def init_attribute(self,attr,offset):
self.a_location = offset
self.parse_header(attr)
if self.a_resident == True:
self.a_content = _ResidentAttribute(attr, self)
else:
self.a_content = _NonResidentAttribute(attr, self)
# Index root
self.a_ir_attrtype, self.a_ir_collation_rule, self.a_ir_siae = struct.unpack("<III", self.a_content.read_data(0,12))
self.a_ir_clusters, = struct.unpack("B", self.a_content.read_data(12,13))
# Index node header
self.a_ir_offset,self.a_ir_totalsize,self.a_ir_allocatedsize = struct.unpack("<III", self.a_content.read_data(16,28))
self.a_ir_flags, = struct.unpack("B", self.a_content.read_data(28,29))
loc = self.a_ir_offset + 16
if self.a_ir_flags & 1:
self.a_smallindex = False
else:
self.a_smallindex = True
egen = _ParseIndexEntries(self.a_content.read_data(loc,-1))
for dirtmp in egen:
tmp = dirtmp[0]
entry = _DirIndexEntry(self,dirtmp[1]+self.a_location+loc)
entry.init_entry(tmp, self.a_ir_attrtype)
self.parent.m_ir_entry.append(entry)
if entry.vcn != -1:
self.parent.m_dirtmp.append(entry.vcn)
self.parent.set_directory()
def init_attribute(self, attr, offset):
self.a_location = offset
self.parse_header(attr)
if self.a_resident == True:
self.a_content = _ResidentAttribute(attr, self)
else:
self.a_content = _NonResidentAttribute(attr, self)
# Index root
self.a_ir_attrtype, self.a_ir_collation_rule, self.a_ir_siae = struct.unpack(
"<III", self.a_content.read_data(0, 12))
self.a_ir_clusters, = struct.unpack("B",
self.a_content.read_data(12, 13))
# Index node header
self.a_ir_offset, self.a_ir_totalsize, self.a_ir_allocatedsize = struct.unpack(
"<III", self.a_content.read_data(16, 28))
self.a_ir_flags, = struct.unpack("B", self.a_content.read_data(28, 29))
loc = self.a_ir_offset + 16
if self.a_ir_flags & 1:
self.a_smallindex = False
else:
self.a_smallindex = True
egen = _ParseIndexEntries(self.a_content.read_data(loc, -1))
for dirtmp in egen:
tmp = dirtmp[0]
entry = _DirIndexEntry(self, dirtmp[1] + self.a_location + loc)
entry.init_entry(tmp, self.a_ir_attrtype)
self.parent.m_ir_entry.append(entry)
if entry.vcn != -1:
self.parent.m_dirtmp.append(entry.vcn)
self.parent.set_directory()
def init_attribute(self,attr,offset):
self.a_location = offset
""" every index buffer has a magic number, called VCN number.
This has nothing to do with virtual clusters. Find the index buffer
corresponding to VCN and return it """
def __returnIndexBlock(data,vcn):
indexsize = self.parent.parent.f_indexbuffersize
idx = 0
while idx < len(data):
datmp = data[idx*indexsize:(idx+1)*indexsize]
clnum, = struct.unpack("<Q",datmp[0x10:0x18])
if clnum == vcn:
return [datmp,idx*indexsize]
idx += 1
""" this should not happen """
print "Index buffer not found, exiting", vcn
exit(1)
self.parse_header(attr)
if self.a_resident == True:
self.a_content = _ResidentAttribute(attr, self)
else:
self.a_content = _NonResidentAttribute(attr, self)
wholedata = self.a_content.read_data(-1,-1)
""" try to make sense of b-trees """
while True:
try:
vcn = self.parent.m_dirtmp.pop()
data,vcnloc = __returnIndexBlock(wholedata,vcn)
baselocation = self.a_content.locate_data(vcnloc)
""" Fixup array """
updateoffset = struct.unpack("<H", data[4:6])[0]
fixup = struct.unpack("<H", data[6:8])[0]
x = updateoffset + 2
y = fixup - 1
mtmp = data
for z in range (0,y):
f = data[x] + data[x+1]
x += 2
mtmp = mtmp[:z*512+510]+f+mtmp[(z+1)*512:]
""" Find the exact length of index entries """
self.a_ir_endsequence, self.a_ir_endbuffer = struct.unpack("<II", mtmp[0x1c:0x24])
""" process entries """
egen = _ParseIndexEntries(mtmp[0x40:self.a_ir_endsequence+0x18])
for dirtmp in egen:
tmp = dirtmp[0]
entry = _DirIndexEntry(self,baselocation+dirtmp[1]+0x40)
entry.init_entry(tmp, 0x30)
self.parent.m_ir_entry.append(entry)
if entry.flags & 1 != 0 and entry.vcn != 0:
self.parent.m_dirtmp.append(entry.vcn)
#__entry.print_entry()
except IndexError:
self.parent.set_directory()
break
""" Index buffer done """
def init_attribute(self, attr, offset):
self.a_location = offset
""" every index buffer has a magic number, called VCN number.
This has nothing to do with virtual clusters. Find the index buffer
corresponding to VCN and return it """
def __returnIndexBlock(data, vcn):
indexsize = self.parent.parent.f_indexbuffersize
idx = 0
while idx < len(data):
datmp = data[idx * indexsize:(idx + 1) * indexsize]
clnum, = struct.unpack("<Q", datmp[0x10:0x18])
if clnum == vcn:
return [datmp, idx * indexsize]
idx += 1
""" this should not happen """
print "Index buffer not found, exiting", vcn
exit(1)
self.parse_header(attr)
if self.a_resident == True:
self.a_content = _ResidentAttribute(attr, self)
else:
self.a_content = _NonResidentAttribute(attr, self)
wholedata = self.a_content.read_data(-1, -1)
""" try to make sense of b-trees """
while True:
try:
vcn = self.parent.m_dirtmp.pop()
data, vcnloc = __returnIndexBlock(wholedata, vcn)
baselocation = self.a_content.locate_data(vcnloc)
""" Fixup array """
updateoffset = struct.unpack("<H", data[4:6])[0]
fixup = struct.unpack("<H", data[6:8])[0]
x = updateoffset + 2
y = fixup - 1
mtmp = data
for z in range(0, y):
f = data[x] + data[x + 1]
x += 2
mtmp = mtmp[:z * 512 + 510] + f + mtmp[(z + 1) * 512:]
""" Find the exact length of index entries """
self.a_ir_endsequence, self.a_ir_endbuffer = struct.unpack(
"<II", mtmp[0x1c:0x24])
""" process entries """
egen = _ParseIndexEntries(mtmp[0x40:self.a_ir_endsequence +
0x18])
for dirtmp in egen:
tmp = dirtmp[0]
entry = _DirIndexEntry(self,
baselocation + dirtmp[1] + 0x40)
entry.init_entry(tmp, 0x30)
self.parent.m_ir_entry.append(entry)
if entry.flags & 1 != 0 and entry.vcn != 0:
self.parent.m_dirtmp.append(entry.vcn)
#__entry.print_entry()
except IndexError:
self.parent.set_directory()
break
""" Index buffer done """