|
BTDT, good opportunity to rework your DR plans.
>64
If you can keep your head while those about you are losing theirs, perhaps you don't understand the situation.
|
|
|
|
|
I had a (fortunately fairly minor) disaster a couple of weeks ago. I hate long file paths so map them to drive letters; e.g. C:\inetpub\wwwroot\Personal can be accessed via P:\ I'm doing some historical research and had about 600 images saved in a folder on the P: "drive". I went to delete one, but had somehow inadvertently pressed ctrl-A before delete, thereby deleting everything. "No big deal" thought I, "I'll just un-delete from the recycle bin". It took a little while for it to dawn on me that stuff deleted from a mapped drive does NOT get put in the recycle bin.
   
Fortunately 95% of the pics had already been uploaded to the related website, so I just downloaded and all was well. Some were still under review and I have no backup of some of them, though in many cases notes on where to find them from elsewhere.
100% my fault; all now backed up and secured, and I don't work on a mapped drive anywhere I can delete stuff (e.g. Win Explorer). You live and learn!
|
|
|
|
|
DerekT-P wrote: I went to delete one, but had somehow inadvertently pressed ctrl-A before delete, thereby deleting everything.
When you delete a file in Windows the file isn't really deleted, the entry is simply removed from the MFT[^]. You can easily recover deleted files. If the USN Journal[^] is enabled on your partition then recovering is exceeding easy. 
There are a few articles here on codeproject showing how to recover files, just search for "USN Journal NTFS"[^]
Text files are extremely difficult to find with forensics tools.
I couldn't use this technique because the Debian image overwrote everything at the beginning of the drive, all partitions, MFT and parts of the USN Journal. I could have used a forensics suite to recover files with known header/footer structures. But the problem with .H and .CPP files is that they are ultimately just pure text with nothing to uniquely identify the file type. It would be a nightmare to perform forensics to recover text files. It's a 4TB drive too. Would probably take longer to locate those source files than it would take to just re-write them.
I had a backup so I ultimately only lost about two weeks worth of code.
Best Wishes,
-David Delaune
|
|
|
|
|
Thanks David. All the images were found on the 'net and can ultimately be found again, so it's not such a major problem. I had other things to do at the time than search for undelete tools, but thank you for the info above; I've saved the links for another day. Although, I have also tried a couple of the examples from CP, and neither are working for me. One can't find any drives at all, the other lists them but says they're not NTFS (which they are). I note the examples are pretty old (2008 and 2010 respectively); maybe they can't cope with larger drives? (256Gb and 1Tb respectively)...
|
|
|
|
|
DerekT-P wrote: Although, I have also tried a couple of the examples from CP, and neither are working for me.
The article "Eyes on NTFS" has bugs, but they are easily fixed, I know this because I have that project in my library. I have not tried the others, make sure you run them as Administrator.
I'm not on a PC right now, I'm responding to you from my TV. 
|
|
|
|
|
I have my own serialize/deserialize code that i've been using for years that, optionally, uses the GZip facility MS provides in System.IO.Compression, and, System.Runtime.Serialization.
A new C# WinForm project i started in VS22 to try and see what using Blazor webassembly was like, and that used Gzip to save state compiled, but, would not run ... no error message; it just exited the app with no output.
Figuring there was some weirdness goin' down with Blazor/VS 22, I went and tested a previous VS2019 project that used the old library; saving using GZip showed the same puzzling behavior., The code that invokes GZip is bog-standard:
using System.IO.Compression;
using System.Runtime.Serialization;
using (FileStream compressedFileStream = File.Create(filename))
{
using (var compressionStream =
new GZipStream(compressedFileStream, CompressionLevel.Optimal, true))
{
dcs.WriteObject(compressionStream, typeof(T));
compressionStream.Close();
}
}Oh .. my firewall/virus thing (EmsiSoft) was blocking the .exe ... the details surprised me:<\Quote: 12/9/2021 11:44:19 AM quarantined Malware "Behavior.CryptoMalware" in "test blazor dec 4 2021.exe".
Cloud Host Rule modified "Block silently" for host "42.180.243.234"
That IP appears to be in China:Quote: P Address: 42.180.243.234
IP Location: China, Liaoning, Liaoyang
IP Owner: Unicom Liaoning Province Network
Of course i'll submit a report to EmsiSoft, but, wonder if anything in this scenario you see i might be overlooking.
thanks !
