Page Menu
Home
Phabricator
Search
Configure Global Search
Log In
Files
F4324741
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Size
40 KB
Referenced Files
None
Subscribers
None
View Options
diff --git a/trunk/datareporter.cpp b/trunk/datareporter.cpp
index 4f01ffe..b994245 100644
--- a/trunk/datareporter.cpp
+++ b/trunk/datareporter.cpp
@@ -1,99 +1,137 @@
/*******************************************************************************
* fred Copyright (c) 2011 by Gillen Daniel <gillen.dan@pinguin.lu> *
* *
* Forensic Registry EDitor (fred) is a cross-platform M$ registry hive editor *
* with special feautures useful during forensic analysis. *
* *
* This program is free software: you can redistribute it and/or modify it *
* under the terms of the GNU General Public License as published by the Free *
* Software Foundation, either version 3 of the License, or (at your option) *
* any later version. *
* *
* This program is distributed in the hope that it will be useful, but WITHOUT *
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or *
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for *
* more details. *
* *
* You should have received a copy of the GNU General Public License along with *
* this program. If not, see <http://www.gnu.org/licenses/>. *
*******************************************************************************/
#include <QDir>
#include "datareporter.h"
#include "reporttemplatexmlhandler.h"
DataReporter::DataReporter() {
this->report_templates.clear();
}
DataReporter::~DataReporter() {
qDeleteAll(this->report_templates);
}
void DataReporter::LoadReportTemplates() {
QString report_template="";
QXmlSimpleReader xml_parser;
int i=0;
ReportTemplate *p_report;
QDir report_dir("../trunk/report_templates/");
- QStringList report_templates=report_dir.entryList(QStringList()<<"*.fred");
+ QStringList found_report_templates=report_dir.entryList(QStringList()<<"*.fred");
- for(i=0;i<report_templates.count();i++) {
+ for(i=0;i<found_report_templates.count();i++) {
report_template=report_dir.path();
report_template.append(QDir::separator());
- report_template.append(report_templates.value(i));
+ report_template.append(found_report_templates.value(i));
QFile *p_report_template_file=new QFile(report_template);
QXmlInputSource *p_xml_file=new QXmlInputSource(p_report_template_file);
ReportTemplateXmlHandler *p_report_handler=new ReportTemplateXmlHandler();
xml_parser.setContentHandler(p_report_handler);
- xml_parser.parse(p_xml_file);
-
- p_report=new ReportTemplate(p_report_handler->GetReportCategory(),
- p_report_handler->GetReportName(),
- report_template);
- this->report_templates.append(p_report);
+ xml_parser.setErrorHandler(p_report_handler);
+ if(xml_parser.parse(p_xml_file)) {
+ p_report=new ReportTemplate(p_report_handler->GetReportCategory(),
+ p_report_handler->GetReportName(),
+ report_template);
+ this->report_templates.append(p_report);
+ } else {
+ qDebug("Error loading template");
+ }
delete p_report_handler;
delete p_xml_file;
delete p_report_template_file;
}
}
QStringList DataReporter::GetAvailableReportCategories() {
QStringList ret;
QString cat;
int i=0;
ret.clear();
for(i=0;i<this->report_templates.count();i++) {
cat=this->report_templates.value(i)->Category();
- if(ret.indexOf(cat)==-1) ret.append(cat);
+ if(!ret.contains(cat)) ret.append(cat);
}
+ ret.sort();
+
return ret;
}
QStringList DataReporter::GetAvailableReports(QString category) {
QStringList ret;
QString cat;
int i=0;
ret.clear();
for(i=0;i<this->report_templates.count();i++) {
cat=this->report_templates.value(i)->Category();
if(cat==category) ret.append(this->report_templates.value(i)->Name());
}
+ ret.sort();
+
return ret;
}
QString DataReporter::GenerateReport(hive_h *hhive,
QString report_category,
QString report_name)
{
+ QString ret=QString();
+ int i=0;
+ QXmlSimpleReader xml_parser;
+ ReportTemplate *p_report;
+
+ for(i=0;i<this->report_templates.count();i++) {
