def test_from_stream(self):
ae = self.assertEqual
ar = self.assertRaises
data_le = b"\x00\x0E\x15\x91\xC4\x95\xC2\x01"
data_be = data_le[::-1]
data_bad = b"\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF"
stream = ByteIStream(data_le)
filetime1 = FILETIMETodatetime.from_stream(stream,
byte_order=LITTLE_ENDIAN)
filetime2 = FILETIMETodatetime.from_stream(stream, 0, LITTLE_ENDIAN)
stream = ByteIStream(data_be)
filetime3 = FILETIMETodatetime.from_stream(stream,
byte_order=BIG_ENDIAN)
filetime4 = FILETIMETodatetime.from_stream(stream, 0, BIG_ENDIAN)
ae(filetime1, datetime(2002, 11, 27, 3, 25, 0))
ae(filetime2, datetime(2002, 11, 27, 3, 25, 0))
ae(filetime3, datetime(2002, 11, 27, 3, 25, 0))
ae(filetime4, datetime(2002, 11, 27, 3, 25, 0))
stream = ByteIStream(data_bad)
ar(ValueError, FILETIMETodatetime.from_stream, stream)
def test_from_stream(self):
ae = self.assertEqual
data_le = b"\x07\x04\xE1\x9C"
data_be = b"\x9C\xE1\x04\x07"
stream = ByteIStream(data_le)
lcid1 = LCID.from_stream(stream, byte_order=LITTLE_ENDIAN)
lcid2 = LCID.from_stream(stream, 0, byte_order=LITTLE_ENDIAN)
stream = ByteIStream(data_be)
lcid3 = LCID.from_stream(stream, byte_order=BIG_ENDIAN)
lcid4 = LCID.from_stream(stream, 0, byte_order=BIG_ENDIAN)
ae(lcid1.rsvd, 0x9CE)
ae(lcid1.sort_id, 1)
ae(lcid1.lang_id, 0x0407)
ae(lcid2.rsvd, 0x9CE)
ae(lcid2.sort_id, 1)
ae(lcid2.lang_id, 0x0407)
ae(lcid3.rsvd, 0x9CE)
ae(lcid3.sort_id, 1)
ae(lcid3.lang_id, 0x0407)
ae(lcid4.rsvd, 0x9CE)
ae(lcid4.sort_id, 1)
ae(lcid4.lang_id, 0x0407)
def test_from_stream(self):
ae = self.assertEqual
data = bytearray()
data.extend(b"\x00\x01\x02\x03") # unknown1
data.extend(b"\x04\x05\x06\x07") # unknown2
data.extend(b"\x05\x00\x00\x00") # size
data.extend(b"\xFF\xD8\x08\x09\x0A") # data
stream = ByteIStream(data)
thumb1 = Thumbnail.from_stream(stream)
thumb2 = Thumbnail.from_stream(stream, 0)
for thumb in (thumb1, thumb2):
ae(thumb.size, 0x5)
ae(thumb.data, b"\xFF\xD8\x08\x09\x0A")
# end for
data = bytearray()
data.extend(b"\x00\x01\x02\x03") # unknown1
data.extend(b"\x05\x00\x00\x00") # size
data.extend(b"\x04\x05\x06\x07") # unknown2
data.extend(b"\x08\x09\x0A\x0B") # unknown3
data.extend(b"\xFF\xD8\x0C\x0D\x0E") # data
stream = ByteIStream(data)
thumb1 = Thumbnail.from_stream(stream)
thumb2 = Thumbnail.from_stream(stream, 0)
for thumb in (thumb1, thumb2):
ae(thumb.size, 0x5)
ae(thumb.data, b"\xFF\xD8\x0C\x0D\x0E")
def test_from_stream(self):
ae = self.assertEqual
attrs = FileAttributes.from_stream(ByteIStream(b"\x55\x55\x55\x55"))
ae(attrs.read_only, 1)
ae(attrs.hidden, 0)
ae(attrs.system, 1)
ae(attrs.directory, 1)
ae(attrs.archive, 0)
ae(attrs.normal, 0)
ae(attrs.temp, 1)
ae(attrs.sparse, 0)
ae(attrs.reparse_point, 1)
ae(attrs.compressed, 0)
ae(attrs.offline, 1)
ae(attrs.not_content_indexed, 0)
ae(attrs.encrypted, 1)
