Page Menu
Home
Phabricator
Search
Configure Global Search
Log In
Files
F4293589
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Size
61 KB
Referenced Files
None
Subscribers
None
View Options
diff --git a/trunk/datareporter.cpp b/trunk/datareporter.cpp
index cdea365..1dcbed4 100644
--- a/trunk/datareporter.cpp
+++ b/trunk/datareporter.cpp
@@ -1,155 +1,152 @@
/*******************************************************************************
* fred Copyright (c) 2011 by Gillen Daniel <gillen.dan@pinguin.lu> *
* *
* Forensic Registry EDitor (fred) is a cross-platform M$ registry hive editor *
* with special feautures useful during forensic analysis. *
* *
* This program is free software: you can redistribute it and/or modify it *
* under the terms of the GNU General Public License as published by the Free *
* Software Foundation, either version 3 of the License, or (at your option) *
* any later version. *
* *
* This program is distributed in the hope that it will be useful, but WITHOUT *
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or *
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for *
* more details. *
* *
* You should have received a copy of the GNU General Public License along with *
* this program. If not, see <http://www.gnu.org/licenses/>. *
*******************************************************************************/
#include "datareporter.h"
#include <QDir>
#include <QTextStream>
#include <QtScript/QScriptEngine>
#include <QMessageBox>
DataReporter::DataReporter() {
this->report_templates.clear();
//this->p_report_engine=new DataReporterEngine();
}
DataReporter::~DataReporter() {
//delete this->p_report_engine;
qDeleteAll(this->report_templates);
}
void DataReporter::LoadReportTemplates() {
QString report_template="";
int i=0;
QString report_category="";
QString report_name="";
ReportTemplate *p_report;
// Get all template files in report_templates directory
QDir report_dir("../trunk/report_templates/");
QStringList found_report_templates=report_dir.
- entryList(QStringList()<<"*.js");
+ entryList(QStringList()<<"*.qs");
for(i=0;i<found_report_templates.count();i++) {
// Build complete path to template file
report_template=report_dir.path();
report_template.append(QDir::separator());
report_template.append(found_report_templates.value(i));
- // Extract report category and name from file name (<category>_<name>.js)
+ // Extract report category and name from file name (<category>_<name>.qs)
report_category=found_report_templates.value(i).left(
found_report_templates.value(i).indexOf("_"));
report_name=found_report_templates.value(i).mid(
found_report_templates.value(i).indexOf("_")+1);
report_name=report_name.left(report_name.lastIndexOf(".")-1);
// Add report to list
p_report=new ReportTemplate(report_category,
report_name,
report_template);
this->report_templates.append(p_report);
}
}
QStringList DataReporter::GetAvailableReportCategories() {
QStringList ret;
QString cat;
int i=0;
ret.clear();
for(i=0;i<this->report_templates.count();i++) {
cat=this->report_templates.value(i)->Category();
if(!ret.contains(cat)) ret.append(cat);
}
ret.sort();
return ret;
}
QStringList DataReporter::GetAvailableReports(QString category) {
QStringList ret;
QString cat;
int i=0;
ret.clear();
for(i=0;i<this->report_templates.count();i++) {
cat=this->report_templates.value(i)->Category();
if(cat==category) ret.append(this->report_templates.value(i)->Name());
}
ret.sort();
return ret;
}
QString DataReporter::GenerateReport(RegistryHive *p_hive,
QString report_category,
QString report_name)
{
int i=0;
ReportTemplate *p_report;
DataReporterEngine engine(p_hive);
QString report_code;
//ReportData report_data;
for(i=0;i<this->report_templates.count();i++) {
p_report=this->report_templates.value(i);
if(p_report->Category()!=report_category || p_report->Name()!=report_name) {
continue;
}
QScriptValue hive_value=engine.newQObject(p_hive);
engine.globalObject().setProperty("RegistryHive",hive_value);
//QScriptValue return_value=engine.newQObject(&report_data);
//engine.globalObject().setProperty("ReportData",return_value);
// Open report template
QFile template_file(p_report->File());
if(!template_file.open(QIODevice::ReadOnly | QIODevice::Text)) {
qDebug("Couldn't open file '%s'",p_report->File().toAscii().constData());
- break;
+ return QString();
}
// Read template file
QTextStream in(&template_file);
while(!in.atEnd()) {
- report_code.append(in.readLine());
+ report_code.append(in.readLine()).append("\n");
}
// Close report template file
template_file.close();
QScriptValue report_result=engine.evaluate(report_code,p_report->File());
- if (report_result.isError()) {
+ if (report_result.isError() || engine.hasUncaughtException()) {
QMessageBox::critical(0,
"Hello Script",
QString::fromLatin1("%0:%1: %2")
.arg(p_report->File())
.arg(report_result.property("lineNumber").toInt32())
.arg(report_result.toString()));
- break;
+ return QString();
}
-
- if(engine.hasUncaughtException()) qDebug("Exception in processing!");
-
- break;
+ return engine.report_content;
}
- return engine.report_content;
+ return QString();
}
diff --git a/trunk/datareporterengine.cpp b/trunk/datareporterengine.cpp
index 0b8808e..0fa312a 100644
--- a/trunk/datareporterengine.cpp
+++ b/trunk/datareporterengine.cpp
@@ -1,203 +1,360 @@
/*******************************************************************************
* fred Copyright (c) 2011 by Gillen Daniel <gillen.dan@pinguin.lu> *
* *
* Forensic Registry EDitor (fred) is a cross-platform M$ registry hive editor *
* with special feautures useful during forensic analysis. *
* *
* This program is free software: you can redistribute it and/or modify it *
* under the terms of the GNU General Public License as published by the Free *
* Software Foundation, either version 3 of the License, or (at your option) *
* any later version. *
* *
* This program is distributed in the hope that it will be useful, but WITHOUT *
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or *
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for *
* more details. *
* *
* You should have received a copy of the GNU General Public License along with *
* this program. If not, see <http://www.gnu.org/licenses/>. *
*******************************************************************************/
#include "datareporterengine.h"
#include <QString>
+#include <QMap>
+#include <QMapIterator>
+#include <QStringList>
+#include <QDateTime>
DataReporterEngine::DataReporterEngine(RegistryHive *p_hive) : QScriptEngine() {
// Init vars
this->p_registry_hive=p_hive;
this->report_content="";
// Add our types to engine
qScriptRegisterMetaType<s_RegistryKeyValue>(this,
this->RegistryKeyValueToScript,
this->RegistryKeyValueFromScript);
this->p_type_byte_array=new ByteArray(this);
this->globalObject().setProperty("ByteArray",
this->p_type_byte_array->constructor());
// Add our functions
// print
QScriptValue func_print=this->newFunction(this->Print);
