public override void Execute() { Context = ShellLinkFile.Load(Filename); Context.Header.LinkFlags &= ~LinkFlags.EnableTargetMetaData; Context.Header.LinkFlags |= LinkFlags.ForceNoLinkTrack; if (Context.LinkInfo != null) { if (Context.LinkInfo.VolumeID != null) { Context.LinkInfo.VolumeID.DriveSerialNumber = 0; Context.LinkInfo.VolumeID.VolumeLabel = null; } if (Context.LinkInfo.CommonNetworkRelativeLink != null) { Context.LinkInfo.CommonNetworkRelativeLink.DeviceName = null; Context.LinkInfo.CommonNetworkRelativeLink.NetworkProviderType = null; } } var blocks = Context.ExtraDataBlocks.Where(block => !(block is TrackerDataBlock || block is PropertyStoreDataBlock)).ToList(); Context.ExtraDataBlocks = blocks; foreach (var option in Options) { option.Execute(Context); } Context.SaveAs(Filename); }
private void ParseJumpListC(string file, string appid, string extension, string username, string appName, List <ShellLinkFile> lnkFiles) { JumpListFile jumpListFile = new JumpListFile(true); jumpListFile.FilePath = file; jumpListFile.FileName = System.IO.Path.GetFileName(file); jumpListFile.AppName = appName; for (int index = 0; index < lnkFiles.Count; index++) { ShellLinkFile linkFile = lnkFiles[index]; JumpList jumpList = new JumpList(); jumpList.Name = (index + 1).ToString(); jumpList.Size = 0; var Data = lnkFiles.ToArray(); string arguments = Data[index].Arguments; if (arguments == null) { arguments = "None"; } string accesstime = Data[index].Header.AccessTime.ToString("dd/MM/yyyy HH:mm:ss"); string writetime = Data[index].Header.WriteTime.ToString("dd/MM/yyyy HH:mm:ss"); string createtime = Data[index].Header.CreationTime.ToString("dd/MM/yyyy HH:mm:ss"); string Name = Data[index].IconLocation; string ExeName = Data[index].LinkInfo.LocalBasePath; string myArray = username + "," + appid + "," + appName + "," + ExeName + "," + arguments + "," + extension + "," + accesstime + "," + writetime + "," + createtime; File.AppendAllText("FM-JLP.csv", myArray + Environment.NewLine); } }
private void ParseJumpListA(string appid, string extension, string username, string file, string appName) { JumpListFile jumpListFile = new JumpListFile(false); jumpListFile.FilePath = file; jumpListFile.FileName = System.IO.Path.GetFileName(file); jumpListFile.AppName = appName; CompoundFile compoundFile = new CompoundFile(file); CFStream cfStream = compoundFile.RootStorage.GetStream("DestList"); jumpListFile.DestListSize = cfStream.Size; List <DestListEntry> destListEntries = ParseDestList(cfStream.GetData()); jumpListFile.DestListEntries = destListEntries; int ii = 1; foreach (DestListEntry destListEntry in destListEntries) { CFStream cfStreamJf = null; try { cfStreamJf = compoundFile.RootStorage.GetStream(ii.ToString()); ShellLinkFile linkFile = ShellLinkFile.Load(cfStreamJf.GetData()); string arguments = linkFile.Arguments.ToString(); if (arguments == null) { arguments = "None"; } DateTime accesstime_ = linkFile.Header.AccessTime; string accesstime = Convert.ToDateTime(accesstime_).ToString("dd/MM/yyyy HH:mm:ss"); string writetime = linkFile.Header.WriteTime.ToString("dd/MM/yyyy HH:mm:ss"); string createtime = linkFile.Header.CreationTime.ToString("dd/MM/yyyy HH:mm:ss"); string ExeName = linkFile.LinkInfo.LocalBasePath; string myArray = username + "," + appid + "," + appName + "," + ExeName + "," + arguments + "," + extension + "," + accesstime + "," + writetime + "," + createtime; File.AppendAllText("FM-JLP.csv", myArray + Environment.NewLine); if (linkFile.Header.CreationTime == DateTime.MinValue | linkFile.Header.AccessTime == DateTime.MinValue | linkFile.Header.WriteTime == DateTime.MinValue | linkFile.Header.CreationTime == ShellLinkFile.WindowsEpoch | linkFile.Header.AccessTime == ShellLinkFile.WindowsEpoch | linkFile.Header.WriteTime == ShellLinkFile.WindowsEpoch) { continue; } if (linkFile != null) { JumpList jumpList = new JumpList(); jumpList.Name = destListEntry.StreamNo; jumpList.Size = cfStreamJf.GetData().Length; jumpList.DestListEntry = destListEntry; jumpListFile.JumpLists.Add(jumpList); } } catch { Exception ex; } ii = ii + 1; } }
