public static void SendRegistryFetchResults(string taskCode, winaudits.RegistryFetch ofileFetch) { StateObject stateObj = null; try { int tryCount = 0; StringBuilder sb = new StringBuilder(); sb.AppendLine(String.Format("AuditJobid: {0}", ofileFetch.AuditJobID)); sb.AppendLine(String.Format("AuditJobType: {0}", 3)); string tempPath = ofileFetch.RegistryPath.Replace("\"", string.Empty).Trim("\\".ToCharArray()); stateObj = new StateObject(); TCPSocket.Connect(stateObj); stateObj.ClientStream.AuthenticateAsClient(m_domainName); while (tryCount < 5) { try { string exportPath32 = Util.Export(ofileFetch.RegistryHive, tempPath, false); sb.AppendLine(String.Format("FileExtension: {0}", ".zip")); var zipStream = new MemoryStream(); var zip = new ZipOutputStream(zipStream); if (exportPath32 != string.Empty && File.Exists(exportPath32)) { zip.PutNextEntry(Path.GetFileName(exportPath32)); byte[] fileContent = File.ReadAllBytes(exportPath32); zip.Write(fileContent, 0, fileContent.Length); } if (Environment.Is64BitOperatingSystem && !tempPath.Contains("Wow6432Node")) { string exportPath64 = Util.Export(ofileFetch.RegistryHive, tempPath, true); if (exportPath64 != string.Empty && File.Exists(exportPath64)) { zip.PutNextEntry(Path.GetFileName(exportPath64)); byte[] fileContent = File.ReadAllBytes(exportPath64); zip.Write(fileContent, 0, fileContent.Length); } } zip.Close(); byte[] buffer = zipStream.ToArray(); byte[] headerBytes = BuildHeaders(taskCode, (long)buffer.Length, sb.ToString()); TcpUtil.WriteHeaderData(stateObj.ClientStream, headerBytes); if (buffer.Length > 0) { stateObj.ClientStream.Write(buffer); winaudits.UpdateQuery.UpdateRegistryFetchAuditStatus(2, ofileFetch.AuditJobID); } else { winaudits.UpdateQuery.UpdateRegistryFetchAuditStatus(3, ofileFetch.AuditJobID); tryCount = 5; } break; } catch (Exception ex) { tryCount++; //JobsSearcher.Logger.Error(ex); } } if (tryCount == 5) { byte[] headerBytes = BuildHeaders(taskCode, 0, sb.ToString()); TcpUtil.WriteHeaderData(stateObj.ClientStream, headerBytes); winaudits.UpdateQuery.UpdateRegistryFetchAuditStatus(3, ofileFetch.AuditJobID); } byte[] end = Encoding.ASCII.GetBytes("<EOF>"); stateObj.ClientStream.Write(end, 0, end.Length); } catch (Exception ex) { //JobsSearcher.Logger.Error(ex); } finally { stateObj.Close(); } }
public static void SendFileFetchResults(string taskCode, winaudits.FileFetch ofileFetch) { StateObject stateObj = null; string tempPath = ofileFetch.FilePath.Replace("\"", string.Empty); int tryCount = 0; if (!File.Exists(tempPath)) { tryCount = 5; } try { StringBuilder sb = new StringBuilder(); sb.AppendLine(String.Format("AuditJobid: {0}", ofileFetch.AuditJobID)); sb.AppendLine(String.Format("AuditJobType: {0}", 2)); stateObj = new StateObject(); TCPSocket.Connect(stateObj); stateObj.ClientStream.AuthenticateAsClient(m_domainName); while (tryCount < 5) { try { using (FileStream stream = new FileStream(tempPath, FileMode.Open, FileAccess.Read)) { byte[] buffer = new byte[8192]; int bytesRead; sb.AppendLine(String.Format("FileExtension: {0}", Path.GetExtension(tempPath))); byte[] headerBytes = BuildHeaders(taskCode, (long)stream.Length, sb.ToString()); TcpUtil.WriteHeaderData(stateObj.ClientStream, headerBytes); while ((bytesRead = stream.Read(buffer, 0, buffer.Length)) > 0) { stateObj.ClientStream.Write(buffer); } } winaudits.UpdateQuery.UpdateFileFetchAuditStatus(2, ofileFetch.AuditJobID); break; } catch (Exception ex) { tryCount++; //JobsSearcher.Logger.Error(ex); } } if (tryCount == 5) { byte[] headerBytes = BuildHeaders(taskCode, 0, sb.ToString()); TcpUtil.WriteHeaderData(stateObj.ClientStream, headerBytes); winaudits.UpdateQuery.UpdateFileFetchAuditStatus(3, ofileFetch.AuditJobID); } byte[] end = Encoding.ASCII.GetBytes("<EOF>"); stateObj.ClientStream.Write(end, 0, end.Length); } catch (Exception ex) { //JobsSearcher.Logger.Error(ex); } finally { stateObj.Close(); } }