this->globalObject().setProperty("print",func_print);
// println
QScriptValue func_println=this->newFunction(this->PrintLn);
this->globalObject().setProperty("println",func_println);
+ // GetRegistryNodes
+ QScriptValue func_get_nodes=this->newFunction(this->GetRegistryNodes,1);
+ func_get_nodes.setData(this->newQObject(this->p_registry_hive));
+ this->globalObject().setProperty("GetRegistryNodes",func_get_nodes);
+ // GetRegistryKeys
+ QScriptValue func_get_keys=this->newFunction(this->GetRegistryKeys,1);
+ func_get_keys.setData(this->newQObject(this->p_registry_hive));
+ this->globalObject().setProperty("GetRegistryKeys",func_get_keys);
// GetRegistryKeyValue
- QScriptValue func_get_key_value=this->newFunction(this->GetRegistryKeyValue);
+ QScriptValue func_get_key_value=this->newFunction(this->GetRegistryKeyValue,
+ 2);
func_get_key_value.setData(this->newQObject(this->p_registry_hive));
this->globalObject().setProperty("GetRegistryKeyValue",func_get_key_value);
-
- /*
// RegistryKeyValueToString
QScriptValue func_value_to_string=
- this->newFunction(this->RegistryKeyValueToString);
+ this->newFunction(this->RegistryKeyValueToString,2);
this->globalObject().setProperty("RegistryKeyValueToString",
func_value_to_string);
+ // RegistryKeyValueToVariant
+ QScriptValue func_value_to_variant=
+ this->newFunction(this->RegistryKeyValueToVariant);
+ this->globalObject().setProperty("RegistryKeyValueToVariant",
+ func_value_to_variant);
// RegistryKeyTypeToString
QScriptValue func_type_to_string=
- this->newFunction(this->RegistryKeyTypeToString);
+ this->newFunction(this->RegistryKeyTypeToString,1);
this->globalObject().setProperty("RegistryKeyTypeToString",
func_type_to_string);
- */
+/*
// Add RegistryHive object
QScriptValue obj_registry_hive=this->newQObject(this->p_registry_hive);
this->globalObject().setProperty("RegistryHive",obj_registry_hive);
+*/
}
DataReporterEngine::~DataReporterEngine() {
delete this->p_type_byte_array;
}
QScriptValue DataReporterEngine::Print(QScriptContext *context,
QScriptEngine *engine)
{
int i;
QString content;
// Append all arguments to content
for(i=0;i<context->argumentCount();++i) {
- if(i>0) content.append(" ");
+ //if(i>0) content.append(" ");
content.append(context->argument(i).toString());
}
//QScriptValue calleeData=context->callee().data();
//DataReporterEngine *engine=
// qobject_cast<DataReporterEngine*>(calleeData.toQObject());
qobject_cast<DataReporterEngine*>(engine)->report_content.append(content);
return engine->undefinedValue();
}
QScriptValue DataReporterEngine::PrintLn(QScriptContext *context,
QScriptEngine *engine)
{
int i;
QString content;
// Append all arguments to content
for(i=0;i<context->argumentCount();++i) {
- if(i>0) content.append(" ");
+ //if(i>0) content.append(" ");
content.append(context->argument(i).toString());
}
qobject_cast<DataReporterEngine*>(engine)->
report_content.append(content).append("\n");
return engine->undefinedValue();
}
+/*
+ * GetRegistryNodes
+ */
+QScriptValue DataReporterEngine::GetRegistryNodes(QScriptContext *context,
+ QScriptEngine *engine)
+{
+ QScriptValue calleeData;
+ RegistryHive *p_hive;
+ QMap<QString,int> nodes;
+ QScriptValue ret_nodes;
+ int ii=0;
+
+ // This function needs one argument, parent node path
+ if(context->argumentCount()!=1) return engine->undefinedValue();
+
+ // Get calle data (Pointer to RegistryHive class)
+ calleeData=context->callee().data();
+ p_hive=qobject_cast<RegistryHive*>(calleeData.toQObject());
+
+ // Get nodes
+ nodes=p_hive->GetNodes(context->argument(0).toString());
+ if(p_hive->Error()) {
+ // Clear error state
+ p_hive->GetErrorMsg();
+ return engine->undefinedValue();
+ }
+
+ // Build script array
+ ret_nodes=engine->newArray(nodes.count());
+ QMapIterator<QString,int> i(nodes);
+ while(i.hasNext()) {
+ i.next();
+ ret_nodes.setProperty(ii++,QScriptValue(i.key()));
+ }
+
+ return ret_nodes;
+}
+
+/*
+ * GetRegistryKeys
+ */
+QScriptValue DataReporterEngine::GetRegistryKeys(QScriptContext *context,
+ QScriptEngine *engine)
+{
+ QScriptValue calleeData;
+ RegistryHive *p_hive;
+ QMap<QString,int> keys;
+ QScriptValue ret_keys;
+ int ii=0;
+
+ // This function needs one argument, parent node path
+ if(context->argumentCount()!=1) return engine->undefinedValue();
+
+ // Get calle data (Pointer to RegistryHive class)
+ calleeData=context->callee().data();
+ p_hive=qobject_cast<RegistryHive*>(calleeData.toQObject());
+
+ // Get keys
+ keys=p_hive->GetKeys(context->argument(0).toString());
+ if(p_hive->Error()) {
+ // Clear error state
+ p_hive->GetErrorMsg();
+ return engine->undefinedValue();
+ }
+
+ // Build script array
+ ret_keys=engine->newArray(keys.count());
+ QMapIterator<QString,int> i(keys);
+ while(i.hasNext()) {
+ i.next();
+ ret_keys.setProperty(ii++,QScriptValue(i.key()));
+ }
+
+ return ret_keys;
+}
+
/*
* RegistryKeyValueToScript
*/
QScriptValue DataReporterEngine::RegistryKeyValueToScript(QScriptEngine *engine,
const
s_RegistryKeyValue
&s)
{
QScriptValue obj=engine->newObject();
obj.setProperty("type",s.type);
obj.setProperty("length",s.length);
ByteArray *p_byte_array=new ByteArray(engine);
obj.setProperty("value",p_byte_array->newInstance(s.value));
return obj;
}
/*
* RegistryKeyValueFromScriptValue
*/
void DataReporterEngine::RegistryKeyValueFromScript(const QScriptValue &obj,
s_RegistryKeyValue &s)
{
s.type=obj.property("type").toInt32();
s.length=obj.property("length").toInt32();
- // TODO: Don't know if this works
- s.value=obj.property("value").toVariant().toByteArray();
+ // TODO: Don't know if this works, but it probably does ;)
+ s.value=qvariant_cast<QByteArray>(obj.property("value").data().toVariant());
}
QScriptValue DataReporterEngine::GetRegistryKeyValue(QScriptContext *context,
QScriptEngine *engine)
{
QScriptValue calleeData;
RegistryHive *p_hive;
QByteArray key_value;
int key_type=0;
size_t key_length=0;
s_RegistryKeyValue script_key_value;
// This function needs two arguments, key path and key name
if(context->argumentCount()!=2) return engine->undefinedValue();
// Get calle data (Pointer to RegistryHive class)
calleeData=context->callee().data();
p_hive=qobject_cast<RegistryHive*>(calleeData.toQObject());
// Get key value
key_value=p_hive->GetKeyValue(context->argument(0).toString(),
context->argument(1).toString(),
&key_type,
&key_length);
if(p_hive->Error() || key_length==-1) {
// Get error message ro clear error state
p_hive->GetErrorMsg();
return engine->undefinedValue();
}
// Save key value to s_RegistryKeyValue struct
script_key_value.type=key_type;
script_key_value.length=key_length;
script_key_value.value=key_value;
return DataReporterEngine::RegistryKeyValueToScript(engine,script_key_value);
}
QScriptValue DataReporterEngine::RegistryKeyValueToString(
QScriptContext *context,
QScriptEngine *engine)
{
QByteArray key_value;
QString ret="";
// This function needs two arguments, key value and value type
if(context->argumentCount()!=2) return engine->undefinedValue();
- // TODO: Does not work!!
