Page MenuHomePhabricator
Files F4324580

No OneTemporary
Actions

Size
25 KB
Referenced Files
None
Subscribers
None

View Options

diff --git a/trunk/registrykey.cpp b/trunk/registrykey.cpp
index 709d3e7..b3f13e6 100644
--- a/trunk/registrykey.cpp
+++ b/trunk/registrykey.cpp
@@ -1,54 +1,54 @@
/*******************************************************************************
* fred Copyright (c) 2011-2013 by Gillen Daniel <gillen.dan@pinguin.lu> *
* *
* Forensic Registry EDitor (fred) is a cross-platform M$ registry hive editor *
* with special feautures useful during forensic analysis. *
* *
* This program is free software: you can redistribute it and/or modify it *
* under the terms of the GNU General Public License as published by the Free *
* Software Foundation, either version 3 of the License, or (at your option) *
* any later version. *
* *
* This program is distributed in the hope that it will be useful, but WITHOUT *
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or *
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for *
* more details. *
* *
* You should have received a copy of the GNU General Public License along with *
* this program. If not, see <http://www.gnu.org/licenses/>. *
*******************************************************************************/
#include "registrykey.h"
RegistryKey::RegistryKey(const QList<QVariant> &data) {
this->key_data=data;
}
RegistryKey::~RegistryKey() {
qDeleteAll(this->keys);
}
void RegistryKey::Append(RegistryKey *p_key) {
this->keys.append(p_key);
}
RegistryKey* RegistryKey::Key(uint64_t row) {
return this->keys.value(row);
}
uint64_t RegistryKey::RowCount() {
return this->keys.count();
}
-QVariant RegistryKey::Data(uint64_t column) const {
- if(column>=0 && column<4) {
+QVariant RegistryKey::Data(int column) const {
+ if(column>=0 && column<3) {
return this->key_data.value(column);
} else {
return QVariant();
}
}
uint64_t RegistryKey::Row() const {
return this->keys.indexOf(const_cast<RegistryKey*>(this));
}
diff --git a/trunk/registrykey.h b/trunk/registrykey.h
index 6a9cbf4..7dcf192 100644
--- a/trunk/registrykey.h
+++ b/trunk/registrykey.h
@@ -1,44 +1,45 @@
/*******************************************************************************
* fred Copyright (c) 2011-2013 by Gillen Daniel <gillen.dan@pinguin.lu> *
* *
* Forensic Registry EDitor (fred) is a cross-platform M$ registry hive editor *
* with special feautures useful during forensic analysis. *
* *
* This program is free software: you can redistribute it and/or modify it *
* under the terms of the GNU General Public License as published by the Free *
* Software Foundation, either version 3 of the License, or (at your option) *
* any later version. *
* *
* This program is distributed in the hope that it will be useful, but WITHOUT *
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or *
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for *
* more details. *
* *
* You should have received a copy of the GNU General Public License along with *
* this program. If not, see <http://www.gnu.org/licenses/>. *
*******************************************************************************/
#ifndef REGISTRYKEY_H
#define REGISTRYKEY_H
#include <QList>
#include <QVariant>
+
#include <inttypes.h>
class RegistryKey {
public:
RegistryKey(const QList<QVariant> &data);
~RegistryKey();
void Append(RegistryKey *p_key);
RegistryKey *Key(uint64_t row);
uint64_t RowCount();
- QVariant Data(uint64_t column) const;
+ QVariant Data(int column) const;
uint64_t Row() const;
private:
QList<RegistryKey*> keys;
QList<QVariant> key_data;
};
#endif // REGISTRYKEY_H
diff --git a/trunk/registrykeytablemodel.cpp b/trunk/registrykeytablemodel.cpp
index 3219772..36182a6 100644
--- a/trunk/registrykeytablemodel.cpp
+++ b/trunk/registrykeytablemodel.cpp
@@ -1,201 +1,202 @@
/*******************************************************************************
* fred Copyright (c) 2011-2013 by Gillen Daniel <gillen.dan@pinguin.lu> *
* *
* Forensic Registry EDitor (fred) is a cross-platform M$ registry hive editor *
* with special feautures useful during forensic analysis. *
* *
* This program is free software: you can redistribute it and/or modify it *
* under the terms of the GNU General Public License as published by the Free *
* Software Foundation, either version 3 of the License, or (at your option) *
* any later version. *
* *
* This program is distributed in the hope that it will be useful, but WITHOUT *
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or *
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for *
* more details. *
* *
* You should have received a copy of the GNU General Public License along with *
* this program. If not, see <http://www.gnu.org/licenses/>. *
*******************************************************************************/
#include "registrykeytablemodel.h"
#include <stdlib.h>
RegistryKeyTableModel::RegistryKeyTableModel(RegistryHive *p_hive,
QString node_path,
QObject *p_parent)
: QAbstractTableModel(p_parent)
{
// Create the "root" key. It's values will be used for as header values.