public override void Execute() { Context = ShellLinkFile.Load(Filename); foreach (var option in Options) { option.Execute(Context); } Context.SaveAs(Filename); }
public override void Execute() { Context = ShellLinkFile.Load(Filename); foreach (Option option in Options) { option.Execute(Context); } Console.WriteLine(Context); }
public override void Execute() { Context = ShellLinkFile.CreateAbsolute(Target); foreach (var option in Options) { option.Execute(Context); } Context.SaveAs(Filename); CheckExists(Target, Filename); }
public override void Execute(ShellLinkFile context) { if (Convert.ToBoolean(Argument)) { context.Header.LinkFlags |= Flag; } else { context.Header.LinkFlags &= ~Flag; } }
private static void TestOption(ShellLinkFile context, Option option, string argument) { option.Arguments.Clear(); for (var i = 0; i < option.ExpectedArguments; i++) { option.Arguments.Add(argument); } // As we use Reflection to alter properties, just check if properties names are correct. option.Execute(context); }
public static ExtraDataBlockHandler GetInstance(ExtraDataBlock item, ShellLinkFile context) { var typename = $"Shellify.IO.{item.GetType().Name}Handler"; var type = Type.GetType(typename); if (type == null) { throw new ArgumentException(typename); } return((ExtraDataBlockHandler)Activator.CreateInstance(type, new object[] { item, context })); }
private static string BlindWrite() { var tmpFile = Path.GetTempFileName(); var slf = new ShellLinkFile(); foreach (var block in from ExtraDataBlockSignature signature in System.Enum.GetValues(typeof(ExtraDataBlockSignature)) where signature != ExtraDataBlockSignature.UnknownDataBlock select ExtraDataBlockFactory.GetInstance(signature)) { slf.ExtraDataBlocks.Add(block); } slf.SaveAs(tmpFile); return(tmpFile); }
static ShellLinkFile ReadShellLinkFile(string path) { var result = new ShellLinkFile(); var stream = new FileStream(path, FileMode.Open, FileAccess.Read, FileShare.Read); using (var binaryReader = new BinaryReader(stream)) { var reader = new ShellLinkFileHandler(result); reader.ReadFrom(binaryReader); } return(result); }
static string GetTarget(ShellLinkFile link, string lnkPath) { if (link.LinkInfo?.LocalBasePath != null) { return(link.LinkInfo.LocalBasePath); } if (link.RelativePath != null) { return(ResolveRelativePath(Path.GetDirectoryName(lnkPath), link.RelativePath)); } return(null); }
public void TestRoundTrip() { foreach (var file in Directory.GetFiles(_filesDirectory)) { _testContextInstance.WriteLine("Testing {0}", file); var slf = ShellLinkFile.Load(file); _testContextInstance.WriteLine("{0}", slf); var tmpFile = Path.GetTempFileName(); slf.SaveAs(tmpFile); var slf2 = ShellLinkFile.Load(tmpFile); Assert.AreEqual(slf.ToString(), slf2.ToString()); CompareFiles(file, tmpFile); } }
private string BlindWrite() { var tmpFile = Path.GetTempFileName(); var slf = new ShellLinkFile(); foreach (ExtraDataBlockSignature signature in System.Enum.GetValues(typeof(ExtraDataBlockSignature))) { if (signature == ExtraDataBlockSignature.UnknownDataBlock) continue; ExtraDataBlock block = ExtraDataBlockFactory.GetInstance(signature); slf.ExtraDataBlocks.Add(block); } slf.SaveAs(tmpFile); return tmpFile; }
public override void Execute(ShellLinkFile context) { PropertyInfo pinfo = null; Type ptype = context.GetType(); object obj = context; foreach (string item in PropertyPath) { if (pinfo != null) { obj = pinfo.GetValue(obj, null); } pinfo = ptype.GetProperty(item); ptype = pinfo.PropertyType; } object value = ChangeType(Argument, ptype); pinfo.SetValue(obj, value, null); }
public void TestRoundTrip() { var basePath = GetType().Assembly.Location; var filesPath = Path.Combine(Path.GetDirectoryName(basePath), "Files"); foreach (var file in Directory.GetFiles(filesPath)) { TestContext.WriteLine("Testing {0}", file); var slf = ShellLinkFile.Load(file); TestContext.WriteLine("{0}", slf); var tmpFile = Path.GetTempFileName(); slf.SaveAs(tmpFile); var slf2 = ShellLinkFile.Load(tmpFile); Assert.AreEqual(slf.ToString(), slf2.ToString()); CompareFiles(file, tmpFile); } }
