-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathscan_teams_calls.ps1
More file actions
65 lines (61 loc) · 2.41 KB
/
scan_teams_calls.ps1
File metadata and controls
65 lines (61 loc) · 2.41 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
$dbDir = Join-Path $env:LOCALAPPDATA 'Packages\MSTeams_8wekyb3d8bbwe\LocalCache\Microsoft\MSTeams\EBWebView\WV2Profile_tfw\IndexedDB\https_teams.microsoft.com_0.indexeddb.leveldb'
# Scan WAL for messagetype values and call-related content
$logPath = Join-Path $dbDir '001739.log'
$fs = [IO.File]::Open($logPath, 'Open', 'Read', 'ReadWrite')
$bytes = New-Object byte[] $fs.Length
$null = $fs.Read($bytes, 0, $fs.Length)
$fs.Close()
$text = [System.Text.Encoding]::UTF8.GetString($bytes)
Write-Host "=== Searching for messagetype values ==="
$idx = 0
$mtypes = @{}
while (($idx = $text.IndexOf('messagetype', $idx)) -ge 0) {
$start = $idx
$end = [Math]::Min($text.Length, $idx + 80)
$snippet = $text.Substring($start, $end - $start) -replace '[^\x20-\x7e]','.'
# Extract the value after messagetype
if ($snippet -match 'messagetype.{1,5}([A-Za-z/]+)') {
$mt = $Matches[1]
if (-not $mtypes.ContainsKey($mt)) {
$mtypes[$mt] = 0
Write-Host "messagetype: $mt (at offset $idx)"
Write-Host " context: $snippet"
}
$mtypes[$mt]++
}
$idx++
}
Write-Host ""
Write-Host "=== messagetype distribution ==="
foreach ($kv in $mtypes.GetEnumerator() | Sort-Object Value -Descending) {
Write-Host " $($kv.Key): $($kv.Value)"
}
Write-Host ""
Write-Host "=== Searching for non-empty callId values ==="
$idx = 0
$callCount = 0
while (($idx = $text.IndexOf('callId', $idx)) -ge 0) {
$start = [Math]::Max(0, $idx - 10)
$end = [Math]::Min($text.Length, $idx + 100)
$snippet = $text.Substring($start, $end - $start) -replace '[^\x20-\x7e]','.'
# Check if there's a non-empty value after callId
if ($snippet -match 'callId.{1,3}([0-9a-f]{8,})') {
Write-Host "Non-empty callId at $idx`: $snippet"
$callCount++
}
$idx++
}
Write-Host "Non-empty callId count: $callCount"
Write-Host ""
Write-Host "=== Searching for Event/Call or call-specific message types ==="
foreach ($pattern in @('Event/Call','ThreadActivity/Call','missed','declined','no answer','ended','started a call','calling')) {
$idx = $text.IndexOf($pattern)
if ($idx -ge 0) {
$start = [Math]::Max(0, $idx - 40)
$end = [Math]::Min($text.Length, $idx + 80)
$snippet = $text.Substring($start, $end - $start) -replace '[^\x20-\x7e]','.'
Write-Host "Found '$pattern' at $idx`: $snippet"
} else {
Write-Host "Not found: '$pattern'"
}
}