Changeset 219
- Timestamp:
- 03/31/11 00:29:09 (14 years ago)
- Files:
-
- 5 edited
Legend:
- Unmodified
- Added
- Removed
-
test/pyregfi-smoketest.py
r218 r219 82 82 for k in hive: 83 83 for v in k.values: 84 d = v. data84 d = v.fetch_data() 85 85 if d == None: 86 86 data_stat += 0.1 … … 90 90 data_stat += d/2.0**64 91 91 92 d = v. data_raw92 d = v.fetch_raw_data() 93 93 if d == None: 94 94 dataraw_stat += 0.1 … … 133 133 134 134 135 # Iterates hive gathering stats about security and classname records 136 def iterFetchRelated(hive): 137 security_stat = 0.0 138 classname_stat = 0.0 139 modified_stat = 0.0 140 141 for k in hive: 142 cn = k.fetch_classname() 143 if cn == None: 144 classname_stat += 0.000001 145 elif type(cn) == bytearray: 146 classname_stat += len(cn)/2**32 147 else: 148 classname_stat += len(cn) 149 150 modified_stat += k.modified 151 152 print(" Security stat: %f" % security_stat) 153 print(" Classname stat: %f" % classname_stat) 154 print(" Modified stat: %f" % modified_stat) 155 135 156 if len(sys.argv) < 2: 136 157 usage() … … 138 159 139 160 140 #tests = [("iterTallyNames",iterTallyNames),("iterParentWalk",iterParentWalk),("iterTallyData",iterTallyData), ]141 tests = [(" recurseKeyTally",recurseKeyTally),("iterParentWalk",iterParentWalk),]161 #tests = [("iterTallyNames",iterTallyNames),("iterParentWalk",iterParentWalk),("iterTallyData",iterTallyData),("recurseKeyTally",recurseKeyTally),("iterFetchRelated",iterFetchRelated),] 162 tests = [("iterFetchRelated",iterFetchRelated),] 142 163 143 164 files = [] -
trunk/include/regfi.h
r215 r219 1656 1656 void regfi_unix2nt_time(REGFI_NTTIME* nt, time_t t); 1657 1657 _EXPORT 1658 time_tregfi_nt2unix_time(const REGFI_NTTIME* nt);1658 double regfi_nt2unix_time(const REGFI_NTTIME* nt); 1659 1659 1660 1660 -
trunk/lib/regfi.c
r215 r219 3649 3649 converts this to real GMT. 3650 3650 ****************************************************************************/ 3651 time_tregfi_nt2unix_time(const REGFI_NTTIME* nt)3652 { 3653 double d;3654 time_t ret; 3651 double regfi_nt2unix_time(const REGFI_NTTIME* nt) 3652 { 3653 double ret_val; 3654 3655 3655 /* The next two lines are a fix needed for the 3656 3656 broken SCO compiler. JRA. */ … … 3661 3661 return(0); 3662 3662 3663 d= ((double)nt->high)*4.0*(double)(1<<30);3664 d += (nt->low&0xFFF00000);3665 d*= 1.0e-7;3663 ret_val = ((double)nt->high)*4.0*(double)(1<<30); 3664 ret_val += nt->low; 3665 ret_val *= 1.0e-7; 3666 3666 3667 3667 /* now adjust by 369 years to make the secs since 1970 */ 3668 d -= TIME_FIXUP_CONSTANT; 3669 3670 if (d <= l_time_min) 3668 ret_val -= TIME_FIXUP_CONSTANT; 3669 3670 /* XXX: should these sanity checks be removed? */ 3671 if (ret_val <= l_time_min) 3671 3672 return (l_time_min); 3672 3673 3673 if ( d>= l_time_max)3674 if (ret_val >= l_time_max) 3674 3675 return (l_time_max); 3675 3676 ret = (time_t)(d+0.5);3677 3676 3678 3677 /* this takes us from kludge-GMT to real GMT */ … … 3686 3685 */ 3687 3686 3688 return (ret);3687 return ret_val; 3689 3688 } 3690 3689 -
trunk/python/pyregfi/__init__.py
r218 r219 6 6 7 7 import sys 8 import time 8 9 import weakref 9 10 from pyregfi.structures import * … … 70 71 regfi.regfi_get_parentkey.argtypes = [POINTER(REGFI_FILE), POINTER(REGFI_NK)] 71 72 regfi.regfi_get_parentkey.restype = POINTER(REGFI_NK) 73 74 regfi.regfi_nt2unix_time.argtypes = [POINTER(REGFI_NTTIME)] 75 regfi.regfi_nt2unix_time.restype = c_double 72 76 73 77 regfi.regfi_iterator_new.argtypes = [POINTER(REGFI_FILE), REGFI_ENCODING] … … 302 306 303 307 def __getattr__(self, name): 304 ret_val = super(Key, self).__getattr__(name)305 306 308 if name == "name": 309 ret_val = super(Key, self).__getattr__(name) 310 307 311 if ret_val == None: 308 312 ret_val = self.name_raw … … 311 315 312 316 elif name == "name_raw": 317 ret_val = super(Key, self).__getattr__(name) 313 318 length = super(Key, self).__getattr__('name_length') 314 319 ret_val = _buffer2bytearray(ret_val, length) 315 320 321 elif name == "modified": 322 ret_val = regfi.regfi_nt2unix_time(byref(self._base.contents.mtime)) 323 324 else: 325 ret_val = super(Key, self).