public void EscreverArquivoCSV(string local, List <Estudante> estudantes) { using (StreamWriter sw = new StreamWriter(local, false, new UTF8Encoding(true))) { using (CsvWriter csvWriter = new CsvHelper.CsvWriter(sw, System.Globalization.CultureInfo.InvariantCulture)) { csvWriter.WriteHeader <Estudante>(); csvWriter.NextRecord(); foreach (Estudante est in estudantes) { csvWriter.WriteRecord <Estudante>(est); csvWriter.NextRecord(); } } } }
public void WriteCSVFile(string path, List <Movie> mv) { using (StreamWriter sw = new StreamWriter(path, false, new UTF8Encoding(true))) { using (var cw = new CsvHelper.CsvWriter(sw, System.Globalization.CultureInfo.CurrentCulture)) { cw.WriteHeader <Movie>(); cw.NextRecord(); foreach (Movie stu in mv) { cw.WriteRecord <Movie>(stu); cw.NextRecord(); } } } }
private static void DoWork(string f, string csv, string csvf, int c, bool t, string dt, bool nl, bool debug, bool trace) { var levelSwitch = new LoggingLevelSwitch(); var template = "{Message:lj}{NewLine}{Exception}"; if (debug) { levelSwitch.MinimumLevel = LogEventLevel.Debug; template = "[{Timestamp:HH:mm:ss.fff} {Level:u3}] {Message:lj}{NewLine}{Exception}"; } if (trace) { levelSwitch.MinimumLevel = LogEventLevel.Verbose; template = "[{Timestamp:HH:mm:ss.fff} {Level:u3}] {Message:lj}{NewLine}{Exception}"; } var conf = new LoggerConfiguration() .WriteTo.Console(outputTemplate: template) .MinimumLevel.ControlledBy(levelSwitch); Log.Logger = conf.CreateLogger(); var hiveToProcess = "Live Registry"; if (f?.Length > 0) { hiveToProcess = f; if (!File.Exists(f)) { Log.Warning("'{F}' not found. Exiting", f); return; } } else { if (!RuntimeInformation.IsOSPlatform(OSPlatform.Windows)) { Log.Fatal("Live Registry support is not available on non-Windows systems"); Environment.Exit(0); //throw new NotSupportedException("Live Registry support is not available on non-Windows systems"); } } Log.Information("{Header}", Header); Console.WriteLine(); Log.Information("Command line: {Args}", string.Join(" ", _args)); Console.WriteLine(); if (IsAdministrator() == false) { Log.Fatal($"Warning: Administrator privileges not found!"); Console.WriteLine(); } Log.Information("Processing hive '{HiveToProcess}'", hiveToProcess); Console.WriteLine(); try { var appCompat = new AppCompatCache.AppCompatCache(f, c, nl); string outFileBase; var ts1 = DateTime.Now.ToString("yyyyMMddHHmmss"); if (f?.Length > 0) { if (c >= 0) { outFileBase = $"{ts1}_{appCompat.OperatingSystem}_{Path.GetFileNameWithoutExtension(f)}_ControlSet00{c}_AppCompatCache.csv"; } else { outFileBase = $"{ts1}_{appCompat.OperatingSystem}_{Path.GetFileNameWithoutExtension(f)}_AppCompatCache.csv"; } } else { outFileBase = $"{ts1}_{appCompat.OperatingSystem}_{Environment.MachineName}_AppCompatCache.csv"; } if (csvf.IsNullOrEmpty() == false) { outFileBase = Path.GetFileName(csvf); } if (Directory.Exists(csv) == false) { Directory.CreateDirectory(csv !); } var outFilename = Path.Combine(csv, outFileBase); var sw = new StreamWriter(outFilename); var csvWriter = new CsvWriter(sw, CultureInfo.InvariantCulture); var foo = csvWriter.Context.AutoMap <CacheEntry>(); var o = new TypeConverterOptions { DateTimeStyle = DateTimeStyles.AssumeUniversal & DateTimeStyles.AdjustToUniversal }; csvWriter.Context.TypeConverterOptionsCache.AddOptions <CacheEntry>(o); foo.Map(entry => entry.LastModifiedTimeUTC).Convert(entry => entry.Value.LastModifiedTimeUTC.HasValue ? entry.Value.LastModifiedTimeUTC.Value.ToString(dt): ""); foo.Map(entry => entry.CacheEntrySize).Ignore(); foo.Map(entry => entry.Data).Ignore(); foo.Map(entry => entry.InsertFlags).Ignore(); foo.Map(entry => entry.DataSize).Ignore(); foo.Map(entry => entry.LastModifiedFILETIMEUTC).Ignore(); foo.Map(entry => entry.PathSize).Ignore(); foo.Map(entry => entry.Signature).Ignore(); foo.Map(entry => entry.ControlSet).Index(0); foo.Map(entry => entry.CacheEntryPosition).Index(1); foo.Map(entry => entry.Path).Index(2); foo.Map(entry => entry.LastModifiedTimeUTC).Index(3); foo.Map(entry => entry.Executed).Index(4); foo.Map(entry => entry.Duplicate).Index(5); foo.Map(entry => entry.SourceFile).Index(6); csvWriter.WriteHeader <CacheEntry>(); csvWriter.NextRecord(); Log.Debug("**** Found {Count} caches", appCompat.Caches.Count); var cacheKeys = new HashSet <string>(); if (appCompat.Caches.Any()) { foreach (var appCompatCach in appCompat.Caches) { Log.Verbose("Dumping cache details: {@Details}", appCompat); try { Log.Information( "Found {Count:N0} cache entries for {OperatingSystem} in {ControlSet}", appCompatCach.Entries.Count, appCompat.OperatingSystem, $"ControlSet00{appCompatCach.ControlSet}"); if (t) { foreach (var cacheEntry in appCompatCach.Entries) { cacheEntry.SourceFile = hiveToProcess; cacheEntry.Duplicate = cacheKeys.Contains(cacheEntry.GetKey()); cacheKeys.Add(cacheEntry.GetKey()); csvWriter.WriteRecord(cacheEntry); csvWriter.NextRecord(); } } else { foreach (var cacheEntry in appCompatCach.Entries) { cacheEntry.SourceFile = hiveToProcess; cacheEntry.Duplicate = cacheKeys.Contains(cacheEntry.GetKey()); cacheKeys.Add(cacheEntry.GetKey()); csvWriter.WriteRecord(cacheEntry); csvWriter.NextRecord(); } } } catch (Exception ex) { Log.Error(ex, "There was an error: Error message: {Message}", ex.Message); try { appCompatCach.PrintDump(); } catch (Exception ex1) { Log.Error(ex1, "Couldn't PrintDump: {Message}", ex1.Message); } } } sw.Flush(); sw.Close(); Console.WriteLine(); Log.Warning("Results saved to '{OutFilename}'", outFilename); Console.WriteLine(); } else { Console.WriteLine(); Log.Warning("No caches were found!"); Console.WriteLine(); } } catch (Exception ex) { if (ex.Message.Contains("Sequence numbers do not match and transaction logs were not found in the same direct") == false) { if (ex.Message.Contains("Administrator privileges not found")) { Log.Fatal("Could not access '{F}'. Does it exist?", f); Console.WriteLine(); Log.Fatal("Rerun the program with Administrator privileges to try again"); Console.WriteLine(); } else if (ex.Message.Contains("Invalid diskName:")) { Log.Fatal("Could not access '{F}'. Invalid disk!", f); Console.WriteLine(); } else { Log.Error(ex, "There was an error: {Message}", ex.Message); Console.WriteLine(); } } } }
