Page MenuHomePhabricator

No OneTemporary

Size
34 KB
Referenced Files
None
Subscribers
None
diff --git a/trunk/datareporterengine.cpp b/trunk/datareporterengine.cpp
new file mode 100644
index 0000000..6a89589
--- /dev/null
+++ b/trunk/datareporterengine.cpp
@@ -0,0 +1,7 @@
+#include "datareporterengine.h"
+
+DataReporterEngine::DataReporterEngine(QObject *p_parent)
+ : QScriptEngine(p_parent)
+{
+
+}
diff --git a/trunk/datareporterengine.h b/trunk/datareporterengine.h
new file mode 100644
index 0000000..fed2ea9
--- /dev/null
+++ b/trunk/datareporterengine.h
@@ -0,0 +1,15 @@
+#ifndef DATAREPORTERENGINE_H
+#define DATAREPORTERENGINE_H
+
+#include <QtScript/QScriptEngine>
+
+class DataReporterEngine : public QScriptEngine {
+ public:
+ DataReporterEngine(QObject *p_parent=0);
+
+
+
+
+};
+
+#endif // DATAREPORTERENGINE_H
diff --git a/trunk/fred.pro b/trunk/fred.pro
index c8ef416..a752ecb 100644
--- a/trunk/fred.pro
+++ b/trunk/fred.pro
@@ -1,67 +1,72 @@
#*******************************************************************************
# fred Copyright (c) 2011 by Gillen Daniel <gillen.dan@pinguin.lu> *
# *
# Forensic Registry EDitor (fred) is a cross-platform M$ registry hive editor *
# with special feautures useful during forensic analysis. *
# *
# This program is free software: you can redistribute it and/or modify it *
# under the terms of the GNU General Public License as published by the Free *
# Software Foundation, either version 3 of the License, or (at your option) *
# any later version. *
# *
# This program is distributed in the hope that it will be useful, but WITHOUT *
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or *
# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for *
# more details. *
# *
# You should have received a copy of the GNU General Public License along with *
# this program. If not, see <http://www.gnu.org/licenses/>. *
#******************************************************************************/
system(bash compileinfo.sh > compileinfo.h)
QT += core \
gui \
- xml
+ xml \
+ script
TARGET = fred
TEMPLATE = app
SOURCES += main.cpp\
mainwindow.cpp \
registrynode.cpp \
registrynodetreemodel.cpp \
registrykey.cpp \
registrykeytablemodel.cpp \
dlgabout.cpp \
dlgkeydetails.cpp \
qhexedit/qhexedit_p.cpp \
qhexedit/qhexedit.cpp \
datainterpreter.cpp \
reporttemplatexmlhandler.cpp \
reporttemplate.cpp \
- datareporter.cpp
+ datareporter.cpp \
+ datareporterengine.cpp \
+ registryhive.cpp
HEADERS += mainwindow.h \
registrynode.h \
registrynodetreemodel.h \
registrykey.h \
registrykeytablemodel.h \
dlgabout.h \
dlgkeydetails.h \
qhexedit/qhexedit_p.h \
qhexedit/qhexedit.h \
datainterpreter.h \
reporttemplatexmlhandler.h \
reporttemplate.h \
- datareporter.h
+ datareporter.h \
+ datareporterengine.h \
+ registryhive.h
FORMS += mainwindow.ui \
dlgabout.ui \
dlgkeydetails.ui
LIBS += -lhivex
RESOURCES += fred.qrc
diff --git a/trunk/mainwindow.cpp b/trunk/mainwindow.cpp
index a1f08f8..cb53e66 100644
--- a/trunk/mainwindow.cpp
+++ b/trunk/mainwindow.cpp
@@ -1,507 +1,509 @@