attrs = FileAttributes.from_stream(ByteIStream(b"\xAA\xAA\xAA\xAA"))
ae(attrs.read_only, 0)
ae(attrs.hidden, 1)
ae(attrs.system, 0)
ae(attrs.directory, 0)
ae(attrs.archive, 1)
ae(attrs.normal, 1)
ae(attrs.temp, 0)
ae(attrs.sparse, 1)
ae(attrs.reparse_point, 0)
ae(attrs.compressed, 1)
ae(attrs.offline, 0)
ae(attrs.not_content_indexed, 1)
ae(attrs.encrypted, 0)
def test_from_stream(self):
ae = self.assertEqual
data_le = (b"\xFF\xFF"
b"\x03"
b"\x01"
b"\x01\x02\x03\x04"
b"\x05\x06\x07\x08\x09\x0A\x0B\x0C")
data_be = (b"\xFF\xFF"
b"\x03"
b"\x01"
b"\x04\x03\x02\x01"
b"\x0C\x0B\x0A\x09\x08\x07\x06\x05")
value = (0x04030201 << 64) | 0x0C0B0A0908070605
value = -value
value = Decimal(value) / Decimal(10**3)
value_le = DECIMALToDecimal.from_stream(ByteIStream(data_le),
byte_order=LITTLE_ENDIAN)
value_be = DECIMALToDecimal.from_stream(ByteIStream(data_be),
byte_order=BIG_ENDIAN)
ae(value_le, value)
ae(value_be, value)
def test_from_ctype(self):
ae = self.assertEqual
stream = ByteIStream(bytes([x for x in range(16)]))
uuid1 = guid_be.from_buffer_copy(stream.read(16))
uuid1 = GUIDToUUID.from_ctype(uuid1)
ae(uuid1, UUID(bytes=bytes([x for x in range(16)])))
def test_from_ctype(self):
ae = self.assertEqual
stream = ByteIStream(bytes([x for x in range(16)]))
uuid1 = guid_be.from_buffer_copy(stream.read(16))
uuid1 = GUIDToUUID.from_ctype(uuid1)
ae(uuid1, UUID(bytes=bytes([x for x in range(16)])))
def test_from_stream(self):
ae = self.assertEqual
data0 = bytearray()
data0.extend(b"\x14\x00\x00\x00") # volume id size
data0.extend(b"\x01\x02\x03\x04") # drive type
data0.extend(b"\x05\x06\x07\x08") # drive serial number
data0.extend(b"\x10\x00\x00\x00") # volume label offset
data0.extend(b"abc\x00") # data
data1 = bytearray()
data1.extend(b"\x18\x00\x00\x00") # volume id size
data1.extend(b"\x01\x02\x03\x04") # drive type
data1.extend(b"\x05\x06\x07\x08") # drive serial number
data1.extend(b"\x14\x00\x00\x00") # volume label offset
data1.extend(b"\x14\x00\x00\x00")
data1.extend(b"d\x00\x00\x00") # data
stream0 = ByteIStream(data0)
stream1 = ByteIStream(b"".join([b"\x64\x53", data0]))
stream2 = ByteIStream(data1)
stream3 = ByteIStream(b"".join([b"\x64\x53", data1]))
volid0 = VolumeID.from_stream(stream0)
volid1 = VolumeID.from_stream(stream1, 2)
volid2 = VolumeID.from_stream(stream2)
volid3 = VolumeID.from_stream(stream3, 2)
ae(volid0.size, 0x14)
ae(volid1.size, 0x14)
ae(volid2.size, 0x18)
ae(volid3.size, 0x18)
ae(volid0.drive_type, 0x04030201)
ae(volid1.drive_type, 0x04030201)
ae(volid2.drive_type, 0x04030201)
ae(volid3.drive_type, 0x04030201)
ae(volid0.drive_serial_num, 0x08070605)
ae(volid1.drive_serial_num, 0x08070605)
ae(volid2.drive_serial_num, 0x08070605)
ae(volid3.drive_serial_num, 0x08070605)
ae(volid0.volume_label_offset, 0x10)
ae(volid1.volume_label_offset, 0x10)
ae(volid2.volume_label_offset, 0x14)
ae(volid2.volume_label_offset, 0x14)
