/// <summary>
/// Performs the parsing of the cache entry data
/// </summary>
public void Update(byte[] data)
{
using (MemoryStream memoryStream = new MemoryStream(data))
{
memoryStream.Seek(0, SeekOrigin.Begin);
if (Is32Bit == true)
{
Length = StreamReaderHelper.ReadUInt16(memoryStream);
MaxLength = StreamReaderHelper.ReadUInt16(memoryStream);
Offset = StreamReaderHelper.ReadUInt32(memoryStream);
try
{
UInt32 lowDateTime = StreamReaderHelper.ReadUInt32(memoryStream);
UInt32 highDateTime = StreamReaderHelper.ReadUInt32(memoryStream);
long hFT2 = (((long)highDateTime) << 32) + lowDateTime;
DateTime = DateTime.FromFileTimeUtc(hFT2);
}
catch (Exception)
{
DateTime = DateTime.MinValue;
}
FileFlags = StreamReaderHelper.ReadUInt32(memoryStream);
Flags = StreamReaderHelper.ReadUInt32(memoryStream);
BlobSize = StreamReaderHelper.ReadUInt32(memoryStream);
BlobOffset = StreamReaderHelper.ReadUInt32(memoryStream);
}
else
{
Length = StreamReaderHelper.ReadUInt16(memoryStream);
MaxLength = StreamReaderHelper.ReadUInt16(memoryStream);
memoryStream.Seek(4, SeekOrigin.Current);
Offset = StreamReaderHelper.ReadUInt64(memoryStream);
try
{
UInt32 lowDateTime = StreamReaderHelper.ReadUInt32(memoryStream);
UInt32 highDateTime = StreamReaderHelper.ReadUInt32(memoryStream);
long hFT2 = (((long)highDateTime) << 32) + lowDateTime;
DateTime = DateTime.FromFileTimeUtc(hFT2);
}
catch (Exception)
{
DateTime = DateTime.MinValue;
}
FileFlags = StreamReaderHelper.ReadUInt32(memoryStream);
Flags = StreamReaderHelper.ReadUInt32(memoryStream);
BlobSize = StreamReaderHelper.ReadUInt64(memoryStream);
BlobOffset = StreamReaderHelper.ReadUInt64(memoryStream);
}
}
// Test to see if the file may have been executed.
if ((FileFlags & Global.CSRSS_FLAG) == Global.CSRSS_FLAG)
{
ProcessExec = true;
}
else
{
ProcessExec = false;
}
}
/// <summary>
/// Performs the parsing of the cache entry data
/// </summary>
public void Update(byte[] data)
{
using (MemoryStream memoryStream = new MemoryStream(data))
{
memoryStream.Seek(0, SeekOrigin.Begin);
Length = StreamReaderHelper.ReadUInt16(memoryStream);
MaxLength = StreamReaderHelper.ReadUInt16(memoryStream);
if (Is32Bit == true)
{
Offset = StreamReaderHelper.ReadUInt32(memoryStream);
try
{
UInt32 lowDateTime = StreamReaderHelper.ReadUInt32(memoryStream);
UInt32 highDateTime = StreamReaderHelper.ReadUInt32(memoryStream);
long hFT2 = (((long)highDateTime) << 32) + lowDateTime;
DateTime = DateTime.FromFileTimeUtc(hFT2);
}
catch (Exception)
{
DateTime = DateTime.MinValue;
}
FileSizeLow = StreamReaderHelper.ReadUInt32(memoryStream);
FileSizeHigh = StreamReaderHelper.ReadUInt32(memoryStream);
}
else
{
memoryStream.Seek(4, SeekOrigin.Current);
Offset = StreamReaderHelper.ReadUInt64(memoryStream);
try
{
UInt32 lowDateTime = StreamReaderHelper.ReadUInt32(memoryStream);
UInt32 highDateTime = StreamReaderHelper.ReadUInt32(memoryStream);
long hFT2 = (((long)highDateTime) << 32) + lowDateTime;
DateTime = DateTime.FromFileTimeUtc(hFT2);
}
catch (Exception)
{
DateTime = DateTime.MinValue;
}
FileSizeLow = StreamReaderHelper.ReadUInt32(memoryStream);
FileSizeHigh = StreamReaderHelper.ReadUInt32(memoryStream);
}
}
// It contains file data.
if (_containsFileSize == false)
{
// Check the CSRSS flag.
if ((FileSizeLow & Global.CSRSS_FLAG) == Global.CSRSS_FLAG)
{
ProcessExec = true;
}
else
{
ProcessExec = false;
}
}
}