Example #1
0
    def init_attribute(self,attr,offset):
        self.a_location = offset
        self.parse_header(attr)
        if self.a_resident == True:
            self.a_content = _ResidentAttribute(attr, self)
        else:
            self.a_content = _NonResidentAttribute(attr, self)

        
        # Index root
        self.a_ir_attrtype, self.a_ir_collation_rule, self.a_ir_siae = struct.unpack("<III", self.a_content.read_data(0,12))
        self.a_ir_clusters, = struct.unpack("B", self.a_content.read_data(12,13))
        
        # Index node header
        self.a_ir_offset,self.a_ir_totalsize,self.a_ir_allocatedsize = struct.unpack("<III", self.a_content.read_data(16,28))
        self.a_ir_flags, = struct.unpack("B", self.a_content.read_data(28,29))
        loc = self.a_ir_offset + 16
        


        if self.a_ir_flags & 1:
            self.a_smallindex = False
        else:
            self.a_smallindex = True
        
        egen = _ParseIndexEntries(self.a_content.read_data(loc,-1))
        for dirtmp in egen:
            tmp = dirtmp[0]
            entry = _DirIndexEntry(self,dirtmp[1]+self.a_location+loc)
            entry.init_entry(tmp, self.a_ir_attrtype)     
            self.parent.m_ir_entry.append(entry)

            if entry.vcn != -1:
                self.parent.m_dirtmp.append(entry.vcn)

        self.parent.set_directory()  
Example #2
0
    def init_attribute(self, attr, offset):
        self.a_location = offset
        self.parse_header(attr)
        if self.a_resident == True:
            self.a_content = _ResidentAttribute(attr, self)
        else:
            self.a_content = _NonResidentAttribute(attr, self)

        # Index root
        self.a_ir_attrtype, self.a_ir_collation_rule, self.a_ir_siae = struct.unpack(
            "<III", self.a_content.read_data(0, 12))
        self.a_ir_clusters, = struct.unpack("B",
                                            self.a_content.read_data(12, 13))

        # Index node header
        self.a_ir_offset, self.a_ir_totalsize, self.a_ir_allocatedsize = struct.unpack(
            "<III", self.a_content.read_data(16, 28))
        self.a_ir_flags, = struct.unpack("B", self.a_content.read_data(28, 29))
        loc = self.a_ir_offset + 16

        if self.a_ir_flags & 1:
            self.a_smallindex = False
        else:
            self.a_smallindex = True

        egen = _ParseIndexEntries(self.a_content.read_data(loc, -1))
        for dirtmp in egen:
            tmp = dirtmp[0]
            entry = _DirIndexEntry(self, dirtmp[1] + self.a_location + loc)
            entry.init_entry(tmp, self.a_ir_attrtype)
            self.parent.m_ir_entry.append(entry)

            if entry.vcn != -1:
                self.parent.m_dirtmp.append(entry.vcn)

        self.parent.set_directory()
Example #3
0
 def init_attribute(self,attr,offset):
     self.a_location = offset
     
     """ every index buffer has a magic number, called VCN number. 
         This has nothing to do with virtual clusters. Find the index buffer
         corresponding to VCN and return it """
         
     def __returnIndexBlock(data,vcn):
         
         indexsize = self.parent.parent.f_indexbuffersize
         idx = 0
         while idx < len(data):
             datmp = data[idx*indexsize:(idx+1)*indexsize]
             clnum, = struct.unpack("<Q",datmp[0x10:0x18])
             if clnum == vcn:
                 return [datmp,idx*indexsize]
             idx += 1
         
         """ this should not happen """
         print "Index buffer not found, exiting", vcn
         exit(1)
  
     self.parse_header(attr)
     if self.a_resident == True:
         self.a_content = _ResidentAttribute(attr, self)
     else:
         self.a_content = _NonResidentAttribute(attr, self)
     wholedata = self.a_content.read_data(-1,-1)
     
