Exemplo n.º 1
0
def Main():
    """The main program function.

  Returns:
    bool: True if successful or False if not.
  """
    argument_parser = argparse.ArgumentParser(description=(
        'Extracts information from Windows Restore Point rp.log files.'))

    argument_parser.add_argument('-d',
                                 '--debug',
                                 dest='debug',
                                 action='store_true',
                                 default=False,
                                 help='enable debug output.')

    argument_parser.add_argument(
        'source',
        nargs='?',
        action='store',
        metavar='PATH',
        default=None,
        help='path of the Windows Restore Point rp.log file.')

    options = argument_parser.parse_args()

    if not options.source:
        print('Source file missing.')
        print('')
        argument_parser.print_help()
        print('')
        return False

    logging.basicConfig(level=logging.INFO,
                        format='[%(levelname)s] %(message)s')

    output_writer = output_writers.StdoutWriter()

    try:
        output_writer.Open()
    except IOError as exception:
        print(
            'Unable to open output writer with error: {0!s}'.format(exception))
        print('')
        return False

    log_file = rp_log.RestorePointLogFile(debug=options.debug,
                                          output_writer=output_writer)

    log_file.Open(options.source)

    print('Windows Restore Point rp.log information:')
    print('')

    log_file.Close()

    output_writer.Close()

    return True
Exemplo n.º 2
0
    def testReadFileObject(self):
        """Tests the ReadFileObject function."""
        output_writer = test_lib.TestOutputWriter()
        test_file = rp_log.RestorePointLogFile(debug=True,
                                               output_writer=output_writer)

        test_file_path = self._GetTestFilePath(['rp.log'])
        test_file.Open(test_file_path)
Exemplo n.º 3
0
    def testReadFileHeader(self):
        """Tests the _ReadFileHeader function."""
        output_writer = test_lib.TestOutputWriter()
        test_file = rp_log.RestorePointLogFile(output_writer=output_writer)

        test_file_path = self._GetTestFilePath(['rp.log'])
        with open(test_file_path, 'rb') as file_object:
            test_file._ReadFileHeader(file_object)
Exemplo n.º 4
0
    def testDebugPrintFileFooter(self):
        """Tests the _DebugPrintFileFooter function."""
        output_writer = test_lib.TestOutputWriter()
        test_file = rp_log.RestorePointLogFile(output_writer=output_writer)

        data_type_map = test_file._GetDataTypeMap('rp_log_file_footer')

        file_footer = data_type_map.CreateStructureValues(creation_time=1)

        test_file._DebugPrintFileFooter(file_footer)
Exemplo n.º 5
0
    def testDebugPrintFileHeader(self):
        """Tests the _DebugPrintFileHeader function."""
        output_writer = test_lib.TestOutputWriter()
        test_file = rp_log.RestorePointLogFile(output_writer=output_writer)

        data_type_map = test_file._GetDataTypeMap('rp_log_file_header')

        file_header = data_type_map.CreateStructureValues(
            description='Description'.encode('utf-16-le'),
            event_type=1,
            restore_point_type=2,
            sequence_number=3)

        test_file._DebugPrintFileHeader(file_header)