Exemplo n.º 1
0
        public void GetNetworkTest()
        {
            var ns = mgr.GetNetworks(NLM_ENUM_NETWORK.NLM_ENUM_NETWORK_CONNECTED);

            Assert.That(ns, Is.Not.Null);
            var n = ns.Cast <INetwork>().FirstOrDefault();

            Assert.That(n, Is.Not.Null);
            var g  = n.GetNetworkId();
            var n1 = mgr.GetNetwork(g);

            Assert.That(n.GetName() == n1.GetName());
            Assert.That(n.GetName(), Is.Not.Null);
            var nm = n.GetName();

            n.SetName("XXXX");
            Assert.That(n.GetName(), Is.EqualTo("XXXX"));
            n.SetName(nm);
            var de = n.GetDescription();

            n.SetDescription("XXXX");
            Assert.That(n.GetDescription(), Is.EqualTo("XXXX"));
            n.SetDescription(de);
            Assert.That((int)n.GetDomainType(), Is.InRange(0, 2));
            n.GetTimeCreatedAndConnected(out uint pdwLowDateTimeCreated, out uint pdwHighDateTimeCreated, out uint pdwLowDateTimeConnected, out uint pdwHighDateTimeConnected);
            var cft = new FILETIME {
                dwHighDateTime = (int)pdwHighDateTimeCreated, dwLowDateTime = (int)pdwLowDateTimeCreated
            };
            var nft = new FILETIME {
                dwHighDateTime = (int)pdwHighDateTimeConnected, dwLowDateTime = (int)pdwLowDateTimeConnected
            };

            Assert.That(cft.ToDateTime(), Is.GreaterThan(new DateTime(2000, 1, 1)));
            Assert.That(nft.ToDateTime(), Is.GreaterThan(new DateTime(2000, 1, 1)));
            Assert.That(n.IsConnected, Is.True);
            Assert.That(n.IsConnectedToInternet, Is.True);
            Assert.That((int)n.GetConnectivity(), Is.GreaterThan(0));
            Assert.That((int)n.GetCategory(), Is.InRange(0, 2));
            Assert.That(n.GetNetworkConnections(), Is.Not.Empty);
            TestContext.WriteLine($"{nm} ({n.GetNetworkId()}): '{de}'");
            TestContext.WriteLine($"  CrD:{cft.ToString("s")}; CnD:{nft.ToString("s")}; Cn:{n.IsConnected}; Int:{n.IsConnectedToInternet}; Dom:{n.GetDomainType()}");
            TestContext.WriteLine($"  Cnt:{n.GetConnectivity()}; Cat:{n.GetCategory()}");
        }
Exemplo n.º 2
0
            /////////////////////////////////////////////////////
            //                                                 //
            // EnumerateUSBDevices()                           //
            //                                                 //
            /////////////////////////////////////////////////////
            //Description:  Uses .NET registry objects to dig in
            //              the infamous USBSTOR key for past and
            //              present USB devices.
            //Returns:      true if successful
            //  NOTE:
            //      techniques used in this function are from
            //      "Windows Forensic Analysis" by Harlan Carvey
            //
            /////////////////////////////////////////////////////
            public static bool EnumerateUSBDevices(ref StringBuilder usbdata)
            {
                RegistryKey USBSTOR;
                string      current = "";

                //loop through 10 currentcontrolsets
                //sample structure:
                //      HKLM\System\CurrentControlSet003\Enum\USBSTOR\
                //          \Disk&Ven_ChipsBnk&Prod_Flash_Disk&Rev_2.00 --> USB DRIVE
                //              \3852u395823                            --> Instance ID
                //              \ag3490t24t940
                //          \Disk&Ven_SanDisk&Prod_Cruzer_Slide&Rev_4.05 --> USB DRIVE
                //          ....
                //
                for (int i = 0; i < 10; i++)
                {
                    current = "00" + i.ToString(); //001,002,003,etc
                    USBSTOR = Registry.LocalMachine.OpenSubKey("System\\ControlSet" + current + "\\Enum\\USBSTOR");

                    //if the key doesnt exist, we must continue b/c control set numbering isn't contiguous
                    if (USBSTOR == null)
                    {
                        continue;
                    }

                    string[] DeviceClassIds = USBSTOR.GetSubKeyNames();

