diff --git a/trunk/dlgreportviewer.cpp b/trunk/dlgreportviewer.cpp index 838a1e3..fc56354 100644 --- a/trunk/dlgreportviewer.cpp +++ b/trunk/dlgreportviewer.cpp @@ -1,116 +1,116 @@ /******************************************************************************* * fred Copyright (c) 2011-2014 by Gillen Daniel * * * * Forensic Registry EDitor (fred) is a cross-platform M$ registry hive editor * * with special feautures useful during forensic analysis. * * * * This program is free software: you can redistribute it and/or modify it * * under the terms of the GNU General Public License as published by the Free * * Software Foundation, either version 3 of the License, or (at your option) * * any later version. * * * * This program is distributed in the hope that it will be useful, but WITHOUT * * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or * * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for * * more details. * * * * You should have received a copy of the GNU General Public License along with * * this program. If not, see . * *******************************************************************************/ #include #include #include #include #include #include "dlgreportviewer.h" #include "ui_dlgreportviewer.h" DlgReportViewer::DlgReportViewer(QString &report_data, Settings *p_sets, QWidget *p_parent) : QMainWindow(p_parent,Qt::Dialog | Qt::Popup), ui(new Ui::DlgReportViewer) { // Init local vars ui->setupUi(this); this->p_local_event_loop=NULL; this->orig_report_data=report_data; this->p_settings=p_sets; // Try to restore dialog geometry QByteArray geometry=this->p_settings->GetWindowGeometry("DlgReportViewer"); if(!geometry.isEmpty()) this->restoreGeometry(geometry); // Set report content this->ui->WebView->setHtml(report_data); // Set dialog title based on report content title QString report_title=this->ui->WebView->title(); this->setWindowTitle("Report Viewer"); } DlgReportViewer::~DlgReportViewer() { // Save dialog geometry this->p_settings->SetWindowGeometry("DlgReportViewer",this->saveGeometry()); delete ui; if(this->p_local_event_loop!=NULL) this->p_local_event_loop->exit(); } void DlgReportViewer::changeEvent(QEvent *p_event) { QMainWindow::changeEvent(p_event); switch(p_event->type()) { case QEvent::LanguageChange: ui->retranslateUi(this); break; default: break; } } void DlgReportViewer::closeEvent(QCloseEvent *p_event) { // Make sure we exit the local event loop on exit if(this->p_local_event_loop!=NULL) { this->p_local_event_loop->exit(); this->p_local_event_loop=NULL; } p_event->accept(); } void DlgReportViewer::exec() { // Create local event loop this->p_local_event_loop=new QEventLoop(this); // Show window and enter loop this->show(); this->p_local_event_loop->exec(); } void DlgReportViewer::on_action_Print_triggered() { // Print report QPrinter printer; QPrintDialog *p_dlg_print=new QPrintDialog(&printer); if(p_dlg_print->exec()==QDialog::Accepted) { - this->ui->WebView->print(&printer); + this->ui->WebView->page()->print(&printer, [=](bool){}); } delete p_dlg_print; } void DlgReportViewer::on_action_Close_triggered() { this->close(); } void DlgReportViewer::on_action_Save_triggered() { QString filename=QFileDialog::getSaveFileName(this, tr("Save report as"), "", "ODF file (*.odf)"); if(filename!="") { QTextDocument *p_doc=new QTextDocument(this); p_doc->setHtml(this->orig_report_data); QTextDocumentWriter *p_doc_writer=new QTextDocumentWriter(filename); p_doc_writer->setFormat(QByteArray("ODF")); p_doc_writer->write(p_doc); delete p_doc_writer; delete p_doc; } } diff --git a/trunk/dlgreportviewer.ui b/trunk/dlgreportviewer.ui index 20a6ff9..5fecdb7 100644 --- a/trunk/dlgreportviewer.ui +++ b/trunk/dlgreportviewer.ui @@ -1,83 +1,83 @@ DlgReportViewer Qt::NonModal 0 0 605 497 :/icons/resources/fred.png:/icons/resources/fred.png - + about:blank 0 0 605 29 &File &Print &Close &Save - QWebView + QWebEngineView QWidget -
QtWebKit/QWebView
+
QtWebEngineWidgets/QWebEngineView
 diff --git a/trunk/dlgsearch.cpp b/trunk/dlgsearch.cpp index 8a34e3b..c6c3c8a 100644 --- a/trunk/dlgsearch.cpp +++ b/trunk/dlgsearch.cpp @@ -1,136 +1,136 @@ /******************************************************************************* * fred Copyright (c) 2011-2014 by Gillen Daniel * * * * Forensic Registry EDitor (fred) is a cross-platform M$ registry hive editor * * with special feautures useful during forensic analysis. * * * * This program is free software: you can redistribute it and/or modify it * * under the terms of the GNU General Public License as published by the Free * * Software Foundation, either version 3 of the License, or (at your option) * * any later version. * * * * This program is distributed in the hope that it will be useful, but WITHOUT * * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or * * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for * * more details. * * * * You should have received a copy of the GNU General Public License along with * * this program. If not, see . * *******************************************************************************/ #include #include "dlgsearch.h" #include "ui_dlgsearch.h" DlgSearch::DlgSearch(QWidget *parent) : QDialog(parent), ui(new Ui::DlgSearch) { ui->setupUi(this); } DlgSearch::~DlgSearch() { delete ui; } QList DlgSearch::Keywords() { return this->keywords; } bool DlgSearch::SearchNodeNames() { return this->search_nodes; } bool DlgSearch::SearchKeyNames() { return this->search_keys; } bool DlgSearch::SearchKeyValues() { return this->search_values; } void DlgSearch::changeEvent(QEvent *e) { QDialog::changeEvent(e); switch (e->type()) { case QEvent::LanguageChange: ui->retranslateUi(this); break; default: break; } } void DlgSearch::keyPressEvent(QKeyEvent *p_event) { if(p_event->key()==Qt::Key_Return || p_event->key()==Qt::Key_Enter) { this->on_BtnSearch_clicked(); } else { QDialog::keyPressEvent(p_event); } } void DlgSearch::on_BtnCancel_clicked() { this->reject(); } void DlgSearch::on_BtnSearch_clicked() { if(this->ui->EdtValue->text()=="" || (!this->ui->CbAscii->isChecked() && !this->ui->CbUtf16->isChecked() && !this->ui->CbHex->isChecked())) { // No value type specified QMessageBox::critical(this, tr("Error"), tr("Please specify a search value and type!")); return; } if(!this->ui->CbNodeNames->isChecked() && !this->ui->CbKeyNames->isChecked() && !this->ui->CbKeyValues->isChecked()) { // No target specified QMessageBox::critical(this, tr("Error"), tr("Please specify a search target!")); return; } // Save settings QString keyword=this->ui->EdtValue->text(); this->keywords.clear(); - if(this->ui->CbAscii->isChecked()) this->keywords.append(QByteArray(keyword.toAscii())); + if(this->ui->CbAscii->isChecked()) this->keywords.append(QByteArray(keyword.toLatin1())); if(this->ui->CbUtf16->isChecked()) { // TODO: .size()*2 will definetly fail sometimes!!!! this->keywords.append(QByteArray((char*)(keyword.utf16()),keyword.size()*2)); } if(this->ui->CbHex->isChecked()) { // TODO: Convert to hex } this->search_nodes=this->ui->CbNodeNames->isChecked(); this->search_keys=this->ui->CbKeyNames->isChecked(); this->search_values=this->ui->CbKeyValues->isChecked(); this->accept(); } void DlgSearch::on_CbAscii_toggled(bool checked) { // It is not possible to search for text and hex if(checked && this->ui->CbHex->isChecked()) this->ui->CbHex->setChecked(false); } void DlgSearch::on_CbUtf16_toggled(bool checked) { // It is not possible to search for text and hex if(checked && this->ui->CbHex->isChecked()) this->ui->CbHex->setChecked(false); } void DlgSearch::on_CbHex_toggled(bool checked) { // It is not possible to search for text and hex if(checked) { this->ui->CbAscii->setChecked(false); this->ui->CbUtf16->setChecked(false); } } diff --git a/trunk/fred.pro b/trunk/fred.pro index 4780758..5743809 100644 --- a/trunk/fred.pro +++ b/trunk/fred.pro @@ -1,133 +1,134 @@ #******************************************************************************* # fred Copyright (c) 2011-2014 by Gillen Daniel * # * # Forensic Registry EDitor (fred) is a cross-platform M$ registry hive editor * # with special feautures useful during forensic analysis. * # * # This program is free software: you can redistribute it and/or modify it * # under the terms of the GNU General Public License as published by the Free * # Software Foundation, either version 3 of the License, or (at your option) * # any later version. * # * # This program is distributed in the hope that it will be useful, but WITHOUT * # ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or * # FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for * # more details. * # * # You should have received a copy of the GNU General Public License along with * # this program. If not, see . * #******************************************************************************/ # Generate compileinfo.h system(bash compileinfo.sh > compileinfo.h) #compileinfo.target = compileinfo.h #compileinfo.commands = $$PWD/compileinfo.sh > compileinfo.h #QMAKE_EXTRA_TARGETS += compileinfo #PRE_TARGETDEPS += compileinfo.h # Check command line args !isEmpty(HIVEX_STATIC) { DEFINES += "HIVEX_STATIC" } # Configure fred QMAKE_CXXFLAGS += -Wall QT += core \ - gui \ + widgets \ + printsupport \ script \ - webkit + webenginewidgets CONFIG += console TARGET = fred TEMPLATE = app SOURCES += main.cpp\ mainwindow.cpp \ registrynode.cpp \ registrynodetreemodel.cpp \ registrykey.cpp \ registrykeytablemodel.cpp \ dlgabout.cpp \ qhexedit/qhexedit_p.cpp \ qhexedit/qhexedit.cpp \ reporttemplate.cpp \ registryhive.cpp \ qtscript_types/bytearray.cpp \ qtscript_types/bytearrayprototype.cpp \ qtscript_types/bytearrayiterator.cpp \ dlgreportviewer.cpp \ registrykeytable.cpp \ registrynodetree.cpp \ dlgsearch.cpp \ threadsearch.cpp \ searchresultwidget.cpp \ tabwidget.cpp \ argparser.cpp \ datainterpretertable.cpp \ datainterpreterwidget.cpp \ hexeditwidget.cpp \ settings.cpp \ searchresulttabledelegate.cpp \ registrynodetreemodelproxy.cpp \ reports.cpp \ reportengine.cpp \ dlgreportchooser.cpp \ dlgpreferences.cpp \ dlgaddkey.cpp HEADERS += mainwindow.h \ registrynode.h \ registrynodetreemodel.h \ registrykey.h \ registrykeytablemodel.h \ dlgabout.h \ qhexedit/qhexedit_p.h \ qhexedit/qhexedit.h \ reporttemplate.h \ registryhive.h \ qtscript_types/bytearray.h \ qtscript_types/bytearrayprototype.h \ qtscript_types/bytearrayiterator.h \ dlgreportviewer.h \ registrykeytable.h \ registrynodetree.h \ dlgsearch.h \ threadsearch.h \ searchresultwidget.h \ tabwidget.h \ argparser.h \ datainterpretertable.h \ datainterpreterwidget.h \ hexeditwidget.h \ settings.h \ searchresulttabledelegate.h \ registrynodetreemodelproxy.h \ reports.h \ reportengine.h \ dlgreportchooser.h \ dlgpreferences.h \ dlgaddkey.h FORMS += mainwindow.ui \ dlgabout.ui \ dlgreportviewer.ui \ dlgsearch.ui \ dlgreportchooser.ui \ dlgpreferences.ui \ dlgaddkey.ui !isEmpty(HIVEX_STATIC) { LIBS += $$PWD/hivex/lib/.libs/libhivex.a } else { LIBS += -lhivex } win32:LIBS += -liconv mac:LIBS += -liconv RESOURCES += fred.qrc RC_FILE = fred.rc ICON = resources/fred.icns diff --git a/trunk/main.cpp b/trunk/main.cpp index 5d5010f..1303443 100644 --- a/trunk/main.cpp +++ b/trunk/main.cpp @@ -1,158 +1,158 @@ /******************************************************************************* * fred Copyright (c) 2011-2014 by Gillen Daniel * * * * Forensic Registry EDitor (fred) is a cross-platform M$ registry hive editor * * with special feautures useful during forensic analysis. * * * * This program is free software: you can redistribute it and/or modify it * * under the terms of the GNU General Public License as published by the Free * * Software Foundation, either version 3 of the License, or (at your option) * * any later version. * * * * This program is distributed in the hope that it will be useful, but WITHOUT * * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or * * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for * * more details. * * * * You should have received a copy of the GNU General Public License along with * * this program. If not, see . * *******************************************************************************/ -#include +#include #include #include #include "mainwindow.h" #include "argparser.h" #include "compileinfo.h" #include "reportengine.h" #include "registryhive.h" // Forward declarations void PrintUsage(); void DumpReport(QString report_template, QString hive_file); // Main entry point int main(int argc, char *argv[]) { // Disable output buffering setbuf(stdout,NULL); // Init QApplication QApplication a(argc, argv); #define PRINT_HEADER { \ printf("%s v%s %s\n\n",APP_NAME,APP_VERSION,APP_COPYRIGHT); \ } #define PRINT_HEADER_AND_USAGE { \ PRINT_HEADER; \ PrintUsage(); \ } #define PRINT_VERSION printf("%s\n",APP_VERSION); #define PRINT_UNKNOWN_ARG_ERROR(s) { \ PRINT_HEADER; \ printf("ERROR: Unknown command line argument '%s'!\n\n",s); \ PrintUsage(); \ } // Parse command line args ArgParser args(a.arguments()); if(!args.ParseArgs()) { PRINT_HEADER; - printf("ERROR: %s\n\n",args.GetErrorMsg().toAscii().constData()); + printf("ERROR: %s\n\n",args.GetErrorMsg().toLatin1().constData()); PrintUsage(); exit(1); } // Check command line args for correctness if(args.IsSet("dump-report")) { if(args.GetArgVal("dump-report")=="") { PRINT_HEADER; printf("ERROR: --dump-report specified without a report file!\n\n"); PrintUsage(); exit(1); } if(!args.IsSet("hive-file")) { PRINT_HEADER; printf("ERROR: --dump-report specified without a hive file!\n\n"); PrintUsage(); exit(1); } } if(args.IsSet("fullscreen") && args.IsSet("maximized")) { PRINT_HEADER; printf("ERROR: --fullscreen and --maximized cannot be specified both!\n\n"); PrintUsage(); exit(1); } // React on some command line args early if(args.IsSet("?") || args.IsSet("h") || args.IsSet("help")) { PRINT_HEADER_AND_USAGE; exit(0); } if(args.IsSet("v") || args.IsSet("version")) { PRINT_VERSION; exit(0); } if(args.IsSet("dump-report")) { // Dump report to stdout DumpReport(args.GetArgVal("dump-report"),args.GetArgVal("hive-file")); exit(0); } #undef PRINT_UNKNOWN_ARG_ERROR #undef PRINT_VERSION #undef PRINT_HEADER_AND_USAGE #undef PRINT_HEADER // Create and show main window MainWindow w(&args); w.show(); return a.exec(); } void PrintUsage() { printf("Usage:\n"); printf(" %s [opts] [hive]\n\n", - qApp->arguments().at(0).toAscii().constData()); + qApp->arguments().at(0).toLatin1().constData()); printf("Options:\n"); printf(" opts:\n"); printf(" --dump-report=FILE : Dump the specified report to stdout.\n"); printf(" --fullscreen : Display main window in fullscreen mode.\n"); printf(" -h, -?, --help : Display this help message.\n"); printf(" --maximized : Display main window in maximized mode.\n"); printf(" -v, --version : Display version info.\n"); printf(" hive:\n"); printf(" Open / Use the specified hive file.\n"); printf("\n"); } void DumpReport(QString report_template, QString hive_file) { RegistryHive *p_hive=new RegistryHive(); ReportEngine *p_report_engine=new ReportEngine(NULL); // Open hive if(!p_hive->Open(hive_file,true)) { printf("ERROR: Unable to open hive file '%s'!\n", - hive_file.toAscii().constData()); + hive_file.toLatin1().constData()); exit(1); } // Generate report QString result=""; p_report_engine->GenerateReport(p_hive, report_template, result, true); // Close hive and free DataReporter and RegistryHive p_hive->Close(); delete p_report_engine; delete p_hive; // Print result to stdout - printf("%s",result.toAscii().constData()); + printf("%s",result.toLatin1().constData()); } diff --git a/trunk/mainwindow.cpp b/trunk/mainwindow.cpp index 8d9724d..94c5498 100644 --- a/trunk/mainwindow.cpp +++ b/trunk/mainwindow.cpp @@ -1,1106 +1,1106 @@ /******************************************************************************* * fred Copyright (c) 2011-2014 by Gillen Daniel * * * * Forensic Registry EDitor (fred) is a cross-platform M$ registry hive editor * * with special feautures useful during forensic analysis. * * * * This program is free software: you can redistribute it and/or modify it * * under the terms of the GNU General Public License as published by the Free * * Software Foundation, either version 3 of the License, or (at your option) * * any later version. * * * * This program is distributed in the hope that it will be useful, but WITHOUT * * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or * * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for * * more details. * * * * You should have received a copy of the GNU General Public License along with * * this program. If not, see . * *******************************************************************************/ #include #include #include #include #include #include #include #include #include #include "mainwindow.h" #include "ui_mainwindow.h" #include "dlgabout.h" #include "dlgreportchooser.h" #include "dlgreportviewer.h" #include "dlgsearch.h" #include "dlgpreferences.h" #include "dlgaddkey.h" #include "compileinfo.h" /******************************************************************************* * Public ******************************************************************************/ /* * Constructor */ MainWindow::MainWindow(ArgParser *p_arg_parser) : QMainWindow(0), ui(new Ui::MainWindow) { ui->setupUi(this); // Initialize private vars this->p_args=p_arg_parser; this->p_hive=new RegistryHive(this); this->is_hive_open=false; this->p_reg_node_tree_model=NULL; this->p_reg_node_tree_model_proxy=NULL; this->p_reg_key_table_model=NULL; this->p_search_thread=NULL; this->search_result_widgets.clear(); // Init and load settings this->p_settings=new Settings(this); this->is_hive_writable=!this->p_settings->GetOpenHivesReadOnly(); // Set main window size QByteArray geometry=this->p_settings->GetWindowGeometry("MainWindow"); if(!geometry.isEmpty()) { // Restore saved geometry this->restoreGeometry(geometry); } else { // No saved geometry, calculate and set default int cur_screen=QApplication::desktop()->screenNumber(this); int window_width= QApplication::desktop()->availableGeometry(cur_screen).width()*0.5; int window_height= QApplication::desktop()->availableGeometry(cur_screen).height()*0.5; int window_x= (QApplication::desktop()->availableGeometry(cur_screen).width()/2)- (window_width/2); int window_y= (QApplication::desktop()->availableGeometry(cur_screen).height()/2)- (window_height/2); this->setGeometry(window_x, window_y, window_width, window_height); } // Create widgets this->p_horizontal_splitter=new QSplitter(); this->p_horizontal_splitter->setOrientation(Qt::Horizontal); this->p_node_tree=new RegistryNodeTree(this->p_horizontal_splitter); this->p_vertical_splitter=new QSplitter(this->p_horizontal_splitter); this->p_vertical_splitter->setOrientation(Qt::Vertical); this->p_key_table=new RegistryKeyTable(this->p_vertical_splitter); this->p_tab_widget=new TabWidget(this->p_vertical_splitter); this->p_hex_edit_widget=new HexEditWidget(); this->p_hex_edit_widget->setEnabled(false); // Add hexedit page to tab_widget this->p_tab_widget->addTab(this->p_hex_edit_widget,tr("Hex