internal void LoadFile(string filename, Folder f)
{
FileEntry fileEntry = f.searchForFile(filename);
if (fileEntry == null)
{
fileEntry = f.searchForFile(filename + ".md");
if (fileEntry == null)
{
this.State = MemoryForensicsExe.MemForensicsState.Error;
this.ErrorMessage = string.Format(LocaleTerms.Loc("File {0} not found in current folder!"), (object)filename);
return;
}
}
try
{
this.ActiveMem = MemoryContents.GetMemoryFromEncodedFileString(fileEntry.data);
this.filenameLoaded = filename;
this.State = MemoryForensicsExe.MemForensicsState.ReadingFile;
this.timeInCurrentState = 0.0f;
}
catch (Exception ex)
{
this.State = MemoryForensicsExe.MemForensicsState.Error;
this.ErrorMessage = LocaleTerms.Loc("Error deserializing memory dump.") + "\r\n\r\n" + Utils.GenerateReportFromException(ex);
}
}
private void DownloadMemoryDump()
{
string encodedFileString = this.target.Memory.GetEncodedFileString();
if (this.os.thisComputer == this.target)
{
List <string> stringList = new List <string>();
for (int index = 0; index < this.os.exes.Count; ++index)
{
NotesExe ex = this.os.exes[index] as NotesExe;
if (ex != null)
{
stringList.AddRange((IEnumerable <string>)ex.notes);
}
}
encodedFileString = new MemoryContents()
{
DataBlocks = new List <string>((IEnumerable <string>)stringList.ToArray()),
CommandsRun = this.os.terminal.GetRecentTerminalHistoryList()
}.GetEncodedFileString();
}
string reportFilename = this.getReportFilename(this.target.name);
Folder folder = this.os.thisComputer.files.root.searchForFolder("home");
Folder f = folder.searchForFolder("MemDumps");
if (f == null)
{
folder.folders.Add(new Folder("MemDumps"));
f = folder.searchForFolder("MemDumps");
}
string repeatingFilename = Utils.GetNonRepeatingFilename(reportFilename, ".mem", f);
f.files.Add(new FileEntry(encodedFileString, repeatingFilename));
this.savedFileName = "home/MemDumps/" + repeatingFilename;
}
public static void InjectMemory(string memoryFilepath, object computer)
{
using (FileStream fileStream = File.OpenRead(memoryFilepath))
{
MemoryContents memoryContents = MemoryContents.Deserialize(XmlReader.Create((Stream)fileStream));
((Computer)computer).Memory = memoryContents;
}
}
public static MemoryContents Deserialize(XmlReader rdr)
{
MemoryContents ret = new MemoryContents();
while (rdr.Name != "Memory")
{
rdr.Read();
if (rdr.EOF)
{
throw new FormatException("Unexpected end of file looking for start of Memory tag");
}
}
do
{
rdr.Read();
if (rdr.Name == "Memory" && !rdr.IsStartElement())
{
return(ret);
}
Utils.ProcessXmlElementInParent(rdr, "Commands", "Command", (Action)(() =>
{
int content = (int)rdr.MoveToContent();
string s = rdr.ReadElementContentAsString();
if (s.Contains("\n"))
{
string[] strArray = s.Split(Utils.robustNewlineDelim, StringSplitOptions.None);
for (int index = 0; index < strArray.Length; ++index)
{
if (string.IsNullOrEmpty(strArray[index]))
{
strArray[index] = " ";
}
ret.CommandsRun.Add(ComputerLoader.filter(Folder.deFilter(strArray[index])));
}
}
else
{
ret.CommandsRun.Add(ComputerLoader.filter(Folder.deFilter(s)));
}
}));
Utils.ProcessXmlElementInParent(rdr, "Data", "Block", (Action)(() =>
{
int content = (int)rdr.MoveToContent();
ret.DataBlocks.Add(ComputerLoader.filter(Folder.deFilter(rdr.ReadElementContentAsString())));
}));
Utils.ProcessXmlElementInParent(rdr, "FileFragments", "File", (Action)(() =>
