public void DetectWithIoNtfs() { var fileInfo = new FileInfo(path); foreach (var alternateDataStream in fileInfo.ListAlternateDataStreams()) { Console.WriteLine("{0} - {1}", alternateDataStream.Name, alternateDataStream.Size); } // Read the "Zone.Identifier" stream, if it exists: if (fileInfo.AlternateDataStreamExists("Zone.Identifier")) { Console.WriteLine("Found zone identifier stream:"); var s = fileInfo.GetAlternateDataStream("Zone.Identifier",FileMode.Open); using (TextReader reader = s.OpenText()) { Console.WriteLine(reader.ReadToEnd()); } } else { Console.WriteLine("No zone identifier stream found."); } }
/// <summary> /// /// </summary> /// <param name="outputPath"></param> /// <param name="autoHttp"></param> /// <param name="autoGzip"></param> /// <param name="maxSize"></param> public PacketReconstructor(string outputPath, long maxSize) { _outputPath = outputPath; _maxSize = maxSize; this.Guid = System.Guid.NewGuid().ToString(); //ResetTcpReassembly(); _packetParsers = new List<InterfaceParser>(); if (Directory.Exists(Path.Combine(_outputPath, Guid.Substring(0,2))) == false) { woanware.IO.CreateDirectory(Path.Combine(_outputPath, Guid.Substring(0,2))); } //if (File.Exists(Path.Combine(_outputPath, Guid.Substring(0, 2), Guid + ".bin")) == false) //{ // File.Create(Path.Combine(_outputPath, Guid.Substring(0, 2), Guid + ".bin")); //} _storage = new System.IO.FileStream(Path.Combine(_outputPath, Guid.Substring(0, 2), Guid + ".bin"), System.IO.FileMode.Create); FileInfo file = new FileInfo(Path.Combine(_outputPath, Guid.Substring(0, 2), Guid + ".bin")); if (file.AlternateDataStreamExists("html") == false) { _storageHtml = file.GetAlternateDataStream("html").OpenWrite(); } else { AlternateDataStreamInfo s = file.GetAlternateDataStream("html", FileMode.Open); _storageHtml = s.OpenWrite(); } woanware.IO.WriteToFileStream(_storageHtml, Global.HTML_HEADER); }
/// <summary> /// /// </summary> public void Start() { Task task = Task.Factory.StartNew(() => { try { cancelSource = new CancellationTokenSource(); foreach (Session session in this.blockingCollection.GetConsumingEnumerable(cancelSource.Token)) { try { string path = System.IO.Path.Combine(this.dataDirectory, session.Guid.Substring(0, 2), session.Guid + ".bin"); if (File.Exists(path) == false) { continue; } FileInfo fileInfo = new FileInfo(path); // Info if (fileInfo.AlternateDataStreamExists("info") == false) { continue; } ProcessUrls(session, fileInfo); } catch (Exception) { } } } catch (OperationCanceledException) { } catch (Exception ex) { //System.Console.WriteLine(ex.ToString()); } finally { OnComplete(Id.ToString()); } }, TaskCreationOptions.LongRunning); }
/// <summary> /// /// </summary> /// <param name="session"></param> private void LoadSession(Session session) { (new Thread(() => { MethodInvoker methodInvoker = delegate { try { using (new HourGlass(this)) { if (session == null) { UserInterface.DisplayErrorMessageBox(this, "Unable to locate session"); return; } string filePath = System.IO.Path.Combine(this.dataDirectory, session.Guid.Substring(0, 2), session.Guid + ".bin"); if (File.Exists(filePath) == false) { UserInterface.DisplayErrorMessageBox(this, "Session data file does not exist: " + filePath); return; } byte[] temp = File.ReadAllBytes(filePath); DynamicByteProvider dynamicByteProvider = new DynamicByteProvider(temp); hexBox.ByteProvider = dynamicByteProvider; temp = woanware.Text.ReplaceNulls(temp); FileInfo fileInfo = new FileInfo(filePath); // Colourised (HTML) if (fileInfo.AlternateDataStreamExists("html") == true) { AlternateDataStreamInfo ads = fileInfo.GetAlternateDataStream("html", FileMode.Open); using (TextReader reader = ads.OpenText()) { webControl.DocumentText = reader.ReadToEnd(); } } else { webControl.DocumentText = string.Empty; } // ASCII if (fileInfo.AlternateDataStreamExists("txt") == true) { AlternateDataStreamInfo ads = fileInfo.GetAlternateDataStream("txt", FileMode.Open); using (TextReader reader = ads.OpenText()) { txtSession.Text = reader.ReadToEnd(); txtSession.ScrollToTop(); } } else { txtSession.Text = ASCIIEncoding.ASCII.GetString(temp); txtSession.ScrollToTop(); } // Info if (fileInfo.AlternateDataStreamExists("info") == true) { AlternateDataStreamInfo ads = fileInfo.GetAlternateDataStream("info", FileMode.Open); using (TextReader reader = ads.OpenText()) { txtInfo.Text = reader.ReadToEnd(); txtInfo.ScrollToTop(); } } else { txtInfo.Text = string.Empty; txtInfo.ScrollToTop(); } } } catch (Exception ex) { this.Log().Error(ex.ToString()); } }; if (this.InvokeRequired == true) { this.BeginInvoke(methodInvoker); } else { methodInvoker.Invoke(); } })).Start(); }
static string TryReadAlternateStream(FileInfo fileInfo, string streamName) { if (fileInfo.Exists && fileInfo.AlternateDataStreamExists(streamName)) { using (var altStream = fileInfo.GetAlternateDataStream(streamName).OpenText()) { string prev_md5 = altStream.ReadToEnd(); return prev_md5; } } return null; }
/// <summary> /// Output the parsed HTTP data to a HTML file /// </summary> /// <param name="parser"></param> private void SaveToHtml() { FileInfo file = new FileInfo(outputFile); FileStream fs = null; try { if (file.AlternateDataStreamExists("html") == false) { fs = file.GetAlternateDataStream("html").OpenWrite(); } else { // Delete the existing HTML ADS since we will replace it file.DeleteAlternateDataStream("html"); fs = file.GetAlternateDataStream("html").OpenWrite(); } this.parser.WriteToHtmlFile(fs); } finally { if (fs!= null) { fs.Dispose(); } } }
/// <summary> /// /// </summary> /// <param name="guid"></param> private void ParseHttpData(string outputPath, Session session) { //string fileName = string.Empty; //if (File.Exists(System.IO.Path.Combine(outputPath, session.Guid + ".txt")) == true) //{ // fileName = System.IO.Path.Combine(outputPath, session.Guid + ".txt"); //} //else //{ // fileName = System.IO.Path.Combine(outputPath, session.Guid + ".bin"); //} FileInfo file = new FileInfo(this.outputFile); FileStream fs = null; try { // Open up the "info" ADS if (file.AlternateDataStreamExists("info") == false) { fs = file.GetAlternateDataStream("info").OpenWrite(); } else { AlternateDataStreamInfo s = file.GetAlternateDataStream("info", FileMode.Open); fs = s.OpenWrite(); } foreach (Message message in this.parser.Messages) { // Ensure that the response object is valid if (message.Response.StatusCode == 0) { continue; } // Check the Content-Type header? e.g. contains "HTML" if (message.Response.ContentType.IndexOf("text/html", StringComparison.InvariantCultureIgnoreCase) == -1) { continue; } ParseLinks(fs, message.Response); } } finally { if (fs != null) { fs.Dispose(); } } }