public override void Execute()
{
Context = ShellLinkFile.Load(Filename);
Context.Header.LinkFlags &= ~LinkFlags.EnableTargetMetaData;
Context.Header.LinkFlags |= LinkFlags.ForceNoLinkTrack;
if (Context.LinkInfo != null)
{
if (Context.LinkInfo.VolumeID != null)
{
Context.LinkInfo.VolumeID.DriveSerialNumber = 0;
Context.LinkInfo.VolumeID.VolumeLabel = null;
}
if (Context.LinkInfo.CommonNetworkRelativeLink != null)
{
Context.LinkInfo.CommonNetworkRelativeLink.DeviceName = null;
Context.LinkInfo.CommonNetworkRelativeLink.NetworkProviderType = null;
}
}
var blocks = Context.ExtraDataBlocks.Where(block => !(block is TrackerDataBlock || block is PropertyStoreDataBlock)).ToList();
Context.ExtraDataBlocks = blocks;
foreach (var option in Options)
{
option.Execute(Context);
}
Context.SaveAs(Filename);
}
private void ParseJumpListC(string file, string appid, string extension, string username, string appName, List <ShellLinkFile> lnkFiles)
{
JumpListFile jumpListFile = new JumpListFile(true);
jumpListFile.FilePath = file;
jumpListFile.FileName = System.IO.Path.GetFileName(file);
jumpListFile.AppName = appName;
for (int index = 0; index < lnkFiles.Count; index++)
{
ShellLinkFile linkFile = lnkFiles[index];
JumpList jumpList = new JumpList();
jumpList.Name = (index + 1).ToString();
jumpList.Size = 0;
var Data = lnkFiles.ToArray();
string arguments = Data[index].Arguments;
if (arguments == null)
{
arguments = "None";
}
string accesstime = Data[index].Header.AccessTime.ToString("dd/MM/yyyy HH:mm:ss");
string writetime = Data[index].Header.WriteTime.ToString("dd/MM/yyyy HH:mm:ss");
string createtime = Data[index].Header.CreationTime.ToString("dd/MM/yyyy HH:mm:ss");
string Name = Data[index].IconLocation;
string ExeName = Data[index].LinkInfo.LocalBasePath;
string myArray = username + "," + appid + "," + appName + "," + ExeName + "," + arguments + "," + extension + "," + accesstime + "," + writetime + "," + createtime;
File.AppendAllText("FM-JLP.csv", myArray + Environment.NewLine);
}
}
private void ParseJumpListA(string appid, string extension, string username, string file, string appName)
{
JumpListFile jumpListFile = new JumpListFile(false);
jumpListFile.FilePath = file;
jumpListFile.FileName = System.IO.Path.GetFileName(file);
jumpListFile.AppName = appName;
CompoundFile compoundFile = new CompoundFile(file);
CFStream cfStream = compoundFile.RootStorage.GetStream("DestList");
jumpListFile.DestListSize = cfStream.Size;
List <DestListEntry> destListEntries = ParseDestList(cfStream.GetData());
jumpListFile.DestListEntries = destListEntries;
int ii = 1;
foreach (DestListEntry destListEntry in destListEntries)
{
CFStream cfStreamJf = null;
try
{
cfStreamJf = compoundFile.RootStorage.GetStream(ii.ToString());
ShellLinkFile linkFile = ShellLinkFile.Load(cfStreamJf.GetData());
string arguments = linkFile.Arguments.ToString();
if (arguments == null)
{
arguments = "None";
}
DateTime accesstime_ = linkFile.Header.AccessTime;
string accesstime = Convert.ToDateTime(accesstime_).ToString("dd/MM/yyyy HH:mm:ss");
string writetime = linkFile.Header.WriteTime.ToString("dd/MM/yyyy HH:mm:ss");
string createtime = linkFile.Header.CreationTime.ToString("dd/MM/yyyy HH:mm:ss");
string ExeName = linkFile.LinkInfo.LocalBasePath;
