public Packet(byte[] input, int opcode, DateTime time, Direction direction, int number, SniffFileInfo fileInfo)
: base(new MemoryStream(input, 0, input.Length), Encoding.UTF8)
{
Opcode = opcode;
Time = time;
Direction = direction;
Number = number;
Writer = new StringWriter();
SniffFileInfo = fileInfo;
Status = ParsedStatus.None;
WriteToFile = true;
}
public Packet Read(int number, SniffFileInfo fileInfo)
{
var opcode = _reader.GetInt32(0);
var time = _reader.GetDateTime(1);
var direction = (Direction)_reader.GetInt32(2);
object blob = _reader.GetValue(3);
if (DBNull.Value.Equals(blob))
return null;
var data = (byte[])blob;
return new Packet(data, opcode, time, direction, number, fileInfo);
}
private static void ReadFile(string file, Storage globalStorage, Builder globalBuilder, string prefix)
{
// If our dump format requires a .txt to be created,
// check if we can write to that .txt before starting parsing
if (Settings.DumpFormat != DumpFormatType.Bin && Settings.DumpFormat != DumpFormatType.Pkt)
{
var outFileName = Path.ChangeExtension(file, null) + "_parsed.txt";
if (Utilities.FileIsInUse(outFileName))
{
Trace.WriteLine(string.Format("Save file {0} is in use, parsing will not be done.", outFileName));
return;
}
}
var stuffing = globalStorage ?? new Storage();
var fileInfo = new SniffFileInfo { FileName = file, Storage = stuffing };
var fileName = Path.GetFileName(fileInfo.FileName);
Trace.WriteLine(string.Format("{0}: Reading packets...", prefix));
Builder builder = globalBuilder ?? (Settings.SQLOutput > 0 ? new Builder(stuffing) : null);
try
{
var packets = Reader.Read(fileInfo);
if (packets.Count == 0)
{
Trace.WriteLine(string.Format("{0}: Packet count is 0", prefix));
return;
}
if (Settings.DumpFormat == DumpFormatType.Bin || Settings.DumpFormat == DumpFormatType.Pkt)
{
SniffType format = Settings.DumpFormat == DumpFormatType.Bin ? SniffType.Bin : SniffType.Pkt;
var fileExtension = Settings.DumpFormat.ToString().ToLower();
if (Settings.SplitOutput)
{
Trace.WriteLine(string.Format("{0}: Splitting {1} packets to multiple files in {2} format...", prefix, packets.Count, fileExtension));
SplitBinaryPacketWriter.Write(packets, Encoding.ASCII);
}
else
{
Trace.WriteLine(string.Format("{0}: Copying {1} packets to .{2} format...", prefix, packets.Count, fileExtension));
var dumpFileName = Path.ChangeExtension(file, null) + "_excerpt." + fileExtension;
var writer = new BinaryPacketWriter(format, dumpFileName, Encoding.ASCII);
writer.Write(packets);
}
}
else
{
Trace.WriteLine(string.Format("{0}: Parsing {1} packets. Assumed version {2}", prefix, packets.Count, ClientVersion.GetVersionString()));
var total = (uint)packets.Count;
var startTime = DateTime.Now;
var outFileName = Path.ChangeExtension(file, null) + "_parsed";
var outLogFileName = outFileName + ".txt";
bool headersOnly = Settings.DumpFormat == DumpFormatType.TextHeader || Settings.DumpFormat == DumpFormatType.SummaryHeader;
if (Settings.Threads == 0) // Number of threads is automatically choosen by the Parallel library
packets.AsParallel().SetCulture().ForAll(packet => Handler.Parse(packet, headersOnly));
else
packets.AsParallel().SetCulture().WithDegreeOfParallelism(Settings.Threads).ForAll(packet => Handler.Parse(packet, headersOnly));
if (Settings.SQLOutput > 0 && globalStorage == null) // No global Storage, write sql data to particular sql file
{
var outSqlFileName = outFileName + ".sql";
DumpSQLs(fileName, outSqlFileName, builder, Settings.SQLOutput);
}
if (Settings.DumpFormat != DumpFormatType.None)
{
Trace.WriteLine(string.Format("{0}: Saved file to '{1}'", prefix, outLogFileName));
Handler.WriteToFile(packets, outLogFileName);
}
// Force to close the StringWriter to improve mem use
foreach(var packet in packets)
packet.CloseWriter();
if (Settings.StatsOutput == StatsOutputFlags.None)
return;
var span = DateTime.Now.Subtract(startTime);
var statsOk = 0;
var statsError = 0;
var statsSkip = 0;
foreach (var packet in packets)
{
if (!packet.WriteToFile)
statsSkip++;
else
{
switch (packet.Status)
{
case ParsedStatus.Success:
statsOk++;
break;
case ParsedStatus.WithErrors:
statsError++;
break;
case ParsedStatus.NotParsed:
statsSkip++;
break;
}
}
}
if (Settings.StatsOutput.HasAnyFlag(StatsOutputFlags.Global))
{
lock (_lockStats)
{
_globalStatsOk = statsOk;
_globalStatsError = statsError;
_globalStatsSkip = statsSkip;
_globalStatsTotal = (int)total;
}
}
if (Settings.StatsOutput.HasAnyFlag(StatsOutputFlags.Local))