+ p_report=this->report_templates.value(i);
+ if(p_report->Category()!=report_category || p_report->Name()!=report_name) {
+ continue;
+ }
+ QFile *p_template_file=new QFile(p_report->File());
+ QXmlInputSource *p_xml_input=new QXmlInputSource(p_template_file);
+ ReportTemplateXmlHandler *p_report_handler=
+ new ReportTemplateXmlHandler(hhive,false);
+
+ xml_parser.setContentHandler(p_report_handler);
+ xml_parser.setErrorHandler(p_report_handler);
+ if(xml_parser.parse(p_xml_input)) {
+ ret=p_report_handler->ReportData();
+ } else {
+ qDebug("Error loading template");
+ }
+
+ delete p_report_handler;
+ delete p_xml_input;
+ delete p_template_file;
+
+ break;
+ }
+
+ return ret;
}
diff --git a/trunk/mainwindow.cpp b/trunk/mainwindow.cpp
index a7f9401..a1f08f8 100644
--- a/trunk/mainwindow.cpp
+++ b/trunk/mainwindow.cpp
@@ -1,468 +1,507 @@
/*******************************************************************************
* fred Copyright (c) 2011 by Gillen Daniel <gillen.dan@pinguin.lu> *
* *
* Forensic Registry EDitor (fred) is a cross-platform M$ registry hive editor *
* with special feautures useful during forensic analysis. *
* *
* This program is free software: you can redistribute it and/or modify it *
* under the terms of the GNU General Public License as published by the Free *
* Software Foundation, either version 3 of the License, or (at your option) *
* any later version. *
* *
* This program is distributed in the hope that it will be useful, but WITHOUT *
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or *
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for *
* more details. *
* *
* You should have received a copy of the GNU General Public License along with *
* this program. If not, see <http://www.gnu.org/licenses/>. *
*******************************************************************************/
#include <QFileDialog>
#include <QMessageBox>
#include <QStringList>
#include <QDesktopWidget>
#include <QDir>
#include <QSplitter>
#include "mainwindow.h"
#include "ui_mainwindow.h"
#include "dlgabout.h"
#include "dlgkeydetails.h"
#include "compileinfo.h"
MainWindow::MainWindow(QWidget *parent) :
QMainWindow(parent), ui(new Ui::MainWindow)
{
ui->setupUi(this);
// Initialize private vars
this->hhive=NULL;
this->is_hive_open=false;
this->p_reg_node_tree_model=NULL;
this->p_reg_key_table_model=NULL;
// Set main window size
int cur_screen=QApplication::desktop()->screenNumber(this);
int window_width=
QApplication::desktop()->availableGeometry(cur_screen).width()*0.5;
int window_height=
QApplication::desktop()->availableGeometry(cur_screen).height()*0.5;
int window_x=
(QApplication::desktop()->availableGeometry(cur_screen).width()/2)-
(window_width/2);
int window_y=
(QApplication::desktop()->availableGeometry(cur_screen).height()/2)-
(window_height/2);
this->setGeometry(window_x,
window_y,
window_width,
window_height);
// Create widgets
this->p_horizontal_splitter=new QSplitter();
this->p_horizontal_splitter->setOrientation(Qt::Horizontal);
this->p_node_tree=new QTreeView(this->p_horizontal_splitter);
this->p_node_tree->setHeaderHidden(true);
this->p_vertical_splitter=new QSplitter(this->p_horizontal_splitter);
this->p_vertical_splitter->setOrientation(Qt::Vertical);
this->p_key_table=new QTableView(this->p_vertical_splitter);
this->p_key_table->setSelectionBehavior(QAbstractItemView::SelectRows);
this->p_horizontal_splitter2=new QSplitter(this->p_vertical_splitter);
this->p_horizontal_splitter2->setOrientation(Qt::Horizontal);
this->p_hex_edit_widget=new QWidget(this->p_horizontal_splitter2);
this->p_hex_edit_layout=new QVBoxLayout(this->p_hex_edit_widget);
this->p_hex_edit_layout->setContentsMargins(0,0,0,0);
this->p_hex_edit=new QHexEdit();
this->p_hex_edit->setReadOnly(true);
this->p_hex_edit_status_bar=new QLabel();
this->p_data_interpreter=new DataInterpreter(this->p_horizontal_splitter2);
// Make sure hex viewer font is monospaced.