/*******************************************************************************
* fred Copyright (c) 2011 by Gillen Daniel <gillen.dan@pinguin.lu> *
* *
* Forensic Registry EDitor (fred) is a cross-platform M$ registry hive editor *
* with special feautures useful during forensic analysis. *
* *
* This program is free software: you can redistribute it and/or modify it *
* under the terms of the GNU General Public License as published by the Free *
* Software Foundation, either version 3 of the License, or (at your option) *
* any later version. *
* *
* This program is distributed in the hope that it will be useful, but WITHOUT *
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or *
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for *
* more details. *
* *
* You should have received a copy of the GNU General Public License along with *
* this program. If not, see <http://www.gnu.org/licenses/>. *
*******************************************************************************/
#include <QFileDialog>
#include <QMessageBox>
#include <QStringList>
#include <QDesktopWidget>
#include <QDir>
#include <QSplitter>
#include "mainwindow.h"
#include "ui_mainwindow.h"
#include "dlgabout.h"
#include "dlgkeydetails.h"
#include "compileinfo.h"
MainWindow::MainWindow(QWidget *parent) :
QMainWindow(parent), ui(new Ui::MainWindow)
{
ui->setupUi(this);
// Initialize private vars
this->hhive=NULL;
this->is_hive_open=false;
this->p_reg_node_tree_model=NULL;
this->p_reg_key_table_model=NULL;
// Set main window size
int cur_screen=QApplication::desktop()->screenNumber(this);
int window_width=
QApplication::desktop()->availableGeometry(cur_screen).width()*0.5;
int window_height=
QApplication::desktop()->availableGeometry(cur_screen).height()*0.5;
int window_x=
(QApplication::desktop()->availableGeometry(cur_screen).width()/2)-
(window_width/2);
int window_y=
(QApplication::desktop()->availableGeometry(cur_screen).height()/2)-
(window_height/2);
this->setGeometry(window_x,
window_y,
window_width,
window_height);
// Create widgets
this->p_horizontal_splitter=new QSplitter();
this->p_horizontal_splitter->setOrientation(Qt::Horizontal);
this->p_node_tree=new QTreeView(this->p_horizontal_splitter);
this->p_node_tree->setHeaderHidden(true);
this->p_vertical_splitter=new QSplitter(this->p_horizontal_splitter);
this->p_vertical_splitter->setOrientation(Qt::Vertical);
this->p_key_table=new QTableView(this->p_vertical_splitter);
this->p_key_table->setSelectionBehavior(QAbstractItemView::SelectRows);
this->p_horizontal_splitter2=new QSplitter(this->p_vertical_splitter);
this->p_horizontal_splitter2->setOrientation(Qt::Horizontal);
this->p_hex_edit_widget=new QWidget(this->p_horizontal_splitter2);
this->p_hex_edit_layout=new QVBoxLayout(this->p_hex_edit_widget);
this->p_hex_edit_layout->setContentsMargins(0,0,0,0);
this->p_hex_edit=new QHexEdit();
this->p_hex_edit->setReadOnly(true);
this->p_hex_edit_status_bar=new QLabel();
this->p_data_interpreter=new DataInterpreter(this->p_horizontal_splitter2);
// Make sure hex viewer font is monospaced.