public void ClassMap_ClassMapTest() { var sb = new StringBuilder() .AppendLine("fuga,Hega") //.AppendLine("124 ,,\"1\"") //.AppendLine(",sss,\"2\"") //.AppendLine() .AppendLine("123,\"3,4\"") ; Console.WriteLine(sb.ToString()); //using (var sr = new StringReader(sb.ToString())) //using (var csv = new CsvHelper.CsvReader(sr)) //{ // csv.Configuration.PrepareHeaderForMatch = (header, index) => header.Trim().ToLower(); // csv.Configuration.RegisterClassMap<ClassMapImpl>(); // csv.Read(); // csv.ReadHeader(); // while (csv.Read()) // { // var d = csv.GetRecord<Hoge>(); // Console.WriteLine("-" + d.Fuga.Code + "-"); // foreach (var h in csv.Context.HeaderRecord) // { // Console.WriteLine($"{h}, {csv.GetField(h)}"); // } // } // var records = csv.GetRecords<Hoge>(); // //foreach (var data in records) // //{ // // Console.WriteLine(data.Fuga.Code); // //} //} var srr = new StringWriter(); using (var csv = new CsvHelper.CsvWriter(srr)) { csv.Configuration.RegisterClassMap <ClassMapImpl>(); var hoges = new List <Hoge> { new Hoge { Fuga = new Fuga { Code = "code" }, Hega = new List <int> { 2, 3, } }, //new Hoge{ }, //new Hoge{Fuga = new Fuga{ Code = "11,333"} }, //new Hoge{Fuga = new Fuga{ Code = "hega\r\nfuga"} }, //new Hoge{Fuga = new Fuga{ Code = "11"} }, }; csv.WriteHeader <Hoge>(); csv.NextRecord(); foreach (var hoge in hoges) { csv.WriteRecord(hoge); } } Console.WriteLine(srr.ToString()); }
private static void DoWork(string d, string f, bool q, string csv, string csvf, string dt, bool debug, bool trace) { ActiveDateTimeFormat = dt; var formatter = new DateTimeOffsetFormatter(CultureInfo.CurrentCulture); var levelSwitch = new LoggingLevelSwitch(); var template = "{Message:lj}{NewLine}{Exception}"; if (debug) { levelSwitch.MinimumLevel = LogEventLevel.Debug; template = "[{Timestamp:HH:mm:ss.fff} {Level:u3}] {Message:lj}{NewLine}{Exception}"; } if (trace) { levelSwitch.MinimumLevel = LogEventLevel.Verbose; template = "[{Timestamp:HH:mm:ss.fff} {Level:u3}] {Message:lj}{NewLine}{Exception}"; } var conf = new LoggerConfiguration() .WriteTo.Console(outputTemplate: template, formatProvider: formatter) .MinimumLevel.ControlledBy(levelSwitch); Log.Logger = conf.CreateLogger(); if (f.IsNullOrEmpty() && d.IsNullOrEmpty()) { var helpBld = new HelpBuilder(LocalizationResources.Instance, Console.WindowWidth); var hc = new HelpContext(helpBld, _rootCommand, Console.Out); helpBld.Write(hc); Log.Warning("Either -f or -d is required. Exiting"); return; } if (f.IsNullOrEmpty() == false && !File.Exists(f)) { Log.Warning("File {F} not found. Exiting", f); return; } if (d.IsNullOrEmpty() == false && !Directory.Exists(d)) { Log.Warning("Directory {D} not found. Exiting", d); return; } Log.Information("{Header}", Header); Console.WriteLine(); Log.Information("Command line: {Args}", string.Join(" ", Environment.GetCommandLineArgs().Skip(1))); if (IsAdministrator() == false) { Log.Warning("Warning: Administrator privileges not found!"); Console.WriteLine(); } _csvOuts = new List <CsvOut>(); _failedFiles = new List <string>(); var files = new List <string>(); var sw = new Stopwatch(); sw.Start(); if (f?.Length > 0) { files.Add(f); } else { Console.WriteLine(); Log.Information("Looking for files in {Dir}", d); if (!q) { Console.WriteLine(); } files = GetRecycleBinFiles(d); } Log.Information("Found {Count:N0} files. Processing...", files.Count); if (!q) { Console.WriteLine(); } foreach (var file in files) { ProcessFile(file, q, dt); } sw.Stop(); Console.WriteLine(); Log.Information( "Processed {FailedFilesCount:N0} out of {Count:N0} files in {TotalSeconds:N4} seconds", files.Count - _failedFiles.Count, files.Count, sw.Elapsed.TotalSeconds); Console.WriteLine(); if (_failedFiles.Count > 0) { Console.WriteLine(); Log.Information("Failed files"); foreach (var failedFile in _failedFiles) { Log.Information(" {FailedFile}", failedFile); } } if (csv.IsNullOrEmpty() == false && files.Count > 0) { if (Directory.Exists(csv) == false) { Log.Information("{Csv} does not exist. Creating...", csv); Directory.CreateDirectory(csv); } var outName = $"{DateTimeOffset.Now:yyyyMMddHHmmss}_RBCmd_Output.csv"; if (csvf.IsNullOrEmpty() == false) { outName = Path.GetFileName(csvf); } var outFile = Path.Combine(csv, outName); outFile = Path.GetFullPath(outFile); Log.Warning("CSV output will be saved to {Path}", Path.GetFullPath(outFile)); try { var sw1 = new StreamWriter(outFile); var csvWriter = new CsvWriter(sw1, CultureInfo.InvariantCulture); csvWriter.WriteHeader(typeof(CsvOut)); csvWriter.NextRecord(); foreach (var csvOut in _csvOuts) { csvWriter.WriteRecord(csvOut); csvWriter.NextRecord(); } sw1.Flush(); sw1.Close(); } catch (Exception ex) { Log.Error(ex, "Unable to open {OutFile} for writing. CSV export canceled. Error: {Message}", outFile, ex.Message); } } }
private static void ProcessFile(string file, bool dedupe, bool fj, bool met) { if (File.Exists(file) == false) { Log.Warning("{File} does not exist! Skipping", file); return; } if (file.StartsWith(VssDir)) { Console.WriteLine(); Log.Information("Processing {Vss}", $"VSS{file.Replace($"{VssDir}\\", "")}"); } else { Console.WriteLine(); Log.Information("Processing {File}...", file); } Stream fileS; try { fileS = new FileStream(file, FileMode.Open, FileAccess.Read); } catch (Exception) { //file is in use if (!RuntimeInformation.IsOSPlatform(OSPlatform.Windows)) { Console.WriteLine(); Log.Fatal("Raw disk reads not supported on non-Windows platforms! Exiting!!"); Console.WriteLine(); Environment.Exit(0); } if (Helper.IsAdministrator() == false) { Console.WriteLine(); Log.Fatal("Administrator privileges not found! Exiting!!"); Console.WriteLine(); Environment.Exit(0); } if (file.StartsWith("\\\\")) { Log.Fatal($"Raw access across UNC shares is not supported! Run locally on the system or extract logs via other means and try again. Exiting"); Environment.Exit(0); } Console.WriteLine(); Log.Warning("{File} is in use. Rerouting...", file); var files = new List <string> { file }; var rawFiles = Helper.GetRawFiles(files); fileS = rawFiles.First().FileStream; } try { if (dedupe) { var sha = Helper.GetSha1FromStream(fileS, 0); fileS.Seek(0, SeekOrigin.Begin); if (SeenHashes.Contains(sha)) { Log.Debug("Skipping {File} as a file with SHA-1 {Sha} has already been processed", file, sha); return; } SeenHashes.Add(sha); } EventLog.LastSeenTicks = 0; var evt = new EventLog(fileS); Log.Information("Chunk count: {ChunkCount:N0}, Iterating records...", evt.ChunkCount); var seenRecords = 0; var fsw = new Stopwatch(); fsw.Start(); foreach (var eventRecord in evt.GetEventRecords()) { if (seenRecords % 10 == 0) { Console.Title = $"Processing chunk {eventRecord.ChunkNumber:N0} of {evt.ChunkCount} % complete: {(eventRecord.ChunkNumber / (double)evt.ChunkCount):P} Records found: {seenRecords:N0}"; } if (_includeIds.Count > 0) { if (_includeIds.Contains(eventRecord.EventId) == false) { //it