ae(volid0.volume_label_offset_uni, None)
ae(volid1.volume_label_offset_uni, None)
ae(volid2.volume_label_offset_uni, 0x14)
ae(volid3.volume_label_offset_uni, 0x14)
ae(volid0.volume_label, b"abc")
ae(volid1.volume_label, b"abc")
ae(volid2.volume_label, "d")
ae(volid3.volume_label, "d")
def test_from_stream(self):
ae = self.assertEqual
data_le = b"\x4C\x27\xF6\xFF\xFF\xFF\xFF\xFF"
data_be = data_le[::-1]
value_le = CURRENCYToDecimal.from_stream(ByteIStream(data_le),
byte_order=LITTLE_ENDIAN)
value_be = CURRENCYToDecimal.from_stream(ByteIStream(data_be),
byte_order=BIG_ENDIAN)
value = Decimal("-64.53")
ae(value_le, value)
ae(value_be, value)
def test_from_stream(self):
ae = self.assertEqual
stream = ByteIStream(bytes([x for x in range(17)]))
uuid1 = CLSIDToUUID.from_stream(stream, byte_order=LITTLE_ENDIAN)
uuid2 = CLSIDToUUID.from_stream(stream, 1, byte_order=LITTLE_ENDIAN)
stream.seek(0, SEEK_SET)
uuid3 = CLSIDToUUID.from_stream(stream, byte_order=BIG_ENDIAN)
uuid4 = CLSIDToUUID.from_stream(stream, 1, byte_order=BIG_ENDIAN)
ae(uuid1, UUID(bytes_le=bytes([x for x in range(16)])))
ae(uuid2, UUID(bytes_le=bytes([x for x in range(1, 17)])))
ae(uuid3, UUID(bytes=bytes([x for x in range(16)])))
ae(uuid4, UUID(bytes=bytes([x for x in range(1, 17)])))
def test_from_stream(self):
ae = self.assertEqual
stream = ByteIStream(bytes([x for x in range(17)]))
uuid1 = CLSIDToUUID.from_stream(stream, byte_order=LITTLE_ENDIAN)
uuid2 = CLSIDToUUID.from_stream(stream, 1, byte_order=LITTLE_ENDIAN)
stream.seek(0, SEEK_SET)
uuid3 = CLSIDToUUID.from_stream(stream, byte_order=BIG_ENDIAN)
uuid4 = CLSIDToUUID.from_stream(stream, 1, byte_order=BIG_ENDIAN)
ae(uuid1, UUID(bytes_le=bytes([x for x in range(16)])))
ae(uuid2, UUID(bytes_le=bytes([x for x in range(1, 17)])))
ae(uuid3, UUID(bytes=bytes([x for x in range(16)])))
ae(uuid4, UUID(bytes=bytes([x for x in range(1, 17)])))
def main():
usage = "%prog [options] thumbsdb id"
description = "\n".join([
"Extracts raw thumbnail data from a thumbs.db file."
"", "If thumbsdb is '-', then stdin is read."
])
parser = OptionParser(usage=usage,
description=description,
version=VERSION_STR)
parser.add_option("-c",
dest="catalog_name",
action="store",
help="The name of the catalog stream (def: %default)",
default="Catalog")
(options, args) = parser.parse_args()
if len(args) < 2:
parser.error("You must specify a thumbs.db file or '-' and an id")
# end if
if args[0] == "-":
cfb = CompoundFile(ByteIStream(sys.stdin.buffer.read()))
else:
cfb = CompoundFile(RawIStream(args[0]))
# end if
tdb = ThumbsDb(cfb, options.catalog_name)
entry_id = int(args[1])
sys.stdout.buffer.write(tdb.thumbnails[entry_id].data)
def test_from_stream(self):
ae = self.assertEqual
item1 = b"\x06\x00\x01\x02\x03\x04"
item2 = b"\x05\x00\x05\x06\x07"
item3 = b"\x04\x00\x08\x09"
little_item = b"\x01\x00"