QFont mono_font("Monospace");
mono_font.setStyleHint(QFont::TypeWriter);
this->p_hex_edit->setFont(mono_font);
// Lay out widgets
this->p_hex_edit_layout->addWidget(this->p_hex_edit);
this->p_hex_edit_layout->addWidget(this->p_hex_edit_status_bar);
this->p_horizontal_splitter2->addWidget(this->p_hex_edit_widget);
this->p_horizontal_splitter2->addWidget(this->p_data_interpreter);
this->p_vertical_splitter->addWidget(this->p_key_table);
this->p_vertical_splitter->addWidget(this->p_horizontal_splitter2);
this->p_horizontal_splitter->addWidget(this->p_node_tree);
this->p_horizontal_splitter->addWidget(this->p_vertical_splitter);
// Set stretch factors
QSizePolicy node_tree_policy=this->p_node_tree->sizePolicy();
node_tree_policy.setHorizontalStretch(1);
node_tree_policy.setVerticalStretch(100);
this->p_node_tree->setSizePolicy(node_tree_policy);
QSizePolicy vertical_splitter_policy=this->p_vertical_splitter->sizePolicy();
vertical_splitter_policy.setHorizontalStretch(4);
vertical_splitter_policy.setVerticalStretch(100);
this->p_vertical_splitter->setSizePolicy(vertical_splitter_policy);
QSizePolicy key_table_policy=this->p_key_table->sizePolicy();
key_table_policy.setVerticalStretch(5);
key_table_policy.setHorizontalStretch(100);
this->p_key_table->setSizePolicy(key_table_policy);
QSizePolicy hex_edit_widget_policy=this->p_hex_edit_widget->sizePolicy();
hex_edit_widget_policy.setVerticalStretch(2);
hex_edit_widget_policy.setHorizontalStretch(200);
this->p_hex_edit_widget->setSizePolicy(hex_edit_widget_policy);
QSizePolicy data_interpreter_policy=this->p_data_interpreter->sizePolicy();
data_interpreter_policy.setVerticalStretch(2);
data_interpreter_policy.setHorizontalStretch(0);
this->p_data_interpreter->setSizePolicy(data_interpreter_policy);
// Connect signals
this->connect(this->p_node_tree,
SIGNAL(clicked(QModelIndex)),
this,
SLOT(SlotNodeTreeClicked(QModelIndex)));
this->connect(this->p_node_tree,
SIGNAL(activated(QModelIndex)),
this,
SLOT(SlotNodeTreeClicked(QModelIndex)));
this->connect(this->p_key_table,
SIGNAL(clicked(QModelIndex)),
this,
SLOT(SlotKeyTableClicked(QModelIndex)));
this->connect(this->p_key_table,
SIGNAL(doubleClicked(QModelIndex)),
this,
SLOT(SlotKeyTableDoubleClicked(QModelIndex)));
this->connect(this->p_hex_edit,
SIGNAL(currentAddressChanged(int)),
this,
SLOT(SlotHexEditAddressChanged(int)));
// Add central widget
this->setContentsMargins(4,4,4,0);
this->setCentralWidget(this->p_horizontal_splitter);
// Set window title
this->UpdateWindowTitle();
// Set last open location to home dir
this->last_open_location=QDir::homePath();
// Load report templates and update menu
this->p_data_reporter=new DataReporter();
this->p_data_reporter->LoadReportTemplates();
this->UpdateDataReporterMenu();
}
MainWindow::~MainWindow() {
if(this->is_hive_open) {
hivex_close(this->hhive);
}
delete ui;
}
void MainWindow::on_action_Quit_triggered() {
qApp->exit();
}
void MainWindow::on_action_Open_hive_triggered() {
QString hive_file="";
hive_file=QFileDialog::getOpenFileName(this,
tr("Open registry hive"),
this->last_open_location,
tr("All files (*)"));
if(hive_file=="") return;
// Update last open location
this->last_open_location=hive_file.left(hive_file.
lastIndexOf(QDir::separator()));
// If another hive is currently open, close it
if(this->is_hive_open) this->on_action_Close_hive_triggered();
// Try to open hive
this->hhive=hivex_open(hive_file.toAscii().constData(),0);
if(this->hhive==NULL) {
QMessageBox::critical(this,
tr("Error opening hive file"),
tr("Unable to open file '%1'").arg(hive_file));
return;
}
// Create tree model
hive_node_h root_node=hivex_root(hhive);
if(root_node==0) {
QMessageBox::critical(this,
tr("Error opening hive file"),
tr("This hive seems to have no root node!")
