コード例 #1
0
ファイル: objects.py プロジェクト: pombreda/libforensics
    def test_from_stream(self):
        ae = self.assertEqual

        stream = ByteIStream(bytes([x for x in range(12)]))
        cfep1 = ConsoleFEProps.from_stream(stream)
        cfep2 = ConsoleFEProps.from_stream(stream, 0)

        ae(cfep1.size, 0x03020100)
        ae(cfep2.size, 0x03020100)

        ae(cfep1.sig, 0x07060504)
        ae(cfep2.sig, 0x07060504)

        lcid = LCID.from_stream(ByteIStream(b"\x08\x09\x0A\x0B"))
        ae(cfep1.code_page, lcid)
        ae(cfep2.code_page, lcid)
コード例 #2
0
ファイル: objects.py プロジェクト: KrestMoraes/libforensics
    def test_from_stream(self):
        ae = self.assertEqual

        stream = ByteIStream(bytes([x for x in range(12)]))
        cfep1 = ConsoleFEProps.from_stream(stream)
        cfep2 = ConsoleFEProps.from_stream(stream, 0)

        ae(cfep1.size, 0x03020100)
        ae(cfep2.size, 0x03020100)

        ae(cfep1.sig, 0x07060504)
        ae(cfep2.sig, 0x07060504)

        lcid = LCID.from_stream(ByteIStream(b"\x08\x09\x0A\x0B"))
        ae(cfep1.code_page, lcid)
        ae(cfep2.code_page, lcid)
コード例 #3
0
ファイル: objects.py プロジェクト: pombreda/libforensics
    def test_make_blocks(self):
        ae = self.assertEqual

        # This will hold the entire stream of blocks.
        data = bytearray()

        # Make the ConsoleProps
        console_props_data = bytearray()

        # block size
        console_props_data.extend(b"\xCC\x00\x00\x00")

        # block signature
        console_props_data.extend(b"\x02\x00\x00\xA0")

        # fill attributes (bright green on black)
        console_props_data.extend(b"\x0A\x00")

        # popup fill attributes (bright red on bright green)
        console_props_data.extend(b"\xB4\x00")

        # screen buffer size (x,y)
        console_props_data.extend(b"\x64\x53\xEB\xFE")

        # window size (x,y)
        console_props_data.extend(b"\x41\x41\x42\x42")

        # window origin (x, y)
        console_props_data.extend(b"\xAD\xBA\x0D\xF0")

        # font
        console_props_data.extend(b"\xAA\xBB\xCC\xDD")

        # input_buf_size
        console_props_data.extend(b"\xFF\xFF\x00\x00")

        # Font size
        console_props_data.extend(b"\x10\x00\x00\x00")

        # Font family (modern)
        console_props_data.extend(b"\x30\x00\x00\x00")

        # Font weight (bold)
        console_props_data.extend(b"\x35\x19\x00\x00")

        # Face name
        face_name = "thisisnotthedatayouarelookingfor"
        console_props_data.extend(face_name.encode("utf_16_le"))

        # Cursor size (medium)
        console_props_data.extend(b"\x1A\x00\x00\x00")

        # Full screen (yes)
        console_props_data.extend(b"\x01\x00\x00\x00")

        # Quick edit (yes)
        console_props_data.extend(b"\x08\x00\x00\x00")

        # Insert mode (yes)
        console_props_data.extend(b"\x98\xBA\xDC\xFE")

        # Auto position (yes)
        console_props_data.extend(b"\x02\x00\x00\x00")

        # History buffer size
        console_props_data.extend(b"\xFF\x00\x00\x00")

        # Number of history buffers
        console_props_data.extend(b"\x04\x00\x00\x00")

        # HistoryNoDup (duplicates allowed)
        console_props_data.extend(b"\x03\x00\x00\x00")

        # Color table
        console_props_data.extend([(x % 256) for x in range(1000, 1064)])

        console_props = \
            ConsoleProps.from_stream(ByteIStream(console_props_data))

        # Make the ConsoleFEProps
        console_fe_props_data = bytearray()
        console_fe_props_data.extend(b"\x0C\x00\x00\x00")  # block size
        console_fe_props_data.extend(b"\x04\x00\x00\xA0")  # block signature
        console_fe_props_data.extend(
            b"\x04\x04\x04\x00")  # LCID (zh-TW_radstr)
        console_fe_props = \
            ConsoleFEProps.from_stream(ByteIStream(console_fe_props_data))

        # Make the DarwinProps
        darwin_props_data = bytearray()

        # block size
        darwin_props_data.extend(b"\x14\x03\x00\x00")

        # block signature
        darwin_props_data.extend(b"\x06\x00\x00\xA0")

        # Darwin data ANSI
        darwin_props_data.extend(b"".join([b"\x41" * 259, b"\x00"]))

        # Darwin data unicode
        darwin_props_data.extend(b"".join([b"\x41\x00" * 259, b"\x00\x00"]))

        darwin_props = DarwinProps.from_stream(ByteIStream(darwin_props_data))

