private static Shimcache[] GetBADC0FEE(byte[] bytes, string arch)
{
int offset = 0x80;
int count = BitConverter.ToInt32(bytes, 0x04);
Shimcache[] shimcacheArray = new Shimcache[count];
if (arch == "x86")
{
for (int i = 0; i < count; i++)
{
string path = Encoding.Unicode.GetString(bytes, BitConverter.ToInt32(bytes, offset + 0x04), BitConverter.ToInt16(bytes, offset));
DateTime lastModifiedTime = DateTime.FromFileTimeUtc(BitConverter.ToInt64(bytes, offset + 0x08));
shimcacheArray[i] = new Shimcache(path, lastModifiedTime, 0, new DateTime(0));
offset += 0x20;
}
}
else
{
for (int i = 0; i < count; i++)
{
string path = Encoding.Unicode.GetString(bytes, BitConverter.ToInt32(bytes, offset + 0x08), BitConverter.ToInt16(bytes, offset));
DateTime lastModifiedTime = DateTime.FromFileTimeUtc(BitConverter.ToInt64(bytes, offset + 0x10));
shimcacheArray[i] = new Shimcache(path, lastModifiedTime, 0, new DateTime(0));
offset += 0x30;
}
}
return(shimcacheArray);
}
private static Shimcache[] GetDEADBEEF(byte[] bytes)
{
int offset = 0x190;
int count = BitConverter.ToInt32(bytes, 0x04);
Shimcache[] shimcacheArray = new Shimcache[count];
for (int i = 0; i < count; i++)
{
string path = Encoding.Unicode.GetString(bytes, offset, 0x210).Split('\0')[0];
DateTime lastModifiedTime = DateTime.FromFileTimeUtc(BitConverter.ToInt64(bytes, offset + 0x210));
ulong size = BitConverter.ToUInt64(bytes, offset + 0x218);
DateTime lastUpTime = DateTime.FromFileTimeUtc(BitConverter.ToInt64(bytes, offset + 0x220));
shimcacheArray[i] = new Shimcache(path, lastModifiedTime, size, lastUpTime);
offset += 0x228;
}
return(shimcacheArray);
}
private static Shimcache[] GetBADC0FEE(byte[] bytes, string arch)
{
int offset = 0x80;
int count = BitConverter.ToInt32(bytes, 0x04);
Shimcache[] shimcacheArray = new Shimcache[count];
if (arch == "x86")
{
for (int i = 0; i < count; i++)
{
string path = Encoding.Unicode.GetString(bytes, BitConverter.ToInt32(bytes, offset + 0x04), BitConverter.ToInt16(bytes, offset));
DateTime lastModifiedTime = DateTime.FromFileTimeUtc(BitConverter.ToInt64(bytes, offset + 0x08));
shimcacheArray[i] = new Shimcache(path, lastModifiedTime, 0, new DateTime(0));
offset += 0x20;
}
}
else
{
for(int i = 0; i < count; i++)
{
string path = Encoding.Unicode.GetString(bytes, BitConverter.ToInt32(bytes, offset + 0x08), BitConverter.ToInt16(bytes, offset));
DateTime lastModifiedTime = DateTime.FromFileTimeUtc(BitConverter.ToInt64(bytes, offset + 0x10));
shimcacheArray[i] = new Shimcache(path, lastModifiedTime, 0, new DateTime(0));
offset += 0x30;
}
}
return shimcacheArray;
}
private static Shimcache[] GetDEADBEEF(byte[] bytes)
{
int offset = 0x190;
int count = BitConverter.ToInt32(bytes, 0x04);
Shimcache[] shimcacheArray = new Shimcache[count];
for (int i = 0; i < count; i++)
{
string path = Encoding.Unicode.GetString(bytes, offset, 0x210).Split('\0')[0];
DateTime lastModifiedTime = DateTime.FromFileTimeUtc(BitConverter.ToInt64(bytes, offset + 0x210));
ulong size = BitConverter.ToUInt64(bytes, offset + 0x218);
DateTime lastUpTime = DateTime.FromFileTimeUtc(BitConverter.ToInt64(bytes, offset + 0x220));
shimcacheArray[i] = new Shimcache(path, lastModifiedTime, size, lastUpTime);
offset += 0x228;
}
return shimcacheArray;
}
public static Shimcache[] GetInstances(string volume)
{
return(Shimcache.GetInstancesByPath(Util.GetVolumeLetter(volume) + @"\Windows\system32\config\SYSTEM"));
}
/// <summary>
///
/// </summary>
/// <param name="volume"></param>
/// <returns></returns>
public static Shimcache[] GetInstances(string volume)
{
Helper.getVolumeName(ref volume);
return(Shimcache.GetInstancesByPath(Helper.GetVolumeLetter(volume) + @"\Windows\system32\config\SYSTEM"));
}
public static byte[] Get()
{
return(Shimcache.Get(@"C:\Windows\system32\config\SYSTEM"));
}