                    //loop through all usb device class IDs beneath USBSTOR...
                    //get a list of subkeys which are named by instance IDs
                    foreach (string deviceName in DeviceClassIds)
                    {
                        //lots of info you can get from device name:
                        //Disk&Ven_###&Prod_###&Rev_### -- we want the ###
                        string[]  driveInfo      = deviceName.Split(new char[] { '&' });
                        string    vendor         = driveInfo[1].Replace("Ven_", "").Replace("_", " ");
                        string    product        = driveInfo[2].Replace("Prod_", "").Replace("_", " ");
                        string    revision       = driveInfo[3].Replace("Rev_", "").Replace("_", " ");
                        string    serial         = "";
                        ArrayList insertionDates = new ArrayList();

                        //get list of instances
                        string[] instances = USBSTOR.OpenSubKey(deviceName).GetSubKeyNames();
                        int      count     = 0;

                        //each unique instance represents a time the device was plugged in
                        //so collect information on each instance
                        foreach (string instanceId in instances)
                        {
                            //if the second character in the instanceId is '&', then we
                            //know the id is made up by windows and manuf did not give one
                            if (instanceId[1] == '&')
                            {
                                serial = "None";
                            }
                            else
                            {
                                serial = instanceId;
                            }

                            string friendlyName         = "[none]";
                            object friendlyNameValueObj = USBSTOR.OpenSubKey(deviceName + "\\" + instanceId).GetValue("FriendlyName");
                            if (friendlyNameValueObj != null)
                            {
                                friendlyName = (string)friendlyNameValueObj.ToString();
                            }

                            //see ntddstor.h - these are GUIDs for disk and volume device interfaces..
                            string      key1           = "SYSTEM\\CurrentControlSet\\Control\\DeviceClasses\\{53f56307-b6bf-11d0-94f2-00a0c91efb8b}";
                            string      key2           = "SYSTEM\\CurrentControlSet\\Control\\DeviceClasses\\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}";
                            RegistryKey diskGuid       = Registry.LocalMachine.OpenSubKey(key1);
                            RegistryKey volDevGuid     = Registry.LocalMachine.OpenSubKey(key2);
                            string[]    DeviceClasses1 = diskGuid.GetSubKeyNames();
                            string[]    DeviceClasses2 = volDevGuid.GetSubKeyNames();
                            //merge two sets of device classes into one
                            string[] allDeviceClasses = new string[DeviceClasses1.Length + DeviceClasses2.Length];
                            DeviceClasses1.CopyTo(allDeviceClasses, 0);
                            DeviceClasses2.CopyTo(allDeviceClasses, DeviceClasses1.Length);
                            IntPtr lastInsertionDatePtr = (IntPtr)0;
                            IntPtr keyHandle            = (IntPtr)0;
                            IntPtr hKey = (IntPtr)0;
                            System.Runtime.InteropServices.ComTypes.FILETIME lastInsertionDate = new System.Runtime.InteropServices.ComTypes.FILETIME();

                            //get last write date/time
                            foreach (string devclass in allDeviceClasses)
                            {
                                if (devclass.Contains(instanceId))
                                {
                                    //open the registry key using unmanaged API call
                                    if (Win32Helper.RegOpenKeyExW(hKey, key1 + "\\" + devclass, 0, 0x00020019, ref keyHandle) == 0 && keyHandle != (IntPtr)(-1))
                                    {
                                        //pass 0 to all the vars we dont care about- we only want last write time
                                        Win32Helper.RegQueryInfoKeyW(keyHandle, null, (IntPtr)0, (IntPtr)0, (IntPtr)0, (IntPtr)0, (IntPtr)0, (IntPtr)0, (IntPtr)0, (IntPtr)0, (IntPtr)0, lastInsertionDatePtr);
                                        Marshal.PtrToStructure(lastInsertionDatePtr, lastInsertionDate);
                                        insertionDates.Add(lastInsertionDate.ToString());
                                    }
                                }
                            }

                            //print out summary info on first iteration of instances of this usb drive
                            if (count == 0)
                            {
                                usbdata.AppendLine("     Found USB Device '" + friendlyName + "'");
                                usbdata.AppendLine("        Serial Num      :  " + serial);
                                usbdata.AppendLine("        Vendor          :  " + vendor);
                                usbdata.AppendLine("        Product         :  " + product);
                                usbdata.AppendLine("        Revision        :  " + revision);
                                usbdata.AppendLine("        Instances       :  " + instances.Length);
                            }

                            usbdata.AppendLine("           Date:  " + lastInsertionDate.dwHighDateTime.ToString() + "/" + lastInsertionDate.dwLowDateTime.ToString());
                            count++;
                        }

                        //add how many other insertion dates there were
                        string[] dts = (string[])insertionDates.ToArray(typeof(string));
                        usbdata.AppendLine("        InsertionDates  :  " + string.Join(",", dts));
                    }
                }

                return(true);
            }