«The mind is not a vessel to be filled but a fire to be kindled» Plutarch
|
|
|
|
|
Doesn't seem great...
It's possible that code has been injected from your PC, I'd run a scan locally as well as copying the code to a new PC and building/testing from there.
|
|
|
|
|
Please keep us updated!
That's.. concerning! 
|
|
|
|
|
I would check your PC - it seems to be infected...
"The only place where Success comes before Work is in the dictionary." Vidal Sassoon, 1928 - 2012
|
|
|
|
|
Update:
i should have added to my original message:
1) on first detecting the odd behavior, i ran a complete scan ... all clean.
2) since i a/b tested in both VS 2019 and VSA 2022 the same apps using standard xml serialize techniques, and no unexpected behavior appeared, and the av software was not triggered ... i assumed the hypothesis that use of GZip was the trigger here was relatively strong.
«The mind is not a vessel to be filled but a fire to be kindled» Plutarch
|
|
|
|
|
You may follow the code here - Source Browser[^]
"The only place where Success comes before Work is in the dictionary." Vidal Sassoon, 1928 - 2012
|
|
|
|
|
Using your code created an exe - it runs without any alert. Asked for a direct scan from my ESET Endpoint Security and nothing came up...
"The only place where Success comes before Work is in the dictionary." Vidal Sassoon, 1928 - 2012
|
|
|
|
|
Thanks, Kornfeld, May i ask what version IDE and app (WinForm ?, WPF ?) and FrameWork version you are using ? i suspect that's not a factor here ... just curious.
fyi: Emsisoft is not blocking the .exe files of other projects in VS-19 or -22 when they are run.
«The mind is not a vessel to be filled but a fire to be kindled» Plutarch
|
|
|
|
|
VS 2022
NET 6.0
Console Application
"The only place where Success comes before Work is in the dictionary." Vidal Sassoon, 1928 - 2012
|
|
|
|
|
Verify your dotNet dlls haven't been infected. In fact, I'd double check the entire machine for malware, including rootkits.
|
|
|
|
|
thanks, as i said in my update message above, that was the first thing i did after seeing the odd behavior.
the fact that only the code calls GZip produces the error is a sign the dll is not infected, since that same dll provides the code for standard XML serialization which works without error.
«The mind is not a vessel to be filled but a fire to be kindled» Plutarch
|
|
|
|
|
It could still be infected. Malware tends to be some of the best written software on the planet.
|
|
|
|
|
Have you had a direct experience with a MS dll infected with any form of malware that is triggered only when a specific facility in the dll is invoked ?
«The mind is not a vessel to be filled but a fire to be kindled» Plutarch
|
|
|
|
|
I am working on an existing C# application, and find that there is a set of class definitions like this:
public class Class1<Ttype> { }
public abstract class Class2 { }
public class Concrete2 : Class2 { }
public class Report { }
public class Class3 : Concrete2
{
public Class1<Report> report = new ();
}
Would you call this spaghetti code? Or, is this a standard Design Pattern? Currently, it is causing my mind to whirl.
modified 9-Dec-21 0:29am.
|
|
|
|
|
Hmmm,
Kinda looks like a abstract factory pattern.
|
|
|
|
|
Thanks. Will go through this Abstract Factory pattern.
|
|
|
|
|
Greetings Kind Regards May I please inquire as to why your name is red colored Thank You - Cheerio
|
|
|
|
|
Hmmm,
Let's make a deal. If you tell me why you don't use any punctuation in your writings then I will tell you why my name is Red.
Deal?
|
|
|
|
|
Okee-Dokee I know a fellow much smarter than myself He suggested it He annoys me greatly if I don't take his advice This one I more or less am inclined to as he convinced me that punctuation marks seem as maculation on the page though I have a certain fondness for a well placed comma but periods I can live without His stated argument was when people speak they do not speak "comma" or "period" as would otherwise be placed in text Of course pauses and intonation do the job as he well knows but so far so good more or less Though I may return to my previous usual usage of ,'s, .'s and ?'s etc. - Cheerio
|
|
|
|
|
What makes you think this fellow is much smarter than yourself?
|
|
|
|
General 
News 
Suggestion 
Question 
Bug 
Answer 
Joke 
Praise 
Rant 
Admin 
Submit an article or tip
