def start(self, args):
if args.has_key("start-offset"):
startoff = args["start-offset"].value()
else:
startoff = 0
if args.has_key("block-aligned"):
aligned = True
else:
aligned = False
patterns = VList()
for mimetype in filetypes.keys():
if mimetype in args:
vsubtypes = args[mimetype].value()
for subtype in filetypes[mimetype].keys():
if subtype in vsubtypes:
pattern = VMap()
descr = filetypes[mimetype][subtype]
for p in descr:
header = VMap()
header["needle"] = Variant(p[0], typeId.String)
header["size"] = Variant(len(p[0]), typeId.UInt32)
footer = VMap()
footer["needle"] = Variant(p[1], typeId.String)
footer["size"] = Variant(len(p[1]), typeId.UInt32)
pattern["filetype"] = Variant(
subtype, typeId.String)
pattern["header"] = Variant(header)
pattern["footer"] = Variant(footer)
pattern["window"] = Variant(
int(p[2]), typeId.UInt32)
if aligned:
pattern["aligned"] = Variant(True, typeId.Bool)
else:
pattern["aligned"] = Variant(
False, typeId.Bool)
patterns.append(pattern)
margs = VMap()
margs["patterns"] = Variant(patterns)
margs["file"] = args["file"]
margs["start-offset"] = Variant(startoff, typeId.UInt64)
proc = self.tm.add("carver", margs, ["console"])
if proc:
proc.event.wait()
def __init__(self):
Module.__init__(self, 'carverui', CarverUi)
self.conf.addArgument({
"name":
"file",
"input":
typeId.Node | Argument.Single | Argument.Required,
"description":
"Node to search data in"
})
self.conf.addArgument({
"name":
"block-aligned",
"input":
Argument.Empty,
"description":
"if setted only search signatures at the begining of blocks (faster but less accurate)"
})
self.conf.addArgument({
"name":
"start-offset",
"input":
typeId.UInt64 | Argument.Single | Argument.Optional,
"description":
"offset from which to start carving"
})
for mimetype in filetypes.keys():
predefined = []
for subtype in filetypes[mimetype].keys():
predefined.append(subtype)
self.conf.addArgument({
"name":
mimetype,
"input":
typeId.String | Argument.List | Argument.Optional,
"description":
"managed types",
"parameters": {
"type": Parameter.NotEditable,
"predefined": predefined
}
})
self.tags = "builtins"
def __init__(self):
Module.__init__(self, 'carverui', CarverUi)
self.conf.addArgument({"name": "file",
"input": typeId.Node|Argument.Single|Argument.Required,
"description": "Node to search data in"})
self.conf.addArgument({"name": "block-aligned",
"input": Argument.Empty,
"description": "if setted only search signatures at the begining of blocks (faster but less accurate)"})
self.conf.addArgument({"name": "start-offset",
"input": typeId.UInt64|Argument.Single|Argument.Optional,
"description": "offset from which to start carving"})
for mimetype in filetypes.keys():
predefined = []
for subtype in filetypes[mimetype].keys():
predefined.append(subtype)
self.conf.addArgument({"name": mimetype,
"input": typeId.String|Argument.List|Argument.Optional,
"description": "managed types",
"parameters": {"type": Parameter.NotEditable,
"predefined": predefined}
})
self.tags = "builtins"
def start(self, args):
patterns = VList()
patterns.thisown = False
if args.has_key("start-offset"):
startoff = args["start-offset"].value()
else:
startoff = 0
if args.has_key("block-aligned"):
aligned = True
else:
aligned = False
for mimetype in filetypes.keys():
if mimetype in args:
vsubtypes = args[mimetype].value()
for subtype in filetypes[mimetype].keys():
if subtype in vsubtypes:
pattern = VMap()
pattern.thisown = False
descr = filetypes[mimetype][subtype]
filetype = Variant(subtype, typeId.String)
filetype.thisown = False
for p in descr:
pattern["filetype"] = filetype
header = VMap()
header.thisown = False
val = Variant(p[0], typeId.String)
val.thisown = False
header["needle"] = val
val = Variant(len(p[0]), typeId.UInt32)
val.thisown = False
header["size"] = val
footer = VMap()
footer.thisown = False
val = Variant(p[1], typeId.String)
val.thisown = False
footer["needle"] = val
val = Variant(len(p[1]), typeId.UInt32)
val.thisown = False
footer["size"] = val
vheader = Variant(header)
vheader.thisown = False
pattern["header"] = vheader
vfooter = Variant(footer)
vfooter.thisown = False
pattern["footer"] = vfooter
pattern["window"] = Variant(int(p[2]), typeId.UInt32)
if aligned:
val = Variant(True, typeId.Bool)
val.thisown = False
pattern["aligned"] = val
else:
val = Variant(False, typeId.Bool)
val.thisown = False
pattern["aligned"] = val
patterns.append(pattern)
vpatterns = Variant(patterns)
vpatterns.thisown = False
margs = VMap()
margs.thisown = False
margs["patterns"] = vpatterns
margs["file"] = args["file"]
vstartoff = Variant(startoff, typeId.UInt64)
vstartoff.thisown = False
margs["start-offset"] = vstartoff
proc = self.tm.add("carver", margs, ["console"])
if proc:
proc.event.wait()