.arg(hive_file));
return;
}
this->p_reg_node_tree_model=
new RegistryNodeTreeModel(this->hhive,
root_node);
this->p_node_tree->setModel(this->p_reg_node_tree_model);
this->is_hive_open=true;
this->ui->action_Close_hive->setEnabled(true);
this->ui->MenuReports->setEnabled(true);
this->UpdateWindowTitle(hive_file);
}
void MainWindow::on_action_Close_hive_triggered() {
if(this->is_hive_open) {
// Delete models
if(this->p_reg_node_tree_model!=NULL) {
delete this->p_reg_node_tree_model;
this->p_reg_node_tree_model=NULL;
}
if(this->p_reg_key_table_model!=NULL) {
delete this->p_reg_key_table_model;
this->p_reg_key_table_model=NULL;
}
// Remove any data from hex edit and data interpreter
this->p_hex_edit->setData(QByteArray());
this->p_hex_edit_status_bar->setText("");
this->p_data_interpreter->ClearValues();
// Close hive
hivex_close(this->hhive);
this->is_hive_open=false;
this->ui->action_Close_hive->setEnabled(false);
this->ui->MenuReports->setEnabled(false);
this->UpdateWindowTitle();
}
}
void MainWindow::on_actionAbout_Qt_triggered() {
QMessageBox::aboutQt(this,tr("About Qt"));
}
void MainWindow::on_actionAbout_fred_triggered() {
DlgAbout dlg_about(this);
dlg_about.exec();
}
void MainWindow::SlotNodeTreeClicked(QModelIndex index) {
QStringList nodes;
//Built node path
nodes.clear();
nodes.append(this->p_reg_node_tree_model->
data(index,Qt::DisplayRole).toString());
while(this->p_reg_node_tree_model->parent(index)!=QModelIndex()) {
// Prepend all parent nodes
index=this->p_reg_node_tree_model->parent(index);
nodes.prepend(this->p_reg_node_tree_model->
data(index,Qt::DisplayRole).toString());
}
// Get hive_node handle for current node
hive_node_h hive_node=hivex_root(this->hhive);
QString cur_node;
for(QStringList::iterator it=nodes.begin();it!=nodes.end();++it) {
cur_node=*it;
hive_node=hivex_node_get_child(this->hhive,
hive_node,
cur_node.toAscii().constData());
}
// Create table model and attach it to the table view
if(this->p_reg_key_table_model!=NULL) delete this->p_reg_key_table_model;
this->p_reg_key_table_model=new RegistryKeyTableModel(this->hhive,
hive_node);
this->p_key_table->setModel(this->p_reg_key_table_model);
// Resize table rows / columns to fit data
this->p_key_table->resizeColumnsToContents();
this->p_key_table->horizontalHeader()->stretchLastSection();
}
void MainWindow::SlotKeyTableDoubleClicked(QModelIndex index) {
QModelIndex key_index;
QModelIndex node_index;
QStringList nodes;
QString key_name;
QString key_type;
QByteArray key_value;
if(!index.isValid()) return;
// Get key name, type and value
key_index=this->p_reg_key_table_model->index(index.row(),0);
key_name=this->p_reg_key_table_model->data(key_index,Qt::DisplayRole)
.toString();
key_index=this->p_reg_key_table_model->index(index.row(),1);
key_type=this->p_reg_key_table_model->data(key_index,Qt::DisplayRole)
.toString();
key_index=this->p_reg_key_table_model->index(index.row(),2);
key_value=this->p_reg_key_table_model->data(key_index,
RegistryKeyTableModel::
AdditionalRoles_GetRawData)
.toByteArray();
// Get current node
node_index=this->p_node_tree->currentIndex();
//Built node path
nodes.clear();
nodes.append(this->p_reg_node_tree_model->
data(node_index,Qt::DisplayRole).toString());
while(this->p_reg_node_tree_model->parent(node_index)!=QModelIndex()) {
// Prepend all parent nodes
