Exemplos de PowerForensics.Artifacts RecentDocs em C# (CSharp)

Linguagem de programação: C# (CSharp)

Espaço para nome / nome do pacote: PowerForensics.Artifacts

Classe / Tipo: RecentDocs

Exemplos em hotexamples.com: 2

PowerForensics.Artifacts RecentDocs em C# (CSharp) - 2 exemplos encontrados. Esses são os exemplos do mundo real mais bem avaliados de PowerForensics.Artifacts.RecentDocs em C# (CSharp) extraídos de projetos de código aberto. Você pode avaliar os exemplos para nos ajudar a melhorar a qualidade deles.

Relacionados

userServices.ZipQueryType

TelegramChat

TfsProject

IPimaticClientFactory

FacebookScope

TrinaryInt32Control

AesBasicCrypto_StorageOverride

ColorsController

global::Ponita.UWP.Ponita_UWP_XamlTypeInfo.XamlTypeInfoProvider

Related in langs

JDHelper (PHP)

wptouch_get_locale (PHP)

lock_suspend_event (C++)

load_icode_read (C++)

GetResponseWriter (Go)

GetDeviceIP (Go)

JFileChooser (Java)

HookManager (Java)

Request (Python)

main (Python)

Exemplo n.º 1

0

Exibir arquivo

public static RecentDocs[] Get(string hivePath) { if (RegistryHelper.isCorrectHive(hivePath, "NTUSER.DAT")) { string user = RegistryHelper.GetUserHiveOwner(hivePath); byte[] bytes = RegistryHelper.GetHiveBytes(hivePath); string key = @"Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs"; NamedKey RecentDocsKey = NamedKey.Get(bytes, hivePath, @"Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs"); ValueKey MRUListEx = ValueKey.Get(bytes, hivePath, key, "MRUListEx"); byte[] MRUListBytes = (byte[])MRUListEx.GetData(bytes); RecentDocs[] docs = new RecentDocs[MRUListBytes.Length / 4]; for (int i = 0; i < MRUListBytes.Length - 4; i += 4) { if (i == 0) { docs[i / 4] = new RecentDocs(user, Encoding.Unicode.GetString((byte[])ValueKey.Get(bytes, hivePath, key, BitConverter.ToInt32(MRUListBytes, i).ToString()).GetData(bytes)).Split('\0')[0], RecentDocsKey.WriteTime); } else { docs[i / 4] = new RecentDocs(user, Encoding.Unicode.GetString((byte[])ValueKey.Get(bytes, hivePath, key, BitConverter.ToInt32(MRUListBytes, i).ToString()).GetData(bytes)).Split('\0')[0]); } } return(docs); } else { throw new Exception("Invalid NTUSER.DAT hive provided to the -HivePath parameter."); } }

Exemplo n.º 2

0

Exibir arquivo

Arquivo: RecentDocs.cs Projeto: JamesHabben/PowerForensics

public static RecentDocs[] Get(string hivePath) { if (RegistryHelper.isCorrectHive(hivePath, "NTUSER.DAT")) { string user = RegistryHelper.GetUserHiveOwner(hivePath); byte[] bytes = RegistryHelper.GetHiveBytes(hivePath); string key = @"Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs"; NamedKey RecentDocsKey = NamedKey.Get(bytes, hivePath, @"Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs"); ValueKey MRUListEx = ValueKey.Get(bytes, hivePath, key, "MRUListEx"); byte[] MRUListBytes = (byte[])MRUListEx.GetData(bytes); RecentDocs[] docs = new RecentDocs[MRUListBytes.Length / 4]; for (int i = 0; i < MRUListBytes.Length - 4; i += 4) { if(i == 0) { docs[i / 4] = new RecentDocs(user, Encoding.Unicode.GetString((byte[])ValueKey.Get(bytes, hivePath, key, BitConverter.ToInt32(MRUListBytes, i).ToString()).GetData(bytes)).Split('\0')[0], RecentDocsKey.WriteTime); } else { docs[i / 4] = new RecentDocs(user, Encoding.Unicode.GetString((byte[])ValueKey.Get(bytes, hivePath, key, BitConverter.ToInt32(MRUListBytes, i).ToString()).GetData(bytes)).Split('\0')[0]); } } return docs; } else { throw new Exception("Invalid NTUSER.DAT hive provided to the -HivePath parameter."); } }