public Windows7(byte[] rawBytes, bool is32Bit, string computerName)
{
Entries = new List<CacheEntry>();
var index = 4;
var cacheItems = BitConverter.ToUInt32(rawBytes, index);
index = 128;
var position = 0;
if ((is32Bit))
{
while (index <= rawBytes.Length)
{
try
{
var ce = new CacheEntry();
ce.ComputerName = computerName;
ce.PathSize = BitConverter.ToUInt16(rawBytes, index);
index += 2;
var maxPathSize = BitConverter.ToUInt16(rawBytes, index);
index += 2;
var pathOffset = BitConverter.ToInt32(rawBytes, index);
index += 4;
ce.LastModifiedTimeLocal =
DateTimeOffset.FromFileTime(BitConverter.ToInt64(rawBytes, index));
ce.LastModifiedTimeUTC =
DateTimeOffset.FromFileTime(BitConverter.ToInt64(rawBytes, index)).ToUniversalTime();
index += 8;
// skip 4 unknown (insertion flags?)
var Flag = BitConverter.ToInt32(rawBytes, index);
Flag = Flag & 2;
if (Flag == 2)
ce.Flag = "Executed";
index += 4;
// skip 4 unknown (shim flags?)
index += 4;
var ceDataSize = BitConverter.ToUInt32(rawBytes, index);
index += 4;
var dataOffset = BitConverter.ToUInt32(rawBytes, index);
index += 4;
ce.Path = Encoding.Unicode.GetString(rawBytes, pathOffset, ce.PathSize);
ce.CacheEntryPosition = position;
Entries.Add(ce);
position += 1;
if (Entries.Count == cacheItems)
{
break;
}
}
catch (Exception ex)
{
//TODO Report this
Debug.WriteLine(ex.Message);
//take what we can get
break;
}
}
}
else
{
while (index <= rawBytes.Length)
{
try
{
var ce = new CacheEntry();
ce.ComputerName = computerName;
ce.PathSize = BitConverter.ToUInt16(rawBytes, index);
index += 2;
var maxPathSize = BitConverter.ToUInt16(rawBytes, index);
index += 2;
// skip 4 unknown (padding)
index += 4;
var pathOffset = BitConverter.ToInt64(rawBytes, index);
index += 8;
ce.LastModifiedTimeLocal =
DateTimeOffset.FromFileTime(BitConverter.ToInt64(rawBytes, index));
ce.LastModifiedTimeUTC =
DateTimeOffset.FromFileTime(BitConverter.ToInt64(rawBytes, index)).ToUniversalTime();
index += 8;
// skip 4 unknown (insertion flags?)
var Flag = BitConverter.ToInt32(rawBytes, index);
Flag = Flag & 2;
if(Flag == 2)
ce.Flag = "Executed";
index += 4;
// skip 4 unknown (shim flags?)
index += 4;
var ceDataSize = BitConverter.ToUInt64(rawBytes, index);
index += 8;
var dataOffset = BitConverter.ToUInt64(rawBytes, index);
index += 8;
ce.Path = Encoding.Unicode.GetString(rawBytes, (int) pathOffset, ce.PathSize);
ce.CacheEntryPosition = position;
Entries.Add(ce);
position += 1;
if (Entries.Count == cacheItems)
{
break;
}
}
catch (Exception ex)
{
//TODO Report this
//take what we can get
break;
}
}
}
}
public WindowsXP(byte[] rawBytes, bool is32Bit, string computerName)
{
Entries = new List<CacheEntry>();
var index = 4;
var cacheItems = BitConverter.ToUInt32(rawBytes, index);
index += 4;
var lruArrauEntries = BitConverter.ToUInt32(rawBytes, index);
index += 4;
index = 400;
var position = 0;
if ((is32Bit))
{
while (index <= rawBytes.Length)
{
try
{
var ce = new CacheEntry();
ce.PathSize = 528;
ce.Path = Encoding.Unicode.GetString(rawBytes, index, ce.PathSize).Replace('\0', ' ').Trim();
index += 528;
ce.LastModifiedTimeLocal =
DateTimeOffset.FromFileTime(BitConverter.ToInt64(rawBytes, index));
ce.LastModifiedTimeUTC =
DateTimeOffset.FromFileTime(BitConverter.ToInt64(rawBytes, index)).ToUniversalTime();
index += 8;
var fileSize = BitConverter.ToUInt64(rawBytes, index);
index += 8;
// ce.LastModifiedTimeUTC =
// DateTimeOffset.FromFileTime(BitConverter.ToInt64(rawBytes, index)).ToUniversalTime();
//this is last update time, its not reported yet
index += 8;
if (ce.LastModifiedTimeUTC.Year == 1601)
{
break;
}
ce.CacheEntryPosition = position;
Entries.Add(ce);
position += 1;
if (Entries.Count == cacheItems)
{
break;
}
}
catch (Exception ex)
{
//TODO Report this
//take what we can get
break;
}
}
}
else
{
throw new Exception("64 bit XP support not available. send the hive to [email protected] so support can be added");
while (index <= rawBytes.Length)
{
try
{
var ce = new CacheEntry();
ce.PathSize = BitConverter.ToUInt16(rawBytes, index);
index += 2;
var maxPathSize = BitConverter.ToUInt16(rawBytes, index);
index += 2;
var pathOffset = BitConverter.ToInt32(rawBytes, index);
index += 4;
ce.LastModifiedTimeUTC =
DateTimeOffset.FromFileTime(BitConverter.ToInt64(rawBytes, index)).ToUniversalTime();
index += 8;
// skip 4 unknown (insertion flags?)