big_item = b"\xFF\x00\x64\x53"
null_item = b"\x00\x00"
itemid1 = SHITEMID((6, 6, b"\x01\x02\x03\x04"))
itemid2 = SHITEMID((5, 5, b"\x05\x06\x07"))
itemid3 = SHITEMID((4, 4, b"\x08\x09"))
little_itemid = SHITEMID((2, 1, None))
big_itemid = SHITEMID((2, 0xFF, b"\x64\x53"))
null_itemid = SHITEMID((2, 0, None))
data = bytearray()
data.extend(b"\x00\x01\x02\x03") # block size
data.extend(b"\x04\x05\x06\x07") # block signature
data.extend(b"".join([item1, item2, item3, null_item]))
stream = ByteIStream(data)
vaaidlp1 = VistaAndAboveIDListProps.from_stream(stream)
vaaidlp2 = VistaAndAboveIDListProps.from_stream(stream, 0)
ae(vaaidlp1.size, 0x03020100)
ae(vaaidlp2.size, 0x03020100)
ae(vaaidlp1.sig, 0x07060504)
ae(vaaidlp2.sig, 0x07060504)
id_list = [itemid1, itemid2, itemid3, null_itemid]
ae(vaaidlp1.idlist.mkid, id_list)
ae(vaaidlp2.idlist.mkid, id_list)
def test_from_stream(self):
ae = self.assertEqual
stream = ByteIStream(bytes([x for x in range(12)]))
cfep1 = ConsoleFEProps.from_stream(stream)
cfep2 = ConsoleFEProps.from_stream(stream, 0)
ae(cfep1.size, 0x03020100)
ae(cfep2.size, 0x03020100)
ae(cfep1.sig, 0x07060504)
ae(cfep2.sig, 0x07060504)
lcid = LCID.from_stream(ByteIStream(b"\x08\x09\x0A\x0B"))
ae(cfep1.code_page, lcid)
ae(cfep2.code_page, lcid)
def test_CtypesWrapper(self):
ae = self.assertEqual
class TestDataType(LERecord):
field1 = int8
field2 = uint8
# end class TestDataType
ctype = TestDataType._ctype_
class CtypesWrapperTest(CtypesWrapper):
_ctype_ = ctype
_fields_ = [x[0] for x in TestDataType._fields_]
# end class CtypesWrapperTest
cwt1 = CtypesWrapperTest.from_stream(ByteIStream(b"\x64\x53"))
ctype_with_val = ctype.from_buffer_copy(b"\x64\x53")
cwt2 = CtypesWrapperTest.from_ctype(ctype_with_val)
cwt3 = CtypesWrapperTest.from_bytes(b"\x64\x53")
for cwt in (cwt1, cwt2, cwt3):
ae(cwt.field1, 0x64)
ae(cwt.field2, 0x53)
ae(cwt, (0x64, 0x53))
def test_from_stream(self):
ae = self.assertEqual
data = bytearray()
data.extend(b"\x00\x01\x02\x03") # block size
data.extend(b"\x04\x05\x06\x07") # blog sig
data.extend([0x41] * 260) # darwin_data_ansi
data.extend([0xEB, 0xFE] * 260) # darwin_data_uni
stream = ByteIStream(data)
dp1 = DarwinProps.from_stream(stream)
dp2 = DarwinProps.from_stream(stream, 0)
ae(dp1.size, 0x03020100)
ae(dp2.size, 0x03020100)
ae(dp1.sig, 0x07060504)
ae(dp2.sig, 0x07060504)
ae(dp1.darwin_data_ansi, b"\x41" * 260)
ae(dp2.darwin_data_ansi, b"\x41" * 260)
darwin_data_uni = bytes([0xEB, 0xFE] * 260)
darwin_data_uni = darwin_data_uni.decode("utf_16_le", "ignore")
darwin_data_uni = darwin_data_uni.split("\x00", 1)[0]
ae(dp1.darwin_data_uni, darwin_data_uni)
ae(dp2.darwin_data_uni, darwin_data_uni)
def main():
usage = "%prog [options] lnkfile"
description = "\n".join([
"Displays information from shell link (.lnk) files.", "",
"If file is '-' then stdin is read."
