//////////////////////////// /// Get the MD5 corresponding to a process that is communicating out and check against the /// downloaded EXEs ////////////////////// public bool GetMD5FromPid(out String md5, uint pid) { md5 = String.Empty; try { if (pid == 0) { return(false); } ProcessEnumerator pn = new ProcessEnumerator(); String procpath = String.Empty; bool b1 = pn.ProcessPathFromPid(out procpath, pid); if (b1 == true) { ProxyMD5 m5 = new ProxyMD5(); String md5val = String.Empty; bool b2 = m5.ComputeFileMD5(out md5val, procpath); if (b2 == true && md5val != String.Empty) { md5 = md5val; return(true); } } } catch (Exception e) { return(false); } return(false); }
/// <summary> /// Pass MD5 / filesize and it will return matches /// </summary> public bool FindFileFromJournal(bool upload, uint size, String MD5, out List <string> matches) { matches = new List <string>(); try { DriveInfo[] allDrives = DriveInfo.GetDrives(); UsnJournal.NtfsUsnJournal nsf = new UsnJournal.NtfsUsnJournal(allDrives[0]); UInt64 MaximumSize = 0x800000; UInt64 AllocationDelta = 0x100000; List <UsnJournal.Win32Api.UsnEntry> ue = new List <UsnJournal.Win32Api.UsnEntry>(); if (jsint == false) { if (nsf.GetUsnJournalState(ref jns) == UsnJournal.NtfsUsnJournal.UsnJournalReturnCode.USN_JOURNAL_SUCCESS) { jsint = true; } } if (jsint == true) { UInt32 reason = (uint)(upload == true ? UsnJournal.NtfsUsnJournal.UsnReasonCode.USN_REASON_BASIC_INFO_CHANGE : UsnJournal.NtfsUsnJournal.UsnReasonCode.USN_REASON_FILE_CREATE); nsf.GetUsnJournalEntries(jns, (uint)reason, out ue, out jns); foreach (UsnJournal.Win32Api.UsnEntry el in ue) { String path = String.Empty; nsf.GetPathFromFileReference(el.FileReferenceNumber, out path); ProxyMD5 m5 = new ProxyMD5(); String md5val = String.Empty; String pathtotal = allDrives[0].Name[0] + ":" + path; bool b2 = m5.ComputeFileMD5(out md5val, pathtotal); if (b2 == true && md5val != String.Empty) { Console.WriteLine(el.Name + " : " + md5val + " " + pathtotal); } } } } catch (Exception e) { return(false); } return(false); }
public bool CrossCheckMD5(string md5, UInt32 filesize, string filetype, out List <string> filepaths) { bool retval = false; ConcurrentDictionary <UInt64, FileInfo> fi; filepaths = new List <string>(); try { mut.WaitOne(); if (usnThread != null) { usnThread.GetDictionary(out fi); if (fi != null) { foreach (KeyValuePair <UInt64, FileInfo> ff in fi) { FileInfo ffval = ff.Value; if (ffval.filesizelow == filesize) //only 32bit size is considered { ProxyMD5 md5v = new ProxyMD5(); string md5val = string.Empty; if (md5v.ComputeFileMD5(out md5val, ffval.filepath) == true) { if (md5val != null) { if (md5.Equals(md5val, StringComparison.CurrentCultureIgnoreCase)) { filepaths.Add(ffval.filepath); } } } } } if (filepaths.Count > 0) { retval = true; } } } } catch (Exception ex) { } finally { mut.ReleaseMutex(); } return(retval); }