- key_value=qscriptvalue_cast<QByteArray>(context->argument(0));
- //key_value=context->argument(0).toVariant().toByteArray();
+ // Cast ByteArray argument to QByteArray and convert
+ key_value=qvariant_cast<QByteArray>(context->argument(0).data().toVariant());
ret=RegistryHive::KeyValueToString(key_value,
- hive_t_REG_SZ /*context->argument(1).toInteger()*/);
+ context->argument(1).toInt32());
+
+ return engine->newVariant(ret);
+}
+
+QScriptValue DataReporterEngine::RegistryKeyValueToVariant(
+ QScriptContext *context,
+ QScriptEngine *engine)
+{
+ int offset=0;
+ QByteArray key_value;
+ QString variant_type;
+ int remaining_data_len;
+ const char *p_data;
+ QString ret="";
+
+ // This function needs at least two arguments, key value and variant type,
+ // and may have an optional third argument specifying an offset
+ if(context->argumentCount()<2 || context->argumentCount()>3)
+ return engine->undefinedValue();
+ if(context->argumentCount()==3) offset=context->argument(2).toInt32();
+
+ // Cast ByteArray argument to QByteArray
+ key_value=qvariant_cast<QByteArray>(context->argument(0).data().toVariant());
+ variant_type=context->argument(1).toString();
+
+ // Calculate how many bytes are remainig after specified offset
+ remaining_data_len=key_value.size()-offset;
+ if(!remaining_data_len>0) {
+ // Nothing to show
+ return engine->undefinedValue();
+ }
+
+ // Get pointer to data at specified offset
+ p_data=key_value.constData();
+ p_data+=offset;
- qDebug("Type: %u Sring: %c",
- context->argument(1).toInteger(),
- ret.toAscii().constData());
+ // Convert
+ if(variant_type=="unixtime" && remaining_data_len>=4) {
+ if(*(uint32_t*)p_data==0) {
+ ret="n/a";
+ } else {
+ QDateTime date_time;
+ date_time.setTime_t(*(uint32_t*)p_data);
+ ret=date_time.toString("yyyy/MM/dd hh:mm:ss");
+ }
+ } else if(variant_type=="filetime" && remaining_data_len>=8) {
+ if(*(uint64_t*)p_data==0) {
+ ret="n/a";
+ } else {
+ QDateTime date_time;
+ date_time.setTime_t((*(uint64_t*)p_data-116444736000000000)/10000000);
+ ret=date_time.toString("yyyy/MM/dd hh:mm:ss");
+ }
+ } else if(variant_type=="ascii") {
+ // TODO: This fails bad if the string is not null terminated!! It might be
+ // wise checking for a null char here
+ ret=QString().fromAscii((char*)p_data);
+ } else if(variant_type=="utf16" && remaining_data_len>=2) {
+ ret=QString().fromUtf16((ushort*)p_data);
+ } else {
+ // Unknown variant type or another error
+ return engine->undefinedValue();
+ }
return engine->newVariant(ret);
}
QScriptValue DataReporterEngine::RegistryKeyTypeToString(
QScriptContext *context,
QScriptEngine *engine)
{
+ QString ret="";
+
// This function needs one arguments, key type
- if(context->argumentCount()!=2) return engine->undefinedValue();
+ if(context->argumentCount()!=1) return engine->undefinedValue();
+
+ ret=RegistryHive::KeyTypeToString(context->argument(0).toInt32());
+
+ return engine->newVariant(ret);
}
diff --git a/trunk/datareporterengine.h b/trunk/datareporterengine.h
index 2bf7ee6..fae13d8 100644
--- a/trunk/datareporterengine.h
+++ b/trunk/datareporterengine.h
@@ -1,68 +1,74 @@
/*******************************************************************************
* fred Copyright (c) 2011 by Gillen Daniel <gillen.dan@pinguin.lu> *
* *
* Forensic Registry EDitor (fred) is a cross-platform M$ registry hive editor *
* with special feautures useful during forensic analysis. *
* *
* This program is free software: you can redistribute it and/or modify it *
* under the terms of the GNU General Public License as published by the Free *
* Software Foundation, either version 3 of the License, or (at your option) *
* any later version. *
* *
* This program is distributed in the hope that it will be useful, but WITHOUT *
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or *
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for *
* more details. *
* *
* You should have received a copy of the GNU General Public License along with *
* this program. If not, see <http://www.gnu.org/licenses/>. *
*******************************************************************************/
#ifndef DATAREPORTERENGINE_H
#define DATAREPORTERENGINE_H
#include <QObject>
#include <QString>
#include <QtScript/QScriptEngine>
#include <QtScript/QScriptValue>
#include <QtScript/QScriptContext>
#include "registryhive.h"
#include "qtscript_types/bytearray.h"
class DataReporterEngine : public QScriptEngine {
Q_OBJECT
public:
struct s_RegistryKeyValue {
int type;
int length;
QByteArray value;
};
RegistryHive *p_registry_hive;
QString report_content;
DataReporterEngine(RegistryHive *p_hive);
~DataReporterEngine();
private:
ByteArray *p_type_byte_array;
static QScriptValue Print(QScriptContext *context, QScriptEngine *engine);
static QScriptValue PrintLn(QScriptContext *context, QScriptEngine *engine);
+ static QScriptValue GetRegistryNodes(QScriptContext *context,
+ QScriptEngine *engine);
+ static QScriptValue GetRegistryKeys(QScriptContext *context,
+ QScriptEngine *engine);
static QScriptValue RegistryKeyValueToScript(QScriptEngine *engine,
const s_RegistryKeyValue &s);
static void RegistryKeyValueFromScript(const QScriptValue &obj,
s_RegistryKeyValue &s);
static QScriptValue GetRegistryKeyValue(QScriptContext *context,
QScriptEngine *engine);
static QScriptValue RegistryKeyValueToString(QScriptContext *context,
QScriptEngine *engine);
+ static QScriptValue RegistryKeyValueToVariant(QScriptContext *context,
+ QScriptEngine *engine);