viewer")); // Add widgets to their splitters this->p_vertical_splitter->addWidget(this->p_key_table); this->p_vertical_splitter->addWidget(this->p_tab_widget); this->p_horizontal_splitter->addWidget(this->p_node_tree); this->p_horizontal_splitter->addWidget(this->p_vertical_splitter); // Set stretch factors QSizePolicy node_tree_policy=this->p_node_tree->sizePolicy(); node_tree_policy.setHorizontalStretch(1); node_tree_policy.setVerticalStretch(100); this->p_node_tree->setSizePolicy(node_tree_policy); QSizePolicy vertical_splitter_policy=this->p_vertical_splitter->sizePolicy(); vertical_splitter_policy.setHorizontalStretch(4); vertical_splitter_policy.setVerticalStretch(100); this->p_vertical_splitter->setSizePolicy(vertical_splitter_policy); QSizePolicy key_table_policy=this->p_key_table->sizePolicy(); key_table_policy.setVerticalStretch(5); key_table_policy.setHorizontalStretch(100); this->p_key_table->setSizePolicy(key_table_policy); QSizePolicy tab_widget_policy=this->p_tab_widget->sizePolicy(); tab_widget_policy.setVerticalStretch(2); tab_widget_policy.setHorizontalStretch(200); this->p_tab_widget->setSizePolicy(tab_widget_policy); // Connect signals this->connect(this->p_node_tree, SIGNAL(clicked(QModelIndex)), this, SLOT(SlotNodeTreeClicked(QModelIndex))); this->connect(this->p_node_tree, SIGNAL(activated(QModelIndex)), this, SLOT(SlotNodeTreeClicked(QModelIndex))); this->connect(this->p_node_tree, SIGNAL(CurrentItemChanged(QModelIndex)), this, SLOT(SlotNodeTreeClicked(QModelIndex))); this->connect(this->p_key_table, SIGNAL(clicked(QModelIndex)), this, SLOT(SlotKeyTableClicked(QModelIndex))); this->connect(this->p_key_table, SIGNAL(doubleClicked(QModelIndex)), this, SLOT(SlotKeyTableDoubleClicked(QModelIndex))); this->connect(this->p_key_table, SIGNAL(CurrentItemChanged(QModelIndex)), this, SLOT(SlotKeyTableClicked(QModelIndex))); this->connect(this->p_tab_widget, SIGNAL(tabCloseRequested(int)), this, SLOT(SlotTabCloseButtonClicked(int))); this->connect(this->p_node_tree, SIGNAL(SignalAddNode(QModelIndex)), this, SLOT(SlotAddNode(QModelIndex))); this->connect(this->p_node_tree, SIGNAL(SignalDeleteNode(QModelIndex)), this, SLOT(SlotDeleteNode(QModelIndex))); this->connect(this->p_key_table, SIGNAL(SignalAddKey()), this, SLOT(SlotAddKey())); this->connect(this->p_key_table, SIGNAL(SignalEditKey(QModelIndex)), this, SLOT(SlotEditKey(QModelIndex))); this->connect(this->p_key_table, SIGNAL(SignalDeleteKey(QModelIndex)), this, SLOT(SlotDeleteKey(QModelIndex))); // Add central widget this->setCentralWidget(this->p_horizontal_splitter); this->centralWidget()->setContentsMargins(4,4,4,0); // Set window title this->UpdateWindowTitle(); // Create and update recently opened menu this->p_recently_opened_menu=new QMenu(this); this->ui->ActionRecentlyOpened->setMenu(this->p_recently_opened_menu); this->UpdateRecentlyOpenedMenu(); // Update EnableWriteSupport menu according to defaults this->UpdateEnableWriteSupportMenu(); // Load report templates this->p_reports=new Reports(this->p_settings); // Finally, react on some command line arguments if(this->p_args->IsSet("maximized")) { this->setWindowState(Qt::WindowMaximized); } if(this->p_args->IsSet("fullscreen")) { this->setWindowState(Qt::WindowFullScreen); } if(this->p_args->IsSet("hive-file")) { // Resolve path this->OpenHive(QDir(this->p_args->GetArgVal("hive-file")).canonicalPath()); } } /* * Destructor */ MainWindow::~MainWindow() { if(this->is_hive_open) { this->p_hive->Close(); } // Delete created objects delete this->p_reports; this->ClearRecentlyOpenedMenu(); delete this->p_recently_opened_menu; delete this->p_hex_edit_widget; delete this->p_tab_widget; delete this->p_key_table; delete this->p_vertical_splitter; delete this->p_node_tree; delete this->p_horizontal_splitter; delete this->p_settings; delete this->p_hive; delete ui; } /******************************************************************************* * Protected ******************************************************************************/ /* * closeEvent */ void MainWindow::closeEvent(QCloseEvent *p_event) { Q_UNUSED(p_event) // Make sure the user can save any changes // TODO: If saving fails, let the user cancel closing this->SaveHiveChanges(); // Save window position and size on exit this->p_settings->SetWindowGeometry("MainWindow",this->saveGeometry()); QMainWindow::closeEvent(p_event); } /******************************************************************************* * Private slots ******************************************************************************/ /* * on_ActionOpenHive_triggered */ void MainWindow::on_ActionOpenHive_triggered() { QString hive_file=""; hive_file=QFileDialog::getOpenFileName(this, tr("Open registry hive"), this->p_settings->GetLastOpenLocation(), tr("All files (*)")); if(hive_file=="") return; this->OpenHive(hive_file); } /* * on_ActionSave_triggered */ void MainWindow::on_ActionSave_triggered() { if(!(this->is_hive_open && this->is_hive_writable)) { this->ui->ActionSave->setEnabled(false); return; } this->SaveHiveChanges(true); if(!this->p_hive->HasChangesToCommit()) { this->ui->ActionSave->setEnabled(false); } } /* * on_ActionCloseHive_triggered */ void MainWindow::on_ActionCloseHive_triggered() { // Make sure the user can save any changes // TODO: If saving fails, let the user cancel closing this->SaveHiveChanges(); if(this->is_hive_open) { // Remove search results while(this->p_tab_widget->count()>1) { this->p_tab_widget->removeTab(this->p_tab_widget->count()-1); delete this->search_result_widgets.at(this->p_tab_widget->count()-1); this->search_result_widgets.removeLast(); } // Delete models if(this->p_reg_node_tree_model!=NULL) { this->p_node_tree->setModel(NULL); delete this->p_reg_node_tree_model_proxy; delete this->p_reg_node_tree_model; this->p_reg_node_tree_model_proxy=NULL; this->p_reg_node_tree_model=NULL; } if(this->p_reg_key_table_model!=NULL) { this->p_key_table->setModel(NULL); delete this->p_reg_key_table_model; this->p_reg_key_table_model=NULL; } // Remove any data from hex edit and data interpreter this->p_hex_edit_widget->SetData(QByteArray()); this->p_hex_edit_widget->setEnabled(false); // Close hive this->p_hive->Close(); this->is_hive_open=false; this->is_hive_writable=!this->p_settings->GetOpenHivesReadOnly(); this->UpdateWindowTitle(); this->UpdateMenuStates(); this->UpdateEnableWriteSupportMenu(); } } /* * on_ActionQuit_triggered */ void MainWindow::on_ActionQuit_triggered() { qApp->exit(); } /* * on_ActionFind_triggered */ void MainWindow::on_ActionFind_triggered() { DlgSearch dlg_search(this); if(dlg_search.exec()==QDialog::Accepted) { // Create search thread and connect needed signals/slots this->p_search_thread=new ThreadSearch(this); // Add new search widget to tabwidget and to internal widget list SearchResultWidget *p_search_widget= new SearchResultWidget(this->p_tab_widget); p_search_widget->setEnabled(false); this->search_result_widgets.append(p_search_widget); this->connect(p_search_widget, SIGNAL(doubleClicked(QModelIndex)), this, SLOT(SlotSearchResultWidgetDoubleClicked(QModelIndex))); this->p_tab_widget->addTab(p_search_widget,tr("Search results"),true); this->p_tab_widget->setCurrentIndex(this->p_tab_widget->count()-1); // Connect search thread to result widget this->connect(this->p_search_thread, SIGNAL(SignalFoundMatch(ThreadSearch::eMatchType, QString,QString,QString)), p_search_widget, SLOT(SlotFoundMatch(ThreadSearch::eMatchType, QString,QString,QString))); this->connect(this->p_search_thread, SIGNAL(finished()), this, SLOT(SlotSearchFinished())); this->connect(this->p_search_thread, SIGNAL(finished()), p_search_widget, SLOT(SlotSearchFinished())); // Start searching this->ui->ActionFind->setEnabled(false); p_search_thread->Search(this->p_hive->Filename(), dlg_search.Keywords(), dlg_search.SearchNodeNames(), dlg_search.SearchKeyNames(), dlg_search.SearchKeyValues()); } } /* * on_ActionEnableWriteSupport_triggered */ void MainWindow::on_ActionEnableWriteSupport_triggered() { // There might be unsaved changes, give the user the chance to save them if(!this->SaveHiveChanges()) return; // Reopen hive // Reopen has read_only as parameter. Thus we need to pass // !this->is_hive_writable which is the case when passing // this->is_hive_writable as long as we do it before actually changing our // internal state. if(!this->p_hive->Reopen(this->is_hive_writable)) { QMessageBox::critical(this, tr("Error"), tr("Unable to switch write-support: %1") .arg(this->p_hive->GetErrorMsg())); return; } // Switch internal state this->is_hive_writable=!this->is_hive_writable; this->UpdateEnableWriteSupportMenu(); this->p_node_tree->SetWritable(this->is_hive_writable); this->p_key_table->SetWritable(this->is_hive_writable); this->UpdateWindowTitle(this->p_hive->Filename()); } /* * on_ActionPreferences_triggered */ void MainWindow::on_ActionPreferences_triggered() { DlgPreferences dlg_preferences(this->p_settings,this); dlg_preferences.exec(); // Update vars, objects and GUI elements which might be affected by the new // settings this->UpdateRecentlyOpenedMenu(); this->is_hive_writable=!this->p_settings->GetOpenHivesReadOnly(); this->UpdateEnableWriteSupportMenu(); this->p_reports->LoadReportTemplates(); } /* * on_ActionGenerateReport_triggered */ void MainWindow::on_ActionGenerateReport_triggered() { DlgReportChooser dlg_repchooser(this->p_reports, this->p_hive->HiveTypeToString( this->p_hive->HiveType()), this->p_settings, this); if(dlg_repchooser.exec()==QDialog::Accepted) { QList selected_reports; // Get selected report selected_reports=dlg_repchooser.GetSelectedReports(); if(selected_reports.isEmpty()) return; // Generate report(s) QString report_result=""; if(this->p_reports->GenerateReport(this->p_hive, selected_reports, report_result, false)) { // Report generation was successfull, show reports DlgReportViewer *p_dlg_report_view=new DlgReportViewer(report_result, this->p_settings, this); p_dlg_report_view->exec(); delete p_dlg_report_view; } else { // TODO: Inform user qDebug()<<"ERROR: "<p_reports->LoadReportTemplates(); } /* * on_ActionAboutQt_triggered */ void MainWindow::on_ActionAboutQt_triggered() { QMessageBox::aboutQt(this,tr("About Qt")); } /* * on_ActionAboutFred_triggered */ void MainWindow::on_ActionAboutFred_triggered() { DlgAbout dlg_about(this); dlg_about.exec(); } /* * SlotNodeTreeClicked */ void MainWindow::SlotNodeTreeClicked(QModelIndex index) { QString node_path; if(!index.isValid()) return; // Map proxy index to tree model index index=this->p_reg_node_tree_model_proxy->mapToSource(index); // Built node path node_path=this->p_reg_node_tree_model->GetNodePath(index); // Create table model and attach it to the table view if(this->p_reg_key_table_model!