     
     """ try to make sense of b-trees """
     
     
     while True:
         try:
             vcn = self.parent.m_dirtmp.pop()
             data,vcnloc = __returnIndexBlock(wholedata,vcn)
             baselocation = self.a_content.locate_data(vcnloc)
             """ Fixup array """
             updateoffset = struct.unpack("<H", data[4:6])[0]
             fixup = struct.unpack("<H", data[6:8])[0]
             x = updateoffset + 2
             y = fixup - 1
             mtmp = data
 
             for z in range (0,y):
                 f = data[x] + data[x+1]
                 x += 2
                 mtmp = mtmp[:z*512+510]+f+mtmp[(z+1)*512:]
             
             """ Find the exact length of index entries """
             self.a_ir_endsequence, self.a_ir_endbuffer = struct.unpack("<II", mtmp[0x1c:0x24])
             """ process entries """
             
             egen = _ParseIndexEntries(mtmp[0x40:self.a_ir_endsequence+0x18])            
             for dirtmp in egen:
                 tmp = dirtmp[0]
                 entry = _DirIndexEntry(self,baselocation+dirtmp[1]+0x40)
                 entry.init_entry(tmp, 0x30)
                 self.parent.m_ir_entry.append(entry)
                 if entry.flags & 1 != 0 and entry.vcn != 0:
                     self.parent.m_dirtmp.append(entry.vcn)
                 #__entry.print_entry()
         except IndexError:
             self.parent.set_directory()
             break
     """ Index buffer done """
Example #4
0
    def init_attribute(self, attr, offset):
        self.a_location = offset
        """ every index buffer has a magic number, called VCN number. 
            This has nothing to do with virtual clusters. Find the index buffer
            corresponding to VCN and return it """
        def __returnIndexBlock(data, vcn):

            indexsize = self.parent.parent.f_indexbuffersize
            idx = 0
            while idx < len(data):
                datmp = data[idx * indexsize:(idx + 1) * indexsize]
                clnum, = struct.unpack("<Q", datmp[0x10:0x18])
                if clnum == vcn:
                    return [datmp, idx * indexsize]
                idx += 1
            """ this should not happen """
            print "Index buffer not found, exiting", vcn
            exit(1)

        self.parse_header(attr)
        if self.a_resident == True:
            self.a_content = _ResidentAttribute(attr, self)
        else:
            self.a_content = _NonResidentAttribute(attr, self)
        wholedata = self.a_content.read_data(-1, -1)
        """ try to make sense of b-trees """

        while True:
            try:
                vcn = self.parent.m_dirtmp.pop()
                data, vcnloc = __returnIndexBlock(wholedata, vcn)
                baselocation = self.a_content.locate_data(vcnloc)
                """ Fixup array """
                updateoffset = struct.unpack("<H", data[4:6])[0]
                fixup = struct.unpack("<H", data[6:8])[0]
                x = updateoffset + 2
                y = fixup - 1
                mtmp = data

                for z in range(0, y):
                    f = data[x] + data[x + 1]
                    x += 2
                    mtmp = mtmp[:z * 512 + 510] + f + mtmp[(z + 1) * 512:]
                """ Find the exact length of index entries """
                self.a_ir_endsequence, self.a_ir_endbuffer = struct.unpack(
                    "<II", mtmp[0x1c:0x24])
                """ process entries """

                egen = _ParseIndexEntries(mtmp[0x40:self.a_ir_endsequence +
                                               0x18])
                for dirtmp in egen:
                    tmp = dirtmp[0]
                    entry = _DirIndexEntry(self,
                                           baselocation + dirtmp[1] + 0x40)
                    entry.init_entry(tmp, 0x30)
                    self.parent.m_ir_entry.append(entry)
                    if entry.flags & 1 != 0 and entry.vcn != 0:
                        self.parent.m_dirtmp.append(entry.vcn)
                    #__entry.print_entry()
            except IndexError:
                self.parent.set_directory()
                break
        """ Index buffer done """