{
Trace.WriteLine(string.Format("{0}: Parsed {1:F3}% packets successfully, {2:F3}% with errors and skipped {3:F3}% in {4}.",
prefix, (double)statsOk / total * 100, (double)statsError / total * 100, (double)statsSkip / total * 100,
span.ToFormattedString()));
}
}
}
catch (Exception ex)
{
Trace.WriteLine(ex.GetType());
Trace.WriteLine(ex.Message);
Trace.WriteLine(ex.StackTrace);
}
}
public Packet Read(int number, SniffFileInfo fileInfo)
{
int opcode;
int length;
DateTime time;
Direction direction;
byte[] data;
if (_sniffType == SniffType.Pkt)
{
switch (_pktVersion)
{
case PktVersion.V2_1:
case PktVersion.V2_2:
direction = (_reader.ReadByte() == 0xff) ? Direction.ServerToClient : Direction.ClientToServer;
time = Utilities.GetDateTimeFromUnixTime(_reader.ReadInt32());
_reader.ReadInt32(); // tick count
length = _reader.ReadInt32();
if (direction == Direction.ServerToClient)
{
opcode = _reader.ReadInt16();
data = _reader.ReadBytes(length - 2);
}
else
{
opcode = _reader.ReadInt32();
data = _reader.ReadBytes(length - 4);
}
break;
case PktVersion.V3_0:
case PktVersion.V3_1:
direction = (_reader.ReadUInt32() == 0x47534d53) ? Direction.ServerToClient : Direction.ClientToServer;
if (_pktVersion == PktVersion.V3_0)
{
time = Utilities.GetDateTimeFromUnixTime(_reader.ReadInt32());
var tickCount = _reader.ReadUInt32();
time = time.AddMilliseconds(tickCount);
}
else
{
_reader.ReadUInt32(); // session id
var tickCount = _reader.ReadUInt32();
time = _startTime.AddMilliseconds(tickCount - _startTickCount);
}
int additionalSize = _reader.ReadInt32();
length = _reader.ReadInt32();
_reader.ReadBytes(additionalSize);
opcode = _reader.ReadInt32();
data = _reader.ReadBytes(length - 4);
break;
default:
opcode = _reader.ReadUInt16();
length = _reader.ReadInt32();
direction = (Direction)_reader.ReadByte();
time = Utilities.GetDateTimeFromUnixTime(_reader.ReadInt64());
data = _reader.ReadBytes(length);
break;
}
}
else // bin
{
opcode = _reader.ReadInt32();
length = _reader.ReadInt32();
time = Utilities.GetDateTimeFromUnixTime(_reader.ReadInt32());
direction = (Direction)_reader.ReadByte();
data = _reader.ReadBytes(length);
}
return new Packet(data, opcode, time, direction, number, fileInfo);
}
public static ICollection<Packet> Read(SniffFileInfo fileInfo)
{
bool summary = Settings.DumpFormat == DumpFormatType.SummaryHeader;
var packets = new List<Packet>();
var packetNum = 0;
var fileName = fileInfo.FileName;
var extension = Path.GetExtension(fileName);
if (extension == null)
throw new IOException("Invalid file type");
IPacketReader reader;
switch (extension.ToLower())
{
case ".bin":
reader = new BinaryPacketReader(SniffType.Bin, fileName, Encoding.ASCII);
break;
case ".pkt":
reader = new BinaryPacketReader(SniffType.Pkt, fileName, Encoding.ASCII);
break;
case ".sqlite":
reader = new SQLitePacketReader(fileName);
break;
default:
throw new IOException("Invalid file type");
}
int firstPacketBuild = 0;
Packet parsingPacket = null; // For debugging
try
{
while (reader.CanRead())
{
if (packetNum != 0)
fileInfo.Build = firstPacketBuild;
var packet = reader.Read(packetNum, fileInfo);
if (packet == null)
continue;
parsingPacket = packet;
if (packetNum == 0)
{
// determine build version based on date of first packet if not specified otherwise
if (ClientVersion.IsUndefined())
ClientVersion.SetVersion(packet.Time);
firstPacketBuild = ClientVersion.GetBuildInt();
}
if (++packetNum < Settings.FilterPacketNumLow)
continue;
// check for filters
var add = true;
var opcodeName = Opcodes.GetOpcodeName(packet.Opcode);
if (Settings.Filters.Length > 0)
add = opcodeName.MatchesFilters(Settings.Filters);
// check for ignore filters
if (add && Settings.IgnoreFilters.Length > 0)
add = !opcodeName.MatchesFilters(Settings.IgnoreFilters);
if (add && summary)
{
add = packets.Find(found => (found.Opcode == packet.Opcode &&
found.Direction == packet.Direction)) == null;
}
if (add)
{
packets.Add(packet);
if (Settings.FilterPacketsNum > 0 && packets.Count == Settings.FilterPacketsNum)
break;
}
if (Settings.FilterPacketNumHigh > 0 && packetNum > Settings.FilterPacketNumHigh)
break;
}
}
catch(Exception ex)
{
if (parsingPacket != null)
Trace.WriteLine(string.Format("Failed at parsing packet: (Opcode: {0}, Number: {1})", parsingPacket.Opcode, parsingPacket.Number));
Trace.WriteLine(ex.Data);
Trace.WriteLine(ex.GetType());
Trace.WriteLine(ex.Message);
Trace.WriteLine(ex.StackTrace);
}
reader.Close();
return packets;
}