static QScriptValue RegistryKeyTypeToString(QScriptContext *context,
QScriptEngine *engine);
};
Q_DECLARE_METATYPE(DataReporterEngine::s_RegistryKeyValue)
#endif // DATAREPORTERENGINE_H
diff --git a/trunk/dlgreportviewer.cpp b/trunk/dlgreportviewer.cpp
index 2eeccde..6c47c63 100644
--- a/trunk/dlgreportviewer.cpp
+++ b/trunk/dlgreportviewer.cpp
@@ -1,50 +1,57 @@
/*******************************************************************************
* fred Copyright (c) 2011 by Gillen Daniel <gillen.dan@pinguin.lu> *
* *
* Forensic Registry EDitor (fred) is a cross-platform M$ registry hive editor *
* with special feautures useful during forensic analysis. *
* *
* This program is free software: you can redistribute it and/or modify it *
* under the terms of the GNU General Public License as published by the Free *
* Software Foundation, either version 3 of the License, or (at your option) *
* any later version. *
* *
* This program is distributed in the hope that it will be useful, but WITHOUT *
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or *
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for *
* more details. *
* *
* You should have received a copy of the GNU General Public License along with *
* this program. If not, see <http://www.gnu.org/licenses/>. *
*******************************************************************************/
#include "dlgreportviewer.h"
#include "ui_dlgreportviewer.h"
#include <QUrl>
DlgReportViewer::DlgReportViewer(QString &report_data, QWidget *p_parent)
: QDialog(p_parent), ui(new Ui::DlgReportViewer)
{
ui->setupUi(this);
+
+ // Set report content
this->ui->WebView->setHtml(report_data);
+
+ // Set dialog title based on report content title
+ QString report_title=this->ui->WebView->title();
+ if(report_title.isEmpty()) this->setWindowTitle("Report Viewer");
+ else this->setWindowTitle(report_title.prepend("Report Viewer : "));
}
DlgReportViewer::~DlgReportViewer() {
delete ui;
}
void DlgReportViewer::changeEvent(QEvent *e) {
QDialog::changeEvent(e);
switch(e->type()) {
case QEvent::LanguageChange:
ui->retranslateUi(this);
break;
default:
break;
}
}
void DlgReportViewer::on_BtnClose_clicked() {
this->accept();
}
diff --git a/trunk/mainwindow.cpp b/trunk/mainwindow.cpp
index a02557a..4a359e6 100644
--- a/trunk/mainwindow.cpp
+++ b/trunk/mainwindow.cpp
@@ -1,458 +1,462 @@
/*******************************************************************************
* fred Copyright (c) 2011 by Gillen Daniel <gillen.dan@pinguin.lu> *
* *
* Forensic Registry EDitor (fred) is a cross-platform M$ registry hive editor *
* with special feautures useful during forensic analysis. *
* *
* This program is free software: you can redistribute it and/or modify it *
* under the terms of the GNU General Public License as published by the Free *
* Software Foundation, either version 3 of the License, or (at your option) *
* any later version. *
* *
* This program is distributed in the hope that it will be useful, but WITHOUT *
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or *
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for *
* more details. *
* *
* You should have received a copy of the GNU General Public License along with *
* this program. If not, see <http://www.gnu.org/licenses/>. *
*******************************************************************************/
#include <QFileDialog>
#include <QMessageBox>
#include <QStringList>
#include <QDesktopWidget>
#include <QDir>
#include <QSplitter>
#include "mainwindow.h"
#include "ui_mainwindow.h"
#include "dlgabout.h"
#include "dlgkeydetails.h"
#include "dlgreportviewer.h"
#include "compileinfo.h"
MainWindow::MainWindow(QWidget *parent) :
QMainWindow(parent), ui(new Ui::MainWindow)
{
ui->setupUi(this);
// Initialize private vars
this->p_hive=new RegistryHive(this);
this->is_hive_open=false;
this->p_reg_node_tree_model=NULL;
this->p_reg_key_table_model=NULL;
// Set main window size
int cur_screen=QApplication::desktop()->screenNumber(this);
int window_width=
QApplication::desktop()->availableGeometry(cur_screen).width()*0.5;
int window_height=
QApplication::desktop()->availableGeometry(cur_screen).height()*0.5;
int window_x=
(QApplication::desktop()->availableGeometry(cur_screen).width()/2)-
(window_width/2);
int window_y=
(QApplication::desktop()->availableGeometry(cur_screen).height()/2)-
(window_height/2);
this->setGeometry(window_x,
window_y,
window_width,
window_height);
// Create widgets
this->p_horizontal_splitter=new QSplitter();
this->p_horizontal_splitter->setOrientation(Qt::Horizontal);
this->p_node_tree=new QTreeView(this->p_horizontal_splitter);
this->p_node_tree->setHeaderHidden(true);
this->p_vertical_splitter=new QSplitter(this->p_horizontal_splitter);
this->p_vertical_splitter->setOrientation(Qt::Vertical);
this->p_key_table=new QTableView(this->p_vertical_splitter);
this->p_key_table->setSelectionBehavior(QAbstractItemView::SelectRows);
this->p_horizontal_splitter2=new QSplitter(this->p_vertical_splitter);
this->p_horizontal_splitter2->setOrientation(Qt::Horizontal);
this->p_hex_edit_widget=new QWidget(this->p_horizontal_splitter2);
this->p_hex_edit_layout=new QVBoxLayout(this->p_hex_edit_widget);
this->p_hex_edit_layout->setContentsMargins(0,0,0,0);
this->p_hex_edit=new QHexEdit();
this->p_hex_edit->setReadOnly(true);
this->p_hex_edit_status_bar=new QLabel();
this->p_data_interpreter=new DataInterpreter(this->p_horizontal_splitter2);
// Make sure hex viewer font is monospaced.
