public static bool IsUnicode(byte[] bytes)
{
// helper that users the IsTextUnicode() API call to determine if a byte array is likely unicode text
Interop.IsTextUnicodeFlags flags = Interop.IsTextUnicodeFlags.IS_TEXT_UNICODE_STATISTICS;
return(Interop.IsTextUnicode(bytes, bytes.Length, ref flags));
}
public static void TriageRDCManFile(Dictionary <string, string> MasterKeys, string rdcManFile, bool unprotect = false)
{
// triage a specific RDCMan.settings file
if (System.IO.File.Exists(rdcManFile))
{
DateTime lastAccessed = System.IO.File.GetLastAccessTime(rdcManFile);
DateTime lastModified = System.IO.File.GetLastWriteTime(rdcManFile);
XmlDocument xmlDoc = new XmlDocument();
xmlDoc.Load(rdcManFile);
Console.WriteLine(" RDCManFile : {0}", rdcManFile);
Console.WriteLine(" Accessed : {0}", lastAccessed);
Console.WriteLine(" Modified : {0}", lastModified);
// show any recently used servers
XmlNodeList recentlyUsed = xmlDoc.GetElementsByTagName("recentlyUsed");
if (recentlyUsed[0]["server"] != null)
{
string recentlyUsedServer = recentlyUsed[0]["server"].InnerText;
Console.WriteLine(" Recent Server : {0}", recentlyUsedServer);
}
// see if there are any credential profiles
XmlNodeList credProfileNodes = xmlDoc.GetElementsByTagName("credentialsProfile");
if ((credProfileNodes != null) && (credProfileNodes.Count != 0))
{
Console.WriteLine("\r\n Cred Profiles");
}
foreach (XmlNode credProfileNode in credProfileNodes)
{
Console.WriteLine();
DisplayCredProfile(MasterKeys, credProfileNode, unprotect);
}
// check default logonCredentials stuff
XmlNodeList logonCredNodes = xmlDoc.GetElementsByTagName("logonCredentials");
if ((logonCredNodes != null) && (logonCredNodes.Count != 0))
{
Console.WriteLine("\r\n Default Logon Credentials");
}
foreach (XmlNode logonCredNode in logonCredNodes)
{
Console.WriteLine();
DisplayCredProfile(MasterKeys, logonCredNode, unprotect);
}
// grab the recent RDG files
XmlNodeList filesToOpen = xmlDoc.GetElementsByTagName("FilesToOpen");
XmlNodeList items = filesToOpen[0].ChildNodes;
// triage recently used RDG files
foreach (XmlNode rdgFile in items)
{
if (Interop.PathIsUNC(rdcManFile))
{
// If the RDCMan.settings file is a \\UNC path (so /server:X was used),
// check if the .RDG file is local or also a \\UNC path.
if (!Interop.PathIsUNC(rdgFile.InnerText))
{
// If the file .RDG file is local, try to translate it to the server \\UNC path
string computerName = rdcManFile.Split(new[] { '\\' }, StringSplitOptions.RemoveEmptyEntries)[0];
string rdgUncPath = Helpers.ConvertLocalPathToUNCPath(computerName, rdgFile.InnerText);
TriageRDGFile(MasterKeys, rdgUncPath, unprotect);
}
else
{
TriageRDGFile(MasterKeys, rdgFile.InnerText, unprotect);
}
}
else
{
TriageRDGFile(MasterKeys, rdgFile.InnerText, unprotect);
}
}
Console.WriteLine();
}
else
{
// Console.WriteLine("\r\n [X] RDCMan.settings file '{0}' is not accessible or doesn't exist!", rdcManFile);
}
}