node_index=this->p_reg_node_tree_model->parent(node_index);
nodes.prepend(this->p_reg_node_tree_model->
data(node_index,Qt::DisplayRole).toString());
}
DlgKeyDetails dlg_key_details(this);
dlg_key_details.SetValues(nodes,key_name,key_type,key_value);
dlg_key_details.exec();
}
void MainWindow::SlotKeyTableClicked(QModelIndex index) {
if(!index.isValid()) return;
this->selected_key_value=
this->p_reg_key_table_model->data(this->p_reg_key_table_model->
index(index.row(),2),
RegistryKeyTableModel::
AdditionalRoles_GetRawData)
.toByteArray();
this->p_hex_edit->setData(this->selected_key_value);
}
void MainWindow::SlotHexEditAddressChanged(int hex_offset) {
// Update hex edit status bar
this->p_hex_edit_status_bar->
setText(QString().sprintf("Byte offset: 0x%04X (%u)",hex_offset,hex_offset));
// Update data interpreter
this->UpdateDataInterpreter(hex_offset);
}
void MainWindow::SlotReportClicked() {
// Get report category and name from sender and it's parent
QString category=((QMenu*)((QAction*)QObject::sender())->parent())->title();
QString report=((QAction*)QObject::sender())->text();
QString report_content=this->p_data_reporter->GenerateReport(this->hhive,
category,
report);
+
QMessageBox::information(this,report,report_content);
+
}
void MainWindow::UpdateWindowTitle(QString filename) {
if(filename=="") {
this->setWindowTitle(QString().sprintf("%s v%s",APP_TITLE,APP_VERSION));
} else {
this->setWindowTitle(QString().sprintf("%s v%s - %s",
APP_TITLE,
APP_VERSION,
filename.toLocal8Bit().constData()));
}
}
void MainWindow::UpdateDataInterpreter(int hex_offset) {
QDateTime date_time;
const char *p_data;
int remaining_data_len;
// Remove all old values from data interpreter
this->p_data_interpreter->ClearValues();
// Calculate how many bytes are remainig after current offset
remaining_data_len=this->selected_key_value.size()-hex_offset;
if(!remaining_data_len>0) {
// Nothing to show
return;
}
// Get pointer to data at current offset
p_data=this->selected_key_value.constData();
p_data+=hex_offset;
#define rotl32(x,n) (((x) << n) | ((x) >> (32 - n)))
//#define rotr32(x,n) (((x) >> n) | ((x) << (32 - n)))
#define rotl64(x,n) (((x) << n) | ((x) >> (64 - n)))
//#define rotr64(x,n) (((x) >> n) | ((x) << (64 - n)))
if(remaining_data_len>=1) {
this->p_data_interpreter->AddValue("int8:",
QString().sprintf("%d",
*(int8_t*)p_data));
this->p_data_interpreter->AddValue("uint8:",
QString().sprintf("%u",
*(uint8_t*)p_data));
}
if(remaining_data_len>=2) {
this->p_data_interpreter->AddValue("int16:",
QString().sprintf("%d",
*(int16_t*)p_data));
this->p_data_interpreter->AddValue("uint16:",
QString().sprintf("%u",
*(uint16_t*)p_data));
}
if(remaining_data_len>=4) {
this->p_data_interpreter->AddValue("int32:",
QString().sprintf("%d",
*(int32_t*)p_data));
this->p_data_interpreter->AddValue("uint32:",
QString().sprintf("%d",
*(uint32_t*)p_data));
date_time.setTime_t(*(uint32_t*)p_data);
this->p_data_interpreter->AddValue("Unixtime:",
date_time.
toString("yyyy/MM/dd hh:mm:ss"));
}
if(remaining_data_len>=8) {
this->p_data_interpreter->AddValue("int64:",
QString().sprintf("%d",
*(int64_t*)p_data));
this->p_data_interpreter->AddValue("uint64:",
QString().sprintf("%d",
*(uint64_t*)p_data));
date_time.setTime_t((*(uint64_t*)p_data-116444736000000000)/10000000);
this->p_data_interpreter->AddValue("Win64time:",
date_time.