string myArray = username + "," + appid + "," + appName + "," + ExeName + "," + arguments + "," + extension + "," + accesstime + "," + writetime + "," + createtime;
File.AppendAllText("FM-JLP.csv", myArray + Environment.NewLine);
if (linkFile.Header.CreationTime == DateTime.MinValue |
linkFile.Header.AccessTime == DateTime.MinValue |
linkFile.Header.WriteTime == DateTime.MinValue |
linkFile.Header.CreationTime == ShellLinkFile.WindowsEpoch |
linkFile.Header.AccessTime == ShellLinkFile.WindowsEpoch |
linkFile.Header.WriteTime == ShellLinkFile.WindowsEpoch)
{
continue;
}
if (linkFile != null)
{
JumpList jumpList = new JumpList();
jumpList.Name = destListEntry.StreamNo;
jumpList.Size = cfStreamJf.GetData().Length;
jumpList.DestListEntry = destListEntry;
jumpListFile.JumpLists.Add(jumpList);
}
}
catch { Exception ex; }
ii = ii + 1;
}
}
public override void Execute()
{
Context = ShellLinkFile.Load(Filename);
foreach (var option in Options)
{
option.Execute(Context);
}
Context.SaveAs(Filename);
}
public override void Execute()
{
Context = ShellLinkFile.Load(Filename);
foreach (Option option in Options)
{
option.Execute(Context);
}
Console.WriteLine(Context);
}
public override void Execute()
{
Context = ShellLinkFile.CreateAbsolute(Target);
foreach (var option in Options)
{
option.Execute(Context);
}
Context.SaveAs(Filename);
CheckExists(Target, Filename);
}
public override void Execute(ShellLinkFile context)
{
if (Convert.ToBoolean(Argument))
{
context.Header.LinkFlags |= Flag;
}
else
{
context.Header.LinkFlags &= ~Flag;
}
}
private static void TestOption(ShellLinkFile context, Option option, string argument)
{
option.Arguments.Clear();
for (var i = 0; i < option.ExpectedArguments; i++)
{
option.Arguments.Add(argument);
}
// As we use Reflection to alter properties, just check if properties names are correct.
option.Execute(context);
}
public override void Execute(ShellLinkFile context)
{
if (Convert.ToBoolean(Argument))
{
context.Header.LinkFlags |= Flag;
}
else
{
context.Header.LinkFlags &= ~Flag;
}
}
public static ExtraDataBlockHandler GetInstance(ExtraDataBlock item, ShellLinkFile context)
{
var typename = $"Shellify.IO.{item.GetType().Name}Handler";
var type = Type.GetType(typename);
if (type == null)
{
throw new ArgumentException(typename);
}
return((ExtraDataBlockHandler)Activator.CreateInstance(type, new object[] { item, context }));
}
private static string BlindWrite()
{
var tmpFile = Path.GetTempFileName();
var slf = new ShellLinkFile();
foreach (var block in from ExtraDataBlockSignature signature in System.Enum.GetValues(typeof(ExtraDataBlockSignature)) where signature != ExtraDataBlockSignature.UnknownDataBlock select ExtraDataBlockFactory.GetInstance(signature))
{
slf.ExtraDataBlocks.Add(block);
}
slf.SaveAs(tmpFile);
return(tmpFile);
}
static ShellLinkFile ReadShellLinkFile(string path)
{
var result = new ShellLinkFile();
var stream = new FileStream(path, FileMode.Open, FileAccess.Read, FileShare.Read);
using (var binaryReader = new BinaryReader(stream))
{
var reader = new ShellLinkFileHandler(result);
reader.ReadFrom(binaryReader);
}
return(result);
}
static string GetTarget(ShellLinkFile link, string lnkPath)
{
if (link.LinkInfo?.LocalBasePath != null)
{
return(link.LinkInfo.LocalBasePath);