QFont mono_font("Monospace");
mono_font.setStyleHint(QFont::TypeWriter);
this->p_hex_edit->setFont(mono_font);
// Lay out widgets
this->p_hex_edit_layout->addWidget(this->p_hex_edit);
this->p_hex_edit_layout->addWidget(this->p_hex_edit_status_bar);
this->p_horizontal_splitter2->addWidget(this->p_hex_edit_widget);
this->p_horizontal_splitter2->addWidget(this->p_data_interpreter);
this->p_vertical_splitter->addWidget(this->p_key_table);
this->p_vertical_splitter->addWidget(this->p_horizontal_splitter2);
this->p_horizontal_splitter->addWidget(this->p_node_tree);
this->p_horizontal_splitter->addWidget(this->p_vertical_splitter);
// Set stretch factors
QSizePolicy node_tree_policy=this->p_node_tree->sizePolicy();
node_tree_policy.setHorizontalStretch(1);
node_tree_policy.setVerticalStretch(100);
this->p_node_tree->setSizePolicy(node_tree_policy);
QSizePolicy vertical_splitter_policy=this->p_vertical_splitter->sizePolicy();
vertical_splitter_policy.setHorizontalStretch(4);
vertical_splitter_policy.setVerticalStretch(100);
this->p_vertical_splitter->setSizePolicy(vertical_splitter_policy);
QSizePolicy key_table_policy=this->p_key_table->sizePolicy();
key_table_policy.setVerticalStretch(5);
key_table_policy.setHorizontalStretch(100);
this->p_key_table->setSizePolicy(key_table_policy);
QSizePolicy hex_edit_widget_policy=this->p_hex_edit_widget->sizePolicy();
hex_edit_widget_policy.setVerticalStretch(2);
hex_edit_widget_policy.setHorizontalStretch(200);
this->p_hex_edit_widget->setSizePolicy(hex_edit_widget_policy);
QSizePolicy data_interpreter_policy=this->p_data_interpreter->sizePolicy();
data_interpreter_policy.setVerticalStretch(2);
data_interpreter_policy.setHorizontalStretch(0);
this->p_data_interpreter->setSizePolicy(data_interpreter_policy);
// Connect signals
this->connect(this->p_node_tree,
SIGNAL(clicked(QModelIndex)),
this,
SLOT(SlotNodeTreeClicked(QModelIndex)));
this->connect(this->p_node_tree,
SIGNAL(activated(QModelIndex)),
this,
SLOT(SlotNodeTreeClicked(QModelIndex)));
this->connect(this->p_key_table,
SIGNAL(clicked(QModelIndex)),
this,
SLOT(SlotKeyTableClicked(QModelIndex)));
this->connect(this->p_key_table,
SIGNAL(doubleClicked(QModelIndex)),
this,
SLOT(SlotKeyTableDoubleClicked(QModelIndex)));
this->connect(this->p_hex_edit,
SIGNAL(currentAddressChanged(int)),
this,
SLOT(SlotHexEditAddressChanged(int)));
// Add central widget
this->setContentsMargins(4,4,4,0);
this->setCentralWidget(this->p_horizontal_splitter);
// Set window title
this->UpdateWindowTitle();
// Set last open location to home dir
this->last_open_location=QDir::homePath();
- // Load report templates
- this->data_reporter().LoadReportTemplates();
+ // Load report templates and update menu
+ this->p_data_reporter=new DataReporter();
+ this->p_data_reporter->LoadReportTemplates();
+ this->UpdateDataReporterMenu();
}
MainWindow::~MainWindow() {
if(this->is_hive_open) {
hivex_close(this->hhive);
}
delete ui;
}
void MainWindow::on_action_Quit_triggered() {
qApp->exit();
}
void MainWindow::on_action_Open_hive_triggered() {
QString hive_file="";
hive_file=QFileDialog::getOpenFileName(this,
tr("Open registry hive"),
this->last_open_location,
tr("All files (*)"));
if(hive_file=="") return;
// Update last open location
this->last_open_location=hive_file.left(hive_file.
lastIndexOf(QDir::separator()));
// If another hive is currently open, close it
if(this->is_hive_open) this->on_action_Close_hive_triggered();
// Try to open hive
this->hhive=hivex_open(hive_file.toAscii().constData(),0);
if(this->hhive==NULL) {
QMessageBox::critical(this,
tr("Error opening hive file"),
tr("Unable to open file '%1'").arg(hive_file));
return;
}
// Create tree model
hive_node_h root_node=hivex_root(hhive);
if(root_node==0) {
QMessageBox::critical(this,
tr("Error opening hive file"),
tr("This hive seems to have no root node!")