__getattr__(name) 326 316 327 return ret_val 317 318 328 319 329 def fetch_security(self): 320 330 return Security(self._hive, 321 331 regfi.regfi_fetch_sk(self._hive.file, self._base)) 332 333 def fetch_classname(self): 334 ret_val = None 335 cn_p = regfi.regfi_fetch_classname(self._hive.file, self._base) 336 if cn_p: 337 cn_struct = cn_p.contents 338 if cn_struct.interpreted: 339 ret_val = cn_struct.interpreted.decode('utf-8', 'replace') 340 else: 341 ret_val = _buffer2bytearray(cn_struct.raw, 342 cn_struct.size) 343 regfi.regfi_free_record(cn_p) 344 345 return ret_val 322 346 323 347 def get_parent(self): … … 339 363 # 340 364 class Value(_StructureWrapper): 365 def fetch_data(self): 366 ret_val = None 367 data_p = regfi.regfi_fetch_data(self._hive.file, self._base) 368 if not data_p: 369 return None 370 data_struct = data_p.contents 371 372 if data_struct.interpreted_size == 0: 373 ret_val = None 374 elif data_struct.type in (REG_SZ, REG_EXPAND_SZ, REG_LINK): 375 # Unicode strings 376 ret_val = data_struct.interpreted.string.decode('utf-8', 'replace') 377 elif data_struct.type in (REG_DWORD, REG_DWORD_BE): 378 # 32 bit integers 379 ret_val = data_struct.interpreted.dword 380 elif data_struct.type == REG_QWORD: 381 # 64 bit integers 382 ret_val = data_struct.interpreted.qword 383 elif data_struct.type == REG_MULTI_SZ: 384 ret_val = _charss2strlist(data_struct.interpreted.multiple_string) 385 elif data_struct.type in (REG_NONE, REG_RESOURCE_LIST, 386 REG_FULL_RESOURCE_DESCRIPTOR, 387 REG_RESOURCE_REQUIREMENTS_LIST, 388 REG_BINARY): 389 ret_val = _buffer2bytearray(data_struct.interpreted.none, 390 data_struct.interpreted_size) 391 392 regfi.regfi_free_record(data_p) 393 return ret_val 394 395 def fetch_raw_data(self): 396 ret_val = None 397 398 # XXX: should we load the data without interpretation instead? 399 data_p = regfi.regfi_fetch_data(self._hive.file, self._base) 400 if not data_p: 401 return None 402 403 data_struct = data_p.contents 404 ret_val = _buffer2bytearray(data_struct.raw, 405 data_struct.size) 406 regfi.regfi_free_record(data_p) 407 408 return ret_val 409 341 410 def __getattr__(self, name): 342 ret_val = None 343 if name == "data": 344 data_p = regfi.regfi_fetch_data(self._hive.file, self._base) 345 try: 346 data_struct = data_p.contents 347 except Exception: 348 return None 349 350 if data_struct.interpreted_size == 0: 351 ret_val = None 352 elif data_struct.type in (REG_SZ, REG_EXPAND_SZ, REG_LINK): 353 # Unicode strings 354 ret_val = data_struct.interpreted.string.decode('utf-8', 'replace') 355 elif data_struct.type in (REG_DWORD, REG_DWORD_BE): 356 # 32 bit integers 357 ret_val = data_struct.interpreted.dword 358 elif data_struct.type == REG_QWORD: 359 # 64 bit integers 360 ret_val = data_struct.interpreted.qword 361 elif data_struct.type == REG_MULTI_SZ: 362 ret_val = _charss2strlist(data_struct.interpreted.multiple_string) 363 elif data_struct.type in (REG_NONE, REG_RESOURCE_LIST, 364 REG_FULL_RESOURCE_DESCRIPTOR, 365 REG_RESOURCE_REQUIREMENTS_LIST, 366 REG_BINARY): 367 ret_val = _buffer2bytearray(data_struct.interpreted.none, 368 data_struct.interpreted_size) 369 370 regfi.regfi_free_record(data_p) 371 372 elif name == "data_raw": 373 # XXX: should we load the data without interpretation instead? 374 data_p = regfi.regfi_fetch_data(self._hive.file, self._base) 375 try: 376 data_struct = data_p.contents 377 except Exception: 378 return None 379 380 ret_val = _buffer2bytearray(data_struct.raw, 381 data_struct.size) 382 regfi.regfi_free_record(data_p) 383 384 else: 385 ret_val = super(Value, self).__getattr__(name) 386 if name == "name": 387 if ret_val == None: 388 ret_val = self.name_raw 389 else: 390 ret_val = ret_val.decode('utf-8', 'replace') 391 392 elif name == "name_raw": 393 length = super(Value, self).__getattr__('name_length') 394 ret_val = _buffer2bytearray(ret_val, length) 411 ret_val = super(Value, self).__getattr__(name) 412 if name == "name": 413 if ret_val == None: 414 ret_val = self.name_raw 415 else: 416 ret_val = ret_val.decode('utf-8', 'replace') 417 418 elif name == "name_raw": 419 length = super(Value, self).__getattr__('name_length') 420 ret_val = _buffer2bytearray(ret_val, length) 395 421 396 422 return ret_val -
trunk/src/common.c
r209 r219 368 368 struct tm* tmp_time_s = NULL; 369 369 370 *tmp_time = regfi_nt2unix_time(nttime);370 *tmp_time = (time_t)regfi_nt2unix_time(nttime); 371 371 tmp_time_s = gmtime(tmp_time); 372 372 strftime(output,
Note: See TracChangeset
for help on using the changeset viewer.