protected ForensicResultItem loadFileAttribute(string filePath)
{
DataTable dt = new DataTable();
dt.Columns.AddRange(
new DataColumn[]
{
new DataColumn("FileName", System.Type.GetType("System.String")),
new DataColumn("RelativePath", System.Type.GetType("System.String")),
new DataColumn("PCPath", System.Type.GetType("System.String")),
new DataColumn("LastWriteTime", System.Type.GetType("System.DateTime")),
});
FileInfo info = new FileInfo(filePath);
DataRow dr = dt.NewRow();
dr["FileName"] = info.Name;
dr["RelativePath"] = info.FullName.Substring(Environment.PCPath.Length);
dr["LastWriteTime"] = info.LastWriteTime;
dr["PCPath"] = filePath;
dt.Rows.Add(dr);
dt.TableName = Info.Key;
var res = new ForensicResultItem()
{
Key = Info.Key, Table = dt
};
res.ParentFile = res;
return(res);
}
void loadTableColumnDesc(ForensicResultItem item, ref HashSet <ForensicResultItem> buffer)
{
if (buffer.Contains(item))
{
return;
}
buffer.Add(item);
if (item.Table != null)
{
if (item.MarkInfo != null && item.MarkInfo.ColumnDescs != null)
{
if (item.MarkInfo.OnlyShowDesc == true)
{
var tNames = item.MarkInfo.ColumnDescs.Select(c => c.Name).ToArray();
item.Table = item.Table.DefaultView.ToTable(false, tNames);
}
foreach (var it in item.MarkInfo.ColumnDescs)
{
if (it.Desc != null && item.Table.Columns[it.Name] != null)
{
item.Table.Columns[it.Name].ColumnName = it.Desc;
}
}
}
}
if (item.Children != null)
{
foreach (var it in item.Children)
{
loadTableColumnDesc(it, ref buffer);
}
}
}
bool copyTargetFiles()
{
try
{
if (!Environment.CatchDataTables.ContainsKey(Info.Key) ||
Environment.CatchDataTables[Info.Key].Count == 0)
{
return(false);
}
filePathItem = Environment.CatchDataTables[Info.Key][0];
filePaths = new List <string>();
for (int i = 0; i < filePathItem.Table.Rows.Count; ++i)
{
var path = Convert.ToString(filePathItem.Table.Rows[i]["PCPath"]);
FileInfo file = new FileInfo(path);
if (file.Exists)
{
path += ".proc";
filePathItem.Table.Rows[i]["PCPath"] = path;
// true is overwrite
file.CopyTo(path, true);
filePaths.Add(path);
}
}
return(true);
}
catch
{
return(false);
}
}
ForensicResultItem getDescItem(ForensicResultItem parent, string keyContent)
{
var t = parent.Children.FirstOrDefault(c => c.Desc == keyContent);
if (t != null)
{
return(t);
}
var list = parent.Table.AsEnumerable().Where(c => Convert.ToString(c[Info.ParentTableColumn]) == keyContent);
DataTable dtNew = parent.Table.Clone();
foreach (var dr in list)
{
dtNew.ImportRow(dr);
}
t = new ForensicResultItem()
{
Key = parent.Key,
Desc = keyContent,
Table = dtNew
};
parent.Children.Add(t);
parent.IsMutiTableParent = true;
return(t);
}
public IEnumerable <WordWeight> ExtractTagsWithWeight(ForensicResultItem item)
{
init();
string res = string.Join(" ", item.GetColumnDataByMark(UserTextMark));
return(Extractor.ExtractTagsWithWeight(res, KeywordCount).Select(c => new WordWeight()
{
Weight = c.Weight,
Word = c.Word,
}));
}
bool loadTargetFiles()
{
if (!Environment.CatchDataTables.ContainsKey(Info.Key) ||
Environment.CatchDataTables[Info.Key].Count == 0)
{
return(false);
}
fileResultItem = Environment.CatchDataTables[Info.Key][0];
filePaths = new List <string>();
for (int i = 0; i < fileResultItem.Table.Rows.Count; ++i)
{
filePaths.Add(Convert.ToString(fileResultItem.Table.Rows[i]["PCPath"]));
}
return(true);
}
void handleChildAssociateColumn()
{
var res = new List <ForensicResultItem>();
for (int i = 0; i < parentTables.Count; ++i)
{
var keyContents = parentTables[i].Table.AsEnumerable().Select(c => Convert.ToString(c[Info.ParentTableColumn])).Distinct();
foreach (var it in keyContents)
{
var tKey = getDescItem(parentTables[i], it);
for (int j = 0; j < childTables.Count; ++j)
{
if (Info.Type == DataAssociateInfo.AssociateType.InSameFile &&
childTables[j].ParentFile != parentTables[i].ParentFile)
{
continue;
}
var list = childTables[j].Table.AsEnumerable().Where(c => Convert.ToString(c[Info.AssociateColumn]) == it);
if (list.Count() == 0)
{
continue;
}
DataTable dtNew = childTables[j].Table.Clone();
foreach (var dr in list)
{
dtNew.ImportRow(dr);
}
var t = new ForensicResultItem()
{
IsMarkInfoFromParent = true,
ParentData = childTables[i],
ParentFile = childTables[i].ParentFile,
Table = dtNew,
};
res.Add(t);
tKey.Children.Add(t);
}
}
}
if (Info.Key != null)
{
Environment.CatchDataTables.Add(Info.Key, res);
}
}
void Init()
{
if (PCPath.Last() != '\\')
{
PCPath += '\\';
}
DataSource = new ForensicResultItem()
{
Desc = "数据集合",
