public async Task DownloadMissingArchives(List <Archive> missing, bool download = true) { if (download) { foreach (var a in missing.Where(a => a.State.GetType() == typeof(ManualDownloader.State))) { var outputPath = DownloadFolder.Combine(a.Name); await a.State.Download(a, outputPath); } } await missing.Where(a => a.State.GetType() != typeof(ManualDownloader.State)) .PMap(Queue, async archive => { Info($"Downloading {archive.Name}"); var outputPath = DownloadFolder.Combine(archive.Name); if (download) { if (outputPath.Exists) { var origName = Path.GetFileNameWithoutExtension(archive.Name); var ext = Path.GetExtension(archive.Name); var uniqueKey = archive.State.PrimaryKeyString.StringSha256Hex(); outputPath = DownloadFolder.Combine(origName + "_" + uniqueKey + "_" + ext); outputPath.Delete(); } } return(await DownloadArchive(archive, download, outputPath)); }); }
static Utils() { if (!Directory.Exists(Consts.LocalAppDataPath)) { Directory.CreateDirectory(Consts.LocalAppDataPath); } var programName = Assembly.GetEntryAssembly()?.Location ?? "Wabbajack"; LogFile = Path.GetFileNameWithoutExtension(programName) + ".current.log"; _startTime = DateTime.Now; if (LogFile.FileExists()) { var new_path = Path.GetFileNameWithoutExtension(programName) + (new FileInfo(LogFile)).LastWriteTime.ToString(" yyyy-MM-dd HH_mm_ss") + ".log"; File.Move(LogFile, new_path, MoveOptions.ReplaceExisting); } var watcher = new FileSystemWatcher(Consts.LocalAppDataPath); AppLocalEvents = Observable.Merge(Observable.FromEventPattern <FileSystemEventHandler, FileSystemEventArgs>(h => watcher.Changed += h, h => watcher.Changed -= h).Select(e => (FileEventType.Changed, e.EventArgs)), Observable.FromEventPattern <FileSystemEventHandler, FileSystemEventArgs>(h => watcher.Created += h, h => watcher.Created -= h).Select(e => (FileEventType.Created, e.EventArgs)), Observable.FromEventPattern <FileSystemEventHandler, FileSystemEventArgs>(h => watcher.Deleted += h, h => watcher.Deleted -= h).Select(e => (FileEventType.Deleted, e.EventArgs))) .ObserveOn(RxApp.TaskpoolScheduler); watcher.EnableRaisingEvents = true; }
public static string MakePartFilename(string path, int part) { string dirName = Path.GetDirectoryName(path); string baseName = Path.GetFileNameWithoutExtension(path); string extension = Path.GetExtension(path); return($"{dirName}/{baseName}_{part}{extension}"); }
public void Path_GetFileNameWithoutExtension() { Console.WriteLine("Path.GetFileNameWithoutExtension()"); var pathCnt = 0; var errorCnt = 0; var skipAssert = false; UnitTestConstants.StopWatcher(true); foreach (var path in UnitTestConstants.InputPaths) { string expected = null; string actual = null; Console.WriteLine("\n#{0:000}\tInput Path: [{1}]", ++pathCnt, path); // System.IO try { expected = System.IO.Path.GetFileNameWithoutExtension(path); } catch (Exception ex) { skipAssert = ex is ArgumentException; Console.WriteLine("\tCaught [System.IO] {0}: [{1}]", ex.GetType().FullName, ex.Message.Replace(Environment.NewLine, " ")); } Console.WriteLine("\t System.IO : [{0}]", expected ?? "null"); // AlphaFS try { actual = Path.GetFileNameWithoutExtension(path); if (!skipAssert) { Assert.AreEqual(expected, actual); } } catch (Exception ex) { errorCnt++; Console.WriteLine("\tCaught [AlphaFS] {0}: [{1}]", ex.GetType().FullName, ex.Message.Replace(Environment.NewLine, " ")); } Console.WriteLine("\t AlphaFS : [{0}]", actual ?? "null"); } Console.WriteLine("\n{0}", UnitTestConstants.Reporter(true)); Assert.AreEqual(0, errorCnt, "Encountered paths where AlphaFS != System.IO"); }
protected override async Task <ExitCode> Run() { var modListPath = (AbsolutePath)Modlist; if (modListPath.Extension != Consts.ModListExtension && modListPath.FileName != (RelativePath)"modlist.txt") { return(CLIUtils.Exit($"The file {Modlist} is not a valid modlist file!", ExitCode.BadArguments)); } if (Copy && Move) { return(CLIUtils.Exit("You can't set both copy and move flags!", ExitCode.BadArguments)); } var isModlist = modListPath.Extension == Consts.ModListExtension; var list = new List <TransferFile>(); if (isModlist) { ModList modlist; try { modlist = AInstaller.LoadFromFile(modListPath); } catch (Exception e) { return(CLIUtils.Exit($"Error while loading the Modlist!