예제 #1
        public static string GetFullPath(Int32 itemId)
             * from the docs:
             * XWF_GetItemParent returns the ID of the parent of the specified item,
             * or -1 if the item is the root directory.

            var sb = new StringBuilder();

            while (true)
                var parentItemId = ImportedMethods.XWFGetItemParent(itemId);

                 * XWFGetItemName returns text "(Root directory)" for the root directory.
                 * I don't see any sense in putting such kind of a string into the path,
                 * so, if (parentItemId < 0) then this is a root directory
                 * and we don't need it's name to be added.
                if (parentItemId < 0)

                sb.Insert(0, Path.DirectorySeparatorChar
                          + ImportedMethods.XWFGetItemName(itemId));

                itemId = parentItemId;
예제 #2
        public static Int32 XT_ProcessItemEx(Int32 nItemID, IntPtr hItem, IntPtr lpReserved)
                                                 "C# Dll: XT_ProcessItemEx called, nItemID = {0}, hItem = {1}"
                                                 , nItemID, hItem));

            //storing the item name for further use
            var itemName = ImportedMethods.XWFGetItemName(nItemID);

            ImportedMethods.XWFOutputMessage("XWF_GetItemName: Item name = " + itemName);
            ImportedMethods.XWFOutputMessage("Full Path: " + HelperMethods.GetFullPath(nItemID));
            ImportedMethods.XWFOutputMessage("XWF_GetComment: " + ImportedMethods.XWFGetComment(nItemID));

            string associations;

            ImportedMethods.XWFOutputMessage("XWF_GetReportTableAssocs: total number of associations of the file = "
                                             + ImportedMethods.XWFGetReportTableAssocs(nItemID, out associations));
            ImportedMethods.XWFOutputMessage(", associations = " + associations, XWFOutputMessageFlags.NoLineBreak);

            //reading & processing file contents
            var contents = HelperMethods.ReadItem(hItem);

            if (contents == null)
                ImportedMethods.XWFOutputMessage("Failed to read item contents");
                ImportedMethods.XWFOutputMessage("Item contents read successfully.");
                //now you can analyze item contents

             * from the docs:
             *  Return -1 if you want X-Ways Forensics to stop the current operation
             *  (e.g. volume snapshot refinement), otherwise 0.