=NULL) { // If a previous model was set, delete it and clear hexedit etc... this->p_key_table->setModel(NULL); delete this->p_reg_key_table_model; this->p_hex_edit_widget->SetData(QByteArray()); } this->p_reg_key_table_model=new RegistryKeyTableModel(this->p_hive,node_path); this->p_key_table->setModel(this->p_reg_key_table_model, this->is_hive_writable); // Set focus back to nodetree to be able to navigate with keyboard this->p_node_tree->setFocus(); } /* * SlotKeyTableClicked */ void MainWindow::SlotKeyTableClicked(QModelIndex index) { if(!index.isValid()) return; this->selected_key_value= this->p_reg_key_table_model->data(this->p_reg_key_table_model-> index(index.row(),2), RegistryKeyTableModel:: AdditionalRoles_GetRawData) .toByteArray(); this->p_hex_edit_widget->SetData(this->selected_key_value); // Set focus back to nodetree to be able to navigate with keyboard this->p_key_table->setFocus(); } /* * SlotKeyTableDoubleClicked */ void MainWindow::SlotKeyTableDoubleClicked(QModelIndex index) { if(!index.isValid()) return; if(!this->is_hive_open) return; if(this->is_hive_writable) this->SlotEditKey(index); } /* * SlotSearchFinished */ void MainWindow::SlotSearchFinished() { delete this->p_search_thread; this->p_search_thread=NULL; this->ui->ActionFind->setEnabled(true); // Enable result widget this->search_result_widgets.last()->setEnabled(true); } /* * SlotSearchResultWidgetDoubleClicked */ void MainWindow::SlotSearchResultWidgetDoubleClicked(QModelIndex index) { SearchResultWidget *p_sender; QString path; QString match_type; QString value; QString key=""; int i; if(!index.isValid()) return; // Get pointer to sender p_sender=(SearchResultWidget*)QObject::sender(); // Get path and matchtype path=p_sender->item(index.row(),0)->text(); match_type=p_sender->item(index.row(),1)->text(); value=p_sender->item(index.row(),2)->text(); if(match_type==tr("Node name")) { // Node name is not part of path. Add it if(path=="\\") path.append(value); else path.append("\\").append(value); } else if(match_type==tr("Key name")) { // Key name is stored in value key=value; } else if(match_type==tr("Key value")) { // Key name is part of path. Save and remove it QStringList nodes=path.split("\\",QString::SkipEmptyParts); key=nodes.at(nodes.count()-1); // Remove \ from path path.chop(key.length()+1); } // Expand treeview to correct node QList indexes= this->p_reg_node_tree_model->GetIndexListOf(path); for(i=0;ip_reg_node_tree_model_proxy-> mapFromSource(indexes.at(i))); this->p_node_tree->expand(indexes.at(i)); } if(indexes.count()>0) { // Scroll to last expanded node, select it and update widgets this->p_node_tree->scrollTo(indexes.at(indexes.count()-1), QAbstractItemView::PositionAtCenter); this->p_node_tree->selectionModel()->clear(); this->p_node_tree->selectionModel()-> select(indexes.at(indexes.count()-1), QItemSelectionModel::ClearAndSelect | QItemSelectionModel::Rows | QItemSelectionModel::Current); this->SlotNodeTreeClicked(indexes.at(indexes.count()-1)); } // Select correct key if search matched on keay name / value if(key!="") { int row=this->p_reg_key_table_model->GetKeyRow(key); this->p_key_table->clearSelection(); this->p_key_table->scrollTo(this->p_reg_key_table_model->index(row,0), QAbstractItemView::PositionAtCenter); this->p_key_table->selectRow(row); this->SlotKeyTableClicked(this->p_reg_key_table_model->index(row,0)); } } /* * SlotTabCloseButtonClicked */ void MainWindow::SlotTabCloseButtonClicked(int index) { // Delete tab widget and remove tab this->p_tab_widget->removeTab(index); delete this->search_result_widgets.at(index-1); this->search_result_widgets.removeAt(index-1); } /* * SlotRecentlyOpenedFileClicked */ void MainWindow::SlotRecentlyOpenedFileClicked(bool checked) { Q_UNUSED(checked) QAction *p_sender=(QAction*)QObject::sender(); this->OpenHive(p_sender->text()); } /* * SlotAddNode */ void MainWindow::SlotAddNode(QModelIndex index) { QString node_path; int new_node_id; if(!index.isValid()) return; // Map proxy index to tree model index and get node path index=this->p_reg_node_tree_model_proxy->mapToSource(index); node_path=this->p_reg_node_tree_model->GetNodePath(index); // Query user for a node name bool ok=false; QString node_name=QInputDialog::getText(this, tr("Add node"), tr("Please specify a name for the new node"), QLineEdit::Normal, QString(), &ok); if(ok) { if((new_node_id=this->p_hive->AddNode(node_path,node_name))==0) { QMessageBox::critical(this, tr("Error"), tr("Unable to create node '%1\\%2': %3!") .arg(node_path, node_name, this->p_hive->GetErrorMsg())); } else { // Add node to model. We have to pass node_name as Ascii as utf8 names are // not supported inside hives! QModelIndex new_node_index= this->p_reg_node_tree_model->AddNode(this->p_hive, index, new_node_id, - node_name.toAscii()); + node_name.toLatin1()); // Now that node has been added, expand parent and select new node this->p_node_tree->expand( this->p_reg_node_tree_model_proxy->mapFromSource(index)); new_node_index= this->p_reg_node_tree_model_proxy->mapFromSource(new_node_index); this->p_node_tree->scrollTo(new_node_index, QAbstractItemView::PositionAtCenter); this->p_node_tree->selectionModel()->clear(); this->p_node_tree->selectionModel()-> select(new_node_index, QItemSelectionModel::ClearAndSelect | QItemSelectionModel::Rows | QItemSelectionModel::Current); // Finally update key table and enable Save menu this->SlotNodeTreeClicked(new_node_index); this->ui->ActionSave->setEnabled(true); } } } /* * SlotDeleteNode */ void MainWindow::SlotDeleteNode(QModelIndex index) { QString node_path; if(!index.isValid()) return; // Map proxy index to tree model index and get node path index=this->p_reg_node_tree_model_proxy->mapToSource(index); node_path=this->p_reg_node_tree_model->GetNodePath(index); if(QMessageBox::warning(this, tr("Delete node"), tr("Are you sure you want to remove the node '%1' and all of its child nodes?").arg(node_path), QMessageBox::Yes, QMessageBox::No)==QMessageBox::Yes) { // Remove node from hive if(!this->p_hive->DeleteNode(node_path)) { QMessageBox::critical(this, tr("Error"), tr("Unable to delete node '%1': %2!") .arg(node_path,this->p_hive->GetErrorMsg())); return; } // Remove node from tree model and select nearest node QModelIndex next_node_index=this->p_reg_node_tree_model->RemoveNode(index); if(next_node_index.isValid()) { next_node_index= this->p_reg_node_tree_model_proxy->mapFromSource(next_node_index); this->p_node_tree->selectionModel()->clear(); this->p_node_tree->selectionModel()-> select(next_node_index, QItemSelectionModel::ClearAndSelect | QItemSelectionModel::Rows | QItemSelectionModel::Current); } // And finally update key table and enable Save menu this->SlotNodeTreeClicked(next_node_index); this->ui->ActionSave->setEnabled(true); } } /* * SlotAddKey */ void MainWindow::SlotAddKey() { DlgAddKey dlg_add_key(this); if(dlg_add_key.exec()==QDialog::Accepted) { // Get selected parent node QModelIndex parent_node=this->p_node_tree->currentIndex(); parent_node=this->p_reg_node_tree_model_proxy->mapToSource(parent_node); QString parent_node_path=this->p_reg_node_tree_model->GetNodePath(parent_node); // Add key int new_key=this->p_hive->AddKey(parent_node_path, dlg_add_key.KeyName(), dlg_add_key.KeyType(), dlg_add_key.KeyValue()); if(new_key==0) { QMessageBox::critical(this, tr("Error"), tr("Unable to add key: %1") .arg(this->p_hive->GetErrorMsg())); return; } // Add new key to the key table model QModelIndex new_key_index= this->p_reg_key_table_model->AddKey(this->p_hive,new_key); if(new_key_index.isValid()) { this->p_key_table->clearSelection(); this->p_key_table->scrollTo(new_key_index, QAbstractItemView::PositionAtCenter); this->p_key_table->selectRow(new_key_index.row()); } // Update key table and enable save menu this->SlotKeyTableClicked(new_key_index); this->ui->ActionSave->setEnabled(true); } } /* * SlotEditKey */ void MainWindow::SlotEditKey(QModelIndex index) { if(!index.isValid()) return; // Get current values QString key_name= this->p_reg_key_table_model->data(this->p_reg_key_table_model-> index(index.row(), RegistryKeyTableModel:: ColumnContent_KeyName), Qt::DisplayRole).toString(); QString key_value_type= this->p_reg_key_table_model->data(this->p_reg_key_table_model-> index(index.row(), RegistryKeyTableModel:: ColumnContent_KeyType), Qt::DisplayRole).toString(); QByteArray