.arg(hive_file));
return;
}
this->p_reg_node_tree_model=
new RegistryNodeTreeModel(this->hhive,
root_node);
this->p_node_tree->setModel(this->p_reg_node_tree_model);
this->is_hive_open=true;
this->ui->action_Close_hive->setEnabled(true);
+ this->ui->MenuReports->setEnabled(true);
this->UpdateWindowTitle(hive_file);
}
void MainWindow::on_action_Close_hive_triggered() {
if(this->is_hive_open) {
// Delete models
if(this->p_reg_node_tree_model!=NULL) {
delete this->p_reg_node_tree_model;
this->p_reg_node_tree_model=NULL;
}
if(this->p_reg_key_table_model!=NULL) {
delete this->p_reg_key_table_model;
this->p_reg_key_table_model=NULL;
}
// Remove any data from hex edit and data interpreter
this->p_hex_edit->setData(QByteArray());
this->p_hex_edit_status_bar->setText("");
this->p_data_interpreter->ClearValues();
// Close hive
hivex_close(this->hhive);
this->is_hive_open=false;
this->ui->action_Close_hive->setEnabled(false);
+ this->ui->MenuReports->setEnabled(false);
this->UpdateWindowTitle();
}
}
void MainWindow::on_actionAbout_Qt_triggered() {
QMessageBox::aboutQt(this,tr("About Qt"));
}
void MainWindow::on_actionAbout_fred_triggered() {
DlgAbout dlg_about(this);
dlg_about.exec();
}
void MainWindow::SlotNodeTreeClicked(QModelIndex index) {
QStringList nodes;
//Built node path
nodes.clear();
nodes.append(this->p_reg_node_tree_model->
data(index,Qt::DisplayRole).toString());
while(this->p_reg_node_tree_model->parent(index)!=QModelIndex()) {
// Prepend all parent nodes
index=this->p_reg_node_tree_model->parent(index);
nodes.prepend(this->p_reg_node_tree_model->
data(index,Qt::DisplayRole).toString());
}
// Get hive_node handle for current node
hive_node_h hive_node=hivex_root(this->hhive);
QString cur_node;
for(QStringList::iterator it=nodes.begin();it!=nodes.end();++it) {
cur_node=*it;
hive_node=hivex_node_get_child(this->hhive,
hive_node,
cur_node.toAscii().constData());
}
// Create table model and attach it to the table view
if(this->p_reg_key_table_model!=NULL) delete this->p_reg_key_table_model;
this->p_reg_key_table_model=new RegistryKeyTableModel(this->hhive,
hive_node);
this->p_key_table->setModel(this->p_reg_key_table_model);
// Resize table rows / columns to fit data
this->p_key_table->resizeColumnsToContents();
this->p_key_table->horizontalHeader()->stretchLastSection();
}
void MainWindow::SlotKeyTableDoubleClicked(QModelIndex index) {
QModelIndex key_index;
QModelIndex node_index;
QStringList nodes;
QString key_name;
QString key_type;
QByteArray key_value;
if(!index.isValid()) return;
// Get key name, type and value
key_index=this->p_reg_key_table_model->index(index.row(),0);
key_name=this->p_reg_key_table_model->data(key_index,Qt::DisplayRole)
.toString();
key_index=this->p_reg_key_table_model->index(index.row(),1);
key_type=this->p_reg_key_table_model->data(key_index,Qt::DisplayRole)
.toString();
key_index=this->p_reg_key_table_model->index(index.row(),2);
key_value=this->p_reg_key_table_model->data(key_index,
RegistryKeyTableModel::
AdditionalRoles_GetRawData)
.toByteArray();
// Get current node
node_index=this->p_node_tree->currentIndex();
//Built node path
nodes.clear();
nodes.append(this->p_reg_node_tree_model->
data(node_index,Qt::DisplayRole).toString());
while(this->p_reg_node_tree_model->parent(node_index)!=QModelIndex()) {
// Prepend all parent nodes
node_index=this->p_reg_node_tree_model->parent(node_index);
nodes.prepend(this->p_reg_node_tree_model->
data(node_index,Qt::DisplayRole).toString());
}
DlgKeyDetails dlg_key_details(this);
dlg_key_details.SetValues(nodes,key_name,key_type,key_value);
dlg_key_details.exec();
}
void MainWindow::SlotKeyTableClicked(QModelIndex index) {
if(!index.isValid()) return;
this->selected_key_value=
this->p_reg_key_table_model->data(this->p_reg_key_table_model->
index(index.row(),2),
RegistryKeyTableModel::
AdditionalRoles_GetRawData)
.toByteArray();
this->p_hex_edit->setData(this->selected_key_value);
}
void MainWindow::SlotHexEditAddressChanged(int hex_offset) {
// Update hex edit status bar
this->p_hex_edit_status_bar->
setText(QString().sprintf("Byte offset: 0x%04X (%u)",hex_offset,hex_offset));
// Update data interpreter
