public ShellItem0x30(byte[] buf)
: base(buf)
{
int off = 0x04;
Flags = unpack_byte(0x03);
FileSize = unpack_dword(off);
off += 4;
ModifiedDate = unpack_dosdate(off);
off += 4;
FileAttributes = unpack_word(off);
off += 2;
ExtensionOffset = unpack_word(Size - 2);
if (ExtensionOffset > Size)
{
throw new OverrunBufferException(ExtensionOffset, Size);
}
if ((Type & 0x04) != 0)
{
ShortName = unpack_wstring(off, ExtensionOffset - off);
}
else
{
ShortName = unpack_string(off, ExtensionOffset - off);
}
ExtensionBlockBEEF0004 ExtensionBlock = new ExtensionBlockBEEF0004(buf, ExtensionOffset + offset);
ExtensionBlocks.Add(ExtensionBlock);
}
private void ProcessGuid(byte[] rawBytes)
{
FriendlyName = "Root folder: GUID";
//TODO split this out or at least use a different icon?
var index = 2;
index += 2; // move past index and a single unknown value
var rawguid1 = new byte[16];
Array.Copy(rawBytes, index, rawguid1, 0, 16);
var rawguid = Utils.ExtractGuidFromShellItem(rawguid1);
var foldername = Utils.GetFolderNameFromGuid(rawguid);
index += 16;
if (index >= rawBytes.Length)
{
Value = foldername;
return;
}
var size = BitConverter.ToInt16(rawBytes, index);
if (size == 0)
{
index += 2;
}
if (size > rawBytes.Length)
{
Value = foldername;
return;
}
//TODO this should be the looping cut up thing
if (index < rawBytes.Length)
{
var signature = BitConverter.ToUInt32(rawBytes, index + 4);
//TODO does this need to check if its a 0xbeef?? regex?
var block = Utils.GetExtensionBlockFromBytes(signature, rawBytes.Skip(index).ToArray());
ExtensionBlocks.Add(block);
index += size;
}
Value = foldername;
}
public ShellItem0x74(byte[] buf)
: base(buf)
{
// Unknown - Empty ( 1 byte)
// Unknown - size? - 2 bytes
// CFSF - 4 bytes
Signature = unpack_dword(0x06);
// sub shell item data size - 2 bytes
int off = 0x0A;
SubItem = new FILEENTRY_FRAGMENT(buf, offset + off, this, 0x04);
off += SubItem.Size;
off += 2; // Empty extension block?
// 5e591a74-df96-48d3-8d67-1733bcee28ba
DelegateItemIdentifier = unpack_guid(off);
off += 16;
ItemClassIdentifier = unpack_guid(off);
off += 16;
ExtensionBlock = new ExtensionBlockBEEF0004(buf, offset + off);
ExtensionBlocks.Add(ExtensionBlock);
}
private void ProcessPropertyViewDefault(byte[] rawBytes)
{
FriendlyName = "Variable: Users property view";
var index = 10;
var shellPropertySheetListSize = BitConverter.ToInt16(rawBytes, index);
index += 2;
var identifiersize = BitConverter.ToInt16(rawBytes, index);
index += 2;
var identifierData = new byte[identifiersize];
Array.Copy(rawBytes, index, identifierData, 0, identifiersize);
index += identifiersize;
if (shellPropertySheetListSize > 0)
{
var propBytes = rawBytes.Skip(index).Take(shellPropertySheetListSize).ToArray();
var propStore = new PropertyStore(propBytes);
PropertyStore = propStore;
var p = propStore.Sheets.Where(t => t.PropertyNames.ContainsKey("32"));
if (p.Any())
{
//we can now look thry prop bytes for extension blocks
//TODO this is a hack until we can process vectors natively
var extOffsets = new List <int>();
try
{
var regexObj = new Regex("([0-9A-F]{2})-00-EF-BE", RegexOptions.IgnoreCase);
var matchResult = regexObj.Match(BitConverter.ToString(propBytes));
while (matchResult.Success)
{
extOffsets.Add(matchResult.Index);
matchResult = matchResult.NextMatch();
}
foreach (var extOffset in extOffsets)