toString("yyyy/MM/dd hh:mm:ss"));
}
#undef rotl32
#undef rotl64
}
void MainWindow::UpdateDataReporterMenu() {
int i=0,ii=0;
QMenu *p_category_entry;
QAction *p_report_entry;
QStringList categories=this->p_data_reporter->GetAvailableReportCategories();
QStringList reports;
for(i=0;i<categories.count();i++) {
// First create category submenu
p_category_entry=this->ui->MenuReports->addMenu(categories.value(i));
// Now add category reports
reports=this->p_data_reporter->GetAvailableReports(categories.value(i));
for(ii=0;ii<reports.count();ii++) {
p_report_entry=new QAction(reports.value(ii),p_category_entry);
p_category_entry->addAction(p_report_entry);
this->connect(p_report_entry,
SIGNAL(triggered()),
this,
SLOT(SlotReportClicked()));
}
}
}
/*
void MainWindow::LoadReportTemplates() {
//#include <QtXml/QXmlSimpleReader>
QString report_template="";
QXmlSimpleReader xml_parser;
qDebug("Loading report templates...");
QDir report_dir("../trunk/report_templates/");
QStringList report_templates=report_dir.entryList(QStringList()<<"*.fred");
int i=0;
for(i=0;i<report_templates.count();i++) {
report_template=report_dir.path();
report_template.append(QDir::separator());
report_template.append(report_templates.value(i));
qDebug("%s",report_template.toAscii().constData());
QFile *p_report_template_file=new QFile(report_template);
QXmlInputSource *p_xml_file=new QXmlInputSource(p_report_template_file);
ReportTemplateXmlHandler *p_report_handler=new ReportTemplateXmlHandler();
xml_parser.setContentHandler(p_report_handler);
xml_parser.parse(p_xml_file);
delete p_report_handler;
delete p_xml_file;
delete p_report_template_file;
}
}
*/
diff --git a/trunk/registryhive.cpp b/trunk/registryhive.cpp
new file mode 100644
index 0000000..9bdc439
--- /dev/null
+++ b/trunk/registryhive.cpp
@@ -0,0 +1,7 @@
+#include "registryhive.h"
+
+RegistryHive::RegistryHive(QObject *p_parent)
+ : QObject(p_parent)
+{
+
+}
diff --git a/trunk/registryhive.h b/trunk/registryhive.h
new file mode 100644
index 0000000..6209422
--- /dev/null
+++ b/trunk/registryhive.h
@@ -0,0 +1,20 @@
+#ifndef REGISTRYHIVE_H
+#define REGISTRYHIVE_H
+
+#include <QObject>
+
+#include <hivex.h>
+
+class RegistryHive : public QObject {
+ Q_OBJECT
+
+ public:
+ explicit RegistryHive(QObject *p_parent=0);
+
+ signals:
+
+ public slots:
+
+};
+
+#endif // REGISTRYHIVE_H
diff --git a/trunk/reporttemplatexmlhandler.cpp b/trunk/reporttemplatexmlhandler.cpp
index 2bf92e3..8137f7d 100644
--- a/trunk/reporttemplatexmlhandler.cpp
+++ b/trunk/reporttemplatexmlhandler.cpp
@@ -1,170 +1,209 @@
/*******************************************************************************
* fred Copyright (c) 2011 by Gillen Daniel <gillen.dan@pinguin.lu> *
* *
* Forensic Registry EDitor (fred) is a cross-platform M$ registry hive editor *
* with special feautures useful during forensic analysis. *
* *
* This program is free software: you can redistribute it and/or modify it *
* under the terms of the GNU General Public License as published by the Free *
* Software Foundation, either version 3 of the License, or (at your option) *
* any later version. *
* *
* This program is distributed in the hope that it will be useful, but WITHOUT *
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or *
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for *
* more details. *
* *
* You should have received a copy of the GNU General Public License along with *
* this program. If not, see <http://www.gnu.org/licenses/>. *
*******************************************************************************/
+#include <stdlib.h>
+
#include "reporttemplatexmlhandler.h"
ReportTemplateXmlHandler::ReportTemplateXmlHandler(hive_h *hive_handle,
bool only_get_info)
: QXmlDefaultHandler()
{
this->hhive=hive_handle;
this->get_info=only_get_info;
}
ReportTemplateXmlHandler::~ReportTemplateXmlHandler() {
qDeleteAll(this->report_data);
}
bool ReportTemplateXmlHandler::startDocument() {
this->report_category="";
this->report_name="";
this->report_content="";
this->report_data.clear();
+ return true;
}
bool ReportTemplateXmlHandler::startElement(const QString &namespaceURI,
const QString &localName,
const QString &qName,
const QXmlAttributes &atts)
{
+ Q_UNUSED(namespaceURI);
+ Q_UNUSED(localName);
int i=0;
bool ok;
// If we should only extract report info...