])
parser = OptionParser(usage=usage,
description=description,
version=VERSION_STR)
parser.add_option("-f",
dest="full_output",
action="store_true",
help="Display full output for binary attributes",
default=False)
(options, args) = parser.parse_args()
if len(args) < 1:
parser.error("You must supply a file name or '-'")
# end if
if args[0] == "-":
lnk = ShellLink(ByteIStream(sys.stdin.buffer.read()))
filename = "-stdin-"
else:
lnk = ShellLink(RawIStream(args[0]))
filename = args[0]
# end if
output = ["File: {0}".format(filename)]
output.append("")
output.extend(format_output(lnk, options.full_output))
print("\n".join(output))
def test_from_stream(self):
ae = self.assertEqual
data = bytearray()
data.extend(b"\x00\x01\x02\x03") # block size
data.extend(b"\x04\x05\x06\x07") # blog sig
data.extend([0x41] * 260) # target_ansi
data.extend([0xEB, 0xFE] * 260) # target_uni
stream = ByteIStream(data)
esdb1 = ExpandableStringsDataBlock.from_stream(stream)
esdb2 = ExpandableStringsDataBlock.from_stream(stream, 0)
ae(esdb1.size, 0x03020100)
ae(esdb2.size, 0x03020100)
ae(esdb1.sig, 0x07060504)
ae(esdb2.sig, 0x07060504)
ae(esdb1.target_ansi, b"\x41" * 260)
ae(esdb2.target_ansi, b"\x41" * 260)
target_uni = bytes([0xEB, 0xFE] * 260)
target_uni = target_uni.decode("utf_16_le", "ignore")
target_uni = target_uni.split("\x00", 1)[0]
ae(esdb1.target_uni, target_uni)
ae(esdb2.target_uni, target_uni)
def test_from_stream(self):
ae = self.assertEqual
data = bytearray()
data.extend(b"\x00\x01\x02\x03") # block size
data.extend(b"\x04\x05\x06\x07") # blog sig
data.extend([0x41] * 260) # target_ansi
data.extend([0xEB, 0xFE] * 260) # target_uni
stream = ByteIStream(data)
iep1 = IconEnvironmentProps.from_stream(stream)
iep2 = IconEnvironmentProps.from_stream(stream, 0)
ae(iep1.size, 0x03020100)
ae(iep2.size, 0x03020100)
ae(iep1.sig, 0x07060504)
ae(iep2.sig, 0x07060504)
ae(iep1.target_ansi, b"\x41" * 260)
ae(iep2.target_ansi, b"\x41" * 260)
target_uni = bytes([0xEB, 0xFE] * 260)
target_uni = target_uni.decode("utf_16_le", "ignore")
target_uni = target_uni.split("\x00", 1)[0]
ae(iep1.target_uni, target_uni)
ae(iep2.target_uni, target_uni)
def test_from_stream(self):
ae = self.assertEqual
data_le = b"\xBD\x42\x57\xAE"
data_be = b"\xAE\x57\x42\xBD"
stream = ByteIStream(data_le)
hresult1 = HRESULT.from_stream(stream, byte_order=LITTLE_ENDIAN)
hresult2 = HRESULT.from_stream(stream, 0, byte_order=LITTLE_ENDIAN)
stream = ByteIStream(data_be)
hresult3 = HRESULT.from_stream(stream, byte_order=BIG_ENDIAN)
hresult4 = HRESULT.from_stream(stream, 0, byte_order=BIG_ENDIAN)
ae(hresult1.s, 1)
ae(hresult1.r, 0)
ae(hresult1.c, 1)
ae(hresult1.n, 0)
ae(hresult1.x, 1)
ae(hresult1.facility, 0x0657)
ae(hresult1.code, 0x42BD)
ae(hresult2.s, 1)
ae(hresult2.r, 0)
ae(hresult2.c, 1)
ae(hresult2.n, 0)
ae(hresult2.x, 1)
ae(hresult2.facility, 0x0657)
ae(hresult2.code, 0x42BD)
ae(hresult3.s, 1)
ae(hresult3.r, 0)
ae(hresult3.c, 1)
ae(hresult3.n, 0)
ae(hresult3.x, 1)
ae(hresult3.facility, 0x0657)
ae(hresult3.code, 0x42BD)
ae(hresult4.s, 1)
ae(hresult4.r, 0)
ae(hresult4.c, 1)
ae(hresult4.n, 0)
ae(hresult4.x, 1)
ae(hresult4.facility, 0x0657)
ae(hresult4.code, 0x42BD)
def main():
usage = "%prog [options] thumbsdb"
description = "\n".join([
"Lists the entries in an thumbs.db file.", "",
"If thumbsdb is '-', then stdin is read."
])
parser = OptionParser(usage=usage,
description=description,
version=VERSION_STR)
parser.add_option("-p",
dest="pretty_output",
action="store_true",
help="Display details in 'pretty-print' format",
default=False)
parser.add_option("-l",
dest="long_output",
action="store_true",
help="Display details in long format",
default=False)
parser.add_option("-m",
dest="mactime_output",
action="store_true",
help="Display details in mactime format",
default=False)
parser.add_option("-c",
dest="catalog_name",
action="store",
help="The name of the catalog stream (def: %default)",
default="Catalog")
(options, args) = parser.parse_args()
if options.mactime_output and options.long_output:
parser.error("You can't specify both -l and -m")
elif options.mactime_output and options.pretty_output:
parser.error("You can't specify both -m and -p")
elif options.long_output and options.pretty_output:
parser.error("You can't specify both -l and -p")
elif len(args) == 0:
parser.error("You must specify a thumbs.db file or '-'")
# end if
if args[0] == "-":
cfb = CompoundFile(ByteIStream(sys.stdin.buffer.read()))
else:
cfb = CompoundFile(RawIStream(args[0]))
# end if
tdb = ThumbsDb(cfb, options.catalog_name)
output = format_output(tdb, options)
print("\n".join(output))
def main():
usage = "%prog [options] info2file"
description = "\n".join([
"Lists the entries in an INFO2 file.",
"",
"If info2file is '-', then stdin is read."