}
if (link.RelativePath != null)
{
return(ResolveRelativePath(Path.GetDirectoryName(lnkPath), link.RelativePath));
}
return(null);
}
public void TestRoundTrip()
{
foreach (var file in Directory.GetFiles(_filesDirectory))
{
_testContextInstance.WriteLine("Testing {0}", file);
var slf = ShellLinkFile.Load(file);
_testContextInstance.WriteLine("{0}", slf);
var tmpFile = Path.GetTempFileName();
slf.SaveAs(tmpFile);
var slf2 = ShellLinkFile.Load(tmpFile);
Assert.AreEqual(slf.ToString(), slf2.ToString());
CompareFiles(file, tmpFile);
}
}
private string BlindWrite()
{
var tmpFile = Path.GetTempFileName();
var slf = new ShellLinkFile();
foreach (ExtraDataBlockSignature signature in System.Enum.GetValues(typeof(ExtraDataBlockSignature)))
{
if (signature == ExtraDataBlockSignature.UnknownDataBlock)
continue;
ExtraDataBlock block = ExtraDataBlockFactory.GetInstance(signature);
slf.ExtraDataBlocks.Add(block);
}
slf.SaveAs(tmpFile);
return tmpFile;
}
public override void Execute(ShellLinkFile context)
{
PropertyInfo pinfo = null;
Type ptype = context.GetType();
object obj = context;
foreach (string item in PropertyPath)
{
if (pinfo != null)
{
obj = pinfo.GetValue(obj, null);
}
pinfo = ptype.GetProperty(item);
ptype = pinfo.PropertyType;
}
object value = ChangeType(Argument, ptype);
pinfo.SetValue(obj, value, null);
}
public void TestRoundTrip()
{
var basePath = GetType().Assembly.Location;
var filesPath = Path.Combine(Path.GetDirectoryName(basePath), "Files");
foreach (var file in Directory.GetFiles(filesPath))
{
TestContext.WriteLine("Testing {0}", file);
var slf = ShellLinkFile.Load(file);
TestContext.WriteLine("{0}", slf);
var tmpFile = Path.GetTempFileName();
slf.SaveAs(tmpFile);
var slf2 = ShellLinkFile.Load(tmpFile);
Assert.AreEqual(slf.ToString(), slf2.ToString());
CompareFiles(file, tmpFile);
}
}
public override void Execute()
{
var baseDirectory = Path.GetDirectoryName(Filename);
if (string.IsNullOrEmpty(baseDirectory))
{
baseDirectory = ".";
}
Console.WriteLine("Using {0} as base directory", baseDirectory);
Context = ShellLinkFile.CreateRelative(baseDirectory, Target);
foreach (var option in Options)
{
option.Execute(Context);
}
Context.SaveAs(Filename);
CheckExists(Path.Combine(baseDirectory, Target), Filename);
}
public void TestToolOptions()
{
var info = new DateTimeFormatInfo();
string[] testargs = { "0", "string", new DateTime().ToString($"{info.ShortDatePattern} {info.ShortTimePattern}", CultureInfo.InvariantCulture), "true" };
var slf = new ShellLinkFile();
foreach (var option in ProgramContext.Options)
{
var argindex = 0;
bool retry;
do
{
retry = false;
try
{
TestOption(slf, option, testargs[argindex]);
}
catch (FormatException)
{
if (argindex >= testargs.Length - 1)
{
throw;
}
TestContext.WriteLine("Option '{0}' fail for argument '{1}', testing '{2}'", option,
testargs[argindex], testargs[argindex + 1]);
retry = true;
argindex++;
}
catch (Exception)
{
Assert.Fail("Check option '{0}', type {1}", option, option.GetType().Name);
}
} while (retry);
}
}
public void TestToolOptions()
{
var info = new DateTimeFormatInfo();
string[] testargs = { "0", "string", new DateTime().ToString(string.Format("{0} {1}",info.ShortDatePattern, info.ShortTimePattern), CultureInfo.InvariantCulture), "true" };
