def test_standard_information(): with open(ATTR_SI, 'rb') as f: si_raw = f.read() si = Attributes.StandardInformation(si_raw) atime = si.get_atime() mtime = si.get_mtime() ctime = si.get_ctime() etime = si.get_etime() assert atime.year == 2004 and atime.month == 8 and atime.day == 26 and atime.hour == 15 and atime.minute == 11 and atime.second == 12 and atime.microsecond == 682956 assert mtime.year == 2004 and mtime.month == 8 and mtime.day == 20 and mtime.hour == 15 and mtime.minute == 9 and mtime.second == 2 and mtime.microsecond == 792578 assert ctime.year == 2004 and ctime.month == 8 and ctime.day == 20 and ctime.hour == 15 and ctime.minute == 9 and ctime.second == 2 and ctime.microsecond == 782564 assert etime.year == 2004 and etime.month == 8 and etime.day == 20 and etime.hour == 15 and etime.minute == 11 and etime.second == 35 and etime.microsecond == 422048 si = Attributes.StandardInformationPartial(si_raw, 0) atime = si.get_atime() mtime = si.get_mtime() ctime = si.get_ctime() etime = si.get_etime() assert atime.year == 2004 and atime.month == 8 and atime.day == 26 and atime.hour == 15 and atime.minute == 11 and atime.second == 12 and atime.microsecond == 682956 assert mtime.year == 2004 and mtime.month == 8 and mtime.day == 20 and mtime.hour == 15 and mtime.minute == 9 and mtime.second == 2 and mtime.microsecond == 792578 assert ctime.year == 2004 and ctime.month == 8 and ctime.day == 20 and ctime.hour == 15 and ctime.minute == 9 and ctime.second == 2 and ctime.microsecond == 782564 assert etime.year == 2004 and etime.month == 8 and etime.day == 20 and etime.hour == 15 and etime.minute == 11 and etime.second == 35 and etime.microsecond == 422048
def test_object_id(): with open(ATTR_OBJID, 'rb') as f: objid_raw = f.read() objid = Attributes.ObjectID(objid_raw) gtime = objid.get_timestamp() assert gtime.year == 2004 and gtime.month == 8 and gtime.day == 20 and gtime.hour == 15 and gtime.minute == 5 and gtime.second == 9 and gtime.microsecond == 158068 assert str(objid.get_object_id()) == '53d29f0e-f2ba-11d8-b0f9-0010a4933e09' assert len(objid.get_extra_data()) == 0
def test_different_la(): f = open(MFT_DIFFERENT_LA, 'rb') c_1 = 0 c_2 = 0 mft = MFT.MasterFileTableParser(f) for file_record in mft.file_records(): paths = mft.build_full_paths(file_record) if len(paths) == 0: continue assert len(paths) == 1 path = paths[0] if path == '/ts_la/test_la.txt': for attr in file_record.attributes(): attr_value = attr.value_decoded() if type(attr_value) is not Attributes.StandardInformation: continue c_1 += 1 ts_m_1 = attr_value.get_mtime() ts_a_1 = attr_value.get_atime() ts_c_1 = attr_value.get_ctime() ts_e_1 = attr_value.get_etime() elif path == '/ts_la': for attr in file_record.attributes(): attr_value = attr.value_decoded() if type(attr_value) is not Attributes.IndexRoot: continue for index_entry in attr_value.index_entries(): attr_value = Attributes.FileName( index_entry.get_attribute()) c_2 += 1 ts_m_2 = attr_value.get_mtime() ts_a_2 = attr_value.get_atime() ts_c_2 = attr_value.get_ctime() ts_e_2 = attr_value.get_etime() assert c_1 == 1 and c_2 == 1 assert ts_m_1 == ts_m_2 and ts_c_1 == ts_c_2 and ts_e_1 == ts_e_2 and ts_a_1 != ts_a_2 assert ts_a_2 < ts_a_1 f.close()