])
parser = OptionParser(
usage=usage, description=description, version=VERSION_STR
)
parser.add_option(
"-R",
dest="rifiuti_output",
action="store_true",
help="Display details in Rifiuti-style format",
default=False
)
parser.add_option(
"-l",
dest="long_output",
action="store_true",
help="Display details in long format",
default=False
)
parser.add_option(
"-m",
dest="mactime_output",
action="store_true",
help="Display details in mactime format",
default=False
)
(options, args) = parser.parse_args()
if options.mactime_output and options.long_output:
parser.error("You can't specify both -l and -m")
elif options.mactime_output and options.rifiuti_output:
parser.error("You can't specify both -m and -R")
elif options.long_output and options.rifiuti_output:
parser.error("You can't specify both -l and -R")
elif len(args) == 0:
parser.error("You must specify an INFO2 file or '-'")
# end if
if args[0] == "-":
i2 = INFO2(ByteIStream(sys.stdin.buffer.read()))
else:
i2 = INFO2(RawIStream(args[0]))
# end if
output = format_output(i2, options)
print("\n".join(output))
def main():
usage = "%prog [options] -i sid olefile"
description = "\n".join([
"Displays OLE property sets from a stream in an OLE compound file.",
"", "If file is '-' then stdin is read."
])
parser = OptionParser(usage=usage,
description=description,
version=VERSION_STR)
parser.add_option("-r",
action="store_true",
dest="raw_stream",
help="Input is just a stream (not an OLE compound file)",
default=False)
parser.add_option(
"-i",
action="store",
dest="sid",
help="Stream to analyze",
)
(options, args) = parser.parse_args()
if len(args) < 1:
parser.error("You must specify an olefile (or '-' for stdin)")
# end if
if (not options.raw_stream) and (not options.sid):
parser.error("You must specify either -i or -r")
# end if
if args[0] == "-":
input_stream = ByteIStream(sys.stdin.buffer.read())
else:
input_stream = RawIStream(args[0])
# end if
if options.raw_stream:
output = format_output(input_stream, options)
else:
cfb = CompoundFile(input_stream)
sid = int(options.sid)
if sid not in cfb.dir_entries:
print("Can't find sid {0}".format(sid), file=sys.stderr)
sys.exit(-2)
# end if
output = format_output(cfb.get_stream(sid), options)
# end if
print("\n".join(output))
def main():
usage = "%prog olefile sid"
description = "\n".join([
"Displays statistics about entries in an OLE compound file.",
"",
"If file is '-' then stdin is read."