index += 4;
// skip 4 unknown (shim flags?)
index += 4;
var ceDataSize = BitConverter.ToUInt32(rawBytes, index);
index += 4;
var dataOffset = BitConverter.ToUInt32(rawBytes, index);
index += 4;
ce.Path = Encoding.Unicode.GetString(rawBytes, pathOffset, ce.PathSize);
if (ce.LastModifiedTimeUTC.Year == 1601)
{
break;
}
ce.CacheEntryPosition = position;
Entries.Add(ce);
position += 1;
if (Entries.Count == cacheItems)
{
break;
}
}
catch (Exception ex)
{
//TODO Report this
Debug.WriteLine(ex.Message);
//take what we can get
break;
}
}
}
}
public Windows8x(byte[] rawBytes, AppCompatCache.OperatingSystemVersion os, string computerName)
{
Entries = new List<CacheEntry>();
var index = 128;
var signature = "00ts";
if (os == AppCompatCache.OperatingSystemVersion.Windows81_Windows2012R2)
{
signature = "10ts";
}
var position = 0;
while (index <= rawBytes.Length)
{
try
{
var ce = new CacheEntry
{
Signature = Encoding.ASCII.GetString(rawBytes, index, 4)
};
if (ce.Signature != signature)
{
break;
}
ce.ComputerName = computerName;
index += 4;
// skip 4 unknown
index += 4;
var ceDataSize = BitConverter.ToUInt32(rawBytes, index);
index += 4;
ce.PathSize = BitConverter.ToUInt16(rawBytes, index);
index += 2;
ce.Path = Encoding.Unicode.GetString(rawBytes, index, ce.PathSize);
index += ce.PathSize;
// skip 4 unknown (insertion flags?)
var Flag = BitConverter.ToInt32(rawBytes, index);
Flag = Flag & 2;
if (Flag == 2)
ce.Flag = "Executed";
index += 4;
// skip 4 unknown (shim flags?)