QFont mono_font("Monospace");
mono_font.setStyleHint(QFont::TypeWriter);
this->p_hex_edit->setFont(mono_font);
// Lay out widgets
this->p_hex_edit_layout->addWidget(this->p_hex_edit);
this->p_hex_edit_layout->addWidget(this->p_hex_edit_status_bar);
this->p_horizontal_splitter2->addWidget(this->p_hex_edit_widget);
this->p_horizontal_splitter2->addWidget(this->p_data_interpreter);
this->p_vertical_splitter->addWidget(this->p_key_table);
this->p_vertical_splitter->addWidget(this->p_horizontal_splitter2);
this->p_horizontal_splitter->addWidget(this->p_node_tree);
this->p_horizontal_splitter->addWidget(this->p_vertical_splitter);
// Set stretch factors
QSizePolicy node_tree_policy=this->p_node_tree->sizePolicy();
node_tree_policy.setHorizontalStretch(1);
node_tree_policy.setVerticalStretch(100);
this->p_node_tree->setSizePolicy(node_tree_policy);
QSizePolicy vertical_splitter_policy=this->p_vertical_splitter->sizePolicy();
vertical_splitter_policy.setHorizontalStretch(4);
vertical_splitter_policy.setVerticalStretch(100);
this->p_vertical_splitter->setSizePolicy(vertical_splitter_policy);
QSizePolicy key_table_policy=this->p_key_table->sizePolicy();
key_table_policy.setVerticalStretch(5);
key_table_policy.setHorizontalStretch(100);
this->p_key_table->setSizePolicy(key_table_policy);
QSizePolicy hex_edit_widget_policy=this->p_hex_edit_widget->sizePolicy();
hex_edit_widget_policy.setVerticalStretch(2);
hex_edit_widget_policy.setHorizontalStretch(200);
this->p_hex_edit_widget->setSizePolicy(hex_edit_widget_policy);
QSizePolicy data_interpreter_policy=this->p_data_interpreter->sizePolicy();
data_interpreter_policy.setVerticalStretch(2);
data_interpreter_policy.setHorizontalStretch(0);
this->p_data_interpreter->setSizePolicy(data_interpreter_policy);
// Connect signals
this->connect(this->p_node_tree,
SIGNAL(clicked(QModelIndex)),
this,
SLOT(SlotNodeTreeClicked(QModelIndex)));
this->connect(this->p_node_tree,
SIGNAL(activated(QModelIndex)),
this,
SLOT(SlotNodeTreeClicked(QModelIndex)));
this->connect(this->p_key_table /*->selectionModel()*/,
/* SIGNAL(selectionChanged(QItemSelection,QItemSelection)) */
SIGNAL(clicked(QModelIndex)),
this,
SLOT(SlotKeyTableClicked(QModelIndex)));
this->connect(this->p_key_table,
SIGNAL(doubleClicked(QModelIndex)),
this,
SLOT(SlotKeyTableDoubleClicked(QModelIndex)));
this->connect(this->p_hex_edit,
SIGNAL(currentAddressChanged(int)),
this,
SLOT(SlotHexEditAddressChanged(int)));
// Add central widget
this->setContentsMargins(4,4,4,0);
this->setCentralWidget(this->p_horizontal_splitter);
// Set window title
this->UpdateWindowTitle();
// Set last open location to home dir
this->last_open_location=QDir::homePath();
// Load report templates and update menu
this->p_data_reporter=new DataReporter();
this->p_data_reporter->LoadReportTemplates();
this->UpdateDataReporterMenu();
}
MainWindow::~MainWindow() {
if(this->is_hive_open) {
this->p_hive->Close();
}
delete ui;
}
void MainWindow::on_action_Quit_triggered() {
qApp->exit();
}
void MainWindow::on_action_Open_hive_triggered() {
QString hive_file="";
hive_file=QFileDialog::getOpenFileName(this,
tr("Open registry hive"),
this->last_open_location,
tr("All files (*)"));
if(hive_file=="") return;
// Update last open location
this->last_open_location=hive_file.left(hive_file.
lastIndexOf(QDir::separator()));
// If another hive is currently open, close it
if(this->is_hive_open) this->on_action_Close_hive_triggered();
// Try to open hive
if(!this->p_hive->Open(hive_file)) {
QMessageBox::critical(this,
tr("Error opening hive file"),
tr("Unable to open file '%1'").arg(hive_file));
return;
}
// Create tree model
this->p_reg_node_tree_model=
new RegistryNodeTreeModel(this->p_hive);
this->p_node_tree->setModel(this->p_reg_node_tree_model);
this->is_hive_open=true;
this->ui->action_Close_hive->setEnabled(true);
this->ui->MenuReports->setEnabled(true);
this->UpdateWindowTitle(hive_file);
}
void MainWindow::on_action_Close_hive_triggered() {
if(this->is_hive_open) {
// Delete models
if(this->p_reg_node_tree_model!=NULL) {
delete this->p_reg_node_tree_model;
this->p_reg_node_tree_model=NULL;
}
if(this->p_reg_key_table_model!=NULL) {
delete this->p_reg_key_table_model;
this->p_reg_key_table_model=NULL;
}
// Remove any data from hex edit and data interpreter
this->p_hex_edit->setData(QByteArray());
this->p_hex_edit_status_bar->setText("");
this->p_data_interpreter->ClearValues();
// Close hive
this->p_hive->Close();
this->is_hive_open=false;
this->ui->action_Close_hive->setEnabled(false);
this->ui->MenuReports->setEnabled(false);
this->UpdateWindowTitle();
}
}
void MainWindow::on_actionAbout_Qt_triggered() {
QMessageBox::aboutQt(this,tr("About Qt"));
}
void MainWindow::on_actionAbout_fred_triggered() {
DlgAbout dlg_about(this);
dlg_about.exec();
}
void MainWindow::SlotNodeTreeClicked(QModelIndex index) {
QString node_path;
//Built node path
node_path.clear();
node_path=this->p_reg_node_tree_model->data(index,Qt::DisplayRole)
.toString().prepend("\\");
while(this->p_reg_node_tree_model->parent(index)!=QModelIndex()) {
// Prepend all parent nodes
index=this->p_reg_node_tree_model->parent(index);
node_path.prepend(this->p_reg_node_tree_model->data(index,Qt::DisplayRole)
.toString().prepend("\\"));
}
// Create table model and attach it to the table view
if(this->p_reg_key_table_model!=NULL) delete this->p_reg_key_table_model;
this->p_reg_key_table_model=new RegistryKeyTableModel(this->p_hive,node_path);
this->p_key_table->setModel(this->p_reg_key_table_model);
// Resize table rows / columns to fit data
this->p_key_table->resizeColumnsToContents();
this->p_key_table->horizontalHeader()->stretchLastSection();
}
void MainWindow::SlotKeyTableDoubleClicked(QModelIndex index) {
/*
QModelIndex key_index;
QModelIndex node_index;
QStringList nodes;
QString key_name;
QString key_type;
QByteArray key_value;
if(!index.isValid()) return;
// Get key name, type and value
key_index=this->p_reg_key_table_model->index(index.row(),0);
key_name=this->p_reg_key_table_model->data(key_index,Qt::DisplayRole)
.toString();
key_index=this->p_reg_key_table_model->index(index.row(),1);
key_type=this->p_reg_key_table_model->data(key_index,Qt::DisplayRole)
.toString();
key_index=this->p_reg_key_table_model->index(index.row(),2);
key_value=this->p_reg_key_table_model->data(key_index,
RegistryKeyTableModel::
AdditionalRoles_GetRawData)
.toByteArray();
// Get current node
node_index=this->p_node_tree->currentIndex();
//Built node path
nodes.clear();
nodes.append(this->p_reg_node_tree_model->
data(node_index,Qt::DisplayRole).toString());
while(this->p_reg_node_tree_model->parent(node_index)!=QModelIndex()) {
// Prepend all parent nodes
node_index=this->p_reg_node_tree_model->parent(node_index);
nodes.prepend(this->p_reg_node_tree_model->
data(node_index,Qt::DisplayRole).toString());
}
DlgKeyDetails dlg_key_details(this);
dlg_key_details.SetValues(nodes,key_name,key_type,key_value);
dlg_key_details.exec();
*/
}
void MainWindow::SlotKeyTableClicked(QModelIndex index) {
if(!index.isValid()) return;
this->selected_key_value=
this->p_reg_key_table_model->data(this->p_reg_key_table_model->
index(index.row(),2),
RegistryKeyTableModel::
AdditionalRoles_GetRawData)
.toByteArray();
this->p_hex_edit->setData(this->selected_key_value);
}
void MainWindow::SlotHexEditAddressChanged(int hex_offset) {
// Update hex edit status bar
this->p_hex_edit_status_bar->
setText(QString().sprintf("Byte offset: 0x%04X (%u)",hex_offset,hex_offset));
// Update data interpreter
this->UpdateDataInterpreter(hex_offset);
}
void MainWindow::SlotReportClicked() {
// Get report category and name from sender and it's parent
QString category=((QMenu*)((QAction*)QObject::sender())->parent())->title();
QString report=((QAction*)QObject::sender())->text();
QString report_content=this->p_data_reporter->GenerateReport(this->p_hive,
category,
report);
- DlgReportViewer dlg_report_view(report_content,this);
- dlg_report_view.exec();
+ if(report_content!=QString()) {
+ DlgReportViewer dlg_report_view(report_content,this);
+ dlg_report_view.exec();
+ } else {
+ // TODO: Something went wrong!