        # Make the EnvironmentProps
        environment_props_data = bytearray()

        # block size
        environment_props_data.extend(b"\x14\x03\x00\x00")

        # block signature
        environment_props_data.extend(b"\x01\x00\x00\xA0")

        # Target ANSI
        environment_props_data.extend(b"".join([b"\x41" * 259, b"\x00"]))

        # Target unicode
        environment_props_data.extend(b"\x41\x00" * 260)
        environment_props = EnvironmentProps.from_stream(
            ByteIStream(environment_props_data))

        # Make the IconEnvironmentProps
        icon_environment_props_data = bytearray()

        # block size
        icon_environment_props_data.extend(b"\x14\x03\x00\x00")

        # block signature
        icon_environment_props_data.extend(b"\x07\x00\x00\xA0")

        # Target ANSI
        icon_environment_props_data.extend(b"".join([b"\x41" * 259, b"\x00"]))

        # Target unicode
        icon_environment_props_data.extend(b"\x41\x00" * 260)

        icon_environment_props = IconEnvironmentProps.from_stream(
            ByteIStream(icon_environment_props_data))

        # Make the KnownFolderProps
        known_folder_props_data = bytearray()
        known_folder_props_data.extend(b"\x1C\x00\x00\x00")  # block size
        known_folder_props_data.extend(b"\x0B\x00\x00\xA0")  # block signature
        known_folder_props_data.extend([x for x in range(16)])  # kf_id
        known_folder_props_data.extend(b"\x01\x02\x03\x04")  # offset
        known_folder_props = \
            KnownFolderProps.from_stream(ByteIStream(known_folder_props_data))

        # Make the PropertyStoreProps
        property_store_props_data = bytearray()

        # block size
        property_store_props_data.extend(b"\x10\x00\x00\x00")

        # block signature
        property_store_props_data.extend(b"\x09\x00\x00\xA0")

        # property store
        property_store_props_data.extend([x for x in range(32, 40)])

        property_store_props = PropertyStoreProps.from_stream(
            ByteIStream(property_store_props_data))

        # Make the ShimProps
        shim_props_data = bytearray()
        shim_props_data.extend(b"\x90\x00\x00\x00")  # block size
        shim_props_data.extend(b"\x08\x00\x00\xA0")  # block signature
        shim_props_data.extend(b"a\x00b\x00c\x00d\x00" * 17)  # layer name
        shim_props = ShimProps.from_stream(ByteIStream(shim_props_data))

        # Make the SpecialFolderProps
        special_folder_props_data = bytearray()
        special_folder_props_data.extend(b"\x10\x00\x00\x00")  # block size
        special_folder_props_data.extend(
            b"\x05\x00\x00\xA0")  # block signature
        special_folder_props_data.extend(b"\x53\x64\x53\x64")  # sf_id
        special_folder_props_data.extend(b"\x32\x54\x76\x98")  # offset
        special_folder_props = SpecialFolderProps.from_stream(
            ByteIStream(special_folder_props_data))

        # Make the TrackerProps
        tracker_props_data = bytearray()
        tracker_props_data.extend(b"\x60\x00\x00\x00")  # block size
        tracker_props_data.extend(b"\x03\x00\x00\xA0")  # block signature
        tracker_props_data.extend(b"\x58\x00\x00\x00")  # length
        tracker_props_data.extend(b"\x00\x00\x00\x00")  # version
        tracker_props_data.extend(b"0123456789012345")  # machine id
        tracker_props_data.extend([x for x in range(128, 160)])  # droid
        tracker_props_data.extend([x for x in range(160, 192)])  # droid birth
        tracker_props = \
            TrackerProps.from_stream(ByteIStream(tracker_props_data))

        # Make the VistaAndAboveIDListProps
        item1 = b"\x05\x00\x0A\x0B\x0C"
        item2 = b"\x03\x00\xFF"
        null_item = b"\x00\x00"
        id_list = b"".join([item1, item2, null_item])

        vista_and_above_id_list_props_data = bytearray()