key_value= this->p_reg_key_table_model->data(this->p_reg_key_table_model-> index(index.row(), RegistryKeyTableModel:: ColumnContent_KeyValue), RegistryKeyTableModel:: AdditionalRoles_GetRawData).toByteArray(); // Exec update dialog DlgAddKey dlg_update_key(this,key_name,key_value_type,key_value); if(dlg_update_key.exec()==QDialog::Accepted) { // Get selected parent node QModelIndex parent_node=this->p_node_tree->currentIndex(); parent_node=this->p_reg_node_tree_model_proxy->mapToSource(parent_node); QString parent_node_path=this->p_reg_node_tree_model->GetNodePath(parent_node); // Update key int new_key=this->p_hive->UpdateKey(parent_node_path, dlg_update_key.KeyName(), dlg_update_key.KeyType(), dlg_update_key.KeyValue()); if(new_key==0) { QMessageBox::critical(this, tr("Error"), tr("Unable to update key: %1") .arg(this->p_hive->GetErrorMsg())); return; } // Update key in key table model QModelIndex new_key_index= this->p_reg_key_table_model->UpdateKey(this->p_hive,new_key); this->p_key_table->clearSelection(); if(new_key_index.isValid()) { this->p_key_table->scrollTo(new_key_index, QAbstractItemView::PositionAtCenter); this->p_key_table->selectRow(new_key_index.row()); // TODO: Update geometry in case data has been added and is now expanding // behind the right border // Update HexEditWidget } // Update key table and enable Save menu this->SlotKeyTableClicked(new_key_index); this->ui->ActionSave->setEnabled(true); } } /* * SlotDeleteKey */ void MainWindow::SlotDeleteKey(QModelIndex index) { if(!index.isValid()) return; // Get selected key name QString key_name= this->p_reg_key_table_model->data(this->p_reg_key_table_model-> index(index.row(), RegistryKeyTableModel:: ColumnContent_KeyName), Qt::DisplayRole).toString(); // Get selected parent node QModelIndex parent_node=this->p_node_tree->currentIndex(); parent_node=this->p_reg_node_tree_model_proxy->mapToSource(parent_node); QString parent_node_path=this->p_reg_node_tree_model->GetNodePath(parent_node); if(QMessageBox::warning(this, tr("Delete key"), tr("Are you sure you want to remove the key '%1\\%2'?") .arg(parent_node_path,key_name), QMessageBox::Yes, QMessageBox::No)==QMessageBox::Yes) { // Remove key from hive if(!this->p_hive->DeleteKey(parent_node_path,key_name)) { QMessageBox::critical(this, tr("Error"), tr("Unable to delete key '%1\\%2': %3") .arg(parent_node_path, key_name, this->p_hive->GetErrorMsg())); return; } // Remove key from table model and update selection QModelIndex new_key_index=this->p_reg_key_table_model->RemoveKey(index); this->p_key_table->clearSelection(); if(new_key_index.isValid()) { this->p_key_table->scrollTo(new_key_index, QAbstractItemView::PositionAtCenter); this->p_key_table->selectRow(new_key_index.row()); } // Enable Save menu this->ui->ActionSave->setEnabled(true); } } /******************************************************************************* * Private ******************************************************************************/ /* * OpenHive */ void MainWindow::OpenHive(QString hive_file) { // Make sure hive_file has native directory separators hive_file=QDir::toNativeSeparators(hive_file); // Update last open location this->p_settings->SetLastOpenLocation( hive_file.left(hive_file.lastIndexOf(QDir::separator()))); // If another hive is currently open, close it if(this->is_hive_open) this->on_ActionCloseHive_triggered(); // Try to open hive if(!this->p_hive->Open(hive_file,!this->is_hive_writable)) { QMessageBox::critical(this, tr("Error opening hive file"), tr("Unable to open file '%1'").arg(hive_file)); return; } // Create tree model & proxy this->p_reg_node_tree_model=new RegistryNodeTreeModel(this->p_hive); this->p_reg_node_tree_model_proxy=new RegistryNodeTreeModelProxy(this); //this->p_reg_node_tree_model_proxy->setDynamicSortFilter(true); this->p_reg_node_tree_model_proxy-> setSourceModel(this->p_reg_node_tree_model); this->p_node_tree->setModel(this->p_reg_node_tree_model_proxy, this->is_hive_writable); this->is_hive_open=true; // Enable data interpreter this->p_hex_edit_widget->setEnabled(true); // Update window title this->UpdateWindowTitle(hive_file); // Update menu states this->UpdateMenuStates(); // Add file to recent list and update recently opened menu this->p_settings->AddRecentFile(hive_file); this->UpdateRecentlyOpenedMenu(); } /* * UpdateWindowTitle */ void MainWindow::UpdateWindowTitle(QString filename) { if(filename=="") { this->setWindowTitle(QString("%1 v%2").arg(APP_TITLE,APP_VERSION)); } else { this->setWindowTitle(QString("%1 v%2 - %3").arg(APP_TITLE, APP_VERSION, filename.toLocal8Bit() .constData())); if(!this->is_hive_writable) { this->setWindowTitle(this->windowTitle().append(QString(" (%1)") .arg(tr("read-only")))); } } } /* * UpdateMenuStates */ void MainWindow::UpdateMenuStates() { if(this->is_hive_open) { this->ui->ActionCloseHive->setEnabled(true); this->ui->ActionFind->setEnabled(true); this->ui->ActionEnableWriteSupport->setEnabled(true); this->ui->ActionGenerateReport->setEnabled(true); this->ui->ActionReloadReportTemplates->setEnabled(true); this->UpdateEnableWriteSupportMenu(); } else { this->ui->ActionSave->setEnabled(false); this->ui->ActionCloseHive->setEnabled(false); this->ui->ActionEnableWriteSupport->setEnabled(false); this->ui->ActionFind->setEnabled(false); this->ui->ActionEnableWriteSupport->setEnabled(false); this->ui->ActionGenerateReport->setEnabled(false); this->ui->ActionReloadReportTemplates->setEnabled(false); } } /* * ClearRecentlyOpenedMenu */ void MainWindow::ClearRecentlyOpenedMenu() { QAction *p_action; // Remove existing menu entries QList menu_entries=this->p_recently_opened_menu->actions(); QListIterator it_me(menu_entries); while(it_me.hasNext()) { p_action=it_me.next(); this->p_recently_opened_menu->removeAction(p_action); delete p_action; } } /* * UpdateRecentlyOpenedMenu */ void MainWindow::UpdateRecentlyOpenedMenu() { QStringList recent_files=this->p_settings->GetRecentFiles(); QAction *p_action; // Remove existing menu entries this->ClearRecentlyOpenedMenu(); // If there are no recent files, disable submenu and return if(recent_files.isEmpty()) { this->ui->ActionRecentlyOpened->setEnabled(false); return; } else { this->ui->ActionRecentlyOpened->setEnabled(true); } // Add recently opened files to menu QListIterator it_rf(recent_files); while(it_rf.hasNext()) { // Create menu entry p_action=new QAction(it_rf.next(),this->p_recently_opened_menu); // Connect it to us this->connect(p_action, SIGNAL(triggered(bool)), this, SLOT(SlotRecentlyOpenedFileClicked(bool))); // Add it to submenu this->p_recently_opened_menu->addAction(p_action); } } /* * UpdateEnableWriteSupportMenu */ void MainWindow::UpdateEnableWriteSupportMenu() { if(!this->is_hive_writable) { this->ui->ActionEnableWriteSupport->setText(tr("Enable &write support")); this->p_node_tree->SetWritable(false); this->p_key_table->SetWritable(false); } else { this->ui->ActionEnableWriteSupport->setEnabled(false); this->p_node_tree->SetWritable(true); this->p_key_table->SetWritable(true); } } /* * SaveHiveChanges */ bool MainWindow::SaveHiveChanges(bool force) { if(!this->is_hive_open) return true; if(!this->is_hive_writable) return true; if(!this->p_hive->HasChangesToCommit()) return true; if(!force) { // There are unsaved changes, ask user if we should commit them switch(QMessageBox::information(this, tr("Hive contains unsaved data"), tr("Do you want to save them now?"), QMessageBox::Yes, QMessageBox::No, QMessageBox::Cancel)) { case QMessageBox::Yes: { if(!this->p_hive->CommitChanges()) { QMessageBox::critical(this, tr("Saving changes"), tr("Unable to save changes: %1") .arg(this->p_hive->GetErrorMsg())); return false; } break; } case QMessageBox::No: { break; } default: { return false; } } } else { if(!this->p_hive->CommitChanges()) { QMessageBox::critical(this, tr("Saving changes"), tr("Unable to save changes: %1") .arg(this->p_hive->GetErrorMsg())); return false; } } return true; } diff --git a/trunk/qhexedit/qhexedit.cpp b/trunk/qhexedit/qhexedit.cpp index e193c0c..7e5b5ee 100644 --- a/trunk/qhexedit/qhexedit.cpp +++ b/trunk/qhexedit/qhexedit.cpp @@ -1,137 +1,135 @@ /******************************************************************************* * qhexedit Copyright (c) 2011-2014 by Gillen Daniel * * * * Simple hex editor widget for Qt. * * * * Derived from code by Simon Winfried under a compatible license: * * Copyright (c) 2010 by Simon Winfried * * * * This program is free software: you can redistribute it and/or modify it * * under the terms of the GNU General Public License as published by the Free * * Software Foundation, either version 3 of the License, or (at your option) * * any later version. * * * * This program is distributed in the hope that it will be useful, but WITHOUT * * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or * * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for * * more details. * * * * You should have received a copy of the GNU General Public License along with * * this program. If not, see . * *******************************************************************************/ -#include - +#include #include "qhexedit.h" - QHexEdit::QHexEdit(QWidget *parent) : QScrollArea(parent) { qHexEdit_p = new QHexEditPrivate(this); setWidget(qHexEdit_p); setWidgetResizable(true); connect(qHexEdit_p, SIGNAL(currentAddressChanged(int)), this, SIGNAL(currentAddressChanged(int))); connect(qHexEdit_p, SIGNAL(currentSizeChanged(int)), this, SIGNAL(currentSizeChanged(int))); connect(qHexEdit_p, SIGNAL(dataChanged()), this, SIGNAL(dataChanged())); connect(qHexEdit_p, SIGNAL(overwriteModeChanged(bool)), this, SIGNAL(overwriteModeChanged(bool))); } void