if(this->get_info) {
if(qName=="report") {
this->report_category=atts.value(QString("category"));
this->report_name=atts.value(QString("name"));
}
return true;
}
// Check element
if(qName=="foreach") {
ok=this->ProcessForEach(atts.value(QString("path")),
atts.value(QString("vars")),
hivex_root(this->hhive));
if(!ok) return false;
} else if (qName=="paragraph") {
} else if (qName=="value") {
}
/*
qDebug("%s",QString("--> %3").arg(qName).toAscii().constData());
for(i=0;i<atts.count();i++) {
qDebug("%s",QString("----> Name: '%1'', Value: '%2'").arg(atts.qName(i),atts.value(i)).toAscii().constData());
}
*/
return true;
}
bool ReportTemplateXmlHandler::endElement(const QString &namespaceURI,
const QString &localName,
const QString &qName)
{
+ Q_UNUSED(namespaceURI);
+ Q_UNUSED(localName);
if(this->get_info) return true;
if(qName=="foreach") {
} else if (qName=="paragraph") {
} else if (qName=="value") {
}
return true;
}
bool ReportTemplateXmlHandler::error(const QXmlParseException &exception) {
qDebug("error: %u: %s",exception.lineNumber(),exception.message().toAscii().constData());
return false;
}
bool ReportTemplateXmlHandler::fatalError(const QXmlParseException &exception) {
qDebug("fatalerror: %u: %s",exception.lineNumber(),exception.message().toAscii().constData());
return false;
}
QString ReportTemplateXmlHandler::GetReportCategory() {
return this->report_category;
}
QString ReportTemplateXmlHandler::GetReportName() {
return this->report_name;
}
QString ReportTemplateXmlHandler::ReportData() {
-
+ return QString();
}
bool ReportTemplateXmlHandler::ProcessForEach(QString path,
QString vars,
hive_node_h cur_hive_node,
bool iterate) {
int i=0,ii=0;
+ bool ok;
if(!iterate) {
QStringList nodes=path.split('/');
if(cur_hive_node==0) return false;
for(i=0;i<nodes.count();i++) {
if(nodes.value(i)!="*") {
cur_hive_node=hivex_node_get_child(this->hhive,
cur_hive_node,
nodes.value(i).toAscii().
constData());
if(cur_hive_node==0) return false;
} else {
QString new_path="";
for(ii=i+1;ii<nodes.count();ii++) {
new_path.append(nodes.value(ii)).append("/");
}
new_path.chop(1);
ok=this->ProcessForEach(new_path,vars,cur_hive_node,true);
if(!ok) return false;
}
}
} else {
hive_node_h *p_child_nodes=hivex_node_children(this->hhive,cur_hive_node);
i=0;
while(p_child_nodes[i]) {
// Save iterator node
ReportTemplateData *p_data;
- p_data->vars.append(QVariant(hivex_node_name(this->hhive,p_child_nodes[i])));
+ char *p_node_name=hivex_node_name(this->hhive,p_child_nodes[i]);
+ // TODO: Check for NULL value
+ p_data->vars.append(p_node_name);
// TODO: Add custom vars
+ QStringList var_pairs=vars.split(';');
+ for(ii=0;ii<var_pairs.count();ii++) {
+ QString var_name=var_pairs.value(ii).split(',').value(0);
+ QString var_type=var_pairs.value(ii).split(',').value(1);
+ QVariant var_content="";
+
+ if(var_name=="(default)") var_name="";
+
+ int type=0;
+ size_t len=0;
+
+ hive_value_h hive_key=hivex_node_get_value(this->hhive,
+ cur_hive_node,
+ var_name.toAscii().constData());
+
+ if(var_type=="type") {
+ char *data=hivex_value_value(this->hhive,hive_key,(hive_type*)&type,&len);
+ var_content=QString().sprintf("%08u",type);
+
+ qDebug("Save var '%s' with content '%08u'",var_name.toAscii().constData(),type);
+
+ free(data);
+ } else if(var_type=="value") {