        # block size
        vista_and_above_id_list_props_data.extend(b"\x12\x00\x00\x00")

        # block signature
        vista_and_above_id_list_props_data.extend(b"\x0C\x00\x00\xA0")

        # id list
        vista_and_above_id_list_props_data.extend(id_list)

        vista_and_above_id_list_props = VistaAndAboveIDListProps.from_stream(
            ByteIStream(vista_and_above_id_list_props_data))

        data = bytearray()
        data.extend(b"".join([
            console_props_data, console_fe_props_data, darwin_props_data,
            environment_props_data, icon_environment_props_data,
            known_folder_props_data, property_store_props_data,
            shim_props_data, special_folder_props_data, tracker_props_data,
            vista_and_above_id_list_props_data
        ]))

        stream = ByteIStream(data)

        ref_properties = [
            console_props, console_fe_props, darwin_props, environment_props,
            icon_environment_props, known_folder_props, property_store_props,
            shim_props, special_folder_props, tracker_props,
            vista_and_above_id_list_props
        ]
        test_properties = list(ExtraDataBlockFactory.make_blocks(stream))
        ae(test_properties, ref_properties)
コード例 #4
0
ファイル: objects.py プロジェクト: KrestMoraes/libforensics
    def test_make_blocks(self):
        ae = self.assertEqual

        # This will hold the entire stream of blocks.
        data = bytearray()


        # Make the ConsoleProps
        console_props_data = bytearray()

        # block size
        console_props_data.extend(b"\xCC\x00\x00\x00")

        # block signature
        console_props_data.extend(b"\x02\x00\x00\xA0")

        # fill attributes (bright green on black)
        console_props_data.extend(b"\x0A\x00")

        # popup fill attributes (bright red on bright green)
        console_props_data.extend(b"\xB4\x00")

        # screen buffer size (x,y)
        console_props_data.extend(b"\x64\x53\xEB\xFE")

        # window size (x,y)
        console_props_data.extend(b"\x41\x41\x42\x42")

        # window origin (x, y)
        console_props_data.extend(b"\xAD\xBA\x0D\xF0")

        # font
        console_props_data.extend(b"\xAA\xBB\xCC\xDD")

        # input_buf_size
        console_props_data.extend(b"\xFF\xFF\x00\x00")

        # Font size
        console_props_data.extend(b"\x10\x00\x00\x00")

        # Font family (modern)
        console_props_data.extend(b"\x30\x00\x00\x00")

        # Font weight (bold)
        console_props_data.extend(b"\x35\x19\x00\x00")

        # Face name
        face_name = "thisisnotthedatayouarelookingfor"
        console_props_data.extend(face_name.encode("utf_16_le"))

        # Cursor size (medium)
        console_props_data.extend(b"\x1A\x00\x00\x00")

        # Full screen (yes)
        console_props_data.extend(b"\x01\x00\x00\x00")

        # Quick edit (yes)
        console_props_data.extend(b"\x08\x00\x00\x00")

        # Insert mode (yes)
        console_props_data.extend(b"\x98\xBA\xDC\xFE")

        # Auto position (yes)
        console_props_data.extend(b"\x02\x00\x00\x00")

        # History buffer size
        console_props_data.extend(b"\xFF\x00\x00\x00")

        # Number of history buffers
        console_props_data.extend(b"\x04\x00\x00\x00")

        # HistoryNoDup (duplicates allowed)
        console_props_data.extend(b"\x03\x00\x00\x00")

        # Color table
        console_props_data.extend([(x % 256) for x in range(1000, 1064)])

        console_props = \
            ConsoleProps.from_stream(ByteIStream(console_props_data))


        # Make the ConsoleFEProps
        console_fe_props_data = bytearray()
        console_fe_props_data.extend(b"\x0C\x00\x00\x00")  # block size
        console_fe_props_data.extend(b"\x04\x00\x00\xA0")  # block signature
        console_fe_props_data.extend(b"\x04\x04\x04\x00")  # LCID (zh-TW_radstr)
        console_fe_props = \
            ConsoleFEProps.from_stream(ByteIStream(console_fe_props_data))


        # Make the DarwinProps
        darwin_props_data = bytearray()

        # block size
        darwin_props_data.extend(b"\x14\x03\x00\x00")

        # block signature
        darwin_props_data.extend(b"\x06\x00\x00\xA0")

        # Darwin data ANSI
        darwin_props_data.extend(b"".join([b"\x41" * 259, b"\x00"]))

        # Darwin data unicode
        darwin_props_data.extend(b"".join([b"\x41\x00" * 259, b"\x00\x00"]))

        darwin_props = DarwinProps.from_stream(ByteIStream(darwin_props_data))


        # Make the EnvironmentProps
        environment_props_data = bytearray()

        # block size
        environment_props_data.extend(b"\x14\x03\x00\x00")

        # block signature
        environment_props_data.extend(b"\x01\x00\x00\xA0")

        # Target ANSI
        environment_props_data.extend(b"".join([b"\x41" * 259, b"\x00"]))

        # Target unicode
        environment_props_data.extend(b"\x41\x00" * 260)
        environment_props = EnvironmentProps.from_stream(ByteIStream(
            environment_props_data
        ))


