private void btnRevertSelected_Click(object sender, EventArgs e) { foreach (Object item in lstResults.SelectedItems) { RestoreFileItem file = (RestoreFileItem)item; Console.WriteLine("Starting restore of... " + file.current_name); // Do restore string fileCachePath = downloadPath + "\\cache\\" + file.fileId + ".bin"; Google.Apis.Drive.v3.Data.File f = service.Files.Get(file.fileId).Execute(); //Download Revision MemoryStream stream = new MemoryStream(); RevisionsResource.GetRequest dlRevision = new RevisionsResource.GetRequest(service, file.fileId, file.previous_revisionId); dlRevision.Download(stream); //service.Files.Get(revision.Id).Download(stream); System.IO.File.WriteAllBytes(fileCachePath, stream.ToArray()); //Replace revision //System.IO.FileStream fs = new FileStream(downloadPath + "\\download\\"+ revision.OriginalFilename, FileMode.Open); FilesResource.UpdateMediaUpload fUpload = service.Files.Update(f, file.fileId, stream, file.current_mimeType); f.Name = file.previous_name; f.Id = null; fUpload.Fields = "name"; var uploadStatus = fUpload.Upload(); if (uploadStatus.Exception != null) { MessageBox.Show("Error Uploading File!"); } } }
private List <RestoreFileItem> getTargetFiles() { List <RestoreFileItem> results = new List <RestoreFileItem>(); /** CODE HERE **/ //Find all files FilesResource.ListRequest listRequest = service.Files.List(); listRequest.PageSize = 1000; //TODO CHANGE TO VERY LARGE VALUE listRequest.Q = "name contains 'b4bc'"; //SEARCH FOR RANSOMWARE listRequest.Fields = "nextPageToken, files(id, name, modifiedTime, mimeType, size, lastModifyingUser(me))"; // List files. IList <Google.Apis.Drive.v3.Data.File> files = listRequest.Execute() .Files; Console.WriteLine("Found " + files.Count + " files..."); if (files != null && files.Count > 0) { foreach (var file in files) { if (file.Size == null) { continue; // Only look at binary files } if (file.ModifiedTime < dateModifiedSince_value) { continue; // Only look at files recently changed } //if (!file.LastModifyingUser.Me.Value) continue; // Only look at files modified by current user (RANSOMWARE) if (!file.Name.Contains("b4bc")) { continue; // Only look for RANSOMWARE pattern 1 } //Create object for revisionresults RestoreFileItem result = new RestoreFileItem(); result.fileId = file.Id; result.current_modifiedDate = file.ModifiedTime.Value; result.current_name = file.Name; result.current_mimeType = file.MimeType; //Check if file has previous revisions... RevisionsResource.ListRequest revisionListRequest = service.Revisions.List(file.Id); revisionListRequest.PageSize = 10; revisionListRequest.Fields = "kind, revisions(id, modifiedTime, originalFilename)"; bool foundValueRevision = false; try { IList <Google.Apis.Drive.v3.Data.Revision> revisions = revisionListRequest.Execute().Revisions; if (revisions != null && revisions.Count > 1) //At least something to go back to other than current version { foreach (var revision in revisions) { if (revision.ModifiedTime < dateModifiedSince_value) { foundValueRevision = true; Console.WriteLine("Found valid revision for file " + file.Name + "... revision from date " + revision.ModifiedTime.ToString()); result.previous_revisionId = revision.Id; result.previous_modifiedDate = revision.ModifiedTime.Value; result.previous_name = revision.OriginalFilename; } } } else { //NO REVISIONS continue; } } catch (Exception e) { } if (foundValueRevision) { //Good revision found string toString = result.current_name + " (" + result.current_modifiedDate.ToString() + ") -> " + result.previous_name + " (" + result.previous_modifiedDate.ToString() + ")"; result.toString = toString; results.Add(result); } } } else { Console.WriteLine("No files found."); } /** END HERE **/ //Save results to disk for sanity var json = new JavaScriptSerializer().Serialize(results); System.IO.File.AppendAllText(downloadPath + "\\restorable.lst", "[date]" + dateModifiedSince_value.ToString() + "[/date]" + json); return(results); }