public void WinXpx86ShouldFindEntries() { var a = new WindowsXP(WinXp, true, -1); Check.That(a.Entries.Count).Equals(17); Check.That(a.EntryCount).Equals(96); Check.That(a.Entries[0].Executed).IsEqualTo(AppCompatCache.AppCompatCache.Execute.NA); Check.That(a.Entries[0].Path).Contains("msoobe.exe"); Check.That(a.Entries[2].Executed).IsEqualTo(AppCompatCache.AppCompatCache.Execute.NA); Check.That(a.Entries[2].Path).Contains("agentsvr.exe"); Check.That(a.Entries[8].Executed).IsEqualTo(AppCompatCache.AppCompatCache.Execute.NA); Check.That(a.Entries[8].Path).Contains("NETSHELL.dll"); }
public void run() { byte[] rawBytes = readBytes(); bool is32bit = string.IsNullOrEmpty(Environment.GetEnvironmentVariable("PROCESSOR_ARCHITEW6432")); var controlSet = getControlSet(); var operatingSystem = getWindowsVersion(rawBytes, is32bit); IAppCompatCache appCache; if (operatingSystem == OperatingSystemVersion.Windows10) { appCache = new Windows10(rawBytes, controlSet); } else if (operatingSystem == OperatingSystemVersion.Windows10Creators) { appCache = new Windows10(rawBytes, controlSet); } else if (operatingSystem == OperatingSystemVersion.Windows7x86) { appCache = new Windows7(rawBytes, is32bit, controlSet); } else if (operatingSystem == OperatingSystemVersion.Windows7x64_Windows2008R2) { appCache = new Windows7(rawBytes, is32bit, controlSet); } else if (operatingSystem == OperatingSystemVersion.Windows80_Windows2012) { var os = OperatingSystemVersion.Windows80_Windows2012; appCache = new Windows8x(rawBytes, os, controlSet); } else if (operatingSystem == OperatingSystemVersion.Windows81_Windows2012R2) { var os = OperatingSystemVersion.Windows81_Windows2012R2; appCache = new Windows8x(rawBytes, os, controlSet); } else if (operatingSystem == OperatingSystemVersion.WindowsVistaWin2k3Win2k8) { appCache = new VistaWin2k3Win2k8(rawBytes, is32bit, controlSet); } else if (operatingSystem == OperatingSystemVersion.WindowsXP) { appCache = new WindowsXP(rawBytes, is32bit, controlSet); } return; }
private void OnCollisionEnter2D(Collision2D collision) { if (collision.collider.gameObject.CompareTag("Ground")) { CameraShake cs = Game.Inst.CameraShake; WindowsXP xp = Game.Inst.WindowsXP; FragmentGenerator fg = Game.Inst.FragmentGenerator; Vector2 offset = new Vector2( Random.Range(0, EndSize.x), Random.Range(0, -EndSize.y)); fg.CreateFragment(transform.position.ToVector2() + offset, EndSizeArea * xp.FragmentScaler); cs.ShakeAmount = xp.CamShakAmountScaler * EndSizeArea; cs.ShakeCamera(); StartCoroutine(FadeOutAndDestroy(xp.WindowAliveTime, xp.WindowFadeOutTime)); CollisionSfx.Play(); } }
public void TransactionalFileSystemUnsupported() { Assert.That(WindowsXP.SupportTransactionalFileSystem(), Is.False); }
//https://github.com/libyal/winreg-kb/wiki/Application-Compatibility-Cache-key //https://dl.mandiant.com/EE/library/Whitepaper_ShimCacheParser.pdf private IAppCompatCache Init(byte[] rawBytes, bool is32, int controlSet) { IAppCompatCache appCache = null; OperatingSystem = OperatingSystemVersion.Unknown; string signature; var sigNum = BitConverter.ToUInt32(rawBytes, 0); //TODO check minimum length of rawBytes and throw exception if not enough data signature = Encoding.ASCII.GetString(rawBytes, 128, 4); Log.Debug("**** Signature {Signature}, Sig num {SigNum}", signature, $"0x{sigNum:X}"); if (sigNum == 0xDEADBEEF) //DEADBEEF, WinXp { OperatingSystem = OperatingSystemVersion.WindowsXP; Log.Debug("**** Processing XP hive"); appCache = new WindowsXP(rawBytes, is32, controlSet); } else if (sigNum == 0xbadc0ffe) { OperatingSystem = OperatingSystemVersion.WindowsVistaWin2k3Win2k8; appCache = new VistaWin2k3Win2k8(rawBytes, is32, controlSet); } else if (sigNum == 0xBADC0FEE) //BADC0FEE, Win7 { if (is32) { OperatingSystem = OperatingSystemVersion.Windows7x86; } else { OperatingSystem = OperatingSystemVersion.Windows7x64_Windows2008R2; } appCache = new Windows7(rawBytes, is32, controlSet); } else if (signature == "00ts") { OperatingSystem = OperatingSystemVersion.Windows80_Windows2012; appCache = new Windows8x(rawBytes, OperatingSystem, controlSet); } else if (signature == "10ts") { OperatingSystem = OperatingSystemVersion.Windows81_Windows2012R2; appCache = new Windows8x(rawBytes, OperatingSystem, controlSet); } else { //is it windows 10? var offsetToEntries = BitConverter.ToInt32(rawBytes, 0); OperatingSystem = OperatingSystemVersion.Windows10; if (offsetToEntries == 0x34) { OperatingSystem = OperatingSystemVersion.Windows10Creators; } signature = Encoding.ASCII.GetString(rawBytes, offsetToEntries, 4); if (signature == "10ts") { appCache = new Windows10(rawBytes, controlSet); } } if (appCache == null) { throw new Exception( "Unable to determine operating system! Please send the hive to [email protected]"); } return(appCache); }
// Start is called before the first frame update void Start() { Xp = GameObject.FindObjectOfType <WindowsXP>(); elapsedTime = 0; }
public void TransactionalFileSystemUnsupported() { WindowsXP.SupportTransactionalFileSystem().Should().BeFalse(); }