{
string s1 = "UNKNOWN";
if (rdr.MoveToAttribute("name"))
{
s1 = rdr.ReadContentAsString();
}
int content = (int)rdr.MoveToContent();
string s2 = rdr.ReadElementContentAsString();
ret.FileFragments.Add(new KeyValuePair <string, string>(Folder.deFilter(s1), Folder.deFilter(s2)));
}));
Utils.ProcessXmlElementInParent(rdr, "Images", "Image", (Action)(() =>
{
int content = (int)rdr.MoveToContent();
ret.Images.Add(Folder.deFilter(rdr.ReadElementContentAsString()));
}));
}while (!rdr.EOF);
throw new FormatException("Unexpected end of file trying to deserialize memory contents!");
}
public string TestEqualsWithErrorReport(MemoryContents other)
{
string str1 = "";
if (other == null)
{
return("Other memory object is null!");
}
if (other.DataBlocks.Count == this.DataBlocks.Count)
{
for (int index = 0; index < this.DataBlocks.Count; ++index)
{
if (other.DataBlocks[index] != this.DataBlocks[index])
{
str1 = str1 + "Data block difference for item " + (object)index + " - mismatch";
}
}
}
else
{
str1 = str1 + "Datablock count difference - found " + (object)other.DataBlocks.Count + " - expected " + (object)this.DataBlocks.Count;
}
if (other.CommandsRun.Count == this.CommandsRun.Count)
{
for (int index = 0; index < this.CommandsRun.Count; ++index)
{
if (other.CommandsRun[index] != this.CommandsRun[index])
{
str1 = str1 + "\n\nCommandsRun difference for item " + (object)index + " - mismatch.\nFound " + other.CommandsRun[index] + " :vs: " + this.CommandsRun[index] + "\n";
}
}
}
else
{
str1 = str1 + "CommandsRun count difference - found " + (object)other.CommandsRun.Count + " - expected " + (object)this.CommandsRun.Count;
}
if (other.FileFragments.Count == this.FileFragments.Count)
{
for (int index = 0; index < this.FileFragments.Count; ++index)
{
KeyValuePair <string, string> fileFragment = other.FileFragments[index];
string key1 = fileFragment.Key;
fileFragment = this.FileFragments[index];
string key2 = fileFragment.Key;
if (key1 != key2)
{
str1 = str1 + "FileFragments difference for item " + (object)index + " - key mismatch";
}
fileFragment = other.FileFragments[index];
string str2 = fileFragment.Value;
fileFragment = this.FileFragments[index];
string str3 = fileFragment.Value;
if (str2 != str3)
{
str1 = str1 + "FileFragments difference for item " + (object)index + " - Value mismatch";
}
}
}
else
{
str1 = str1 + "FileFragments count difference - found " + (object)other.FileFragments.Count + " - expected " + (object)this.FileFragments.Count;
}
if (other.Images.Count == this.Images.Count)
{
for (int index = 0; index < this.Images.Count; ++index)
{
if (other.Images[index] != this.Images[index])
{
str1 = str1 + "\n\nImages difference for item " + (object)index + " - mismatch.\nFound " + other.Images[index] + " :vs: " + this.Images[index] + "\n";
}
}
}
else
{
str1 = str1 + "Images count difference - found " + (object)other.Images.Count + " - expected " + (object)this.Images.Count;
}
return(str1);
}
public static MemoryContents GetMemoryFromEncodedFileString(string data)
{
using (Stream streamFromString = Utils.GenerateStreamFromString(MemoryContents.ReExpandSaveString(FileEncrypter.DecryptString(data.Substring("MEMORY_DUMP : FORMAT v1.22 ----------\n\n".Length + 400 + 2), "19474-217316293")[2])))
return(MemoryContents.Deserialize(XmlReader.Create(streamFromString)));
}