\n{e}", ExitCode.Error)); } if (modlist == null) { return(CLIUtils.Exit("The Modlist could not be loaded!", ExitCode.Error)); } CLIUtils.Log($"Modlist contains {modlist.Archives.Count} archives."); modlist.Archives.Do(a => { var inputPath = Path.Combine(Input, a.Name); var outputPath = Path.Combine(Output, a.Name); if (!File.Exists(inputPath)) { CLIUtils.Log($"File {inputPath} does not exist, skipping."); return; } CLIUtils.Log($"Adding {inputPath} to the transfer list."); list.Add(new TransferFile(inputPath, outputPath)); var metaInputPath = Path.Combine(inputPath, ".meta"); var metaOutputPath = Path.Combine(outputPath, ".meta"); if (File.Exists(metaInputPath)) { CLIUtils.Log($"Found meta file {metaInputPath}"); if (IncludeMeta) { CLIUtils.Log($"Adding {metaInputPath} to the transfer list."); list.Add(new TransferFile(metaInputPath, metaOutputPath)); } else { CLIUtils.Log($"Meta file {metaInputPath} will be ignored."); } } else { CLIUtils.Log($"Found no meta file for {inputPath}"); if (IncludeMeta) { if (string.IsNullOrWhiteSpace(a.Meta)) { CLIUtils.Log($"Meta for {a.Name} is empty, this should not be possible but whatever."); return; } CLIUtils.Log("Adding meta from archive info the transfer list"); list.Add(new TransferFile(a.Meta, metaOutputPath, true)); } else { CLIUtils.Log($"Meta will be ignored for {a.Name}"); } } }); } else { if (!Directory.Exists(Mods)) { return(CLIUtils.Exit($"Mods directory {Mods} does not exist!", ExitCode.BadArguments)); } CLIUtils.Log($"Reading modlist.txt from {Modlist}"); string[] modlist = File.ReadAllLines(Modlist); if (modlist == null || modlist.Length == 0) { return(CLIUtils.Exit($"Provided modlist.txt file at {Modlist} is empty or could not be read!", ExitCode.BadArguments)); } var mods = modlist.Where(s => s.StartsWith("+")).Select(s => s.Substring(1)).ToHashSet(); if (mods.Count == 0) { return(CLIUtils.Exit("Counted mods from modlist.txt are 0!", ExitCode.BadArguments)); } CLIUtils.Log($"Found {mods.Count} mods in modlist.txt"); var downloads = new HashSet <string>(); Directory.EnumerateDirectories(Mods, "*", SearchOption.TopDirectoryOnly) .Where(d => mods.Contains(Path.GetRelativePath(Path.GetDirectoryName(d), d))) .Do(d => { var meta = Path.Combine(d, "meta.ini"); if (!File.Exists(meta)) { CLIUtils.Log($"Mod meta file {meta} does not exist, skipping"); return; } string[] ini = File.ReadAllLines(meta); if (ini == null || ini.Length == 0) { CLIUtils.Log($"Mod meta file {meta} could not be read or is empty!"); return; } ini.Where(i => !string.IsNullOrWhiteSpace(i) && i.StartsWith("installationFile=")) .Select(i => i.Replace("installationFile=", "")) .Do(i => { CLIUtils.Log($"Found installationFile {i}"); downloads.Add(i); }); }); CLIUtils.Log($"Found {downloads.Count} installationFiles from mod metas."); Directory.EnumerateFiles(Input, "*", SearchOption.TopDirectoryOnly) .Where(f => downloads.Contains(Path.GetFileNameWithoutExtension(f))) .Do(f => { CLIUtils.Log($"Found archive {f}"); var outputPath = Path.Combine(Output, Path.GetFileName(f)); CLIUtils.Log($"Adding {f} to the transfer list"); list.Add(new TransferFile(f, outputPath)); var metaInputPath = Path.Combine(f, ".meta"); if (File.Exists(metaInputPath)) { CLIUtils.Log($"Found meta file for {f} at {metaInputPath}"); if (IncludeMeta) { var metaOutputPath = Path.Combine(outputPath, ".meta"); CLIUtils.Log($"Adding {metaInputPath} to the transfer list."); list.Add(new TransferFile(metaInputPath, metaOutputPath)); } else { CLIUtils.Log("Meta file will be ignored"); } } else { CLIUtils.Log($"Found no meta file for {f}"); } }); } CLIUtils.Log($"Transfer list contains {list.Count} items"); var success = 0; var failed = 0; var skipped = 0; list.Do(f => { if (File.Exists(f.Output)) { if (Overwrite) { CLIUtils.Log($"Output file {f.Output} already exists, it will be overwritten"); if (f.IsMeta || Move) { CLIUtils.Log($"Deleting file at {f.Output}"); try { File.Delete(f.Output); } catch (Exception e) { CLIUtils.Log($"Could not delete file {f.Output}!\n{e}"); failed++; } } } else { CLIUtils.Log($"Output file {f.Output} already exists, skipping"); skipped++; return; } } if (f.IsMeta) { CLIUtils.Log($"Writing meta data to {f.Output}"); try { File.WriteAllText(f.Output, f.Input, Encoding.UTF8); success++; } catch (Exception e) { CLIUtils.Log($"Error while writing meta data to {f.Output}!\n{e}"); failed++; } } else { if (Copy) { CLIUtils.Log($"Copying file {f.Input} to {f.Output}"); try { File.Copy(f.Input, f.Output, Overwrite ? CopyOptions.None : CopyOptions.FailIfExists, CopyMoveProgressHandler, null); success++; } catch (Exception e) { CLIUtils.Log($"Error while copying file {f.Input} to {f.Output}!\n{e}"); failed++; } } else if (Move) { CLIUtils.Log($"Moving file {f.Input} to {f.Output}"); try { File.Move(f.Input, f.Output, Overwrite ? MoveOptions.ReplaceExisting : MoveOptions.None, CopyMoveProgressHandler, null); success++; } catch (Exception e) { CLIUtils.Log($"Error while moving file {f.Input} to {f.Output}!\n{e}"); failed++; } } } }); CLIUtils.Log($"Skipped transfers: {skipped}"); CLIUtils.Log($"Failed transfers: {failed}"); CLIUtils.Log($"Successful transfers: {success}"); return(0); }