+ }
}
void MainWindow::UpdateWindowTitle(QString filename) {
if(filename=="") {
this->setWindowTitle(QString().sprintf("%s v%s",APP_TITLE,APP_VERSION));
} else {
this->setWindowTitle(QString().sprintf("%s v%s - %s",
APP_TITLE,
APP_VERSION,
filename.toLocal8Bit().constData()));
}
}
void MainWindow::UpdateDataInterpreter(int hex_offset) {
QDateTime date_time;
const char *p_data;
int remaining_data_len;
// Remove all old values from data interpreter
this->p_data_interpreter->ClearValues();
// Calculate how many bytes are remainig after current offset
remaining_data_len=this->selected_key_value.size()-hex_offset;
if(!remaining_data_len>0) {
// Nothing to show
return;
}
// Get pointer to data at current offset
p_data=this->selected_key_value.constData();
p_data+=hex_offset;
#define rotl32(x,n) (((x) << n) | ((x) >> (32 - n)))
//#define rotr32(x,n) (((x) >> n) | ((x) << (32 - n)))
#define rotl64(x,n) (((x) << n) | ((x) >> (64 - n)))
//#define rotr64(x,n) (((x) >> n) | ((x) << (64 - n)))
if(remaining_data_len>=1) {
this->p_data_interpreter->AddValue("int8:",
QString().sprintf("%d",
*(int8_t*)p_data));
this->p_data_interpreter->AddValue("uint8:",
QString().sprintf("%u",
*(uint8_t*)p_data));
}
if(remaining_data_len>=2) {
this->p_data_interpreter->AddValue("int16:",
QString().sprintf("%d",
*(int16_t*)p_data));
this->p_data_interpreter->AddValue("uint16:",
QString().sprintf("%u",
*(uint16_t*)p_data));
}
if(remaining_data_len>=4) {
this->p_data_interpreter->AddValue("int32:",
QString().sprintf("%d",
*(int32_t*)p_data));
this->p_data_interpreter->AddValue("uint32:",
QString().sprintf("%d",
*(uint32_t*)p_data));
date_time.setTime_t(*(uint32_t*)p_data);
this->p_data_interpreter->AddValue("Unixtime:",
date_time.
toString("yyyy/MM/dd hh:mm:ss"));
}
if(remaining_data_len>=8) {
this->p_data_interpreter->AddValue("int64:",
QString().sprintf("%d",
*(int64_t*)p_data));
this->p_data_interpreter->AddValue("uint64:",
QString().sprintf("%d",
*(uint64_t*)p_data));
date_time.setTime_t((*(uint64_t*)p_data-116444736000000000)/10000000);
this->p_data_interpreter->AddValue("Win64time:",
date_time.
toString("yyyy/MM/dd hh:mm:ss"));
}
#undef rotl32
#undef rotl64
}
void MainWindow::UpdateDataReporterMenu() {
int i=0,ii=0;
QMenu *p_category_entry;
QAction *p_report_entry;
QStringList categories=this->p_data_reporter->GetAvailableReportCategories();
QStringList reports;
for(i=0;i<categories.count();i++) {
// First create category submenu
p_category_entry=this->ui->MenuReports->addMenu(categories.value(i));
// Now add category reports
reports=this->p_data_reporter->GetAvailableReports(categories.value(i));
for(ii=0;ii<reports.count();ii++) {
p_report_entry=new QAction(reports.value(ii),p_category_entry);
p_category_entry->addAction(p_report_entry);
this->connect(p_report_entry,
SIGNAL(triggered()),
this,
SLOT(SlotReportClicked()));
}
}
}
diff --git a/trunk/qtscript_types/bytearray.cpp b/trunk/qtscript_types/bytearray.cpp
index 0986ab6..e6dc920 100644
--- a/trunk/qtscript_types/bytearray.cpp
+++ b/trunk/qtscript_types/bytearray.cpp
@@ -1,179 +1,193 @@
/*******************************************************************************
* Copyright (c) 2011 by Gillen Daniel <gillen.dan@pinguin.lu> *
* *
* Derived from code by Nokia Corporation and/or its subsidiary(-ies) under a *
* compatible license: *
* *
* Copyright (C) 2009 Nokia Corporation and/or its subsidiary(-ies). *
* All rights reserved. *
* *
* This program is free software: you can redistribute it and/or modify it *
* under the terms of the GNU General Public License as published by the Free *
* Software Foundation, either version 3 of the License, or (at your option) *
* any later version. *
* *
* This program is distributed in the hope that it will be useful, but WITHOUT *
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or *
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for *
* more details. *
* *
* You should have received a copy of the GNU General Public License along with *
* this program. If not, see <http://www.gnu.org/licenses/>. *
*******************************************************************************/
#include <QtScript/QScriptEngine>
#include "bytearray.h"
#include "bytearrayiterator.h"
#include "bytearrayprototype.h"
#include <stdlib.h>
Q_DECLARE_METATYPE(QByteArray*)
Q_DECLARE_METATYPE(ByteArray*)
+/*
static qint32 toArrayIndex(const QString &str) {
QByteArray bytes = str.toUtf8();
char *eptr;
quint32 pos = strtoul(bytes.constData(), &eptr, 10);
if((eptr == bytes.constData() + bytes.size()) &&
(QByteArray::number(pos) == bytes))
{
return pos;
}
return -1;
}
+*/
ByteArray::ByteArray(QScriptEngine *engine)
: QObject(engine), QScriptClass(engine)
{
qScriptRegisterMetaType<QByteArray>(engine,
this->toScriptValue,
this->fromScriptValue);
- length=engine->toStringHandle(QLatin1String("length"));
+ this->length=engine->toStringHandle(QLatin1String("length"));
this->proto=engine->newQObject(new ByteArrayPrototype(this),
QScriptEngine::QtOwnership,
QScriptEngine::SkipMethodsInEnumeration |
QScriptEngine::ExcludeSuperClassMethods |
QScriptEngine::ExcludeSuperClassProperties);
QScriptValue global=engine->globalObject();
- this->proto.setPrototype(global.property("Object").property("prototype"));
+ proto.setPrototype(global.property("Object").property("prototype"));
- this->ctor=engine->newFunction(construct);
+ this->ctor=engine->newFunction(this->construct,this->proto);
this->ctor.setData(qScriptValueFromValue(engine,this));
}
ByteArray::~ByteArray() {}
QScriptClass::QueryFlags ByteArray::queryProperty(const QScriptValue &object,
const QScriptString &name,
QueryFlags flags,
uint *id)
{
QByteArray *ba=qscriptvalue_cast<QByteArray*>(object.data());
if(!ba) return 0;
- if(name!=length) {
- qint32 pos=toArrayIndex(name);
- if(pos==-1) return 0;
+ if(name!=this->length) {
+ bool is_array_index;
+ qint32 pos=name.toArrayIndex(&is_array_index);