index += 4;
// skip 2 unknown
index += 2;
ce.LastModifiedTimeLocal =
DateTimeOffset.FromFileTime(BitConverter.ToInt64(rawBytes, index));
ce.LastModifiedTimeUTC =
DateTimeOffset.FromFileTime(BitConverter.ToInt64(rawBytes, index)).ToUniversalTime();
index += 8;
ce.DataSize = BitConverter.ToInt32(rawBytes, index);
index += 4;
ce.Data = rawBytes.Skip(index).Take(ce.DataSize).ToArray();
index += ce.DataSize;
ce.CacheEntryPosition = position;
Entries.Add(ce);
position += 1;
}
catch (Exception ex)
{
//TODO report this
//take what we can get
break;
}
}
}
public Windows10(byte[] rawBytes, int controlSet)
{
Entries = new List <CacheEntry>();
ExpectedEntries = 0;
var offsetToRecords = BitConverter.ToInt32(rawBytes, 0);
ExpectedEntries = BitConverter.ToInt32(rawBytes, 0x24);
if (offsetToRecords == 0x34)
{
ExpectedEntries = BitConverter.ToInt32(rawBytes, 0x28);
}
var index = offsetToRecords;
ControlSet = controlSet;
EntryCount = -1;
var position = 0;
while (index < rawBytes.Length)
{
try
{
var ce = new CacheEntry
{
Signature = Encoding.ASCII.GetString(rawBytes, index, 4)
};
if (ce.Signature != "10ts")
{
break;
}
index += 4;
// skip 4 unknown
index += 4;
var ceDataSize = BitConverter.ToUInt32(rawBytes, index);
index += 4;
ce.PathSize = BitConverter.ToUInt16(rawBytes, index);
index += 2;
ce.Path = Encoding.Unicode.GetString(rawBytes, index, ce.PathSize).Replace(@"\??\", "");
index += ce.PathSize;
ce.LastModifiedTimeUTC =
DateTimeOffset.FromFileTime(BitConverter.ToInt64(rawBytes, index)).ToUniversalTime();
index += 8;
ce.DataSize = BitConverter.ToInt32(rawBytes, index);
index += 4;
ce.Data = rawBytes.Skip(index).Take(ce.DataSize).ToArray();
index += ce.DataSize;
ce.Executed = AppCompatCache.Execute.NA;
ce.ControlSet = controlSet;
ce.CacheEntryPosition = position;
Entries.Add(ce);
position += 1;
}
catch (Exception ex)
{
var _log = LogManager.GetCurrentClassLogger();
_log.Error($"Error parsing cache entry. Position: {position} Index: {index}, Error: {ex.Message} ");
//TODO Report this
//take what we can get
break;
}
}
}
public Windows8x(byte[] rawBytes, AppCompatCache.OperatingSystemVersion os, int controlSet, string computerName)
{
Entries = new List <CacheEntry>();
var index = 128;
var signature = "00ts";
ControlSet = controlSet;
EntryCount = -1;
if (os == AppCompatCache.OperatingSystemVersion.Windows81_Windows2012R2)
{
signature = "10ts";
}
var position = 0;
while (index < rawBytes.Length)
{
try
{
var ce = new CacheEntry
{
Signature = Encoding.ASCII.GetString(rawBytes, index, 4)
};
if (ce.Signature != signature)
{
break;
}
ce.ComputerName = computerName;
index += 4;
// skip 4 unknown
index += 4;
var ceDataSize = BitConverter.ToUInt32(rawBytes, index);
index += 4;
ce.PathSize = BitConverter.ToUInt16(rawBytes, index);
index += 2;
ce.Path = Encoding.Unicode.GetString(rawBytes, index, ce.PathSize).Replace(@"\??\", "");
index += ce.PathSize;
var packageLen = BitConverter.ToUInt16(rawBytes, index);
index += 2;
//skip package data
index += packageLen;
// skip 4 unknown (insertion flags?)
ce.InsertFlags = (AppCompatCache.InsertFlag)BitConverter.ToInt32(rawBytes, index);
index += 4;
// skip 4 unknown (shim flags?)
index += 4;
ce.LastModified =
DateTimeOffset.FromFileTime(BitConverter.ToInt64(rawBytes, index));
ce.TimeZone = ce.LastModified.ToString("zzz");
index += 8;
ce.DataSize = BitConverter.ToInt32(rawBytes, index);
index += 4;
ce.Data = rawBytes.Skip(index).Take(ce.DataSize).ToArray();
index += ce.DataSize;
if ((ce.InsertFlags & AppCompatCache.InsertFlag.Executed) == AppCompatCache.InsertFlag.Executed)
{
ce.Flag = AppCompatCache.Execute.Executed;
}
else
{
ce.Flag = AppCompatCache.Execute.Unknown;
}
ce.ControlSet = controlSet;
ce.EntryPosition = position;
Entries.Add(ce);
position += 1;
}
catch (Exception ex)
{
//TODO report this
//take what we can get
Console.Error.WriteLine($"Error parsing cache entry. Position: {position} Index: {index}, Error: {ex.Message} ");
break;
}
}
}
public Windows8x(byte[] rawBytes, AppCompatCache.OperatingSystemVersion os)
{
Entries = new List <CacheEntry>();
var index = 128;
var signature = "00ts";
if (os == AppCompatCache.OperatingSystemVersion.Windows81_Windows2012R2)
{
signature = "10ts";
}
var position = 0;
while (index <= rawBytes.Length)
{
try
{
var ce = new CacheEntry
{
Signature = Encoding.ASCII.GetString(rawBytes, index, 4)
};
if (ce.Signature != signature)
{
break;
}
index += 4;
// skip 4 unknown
index += 4;
var ceDataSize = BitConverter.ToUInt32(rawBytes, index);
index += 4;
ce.PathSize = BitConverter.ToUInt16(rawBytes, index);
index += 2;
ce.Path = Encoding.Unicode.GetString(rawBytes, index, ce.PathSize);
index += ce.PathSize;
// skip 4 unknown (insertion flags?)