QHexEdit::insert(int i, const QByteArray & ba) { qHexEdit_p->insert(i, ba); } void QHexEdit::insert(int i, char ch) { qHexEdit_p->insert(i, ch); } void QHexEdit::remove(int pos, int len) { qHexEdit_p->remove(pos, len); } void QHexEdit::setAddressArea(bool addressArea) { qHexEdit_p->setAddressArea(addressArea); } void QHexEdit::setAddressWidth(int addressWidth) { qHexEdit_p->setAddressWidth(addressWidth); } void QHexEdit::setAsciiArea(bool asciiArea) { qHexEdit_p->setAsciiArea(asciiArea); } void QHexEdit::setHighlighting(bool mode) { qHexEdit_p->setHighlighting(mode); } void QHexEdit::setAddressOffset(int offset) { qHexEdit_p->setAddressOffset(offset); } int QHexEdit::addressOffset() { return addressOffset(); } void QHexEdit::setData(const QByteArray &data) { qHexEdit_p->setData(data); } QByteArray QHexEdit::data() { return qHexEdit_p->data(); } void QHexEdit::setAddressAreaColor(const QColor &color) { qHexEdit_p->setAddressAreaColor(color); } QColor QHexEdit::addressAreaColor() { return qHexEdit_p->addressAreaColor(); } void QHexEdit::setHighlightingColor(const QColor &color) { qHexEdit_p->setHighlightingColor(color); } QColor QHexEdit::highlightingColor() { return qHexEdit_p->highlightingColor(); } void QHexEdit::setOverwriteMode(bool overwriteMode) { qHexEdit_p->setOverwriteMode(overwriteMode); } bool QHexEdit::overwriteMode() { return qHexEdit_p->overwriteMode(); } void QHexEdit::setReadOnly(bool read_only) { qHexEdit_p->setReadOnly(read_only); } bool QHexEdit::readOnly() { return qHexEdit_p->readOnly(); } void QHexEdit::setFont(const QFont &font) { qHexEdit_p->setFont(font); } diff --git a/trunk/qhexedit/qhexedit.h b/trunk/qhexedit/qhexedit.h index 57035c1..5ba1c5e 100644 --- a/trunk/qhexedit/qhexedit.h +++ b/trunk/qhexedit/qhexedit.h @@ -1,178 +1,178 @@ /******************************************************************************* * qhexedit Copyright (c) 2011-2014 by Gillen Daniel * * * * Simple hex editor widget for Qt. * * * * Derived from code by Simon Winfried under a compatible license: * * Copyright (c) 2010 by Simon Winfried * * * * This program is free software: you can redistribute it and/or modify it * * under the terms of the GNU General Public License as published by the Free * * Software Foundation, either version 3 of the License, or (at your option) * * any later version. * * * * This program is distributed in the hope that it will be useful, but WITHOUT * * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or * * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for * * more details. * * * * You should have received a copy of the GNU General Public License along with * * this program. If not, see . * *******************************************************************************/ #ifndef QHEXEDIT_H #define QHEXEDIT_H -#include - #include "qhexedit_p.h" /** \mainpage QHexEdit is a binary editor widget for Qt. \version Version 0.4.6 \image html hexedit.png */ +class QHBoxLayout; + /*! QHexEdit is a hex editor widget written in C++ for the Qt (Qt4) framework. It is a simple editor for binary data, just like QPlainTextEdit is for text data. There are sip configuration files included, so it is easy to create bindings for PyQt and you can use this widget also in python. QHexEdit takes the data of a QByteArray (setData()) and shows it. You can use the mouse or the keyboard to navigate inside the widget. If you hit the keys (0..9, a..f) you will change the data. Changed data is highlighted and can be accessed via data(). Normaly QHexEdit works in the overwrite Mode. You can set overwriteMode(false) and insert data. In this case the size of data() increases. It is also possible to delete bytes under the cursor, here the size of data decreases. There are some limitations: The size of data has in general to be below 10 megabytes, otherwise the scroll sliders ard not shown and you can't scroll any more. Copy and paste functionality is perhaps a subject of a later release. */ class QHexEdit : public QScrollArea { Q_OBJECT /*! Property data holds the content of QHexEdit. Call setData() to set the content of QHexEdit, data() returns the actual content. */ Q_PROPERTY(QByteArray data READ data WRITE setData) /*! Property addressOffset is added to the Numbers of the Address Area. A offset in the address area (left side) is sometimes usefull, whe you show only a segment of a complete memory picture. With setAddressOffset() you set this property - with addressOffset() you get the actual value. */ Q_PROPERTY(int addressOffset READ addressOffset WRITE setAddressOffset) /*! Property address area color sets (setAddressAreaColor()) the backgorund color of address areas. You can also read the color (addressaAreaColor()). */ Q_PROPERTY(QColor addressAreaColor READ addressAreaColor WRITE setAddressAreaColor) /*! Property highlighting color sets (setHighlightingColor()) the backgorund color of highlighted text areas. You can also read the color (highlightingColor()). */ Q_PROPERTY(QColor highlightingColor READ highlightingColor WRITE setHighlightingColor) /*! Porperty overwrite mode sets (setOverwriteMode()) or gets (overwriteMode()) the mode in which the editor works. In overwritem mode the user will overwrite existing data. */ Q_PROPERTY(bool overwriteMode READ overwriteMode WRITE setOverwriteMode) /*! Porperty read only sets (setReadOnly()) or gets (readOnly()) the current editable mode. */ Q_PROPERTY(bool readOnly READ readOnly WRITE setReadOnly) public: /*! Creates an instance of QHexEdit. \param parent Parent widget of QHexEdit. */ QHexEdit(QWidget *parent = 0); /*! Inserts a byte array. \param i Index position, where to insert \param ba byte array, which is to insert */ void insert(int i, const QByteArray & ba); /*! Inserts a char. \param i Index position, where to insert \param ch Char, which is to insert */ void insert(int i, char ch); /*! Removes len bytes from the content. \param pos Index position, where to remove \param len Amount of bytes to remove */ void remove(int pos, int len=1); /*! Set the font of the widget. Please use fixed width fonts like Mono or Courier.*/ void setFont(const QFont &); /*! \cond docNever */ void setAddressOffset(int offset); int addressOffset(); void setData(QByteArray const &data); QByteArray data(); void setAddressAreaColor(QColor const &color); QColor addressAreaColor(); void setHighlightingColor(QColor const &color); QColor highlightingColor(); void setOverwriteMode(bool); bool overwriteMode(); void setReadOnly(bool); bool readOnly(); /*! \endcond docNever */ public slots: /*! Set the minimum width of the address area. \param addressWidth Width in characters. */ void setAddressWidth(int addressWidth); /*! Switch the address area on or off. \param addressArea true (show it), false (hide it). */ void setAddressArea(bool addressArea); /*! Switch the ascii area on or off. \param asciiArea true (show it), false (hide it). */ void setAsciiArea(bool asciiArea); /*! Switch the highlighting feature on or of. \param mode true (show it), false (hide it). */ void setHighlighting(bool mode); signals: /*! Contains the address, where the cursor is located. */ void currentAddressChanged(int address); /*! Contains the size of the data to edit. */ void currentSizeChanged(int size); /*! The signal is emited every time, the data is changed. */ void dataChanged(); /*! The signal is emited every time, the overwrite mode is changed. */ void overwriteModeChanged(bool state); private: /*! \cond docNever */ QHexEditPrivate *qHexEdit_p; QHBoxLayout *layout; QScrollArea *scrollArea; /*! \endcond docNever */ }; #endif diff --git a/trunk/qhexedit/qhexedit_p.cpp b/trunk/qhexedit/qhexedit_p.cpp index 0887812..dccf4da 100644 --- a/trunk/qhexedit/qhexedit_p.cpp +++ b/trunk/qhexedit/qhexedit_p.cpp @@ -1,628 +1,630 @@ /******************************************************************************* * qhexedit Copyright (c) 2011-2014 by Gillen Daniel * * * * Simple hex editor widget for Qt. * * * * Derived from code by Simon Winfried under a compatible license: * * Copyright (c) 2010 by Simon Winfried * * * * This program is free software: you can redistribute it and/or modify it * * under the terms of the GNU General Public License as published by the Free * * Software Foundation, either version 3 of the License, or (at your option) * * any later version. * * * * This program is distributed in the hope that it will be useful, but WITHOUT * * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or * * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for * * more details. * * * * You should have received a copy of the GNU General Public License along with * * this program. If not, see . * *******************************************************************************/ -#include +#include #include +#include +#include #include "qhexedit_p.h" const int HEXCHARS_IN_LINE = 47; const int GAP_ADR_HEX = 10; const int GAP_HEX_ASCII = 16; const int BYTES_PER_LINE = 16; QHexEditPrivate::QHexEditPrivate(QScrollArea *parent) : QWidget(parent) { _scrollArea = parent; setAddressWidth(4); setAddressOffset(0); setAddressArea(true); setAsciiArea(true); setHighlighting(true); setOverwriteMode(true); setAddressAreaColor(QColor(Qt::lightGray).lighter(110)); setHighlightingColor(QColor(Qt::yellow).lighter(160)); this->setReadOnly(true); this->sel_origin=QPoint(0,0); this->sel_start=QPoint(0,0); this->sel_end=QPoint(0,0); setFont(QFont("Mono", 