+ if(!is_array_index) return 0;
*id=pos;
if((flags & HandlesReadAccess) && (pos>=ba->size()))
flags &= ~HandlesReadAccess;
}
return flags;
}
QScriptValue ByteArray::property(const QScriptValue &object,
const QScriptString &name,
uint id)
{
QByteArray *ba=qscriptvalue_cast<QByteArray*>(object.data());
if(!ba) return QScriptValue();
if(name==length) return ba->length();
else {
qint32 pos=id;
if((pos < 0) || (pos >= ba->size())) return QScriptValue();
return uint(ba->at(pos)) & 255;
}
return QScriptValue();
}
void ByteArray::setProperty(QScriptValue &object,
const QScriptString &name,
uint id,
const QScriptValue &value)
{
QByteArray *ba=qscriptvalue_cast<QByteArray*>(object.data());
if(!ba) return;
- if(name==length) ba->resize(value.toInt32());
+ if(name==length) this->resize(*ba,value.toInt32());
else {
qint32 pos=id;
if(pos<0) return;
- if(ba->size()<=pos) ba->resize(pos + 1);
+ if(ba->size()<=pos) this->resize(*ba,pos + 1);
(*ba)[pos]=char(value.toInt32());
}
}
QScriptValue::PropertyFlags ByteArray::propertyFlags(const QScriptValue &object,
const QScriptString &name,
uint id)
{
Q_UNUSED(object);
Q_UNUSED(id);
if(name==length) {
return QScriptValue::Undeletable | QScriptValue::SkipInEnumeration;
}
return QScriptValue::Undeletable;
}
QScriptClassPropertyIterator *ByteArray::newIterator(const QScriptValue &object)
{
return new ByteArrayIterator(object);
}
QString ByteArray::name() const {
return QLatin1String("ByteArray");
}
QScriptValue ByteArray::prototype() const {
- return this->proto;
+ return proto;
}
QScriptValue ByteArray::constructor() {
- return this->ctor;
+ return ctor;
}
QScriptValue ByteArray::newInstance(int size) {
+ this->engine()->reportAdditionalMemoryCost(size);
return newInstance(QByteArray(size,0));
}
QScriptValue ByteArray::newInstance(const QByteArray &ba) {
QScriptValue data=engine()->newVariant(qVariantFromValue(ba));
return engine()->newObject(this,data);
}
QScriptValue ByteArray::construct(QScriptContext *ctx, QScriptEngine *) {
ByteArray *cls=qscriptvalue_cast<ByteArray*>(ctx->callee().data());
if(!cls) return QScriptValue();
- int size=ctx->argument(0).toInt32();
+ QScriptValue arg=ctx->argument(0);
+ if(arg.instanceOf(ctx->callee()))
+ return cls->newInstance(qscriptvalue_cast<QByteArray>(arg));
+ int size=arg.toInt32();
return cls->newInstance(size);
}
QScriptValue ByteArray::toScriptValue(QScriptEngine *eng, const QByteArray &ba)
{
QScriptValue ctor=eng->globalObject().property("ByteArray");
ByteArray *cls=qscriptvalue_cast<ByteArray*>(ctor.data());
if(!cls) return eng->newVariant(qVariantFromValue(ba));
return cls->newInstance(ba);
}
void ByteArray::fromScriptValue(const QScriptValue &obj, QByteArray &ba) {
- ba=qscriptvalue_cast<QByteArray>(obj.data());
+ ba=qvariant_cast<QByteArray>(obj.data().toVariant());
}
+
+void ByteArray::resize(QByteArray &ba, int newSize) {
+ int oldSize=ba.size();
+ ba.resize(newSize);
+ if(newSize>oldSize)
+ this->engine()->reportAdditionalMemoryCost(newSize-oldSize);
+ }
diff --git a/trunk/qtscript_types/bytearray.h b/trunk/qtscript_types/bytearray.h
index 56f859c..154f577 100644
--- a/trunk/qtscript_types/bytearray.h
+++ b/trunk/qtscript_types/bytearray.h
@@ -1,74 +1,76 @@
/*******************************************************************************
* Copyright (c) 2011 by Gillen Daniel <gillen.dan@pinguin.lu> *
* *
* Derived from code by Nokia Corporation and/or its subsidiary(-ies) under a *
* compatible license: *
* *
* Copyright (C) 2009 Nokia Corporation and/or its subsidiary(-ies). *
* All rights reserved. *
* *
* This program is free software: you can redistribute it and/or modify it *
* under the terms of the GNU General Public License as published by the Free *
* Software Foundation, either version 3 of the License, or (at your option) *
* any later version. *
* *
* This program is distributed in the hope that it will be useful, but WITHOUT *
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or *
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for *
* more details. *
* *
* You should have received a copy of the GNU General Public License along with *
* this program. If not, see <http://www.gnu.org/licenses/>. *
*******************************************************************************/
// Description: http://cs.karelia.ru/~aborod/doc/qt/script-customclass.html
#ifndef BYTEARRAY_H
#define BYTEARRAY_H
#include <QObject>
#include <QtScript/QScriptClass>
#include <QtScript/QScriptString>
class ByteArray : public QObject, public QScriptClass {
public:
ByteArray(QScriptEngine *engine);
~ByteArray();
QScriptValue constructor();
QScriptValue newInstance(int size = 0);
QScriptValue newInstance(const QByteArray &ba);
QueryFlags queryProperty(const QScriptValue &object,
const QScriptString &name,
QueryFlags flags,
uint *id);
QScriptValue property(const QScriptValue &object,
const QScriptString &name,
uint id);
void setProperty(QScriptValue &object,
const QScriptString &name,
uint id,
const QScriptValue &value);
QScriptValue::PropertyFlags propertyFlags(const QScriptValue &object,
const QScriptString &name,
uint id);
QScriptClassPropertyIterator *newIterator(const QScriptValue &object);
QString name() const;
QScriptValue prototype() const;
private:
static QScriptValue construct(QScriptContext *ctx, QScriptEngine *eng);
static QScriptValue toScriptValue(QScriptEngine *eng, const QByteArray &ba);
static void fromScriptValue(const QScriptValue &obj, QByteArray &ba);
+ void resize(QByteArray &ba, int newSize);
+
QScriptString length;
QScriptValue proto;
QScriptValue ctor;
};
#endif // BYTEARRAY_H
diff --git a/trunk/qtscript_types/bytearrayiterator.cpp b/trunk/qtscript_types/bytearrayiterator.cpp
index 8ef3069..920f699 100644
--- a/trunk/qtscript_types/bytearrayiterator.cpp
+++ b/trunk/qtscript_types/bytearrayiterator.cpp
@@ -1,74 +1,74 @@
/*******************************************************************************