        # Make the IconEnvironmentProps
        icon_environment_props_data = bytearray()

        # block size
        icon_environment_props_data.extend(b"\x14\x03\x00\x00")

        # block signature
        icon_environment_props_data.extend(b"\x07\x00\x00\xA0")

        # Target ANSI
        icon_environment_props_data.extend(b"".join([b"\x41" * 259, b"\x00"]))

        # Target unicode
        icon_environment_props_data.extend(b"\x41\x00" * 260)

        icon_environment_props = IconEnvironmentProps.from_stream(
            ByteIStream(icon_environment_props_data)
        )


        # Make the KnownFolderProps
        known_folder_props_data = bytearray()
        known_folder_props_data.extend(b"\x1C\x00\x00\x00")  # block size
        known_folder_props_data.extend(b"\x0B\x00\x00\xA0")  # block signature
        known_folder_props_data.extend([x for x in range(16)])  # kf_id
        known_folder_props_data.extend(b"\x01\x02\x03\x04")  # offset
        known_folder_props = \
            KnownFolderProps.from_stream(ByteIStream(known_folder_props_data))


        # Make the PropertyStoreProps
        property_store_props_data = bytearray()

        # block size
        property_store_props_data.extend(b"\x10\x00\x00\x00")

        # block signature
        property_store_props_data.extend(b"\x09\x00\x00\xA0")

        # property store
        property_store_props_data.extend([x for x in range(32, 40)])

        property_store_props = PropertyStoreProps.from_stream(
            ByteIStream(property_store_props_data)
        )


        # Make the ShimProps
        shim_props_data = bytearray()
        shim_props_data.extend(b"\x90\x00\x00\x00")  # block size
        shim_props_data.extend(b"\x08\x00\x00\xA0")  # block signature
        shim_props_data.extend(b"a\x00b\x00c\x00d\x00" * 17)  # layer name
        shim_props = ShimProps.from_stream(ByteIStream(shim_props_data))


        # Make the SpecialFolderProps
        special_folder_props_data = bytearray()
        special_folder_props_data.extend(b"\x10\x00\x00\x00")  # block size
        special_folder_props_data.extend(b"\x05\x00\x00\xA0")  # block signature
        special_folder_props_data.extend(b"\x53\x64\x53\x64")  # sf_id
        special_folder_props_data.extend(b"\x32\x54\x76\x98")  # offset
        special_folder_props = SpecialFolderProps.from_stream(
            ByteIStream(special_folder_props_data)
        )


        # Make the TrackerProps
        tracker_props_data = bytearray()
        tracker_props_data.extend(b"\x60\x00\x00\x00")  # block size
        tracker_props_data.extend(b"\x03\x00\x00\xA0")  # block signature
        tracker_props_data.extend(b"\x58\x00\x00\x00")  # length
        tracker_props_data.extend(b"\x00\x00\x00\x00")  # version
        tracker_props_data.extend(b"0123456789012345")  # machine id
        tracker_props_data.extend([x for x in range(128, 160)])  # droid
        tracker_props_data.extend([x for x in range(160, 192)])  # droid birth
        tracker_props = \
            TrackerProps.from_stream(ByteIStream(tracker_props_data))


        # Make the VistaAndAboveIDListProps
        item1 = b"\x05\x00\x0A\x0B\x0C"
        item2 = b"\x03\x00\xFF"
        null_item = b"\x00\x00"
        id_list = b"".join([item1, item2, null_item])

        vista_and_above_id_list_props_data = bytearray()

        # block size
        vista_and_above_id_list_props_data.extend(b"\x12\x00\x00\x00")

        # block signature
        vista_and_above_id_list_props_data.extend(b"\x0C\x00\x00\xA0")

        # id list
        vista_and_above_id_list_props_data.extend(id_list)

        vista_and_above_id_list_props = VistaAndAboveIDListProps.from_stream(
            ByteIStream(vista_and_above_id_list_props_data)
        )


        data = bytearray()
        data.extend(b"".join([
            console_props_data,
            console_fe_props_data,
            darwin_props_data,
            environment_props_data,
            icon_environment_props_data,
            known_folder_props_data,
            property_store_props_data,
            shim_props_data,
            special_folder_props_data,
            tracker_props_data,
            vista_and_above_id_list_props_data
        ]))

        stream = ByteIStream(data)

        ref_properties = [
            console_props,
            console_fe_props,
            darwin_props,
            environment_props,
            icon_environment_props,
            known_folder_props,
            property_store_props,
            shim_props,
            special_folder_props,
            tracker_props,
            vista_and_above_id_list_props
        ]
        test_properties = list(ExtraDataBlockFactory.make_blocks(stream))
        ae(test_properties, ref_properties)