10)); connect(&_cursorTimer, SIGNAL(timeout()), this, SLOT(updateCursor())); _cursorTimer.setInterval(500); setFocusPolicy(Qt::StrongFocus); _size = -1; // Create context menu this->p_menu_copy=new QMenu(tr("Copy"),this); this->p_action_copy_selected_bytes= new QAction(tr("Selected bytes"),this->p_menu_copy); this->p_action_copy_selected_text_ascii= new QAction(tr("Selected bytes converted to ASCII"),this->p_menu_copy); /* this->p_action_copy_selected_text_utf8= new QAction(tr("Selected text as UTF8"),this->p_menu_copy); */ this->p_menu_copy->addAction(this->p_action_copy_selected_bytes); this->p_menu_copy->addAction(this->p_action_copy_selected_text_ascii); /* this->p_menu_copy->addAction(this->p_action_copy_selected_text_utf8); */ this->connect(this->p_action_copy_selected_bytes, SIGNAL(triggered()), this, SLOT(SlotCopySelectedBytes())); this->connect(this->p_action_copy_selected_text_ascii, SIGNAL(triggered()), this, SLOT(SlotCopySelectedTextAsAscii())); /* this->connect(this->p_action_copy_selected_text_utf8, SIGNAL(triggered()), this, SLOT(SlotCopySelectedTextAsUtf8())); */ } QHexEditPrivate::~QHexEditPrivate() { // Delete context menu delete this->p_action_copy_selected_bytes; delete this->p_action_copy_selected_text_ascii; /* delete this->p_action_copy_selected_text_utf8; */ delete this->p_menu_copy; } void QHexEditPrivate::setAddressOffset(int offset) { _addressOffset = offset; adjust(); } int QHexEditPrivate::addressOffset() { return _addressOffset; } void QHexEditPrivate::setData(const QByteArray &data) { // Delete any previous selections this->sel_origin.setX(0); this->sel_origin.setY(0); this->sel_start=this->sel_origin; this->sel_end=this->sel_origin; if(!data.isNull() && !data.isEmpty()) this->_cursorTimer.start(); else this->_cursorTimer.stop(); this->_data = data; this->_originalData = data; this->adjust(); this->setCursorPos(0); this->setFocus(); } QByteArray QHexEditPrivate::data() { return _data; } void QHexEditPrivate::setAddressAreaColor(const QColor &color) { _addressAreaColor = color; update(); } QColor QHexEditPrivate::addressAreaColor() { return _addressAreaColor; } void QHexEditPrivate::setHighlightingColor(const QColor &color) { _highlightingColor = color; update(); } QColor QHexEditPrivate::highlightingColor() { return _highlightingColor; } void QHexEditPrivate::setOverwriteMode(bool overwriteMode) { if (overwriteMode != _overwriteMode) { emit overwriteModeChanged(overwriteMode); _overwriteMode = overwriteMode; adjust(); } } bool QHexEditPrivate::overwriteMode() { return _overwriteMode; } void QHexEditPrivate::setReadOnly(bool read_only) { this->_readOnly=read_only; } bool QHexEditPrivate::readOnly() { return this->_readOnly; } void QHexEditPrivate::insert(int i, const QByteArray & ba) { _data.insert(i, ba); _originalData.insert(i, ba); } void QHexEditPrivate::insert(int i, char ch) { _data.insert(i, ch); _originalData.insert(i, ch); } void QHexEditPrivate::remove(int index, int len) { _data.remove(index, len); _originalData.remove(index, len); } void QHexEditPrivate::setAddressArea(bool addressArea) { _addressArea = addressArea; adjust(); setCursorPos(_cursorPosition); } void QHexEditPrivate::setAddressWidth(int addressWidth) { if ((addressWidth >= 0) and (addressWidth<=6)) { _addressNumbers = addressWidth; adjust(); setCursorPos(_cursorPosition); } } void QHexEditPrivate::setAsciiArea(bool asciiArea) { _asciiArea = asciiArea; adjust(); } void QHexEditPrivate::setFont(const QFont &font) { QWidget::setFont(font); adjust(); } void QHexEditPrivate::setHighlighting(bool mode) { _highlighting = mode; update(); } void QHexEditPrivate::keyPressEvent(QKeyEvent *event) { bool down = false; int charX = (_cursorX - _xPosHex) / _charWidth; int posX = (charX / 3) * 2 + (charX % 3); int posBa = (_cursorY / _charHeight) * BYTES_PER_LINE + posX / 2; - int key = int(event->text()[0].toAscii()); + int key = int(event->text()[0].toLatin1()); if (!this->_readOnly && ((key>='0' && key<='9') || (key>='a' && key <= 'f'))) { // insert char if (_overwriteMode == false) if ((charX % 3) == 0) { insert(posBa, char(0)); adjust(); } if (_data.size() > 0) { QByteArray hexValue = _data.mid(posBa, 1).toHex(); if ((charX % 3) == 0) hexValue[0] = key; else hexValue[1] = key; _data.replace(posBa, 1, QByteArray().fromHex(hexValue)); emit dataChanged(); setCursorPos(_cursorPosition + 1); down = true; } } // delete char if (!this->_readOnly && event->matches(QKeySequence::Delete)) { remove(posBa); } if (!this->_readOnly && event->key() == Qt::Key_Backspace) { remove(posBa - 1); setCursorPos(_cursorPosition - 2); } // handle other function keys if(!this->_readOnly && event->key() == Qt::Key_Insert) { setOverwriteMode(!_overwriteMode); setCursorPos(_cursorPosition); } if (event->matches(QKeySequence::MoveToNextChar)) { setCursorPos(_cursorPosition + 1); down = true; } if (event->matches(QKeySequence::MoveToPreviousChar)) setCursorPos(_cursorPosition - 1); if (event->matches(QKeySequence::MoveToStartOfLine)) setCursorPos(_cursorPosition - (_cursorPosition % (2 * BYTES_PER_LINE))); if (event->matches(QKeySequence::MoveToEndOfLine)) setCursorPos(_cursorPosition | (2 * BYTES_PER_LINE -1)); if (event->matches(QKeySequence::MoveToPreviousLine)) setCursorPos(_cursorPosition - (2 * BYTES_PER_LINE)); if (event->matches(QKeySequence::MoveToPreviousPage)) setCursorPos(_cursorPosition - (((_scrollArea->viewport()->height() / _charHeight) - 1) * 2 * BYTES_PER_LINE)); if (event->matches(QKeySequence::MoveToStartOfDocument)) setCursorPos(0); if (event->matches(QKeySequence::MoveToNextLine)) { setCursorPos(_cursorPosition + (2 * BYTES_PER_LINE)); down = true; } if (event->matches(QKeySequence::MoveToEndOfDocument)) { setCursorPos(_data.size() * 2); down = true; } if (event->matches(QKeySequence::MoveToNextPage)) { setCursorPos(_cursorPosition + (((_scrollArea->viewport()->height() / _charHeight) - 1) * 2 * BYTES_PER_LINE)); down = true; } // when we move downwards, we have to go a little further if (down) _scrollArea->ensureVisible(_cursorX, _cursorY, 3, 3 + _charHeight); else _scrollArea->ensureVisible(_cursorX, _cursorY, 3, 3); update(); } void QHexEditPrivate::mousePressEvent(QMouseEvent *p_event) { if(p_event->button()==Qt::LeftButton) { // Init selection origin, start and end point this->sel_origin=p_event->pos(); this->sel_end=this->sel_start=this->sel_origin; // Set cursor to current pos int curs_pos=this->Point2Char(this->sel_start); if(curs_pos!=-1) setCursorPos(curs_pos); } else { QWidget::mousePressEvent(p_event); } } void QHexEditPrivate::mouseMoveEvent(QMouseEvent *p_event) { if(p_event->buttons()==Qt::LeftButton) { // Update current selection and repaint hexedit if(this->Point2Char(p_event->pos())>this->Point2Char(this->sel_origin)) { this->sel_start=this->sel_origin; this->sel_end=p_event->pos(); } else { this->sel_end=this->sel_origin; this->sel_start=p_event->pos(); } this->update(); } else { QWidget::mouseMoveEvent(p_event); } } void QHexEditPrivate::paintEvent(QPaintEvent *event) { QPainter painter(this); // Draw some patterns if needed painter.fillRect(event->rect(), this->palette().color(QPalette::Base)); if(_addressArea) { painter.fillRect(QRect(_xPosAdr, event->rect().top(), _xPosHex-GAP_ADR_HEX+2, height()), _addressAreaColor); } if(_asciiArea) { int linePos=_xPosAscii-(GAP_HEX_ASCII / 2); painter.setPen(Qt::gray); painter.drawLine(linePos,event->rect().top(),linePos,height()); } painter.setPen(this->palette().color(QPalette::WindowText)); // Calc positions int firstLineIdx= ((event->rect().top()/_charHeight)-_charHeight)*BYTES_PER_LINE; if(firstLineIdx<0) firstLineIdx=0; int lastLineIdx= ((event->rect().bottom()/_charHeight)+_charHeight)*BYTES_PER_LINE; if(lastLineIdx>_data.size()) lastLineIdx=_data.size(); int yPosStart=((firstLineIdx)/BYTES_PER_LINE)*_charHeight+_charHeight; // Paint address area if(_addressArea) { for(int lineIdx=firstLineIdx, yPos=yPosStart; lineIdxsel_start.isNull() && this->sel_end.isNull()) && this->sel_start!=this->sel_end) { selection_start=this->Point2Char(this->sel_start)/2; selection_end=this->Point2Char(this->sel_end)/2; selection=true; } // Paint hex area QByteArray hexBa(_data.mid(firstLineIdx,lastLineIdx-firstLineIdx+1).toHex()); QBrush highLighted=QBrush(_highlightingColor); painter.setBackground(highLighted); painter.setBackgroundMode(Qt::TransparentMode); for(int lineIdx=firstLineIdx, yPos=yPosStart; lineIdx=_originalData.size()) { painter.setBackgroundMode(Qt::TransparentMode); } else { if(_data[posBa]==_originalData[posBa]) { painter.setBackgroundMode(Qt::TransparentMode); } else { painter.setBackgroundMode(Qt::OpaqueMode); } } } // Highlight selection if(selection) { int cur_char=lineIdx+colIdx; if(cur_char>=selection_start && cur_char<=selection_end) { painter.setBackgroundMode(Qt::OpaqueMode); } else { painter.setBackgroundMode(Qt::TransparentMode); } } // Render hex value if(colIdx==0) { hex=hexBa.mid((lineIdx-firstLineIdx)*2,2); painter.drawText(xPos,yPos,hex); xPos+=2*_charWidth; } else { hex=hexBa.mid((lineIdx+colIdx-firstLineIdx)*2,2).prepend(" "); painter.drawText(xPos,yPos,hex); xPos+=3*_charWidth; } } } // Paint ascii area if(_asciiArea) { for(int lineIdx=firstLineIdx, yPos=yPosStart; lineIdx=selection_start && cur_char<=selection_end) { painter.setBackgroundMode(Qt::OpaqueMode); } else { painter.setBackgroundMode(Qt::TransparentMode); } } // Render char if(((char)ascii[idx]<0x20) || ((char)ascii[idx]>0x7e)) { painter.drawText(xpos, yPos, QString(".")); } else { painter.drawText(xpos, yPos, QString(ascii.at(idx))); } } } } // Reset painter background if it is still set from highlighting painter.setBackgroundMode(Qt::TransparentMode); // Paint cursor if(_blink && !this->_data.isNull() && !this->_data.isEmpty()) { if(_overwriteMode) { painter.fillRect(_cursorX, _cursorY+_charHeight-2, _charWidth, 2, this->palette().color(QPalette::WindowText)); } else { painter.fillRect(_cursorX, _cursorY, 2, _charHeight, this->palette().color(QPalette::WindowText)); } } if(_size!