index += 4;
// skip 4 unknown (shim flags?)
index += 4;
// skip 2 unknown
index += 2;
ce.LastModifiedTimeUTC =
DateTimeOffset.FromFileTime(BitConverter.ToInt64(rawBytes, index)).ToUniversalTime();
index += 8;
ce.DataSize = BitConverter.ToInt32(rawBytes, index);
index += 4;
ce.Data = rawBytes.Skip(index).Take(ce.DataSize).ToArray();
index += ce.DataSize;
ce.CacheEntryPosition = position;
Entries.Add(ce);
position += 1;
}
catch (Exception ex)
{
//TODO report this
//take what we can get
break;
}
}
}
public Windows10(byte[] rawBytes, string computerName)
{
Entries = new List<CacheEntry>();
var index = 48;
var position = 0;
while (index <= rawBytes.Length)
{
try
{
var ce = new CacheEntry
{
Signature = Encoding.ASCII.GetString(rawBytes, index, 4)
};
if (ce.Signature != "10ts")
{
break;
}
ce.ComputerName = computerName;
index += 4;
// skip 4 unknown
index += 4;
var ceDataSize = BitConverter.ToUInt32(rawBytes, index);
index += 4;
ce.PathSize = BitConverter.ToUInt16(rawBytes, index);
index += 2;
ce.Path = Encoding.Unicode.GetString(rawBytes, index, ce.PathSize);
index += ce.PathSize;
ce.LastModifiedTimeLocal =
DateTimeOffset.FromFileTime(BitConverter.ToInt64(rawBytes, index));
ce.LastModifiedTimeUTC =
DateTimeOffset.FromFileTime(BitConverter.ToInt64(rawBytes, index)).ToUniversalTime();
index += 8;
ce.DataSize = BitConverter.ToInt32(rawBytes, index);
index += 4;
ce.Data = rawBytes.Skip(index).Take(ce.DataSize).ToArray();
index += ce.DataSize;
ce.CacheEntryPosition = position;
Entries.Add(ce);
position += 1;
}
catch (Exception ex)
{
//TODO Report this
//take what we can get
break;
}
}
}
public WindowsXP(byte[] rawBytes, bool is32Bit, int controlSet)
{
Entries = new List <CacheEntry>();
var index = 4;
ControlSet = controlSet;
EntryCount = BitConverter.ToInt32(rawBytes, index);
index += 4;
var lruArrauEntries = BitConverter.ToUInt32(rawBytes, index);
index += 4;
index = 400;
var position = 0;
var log1 = LogManager.GetCurrentClassLogger();
log1.Debug($@"**** 32 bit system?: {is32Bit}");
log1.Debug($@"**** EntryCount found: {EntryCount}");
if (EntryCount == 0)
{
return;
}
if (is32Bit)
{
while (index < rawBytes.Length)
{
try
{
log1.Debug($@"**** At index position: {index}");
var ce = new CacheEntry {
PathSize = 528
};
ce.Path = Encoding.Unicode.GetString(rawBytes, index, ce.PathSize).Split('\0').First().Replace('\0', ' ').Trim().Replace(@"\??\", "");
index += 528;
ce.LastModifiedTimeUTC =
DateTimeOffset.FromFileTime(BitConverter.ToInt64(rawBytes, index)).ToUniversalTime();
index += 8;
var fileSize = BitConverter.ToUInt64(rawBytes, index);
index += 8;
// ce.LastModifiedTimeUTC =
// DateTimeOffset.FromFileTime(BitConverter.ToInt64(rawBytes, index)).ToUniversalTime();
//this is last update time, its not reported yet
index += 8;
if (ce.LastModifiedTimeUTC.Year == 1601)
{
break;
}
ce.CacheEntryPosition = position;
ce.ControlSet = controlSet;
ce.Executed = AppCompatCache.Execute.NA;
log1.Debug($@"**** Adding cache entry for '{ce.Path}' to Entries");
Entries.Add(ce);
position += 1;
if (Entries.Count == EntryCount)
{
break;
}
}
catch (Exception ex)
{
var _log = LogManager.GetCurrentClassLogger();
_log.Error(
$"Error parsing cache entry. Position: {position} Index: {index}, Error: {ex.Message} ");
//TODO Report this
if (Entries.Count < EntryCount)
{
throw;
}
//take what we can get
break;
}
}
}
else
{
throw new Exception(
"64 bit XP support not available. send the hive to [email protected] so support can be added");
// while (index < rawBytes.Length)
// {
// try
// {
// var ce = new CacheEntry {PathSize = BitConverter.ToUInt16(rawBytes, index)};
//
// index += 2;
//
// var maxPathSize = BitConverter.ToUInt16(rawBytes, index);
// index += 2;
//
//
// var pathOffset = BitConverter.ToInt32(rawBytes, index);
// index += 4;
//
// ce.LastModifiedTimeUTC =
// DateTimeOffset.FromFileTime(BitConverter.ToInt64(rawBytes, index)).ToUniversalTime();
// index += 8;
//
// // skip 4 unknown (insertion flags?)
