PPH_BYTES VirusTotalTimeString(
_In_ PLARGE_INTEGER LargeInteger
)
{
SYSTEMTIME systemTime;
PPH_STRING dateString;
PPH_STRING timeString;
PPH_BYTES result;
PhLargeIntegerToLocalSystemTime(&systemTime, LargeInteger);
dateString = PhFormatDate(&systemTime, L"yyyy-MM-dd");
timeString = PhFormatTime(&systemTime, L"HH:mm:ss");
result = FormatAnsiString(
"%S %S",
dateString->Buffer,
timeString->Buffer
);
PhDereferenceObject(timeString);
PhDereferenceObject(dateString);
return result;
}
BOOLEAN NTAPI FipEnumDirectoryFileForDir(
_In_ PFILE_DIRECTORY_INFORMATION Information,
_In_opt_ PVOID Context
)
{
PPH_STRING date, time, size;
SYSTEMTIME systemTime;
PhLargeIntegerToLocalSystemTime(&systemTime, &Information->LastWriteTime);
date = PhFormatDate(&systemTime, NULL);
time = PhFormatTime(&systemTime, NULL);
size = PhFormatUInt64(Information->EndOfFile.QuadPart, TRUE);
wprintf(
L"%-10s %12s %c%c%c%c%c%c%c%c %11s %.*s\n",
date->Buffer,
time->Buffer,
(Information->FileAttributes & FILE_ATTRIBUTE_DIRECTORY) ? '+' : ' ',
(Information->FileAttributes & FILE_ATTRIBUTE_HIDDEN) ? 'h' : ' ',
(Information->FileAttributes & FILE_ATTRIBUTE_SYSTEM) ? 's' : ' ',
(Information->FileAttributes & FILE_ATTRIBUTE_READONLY) ? 'r' : ' ',
(Information->FileAttributes & FILE_ATTRIBUTE_COMPRESSED) ? 'z' : ' ',
(Information->FileAttributes & FILE_ATTRIBUTE_ENCRYPTED) ? 'e' : ' ',
(Information->FileAttributes & FILE_ATTRIBUTE_SPARSE_FILE) ? '%' : ' ',
(Information->FileAttributes & FILE_ATTRIBUTE_REPARSE_POINT) ? '*' : ' ',
size->Buffer,
Information->FileNameLength / 2,
Information->FileName
);
PhDereferenceObject(date);
PhDereferenceObject(time);
PhDereferenceObject(size);
if (Information->FileAttributes & FILE_ATTRIBUTE_DIRECTORY)
FipDirDirCount++;
else
FipDirFileCount++;
FipDirTotalSize += Information->EndOfFile.QuadPart;
FipDirTotalAllocSize += Information->AllocationSize.QuadPart;
return TRUE;
}
VOID PhWritePhTextHeader(
__inout PPH_FILE_STREAM FileStream
)
{
PPH_STRING version;
LARGE_INTEGER time;
SYSTEMTIME systemTime;
PPH_STRING dateString;
PPH_STRING timeString;
PhWriteStringAsAnsiFileStream2(FileStream, L"Process Hacker ");
if (version = PhGetPhVersion())
{
PhWriteStringAsAnsiFileStream(FileStream, &version->sr);
PhDereferenceObject(version);
}
PhWriteStringFormatFileStream(FileStream, L"\r\nWindows NT %u.%u", PhOsVersion.dwMajorVersion, PhOsVersion.dwMinorVersion);
if (PhOsVersion.szCSDVersion[0] != 0)
PhWriteStringFormatFileStream(FileStream, L" %s", PhOsVersion.szCSDVersion);
#ifdef _M_IX86
PhWriteStringAsAnsiFileStream2(FileStream, L" (32-bit)");
#else
PhWriteStringAsAnsiFileStream2(FileStream, L" (64-bit)");
#endif
PhQuerySystemTime(&time);
PhLargeIntegerToLocalSystemTime(&systemTime, &time);
dateString = PhFormatDate(&systemTime, NULL);
timeString = PhFormatTime(&systemTime, NULL);
PhWriteStringFormatFileStream(FileStream, L"\r\n%s %s\r\n\r\n", dateString->Buffer, timeString->Buffer);
PhDereferenceObject(dateString);
PhDereferenceObject(timeString);
}