{
var binaryOffset = extOffset / 3 - 4;
var exSize = BitConverter.ToInt16(propBytes, binaryOffset);
var exBytes = propBytes.Skip(binaryOffset).Take(exSize).ToArray();
var signature1 = BitConverter.ToUInt32(exBytes, 4);
var block1 = Utils.GetExtensionBlockFromBytes(signature1, exBytes);
ExtensionBlocks.Add(block1);
}
}
catch (ArgumentException ex)
{
throw ex;
// Syntax error in the regular expression
}
}
}
else
{
if (rawBytes[0x28] == 0x2f ||
rawBytes[0x24] == 0x4e && rawBytes[0x26] == 0x2f && rawBytes[0x28] == 0x41)
{
//we have a good date
var zip = new ShellBagZipContents(rawBytes);
FriendlyName = zip.FriendlyName;
LastAccessTime = zip.LastAccessTime;
Value = zip.Value;
return;
}
Debug.Write("Oh no! No property sheets!");
Value = "!!! Unable to determine Value !!!";
}
index += shellPropertySheetListSize;
index += 2; //move past end of property sheet terminator
var extBlockSize = BitConverter.ToInt16(rawBytes, index);
if (extBlockSize > 0)
{
//process extension blocks
while (extBlockSize > 0)
{
var extBytes = rawBytes.Skip(index).Take(extBlockSize).ToArray();
index += extBlockSize;
var signature1 = BitConverter.ToUInt32(extBytes, 4);
var block1 = Utils.GetExtensionBlockFromBytes(signature1, extBytes);
ExtensionBlocks.Add(block1);
extBlockSize = BitConverter.ToInt16(rawBytes, index);
}
}
int terminator = BitConverter.ToInt16(rawBytes, index);
if (terminator > 0)
{
throw new Exception($"Expected terminator of 0, but got {terminator}");
}
var valuestring = (from propertySheet in PropertyStore.Sheets
from propertyName in propertySheet.PropertyNames
where propertyName.Key == "10"
select propertyName.Value).FirstOrDefault();
if (valuestring == null)
{
var namesList =
(from propertySheet in PropertyStore.Sheets
from propertyName in propertySheet.PropertyNames
select propertyName.Value)
.ToList();
valuestring = string.Join("::", namesList.ToArray());
}
if (valuestring == "")
{
valuestring = "No Property sheet value found";
}
Value = valuestring;
}
private void ProcessPropertyViewGuid(byte[] rawBytes)
{
// this is a guid
var index = 4;
var dataSize = BitConverter.ToUInt16(rawBytes, index);
index += 2;
index += 4; // move past signature
var propertyStoreSize = BitConverter.ToUInt16(rawBytes, index);
index += 2;
Trace.Assert(propertyStoreSize == 0, "propertyStoreSize size > 0!");
var identifierSize = BitConverter.ToUInt16(rawBytes, index);
index += 2;
if (identifierSize > 0)
{
var raw00Guid = new byte[16];
Array.Copy(rawBytes, index, raw00Guid, 0, 16);
var preguid = Utils.ExtractGuidFromShellItem(raw00Guid);
var tempString = Utils.GetFolderNameFromGuid(preguid);
Value = tempString;
index += 16;
}
index += 2; // skip 2 unknown in common
if (index >= rawBytes.Length)
{
return;
}
var extBlockSize = BitConverter.ToInt16(rawBytes, index);
if (extBlockSize > 0)
{
//process extension blocks
while (extBlockSize > 0)
{
var extBytes = rawBytes.Skip(index).Take(extBlockSize).ToArray();
index += extBlockSize;
var signature1 = BitConverter.ToUInt32(extBytes, 4);
var block1 = Utils.GetExtensionBlockFromBytes(signature1, extBytes);
ExtensionBlocks.Add(block1);
if (index >= rawBytes.Length)
{
break;
}
extBlockSize = BitConverter.ToInt16(rawBytes, index);
}
}
//
// int terminator = BitConverter.ToInt16(rawBytes, index);
//
// if (terminator > 0)
// {
