public void WinXpx86ShouldFindEntries()
{
var a = new WindowsXP(WinXp, true, -1);
Check.That(a.Entries.Count).Equals(17);
Check.That(a.EntryCount).Equals(96);
Check.That(a.Entries[0].Executed).IsEqualTo(AppCompatCache.AppCompatCache.Execute.NA);
Check.That(a.Entries[0].Path).Contains("msoobe.exe");
Check.That(a.Entries[2].Executed).IsEqualTo(AppCompatCache.AppCompatCache.Execute.NA);
Check.That(a.Entries[2].Path).Contains("agentsvr.exe");
Check.That(a.Entries[8].Executed).IsEqualTo(AppCompatCache.AppCompatCache.Execute.NA);
Check.That(a.Entries[8].Path).Contains("NETSHELL.dll");
}
public void run()
{
byte[] rawBytes = readBytes();
bool is32bit = string.IsNullOrEmpty(Environment.GetEnvironmentVariable("PROCESSOR_ARCHITEW6432"));
var controlSet = getControlSet();
var operatingSystem = getWindowsVersion(rawBytes, is32bit);
IAppCompatCache appCache;
if (operatingSystem == OperatingSystemVersion.Windows10)
{
appCache = new Windows10(rawBytes, controlSet);
}
else if (operatingSystem == OperatingSystemVersion.Windows10Creators)
{
appCache = new Windows10(rawBytes, controlSet);
}
else if (operatingSystem == OperatingSystemVersion.Windows7x86)
{
appCache = new Windows7(rawBytes, is32bit, controlSet);
}
else if (operatingSystem == OperatingSystemVersion.Windows7x64_Windows2008R2)
{
appCache = new Windows7(rawBytes, is32bit, controlSet);
}
else if (operatingSystem == OperatingSystemVersion.Windows80_Windows2012)
{
var os = OperatingSystemVersion.Windows80_Windows2012;
appCache = new Windows8x(rawBytes, os, controlSet);
}
else if (operatingSystem == OperatingSystemVersion.Windows81_Windows2012R2)
{
var os = OperatingSystemVersion.Windows81_Windows2012R2;
appCache = new Windows8x(rawBytes, os, controlSet);
}
else if (operatingSystem == OperatingSystemVersion.WindowsVistaWin2k3Win2k8)
{
appCache = new VistaWin2k3Win2k8(rawBytes, is32bit, controlSet);
}
else if (operatingSystem == OperatingSystemVersion.WindowsXP)
{
appCache = new WindowsXP(rawBytes, is32bit, controlSet);
}
return;
}
private void OnCollisionEnter2D(Collision2D collision)
{
if (collision.collider.gameObject.CompareTag("Ground"))
{
CameraShake cs = Game.Inst.CameraShake;
WindowsXP xp = Game.Inst.WindowsXP;
FragmentGenerator fg = Game.Inst.FragmentGenerator;
Vector2 offset = new Vector2(
Random.Range(0, EndSize.x),
Random.Range(0, -EndSize.y));
fg.CreateFragment(transform.position.ToVector2() + offset, EndSizeArea * xp.FragmentScaler);
cs.ShakeAmount = xp.CamShakAmountScaler * EndSizeArea;
cs.ShakeCamera();
StartCoroutine(FadeOutAndDestroy(xp.WindowAliveTime, xp.WindowFadeOutTime));
CollisionSfx.Play();
}
}
public void TransactionalFileSystemUnsupported()
{
Assert.That(WindowsXP.SupportTransactionalFileSystem(), Is.False);
}
//https://github.com/libyal/winreg-kb/wiki/Application-Compatibility-Cache-key
//https://dl.mandiant.com/EE/library/Whitepaper_ShimCacheParser.pdf
private IAppCompatCache Init(byte[] rawBytes, bool is32, int controlSet)
{
IAppCompatCache appCache = null;
OperatingSystem = OperatingSystemVersion.Unknown;
string signature;
var sigNum = BitConverter.ToUInt32(rawBytes, 0);
//TODO check minimum length of rawBytes and throw exception if not enough data
signature = Encoding.ASCII.GetString(rawBytes, 128, 4);
Log.Debug("**** Signature {Signature}, Sig num {SigNum}", signature, $"0x{sigNum:X}");
if (sigNum == 0xDEADBEEF) //DEADBEEF, WinXp
{
OperatingSystem = OperatingSystemVersion.WindowsXP;
Log.Debug("**** Processing XP hive");
appCache = new WindowsXP(rawBytes, is32, controlSet);
}
else if (sigNum == 0xbadc0ffe)
{
OperatingSystem = OperatingSystemVersion.WindowsVistaWin2k3Win2k8;
appCache = new VistaWin2k3Win2k8(rawBytes, is32, controlSet);
}
else if (sigNum == 0xBADC0FEE) //BADC0FEE, Win7
{
if (is32)
{
OperatingSystem = OperatingSystemVersion.Windows7x86;
}
else
{
OperatingSystem = OperatingSystemVersion.Windows7x64_Windows2008R2;
}
appCache = new Windows7(rawBytes, is32, controlSet);
}
else if (signature == "00ts")
{
OperatingSystem = OperatingSystemVersion.Windows80_Windows2012;
appCache = new Windows8x(rawBytes, OperatingSystem, controlSet);
}
else if (signature == "10ts")
{
OperatingSystem = OperatingSystemVersion.Windows81_Windows2012R2;
appCache = new Windows8x(rawBytes, OperatingSystem, controlSet);
}
else
{
//is it windows 10?
var offsetToEntries = BitConverter.ToInt32(rawBytes, 0);
OperatingSystem = OperatingSystemVersion.Windows10;
if (offsetToEntries == 0x34)
{
OperatingSystem = OperatingSystemVersion.Windows10Creators;
}
signature = Encoding.ASCII.GetString(rawBytes, offsetToEntries, 4);
if (signature == "10ts")
{
appCache = new Windows10(rawBytes, controlSet);
}
}
if (appCache == null)
{
throw new Exception(
"Unable to determine operating system! Please send the hive to [email protected]");
}
return(appCache);
}
// Start is called before the first frame update
void Start()
{
Xp = GameObject.FindObjectOfType <WindowsXP>();
elapsedTime = 0;
}
public void TransactionalFileSystemUnsupported()
{
WindowsXP.SupportTransactionalFileSystem().Should().BeFalse();
}
