public void Win10_CreatorsShouldFindEntries()
{
var a = new Windows10(Win10Creators, -1);
Check.That(a.Entries.Count).Equals(506);
Check.That(a.ExpectedEntries).Equals(a.Entries.Count);
Check.That(a.EntryCount).Equals(-1);
Check.That(a.Entries[0].PathSize).IsEqualTo(126);
Check.That(a.Entries[0].Executed).IsEqualTo(AppCompatCache.AppCompatCache.Execute.NA);
Check.That(a.Entries[0].Path).Contains("nvstreg.exe");
Check.That(a.Entries[2].PathSize).IsEqualTo(62);
Check.That(a.Entries[2].Executed).IsEqualTo(AppCompatCache.AppCompatCache.Execute.NA);
Check.That(a.Entries[2].Path).Contains("grpconv.exe");
Check.That(a.Entries[7].PathSize).IsEqualTo(166);
Check.That(a.Entries[7].Executed).IsEqualTo(AppCompatCache.AppCompatCache.Execute.NA);
Check.That(a.Entries[7].Path).Contains("ISBEW64.exe");
Check.That(a.Entries[337].PathSize).IsEqualTo(64);
Check.That(a.Entries[337].Executed).IsEqualTo(AppCompatCache.AppCompatCache.Execute.NA);
Check.That(a.Entries[337].Path).Contains("wsqmcons.exe");
Check.That(a.Entries[349].PathSize).IsEqualTo(56);
Check.That(a.Entries[349].Executed).IsEqualTo(AppCompatCache.AppCompatCache.Execute.NA);
Check.That(a.Entries[349].Path).Contains("SLUI.exe");
}
public void Win10ShouldFindEntries()
{
var a = new Windows10(Win10, -1);
Check.That(a.Entries.Count).Equals(350);
Check.That(a.ExpectedEntries).Equals(a.Entries.Count);
Check.That(a.EntryCount).Equals(-1);
Check.That(a.Entries[0].PathSize).IsEqualTo(54);
Check.That(a.Entries[0].Executed).IsEqualTo(AppCompatCache.AppCompatCache.Execute.NA);
Check.That(a.Entries[0].Path).Contains("vds.exe");
Check.That(a.Entries[2].PathSize).IsEqualTo(140);
Check.That(a.Entries[2].Executed).IsEqualTo(AppCompatCache.AppCompatCache.Execute.NA);
Check.That(a.Entries[2].Path).Contains("DismHost.exe");
Check.That(a.Entries[7].PathSize).IsEqualTo(58);
Check.That(a.Entries[7].Executed).IsEqualTo(AppCompatCache.AppCompatCache.Execute.NA);
Check.That(a.Entries[7].Path).Contains("mstsc.exe");
Check.That(a.Entries[337].PathSize).IsEqualTo(112);
Check.That(a.Entries[337].Executed).IsEqualTo(AppCompatCache.AppCompatCache.Execute.NA);
Check.That(a.Entries[337].Path).Contains("Ngen.exe");
Check.That(a.Entries[349].PathSize).IsEqualTo(64);
Check.That(a.Entries[349].Executed).IsEqualTo(AppCompatCache.AppCompatCache.Execute.NA);
Check.That(a.Entries[349].Path).Contains("services.exe");
}
static void Main(string[] args)
{
ReaderApp appWindow7 = new Windows7(new NormalDisplay())
{
Text = "Aprendiendo Bridge"
};
appWindow7.Display();
ReaderApp appWindow10 = new Windows10(new NormalDisplay())
{
Text = "Aprendiendo Bridge"
};
appWindow10.Display();
ReaderApp appWindowReverse7 = new Windows7(new ReverseDisplay())
{
Text = "Aprendiendo Bridge"
};
appWindowReverse7.Display();
ReaderApp appWindowReverse10 = new Windows10(new ReverseDisplay())
{
Text = "Aprendiendo Bridge"
};
appWindowReverse10.Display();
Console.ReadLine();
}
public override int GetHashCode()
{
unchecked
{
var hashCode = (Test != null ? Test.GetHashCode() : 0);
hashCode = (hashCode * 397) ^ (Suit != null ? Suit.GetHashCode() : 0);
hashCode = (hashCode * 397) ^ Linux.GetHashCode();
hashCode = (hashCode * 397) ^ Windows10.GetHashCode();
hashCode = (hashCode * 397) ^ Windows7.GetHashCode();
hashCode = (hashCode * 397) ^ Osx.GetHashCode();
return(hashCode);
}
}
internal static void Bridge()
{
Console.WriteLine("Bridge Pattern Demo");
Console.WriteLine("----------------------------");
ReaderApp appWindows7 = new Windows7(new NormalDisplay())
{
Text = "This is a demo of Bridge"
};
appWindows7.Display();
ReaderApp appWindows10 = new Windows10(new NormalDisplay())
{
Text = "This is a demo of Bridge"
};
appWindows10.Display();
Console.WriteLine("");
ReaderApp appWindows7Reverse = new Windows7(new ReverseDisplay())
{
Text = "This is a demo of Bridge"
};
appWindows7Reverse.Display();
ReaderApp appWindows10Reverse = new Windows10(new ReverseDisplay())
{
Text = "This is a demo of Bridge"
};