private static void UpdateFromRepo() { Console.WriteLine(); _logger.Info( "Checking for updated maps at https://github.com/EricZimmerman/evtx/tree/master/evtx/Maps..."); Console.WriteLine(); var archivePath = Path.Combine(BaseDirectory, "____master.zip"); if (File.Exists(archivePath)) { File.Delete(archivePath); } using (var client = new WebClient()) { ServicePointManager.Expect100Continue = true; ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12; client.DownloadFile("https://github.com/EricZimmerman/evtx/archive/master.zip", archivePath); } var fff = new FastZip(); if (Directory.Exists(Path.Combine(BaseDirectory, "Maps")) == false) { Directory.CreateDirectory(Path.Combine(BaseDirectory, "Maps")); } var directoryFilter = "Maps"; // Will prompt to overwrite if target file names already exist fff.ExtractZip(archivePath, BaseDirectory, FastZip.Overwrite.Always, null, null, directoryFilter, true); if (File.Exists(archivePath)) { File.Delete(archivePath); } var newMapPath = Path.Combine(BaseDirectory, "evtx-master", "evtx", "Maps"); var orgMapPath = Path.Combine(BaseDirectory, "Maps"); var newMaps = Directory.GetFiles(newMapPath); var newlocalMaps = new List <string>(); var updatedlocalMaps = new List <string>(); if (File.Exists(Path.Combine(orgMapPath, "Security_4624.map"))) { _logger.Warn($"Old map format found. Zipping to '!!oldMaps.zip' and cleaning up old maps"); //old maps found, so zip em first var oldZip = Path.Combine(orgMapPath, "!!oldMaps.zip"); fff.CreateZip(oldZip, orgMapPath, false, @"\.map$"); foreach (var m in Directory.GetFiles(orgMapPath, "*.map")) { File.Delete(m); } } if (File.Exists(Path.Combine(orgMapPath, "!!!!README.txt"))) { File.Delete(Path.Combine(orgMapPath, "!!!!README.txt")); } foreach (var newMap in newMaps) { var mName = Path.GetFileName(newMap); var dest = Path.Combine(orgMapPath, mName); if (File.Exists(dest) == false) { //new target newlocalMaps.Add(mName); } else { //current destination file exists, so compare to new var fiNew = new FileInfo(newMap); var fi = new FileInfo(dest); if (fiNew.GetHash(HashType.SHA1) != fi.GetHash(HashType.SHA1)) { //updated file updatedlocalMaps.Add(mName); } } File.Copy(newMap, dest, CopyOptions.None); } if (newlocalMaps.Count > 0 || updatedlocalMaps.Count > 0) { _logger.Fatal("Updates found!"); Console.WriteLine(); if (newlocalMaps.Count > 0) { _logger.Error("New maps"); foreach (var newLocalMap in newlocalMaps) { _logger.Info(Path.GetFileNameWithoutExtension(newLocalMap)); } Console.WriteLine(); } if (updatedlocalMaps.Count > 0) { _logger.Error("Updated maps"); foreach (var um in updatedlocalMaps) { _logger.Info(Path.GetFileNameWithoutExtension(um)); } Console.WriteLine(); } Console.WriteLine(); } else { Console.WriteLine(); _logger.Info("No new maps available"); Console.WriteLine(); } Directory.Delete(Path.Combine(BaseDirectory, "evtx-master"), true); }
private static void Main(string[] args) { ExceptionlessClient.Default.Startup("x3MPpeQSBUUsXl3DjekRQ9kYjyN3cr5JuwdoOBpZ"); SetupNLog(); _keywords = new HashSet <string> { "temp", "tmp" }; _logger = LogManager.GetCurrentClassLogger(); _fluentCommandLineParser = new FluentCommandLineParser <ApplicationArguments> { IsCaseSensitive = false }; _fluentCommandLineParser.Setup(arg => arg.File) .As('f') .WithDescription("File to process. Either this or -d is required"); _fluentCommandLineParser.Setup(arg => arg.Directory) .As('d') .WithDescription("Directory to recursively process. Either this or -f is required"); _fluentCommandLineParser.Setup(arg => arg.Keywords) .As('k') .WithDescription( "Comma separated list of keywords to highlight in output. By default, 'temp' and 'tmp' are highlighted. Any additional keywords will be added to these."); _fluentCommandLineParser.Setup(arg => arg.OutFile) .As('o') .WithDescription( "When specified, save prefetch