])
parser = OptionParser(
usage=usage, description=description, version=VERSION_STR
)
(options, args) = parser.parse_args()
if len(args) < 2:
parser.error("Must specify both a file and stream identifier")
# end if
if args[0] == "-":
cfb = CompoundFile(ByteIStream(sys.stdin.buffer.read()))
else:
cfb = CompoundFile(RawIStream(args[0]))
# end if
sid = int(args[1])
last_sid = len(cfb.dir_entries)
header_sid = last_sid + 0
difat_sid = last_sid + 1
fat_sid = last_sid + 2
mini_fat_sid = last_sid + 3
if sid in cfb.dir_entries:
entry = cfb.dir_entries[sid]
if cfb.is_valid_dir_entry(entry):
output = format_entry(cfb, sid)
else:
print("Invalid sid {0}".format(sid), file=sys.stderr)
sys.exit(-2)
# end if
elif sid == header_sid:
output = format_header(cfb)
elif sid == difat_sid:
output = format_di_fat(cfb)
elif sid == fat_sid:
output = format_fat(cfb)
elif sid == mini_fat_sid:
output = format_mini_fat(cfb)
else:
print("Invalid sid {0}".format(sid), file=sys.stderr)
sys.exit(-3)
# end if
print ("\n".join(output))
def test_from_stream(self):
ae = self.assertEqual
data = bytes([x for x in range(28)])
stream = ByteIStream(data)
kfp1 = KnownFolderProps.from_stream(stream)
kfp2 = KnownFolderProps.from_stream(stream, 0)
ae(kfp1.size, 0x03020100)
ae(kfp2.size, 0x03020100)
ae(kfp1.sig, 0x07060504)
ae(kfp2.sig, 0x07060504)
kf_id = GUIDToUUID.from_stream(ByteIStream(data[8:24]))
ae(kfp1.kf_id, kf_id)
ae(kfp2.kf_id, kf_id)
ae(kfp1.offset, 0x1B1A1918)
ae(kfp2.offset, 0x1B1A1918)
def test_from_stream(self):
ae = self.assertEqual
data = b"\x00\x01\x02\x03"
stream = ByteIStream(data)
coord1 = COORD.from_stream(stream, byte_order=LITTLE_ENDIAN)
coord2 = COORD.from_stream(stream, 0, byte_order=LITTLE_ENDIAN)
stream.seek(0, SEEK_SET)
coord3 = COORD.from_stream(stream, byte_order=BIG_ENDIAN)
coord4 = COORD.from_stream(stream, 0, byte_order=BIG_ENDIAN)
ae(coord1.x, 0x0100)
ae(coord1.y, 0x0302)
ae(coord2.x, 0x0100)
ae(coord2.y, 0x0302)
ae(coord3.x, 0x0001)
ae(coord3.y, 0x0203)
ae(coord4.x, 0x0001)
ae(coord4.y, 0x0203)
def test_from_stream(self):
ae = self.assertEqual
data = b"\x00\x01\x02\x03"
stream = ByteIStream(data)
coord1 = COORD.from_stream(stream, byte_order=LITTLE_ENDIAN)
coord2 = COORD.from_stream(stream, 0, byte_order=LITTLE_ENDIAN)
stream.seek(0, SEEK_SET)
coord3 = COORD.from_stream(stream, byte_order=BIG_ENDIAN)
coord4 = COORD.from_stream(stream, 0, byte_order=BIG_ENDIAN)
ae(coord1.x, 0x0100)
ae(coord1.y, 0x0302)
ae(coord2.x, 0x0100)
ae(coord2.y, 0x0302)
ae(coord3.x, 0x0001)
ae(coord3.y, 0x0203)
ae(coord4.x, 0x0001)
ae(coord4.y, 0x0203)
def test_from_stream(self):
ae = self.assertEqual
datetime_3_25 = datetime(1900, 1, 2, 6, 0, 0)
data_le = b"\x00\x00\x00\x00\x00\x00\x0A\x40"
data_be = b"\x40\x0A\x00\x00\x00\x00\x00\x00"
stream = ByteIStream(data_le)
value = \
VariantTimeTodatetime.from_stream(stream, byte_order=LITTLE_ENDIAN)
ae(value, datetime_3_25)
value = VariantTimeTodatetime.from_stream(stream, 0, LITTLE_ENDIAN)
ae(value, datetime_3_25)
stream = ByteIStream(data_be)
value = \
VariantTimeTodatetime.from_stream(stream, byte_order=BIG_ENDIAN)
ae(value, datetime_3_25)
value = VariantTimeTodatetime.from_stream(stream, 0, BIG_ENDIAN)
ae(value, datetime_3_25)
def setUp(self):
name = ("abcdefghijklmnop" * 2).encode("utf_16_le")
name_size = b"\x40\x00"
bogus_name_size = b"\xFF\xFF"
btime = b"\x00\x0E\x15\x91\xC4\x95\xC2\x01"
mtime = b"\x90\xCB\xAE\x00\x51\x69\xC5\x01"
data1 = bytearray(b"".join([pack("B", x) for x in range(128)]))
data2 = bytearray(b"".join([b"junk", data1]))
data1[0:64] = name
data1[64:66] = name_size
