Python _WindowsTime Examples

Programming Language: Python

Namespace/Package Name: mftutils

Method/Function: _WindowsTime

Examples at hotexamples.com: 2

Python _WindowsTime - 2 examples found. These are the top rated real world Python examples of mftutils._WindowsTime extracted from open source projects. You can rate examples to help us improve the quality of examples.

Example #1

Show file

File: mft.py Project: SolidStorm/FastResponder

def decodeFNAttribute(s, localtz, record):

	hexFlag = False
	# File name attributes can have null dates.

	d = {}
	d['par_ref'] = struct.unpack("<Lxx", s[:6])[0]	  # Parent reference nummber + seq number = 8 byte "File reference to the parent directory."
	d['par_seq'] = struct.unpack("<H",s[6:8])[0]		# Parent sequence number
	d['crtime'] = mftutils._WindowsTime(struct.unpack("<L",s[8:12])[0],struct.unpack("<L",s[12:16])[0],localtz)
	d['mtime'] = mftutils._WindowsTime(struct.unpack("<L",s[16:20])[0],struct.unpack("<L",s[20:24])[0],localtz)
	d['ctime'] = mftutils._WindowsTime(struct.unpack("<L",s[24:28])[0],struct.unpack("<L",s[28:32])[0],localtz)
	d['atime'] = mftutils._WindowsTime(struct.unpack("<L",s[32:36])[0],struct.unpack("<L",s[36:40])[0],localtz)
	d['alloc_fsize'] = struct.unpack("<q",s[40:48])[0]
	d['real_fsize'] = struct.unpack("<q",s[48:56])[0]
	d['flags'] = struct.unpack("<d",s[56:64])[0]			# 0x01=NTFS, 0x02=DOS
	d['nlen'] = struct.unpack("B",s[64])[0]
	d['nspace'] = struct.unpack("B",s[65])[0]

	bytes = s[66:66 + d['nlen']*2]
	try:
		d['name'] = bytes.decode('utf-16').encode('utf-8')
	except:
		d['name'] = 'UnableToDecodeFilename'

	return d

Example #2

Show file

File: mft.py Project: LucaBongiorni/Fastir_Collector

def decodeSIAttribute(s, localtz):
    d = {}
    d['crtime'] = mftutils._WindowsTime(struct.unpack("<L", s[:4])[0], struct.unpack("<L", s[4:8])[0], localtz)
    d['mtime'] = mftutils._WindowsTime(struct.unpack("<L", s[8:12])[0], struct.unpack("<L", s[12:16])[0], localtz)
    d['ctime'] = mftutils._WindowsTime(struct.unpack("<L", s[16:20])[0], struct.unpack("<L", s[20:24])[0], localtz)
    d['atime'] = mftutils._WindowsTime(struct.unpack("<L", s[24:28])[0], struct.unpack("<L", s[28:32])[0], localtz)
    d['dos'] = struct.unpack("<I", s[32:36])[0]  # 4
    d['maxver'] = struct.unpack("<I", s[36:40])[0]  # 4
    d['ver'] = struct.unpack("<I", s[40:44])[0]  # 4
    d['class_id'] = struct.unpack("<I", s[44:48])[0]  # 4
    d['own_id'] = struct.unpack("<I", s[48:52])[0]  # 4
    d['sec_id'] = struct.unpack("<I", s[52:56])[0]  # 4
    d['quota'] = struct.unpack("<d", s[56:64])[0]  # 8
    d['usn'] = struct.unpack("<d", s[64:72])[0]  # 8 - end of date to here is 40

    return d