public void OneOff()
{
var config = new LoggingConfiguration();
var loglevel = LogLevel.Info;
var layout = @"${message}";
var consoleTarget = new ColoredConsoleTarget();
config.AddTarget("console", consoleTarget);
consoleTarget.Layout = layout;
var rule1 = new LoggingRule("*", loglevel, consoleTarget);
config.LoggingRules.Add(rule1);
LogManager.Configuration = config;
var r = new RegistryHive(@"C:\Users\eric\Desktop\SOFTWARE_clean");
r.RecoverDeleted = true;
r.ParseHive();
var l = LogManager.GetCurrentClassLogger();
var foo = r.FindInValueDataSlack("info.exe", false, false);
foreach (var searchHit in foo)
{
l.Info(searchHit);
}
}
public void ShouldFind4HitsFor320033003200InValueDataSlack()
{
var usrClass1 = new RegistryHive(@"..\..\..\Hives\UsrClass 1.dat");
usrClass1.RecoverDeleted = true;
usrClass1.FlushRecordListsAfterParse = false;
usrClass1.ParseHive();
var hits = usrClass1.FindInValueDataSlack("32-00-33-00-32-00", false, true).ToList();
Check.That(hits.Count).IsEqualTo(6);
}
public void OneOff()
{
var config = new LoggingConfiguration();
var loglevel = LogLevel.Info;
var layout = @"${message}";
var consoleTarget = new ColoredConsoleTarget();
config.AddTarget("console", consoleTarget);
consoleTarget.Layout = layout;
var rule1 = new LoggingRule("*", loglevel, consoleTarget);
config.LoggingRules.Add(rule1);
LogManager.Configuration = config;
var r = new RegistryHive(@"D:\temp\aaaa\amcache.hve");
r.RecoverDeleted = true;
var l1 = new List <string>();
l1.Add(@"D:\temp\aaaa\amcache.hve.log1");
l1.Add(@"D:\temp\aaaa\amcache.hve.log2");
r.ProcessTransactionLogs(l1, true);
r.ParseHive();
var l = LogManager.GetCurrentClassLogger();
var foo = r.FindInValueDataSlack("info.exe", false, false);
foreach (var searchHit in foo)
{
l.Info(searchHit);
}
}