// throw new Exception($"Expected terminator of 0, but got {terminator}");
// }
}
private void ProcessPropertyViewDefault(byte[] rawBytes)
{
FriendlyName = "Variable: Users property view";
var index = 10;
var shellPropertySheetListSize = BitConverter.ToInt16(rawBytes, index);
index += 2;
var identifiersize = BitConverter.ToInt16(rawBytes, index);
index += 2;
if (identifiersize > rawBytes.Length)
{
index = 0xc;
var strs = CodePagesEncodingProvider.Instance.GetEncoding(1252).GetString(rawBytes, index, rawBytes.Length - index).Split('\0');
var p2 = string.Join(",", strs.Skip(1).ToList());
Value = $"{strs[0]} ({p2})";
return;
}
var identifierData = new byte[identifiersize];
Array.Copy(rawBytes, index, identifierData, 0, identifiersize);
index += identifiersize;
if (shellPropertySheetListSize > 0)
{
var propBytes = rawBytes.Skip(index).Take(shellPropertySheetListSize).ToArray();
var propStore = new PropertyStore(propBytes);
PropertyStore = propStore;
var p = propStore.Sheets.Where(t => t.PropertyNames.ContainsKey("32"));
if (p.Any())
{
//we can now look thry prop bytes for extension blocks
//TODO this is a hack until we can process vectors natively
var extOffsets = new List <int>();
try
{
var regexObj = new Regex("([0-9A-F]{2})-00-EF-BE", RegexOptions.IgnoreCase);
var matchResult = regexObj.Match(BitConverter.ToString(propBytes));
while (matchResult.Success)
{
extOffsets.Add(matchResult.Index);
matchResult = matchResult.NextMatch();
}
foreach (var extOffset in extOffsets)
{
var binaryOffset = extOffset / 3 - 4;
var exSize = BitConverter.ToInt16(propBytes, binaryOffset);
var exBytes = propBytes.Skip(binaryOffset).Take(exSize).ToArray();
var signature1 = BitConverter.ToUInt32(exBytes, 4);
//Debug.WriteLine(" 0x1f bag sig: " + signature1.ToString("X8"));
var block1 = Utils.GetExtensionBlockFromBytes(signature1, exBytes);
ExtensionBlocks.Add(block1);
}
}
catch (ArgumentException ex)
{
throw ex;
// Syntax error in the regular expression
}
// Debug.WriteLine("Found 32 key");
}
}
else
{
// Debug.Write("Oh no! No property sheets!");
// SiAuto.Main.LogWarning("Oh no! No property sheets!");
if (rawBytes[0x28] == 0x2f ||
rawBytes[0x24] == 0x4e && rawBytes[0x26] == 0x2f && rawBytes[0x28] == 0x41)
{
//we have a good date
var zip = new ShellBagZipContents(rawBytes);
FriendlyName = zip.FriendlyName;
LastAccessTime = zip.LastAccessTime;
Value = zip.Value;
return;
}
//41-75-67-4D is AugM
if (rawBytes[4] == 0x41 && rawBytes[5] == 0x75 && rawBytes[6] == 0x67 && rawBytes[7] == 0x4D)
{
var cdb = new ShellBagCDBurn(rawBytes);
Value = cdb.Value;
FriendlyName = cdb.FriendlyName;
CreatedOnTime = cdb.CreatedOnTime;
LastModificationTime = cdb.LastModificationTime;
LastAccessTime = cdb.LastAccessTime;
return;
}
Debug.Write("Oh no! No property sheets!");
Value = "!!! Unable to determine Value !!!";
}
index += shellPropertySheetListSize;
index += 2; //move past end of property sheet terminator
if (shellPropertySheetListSize > 0 && index < rawBytes.Length)
{
var extBlockSize = BitConverter.ToInt16(rawBytes, index);
if (extBlockSize > 0)
{
//process extension blocks
while (extBlockSize > 0)
{
var extBytes = rawBytes.Skip(index).Take(extBlockSize).ToArray();
index += extBlockSize;
var signature1 = BitConverter.ToUInt32(extBytes, 4);
var block1 = Utils.GetExtensionBlockFromBytes(signature1, extBytes);
