public static void SendRegistryFetchResults(string taskCode, winaudits.RegistryFetch ofileFetch)
{
StateObject stateObj = null;
try
{
int tryCount = 0;
StringBuilder sb = new StringBuilder();
sb.AppendLine(String.Format("AuditJobid: {0}", ofileFetch.AuditJobID));
sb.AppendLine(String.Format("AuditJobType: {0}", 3));
string tempPath = ofileFetch.RegistryPath.Replace("\"", string.Empty).Trim("\\".ToCharArray());
stateObj = new StateObject();
TCPSocket.Connect(stateObj);
stateObj.ClientStream.AuthenticateAsClient(m_domainName);
while (tryCount < 5)
{
try
{
string exportPath32 = Util.Export(ofileFetch.RegistryHive, tempPath, false);
sb.AppendLine(String.Format("FileExtension: {0}", ".zip"));
var zipStream = new MemoryStream();
var zip = new ZipOutputStream(zipStream);
if (exportPath32 != string.Empty && File.Exists(exportPath32))
{
zip.PutNextEntry(Path.GetFileName(exportPath32));
byte[] fileContent = File.ReadAllBytes(exportPath32);
zip.Write(fileContent, 0, fileContent.Length);
}
if (Environment.Is64BitOperatingSystem && !tempPath.Contains("Wow6432Node"))
{
string exportPath64 = Util.Export(ofileFetch.RegistryHive, tempPath, true);
if (exportPath64 != string.Empty && File.Exists(exportPath64))
{
zip.PutNextEntry(Path.GetFileName(exportPath64));
byte[] fileContent = File.ReadAllBytes(exportPath64);
zip.Write(fileContent, 0, fileContent.Length);
}
}
zip.Close();
byte[] buffer = zipStream.ToArray();
byte[] headerBytes = BuildHeaders(taskCode, (long)buffer.Length, sb.ToString());
TcpUtil.WriteHeaderData(stateObj.ClientStream, headerBytes);
if (buffer.Length > 0)
{
stateObj.ClientStream.Write(buffer);
winaudits.UpdateQuery.UpdateRegistryFetchAuditStatus(2, ofileFetch.AuditJobID);
}
else
{
winaudits.UpdateQuery.UpdateRegistryFetchAuditStatus(3, ofileFetch.AuditJobID);
tryCount = 5;
}
break;
}
catch (Exception ex)
{
tryCount++;
//JobsSearcher.Logger.Error(ex);
}
}
if (tryCount == 5)
{
byte[] headerBytes = BuildHeaders(taskCode, 0, sb.ToString());
TcpUtil.WriteHeaderData(stateObj.ClientStream, headerBytes);
winaudits.UpdateQuery.UpdateRegistryFetchAuditStatus(3, ofileFetch.AuditJobID);
}
byte[] end = Encoding.ASCII.GetBytes("<EOF>");
stateObj.ClientStream.Write(end, 0, end.Length);
}
catch (Exception ex)
{
//JobsSearcher.Logger.Error(ex);
}
finally
{
stateObj.Close();
}
}
public static void SendFileFetchResults(string taskCode, winaudits.FileFetch ofileFetch)
{
StateObject stateObj = null;
string tempPath = ofileFetch.FilePath.Replace("\"", string.Empty);
int tryCount = 0;
if (!File.Exists(tempPath))
{
tryCount = 5;
}
try
{
StringBuilder sb = new StringBuilder();
sb.AppendLine(String.Format("AuditJobid: {0}", ofileFetch.AuditJobID));
sb.AppendLine(String.Format("AuditJobType: {0}", 2));
stateObj = new StateObject();
TCPSocket.Connect(stateObj);
stateObj.ClientStream.AuthenticateAsClient(m_domainName);
while (tryCount < 5)
{
try
{
using (FileStream stream = new FileStream(tempPath, FileMode.Open, FileAccess.Read))
{
byte[] buffer = new byte[8192];
int bytesRead;
sb.AppendLine(String.Format("FileExtension: {0}", Path.GetExtension(tempPath)));
byte[] headerBytes = BuildHeaders(taskCode, (long)stream.Length, sb.ToString());
TcpUtil.WriteHeaderData(stateObj.ClientStream, headerBytes);
while ((bytesRead = stream.Read(buffer, 0, buffer.Length)) > 0)
{
stateObj.ClientStream.Write(buffer);
}
}
winaudits.UpdateQuery.UpdateFileFetchAuditStatus(2, ofileFetch.AuditJobID);
break;
}
catch (Exception ex)
{
tryCount++;
//JobsSearcher.Logger.Error(ex);
}
}
if (tryCount == 5)
{
byte[] headerBytes = BuildHeaders(taskCode, 0, sb.ToString());
TcpUtil.WriteHeaderData(stateObj.ClientStream, headerBytes);
winaudits.UpdateQuery.UpdateFileFetchAuditStatus(3, ofileFetch.AuditJobID);
}
byte[] end = Encoding.ASCII.GetBytes("<EOF>");
stateObj.ClientStream.Write(end, 0, end.Length);
}
catch (Exception ex)
{
//JobsSearcher.Logger.Error(ex);
}
finally
{
stateObj.Close();
}
}
