Page Menu
Home
Phabricator
Search
Configure Global Search
Log In
Files
F6270294
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Size
5 KB
Referenced Files
None
Subscribers
None
View Options
diff --git a/trunk/threadsearch.cpp b/trunk/threadsearch.cpp
index 72e499e..23a06d7 100644
--- a/trunk/threadsearch.cpp
+++ b/trunk/threadsearch.cpp
@@ -1,27 +1,79 @@
/*******************************************************************************
* fred Copyright (c) 2011 by Gillen Daniel <gillen.dan@pinguin.lu> *
* *
* Forensic Registry EDitor (fred) is a cross-platform M$ registry hive editor *
* with special feautures useful during forensic analysis. *
* *
* This program is free software: you can redistribute it and/or modify it *
* under the terms of the GNU General Public License as published by the Free *
* Software Foundation, either version 3 of the License, or (at your option) *
* any later version. *
* *
* This program is distributed in the hope that it will be useful, but WITHOUT *
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or *
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for *
* more details. *
* *
* You should have received a copy of the GNU General Public License along with *
* this program. If not, see <http://www.gnu.org/licenses/>. *
*******************************************************************************/
#include "threadsearch.h"
+#include <QStringList>
+
ThreadSearch::ThreadSearch(QObject *p_parent) : QThread(p_parent) {
+ this->hive_file="";
+ this->h_hive=NULL;
+ this->keywords=QList<QByteArray>();
+ this->search_nodes=false;
+ this->search_keys=false;
+ this->search_values=false;
+ this->root_node=0;
+}
+
+bool ThreadSearch::Search(QString registry_hive,
+ QList<QByteArray> search_keywords,
+ bool search_node_names,
+ bool search_key_names,
+ bool search_key_values,
+ QString search_path)
+{
+ this->hive_file=registry_hive;
+ this->keywords=search_keywords;
+ this->search_nodes=search_node_names;
+ this->search_keys=search_key_names;
+ this->search_values=search_key_values;
+
+ // Try to open hive
+ this->h_hive=hivex_open(this->hive_file.toAscii().constData(),0);
+ if(this->h_hive==NULL) return false;
+
+ // Get root node
+ this->root_node=hivex_root(this->h_hive);
+ if(this->root_node==0) {
+ hivex_close(this->h_hive);
+ return false;
+ }
+
+ // If a root path was specified, itearte to it
+ if(search_path!="\\") {
+ QStringList path_nodes=search_path.split("\\",QString::SkipEmptyParts);
+ int i;
+ for(i=0;i<path_nodes.count();i++) {
+ this->root_node=hivex_node_get_child(this->h_hive,
+ this->root_node,
+ path_nodes.at(i).toAscii().constData());
+ if(this->root_node==0) {
+ hivex_close(this->h_hive);
+ return false;
+ }
+ }
+ }
+
+ this->start();
+ return true;
}
void ThreadSearch::run() {
}
diff --git a/trunk/threadsearch.h b/trunk/threadsearch.h
index 0e314ef..e64a35c 100644
--- a/trunk/threadsearch.h
+++ b/trunk/threadsearch.h
@@ -1,37 +1,59 @@
/*******************************************************************************
* fred Copyright (c) 2011 by Gillen Daniel <gillen.dan@pinguin.lu> *
* *
* Forensic Registry EDitor (fred) is a cross-platform M$ registry hive editor *
* with special feautures useful during forensic analysis. *
* *
* This program is free software: you can redistribute it and/or modify it *
* under the terms of the GNU General Public License as published by the Free *
* Software Foundation, either version 3 of the License, or (at your option) *
* any later version. *
* *
* This program is distributed in the hope that it will be useful, but WITHOUT *
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or *
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for *
* more details. *
* *
* You should have received a copy of the GNU General Public License along with *
* this program. If not, see <http://www.gnu.org/licenses/>. *
*******************************************************************************/
#ifndef THREADSEARCH_H
#define THREADSEARCH_H
#include <QThread>
#include <QObject>
+#include <QList>
+#include <QByteArray>
+
+#include <hivex.h>
class ThreadSearch : public QThread {
Q_OBJECT
public:
ThreadSearch(QObject *p_parent=0);
+ bool Search(QString registry_hive,
+ QList<QByteArray> search_keywords,
+ bool search_node_names,
+ bool search_key_names,
+ bool search_key_values,
+ QString search_path="\\");
+
protected:
void run();
+
+ private:
+ QString hive_file;
+ hive_h *h_hive;
+ QList<QByteArray> keywords;
+ bool search_nodes;
+ bool search_keys;
+ bool search_values;
+ hive_node_h root_node;
+
+
};
#endif // THREADSEARCH_H
File Metadata
Details
Attached
Mime Type
text/x-diff
Expires
Sun, Aug 24, 12:58 PM (1 d, 17 h)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
1310162
Default Alt Text
(5 KB)
Attached To
Mode
rFRED fred
Attached
Detach File
Event Timeline
Log In to Comment