this->p_keys=new RegistryKey(QList<QVariant>()<<
tr("Key")<<
tr("Type")<<
- tr("Value")<<
- tr("Last modified"));
+ tr("Value"));
// Build key list
this->SetupModelData(p_hive,node_path);
}
RegistryKeyTableModel::~RegistryKeyTableModel() {
delete this->p_keys;
}
QVariant RegistryKeyTableModel::data(const QModelIndex &index, int role) const {
bool ok;
if(!index.isValid()) return QVariant();
RegistryKey *p_key=static_cast<RegistryKey*>(index.internalPointer());
switch(role) {
case Qt::DisplayRole: {
switch(index.column()) {
case RegistryKeyTableModel::ColumnContent_KeyName: {
return p_key->Data(index.column());
break;
}
case RegistryKeyTableModel::ColumnContent_KeyType: {
int value_type=p_key->Data(index.column()).toInt(&ok);
if(!ok) return QVariant();
return RegistryHive::KeyTypeToString(value_type);
break;
}
case RegistryKeyTableModel::ColumnContent_KeyValue: {
// Get index to value type
QModelIndex type_index=this->index(index.row(),
RegistryKeyTableModel::
ColumnContent_KeyType);
// Get value type
int value_type=this->data(type_index,
RegistryKeyTableModel::
AdditionalRoles_GetRawData).toInt(&ok);
if(!ok) return QVariant();
// Return value converted to human readeable string
QByteArray value_array=p_key->Data(index.column()).toByteArray();
return RegistryHive::KeyValueToString(value_array,value_type);
break;
}
+/*
case RegistryKeyTableModel::ColumnContent_KeyModTime: {
QDateTime date_time;
bool ok=false;
date_time.setTimeSpec(Qt::UTC);
date_time.setTime_t(RegistryHive::FiletimeToUnixtime(
p_key->Data(index.column()).toLongLong(&ok)));
if(ok) return date_time.toString("yyyy/MM/dd hh:mm:ss");
else return tr("Unknown");
break;
}
+*/
default:
return QVariant();
}
break;
}
case RegistryKeyTableModel::AdditionalRoles_GetRawData: {
return p_key->Data(index.column());
break;
}
default:
return QVariant();
}
return QVariant();
}
Qt::ItemFlags RegistryKeyTableModel::flags(const QModelIndex &index) const {
if(!index.isValid()) return 0;
return Qt::ItemIsEnabled | Qt::ItemIsSelectable;
}
QVariant RegistryKeyTableModel::headerData(int section,
Qt::Orientation orientation,
int role) const
{
// Only horizontal header is supported
if(orientation!=Qt::Horizontal) return QVariant();
switch(role) {
case Qt::TextAlignmentRole:
// Handle text alignment
if(section==2) return Qt::AlignLeft;
else return Qt::AlignCenter;
break;
case Qt::DisplayRole:
// Header text
return this->p_keys->Data(section);
break;
default:
return QVariant();
}
}
QModelIndex RegistryKeyTableModel::index(int row,
int column,
const QModelIndex &parent) const
{
if(!this->hasIndex(row,column,parent)) return QModelIndex();
RegistryKey *p_key=this->p_keys->Key(row);
return this->createIndex(row,column,p_key);
}
int RegistryKeyTableModel::rowCount(const QModelIndex &parent) const {
// According to Qt doc, when parent in TableModel is valid, we should return 0
if(parent.isValid()) return 0;
// Get and return row count from the keys list
return this->p_keys->RowCount();
}
int RegistryKeyTableModel::columnCount(const QModelIndex &parent) const {
// According to Qt doc, when parent in TableModel is valid, we should return 0
if(parent.isValid()) return 0;
- // There are always 4 columns
- return 4;
+ // There are always 3 columns
+ return 3;
}
int RegistryKeyTableModel::GetKeyRow(QString key_name) const {
int i;
for(i=0;i<this->p_keys->RowCount();i++) {
if(this->p_keys->Key(i)->Data(0)==key_name) {
return i;
}
}
// When key isn't found, return the first row
return 0;
}
void RegistryKeyTableModel::SetupModelData(RegistryHive *p_hive,
QString &node_path)
{
QMap<QString,int> node_keys;
RegistryKey *p_key;
QByteArray key_value;
int key_value_type;
- int64_t key_mod_time;
+// int64_t key_mod_time;
size_t key_value_len;
// Get all keys for current node