public override void Execute() { var baseDirectory = Path.GetDirectoryName(Filename); if (string.IsNullOrEmpty(baseDirectory)) { baseDirectory = "."; } Console.WriteLine("Using {0} as base directory", baseDirectory); Context = ShellLinkFile.CreateRelative(baseDirectory, Target); foreach (var option in Options) { option.Execute(Context); } Context.SaveAs(Filename); CheckExists(Path.Combine(baseDirectory, Target), Filename); }
public void TestToolOptions() { var info = new DateTimeFormatInfo(); string[] testargs = { "0", "string", new DateTime().ToString($"{info.ShortDatePattern} {info.ShortTimePattern}", CultureInfo.InvariantCulture), "true" }; var slf = new ShellLinkFile(); foreach (var option in ProgramContext.Options) { var argindex = 0; bool retry; do { retry = false; try { TestOption(slf, option, testargs[argindex]); } catch (FormatException) { if (argindex >= testargs.Length - 1) { throw; } TestContext.WriteLine("Option '{0}' fail for argument '{1}', testing '{2}'", option, testargs[argindex], testargs[argindex + 1]); retry = true; argindex++; } catch (Exception) { Assert.Fail("Check option '{0}', type {1}", option, option.GetType().Name); } } while (retry); } }
public void TestToolOptions() { var info = new DateTimeFormatInfo(); string[] testargs = { "0", "string", new DateTime().ToString(string.Format("{0} {1}",info.ShortDatePattern, info.ShortTimePattern), CultureInfo.InvariantCulture), "true" }; ShellLinkFile slf = new ShellLinkFile(); foreach (Option option in ProgramContext.Options) { int argindex = 0; bool retry; do { retry = false; try { TestOption(slf, option, testargs[argindex]); } catch (FormatException) { if (argindex < testargs.Length - 1) { testContextInstance.WriteLine("Option '{0}' fail for argument '{1}', testing '{2}'", option, testargs[argindex], testargs[argindex + 1]); retry = true; argindex++; } else { throw; } } catch (Exception) { Assert.Fail("Check option '{0}', type {1}", option, option.GetType().Name); } } while (retry); } }
public override void Execute(ShellLinkFile context) { PropertyInfo pinfo = null; var ptype = context.GetType(); object obj = context; foreach (var item in PropertyPath) { if (pinfo != null) { obj = pinfo.GetValue(obj, null); } pinfo = ptype.GetProperty(item); if (pinfo != null) { ptype = pinfo.PropertyType; } } var value = ChangeType(Argument, ptype); pinfo?.SetValue(obj, value, null); }
public DarwinDataBlockHandler(DarwinDataBlock item, ShellLinkFile context) : base(item, context) { }
public ShimDataBlockHandler(ShimDataBlock item, ShellLinkFile context) : base(item, context) { }
public ConsoleDataBlockHandler(ConsoleDataBlock item, ShellLinkFile context) : base(item, context) { }
public static ExtraDataBlockHandler GetInstance(ExtraDataBlock item, ShellLinkFile context) { string typename = string.Format("Shellify.IO.{0}Handler", item.GetType().Name); return (ExtraDataBlockHandler)Activator.CreateInstance(Type.GetType(typename), new object[] { item, context}); }
public UnknownDataBlockHandler(UnknownDataBlock item, ShellLinkFile context) : base(item, context) { }
public SpecialFolderDataBlockHandler(SpecialFolderDataBlock item, ShellLinkFile context) : base(item, context) { }
public ShellLinkFileHandler(ShellLinkFile item) { Item = item; }
protected BaseFolderIDDataBlockHandler(T item, ShellLinkFile context) : base(item, context) { }
public void TestBlindRead() { ShellLinkFile.Load(BlindWrite()); }
