public void Win10_CreatorsShouldFindEntries() { var a = new Windows10(Win10Creators, -1); Check.That(a.Entries.Count).Equals(506); Check.That(a.ExpectedEntries).Equals(a.Entries.Count); Check.That(a.EntryCount).Equals(-1); Check.That(a.Entries[0].PathSize).IsEqualTo(126); Check.That(a.Entries[0].Executed).IsEqualTo(AppCompatCache.AppCompatCache.Execute.NA); Check.That(a.Entries[0].Path).Contains("nvstreg.exe"); Check.That(a.Entries[2].PathSize).IsEqualTo(62); Check.That(a.Entries[2].Executed).IsEqualTo(AppCompatCache.AppCompatCache.Execute.NA); Check.That(a.Entries[2].Path).Contains("grpconv.exe"); Check.That(a.Entries[7].PathSize).IsEqualTo(166); Check.That(a.Entries[7].Executed).IsEqualTo(AppCompatCache.AppCompatCache.Execute.NA); Check.That(a.Entries[7].Path).Contains("ISBEW64.exe"); Check.That(a.Entries[337].PathSize).IsEqualTo(64); Check.That(a.Entries[337].Executed).IsEqualTo(AppCompatCache.AppCompatCache.Execute.NA); Check.That(a.Entries[337].Path).Contains("wsqmcons.exe"); Check.That(a.Entries[349].PathSize).IsEqualTo(56); Check.That(a.Entries[349].Executed).IsEqualTo(AppCompatCache.AppCompatCache.Execute.NA); Check.That(a.Entries[349].Path).Contains("SLUI.exe"); }
public void Win10ShouldFindEntries() { var a = new Windows10(Win10, -1); Check.That(a.Entries.Count).Equals(350); Check.That(a.ExpectedEntries).Equals(a.Entries.Count); Check.That(a.EntryCount).Equals(-1); Check.That(a.Entries[0].PathSize).IsEqualTo(54); Check.That(a.Entries[0].Executed).IsEqualTo(AppCompatCache.AppCompatCache.Execute.NA); Check.That(a.Entries[0].Path).Contains("vds.exe"); Check.That(a.Entries[2].PathSize).IsEqualTo(140); Check.That(a.Entries[2].Executed).IsEqualTo(AppCompatCache.AppCompatCache.Execute.NA); Check.That(a.Entries[2].Path).Contains("DismHost.exe"); Check.That(a.Entries[7].PathSize).IsEqualTo(58); Check.That(a.Entries[7].Executed).IsEqualTo(AppCompatCache.AppCompatCache.Execute.NA); Check.That(a.Entries[7].Path).Contains("mstsc.exe"); Check.That(a.Entries[337].PathSize).IsEqualTo(112); Check.That(a.Entries[337].Executed).IsEqualTo(AppCompatCache.AppCompatCache.Execute.NA); Check.That(a.Entries[337].Path).Contains("Ngen.exe"); Check.That(a.Entries[349].PathSize).IsEqualTo(64); Check.That(a.Entries[349].Executed).IsEqualTo(AppCompatCache.AppCompatCache.Execute.NA); Check.That(a.Entries[349].Path).Contains("services.exe"); }
static void Main(string[] args) { ReaderApp appWindow7 = new Windows7(new NormalDisplay()) { Text = "Aprendiendo Bridge" }; appWindow7.Display(); ReaderApp appWindow10 = new Windows10(new NormalDisplay()) { Text = "Aprendiendo Bridge" }; appWindow10.Display(); ReaderApp appWindowReverse7 = new Windows7(new ReverseDisplay()) { Text = "Aprendiendo Bridge" }; appWindowReverse7.Display(); ReaderApp appWindowReverse10 = new Windows10(new ReverseDisplay()) { Text = "Aprendiendo Bridge" }; appWindowReverse10.Display(); Console.ReadLine(); }
public override int GetHashCode() { unchecked { var hashCode = (Test != null ? Test.GetHashCode() : 0); hashCode = (hashCode * 397) ^ (Suit != null ? Suit.GetHashCode() : 0); hashCode = (hashCode * 397) ^ Linux.GetHashCode(); hashCode = (hashCode * 397) ^ Windows10.GetHashCode(); hashCode = (hashCode * 397) ^ Windows7.GetHashCode(); hashCode = (hashCode * 397) ^ Osx.GetHashCode(); return(hashCode); } }
internal static void Bridge() { Console.WriteLine("Bridge Pattern Demo"); Console.WriteLine("----------------------------"); ReaderApp appWindows7 = new Windows7(new NormalDisplay()) { Text = "This is a demo of Bridge" }; appWindows7.Display(); ReaderApp appWindows10 = new Windows10(new NormalDisplay()) { Text = "This is a demo of Bridge" }; appWindows10.Display(); Console.WriteLine(""); ReaderApp appWindows7Reverse = new Windows7(new ReverseDisplay()) { Text = "This is a demo of Bridge" }; appWindows7Reverse.Display(); ReaderApp appWindows10Reverse = new Windows10(new ReverseDisplay()) { Text = "This is a demo of Bridge" }; appWindows10Reverse.Display(); Console.WriteLine(""); Console.WriteLine(""); Console.WriteLine("Bridge Pattern Demo 2"); Console.WriteLine("----------------------------"); Employee developer = new Developer(new Email()); Console.WriteLine(developer.ToString()); Employee scrumMaster = new ScrumMaster(new PhoneCall()); Console.WriteLine(scrumMaster.ToString()); }
