MD5 hash errors: " + md5ExceptionCount);
                Console.WriteLine("\nTotal bytes: " + Utils.Instance.FormatBytesLength(totalBytes));
                Console.WriteLine("Process ended. Check the results in: " + jsonFileNamePath);

                Console.WriteLine("\n[PRESS ENTER]");
                Console.ReadLine();
            }
            catch (Exception e)
            {
                Utils.Instance.ThrowErr(e.Message);
                Utils.Instance.LogException(e);
            }
        }