node_keys=p_hive->GetKeys(node_path);
if(node_keys.isEmpty()) return;
// Add all keys to list
QMapIterator<QString,int> i(node_keys);
while(i.hasNext()) {
i.next();
key_value=p_hive->GetKeyValue(i.value(),
&key_value_type,
&key_value_len);
if(p_hive->GetErrorMsg()!="") continue;
- key_mod_time=p_hive->GetKeyModTime(i.value());
+// key_mod_time=p_hive->GetKeyModTime(i.value());
// TODO: Maybe we have to call GetErrorMsg in case an error occured
p_key=new RegistryKey(QList<QVariant>()<<
QString(i.key().length() ? i.key() : "(default)")<<
QVariant(key_value_type)<<
- key_value<<
- QVariant((qlonglong)key_mod_time));
+ key_value); //<<
+// QVariant((qlonglong)key_mod_time));
this->p_keys->Append(p_key);
}
}
diff --git a/trunk/registrynode.cpp b/trunk/registrynode.cpp
index 9a3845b..87b6621 100644
--- a/trunk/registrynode.cpp
+++ b/trunk/registrynode.cpp
@@ -1,61 +1,65 @@
/*******************************************************************************
* fred Copyright (c) 2011-2013 by Gillen Daniel <gillen.dan@pinguin.lu> *
* *
* Forensic Registry EDitor (fred) is a cross-platform M$ registry hive editor *
* with special feautures useful during forensic analysis. *
* *
* This program is free software: you can redistribute it and/or modify it *
* under the terms of the GNU General Public License as published by the Free *
* Software Foundation, either version 3 of the License, or (at your option) *
* any later version. *
* *
* This program is distributed in the hope that it will be useful, but WITHOUT *
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or *
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for *
* more details. *
* *
* You should have received a copy of the GNU General Public License along with *
* this program. If not, see <http://www.gnu.org/licenses/>. *
*******************************************************************************/
#include "registrynode.h"
-RegistryNode::RegistryNode(const QString name,
+RegistryNode::RegistryNode(const QList<QVariant> &data,
RegistryNode *p_parent)
{
+ this->node_data=data;
this->p_parent_node=p_parent;
- this->node_name=name;
}
RegistryNode::~RegistryNode() {
qDeleteAll(this->child_nodes);
}
void RegistryNode::AppendChild(RegistryNode *p_child) {
this->child_nodes.append(p_child);
}
-RegistryNode* RegistryNode::child(uint64_t row) {
+RegistryNode* RegistryNode::Child(uint64_t row) {
return this->child_nodes.value(row);
}
-uint64_t RegistryNode::childCount() const {
+uint64_t RegistryNode::ChildCount() const {
return this->child_nodes.count();
}
-QString RegistryNode::data() const {
- return this->node_name;
+QVariant RegistryNode::Data(int column) const {
+ if(column>=0 && column<2) {
+ return this->node_data.value(column);
+ } else {
+ return QVariant();
+ }
}
-uint64_t RegistryNode::row() const {
+uint64_t RegistryNode::Row() const {
if(this->p_parent_node) {
return this->p_parent_node->
child_nodes.indexOf(const_cast<RegistryNode*>(this));
} else {
return 0;
}
}
-RegistryNode *RegistryNode::parent() {
+RegistryNode *RegistryNode::Parent() {
return this->p_parent_node;
}
diff --git a/trunk/registrynode.h b/trunk/registrynode.h
index c1fd624..9becba9 100644
--- a/trunk/registrynode.h
+++ b/trunk/registrynode.h
@@ -1,47 +1,48 @@
/*******************************************************************************
* fred Copyright (c) 2011-2013 by Gillen Daniel <gillen.dan@pinguin.lu> *
* *
* Forensic Registry EDitor (fred) is a cross-platform M$ registry hive editor *
* with special feautures useful during forensic analysis. *
* *
* This program is free software: you can redistribute it and/or modify it *
* under the terms of the GNU General Public License as published by the Free *
* Software Foundation, either version 3 of the License, or (at your option) *