file bytes to the given path. Useful to look at decompressed Win10 files"); _fluentCommandLineParser.Setup(arg => arg.Quiet) .As('q') .WithDescription( "Do not dump full details about each file processed. Speeds up processing when using --json or --csv. Default is FALSE\r\n") .SetDefault(false); _fluentCommandLineParser.Setup(arg => arg.JsonDirectory) .As("json") .WithDescription( "Directory to save json representation to. Use --pretty for a more human readable layout"); _fluentCommandLineParser.Setup(arg => arg.CsvDirectory) .As("csv") .WithDescription( "Directory to save CSV results to. Be sure to include the full path in double quotes"); _fluentCommandLineParser.Setup(arg => arg.CsvName) .As("csvf") .WithDescription("File name to save CSV formatted results to. When present, overrides default name"); _fluentCommandLineParser.Setup(arg => arg.xHtmlDirectory) .As("html") .WithDescription( "Directory to save xhtml formatted results to. Be sure to include the full path in double quotes"); _fluentCommandLineParser.Setup(arg => arg.JsonPretty) .As("pretty") .WithDescription( "When exporting to json, use a more human readable layout. Default is FALSE\r\n").SetDefault(false); _fluentCommandLineParser.Setup(arg => arg.DateTimeFormat) .As("dt") .WithDescription( "The custom date/time format to use when displaying timestamps. See https://goo.gl/CNVq0k for options. Default is: yyyy-MM-dd HH:mm:ss") .SetDefault("yyyy-MM-dd HH:mm:ss"); _fluentCommandLineParser.Setup(arg => arg.PreciseTimestamps) .As("mp") .WithDescription( "When true, display higher precision for timestamps. Default is FALSE").SetDefault(false); var header = $"PECmd version {Assembly.GetExecutingAssembly().GetName().Version}" + "\r\n\r\nAuthor: Eric Zimmerman ([email protected])" + "\r\nhttps://github.com/EricZimmerman/PECmd"; var footer = @"Examples: PECmd.exe -f ""C:\Temp\CALC.EXE-3FBEF7FD.pf""" + "\r\n\t " + @" PECmd.exe -f ""C:\Temp\CALC.EXE-3FBEF7FD.pf"" --json ""D:\jsonOutput"" --jsonpretty" + "\r\n\t " + @" PECmd.exe -d ""C:\Temp"" -k ""system32, fonts""" + "\r\n\t " + @" PECmd.exe -d ""C:\Temp"" --csv ""c:\temp"" --csvf foo.csv --json c:\temp\json" + "\r\n\t " + @" PECmd.exe -d ""C:\Windows\Prefetch""" + "\r\n\t " + "\r\n\t" + " Short options (single letter) are prefixed with a single dash. Long commands are prefixed with two dashes\r\n"; _fluentCommandLineParser.SetupHelp("?", "help") .WithHeader(header) .Callback(text => _logger.Info(text + "\r\n" + footer)); var result = _fluentCommandLineParser.Parse(args); if (result.HelpCalled) { return; } if (result.HasErrors) { _logger.Error(""); _logger.Error(result.ErrorText); _fluentCommandLineParser.HelpOption.ShowHelp(_fluentCommandLineParser.Options); return; } if (UsefulExtension.IsNullOrEmpty(_fluentCommandLineParser.Object.File) && UsefulExtension.IsNullOrEmpty(_fluentCommandLineParser.Object.Directory)) { _fluentCommandLineParser.HelpOption.ShowHelp(_fluentCommandLineParser.Options); _logger.Warn("Either -f or -d is required. Exiting"); return; } if (UsefulExtension.IsNullOrEmpty(_fluentCommandLineParser.Object.File) == false && !File.Exists(_fluentCommandLineParser.Object.File)) { _logger.Warn($"File '{_fluentCommandLineParser.Object.File}' not found. Exiting"); return; } if (UsefulExtension.IsNullOrEmpty(_fluentCommandLineParser.Object.Directory) == false && !Directory.Exists(_fluentCommandLineParser.Object.Directory)) { _logger.Warn($"Directory '{_fluentCommandLineParser.Object.Directory}' not found. Exiting"); return; } if (_fluentCommandLineParser.Object.Keywords?.Length > 0) { var kws = _fluentCommandLineParser.Object.Keywords.ToLowerInvariant().Split(new[] { ',' }, StringSplitOptions.RemoveEmptyEntries); foreach (var kw in kws) { _keywords.Add(kw.Trim()); } } _logger.Info(header); _logger.Info(""); _logger.Info($"Command line: {string.Join(" ", Environment.GetCommandLineArgs().Skip(1))}"); if (IsAdministrator() == false) { _logger.Fatal("\r\nWarning: Administrator privileges not found!"); } _logger.Info(""); _logger.Info($"Keywords: {string.Join(", ", _keywords)}"); _logger.Info(""); if (_fluentCommandLineParser.Object.PreciseTimestamps) { _fluentCommandLineParser.Object.DateTimeFormat = _preciseTimeFormat; } _processedFiles = new List <IPrefetch>(); _failedFiles = new List <string>(); if (_fluentCommandLineParser.Object.File?.Length > 0) { IPrefetch pf = null; try { pf = LoadFile(_fluentCommandLineParser.Object.File); if (pf != null) { if (_fluentCommandLineParser.Object.OutFile.IsNullOrEmpty() == false) { try { if (Directory.Exists(Path.GetDirectoryName(_fluentCommandLineParser.Object.OutFile)) == false) { Directory.CreateDirectory( Path.GetDirectoryName(_fluentCommandLineParser.Object.OutFile)); } PrefetchFile.SavePrefetch(_fluentCommandLineParser.Object.OutFile, pf); _logger.Info($"Saved prefetch bytes to '{_fluentCommandLineParser.Object.OutFile}'"); } catch (Exception e) { _logger.Error($"Unable to save prefetch file. Error: {e.Message}"); } } _processedFiles.Add(pf); } } catch (UnauthorizedAccessException ex) { _logger.Error( $"Unable to access '{_fluentCommandLineParser.Object.File}'. Are you running as an administrator? Error: {ex.Message}"); } catch (Exception ex) { _logger.Error( $"Error getting prefetch files in '{_fluentCommandLineParser.Object.Directory}'. Error: {ex.Message}"); } } else { _logger.Info($"Looking for prefetch files in '{_fluentCommandLineParser.Object.Directory}'"); _logger.Info(""); string[] pfFiles = null; var f = new DirectoryEnumerationFilters(); f.InclusionFilter = fsei => { if (fsei.Extension.ToUpperInvariant() == ".PF") { return(true); } return(false); }; f.RecursionFilter = entryInfo => !entryInfo.IsMountPoint && !entryInfo.IsSymbolicLink; f.ErrorFilter = (errorCode, errorMessage, pathProcessed) => true; var dirEnumOptions = DirectoryEnumerationOptions.Files | DirectoryEnumerationOptions.Recursive | DirectoryEnumerationOptions.SkipReparsePoints | DirectoryEnumerationOptions.ContinueOnException | DirectoryEnumerationOptions.BasicSearch; var files2 = Alphaleonis.Win32.Filesystem.Directory.EnumerateFileSystemEntries(_fluentCommandLineParser.Object.Directory, dirEnumOptions, f); try { pfFiles = files2.ToArray(); //Directory.GetFiles(_fluentCommandLineParser.Object.Directory, "*.pf", SearchOption.AllDirectories); } catch (UnauthorizedAccessException ua) { _logger.Error( $"Unable to access '{_fluentCommandLineParser.Object.Directory}'. Are you running as an administrator? Error: {ua.Message}"); return; } catch (Exception ex) { _logger.Error( $"Error getting prefetch files in '{_fluentCommandLineParser.Object.Directory}'. Error: {ex.Message}"); return; } _logger.Info($"Found {pfFiles.Length:N0} Prefetch files"); _logger.Info(""); var sw = new Stopwatch(); sw.Start(); foreach (var file in pfFiles) { var pf = LoadFile(file); if (pf != null) { _processedFiles.Add(pf); } } sw.Stop(); if (_fluentCommandLineParser.Object.Quiet) { _logger.Info(""); } _logger.Info( $"Processed {pfFiles.Length - _failedFiles.Count:N0} out of {pfFiles.Length:N0} files in {sw.Elapsed.TotalSeconds:N4} seconds"); if (_failedFiles.Count > 0) { _logger.Info(""); _logger.Warn("Failed files"); foreach (var failedFile in _failedFiles) { _logger.Info($" {failedFile}"); } } } if (_processedFiles.Count > 0) { _logger.Info(""); try { CsvWriter csv = null; StreamWriter streamWriter = null; CsvWriter csvTl = null; StreamWriter streamWriterTl = null; if (_fluentCommandLineParser.Object.CsvDirectory?.Length > 0) { var outName = $"{DateTimeOffset.Now:yyyyMMddHHmmss}_PECmd_Output.csv"; if (_fluentCommandLineParser.Object.CsvName.IsNullOrEmpty() == false) { outName = Path.GetFileName(_fluentCommandLineParser.Object.CsvName); } var outNameTl = $"{DateTimeOffset.Now:yyyyMMddHHmmss}_PECmd_Output_Timeline.csv"; if (_fluentCommandLineParser.Object.CsvName.IsNullOrEmpty() == false) { outNameTl = $"{Path.GetFileNameWithoutExtension(_fluentCommandLineParser.Object.CsvName)}_Timeline{Path.GetExtension(_fluentCommandLineParser.Object.CsvName)}"; } var outFile = Path.Combine(_fluentCommandLineParser.Object.CsvDirectory, outName); var outFileTl = Path.Combine(_fluentCommandLineParser.Object.CsvDirectory, outNameTl); if (Directory.Exists(_fluentCommandLineParser.Object.CsvDirectory) == false) { _logger.Warn( $"Path to '{_fluentCommandLineParser.Object.CsvDirectory}' does not exist. Creating..."); Directory.CreateDirectory(_fluentCommandLineParser.Object.CsvDirectory); } _logger.Warn($"CSV output will be saved to '{outFile}'"); _logger.Warn($"CSV time line output will be saved to '{outFileTl}'"); try { streamWriter = new StreamWriter(outFile); csv = new CsvWriter(streamWriter); csv.WriteHeader(typeof(CsvOut)); csv.NextRecord(); streamWriterTl = new StreamWriter(outFileTl); csvTl = new CsvWriter(streamWriterTl); csvTl.WriteHeader(typeof(CsvOutTl)); csvTl.NextRecord(); } catch (Exception ex) { _logger.Error( $"Unable to open '{outFile}' for writing. CSV export canceled. Error: {ex.Message}"); } } if (_fluentCommandLineParser.Object.JsonDirectory?.Length > 0) { if (Directory.Exists(_fluentCommandLineParser.Object.JsonDirectory) == false) { _logger.Warn( $"'{_fluentCommandLineParser.Object.JsonDirectory} does not exist. Creating...'"); Directory.CreateDirectory(_fluentCommandLineParser.Object.JsonDirectory); } _logger.Warn($"Saving json output to '{_fluentCommandLineParser.Object.JsonDirectory}'"); } XmlTextWriter xml = null; if (_fluentCommandLineParser.Object.xHtmlDirectory?.Length > 0) { if (Directory.Exists(_fluentCommandLineParser.Object.xHtmlDirectory) == false) { _logger.Warn( $"'{_fluentCommandLineParser.Object.xHtmlDirectory} does not exist. Creating...'"); Directory.CreateDirectory(_fluentCommandLineParser.Object.xHtmlDirectory); } var outDir = Path.Combine(_fluentCommandLineParser.Object.xHtmlDirectory, $"{DateTimeOffset.UtcNow:yyyyMMddHHmmss}_PECmd_Output_for_{_fluentCommandLineParser.Object.xHtmlDirectory.Replace(@":\", "_").Replace(@"\", "_")}"); if (Directory.Exists(outDir) == false) { Directory.CreateDirectory(outDir); } var styleDir = Path.Combine(outDir, "styles"); if (Directory.Exists(styleDir) == false) { Directory.CreateDirectory(styleDir); } File.WriteAllText(Path.Combine(styleDir, "normalize.css"), Resources.normalize); File.WriteAllText(Path.Combine(styleDir, "style.css"), Resources.style); Resources.directories.Save(Path.Combine(styleDir, "directories.png")); Resources.filesloaded.Save(Path.Combine(styleDir, "filesloaded.png")); var outFile = Path.Combine(_fluentCommandLineParser.Object.xHtmlDirectory, outDir, "index.xhtml"); _logger.Warn($"Saving HTML output to '{outFile}'"); xml = new XmlTextWriter(outFile, Encoding.UTF8) { Formatting = Formatting.Indented, Indentation = 4 }; xml.WriteStartDocument(); xml.WriteProcessingInstruction("xml-stylesheet", "href=\"styles/normalize.css\""); xml.WriteProcessingInstruction("xml-stylesheet", "href=\"styles/style.css\""); xml.WriteStartElement("document"); } if (_fluentCommandLineParser.Object.CsvDirectory.IsNullOrEmpty() == false || _fluentCommandLineParser.Object.JsonDirectory.IsNullOrEmpty() == false || _fluentCommandLineParser.Object.xHtmlDirectory.IsNullOrEmpty() == false) { foreach (var processedFile in _processedFiles) { var o = GetCsvFormat(processedFile); try { foreach (var dateTimeOffset in processedFile.LastRunTimes) { var t = new CsvOutTl(); var exePath = processedFile.Filenames.FirstOrDefault( y => y.EndsWith(processedFile.Header.ExecutableFilename)); if (exePath == null) { exePath = processedFile.Header.ExecutableFilename; } t.ExecutableName = exePath; t.RunTime = dateTimeOffset.ToString(_fluentCommandLineParser.Object.DateTimeFormat); csvTl?.WriteRecord(t); csvTl?.NextRecord(); } } catch (Exception ex) { _logger.Error( $"Error getting time line record for '{processedFile.SourceFilename}' to '{_fluentCommandLineParser.Object.CsvDirectory}'. Error: {ex.Message}"); } try { csv?.WriteRecord(o); csv?.NextRecord(); } catch (Exception ex) { _logger.Error( $"Error writing CSV record for '{processedFile.SourceFilename}' to '{_fluentCommandLineParser.Object.CsvDirectory}'. Error: {ex.Message}"); } if (_fluentCommandLineParser.Object.JsonDirectory?.Length > 0) { SaveJson(processedFile, _fluentCommandLineParser.Object.JsonPretty, _fluentCommandLineParser.Object.JsonDirectory); } //XHTML xml?.WriteStartElement("Container"); xml?.WriteElementString("SourceFile", o.SourceFilename); xml?.WriteElementString("SourceCreated", o.SourceCreated); xml?.WriteElementString("SourceModified", o.SourceModified); xml?.WriteElementString("SourceAccessed", o.SourceAccessed); xml?.WriteElementString("LastRun", o.LastRun); xml?.WriteElementString("PreviousRun0", $"{o.PreviousRun0}"); xml?.WriteElementString("PreviousRun1", $"{o.PreviousRun1}"); xml?.WriteElementString("PreviousRun2", $"{o.PreviousRun2}"); xml?.WriteElementString("PreviousRun3", $"{o.PreviousRun3}"); xml?.WriteElementString("PreviousRun4", $"{o.PreviousRun4}"); xml?.WriteElementString("PreviousRun5", $"{o.PreviousRun5}"); xml?.WriteElementString("PreviousRun6", $"{o.PreviousRun6}"); xml?.WriteStartElement("ExecutableName"); xml?.WriteAttributeString("title", "Note: The name of the executable tracked by the pf