ShellLinkFile slf = new ShellLinkFile();
foreach (Option option in ProgramContext.Options)
{
int argindex = 0;
bool retry;
do
{
retry = false;
try
{
TestOption(slf, option, testargs[argindex]);
}
catch (FormatException)
{
if (argindex < testargs.Length - 1)
{
testContextInstance.WriteLine("Option '{0}' fail for argument '{1}', testing '{2}'", option, testargs[argindex], testargs[argindex + 1]);
retry = true;
argindex++;
}
else
{
throw;
}
}
catch (Exception)
{
Assert.Fail("Check option '{0}', type {1}", option, option.GetType().Name);
}
} while (retry);
}
}
public override void Execute(ShellLinkFile context)
{
PropertyInfo pinfo = null;
var ptype = context.GetType();
object obj = context;
foreach (var item in PropertyPath)
{
if (pinfo != null)
{
obj = pinfo.GetValue(obj, null);
}
pinfo = ptype.GetProperty(item);
if (pinfo != null)
{
ptype = pinfo.PropertyType;
}
}
var value = ChangeType(Argument, ptype);
pinfo?.SetValue(obj, value, null);
}
public DarwinDataBlockHandler(DarwinDataBlock item, ShellLinkFile context)
: base(item, context)
{
}
public ShimDataBlockHandler(ShimDataBlock item, ShellLinkFile context) : base(item, context)
{
}
public ConsoleDataBlockHandler(ConsoleDataBlock item, ShellLinkFile context)
: base(item, context)
{
}
public static ExtraDataBlockHandler GetInstance(ExtraDataBlock item, ShellLinkFile context)
{
string typename = string.Format("Shellify.IO.{0}Handler", item.GetType().Name);
return (ExtraDataBlockHandler)Activator.CreateInstance(Type.GetType(typename), new object[] { item, context});
}
public UnknownDataBlockHandler(UnknownDataBlock item, ShellLinkFile context) : base(item, context)
{
}
public SpecialFolderDataBlockHandler(SpecialFolderDataBlock item, ShellLinkFile context)
: base(item, context)
{
}
public ShellLinkFileHandler(ShellLinkFile item)
{
Item = item;
}
protected BaseFolderIDDataBlockHandler(T item, ShellLinkFile context)
: base(item, context)
{
}
public void TestBlindRead()
{
ShellLinkFile.Load(BlindWrite());
}
/// <summary>
///
/// </summary>
/// <param name="filePath"></param>
/// <param name="path"></param>
/// <param name="type"></param>
/// <param name="info"></param>
/// <param name="sourceFile">The registry file the entry was identified from</param>
/// <param name="regModified"></param>
private void ProcessEntry(string filePath,
string path,
string type,
string info,
string sourceFile,
string serviceDisplayName,
string serviceDescription,
DateTimeOffset?regModified)
{
try
{
filePath = Text.ReplaceNulls(filePath);
AutoRunEntry autoRunEntry = new AutoRunEntry
{
Type = type,
Info = info,
Path = path,
ServiceDisplayName = serviceDisplayName,
ServiceDescription = serviceDescription,
SourceFile = sourceFile
};
autoRunEntry = Helper.GetFilePathWithNoParameters(_driveMappings, autoRunEntry, filePath);
if (autoRunEntry == null)
{
return;
}
if (autoRunEntry.FilePath.Length == 0)
{
return;
}
autoRunEntry.FileName = System.IO.Path.GetFileName(autoRunEntry.FilePath.Replace("\"", string.Empty));
if (System.IO.Path.GetExtension(autoRunEntry.FileName) == ".lnk")
{
try
{
ShellLinkFile shellLinkFile = ShellLinkFile.Load(autoRunEntry.FilePath);
autoRunEntry = new AutoRunEntry
{
Type = type,
Info = info
};
autoRunEntry.Info = filePath;