};
Result = new ForensicResultItem()
{
Desc = RulePackage.Desc,
};
Result.Children.Add(DataSource);
LuaEnvironment.forensicPackage = this;
}
protected ForensicResultItem loadFileAttribute(List <string> filePaths, List <string> filePathMatches)
{
DataTable dt = new DataTable();
dt.Columns.AddRange(
new DataColumn[]
{
new DataColumn("FileName", System.Type.GetType("System.String")),
new DataColumn("RelativePath", System.Type.GetType("System.String")),
new DataColumn("PCPath", System.Type.GetType("System.String")),
new DataColumn("LastWriteTime", System.Type.GetType("System.DateTime")),
new DataColumn("FileNameMatch", System.Type.GetType("System.String")),
});
dt.TableName = Info.Key;
var res = new ForensicResultItem()
{
Key = Info.Key, Table = dt,
IsMutiTableParent = true
};
for (int i = 0; i < filePaths.Count; ++i)
{
FileInfo info = new FileInfo(filePaths[i]);
DataRow dr = dt.NewRow();
dr["FileName"] = info.Name;
dr["RelativePath"] = info.FullName.Substring(Environment.PCPath.Length);
dr["LastWriteTime"] = info.LastWriteTime;
dr["FileNameMatch"] = filePathMatches[i];
dr["PCPath"] = filePaths[i];
dt.Rows.Add(dr);
var tTable = dt.Clone();
tTable.TableName = filePathMatches[i];
tTable.ImportRow(dr);
var t = new ForensicResultItem()
{
Key = Info.Key,
ParentData = res,
Table = tTable,
};
t.ParentFile = t;
res.Children.Add(t);
}
return(res);
}
public void DoWork()
{
if (loadDataTables())
{
for (int i = 0; i < Tables.Count; ++i)
{
Tables[i].MarkInfo = Info;
if (Info.TableDescScriptChunk != null)
{
Environment.LuaEnvironment.dataTable = Tables[i];
Tables[i].Desc = Environment.LuaEnvironment.dochunk(Info.TableDescScriptChunk)[0];
}
}
if (Info.NotShowAtRoot == true)
{
return;
}
var t = Tables.FirstOrDefault();
if (t != null && t.ParentData == null)
{
if (Tables.Count == 1)
{
Environment.Result.Children.Add(Tables[0]);
}
else
{
var tItem = new ForensicResultItem()
{
Children = Tables,
MarkInfo = Info
};
Environment.Result.Children.AddRange(Tables);
}
}
}
}
public void DoWork()
{
if (!loadTargetFiles())
{
return;
}
Func <string, DataTable> funcHandle = null;
switch (Info.Type)
{
case DataCatchInfo.DataType.None:
return;
case DataCatchInfo.DataType.Binary:
funcHandle = handleBinary;
break;
case DataCatchInfo.DataType.Text:
funcHandle = handleText;
break;
case DataCatchInfo.DataType.Xml:
funcHandle = handleXml;
break;
case DataCatchInfo.DataType.Database:
funcHandle = handleDatabase;
break;
default:
break;
}
var Results = new List <ForensicResultItem>();
if (funcHandle != null)
{
int i = 0;
foreach (var it in filePaths)
{
var table = funcHandle(it);
if (Info.Select != null)
{
var drArr = table.Select(Info.Select);
DataTable dtNew = table.Clone();
for (int j = 0; j < drArr.Length; j++)
{
dtNew.ImportRow(drArr[j]);
}
table = dtNew;
}
if (table != null)
{
//table.TableName = Info.TableKey;
var item = new ForensicResultItem()
{
Key = Info.TableKey,
ParentFile = fileResultItem.IsMutiTableParent? fileResultItem.Children[i]:fileResultItem,
Table = table
};
if (Info.Desc != null)
{
item.Desc = Info.Desc;
}
Results.Add(item);
if (Info.CatchToFileDataTree)
{
item.ParentFile.Children.Add(item);
}
}
++i;
}
}
else
{
int i = 0;
foreach (var it in filePaths)
{
var tables = handleDatabaseWithRegEx(it);
if (tables.Count > 0)
{
var itemParemt = new ForensicResultItem()
{
Key = Info.TableKey,
IsMutiTableParent = true,
ParentFile = fileResultItem.IsMutiTableParent ? fileResultItem.Children[i] : fileResultItem,
};
if (Info.Desc != null)
{
itemParemt.Desc = Info.Desc;
}
foreach (var t in tables)
{
var table = t;
if (Info.Select != null)
{
var drArr = table.Select(Info.Select);
DataTable dtNew = table.Clone();
for (int j = 0; j < drArr.Length; j++)
{
dtNew.ImportRow(drArr[j]);
}
table = dtNew;
}
var item = new ForensicResultItem()
{
Key = Info.TableKey,
ParentFile = itemParemt.ParentFile,
Table = table
};
itemParemt.Children.Add(item);
}
Results.Add(itemParemt);
if (Info.CatchToFileDataTree)
{
itemParemt.ParentFile.Children.Add(itemParemt);
}
}
++i;
}
}
Environment.CatchDataTables.Add(Info.TableKey, Results);
Environment.DataSource.Children.AddRange(Results);
}
public static object GetFirstColumnDataFromParentFile(ForensicResultItem fileItem, string TableKey, string ColumnName)
{
return(fileItem.Children.First(c => c.Key == TableKey).Table.Rows[0][ColumnName]);
}
public static object GetFirstColumnDataFromItem(ForensicResultItem item, string ColumnName)
{
return(item.Table.Rows[0][ColumnName]);
}