ExtensionBlocks.Add(block1);
if (index >= rawBytes.Length)
{
break;
}
extBlockSize = BitConverter.ToInt16(rawBytes, index);
}
}
// int terminator = BitConverter.ToInt16(rawBytes, index);
//
// if (terminator > 0)
// {
// throw new Exception($"Expected terminator of 0, but got {terminator}");
// }
}
var valuestring = (from propertySheet in PropertyStore.Sheets
from propertyName in propertySheet.PropertyNames
where propertyName.Key == "10"
select propertyName.Value).FirstOrDefault();
if (valuestring == null)
{
var namesList =
(from propertySheet in PropertyStore.Sheets
from propertyName in propertySheet.PropertyNames
select propertyName.Value)
.ToList();
valuestring = string.Join("::", namesList.ToArray());
}
if (valuestring == "")
{
valuestring = "No Property sheet value found";
}
Value = valuestring;
}
private void ProcessPropertyViewDefault(byte[] rawBytes)
{
FriendlyName = "Users property view";
var index = 10;
var shellPropertySheetListSize = BitConverter.ToInt16(rawBytes, index);
index += 2;
var identifiersize = BitConverter.ToInt16(rawBytes, index);
index += 2;
var identifierData = new byte[identifiersize];
Array.Copy(rawBytes, index, identifierData, 0, identifiersize);
index += identifiersize;
if (shellPropertySheetListSize > 0)
{
var propBytes = rawBytes.Skip(index).Take(shellPropertySheetListSize).ToArray();
var propStore = new PropertyStore(propBytes);
PropertyStore = propStore;
var p = propStore.Sheets.Where(t => t.PropertyNames.ContainsKey("32"));
if (p.Any())
{
//we can now look thry prop bytes for extension blocks
//TODO this is a hack until we can process vectors natively
var extOffsets = new List <int>();
try
{
var regexObj = new Regex("([0-9A-F]{2})-00-EF-BE", RegexOptions.IgnoreCase);
var matchResult = regexObj.Match(BitConverter.ToString(propBytes));
while (matchResult.Success)
{
extOffsets.Add(matchResult.Index);
matchResult = matchResult.NextMatch();
}
foreach (var extOffset in extOffsets)
{
var binaryOffset = extOffset / 3 - 4;
var exSize = BitConverter.ToInt16(propBytes, binaryOffset);
var exBytes = propBytes.Skip(binaryOffset).Take(exSize).ToArray();
var signature1 = BitConverter.ToUInt32(exBytes, 4);
var block1 = Utils.GetExtensionBlockFromBytes(signature1, exBytes);
ExtensionBlocks.Add(block1);
}
}
catch (ArgumentException)
{
// Syntax error in the regular expression
}
}
}
else
{
index += shellPropertySheetListSize;
}
index += 2; //move past end of property sheet terminator
var rawguid = Utils.ExtractGuidFromShellItem(rawBytes.Skip(index).Take(16).ToArray());
index += 16;
rawguid = Utils.ExtractGuidFromShellItem(rawBytes.Skip(index).Take(16).ToArray());
index += 16;
var name = GuidMapping.GuidMapping.GetDescriptionFromGuid(rawguid);
Value = name;
var extBlockSize = BitConverter.ToInt16(rawBytes, index);
if (extBlockSize > 0)
{
//process extension blocks
while (extBlockSize > 0)
{
var extBytes = rawBytes.Skip(index).Take(extBlockSize).ToArray();
index += extBlockSize;
var signature1 = BitConverter.ToUInt32(extBytes, 4);
var block1 = Utils.GetExtensionBlockFromBytes(signature1, extBytes);
ExtensionBlocks.Add(block1);
extBlockSize = BitConverter.ToInt16(rawBytes, index);
}
}
int terminator = BitConverter.ToInt16(rawBytes, index);
if (terminator > 0)
{
throw new Exception($"Expected terminator of 0, but got {terminator}");
}
}