autoRunEntry = Helper.GetFilePathWithNoParameters(_driveMappings, autoRunEntry, System.IO.Path.Combine(shellLinkFile.LinkInfo.LocalBasePath, shellLinkFile.LinkInfo.CommonPathSuffix) + " " + shellLinkFile.Arguments);
autoRunEntry.Path = System.IO.Path.Combine(shellLinkFile.LinkInfo.LocalBasePath, shellLinkFile.LinkInfo.CommonPathSuffix) + " " + shellLinkFile.Arguments;
autoRunEntry.FileName = System.IO.Path.GetFileName(autoRunEntry.FilePath.Replace("\"", string.Empty));
}
catch (Exception ex)
{
_hasErrors = true;
Helper.WriteErrorToLog(ex.ToString(), filePath, autoRunEntry.FilePath, path);
}
}
if (autoRunEntry.FilePath.Length == 0)
{
Helper.WriteErrorToLog("FilePath is zero length", filePath, autoRunEntry.FilePath, path);
return;
}
Console.WriteLine(autoRunEntry.FilePath);
_entries.Add(autoRunEntry);
try
{
using (new PrivilegeEnabler(System.Diagnostics.Process.GetCurrentProcess(), Privilege.TakeOwnership))
{
FileInfo fileInfo = new FileInfo(autoRunEntry.FilePath);
FileSecurity fileSecurity = fileInfo.GetAccessControl();
fileSecurity.SetOwner(WindowsIdentity.GetCurrent().User);
File.SetAccessControl(autoRunEntry.FilePath, fileSecurity);
if (File.Exists(autoRunEntry.FilePath) == false)
{
autoRunEntry.Error = "Does Not Exist";
OnEntryFound(autoRunEntry);
return;
}
autoRunEntry.Exists = true;
autoRunEntry.FileSystemAccessed = fileInfo.LastAccessTime;
autoRunEntry.FileSystemCreated = fileInfo.CreationTime;
autoRunEntry.FileSystemModified = fileInfo.LastWriteTime;
autoRunEntry.RegistryModified = regModified;
//string output = Misc.ShellProcessWithOutput(_sigCheckPath, Global.SIGCHECK_FLAGS + "\"" + autoRunEntry.FilePath + "\"");
//autoRunEntry = Helper.ParseSigCheckOutput(autoRunEntry, output);
autoRunEntry = Helper.GetFileInformation(hashes, _sigCheckPath, autoRunEntry);
autoRunEntry.Md5 = Security.GenerateMd5HashStream(autoRunEntry.FilePath);
autoRunEntry.Sha256 = Helper.GetFileSha256Hash(autoRunEntry.FilePath);
OnEntryFound(autoRunEntry);
}
}
catch (Exception ex)
{
Helper.WriteErrorToLog(ex.ToString(), filePath, autoRunEntry.FilePath, path);
autoRunEntry.Error = "Error: " + ex.Message;
OnEntryFound(autoRunEntry);
}
}
catch (Exception ex)
{
_hasErrors = true;
Helper.WriteErrorToLog(ex.ToString(), filePath, filePath, path);
}
}
public VistaAndAboveIDListDataBlockHandler(VistaAndAboveIDListDataBlock item, ShellLinkFile context)
: base(item, context)
{
}
public ShellLinkFileHandler(ShellLinkFile item)
{
this.Item = item;
}
protected BaseStringDataBlockHandler(T item, ShellLinkFile context)
: base(item, context)
{
}
private void TestOption(ShellLinkFile context, Option option, string argument)
{
option.Arguments.Clear();
for (int i = 0; i < option.ExpectedArguments; i++)
{
option.Arguments.Add(argument);
}
// As we use Reflection to alter properties, just check if properties names are correct.
option.Execute(context);
}
public abstract void Execute(ShellLinkFile context);
public EnvironmentVariableDataBlockHandler(EnvironmentVariableDataBlock item, ShellLinkFile context)
: base(item, context)
{
}
public KnownFolderDataBlockHandler(KnownFolderDataBlock item, ShellLinkFile context)
: base(item, context)
{
}
public override void Execute(ShellLinkFile context)
{
Argument = Argument.Replace(" ",string.Empty);
base.Execute(context);
}