this->UpdateDataInterpreter(hex_offset);
}
+void MainWindow::SlotReportClicked() {
+ // Get report category and name from sender and it's parent
+ QString category=((QMenu*)((QAction*)QObject::sender())->parent())->title();
+ QString report=((QAction*)QObject::sender())->text();
+
+ QString report_content=this->p_data_reporter->GenerateReport(this->hhive,
+ category,
+ report);
+ QMessageBox::information(this,report,report_content);
+}
+
void MainWindow::UpdateWindowTitle(QString filename) {
if(filename=="") {
this->setWindowTitle(QString().sprintf("%s v%s",APP_TITLE,APP_VERSION));
} else {
this->setWindowTitle(QString().sprintf("%s v%s - %s",
APP_TITLE,
APP_VERSION,
filename.toLocal8Bit().constData()));
}
}
void MainWindow::UpdateDataInterpreter(int hex_offset) {
QDateTime date_time;
const char *p_data;
int remaining_data_len;
// Remove all old values from data interpreter
this->p_data_interpreter->ClearValues();
// Calculate how many bytes are remainig after current offset
remaining_data_len=this->selected_key_value.size()-hex_offset;
if(!remaining_data_len>0) {
// Nothing to show
return;
}
// Get pointer to data at current offset
p_data=this->selected_key_value.constData();
p_data+=hex_offset;
#define rotl32(x,n) (((x) << n) | ((x) >> (32 - n)))
//#define rotr32(x,n) (((x) >> n) | ((x) << (32 - n)))
#define rotl64(x,n) (((x) << n) | ((x) >> (64 - n)))
//#define rotr64(x,n) (((x) >> n) | ((x) << (64 - n)))
if(remaining_data_len>=1) {
this->p_data_interpreter->AddValue("int8:",
QString().sprintf("%d",
*(int8_t*)p_data));
this->p_data_interpreter->AddValue("uint8:",
QString().sprintf("%u",
*(uint8_t*)p_data));
}
if(remaining_data_len>=2) {
this->p_data_interpreter->AddValue("int16:",
QString().sprintf("%d",
*(int16_t*)p_data));
this->p_data_interpreter->AddValue("uint16:",
QString().sprintf("%u",
*(uint16_t*)p_data));
}
if(remaining_data_len>=4) {
this->p_data_interpreter->AddValue("int32:",
QString().sprintf("%d",
*(int32_t*)p_data));
this->p_data_interpreter->AddValue("uint32:",
QString().sprintf("%d",
*(uint32_t*)p_data));
date_time.setTime_t(*(uint32_t*)p_data);
this->p_data_interpreter->AddValue("Unixtime:",
date_time.
toString("yyyy/MM/dd hh:mm:ss"));
}
if(remaining_data_len>=8) {
this->p_data_interpreter->AddValue("int64:",
QString().sprintf("%d",
*(int64_t*)p_data));
this->p_data_interpreter->AddValue("uint64:",
QString().sprintf("%d",
*(uint64_t*)p_data));
date_time.setTime_t((*(uint64_t*)p_data-116444736000000000)/10000000);
this->p_data_interpreter->AddValue("Win64time:",
date_time.
toString("yyyy/MM/dd hh:mm:ss"));
}
#undef rotl32
#undef rotl64
}
+void MainWindow::UpdateDataReporterMenu() {
+ int i=0,ii=0;
+ QMenu *p_category_entry;
+ QAction *p_report_entry;
+
+ QStringList categories=this->p_data_reporter->GetAvailableReportCategories();
+ QStringList reports;
+
+ for(i=0;i<categories.count();i++) {
+ // First create category submenu
+ p_category_entry=this->ui->MenuReports->addMenu(categories.value(i));
+ // Now add category reports
+ reports=this->p_data_reporter->GetAvailableReports(categories.value(i));
+ for(ii=0;ii<reports.count();ii++) {
+ p_report_entry=new QAction(reports.value(ii),p_category_entry);
+ p_category_entry->addAction(p_report_entry);
+ this->connect(p_report_entry,
+ SIGNAL(triggered()),
+ this,
+ SLOT(SlotReportClicked()));
+ }
+ }
+}
+
/*
void MainWindow::LoadReportTemplates() {
//#include <QtXml/QXmlSimpleReader>
QString report_template="";
QXmlSimpleReader xml_parser;
qDebug("Loading report templates...");
QDir report_dir("../trunk/report_templates/");
QStringList report_templates=report_dir.entryList(QStringList()<<"*.fred");
int i=0;
for(i=0;i<report_templates.count();i++) {
report_template=report_dir.path();
report_template.append(QDir::separator());
report_template.append(report_templates.value(i));
qDebug("%s",report_template.toAscii().constData());
QFile *p_report_template_file=new QFile(report_template);
QXmlInputSource *p_xml_file=new QXmlInputSource(p_report_template_file);
ReportTemplateXmlHandler *p_report_handler=new ReportTemplateXmlHandler();
xml_parser.setContentHandler(p_report_handler);
