public void Collect(IDataCollector collector)
{
collector.CreateFileEntry("Registry.csv");
try
{
_writer = new StreamWriter(collector.Stream);
_writer.WriteLine(String.Concat("Key", Consts.CsvSeparator, "Error", Consts.CsvSeparator));
CollectRootKey(Registry.ClassesRoot, collector);
CollectRootKey(Registry.CurrentUser, collector);
CollectRootKey(Registry.LocalMachine, collector);
CollectRootKey(Registry.Users, collector);
CollectRootKey(Registry.CurrentConfig, collector);
}
catch (AbortException)
{
throw;
}
catch (Exception ex)
{
collector.ShowException(ex);
}
finally
{
collector.CloseFileEntry();
}
}
public void Collect(IDataCollector collector)
{
collector.CreateFileEntry("Files.csv");
try
{
_writer = new StreamWriter(collector.Stream);
_writer.WriteLine(String.Concat("File", Consts.CsvSeparator
, "Length", Consts.CsvSeparator
, "Attributes", Consts.CsvSeparator
, "CreationTime", Consts.CsvSeparator
, "LastAccessTime", Consts.CsvSeparator
, "LastWriteTime", Consts.CsvSeparator
, "FileVersion", Consts.CsvSeparator
, "CompanyName", Consts.CsvSeparator
, "LegalCopyright", Consts.CsvSeparator
, "LegalTrademarks", Consts.CsvSeparator
, "Language", Consts.CsvSeparator
, "FileDescription", Consts.CsvSeparator
, "Comments", Consts.CsvSeparator
, "Error", Consts.CsvSeparator));
foreach (DriveInfo drive in DriveInfo.GetDrives())
{
try
{
if (drive.DriveType != DriveType.Fixed || !drive.IsReady)
continue;
CollectDrive(drive.RootDirectory.FullName, collector);
}
catch (AbortException)
{
throw;
}
catch (Exception ex)
{
collector.ShowException(ex);
}
}
}
catch (AbortException)
{
throw;
}
catch (Exception ex)
{
collector.ShowException(ex);
}
finally
{
collector.CloseFileEntry();
}
}
public void Collect(IDataCollector collector)
{
collector.CreateFileEntry("Services.csv");
try
{
collector.CurrentState = String.Empty;
StreamWriter writer = new StreamWriter(collector.Stream);
bool isRunFirst = true;
using (var searcher = new ManagementObjectSearcher("SELECT * FROM Win32_Service"))
{
foreach (ManagementBaseObject obj in searcher.Get())
{
if (isRunFirst)
{
foreach (PropertyData property in obj.Properties)
{
if (!IsDisplay(property))
continue;
writer.Write(property.Name);
writer.Write(Consts.CsvSeparator);
}
writer.WriteLine();
isRunFirst = false;
}
foreach (PropertyData property in obj.Properties)
{
if (!IsDisplay(property))
continue;
writer.Write(property.Value);
writer.Write(Consts.CsvSeparator);
}
writer.WriteLine();
collector.CheckIsStop();
}
}
}
catch (AbortException)
{
throw;
}
catch (Exception ex)
{
collector.ShowException(ex);
}
finally
{
collector.CloseFileEntry();
}
}
public void Collect(IDataCollector collector)
{
collector.CreateFileEntry("Msinfo.nfo");
try
{
collector.CurrentState = String.Empty;
string fileName = Path.GetTempPath() + "msinfo.nfo";
Process process = Process.Start("msinfo32.exe", "/nfo " + String.Format("\"{0}\"", fileName));
if (process == null)
throw new ApplicationException("Cannot start Msinfo32");
while (!process.WaitForExit(100))
collector.CheckIsStop();
if (!File.Exists(fileName))
throw new ApplicationException("Msinfo32 is failed or cancelled");
using (Stream fileStream = File.OpenRead(fileName))
StreamUtils.Copy(fileStream, collector.Stream, new byte[4096]);
try
{
File.Delete(fileName);
}
catch
{
}
}
catch (AbortException)
{
throw;
}
catch (Exception ex)
{
collector.ShowException(ex);
}
finally
{
collector.CloseFileEntry();
}
}
public void Collect(IDataCollector collector)
{
try
{
byte[] buffer = new byte[4096];
foreach (EventLog eventLog in EventLog.GetEventLogs())
{
collector.CurrentState = String.Format("{0}/{1}", eventLog.MachineName, eventLog.LogDisplayName);
IntPtr handle = OpenEventLog(eventLog.MachineName, eventLog.Log);
if (handle == IntPtr.Zero)
throw new Win32Exception(Marshal.GetLastWin32Error());
try
{
string log = ZipEntry.CleanName(eventLog.Log);
string backupFileName = Path.GetTempPath() + log + ".evt";
if (!BackupEventLog(handle, backupFileName))
throw new Win32Exception(Marshal.GetLastWin32Error());
collector.CreateFileEntry(log + ".evt");
try
{
using (Stream fileStream = File.OpenRead(backupFileName))
StreamUtils.Copy(fileStream, collector.Stream, buffer);
}
finally
{
collector.CloseFileEntry();
}
try
{
File.Delete(backupFileName);
}
catch
{
}
}
catch (Exception ex)
{
collector.ShowException(ex);
}
finally
{
CloseEventLog(handle);
}
}
}
catch (AbortException)
{
throw;
}
catch (Exception ex)
{
collector.ShowException(ex);
}
#region Fully managed version - Commented
//StreamWriter writer = new StreamWriter(collector.Stream);
//writer.WriteLine(String.Concat("DisplayName", Consts.CsvSeparator
// , "MachineName", Consts.CsvSeparator
// , "Index", Consts.CsvSeparator
// , "Category", Consts.CsvSeparator
// , "EntryType", Consts.CsvSeparator
// , "UserName", Consts.CsvSeparator
// , "Source", Consts.CsvSeparator
// , "TimeGenerated", Consts.CsvSeparator
// , "TimeWritten", Consts.CsvSeparator
// , "Message", Consts.CsvSeparator));
//foreach (EventLog eventLog in EventLog.GetEventLogs())
//{
// collector.CurrentState = eventLog.LogDisplayName;
// foreach (EventLogEntry entry in eventLog.Entries)
// {
// StringBuilder msgBuilder = new StringBuilder(entry.Message);
// msgBuilder.Replace("\"", "\"\"");
// msgBuilder.Replace('\n', ' ');
// writer.WriteLine(String.Concat(eventLog.LogDisplayName, Consts.CsvSeparator
// , eventLog.MachineName, Consts.CsvSeparator
// , entry.Index, Consts.CsvSeparator
// , entry.Category, Consts.CsvSeparator
// , entry.EntryType, Consts.CsvSeparator
// , entry.UserName, Consts.CsvSeparator
// , entry.Source, Consts.CsvSeparator
// , entry.TimeGenerated, Consts.CsvSeparator
// , entry.TimeWritten, Consts.CsvSeparator
// , "\"" + msgBuilder + "\"", Consts.CsvSeparator));
// collector.CheckIsStop();
// }
//}
#endregion
}