data1[100:108] = btime
data1[108:116] = mtime
data2[4:68] = name
data2[68:70] = bogus_name_size
data2[104:112] = btime
data2[112:120] = mtime
self.stream1 = ByteIStream(data1)
self.stream2 = ByteIStream(data2)
def test_from_stream(self):
ae = self.assertEqual
data = bytearray()
data.extend(b"\x00\x01\x02\x03") # block size
data.extend(b"\x04\x05\x06\x07") # block sig
data.extend(b"\x50\x00\x00\x00") # length
data.extend(b"\x0B\x0A\x09\x08") # version
data.extend(b"abcdefgh") # machine_id
data.extend(bytes([x for x in range(32)]))
data.extend(bytes([x for x in range(31, -1, -1)]))
stream = ByteIStream(data)
tp1 = TrackerProps.from_stream(stream)
tp2 = TrackerProps.from_stream(stream, 0)
ae(tp1.size, 0x03020100)
ae(tp2.size, 0x03020100)
ae(tp1.sig, 0x07060504)
ae(tp2.sig, 0x07060504)
ae(tp1.length, 0x50)
ae(tp2.length, 0x50)
ae(tp1.machine_id, b"abcdefgh")
ae(tp2.machine_id, b"abcdefgh")
droid_stream = ByteIStream(data[24:56])
droid = DomainRelativeObjId.from_stream(droid_stream)
ae(tp1.droid, droid)
ae(tp2.droid, droid)
droid_stream = ByteIStream(data[56:])
droid = DomainRelativeObjId.from_stream(droid_stream)
ae(tp1.droid_birth, droid)
ae(tp2.droid_birth, droid)
def test_from_stream(self):
ae = self.assertEqual
stream = ByteIStream(b"\x0A\x00\x00\x00\x01\x02\x03\x04\x64\x53")
sp1 = ShimProps.from_stream(stream)
sp2 = ShimProps.from_stream(stream, 0)
ae(sp1.size, 0xA)
ae(sp2.size, 0xA)
ae(sp1.sig, 0x04030201)
ae(sp2.sig, 0x04030201)
ae(sp1.layer_name, "\u5364")
ae(sp2.layer_name, "\u5364")
stream = ByteIStream(b"\xFF\x00\x00\x00\x01\x02\x03\x04\x64\x53")
sp1 = ShimProps.from_stream(stream)
sp2 = ShimProps.from_stream(stream, 0)
ae(sp1.size, 0xFF)
ae(sp2.size, 0xFF)
ae(sp1.sig, 0x04030201)
ae(sp2.sig, 0x04030201)
ae(sp1.layer_name, "\u5364")
ae(sp2.layer_name, "\u5364")
def test_from_stream(self):
ae = self.assertEqual
stream = ByteIStream(b"\x0A\x00\x00\x00\x01\x02\x03\x04\x64\x53")
edb1 = ExtraDataBlock.from_stream(stream)
edb2 = ExtraDataBlock.from_stream(stream, 0)
ae(edb1.size, 0xA)
ae(edb2.size, 0xA)
ae(edb1.sig, 0x04030201)
ae(edb2.sig, 0x04030201)
ae(edb1.data, b"\x64\x53")
ae(edb2.data, b"\x64\x53")
stream = ByteIStream(b"\xFF\x00\x00\x00\x01\x02\x03\x04\x64\x53")
edb1 = ExtraDataBlock.from_stream(stream)
edb2 = ExtraDataBlock.from_stream(stream, 0)
ae(edb1.size, 0xFF)
ae(edb2.size, 0xFF)
ae(edb1.sig, 0x04030201)
ae(edb2.sig, 0x04030201)
ae(edb1.data, b"\x64\x53")
ae(edb2.data, b"\x64\x53")
def main():
usage = "%prog thumbsdb id"
description = "\n".join([
"Displays statistics about a specific entry in a thumbs.db file."
"", "If thumbsdb is '-', then stdin is read."
])
parser = OptionParser(usage=usage,
description=description,
version=VERSION_STR)
parser.add_option("-c",
dest="catalog_name",
action="store",
help="The name of the catalog stream (def: %default)",
default="Catalog")
(options, args) = parser.parse_args()
if len(args) < 2:
parser.error("You must specify both an thumbs.db file and an id")
# end fi
if args[0] == "-":
cfb = CompoundFile(ByteIStream(sys.stdin.buffer.read()))
else:
cfb = CompoundFile(RawIStream(args[0]))
# end if
tdb = ThumbsDb(cfb, options.catalog_name)
entry_id = int(args[1])
entries = tdb.catalog.entries
key_values = dict([(getattr(entry, "id"), entry) for entry in entries])
ids = list(key_values.keys())
ids.append(ids[-1] + 1) # $Catalog
if entry_id not in ids:
parser.error("Unknown id {0}".format(entry_id))
# end if
if entry_id == ids[-1]:
output = format_catalog(tdb)
else:
output = format_entry(tdb, key_values[entry_id])
# end if
print("\n".join(output))