xml_parser.parse(p_xml_file);
delete p_report_handler;
delete p_xml_file;
delete p_report_template_file;
}
}
*/
diff --git a/trunk/mainwindow.h b/trunk/mainwindow.h
index 0f1f5f6..d05d171 100644
--- a/trunk/mainwindow.h
+++ b/trunk/mainwindow.h
@@ -1,99 +1,100 @@
/*******************************************************************************
* fred Copyright (c) 2011 by Gillen Daniel <gillen.dan@pinguin.lu> *
* *
* Forensic Registry EDitor (fred) is a cross-platform M$ registry hive editor *
* with special feautures useful during forensic analysis. *
* *
* This program is free software: you can redistribute it and/or modify it *
* under the terms of the GNU General Public License as published by the Free *
* Software Foundation, either version 3 of the License, or (at your option) *
* any later version. *
* *
* This program is distributed in the hope that it will be useful, but WITHOUT *
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or *
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for *
* more details. *
* *
* You should have received a copy of the GNU General Public License along with *
* this program. If not, see <http://www.gnu.org/licenses/>. *
*******************************************************************************/
#ifndef MAINWINDOW_H
#define MAINWINDOW_H
#include <QMainWindow>
#include <hivex.h>
#include "registrynodetreemodel.h"
#include "registrykeytablemodel.h"
#include "qhexedit/qhexedit.h"
#include "datainterpreter.h"
#include "datareporter.h"
namespace Ui {
class MainWindow;
}
class MainWindow : public QMainWindow {
Q_OBJECT
public:
explicit MainWindow(QWidget *parent = 0);
~MainWindow();
private slots:
void on_action_Quit_triggered();
void on_action_Open_hive_triggered();
void on_action_Close_hive_triggered();
void on_actionAbout_Qt_triggered();
void on_actionAbout_fred_triggered();
void SlotNodeTreeClicked(QModelIndex index);
void SlotKeyTableClicked(QModelIndex index);
void SlotKeyTableDoubleClicked(QModelIndex index);
void SlotHexEditAddressChanged(int hex_offset);
+ void SlotReportClicked();
private:
Ui::MainWindow *ui;
QString last_open_location;
hive_h *hhive;
bool is_hive_open;
RegistryNodeTreeModel *p_reg_node_tree_model;
RegistryKeyTableModel *p_reg_key_table_model;
QByteArray selected_key_value;
// Widgets etc...
QTreeView *p_node_tree;
QTableView *p_key_table;
QWidget *p_hex_edit_widget;
QHexEdit *p_hex_edit;
QLabel *p_hex_edit_status_bar;
DataInterpreter *p_data_interpreter;
QVBoxLayout *p_hex_edit_layout;
QSplitter *p_horizontal_splitter;
QSplitter *p_horizontal_splitter2;
QSplitter *p_vertical_splitter;
- DataReporter data_reporter();
+ DataReporter *p_data_reporter;
/*
* UpdateWindowTitle
*
* Updates the window title
*/
void UpdateWindowTitle(QString filename="");
/*
* UpdateDataInterpreter
*
* Update data interpreter
*/
void UpdateDataInterpreter(int hex_offset);
/*
- *
+ * UpdateDataReporterMenu
*
*/
- void LoadReportTemplates();
+ void UpdateDataReporterMenu();
};
#endif // MAINWINDOW_H
diff --git a/trunk/mainwindow.ui b/trunk/mainwindow.ui
index 3f49a1f..052d89e 100644
--- a/trunk/mainwindow.ui
+++ b/trunk/mainwindow.ui
@@ -1,96 +1,105 @@
<?xml version="1.0" encoding="UTF-8"?>
<ui version="4.0">
<class>MainWindow</class>
<widget class="QMainWindow" name="MainWindow">
<property name="geometry">
<rect>
<x>0</x>
<y>0</y>
<width>508</width>
<height>317</height>
</rect>
</property>
<property name="minimumSize">
<size>
<width>0</width>
<height>0</height>
</size>
</property>
<property name="baseSize">
<size>
<width>0</width>
<height>0</height>
</size>
</property>
<property name="windowTitle">
<string>MainWindow</string>
</property>
<property name="windowIcon">
<iconset resource="fred.qrc">
<normaloff>:/icons/resources/fred.png</normaloff>:/icons/resources/fred.png</iconset>
</property>
<widget class="QWidget" name="MainWidget"/>
<widget class="QMenuBar" name="menuBar">
<property name="geometry">
<rect>
<x>0</x>
<y>0</y>
<width>508</width>
<height>25</height>
</rect>
</property>
- <widget class="QMenu" name="menu_File">
+ <widget class="QMenu" name="MenuFile">
<property name="title">
<string>&File</string>
</property>