appWindows10Reverse.Display();
Console.WriteLine(""); Console.WriteLine("");
Console.WriteLine("Bridge Pattern Demo 2");
Console.WriteLine("----------------------------");
Employee developer = new Developer(new Email());
Console.WriteLine(developer.ToString());
Employee scrumMaster = new ScrumMaster(new PhoneCall());
Console.WriteLine(scrumMaster.ToString());
}
public void run()
{
byte[] rawBytes = readBytes();
bool is32bit = string.IsNullOrEmpty(Environment.GetEnvironmentVariable("PROCESSOR_ARCHITEW6432"));
var controlSet = getControlSet();
var operatingSystem = getWindowsVersion(rawBytes, is32bit);
IAppCompatCache appCache;
if (operatingSystem == OperatingSystemVersion.Windows10)
{
appCache = new Windows10(rawBytes, controlSet);
}
else if (operatingSystem == OperatingSystemVersion.Windows10Creators)
{
appCache = new Windows10(rawBytes, controlSet);
}
else if (operatingSystem == OperatingSystemVersion.Windows7x86)
{
appCache = new Windows7(rawBytes, is32bit, controlSet);
}
else if (operatingSystem == OperatingSystemVersion.Windows7x64_Windows2008R2)
{
appCache = new Windows7(rawBytes, is32bit, controlSet);
}
else if (operatingSystem == OperatingSystemVersion.Windows80_Windows2012)
{
var os = OperatingSystemVersion.Windows80_Windows2012;
appCache = new Windows8x(rawBytes, os, controlSet);
}
else if (operatingSystem == OperatingSystemVersion.Windows81_Windows2012R2)
{
var os = OperatingSystemVersion.Windows81_Windows2012R2;
appCache = new Windows8x(rawBytes, os, controlSet);
}
else if (operatingSystem == OperatingSystemVersion.WindowsVistaWin2k3Win2k8)
{
appCache = new VistaWin2k3Win2k8(rawBytes, is32bit, controlSet);
}
else if (operatingSystem == OperatingSystemVersion.WindowsXP)
{
appCache = new WindowsXP(rawBytes, is32bit, controlSet);
}
return;
}
//https://github.com/libyal/winreg-kb/wiki/Application-Compatibility-Cache-key
//https://dl.mandiant.com/EE/library/Whitepaper_ShimCacheParser.pdf
private IAppCompatCache Init(byte[] rawBytes, bool is32, int controlSet)
{
IAppCompatCache appCache = null;
OperatingSystem = OperatingSystemVersion.Unknown;
string signature;
var sigNum = BitConverter.ToUInt32(rawBytes, 0);
//TODO check minimum length of rawBytes and throw exception if not enough data
signature = Encoding.ASCII.GetString(rawBytes, 128, 4);
Log.Debug("**** Signature {Signature}, Sig num {SigNum}", signature, $"0x{sigNum:X}");
if (sigNum == 0xDEADBEEF) //DEADBEEF, WinXp
{
OperatingSystem = OperatingSystemVersion.WindowsXP;
Log.Debug("**** Processing XP hive");
appCache = new WindowsXP(rawBytes, is32, controlSet);
}
else if (sigNum == 0xbadc0ffe)
{
OperatingSystem = OperatingSystemVersion.WindowsVistaWin2k3Win2k8;
appCache = new VistaWin2k3Win2k8(rawBytes, is32, controlSet);
}
else if (sigNum == 0xBADC0FEE) //BADC0FEE, Win7
{
if (is32)
{
OperatingSystem = OperatingSystemVersion.Windows7x86;
}
else
{
OperatingSystem = OperatingSystemVersion.Windows7x64_Windows2008R2;
}
appCache = new Windows7(rawBytes, is32, controlSet);
}
else if (signature == "00ts")
{
OperatingSystem = OperatingSystemVersion.Windows80_Windows2012;
appCache = new Windows8x(rawBytes, OperatingSystem, controlSet);
}
else if (signature == "10ts")
{
OperatingSystem = OperatingSystemVersion.Windows81_Windows2012R2;
appCache = new Windows8x(rawBytes, OperatingSystem, controlSet);
}
else
{
//is it windows 10?
var offsetToEntries = BitConverter.ToInt32(rawBytes, 0);
OperatingSystem = OperatingSystemVersion.Windows10;
if (offsetToEntries == 0x34)
{
OperatingSystem = OperatingSystemVersion.Windows10Creators;
}
signature = Encoding.ASCII.GetString(rawBytes, offsetToEntries, 4);
if (signature == "10ts")
{
appCache = new Windows10(rawBytes, controlSet);
}
}
if (appCache == null)
{
throw new Exception(
"Unable to determine operating system! Please send the hive to [email protected]");
}
return(appCache);
}
public void Win10ShouldFindEntries()
{
var a = new Windows10(Win10, null);
Check.That(a.Entries.Count).Equals(350);
}