def test_file_name(): with open(ATTR_FN, 'rb') as f: fn_raw = f.read() fn = Attributes.FileName(fn_raw) assert fn.get_file_name() == 'sseriffr.fon' atime = fn.get_atime() mtime = fn.get_mtime() ctime = fn.get_ctime() etime = fn.get_etime() assert ctime.year == 2004 and ctime.month == 8 and ctime.day == 19 and ctime.hour == 17 and ctime.minute == 1 and ctime.second == 3 and ctime.microsecond == 331068 assert mtime.year == 2001 and mtime.month == 8 and mtime.day == 23 and mtime.hour == 18 and mtime.minute == 0 and mtime.second == 0 and mtime.microsecond == 0 assert atime.year == 2004 and atime.month == 8 and atime.day == 19 and atime.hour == 17 and atime.minute == 1 and atime.second == 3 and atime.microsecond == 341082 assert etime == atime
def test_file_attributes(): s = Attributes.ResolveFileAttributes(0x200) assert s == 'SPARSE' s = Attributes.ResolveFileAttributes(0x201) assert s == 'READ_ONLY | SPARSE' s = Attributes.ResolveFileAttributes(0x2201) assert s == 'READ_ONLY | SPARSE | NOT_CONTENT_INDEXED' s = Attributes.ResolveFileAttributes(0x80201) assert s == 'READ_ONLY | SPARSE' s = Attributes.ResolveFileAttributes(0x80000) assert s == '' s = Attributes.ResolveFileAttributes(0x80004) assert s == 'SYSTEM' s = Attributes.ResolveFileAttributes(0) assert s == ''
def test_usn_records(): with open(USN_1, 'rb') as f: usn_raw = f.read() usn = USN.GetUsnRecord(usn_raw) assert type(usn) == USN.USN_RECORD_V2_OR_V3 assert usn.get_major_version() == 2 assert usn.get_file_name() == 'large_file.txt' assert usn.get_usn() == 1170953448 assert usn.get_file_attributes() == 0x20 assert Attributes.ResolveFileAttributes( usn.get_file_attributes()) == 'ARCHIVE' assert usn.get_reason() == 0x80000001 assert USN.ResolveReasonCodes( usn.get_reason()) == 'USN_REASON_DATA_OVERWRITE | USN_REASON_CLOSE' assert usn.get_file_reference_number( ) == 0x0000000000000000000d000000013252 assert usn.get_parent_file_reference_number( ) == 0x000000000000000000060000000009eb assert usn.get_source_info() == 0 assert usn.get_security_id() == 0 timestamp = usn.get_timestamp() assert timestamp.year == 2019 and timestamp.month == 1 and timestamp.day == 21 and timestamp.hour == 22 and timestamp.minute == 36 and timestamp.second == 5 and timestamp.microsecond != 0 with open(USN_2, 'rb') as f: usn_raw = f.read() usn = USN.GetUsnRecord(usn_raw) assert type(usn) == USN.USN_RECORD_V2_OR_V3 assert usn.get_major_version() == 2 assert usn.get_file_name() == 'mpasbase.vdm' assert usn.get_usn() == 1170990440 assert usn.get_file_attributes() == 0x20 assert Attributes.ResolveFileAttributes( usn.get_file_attributes()) == 'ARCHIVE' assert usn.get_reason() == 0x80010800 assert USN.ResolveReasonCodes( usn.get_reason() ) == 'USN_REASON_SECURITY_CHANGE | USN_REASON_HARD_LINK_CHANGE | USN_REASON_CLOSE' assert usn.get_file_reference_number( ) == 0x00000000000000000002000000013424 assert usn.get_parent_file_reference_number( ) == 0x000000000000000000010000000006b7 assert usn.get_source_info() == 0 assert usn.get_security_id() == 0 timestamp = usn.get_timestamp() assert timestamp.year == 2019 and timestamp.month == 1 and timestamp.day == 21 and timestamp.hour == 22 and timestamp.minute == 41 and timestamp.second == 17 and timestamp.microsecond != 0 with open(USN_3, 'rb') as f: usn_raw = f.read() usn = USN.GetUsnRecord(usn_raw) assert type(usn) == USN.USN_RECORD_V4 assert usn.get_major_version() == 4 assert usn.get_usn() == 1170989584 assert usn.get_reason() == 0x80000102 assert USN.ResolveReasonCodes(usn.get_reason( )) == 'USN_REASON_DATA_EXTEND | USN_REASON_FILE_CREATE | USN_REASON_CLOSE' assert usn.get_file_reference_number( ) == 0x00000000000000000004000000013de8 assert usn.get_parent_file_reference_number( ) == 0x00000000000000000004000000001076 assert usn.get_source_info() == 0 assert usn.get_remaining_extents() == 0 assert usn.get_number_of_extents() == 1 c = 0 for offset, length in usn.extents(): c += 1 assert offset == 0 assert length == 2162688 assert c == 1 with open(USN_4, 'rb') as f: usn_raw = f.read() usn = USN.GetUsnRecord(usn_raw) assert type(usn) == USN.USN_RECORD_V4 assert usn.get_major_version() == 4 assert usn.get_usn() == 1170955904 assert usn.get_reason() == 0x80000001 assert USN.ResolveReasonCodes( usn.get_reason()) == 'USN_REASON_DATA_OVERWRITE | USN_REASON_CLOSE' assert usn.get_file_reference_number( ) == 0x000000000000000000020000000051c0 assert usn.get_parent_file_reference_number( ) == 0x00000000000000000004000000001066 assert usn.get_source_info() == 0 assert usn.get_remaining_extents() == 0 assert usn.get_number_of_extents() == 2 c = 0 for offset, length in usn.extents(): c += 1 if c == 1: assert offset == 0 and length == 16384 elif c == 2: assert offset == 6242304 and length == 32768 assert c == 2
def test_lxxattr(): with pytest.raises(ValueError): WSL.LXXATTR(b'\x00\x00') with open(LXXATTR_WSL_1, 'rb') as f: lxxattr_blob = f.read() lxxattr = WSL.LXXATTR(lxxattr_blob) xattr_list = [] for name, value in lxxattr.extended_attributes(): xattr_list.append((name, value)) xattr_list.remove((b'user.test', b'test_value')) xattr_list.remove((b'user.another_test', b'another_value')) assert len(xattr_list) == 0 with open(EA_WSL_1, 'rb') as f: ea_blob = f.read() ea = Attributes.EA(ea_blob) c = 0 for name, flags, value in ea.data_parsed(): c += 1 assert flags == 0 if name == b'LXATTRB\x00': lxattrb = WSL.LXATTRB(value) chtime = lxattrb.get_chtime() assert chtime.year == 2019 and chtime.month == 1 and chtime.day == 21 elif name == b'LXXATTR\x00': lxxattr = WSL.LXXATTR(value) xattr_list = [] for xname, xvalue in lxxattr.extended_attributes(): xattr_list.append((xname, xvalue)) xattr_list.remove((b'user.1', b'11')) assert len(xattr_list) == 0 else: assert False assert c == 2 with open(EA_WSL_2, 'rb') as f: ea_blob = f.read() ea = Attributes.EA(ea_blob) c = 0 for name, flags, value in ea.data_parsed(): c += 1 assert flags == 0 if name == b'LXATTRB\x00': lxattrb = WSL.LXATTRB(value) chtime = lxattrb.get_chtime() assert chtime.year == 2019 and chtime.month == 1 and chtime.day == 21 elif name == b'LXXATTR\x00': lxxattr = WSL.LXXATTR(value) xattr_list = [] for xname, xvalue in lxxattr.extended_attributes(): xattr_list.append((xname, xvalue)) xattr_list.remove((b'user.1', b'11')) xattr_list.remove((b'user.2', b'22')) xattr_list.remove((b'user.3', b'33')) assert len(xattr_list) == 0 else: assert False assert c == 2