+ char *data=hivex_value_value(this->hhive,hive_key,(hive_type*)&type,&len);
+ var_content=QByteArray(data);
+ }
+ }
+
+
this->report_data.append(p_data);
i++;
}
free(p_child_nodes);
}
return true;
}
bool ReportTemplateXmlHandler::ProcessParagraph() {
-
+ return true;
}
bool ReportTemplateXmlHandler::ProcessValue() {
-
+ return true;
}
diff --git a/trunk/reporttemplatexmlhandler.h b/trunk/reporttemplatexmlhandler.h
index 9b1cc13..17b9b00 100644
--- a/trunk/reporttemplatexmlhandler.h
+++ b/trunk/reporttemplatexmlhandler.h
@@ -1,80 +1,81 @@
/*******************************************************************************
* fred Copyright (c) 2011 by Gillen Daniel <gillen.dan@pinguin.lu> *
* *
* Forensic Registry EDitor (fred) is a cross-platform M$ registry hive editor *
* with special feautures useful during forensic analysis. *
* *
* This program is free software: you can redistribute it and/or modify it *
* under the terms of the GNU General Public License as published by the Free *
* Software Foundation, either version 3 of the License, or (at your option) *
* any later version. *
* *
* This program is distributed in the hope that it will be useful, but WITHOUT *
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or *
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for *
* more details. *
* *
* You should have received a copy of the GNU General Public License along with *
* this program. If not, see <http://www.gnu.org/licenses/>. *
*******************************************************************************/
#ifndef REPORTTEMPLATEXMLHANDLER_H
#define REPORTTEMPLATEXMLHANDLER_H
#include <QtXml/QXmlDefaultHandler>
+#include <QVariant>
#include <hivex.h>
+class ReportTemplateData {
+ public:
+ ReportTemplateData() {
+ this->vars.clear();
+ this->data.clear();
+ }
+ ~ReportTemplateData() {
+ qDeleteAll(this->data);
+ }
+
+ QList<QVariant> vars;
+ QList<ReportTemplateData*> data;
+};
+
class ReportTemplateXmlHandler : public QXmlDefaultHandler {
public:
explicit ReportTemplateXmlHandler(hive_h *hive_handle=NULL,
bool only_get_info=true);
~ReportTemplateXmlHandler();
bool startDocument();
bool startElement(const QString &namespaceURI,
const QString &localName,
const QString &qName,
const QXmlAttributes &atts);
bool endElement(const QString &namespaceURI,
const QString &localName,
const QString &qName);
bool error(const QXmlParseException &exception);
bool fatalError(const QXmlParseException &exception);
QString GetReportCategory();
QString GetReportName();
QString ReportData();
private:
hive_h *hhive;
bool get_info;
QString report_category;
QString report_name;
QString report_content;
QList<ReportTemplateData*> report_data;
bool ProcessForEach(QString path,
QString vars,
hive_node_h cur_hive_node,
- bool iterate);
+ bool iterate=false);
bool ProcessParagraph();
bool ProcessValue();
};
-class ReportTemplateData {
- public:
- ReportTemplateData() {
- this->vars.clear();
- this->data.clear();
- }
- ~ReportTemplateData() {
- qDeleteAll(this->data);
- }
-
- QList<QVariant> vars;
- QList<ReportTemplateData*> data;
-};
-
#endif // REPORTTEMPLATEXMLHANDLER_H

File Metadata

Mime Type
text/x-diff
Expires
Mon, Dec 23, 5:21 AM (50 m, 26 s)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
1176833
Default Alt Text
(34 KB)

Event Timeline