// index += 4;
//
// // skip 4 unknown (shim flags?)
// index += 4;
//
// var ceDataSize = BitConverter.ToUInt32(rawBytes, index);
// index += 4;
//
// var dataOffset = BitConverter.ToUInt32(rawBytes, index);
// index += 4;
//
// ce.Path = Encoding.Unicode.GetString(rawBytes, pathOffset, ce.PathSize);
//
// if (ce.LastModifiedTimeUTC.Year == 1601)
// {
// break;
// }
//
// ce.CacheEntryPosition = position;
// Entries.Add(ce);
// position += 1;
//
//
// if (Entries.Count == EntryCount)
// {
// break;
// }
// }
// catch (Exception ex)
// {
// //TODO Report this
// Debug.WriteLine(ex.Message);
// //take what we can get
// break;
// }
// }
}
}
public VistaWin2k3Win2k8(byte[] rawBytes, bool is32Bit, int controlSet)
{
Entries = new List <CacheEntry>();
var index = 4;
ControlSet = controlSet;
EntryCount = BitConverter.ToInt32(rawBytes, index);
index = 8;
var position = 0;
if (EntryCount == 0)
{
return;;
}
if (is32Bit)
{
while (index < rawBytes.Length)
{
try
{
var ce = new CacheEntry();
ce.PathSize = BitConverter.ToUInt16(rawBytes, index);
index += 2;
var maxPathSize = BitConverter.ToUInt16(rawBytes, index);
index += 2;
var pathOffset = BitConverter.ToInt32(rawBytes, index);
index += 4;
ce.LastModifiedTimeUTC =
DateTimeOffset.FromFileTime(BitConverter.ToInt64(rawBytes, index)).ToUniversalTime();
index += 8;
// skip 4 unknown (insertion flags?)
ce.InsertFlags = (AppCompatCache.InsertFlag)BitConverter.ToInt32(rawBytes, index);
index += 4;
// skip 4 unknown (shim flags?)
index += 4;
ce.Path = Encoding.Unicode.GetString(rawBytes, pathOffset, ce.PathSize).Replace(@"\??\", "");
// if ((ce.InsertFlags & AppCompatCache.InsertFlag.Executed) == AppCompatCache.InsertFlag.Executed)
// {
// ce.Executed = AppCompatCache.Execute.Yes;
// }
// else
// {
// ce.Executed = AppCompatCache.Execute.No;
// }
ce.Executed = AppCompatCache.Execute.NA;
ce.CacheEntryPosition = position;
ce.ControlSet = controlSet;
Entries.Add(ce);
position += 1;
if (Entries.Count == EntryCount)
{
break;
}
}
catch (Exception ex)
{
var _log = LogManager.GetCurrentClassLogger();
_log.Error(
$"Error parsing cache entry. Position: {position} Index: {index}, Error: {ex.Message} ");
if (Entries.Count < EntryCount)
{
throw;
}
//TODO Report this
Debug.WriteLine(ex.Message);
//take what we can get
break;
}
}
}
else
{
while (index < rawBytes.Length)
{
try
{
var ce1 = new CacheEntry();
ce1.PathSize = BitConverter.ToUInt16(rawBytes, index);
index += 2;
var maxPathSize = BitConverter.ToUInt16(rawBytes, index);
index += 2;
// skip 4 unknown (padding)
index += 4;
var pathOffset = BitConverter.ToInt64(rawBytes, index);
index += 8;
ce1.LastModifiedTimeUTC =
DateTimeOffset.FromFileTime(BitConverter.ToInt64(rawBytes, index)).ToUniversalTime();
index += 8;
// skip 4 unknown (insertion flags?)