is NOT in the list, so skip _droppedEvents += 1; continue; } } else if (_excludeIds.Count > 0) { if (_excludeIds.Contains(eventRecord.EventId)) { //it IS in the list, so skip _droppedEvents += 1; continue; } } if (_startDate.HasValue) { if (eventRecord.TimeCreated < _startDate.Value) { //too old Log.Debug("Dropping record Id {EventRecordId} with timestamp {TimeCreated} as its too old", eventRecord.EventRecordId, eventRecord.TimeCreated); _droppedEvents += 1; continue; } } if (_endDate.HasValue) { if (eventRecord.TimeCreated > _endDate.Value) { //too new Log.Debug("Dropping record Id {EventRecordId} with timestamp {TimeCreated} as its too new", eventRecord.EventRecordId, eventRecord.TimeCreated); _droppedEvents += 1; continue; } } if (file.StartsWith(VssDir)) { eventRecord.SourceFile = $"VSS{file.Replace($"{VssDir}\\", "")}"; } else { eventRecord.SourceFile = file; } try { var xdo = new XmlDocument(); xdo.LoadXml(eventRecord.Payload); var payOut = JsonConvert.SerializeXmlNode(xdo); eventRecord.Payload = payOut; _csvWriter?.WriteRecord(eventRecord); _csvWriter?.NextRecord(); var xml = string.Empty; if (_swXml != null) { xml = eventRecord.ConvertPayloadToXml(); _swXml.WriteLine(xml); } if (_swJson != null) { var jsOut = eventRecord.ToJson(); if (fj) { if (xml.IsNullOrEmpty()) { xml = eventRecord.ConvertPayloadToXml(); } jsOut = GetPayloadAsJson(xml); } _swJson.WriteLine(jsOut); } seenRecords += 1; } catch (Exception e) { Log.Error("Error processing record #{RecordNumber}: {Message}", eventRecord.RecordNumber, e.Message); evt.ErrorRecords.Add(21, e.Message); } } fsw.Stop(); if (evt.ErrorRecords.Count > 0) { var fn = file; if (file.StartsWith(VssDir)) { fn = $"VSS{file.Replace($"{VssDir}\\", "")}"; } _errorFiles.Add(fn, evt.ErrorRecords.Count); } _fileCount += 1; Console.WriteLine(); Log.Information("Event log details"); Log.Information("{Evt}", evt); Log.Information("Records included: {SeenRecords:N0} Errors: {ErrorRecordsCount:N0} Events dropped: {DroppedEvents:N0}", seenRecords, evt.ErrorRecords.Count, _droppedEvents); if (evt.ErrorRecords.Count > 0) { Console.WriteLine(); Log.Information("Errors"); foreach (var evtErrorRecord in evt.ErrorRecords) { Log.Information("Record #{Key}: Error: {Value}", evtErrorRecord.Key, evtErrorRecord.Value); } } if (met && evt.EventIdMetrics.Count > 0) { Console.WriteLine(); Log.Information("Metrics (including dropped events)"); Log.Information("Event ID\tCount"); foreach (var esEventIdMetric in evt.EventIdMetrics.OrderBy(t => t.Key)) { if (_includeIds.Count > 0) { if (_includeIds.Contains((int)esEventIdMetric.Key) == false) { //it is NOT in the list, so skip continue; } } else if (_excludeIds.Count > 0) { if (_excludeIds.Contains((int)esEventIdMetric.Key)) { //it IS in the list, so skip continue; } } Log.Information("{Key}\t\t{Value:N0}", esEventIdMetric.Key, esEventIdMetric.Value); } } } catch (Exception e) { var fn = file; if (file.StartsWith(VssDir)) { fn = $"VSS{file.Replace($"{VssDir}\\", "")}"; } if (e.Message.Contains("Invalid signature! Expected 'ElfFile")) { Log.Information("{Fn} is not an evtx file! Message: {Message} Skipping...", fn, e.Message); } else { Log.Error("Error processing {Fn}! Message: {Message}", fn, e.Message); } } fileS?.Close(); }