file"); xml?.WriteString(o.ExecutableName); xml?.WriteEndElement(); xml?.WriteElementString("RunCount", $"{o.RunCount}"); xml?.WriteStartElement("Size"); xml?.WriteAttributeString("title", "Note: The size of the executable in bytes"); xml?.WriteString(o.Size); xml?.WriteEndElement(); xml?.WriteStartElement("Hash"); xml?.WriteAttributeString("title", "Note: The calculated hash for the pf file that should match the hash in the source file name"); xml?.WriteString(o.Hash); xml?.WriteEndElement(); xml?.WriteStartElement("Version"); xml?.WriteAttributeString("title", "Note: The operating system that generated the prefetch file"); xml?.WriteString(o.Version); xml?.WriteEndElement(); xml?.WriteElementString("Note", o.Note); xml?.WriteElementString("Volume0Name", o.Volume0Name); xml?.WriteElementString("Volume0Serial", o.Volume0Serial); xml?.WriteElementString("Volume0Created", o.Volume0Created); xml?.WriteElementString("Volume1Name", o.Volume1Name); xml?.WriteElementString("Volume1Serial", o.Volume1Serial); xml?.WriteElementString("Volume1Created", o.Volume1Created); xml?.WriteStartElement("Directories"); xml?.WriteAttributeString("title", "A comma separated list of all directories accessed by the executable"); xml?.WriteString(o.Directories); xml?.WriteEndElement(); xml?.WriteStartElement("FilesLoaded"); xml?.WriteAttributeString("title", "A comma separated list of all files that were loaded by the executable"); xml?.WriteString(o.FilesLoaded); xml?.WriteEndElement(); xml?.WriteEndElement(); } //Close CSV stuff streamWriter?.Flush(); streamWriter?.Close(); streamWriterTl?.Flush(); streamWriterTl?.Close(); //Close XML xml?.WriteEndElement(); xml?.WriteEndDocument(); xml?.Flush(); } } catch (Exception ex) { _logger.Error($"Error exporting data! Error: {ex.Message}"); } } }
// 解析告警图片文件夹 private List <AlarmImage> ParseAlarmImage(string alarmImagePath) { if (Directory.Exists(alarmImagePath)) { List <AlarmImage> images = new List <AlarmImage>(); // 递归获取所有jpg文件 string[] alarmImages = Utility.Director(alarmImagePath).Where(f => { string ex = Path.GetExtension(f); return(ex == ".jpg" || ex == ".png" || ex == ".bmp"); }).ToArray(); // 图片命名方式: 视频名___事件_帧号.jpg int _id = 0; List <string> error_msg = new List <string>(); foreach (string img in alarmImages) { string name = Path.GetFileNameWithoutExtension(img); string[] strs = Regex.Split(name, "___", RegexOptions.IgnoreCase); if (strs.Length < 2) { //MessageWindow.Show("告警图片命名格式错误\n" + img, this); error_msg.Add(img); continue; } string[] infos = strs[1].Split('_'); string _scene; string _incident = infos[0]; string _video = strs[0]; var _list = videoInfoList.Where(f => Path.GetFileNameWithoutExtension(f.VideoName) == _video).ToList(); if (_list.Count > 0) { _video = _list[0].VideoName; _scene = _list[0].Scene; } else { _video += ".h264"; _scene = "UnKnown"; } // 场景下拉列表 if (Scenes.Count(item => item.Name == _scene) == 0) { Scenes.Add(new SceneItem { Display = _scene, Name = _scene }); } // 事件类型下拉列表 if (Incidents.Count(item => item.Name == _incident) == 0) { Incidents.Add(new IncidentItem { Display = _incident, Name = _incident }); } var _alarmDataItem = new AlarmImage { ID = _id++, ImagePath = img, Video = _video, Scene = _scene, Incident = _incident, Frame = Convert.ToInt32(infos[1]), State = DetectType.UnKnown, IncidentCount = 0 }; images.Add(_alarmDataItem); } // 错误信息 if (error_msg.Count > 0) { StringBuilder error_str = new StringBuilder("告警图片格式错误:" + "\n"); error_msg.ForEach(it => error_str.Append(it + "\n")); MessageWindow.Show(error_str.ToString()); } return(images); } else { MessageWindow.ShowDialog($"无法访问告警图片文件夹 [{alarmImagePath}]", this); } return(null); }
private static void UpdateFromRepo() { Console.WriteLine(); Log.Information("Checking for updated maps at {Url}...", "https://github.com/EricZimmerman/evtx/tree/master/evtx/Maps"); Console.WriteLine(); var archivePath = Path.Combine(BaseDirectory, "____master.zip"); if (File.Exists(archivePath)) { File.Delete(archivePath); } // using (var client = new WebClient()) // { // ServicePointManager.Expect100Continue = true; // ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12; // client.DownloadFile("https://github.com/EricZimmerman/evtx/archive/master.zip", archivePath); // } "https://github.com/EricZimmerman/evtx/archive/master.zip".DownloadFileTo(archivePath); var fff = new FastZip(); if (Directory.Exists(Path.Combine(BaseDirectory, "Maps")) == false) { Directory.CreateDirectory(Path.Combine(BaseDirectory, "Maps")); } var