<addaction name="action_Open_hive"/>
<addaction name="action_Close_hive"/>
<addaction name="separator"/>
<addaction name="action_Quit"/>
</widget>
- <widget class="QMenu" name="menu">
+ <widget class="QMenu" name="MenuHelp">
<property name="title">
<string>&Help</string>
</property>
<addaction name="actionAbout_Qt"/>
<addaction name="actionAbout_fred"/>
</widget>
- <addaction name="menu_File"/>
- <addaction name="menu"/>
+ <widget class="QMenu" name="MenuReports">
+ <property name="enabled">
+ <bool>false</bool>
+ </property>
+ <property name="title">
+ <string>&Reports</string>
+ </property>
+ </widget>
+ <addaction name="MenuFile"/>
+ <addaction name="MenuReports"/>
+ <addaction name="MenuHelp"/>
</widget>
<widget class="QStatusBar" name="StatusBar"/>
<action name="action_Open_hive">
<property name="text">
<string>&Open hive</string>
</property>
</action>
<action name="action_Close_hive">
<property name="enabled">
<bool>false</bool>
</property>
<property name="text">
<string>&Close hive</string>
</property>
</action>
<action name="action_Quit">
<property name="text">
<string>&Quit</string>
</property>
</action>
<action name="actionAbout_Qt">
<property name="text">
<string>About Qt</string>
</property>
</action>
<action name="actionAbout_fred">
<property name="text">
<string>About fred</string>
</property>
</action>
</widget>
<layoutdefault spacing="6" margin="11"/>
<resources>
<include location="fred.qrc"/>
</resources>
<connections/>
</ui>
diff --git a/trunk/report_templates/SAM_UserAccounts.fred b/trunk/report_templates/SAM_UserAccounts.fred
index cab7036..101db46 100644
--- a/trunk/report_templates/SAM_UserAccounts.fred
+++ b/trunk/report_templates/SAM_UserAccounts.fred
@@ -1,9 +1,9 @@
<?xml version="1.0" encoding="UTF-8"?>
<report category="SAM" name="User accounts">
- <for path="SAM/Domains/Account/Users/Names/*" vars="fred::node;(default),type">
- <paragraph title="[0]" type="stringvar">
- <value name="Last login" key="SAM/Domains/Account/Users/[1]/F" type="win64time" offset="8">
+ <foreach path="SAM/Domains/Account/Users/Names/*" vars="(default),type">
+ <paragraph title="[var::0]" type="string">
+ <value name="Last login" key="SAM/Domains/Account/Users/[var::1]/F" type="win64time" offset="8" />
</paragraph>
- </for>
+ </foreach>
</report>
diff --git a/trunk/reporttemplatexmlhandler.cpp b/trunk/reporttemplatexmlhandler.cpp
index a50ecbd..2e3f07a 100644
--- a/trunk/reporttemplatexmlhandler.cpp
+++ b/trunk/reporttemplatexmlhandler.cpp
@@ -1,79 +1,161 @@
/*******************************************************************************
* fred Copyright (c) 2011 by Gillen Daniel <gillen.dan@pinguin.lu> *
* *
* Forensic Registry EDitor (fred) is a cross-platform M$ registry hive editor *
* with special feautures useful during forensic analysis. *
* *
* This program is free software: you can redistribute it and/or modify it *
* under the terms of the GNU General Public License as published by the Free *
* Software Foundation, either version 3 of the License, or (at your option) *
* any later version. *
* *
* This program is distributed in the hope that it will be useful, but WITHOUT *
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or *
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for *
* more details. *
* *
* You should have received a copy of the GNU General Public License along with *
* this program. If not, see <http://www.gnu.org/licenses/>. *
*******************************************************************************/
#include "reporttemplatexmlhandler.h"
-ReportTemplateXmlHandler::ReportTemplateXmlHandler(bool only_get_info)
+ReportTemplateXmlHandler::ReportTemplateXmlHandler(hive_h *hive_handle,
+ bool only_get_info)
: QXmlDefaultHandler()
{
+ this->hhive=hive_handle;
this->get_info=only_get_info;
}
bool ReportTemplateXmlHandler::startDocument() {
this->report_category="";
this->report_name="";
+ this->report_content="";
}
bool ReportTemplateXmlHandler::startElement(const QString &namespaceURI,
const QString &localName,
const QString &qName,
const QXmlAttributes &atts)
{
int i=0;
+ bool ok;
// If we should only extract report info...