* any later version. *
* *
* This program is distributed in the hope that it will be useful, but WITHOUT *
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or *
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for *
* more details. *
* *
* You should have received a copy of the GNU General Public License along with *
* this program. If not, see <http://www.gnu.org/licenses/>. *
*******************************************************************************/
#ifndef REGISTRYNODE_H
#define REGISTRYNODE_H
#include <QList>
-#include <QString>
+#include <QVariant>
#include <inttypes.h>
class RegistryNode {
public:
- RegistryNode(const QString name, RegistryNode *p_parent=0);
+ RegistryNode(const QList<QVariant> &data,
+ RegistryNode *p_parent=0);
~RegistryNode();
void AppendChild(RegistryNode *p_child);
- RegistryNode *child(uint64_t row);
- uint64_t childCount() const;
- QString data() const;
- uint64_t row() const;
- RegistryNode *parent();
+ RegistryNode *Child(uint64_t row);
+ uint64_t ChildCount() const;
+ QVariant Data(int column) const;
+ uint64_t Row() const;
+ RegistryNode *Parent();
private:
QList<RegistryNode*> child_nodes;
- QString node_name;
+ QList<QVariant> node_data;
RegistryNode *p_parent_node;
};
#endif // REGISTRYNODE_H
diff --git a/trunk/registrynodetreemodel.cpp b/trunk/registrynodetreemodel.cpp
index 91bc8e8..b239d4e 100644
--- a/trunk/registrynodetreemodel.cpp
+++ b/trunk/registrynodetreemodel.cpp
@@ -1,183 +1,185 @@
/*******************************************************************************
* fred Copyright (c) 2011-2013 by Gillen Daniel <gillen.dan@pinguin.lu> *
* *
* Forensic Registry EDitor (fred) is a cross-platform M$ registry hive editor *
* with special feautures useful during forensic analysis. *
* *
* This program is free software: you can redistribute it and/or modify it *
* under the terms of the GNU General Public License as published by the Free *
* Software Foundation, either version 3 of the License, or (at your option) *
* any later version. *
* *
* This program is distributed in the hope that it will be useful, but WITHOUT *
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or *
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for *
* more details. *
* *
* You should have received a copy of the GNU General Public License along with *
* this program. If not, see <http://www.gnu.org/licenses/>. *
*******************************************************************************/
#include "registrynodetreemodel.h"
+#include <QList>
#include <QStringList>
+#include <QVariant>
#include <stdlib.h>
RegistryNodeTreeModel::RegistryNodeTreeModel(RegistryHive *p_hive,
QObject *p_parent)
: QAbstractItemModel(p_parent)
{
// Create root node
- this->p_root_node=new RegistryNode("ROOT");
+ this->p_root_node=new RegistryNode(QList<QVariant>()<<QString("ROOT")<<0);
// Build node list
this->SetupModelData(p_hive,this->p_root_node);
}
RegistryNodeTreeModel::~RegistryNodeTreeModel() {
delete this->p_root_node;
}
QVariant RegistryNodeTreeModel::data(const QModelIndex &index, int role) const
{
if(!index.isValid()) return QVariant();
if(role!=Qt::DisplayRole) return QVariant();
RegistryNode *p_node=static_cast<RegistryNode*>(index.internalPointer());
- return p_node->data();
+ return p_node->Data();
}
Qt::ItemFlags RegistryNodeTreeModel::flags(const QModelIndex &index) const {
if(!index.isValid()) return 0;
return Qt::ItemIsEnabled | Qt::ItemIsSelectable;
}
QVariant RegistryNodeTreeModel::headerData(int section,
Qt::Orientation orientation,
int role) const
{
Q_UNUSED(section);
if(orientation==Qt::Horizontal && role==Qt::DisplayRole) {
return QVariant("Registry key folders");
} else {
return QVariant();
}
}
QModelIndex RegistryNodeTreeModel::index(int row,