ce1.InsertFlags = (AppCompatCache.InsertFlag)BitConverter.ToInt32(rawBytes, index);
index += 4;
// skip 4 unknown (shim flags?)
index += 4;
// var ceDataSize = BitConverter.ToUInt64(rawBytes, index);
// index += 8;
//
// var dataOffset = BitConverter.ToUInt64(rawBytes, index);
// index += 8;
ce1.Path = Encoding.Unicode.GetString(rawBytes, (int)pathOffset, ce1.PathSize).Replace(@"\??\", "");
if ((ce1.InsertFlags & AppCompatCache.InsertFlag.Executed) == AppCompatCache.InsertFlag.Executed)
{
ce1.Executed = AppCompatCache.Execute.Yes;
}
else
{
ce1.Executed = AppCompatCache.Execute.No;
}
ce1.CacheEntryPosition = position;
ce1.ControlSet = controlSet;
Entries.Add(ce1);
position += 1;
if (Entries.Count == EntryCount)
{
break;
}
}
catch (Exception ex)
{
var _log = LogManager.GetCurrentClassLogger();
_log.Error(
$"Error parsing cache entry. Position: {position} Index: {index}, Error: {ex.Message} ");
//TODO Report this
if (Entries.Count < EntryCount)
{
throw;
}
//take what we can get
break;
}
}
}
}
public Windows7(byte[] rawBytes, bool is32Bit)
{
Entries = new List <CacheEntry>();
var index = 4;
var cacheItems = BitConverter.ToUInt32(rawBytes, index);
index = 128;
var position = 0;
if (is32Bit)
{
while (index <= rawBytes.Length)
{
try
{
var ce = new CacheEntry();
ce.PathSize = BitConverter.ToUInt16(rawBytes, index);
index += 2;
var maxPathSize = BitConverter.ToUInt16(rawBytes, index);
index += 2;
var pathOffset = BitConverter.ToInt32(rawBytes, index);
index += 4;
ce.LastModifiedTimeUTC =
DateTimeOffset.FromFileTime(BitConverter.ToInt64(rawBytes, index)).ToUniversalTime();
index += 8;
// skip 4 unknown (insertion flags?)
index += 4;
// skip 4 unknown (shim flags?)
index += 4;
var ceDataSize = BitConverter.ToUInt32(rawBytes, index);
index += 4;
var dataOffset = BitConverter.ToUInt32(rawBytes, index);
index += 4;
ce.Path = Encoding.Unicode.GetString(rawBytes, pathOffset, ce.PathSize);
ce.CacheEntryPosition = position;
Entries.Add(ce);
position += 1;
if (Entries.Count == cacheItems)
{
break;
}
}
catch (Exception ex)
{
//TODO Report this
Debug.WriteLine(ex.Message);
//take what we can get
break;
}
}
}
else
{
while (index <= rawBytes.Length)
{
try
{
var ce = new CacheEntry();
ce.PathSize = BitConverter.ToUInt16(rawBytes, index);
index += 2;
var maxPathSize = BitConverter.ToUInt16(rawBytes, index);
index += 2;
// skip 4 unknown (padding)
index += 4;
var pathOffset = BitConverter.ToInt64(rawBytes, index);
index += 8;
ce.LastModifiedTimeUTC =
DateTimeOffset.FromFileTime(BitConverter.ToInt64(rawBytes, index)).ToUniversalTime();
index += 8;
// skip 4 unknown (insertion flags?)
index += 4;
// skip 4 unknown (shim flags?)
index += 4;
var ceDataSize = BitConverter.ToUInt64(rawBytes, index);
index += 8;
var dataOffset = BitConverter.ToUInt64(rawBytes, index);
index += 8;
ce.Path = Encoding.Unicode.GetString(rawBytes, (int)pathOffset, ce.PathSize);
ce.CacheEntryPosition = position;
Entries.Add(ce);
position += 1;
if (Entries.Count == cacheItems)
{
break;
}
}
catch (Exception ex)
{
//TODO Report this
//take what we can get
break;
}
}
}
}