def testReadFileObject(self):
"""Tests the ReadFileObject."""
output_writer = test_lib.TestOutputWriter()
test_file = rp_change_log.RestorePointChangeLogFile(
output_writer=output_writer)
test_file_path = self._GetTestFilePath(['change.log.1'])
test_file.Open(test_file_path)
def testDebugPrintRecordHeader(self):
"""Tests the _DebugPrintRecordHeader function."""
output_writer = test_lib.TestOutputWriter()
test_file = rp_change_log.RestorePointChangeLogFile(
output_writer=output_writer)
data_type_map = test_file._GetDataTypeMap('rp_change_log_record_header')
record_header = data_type_map.CreateStructureValues(
record_size=1,
record_type=2)
test_file._DebugPrintRecordHeader(record_header)
def testDebugPrintFileHeader(self):
"""Tests the _DebugPrintFileHeader function."""
output_writer = test_lib.TestOutputWriter()
test_file = rp_change_log.RestorePointChangeLogFile(
output_writer=output_writer)
data_type_map = test_file._GetDataTypeMap('rp_change_log_file_header')
file_header = data_type_map.CreateStructureValues(
format_version=1,
record_size=2,
record_type=3,
signature=4)
test_file._DebugPrintFileHeader(file_header)
def testDebugPrintChangeLogEntryRecord(self):
"""Tests the _DebugPrintChangeLogEntryRecord function."""
output_writer = test_lib.TestOutputWriter()
test_file = rp_change_log.RestorePointChangeLogFile(
output_writer=output_writer)
data_type_map = test_file._GetDataTypeMap('rp_change_log_entry')
change_log_entry_record = data_type_map.CreateStructureValues(
entry_flags=1,
entry_type=2,
file_attribute_flags=3,
process_name_size=4,
record_size=5,
record_type=6,
sequence_number=7,
signature=8,
unknown1=9,
unknown2=10)
test_file._DebugPrintChangeLogEntryRecord(change_log_entry_record)
def Main():
"""The main program function.
Returns:
bool: True if successful or False if not.
"""
argument_parser = argparse.ArgumentParser(description=(
'Extracts information from Windows Restore Point change.log files.'))
argument_parser.add_argument(
'-d', '--debug', dest='debug', action='store_true', default=False,
help='enable debug output.')
argument_parser.add_argument(
'source', nargs='?', action='store', metavar='PATH',
default=None, help='path of the Windows Restore Point change.log file.')
options = argument_parser.parse_args()
if not options.source:
print('Source file missing.')
print('')
argument_parser.print_help()
print('')
return False
logging.basicConfig(
level=logging.INFO, format='[%(levelname)s] %(message)s')
output_writer = output_writers.StdoutWriter()
try:
output_writer.Open()
except IOError as exception:
print('Unable to open output writer with error: {0!s}'.format(exception))
print('')
return False
change_log_file = rp_change_log.RestorePointChangeLogFile(
debug=options.debug, output_writer=output_writer)
change_log_file.Open(options.source)
print('Windows Restore Point change.log information:')
print('Volume path:\t{0:s}'.format(change_log_file.volume_path))
print('')
for change_log_entry in change_log_file.entries:
flags = []
for flag, description in change_log_file.LOG_ENTRY_TYPES.items():
if change_log_entry.entry_type & flag:
flags.append(description)
print('Entry type:\t\t{0:s}'.format(', '.join(flags)))
flags = []
for flag, description in change_log_file.LOG_ENTRY_FLAGS.items():
if change_log_entry.entry_flags & flag:
flags.append(description)
print('Entry flags:\t\t{0:s}'.format(', '.join(flags)))
print('Sequence number:\t{0:d}'.format(change_log_entry.sequence_number))
print('Process name:\t\t{0:s}'.format(change_log_entry.process_name))
print('')
change_log_file.Close()
output_writer.Close()
return True