/// <summary> /// /// </summary> /// <param name="filePath"></param> /// <param name="path"></param> /// <param name="type"></param> /// <param name="info"></param> /// <param name="sourceFile">The registry file the entry was identified from</param> /// <param name="regModified"></param> private void ProcessEntry(string filePath, string path, string type, string info, string sourceFile, string serviceDisplayName, string serviceDescription, DateTimeOffset?regModified) { try { filePath = Text.ReplaceNulls(filePath); AutoRunEntry autoRunEntry = new AutoRunEntry { Type = type, Info = info, Path = path, ServiceDisplayName = serviceDisplayName, ServiceDescription = serviceDescription, SourceFile = sourceFile }; autoRunEntry = Helper.GetFilePathWithNoParameters(_driveMappings, autoRunEntry, filePath); if (autoRunEntry == null) { return; } if (autoRunEntry.FilePath.Length == 0) { return; } autoRunEntry.FileName = System.IO.Path.GetFileName(autoRunEntry.FilePath.Replace("\"", string.Empty)); if (System.IO.Path.GetExtension(autoRunEntry.FileName) == ".lnk") { try { ShellLinkFile shellLinkFile = ShellLinkFile.Load(autoRunEntry.FilePath); autoRunEntry = new AutoRunEntry { Type = type, Info = info }; autoRunEntry.Info = filePath; autoRunEntry = Helper.GetFilePathWithNoParameters(_driveMappings, autoRunEntry, System.IO.Path.Combine(shellLinkFile.LinkInfo.LocalBasePath, shellLinkFile.LinkInfo.CommonPathSuffix) + " " + shellLinkFile.Arguments); autoRunEntry.Path = System.IO.Path.Combine(shellLinkFile.LinkInfo.LocalBasePath, shellLinkFile.LinkInfo.CommonPathSuffix) + " " + shellLinkFile.Arguments; autoRunEntry.FileName = System.IO.Path.GetFileName(autoRunEntry.FilePath.Replace("\"", string.Empty)); } catch (Exception ex) { _hasErrors = true; Helper.WriteErrorToLog(ex.ToString(), filePath, autoRunEntry.FilePath, path); } } if (autoRunEntry.FilePath.Length == 0) { Helper.WriteErrorToLog("FilePath is zero length", filePath, autoRunEntry.FilePath, path); return; } Console.WriteLine(autoRunEntry.FilePath); _entries.Add(autoRunEntry); try { using (new PrivilegeEnabler(System.Diagnostics.Process.GetCurrentProcess(), Privilege.TakeOwnership)) { FileInfo fileInfo = new FileInfo(autoRunEntry.FilePath); FileSecurity fileSecurity = fileInfo.GetAccessControl(); fileSecurity.SetOwner(WindowsIdentity.GetCurrent().User); File.SetAccessControl(autoRunEntry.FilePath, fileSecurity); if (File.Exists(autoRunEntry.FilePath) == false) { autoRunEntry.Error = "Does Not Exist"; OnEntryFound(autoRunEntry); return; } autoRunEntry.Exists = true; autoRunEntry.FileSystemAccessed = fileInfo.LastAccessTime; autoRunEntry.FileSystemCreated = fileInfo.CreationTime; autoRunEntry.FileSystemModified = fileInfo.LastWriteTime; autoRunEntry.RegistryModified = regModified; //string output = Misc.ShellProcessWithOutput(_sigCheckPath, Global.SIGCHECK_FLAGS + "\"" + autoRunEntry.FilePath + "\""); //autoRunEntry = Helper.ParseSigCheckOutput(autoRunEntry, output); autoRunEntry = Helper.GetFileInformation(hashes, _sigCheckPath, autoRunEntry); autoRunEntry.Md5 = Security.GenerateMd5HashStream(autoRunEntry.FilePath); autoRunEntry.Sha256 = Helper.GetFileSha256Hash(autoRunEntry.FilePath); OnEntryFound(autoRunEntry); } } catch (Exception ex) { Helper.WriteErrorToLog(ex.ToString(), filePath, autoRunEntry.FilePath, path); autoRunEntry.Error = "Error: " + ex.Message; OnEntryFound(autoRunEntry); } } catch (Exception ex) { _hasErrors = true; Helper.WriteErrorToLog(ex.ToString(), filePath, filePath, path); } }
public VistaAndAboveIDListDataBlockHandler(VistaAndAboveIDListDataBlock item, ShellLinkFile context) : base(item, context) { }
public ShellLinkFileHandler(ShellLinkFile item) { this.Item = item; }
protected BaseStringDataBlockHandler(T item, ShellLinkFile context) : base(item, context) { }
private void TestOption(ShellLinkFile context, Option option, string argument) { option.Arguments.Clear(); for (int i = 0; i < option.ExpectedArguments; i++) { option.Arguments.Add(argument); } // As we use Reflection to alter properties, just check if properties names are correct. option.Execute(context); }
public abstract void Execute(ShellLinkFile context);
public EnvironmentVariableDataBlockHandler(EnvironmentVariableDataBlock item, ShellLinkFile context) : base(item, context) { }
public KnownFolderDataBlockHandler(KnownFolderDataBlock item, ShellLinkFile context) : base(item, context) { }
public override void Execute(ShellLinkFile context) { Argument = Argument.Replace(" ",string.Empty); base.Execute(context); }