int column,
const QModelIndex &parent) const
{
if(!this->hasIndex(row,column,parent)) return QModelIndex();
RegistryNode *p_parent_node;
if(!parent.isValid()) {
p_parent_node=this->p_root_node;
} else {
p_parent_node=static_cast<RegistryNode*>(parent.internalPointer());
}
- RegistryNode *p_child_node=p_parent_node->child(row);
+ RegistryNode *p_child_node=p_parent_node->Child(row);
if(p_child_node) {
return this->createIndex(row,column,p_child_node);
} else {
return QModelIndex();
}
}
QModelIndex RegistryNodeTreeModel::parent(const QModelIndex &index) const {
if(!index.isValid()) return QModelIndex();
RegistryNode *p_child_node=
static_cast<RegistryNode*>(index.internalPointer());
- RegistryNode *p_parent_node=p_child_node->parent();
+ RegistryNode *p_parent_node=p_child_node->Parent();
if(p_parent_node==this->p_root_node) {
return QModelIndex();
} else {
- return this->createIndex(p_parent_node->row(),0,p_parent_node);
+ return this->createIndex(p_parent_node->Row(),0,p_parent_node);
}
}
int RegistryNodeTreeModel::rowCount(const QModelIndex &parent) const {
if(parent.column()>0) return 0;
RegistryNode *p_parent_node;
if(!parent.isValid()) {
p_parent_node=this->p_root_node;
} else {
p_parent_node=static_cast<RegistryNode*>(parent.internalPointer());
}
- return p_parent_node->childCount();
+ return p_parent_node->ChildCount();
}
int RegistryNodeTreeModel::columnCount(const QModelIndex &parent) const {
Q_UNUSED(parent);
- return 1;
+ return 2;
}
QList<QModelIndex> RegistryNodeTreeModel::GetIndexListOf(QString path) const {
RegistryNode *p_parent_node=this->p_root_node;
QList<QModelIndex> ret;
QStringList nodes=path.split("\\",QString::SkipEmptyParts);
bool found=false;
// Create a list of all index's that form the supplied path
ret.clear();
for(int i=0;i<nodes.count();i++) {
found=false;
- for(uint64_t ii=0;ii<p_parent_node->childCount();ii++) {
- if(p_parent_node->child(ii)->data()==nodes.at(i)) {
- ret.append(this->createIndex(ii,0,p_parent_node->child(ii)));
- p_parent_node=p_parent_node->child(ii);
+ for(uint64_t ii=0;ii<p_parent_node->ChildCount();ii++) {
+ if(p_parent_node->Child(ii)->Data()==nodes.at(i)) {
+ ret.append(this->createIndex(ii,0,p_parent_node->Child(ii)));
+ p_parent_node=p_parent_node->Child(ii);
found=true;
break;
}
}
// Break when last child node was found
if(found && i==nodes.count()-1) break;
// Return an empty list when a child node wasn't found
else if(!found) return QList<QModelIndex>();
}
return ret;
}
QString RegistryNodeTreeModel::GetNodePath(QModelIndex child_index) const
{
QString path;
// Get current node name
path=this->data(child_index,Qt::DisplayRole).toString().prepend("\\");
// Build node path by prepending all parent nodes names
while(this->parent(child_index)!=QModelIndex()) {
child_index=this->parent(child_index);
path.prepend(this->data(child_index,
Qt::DisplayRole).toString().prepend("\\"));
}
return path;
}
void RegistryNodeTreeModel::SetupModelData(RegistryHive *p_hive,
RegistryNode *p_parent,
int hive_node)
{
QMap<QString,int> hive_children;
RegistryNode *p_node;
// Get all sub nodes of current hive node
if(hive_node) hive_children=p_hive->GetNodes(hive_node);
else hive_children=p_hive->GetNodes("\\");
if(hive_children.isEmpty()) return;
// Recursivly iterate over all sub nodes
QMapIterator<QString, int> i(hive_children);
while(i.hasNext()) {
i.next();
- p_node=new RegistryNode(i.key(),p_parent);
+ p_node=new RegistryNode(QList<QVariant>()<<i.key()<<0,p_parent);
p_parent->AppendChild(p_node);
this->SetupModelData(p_hive,p_node,i.value());
}
}

File Metadata

Mime Type
text/x-diff
Expires
Tue, Dec 24, 3:07 AM (1 d, 3 h)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
1176976
Default Alt Text
(25 KB)

Event Timeline