if(this->get_info) {
if(qName=="report") {
this->report_category=atts.value(QString("category"));
this->report_name=atts.value(QString("name"));
}
return true;
}
+ // Check element
+ if(qName=="foreach") {
+ ok=this->ProcessForEach(atts.value(QString("path")),
+ atts.value(QString("vars")),
+ hivex_root(this->hhive));
+ if(!ok) return false;
+ } else if (qName=="paragraph") {
+
+ } else if (qName=="value") {
+
+ }
+
+ /*
qDebug("%s",QString("--> %3").arg(qName).toAscii().constData());
for(i=0;i<atts.count();i++) {
qDebug("%s",QString("----> Name: '%1'', Value: '%2'").arg(atts.qName(i),atts.value(i)).toAscii().constData());
}
+ */
return true;
}
bool ReportTemplateXmlHandler::endElement(const QString &namespaceURI,
const QString &localName,
const QString &qName)
{
+ if(this->get_info) return true;
+
+ if(qName=="foreach") {
+
+ } else if (qName=="paragraph") {
+
+ } else if (qName=="value") {
+
+ }
+
return true;
}
bool ReportTemplateXmlHandler::error(const QXmlParseException &exception) {
+ qDebug("error: %u: %s",exception.lineNumber(),exception.message().toAscii().constData());
return false;
}
bool ReportTemplateXmlHandler::fatalError(const QXmlParseException &exception) {
+ qDebug("fatalerror: %u: %s",exception.lineNumber(),exception.message().toAscii().constData());
return false;
}
QString ReportTemplateXmlHandler::GetReportCategory() {
return this->report_category;
}
QString ReportTemplateXmlHandler::GetReportName() {
return this->report_name;
}
+
+QString ReportTemplateXmlHandler::ReportData() {
+
+}
+
+bool ReportTemplateXmlHandler::ProcessForEach(QString path,
+ QString vars,
+ hive_node_h cur_hive_node,
+ bool iterate) {
+ int i=0,ii=0;
+
+ if(!iterate) {
+ QStringList nodes=path.split('/');
+ if(cur_hive_node==0) return false;
+
+ for(i=0;i<nodes.count();i++) {
+ if(nodes.value(i)!="*") {
+ cur_hive_node=hivex_node_get_child(this->hhive,
+ cur_hive_node,
+ nodes.value(i).toAscii().
+ constData());
+ if(cur_hive_node==0) return false;
+ } else {
+ QString new_path="";
+ for(ii=i+1;ii<nodes.count();ii++) {
+ new_path.append(nodes.value(ii)).append("/");
+ }
+ new_path.chop(1);
+ ok=this->ProcessForEach(new_path,vars,cur_hive_node,true);
+ if(!ok) return false;
+ }
+ }
+ } else {
+ hive_node_h *p_child_nodes=hivex_node_children(this->hhive,cur_hive_node);
+ i=0;
+ while(p_child_nodes[i]) {
+
+ i++;
+ }
+ free(p_child_nodes);
+ }
+
+ return true;
+}
+
+bool ReportTemplateXmlHandler::ProcessParagraph() {
+
+}
+
+bool ReportTemplateXmlHandler::ProcessValue() {
+
+}
diff --git a/trunk/reporttemplatexmlhandler.h b/trunk/reporttemplatexmlhandler.h
index 4390420..7ecc719 100644
--- a/trunk/reporttemplatexmlhandler.h
+++ b/trunk/reporttemplatexmlhandler.h
@@ -1,52 +1,61 @@
/*******************************************************************************
* fred Copyright (c) 2011 by Gillen Daniel <gillen.dan@pinguin.lu> *
* *
* Forensic Registry EDitor (fred) is a cross-platform M$ registry hive editor *
* with special feautures useful during forensic analysis. *
* *
* This program is free software: you can redistribute it and/or modify it *
* under the terms of the GNU General Public License as published by the Free *
* Software Foundation, either version 3 of the License, or (at your option) *
* any later version. *
* *
* This program is distributed in the hope that it will be useful, but WITHOUT *
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or *
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for *
* more details. *
* *
* You should have received a copy of the GNU General Public License along with *
* this program. If not, see <http://www.gnu.org/licenses/>. *
*******************************************************************************/
#ifndef REPORTTEMPLATEXMLHANDLER_H
#define REPORTTEMPLATEXMLHANDLER_H
#include <QtXml/QXmlDefaultHandler>
+#include <hivex.h>
+
class ReportTemplateXmlHandler : public QXmlDefaultHandler {
public:
- explicit ReportTemplateXmlHandler(bool only_get_info=true);
+ explicit ReportTemplateXmlHandler(hive_h *hive_handle=NULL,
+ bool only_get_info=true);
bool startDocument();
bool startElement(const QString &namespaceURI,
const QString &localName,
const QString &qName,
const QXmlAttributes &atts);
bool endElement(const QString &namespaceURI,
const QString &localName,
const QString &qName);
bool error(const QXmlParseException &exception);
bool fatalError(const QXmlParseException &exception);
QString GetReportCategory();
QString GetReportName();
+ QString ReportData();
private:
+ hive_h *hhive;
bool get_info;
QString report_category;
QString report_name;
+ QString report_content;
+ bool ProcessForEach(QString path, QString vars);
+ bool ProcessParagraph();
+ bool ProcessValue();
};
#endif // REPORTTEMPLATEXMLHANDLER_H
File Metadata
Details
Attached
Mime Type
text/x-diff
Expires
Tue, Dec 24, 6:59 AM (1 d, 13 h)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
1177066
Default Alt Text
(40 KB)
Attached To
Mode
rFRED fred
Attached
Detach File
Event Timeline
Log In to Comment