directoryFilter = "Maps"; // Will prompt to overwrite if target file names already exist fff.ExtractZip(archivePath, BaseDirectory, FastZip.Overwrite.Always, null, null, directoryFilter, true); if (File.Exists(archivePath)) { File.Delete(archivePath); } var newMapPath = Path.Combine(BaseDirectory, "evtx-master", "evtx", "Maps"); var orgMapPath = Path.Combine(BaseDirectory, "Maps"); var newMaps = Directory.GetFiles(newMapPath); var newLocalMaps = new List <string>(); var updatedLocalMaps = new List <string>(); if (File.Exists(Path.Combine(orgMapPath, "Security_4624.map"))) { Log.Warning("Old map format found. Zipping to {Old} and cleaning up old maps", "!!oldMaps.zip"); //old maps found, so zip em first var oldZip = Path.Combine(orgMapPath, "!!oldMaps.zip"); fff.CreateZip(oldZip, orgMapPath, false, @"\.map$"); foreach (var m in Directory.GetFiles(orgMapPath, "*.map")) { File.Delete(m); } } if (File.Exists(Path.Combine(orgMapPath, "!!!!README.txt"))) { File.Delete(Path.Combine(orgMapPath, "!!!!README.txt")); } foreach (var newMap in newMaps) { var mName = Path.GetFileName(newMap); var dest = Path.Combine(orgMapPath, mName); if (File.Exists(dest) == false) { //new target newLocalMaps.Add(mName); } else { //current destination file exists, so compare to new var s1 = new StreamReader(newMap); var newSha = Helper.GetSha1FromStream(s1.BaseStream, 0); var s2 = new StreamReader(dest); var destSha = Helper.GetSha1FromStream(s2.BaseStream, 0); s2.Close(); s1.Close(); if (newSha != destSha) { //updated file updatedLocalMaps.Add(mName); } } #if !NET6_0 File.Copy(newMap, dest, CopyOptions.None); #else File.Copy(newMap, dest, true); #endif } if (newLocalMaps.Count > 0 || updatedLocalMaps.Count > 0) { Log.Information("Updates found!"); Console.WriteLine(); if (newLocalMaps.Count > 0) { Log.Information("New maps"); foreach (var newLocalMap in newLocalMaps) { Log.Information("{File}", Path.GetFileNameWithoutExtension(newLocalMap)); } Console.WriteLine(); } if (updatedLocalMaps.Count > 0) { Log.Information("Updated maps"); foreach (var um in updatedLocalMaps) { Log.Information("{File}", Path.GetFileNameWithoutExtension(um)); } Console.WriteLine(); } Console.WriteLine(); } else { Console.WriteLine(); Log.Information("No new maps available"); Console.WriteLine(); } Directory.Delete(Path.Combine(BaseDirectory, "evtx-master"), true); }
static Utils() { if (!Directory.Exists(Consts.LocalAppDataPath)) { Directory.CreateDirectory(Consts.LocalAppDataPath); } if (!Directory.Exists(Consts.LogsFolder)) { Directory.CreateDirectory(Consts.LogsFolder); } var programName = Assembly.GetEntryAssembly()?.Location ?? "Wabbajack"; LogFile = Path.Combine(Consts.LogsFolder, Path.GetFileNameWithoutExtension(programName) + ".current.log"); _startTime = DateTime.Now; if (LogFile.FileExists()) { var newPath = Path.Combine(Consts.LogsFolder, Path.GetFileNameWithoutExtension(programName) + new FileInfo(LogFile).LastWriteTime.ToString(" yyyy-MM-dd HH_mm_ss") + ".log"); File.Move(LogFile, newPath, MoveOptions.ReplaceExisting); } var logFiles = Directory.GetFiles(Consts.LogsFolder); if (logFiles.Length >= Consts.MaxOldLogs) { Log($"Maximum amount of old logs reached ({logFiles.Length} >= {Consts.MaxOldLogs})"); var filesToDelete = logFiles .Where(File.Exists) .OrderBy(f => { var fi = new FileInfo(f); return(fi.LastWriteTime); }).Take(logFiles.Length - Consts.MaxOldLogs).ToList(); Log($"Found {filesToDelete.Count} old log files to delete"); var success = 0; var failed = 0; filesToDelete.Do(f => { try { File.Delete(f); success++; } catch (Exception e) { failed++; Log($"Could not delete log at {f}!\n{e}"); } }); Log($"Deleted {success} log files, failed to delete {failed} logs"); } var watcher = new FileSystemWatcher(Consts.LocalAppDataPath); AppLocalEvents = Observable.Merge(Observable.FromEventPattern <FileSystemEventHandler, FileSystemEventArgs>(h => watcher.Changed += h, h => watcher.Changed -= h).Select(e => (FileEventType.Changed, e.EventArgs)), Observable.FromEventPattern <FileSystemEventHandler, FileSystemEventArgs>(h => watcher.Created += h, h => watcher.Created -= h).Select(e => (FileEventType.Created, e.EventArgs)), Observable.FromEventPattern <FileSystemEventHandler, FileSystemEventArgs>(h => watcher.Deleted += h, h => watcher.Deleted -= h).Select(e => (FileEventType.Deleted, e.EventArgs))) .ObserveOn(RxApp.TaskpoolScheduler); watcher.EnableRaisingEvents = true; }