* Copyright (c) 2011 by Gillen Daniel <gillen.dan@pinguin.lu> *
* *
* Derived from code by Nokia Corporation and/or its subsidiary(-ies) under a *
* compatible license: *
* *
* Copyright (C) 2009 Nokia Corporation and/or its subsidiary(-ies). *
* All rights reserved. *
* *
* This program is free software: you can redistribute it and/or modify it *
* under the terms of the GNU General Public License as published by the Free *
* Software Foundation, either version 3 of the License, or (at your option) *
* any later version. *
* *
* This program is distributed in the hope that it will be useful, but WITHOUT *
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or *
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for *
* more details. *
* *
* You should have received a copy of the GNU General Public License along with *
* this program. If not, see <http://www.gnu.org/licenses/>. *
*******************************************************************************/
#include "bytearrayiterator.h"
#include <QtScript/QScriptEngine>
Q_DECLARE_METATYPE(QByteArray*)
ByteArrayIterator::ByteArrayIterator(const QScriptValue &object)
: QScriptClassPropertyIterator(object)
{
toFront();
}
ByteArrayIterator::~ByteArrayIterator() {}
bool ByteArrayIterator::hasNext() const {
QByteArray *ba=qscriptvalue_cast<QByteArray*>(object().data());
return m_index<ba->size();
}
void ByteArrayIterator::next() {
m_last=m_index;
++m_index;
}
bool ByteArrayIterator::hasPrevious() const {
return(m_index>0);
}
void ByteArrayIterator::previous() {
--m_index;
m_last=m_index;
}
void ByteArrayIterator::toFront() {
m_index=0;
m_last=-1;
}
void ByteArrayIterator::toBack() {
QByteArray *ba=qscriptvalue_cast<QByteArray*>(object().data());
m_index=ba->size();
m_last=-1;
}
QScriptString ByteArrayIterator::name() const {
- return QScriptString();
+ return this->object().engine()->toStringHandle(QString::number(this->m_last));
}
uint ByteArrayIterator::id() const {
return m_last;
}
diff --git a/trunk/report_templates/SAM_UserAccounts.qs b/trunk/report_templates/SAM_UserAccounts.qs
new file mode 100644
index 0000000..c66852d
--- /dev/null
+++ b/trunk/report_templates/SAM_UserAccounts.qs
@@ -0,0 +1,37 @@
+// See http://windowsir.blogspot.com/2006/08/getting-user-info-from-image.html
+
+println("<html>");
+println(" <head><title>User Accounts</title></head>");
+println(" <body>");
+println(" <h2>User accounts</h2>");
+println(" <p>");
+
+// Iterate over all user names
+var user_names=GetRegistryNodes("\\SAM\\Domains\\Account\\Users\\Names");
+for(var i=0;i<user_names.length;i++) {
+ // Print user name
+ println(user_names[i],"<br />");
+
+ // Get user rid stored in "default" key
+ var user_rid=GetRegistryKeyValue(String().concat("\\SAM\\Domains\\Account\\Users\\Names\\",user_names[i]),"");
+ user_rid=RegistryKeyTypeToString(user_rid.type);
+ println(" RID: ",Number(user_rid).toString(10)," (",user_rid,")","<br />");
+
+ // RegistryKeyTypeToString returns the rid prepended with "0x". We have to remove that for further processing
+ user_rid=String(user_rid).substr(2);
+
+ // Get user's V key and print various infos
+ var v_key=GetRegistryKeyValue(String().concat("\\SAM\\Domains\\Account\\Users\\",user_rid),"V");
+
+
+ // Get user's F key and print various infos
+ var f_key=GetRegistryKeyValue(String().concat("\\SAM\\Domains\\Account\\Users\\",user_rid),"F");
+ println(" Last lockout time: ",RegistryKeyValueToVariant(f_key.value,"filetime",8),"<br />");
+ println(" Creation time: ",RegistryKeyValueToVariant(f_key.value,"filetime",24),"<br />");
+ println(" Last login time: ",RegistryKeyValueToVariant(f_key.value,"filetime",40),"<br />");
+
+ println("<br />");
+}
+
+println(" </p>");
+println("</html>");
diff --git a/trunk/report_templates/SOFTWARE_WindowsVersion.js b/trunk/report_templates/SOFTWARE_WindowsVersion.js
deleted file mode 100644
index 503f80c..0000000
--- a/trunk/report_templates/SOFTWARE_WindowsVersion.js
+++ /dev/null
@@ -1,18 +0,0 @@
-println("<html>");
-println(" <head><title>Windows version info</title></head>");
-println(" <body>");
-println(" <h2>Windows version info</h2>");
-println(" <p>");
-
-var val=GetRegistryKeyValue("\\Microsoft\\Windows NT\\CurrentVersion","ProductName");
-
-print("ProductVersion: ");
-println(RegistryHive.KeyValueToString(val.value,1));
-
-println(" </p>");
-println("</html>");
-
-//for(var i=0;i<(val.length-1);i+=2) {
-// print(String.fromCharCode(val.value[i]));
-//}
-
diff --git a/trunk/report_templates/SOFTWARE_WindowsVersion.qs b/trunk/report_templates/SOFTWARE_WindowsVersion.qs
new file mode 100644
index 0000000..ec564a9
--- /dev/null
+++ b/trunk/report_templates/SOFTWARE_WindowsVersion.qs
@@ -0,0 +1,22 @@
+println("<html>");
+println(" <head><title>Windows version info</title></head>");
+println(" <body>");
+println(" <h2>Windows version info</h2>");
+println(" <p>");
+
+// Windows version
+var val=GetRegistryKeyValue("\\Microsoft\\Windows NT\\CurrentVersion","ProductName");
+println("Windows version: ",RegistryKeyValueToString(val.value,1),"<br />");
+
+// Install date
+var val=GetRegistryKeyValue("\\Microsoft\\Windows NT\\CurrentVersion","InstallDate");
+println("Install date: ",RegistryKeyValueToVariant(val.value,"unixtime"),"<br />");
+
+// Owner and Organization info
+var val=GetRegistryKeyValue("\\Microsoft\\Windows NT\\CurrentVersion","RegisteredOwner");
+println("Registered owner: ",RegistryKeyValueToString(val.value,1),"<br />");
+var val=GetRegistryKeyValue("\\Microsoft\\Windows NT\\CurrentVersion","RegisteredOrganization");
+println("Registered organization: ",RegistryKeyValueToString(val.value,1),"<br />");
+
+println(" </p>");
+println("</html>");
File Metadata
Details
Attached
Mime Type
text/x-diff
Expires
Sat, Nov 23, 6:30 PM (1 d, 12 h)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
1163017
Default Alt Text
(61 KB)
Attached To
Mode
rFRED fred
Attached
Detach File
Event Timeline
Log In to Comment