public void run() { byte[] rawBytes = readBytes(); bool is32bit = string.IsNullOrEmpty(Environment.GetEnvironmentVariable("PROCESSOR_ARCHITEW6432")); var controlSet = getControlSet(); var operatingSystem = getWindowsVersion(rawBytes, is32bit); IAppCompatCache appCache; if (operatingSystem == OperatingSystemVersion.Windows10) { appCache = new Windows10(rawBytes, controlSet); } else if (operatingSystem == OperatingSystemVersion.Windows10Creators) { appCache = new Windows10(rawBytes, controlSet); } else if (operatingSystem == OperatingSystemVersion.Windows7x86) { appCache = new Windows7(rawBytes, is32bit, controlSet); } else if (operatingSystem == OperatingSystemVersion.Windows7x64_Windows2008R2) { appCache = new Windows7(rawBytes, is32bit, controlSet); } else if (operatingSystem == OperatingSystemVersion.Windows80_Windows2012) { var os = OperatingSystemVersion.Windows80_Windows2012; appCache = new Windows8x(rawBytes, os, controlSet); } else if (operatingSystem == OperatingSystemVersion.Windows81_Windows2012R2) { var os = OperatingSystemVersion.Windows81_Windows2012R2; appCache = new Windows8x(rawBytes, os, controlSet); } else if (operatingSystem == OperatingSystemVersion.WindowsVistaWin2k3Win2k8) { appCache = new VistaWin2k3Win2k8(rawBytes, is32bit, controlSet); } else if (operatingSystem == OperatingSystemVersion.WindowsXP) { appCache = new WindowsXP(rawBytes, is32bit, controlSet); } return; }
//https://github.com/libyal/winreg-kb/wiki/Application-Compatibility-Cache-key //https://dl.mandiant.com/EE/library/Whitepaper_ShimCacheParser.pdf private IAppCompatCache Init(byte[] rawBytes, bool is32, int controlSet) { IAppCompatCache appCache = null; OperatingSystem = OperatingSystemVersion.Unknown; string signature; var sigNum = BitConverter.ToUInt32(rawBytes, 0); //TODO check minimum length of rawBytes and throw exception if not enough data signature = Encoding.ASCII.GetString(rawBytes, 128, 4); Log.Debug("**** Signature {Signature}, Sig num {SigNum}", signature, $"0x{sigNum:X}"); if (sigNum == 0xDEADBEEF) //DEADBEEF, WinXp { OperatingSystem = OperatingSystemVersion.WindowsXP; Log.Debug("**** Processing XP hive"); appCache = new WindowsXP(rawBytes, is32, controlSet); } else if (sigNum == 0xbadc0ffe) { OperatingSystem = OperatingSystemVersion.WindowsVistaWin2k3Win2k8; appCache = new VistaWin2k3Win2k8(rawBytes, is32, controlSet); } else if (sigNum == 0xBADC0FEE) //BADC0FEE, Win7 { if (is32) { OperatingSystem = OperatingSystemVersion.Windows7x86; } else { OperatingSystem = OperatingSystemVersion.Windows7x64_Windows2008R2; } appCache = new Windows7(rawBytes, is32, controlSet); } else if (signature == "00ts") { OperatingSystem = OperatingSystemVersion.Windows80_Windows2012; appCache = new Windows8x(rawBytes, OperatingSystem, controlSet); } else if (signature == "10ts") { OperatingSystem = OperatingSystemVersion.Windows81_Windows2012R2; appCache = new Windows8x(rawBytes, OperatingSystem, controlSet); } else { //is it windows 10? var offsetToEntries = BitConverter.ToInt32(rawBytes, 0); OperatingSystem = OperatingSystemVersion.Windows10; if (offsetToEntries == 0x34) { OperatingSystem = OperatingSystemVersion.Windows10Creators; } signature = Encoding.ASCII.GetString(rawBytes, offsetToEntries, 4); if (signature == "10ts") { appCache = new Windows10(rawBytes, controlSet); } } if (appCache == null) { throw new Exception( "Unable to determine operating system! Please send the hive to [email protected]"); } return(appCache); }
public void Win10ShouldFindEntries() { var a = new Windows10(Win10, null); Check.That(a.Entries.Count).Equals(350); }