=_data.size()) { _size=_data.size(); emit currentSizeChanged(_size); } } void QHexEditPrivate::setCursorPos(int position) { // delete cursor _blink=false; update(); // cursor in range? if(_overwriteMode) { if(position>(_data.size()*2-1)) position=_data.size()*2-1; } else { if(position>(_data.size()*2)) position=_data.size()*2; } if(position < 0) position=0; // calc position _cursorPosition=position; _cursorY=(position/(2*BYTES_PER_LINE))*_charHeight+4; int x=(position%(2*BYTES_PER_LINE)); _cursorX=(((x/2)*3)+(x%2))*_charWidth+_xPosHex; // immiadately draw cursor _blink=true; update(); emit currentAddressChanged(_cursorPosition/2); } void QHexEditPrivate::contextMenuEvent(QContextMenuEvent *p_event) { // Only show context menu when something is selected if(!(this->sel_start.isNull() && this->sel_end.isNull()) && this->sel_start!=this->sel_end) { // Create context menu and add actions QMenu context_menu(this); context_menu.addMenu(this->p_menu_copy); context_menu.exec(p_event->globalPos()); } } void QHexEditPrivate::updateCursor() { if (_blink) _blink = false; else _blink = true; update(_cursorX, _cursorY, _charWidth, _charHeight); } void QHexEditPrivate::SlotCopySelectedBytes() { int selection_start=this->Point2Char(this->sel_start)/2; int selection_count=this->Point2Char(this->sel_end)/2; selection_count-=(selection_start-1); QByteArray hex(this->_data.mid(selection_start,selection_count).toHex()); QApplication::clipboard()->setText(hex,QClipboard::Clipboard); } void QHexEditPrivate::SlotCopySelectedTextAsAscii() { int selection_start=this->Point2Char(this->sel_start)/2; int selection_count=this->Point2Char(this->sel_end)/2; selection_count-=(selection_start-1); QByteArray values(this->_data.mid(selection_start,selection_count)); QString ascii=""; int i=0; for(i=0;i0x7e))) { ascii.append(values.at(i)); } } QApplication::clipboard()->setText(ascii,QClipboard::Clipboard); } /* void QHexEditPrivate::SlotCopySelectedTextAsUtf8() { // TODO: Implement } */ void QHexEditPrivate::adjust() { _charWidth = fontMetrics().width(QLatin1Char('9')); _charHeight = fontMetrics().height(); // is addressNumbers wide enought? QString test = QString("%1") .arg(_data.size() + _addressOffset, _addressNumbers, 16, QChar('0')); _realAddressNumbers = test.size(); _xPosAdr = 0; if (_addressArea) _xPosHex = _realAddressNumbers *_charWidth + GAP_ADR_HEX; else _xPosHex = 0; _xPosAscii = _xPosHex + HEXCHARS_IN_LINE * _charWidth + GAP_HEX_ASCII; // tell QAbstractScollbar, how big we are setMinimumHeight(((_data.size()/16 + 1) * _charHeight) + 3); setMinimumWidth(_xPosAscii + (BYTES_PER_LINE * _charWidth)); update(); } int QHexEditPrivate::Point2Char(QPoint pos) { // find char under cursor if((pos.x()>=_xPosHex) && (pos.x()<(_xPosHex+HEXCHARS_IN_LINE*_charWidth))) { int x=(pos.x()-_xPosHex)/_charWidth; if((x%3)==0) x=(x/3)*2; else x=((x/3)*2)+1; int y=(pos.y()/_charHeight)*2*BYTES_PER_LINE; return x+y; } return -1; } diff --git a/trunk/qhexedit/qhexedit_p.h b/trunk/qhexedit/qhexedit_p.h index 1f27f55..091b57e 100644 --- a/trunk/qhexedit/qhexedit_p.h +++ b/trunk/qhexedit/qhexedit_p.h @@ -1,125 +1,128 @@ /******************************************************************************* * qhexedit Copyright (c) 2011-2014 by Gillen Daniel * * * * Simple hex editor widget for Qt. * * * * Derived from code by Simon Winfried under a compatible license: * * Copyright (c) 2010 by Simon Winfried * * * * This program is free software: you can redistribute it and/or modify it * * under the terms of the GNU General Public License as published by the Free * * Software Foundation, either version 3 of the License, or (at your option) * * any later version. * * * * This program is distributed in the hope that it will be useful, but WITHOUT * * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or * * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for * * more details. * * * * You should have received a copy of the GNU General Public License along with * * this program. If not, see . * *******************************************************************************/ #ifndef QHEXEDIT_P_H #define QHEXEDIT_P_H /** \cond docNever */ -#include #include +#include +#include +#include +#include class QHexEditPrivate : public QWidget { Q_OBJECT public: QHexEditPrivate(QScrollArea *parent); ~QHexEditPrivate(); void setAddressOffset(int offset); int addressOffset(); void setData(QByteArray const &data); QByteArray data(); void setAddressAreaColor(QColor const &color); QColor addressAreaColor(); void setHighlightingColor(QColor const &color); QColor highlightingColor(); void setOverwriteMode(bool overwriteMode); bool overwriteMode(); void setReadOnly(bool read_only); bool readOnly(); void insert(int i, const QByteArray & ba); void insert(int i, char ch); void remove(int index, int len=1); void setAddressArea(bool addressArea); void setAddressWidth(int addressWidth); void setAsciiArea(bool asciiArea); void setHighlighting(bool mode); virtual void setFont(const QFont &font); signals: void currentAddressChanged(int address); void currentSizeChanged(int size); void dataChanged(); void overwriteModeChanged(bool state); protected: void keyPressEvent(QKeyEvent * event); void mousePressEvent(QMouseEvent *p_event); void mouseMoveEvent(QMouseEvent *p_event); void paintEvent(QPaintEvent *event); void setCursorPos(int position); void contextMenuEvent(QContextMenuEvent *p_event); private slots: void updateCursor(); void SlotCopySelectedBytes(); void SlotCopySelectedTextAsAscii(); /* void SlotCopySelectedTextAsUtf8(); */ private: void adjust(); int Point2Char(QPoint pos); QColor _addressAreaColor; QByteArray _data; QByteArray _originalData; QColor _highlightingColor; QScrollArea *_scrollArea; QTimer _cursorTimer; QPoint sel_origin; QPoint sel_start; QPoint sel_end; QMenu *p_menu_copy; QAction *p_action_copy_selected_bytes; QAction *p_action_copy_selected_text_ascii; /* QAction *p_action_copy_selected_text_utf8; */ bool _blink; bool _addressArea; bool _asciiArea; bool _highlighting; bool _overwriteMode; bool _readOnly; int _addressNumbers, _realAddressNumbers; int _addressOffset; int _charWidth, _charHeight; int _cursorX, _cursorY, _cursorPosition; int _xPosAdr, _xPosHex, _xPosAscii; int _size; }; /** \endcond docNever */ #endif diff --git a/trunk/qtscript_types/bytearray.cpp b/trunk/qtscript_types/bytearray.cpp index 2d396b6..0c70855 100644 --- a/trunk/qtscript_types/bytearray.cpp +++ b/trunk/qtscript_types/bytearray.cpp @@ -1,181 +1,181 @@ /******************************************************************************* * Copyright (c) 2011-2014 by Gillen Daniel * * * * Derived from code by Nokia Corporation and/or its subsidiary(-ies) under a * * compatible license: * * * * Copyright (C) 2009 Nokia Corporation and/or its subsidiary(-ies). * * All rights reserved. * * * * This program is free software: you can redistribute it and/or modify it * * under the terms of the GNU General Public License as published by the Free * * Software Foundation, either version 3 of the License, or (at your option) * * any later version. * * * * This program is distributed in the hope that it will be useful, but WITHOUT * * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or * * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for * * more details. * * * * You should have received a copy of the GNU General Public License along with * * this program. If not, see . * *******************************************************************************/ -#include +#include #include #include "bytearray.h" #include "bytearrayiterator.h" #include "bytearrayprototype.h" Q_DECLARE_METATYPE(QByteArray*) Q_DECLARE_METATYPE(ByteArray*) ByteArray::ByteArray(QScriptEngine *engine) : QObject(engine), QScriptClass(engine) { qScriptRegisterMetaType(engine, this->toScriptValue, this->fromScriptValue); this->length=engine->toStringHandle(QLatin1String("length")); this->proto=engine->newQObject(new ByteArrayPrototype(this), QScriptEngine::QtOwnership, QScriptEngine::SkipMethodsInEnumeration | QScriptEngine::ExcludeSuperClassMethods | QScriptEngine::ExcludeSuperClassProperties); QScriptValue global=engine->globalObject(); proto.setPrototype(global.property("Object").property("prototype")); this->ctor=engine->newFunction(this->construct,this->proto); this->ctor.setData(qScriptValueFromValue(engine,this)); } ByteArray::~ByteArray() {} QScriptClass::QueryFlags ByteArray::queryProperty(const QScriptValue &object, const QScriptString &name, QueryFlags flags, uint *id) { QByteArray *ba=qscriptvalue_cast(object.data()); if(!ba) return 0; if(name!=this->length) { bool is_array_index; qint32 pos=name.toArrayIndex(&is_array_index); if(!is_array_index) return 0; *id=pos; if((flags & HandlesReadAccess) && (pos>=ba->size())) flags &= ~HandlesReadAccess; } return flags; } QScriptValue ByteArray::property(const QScriptValue &object, const QScriptString &name, uint id) { QByteArray *ba=qscriptvalue_cast(object.data()); if(!ba) return QScriptValue(); if(name==length) return ba->length(); else { qint32 pos=id; if((pos < 0) || (pos >= ba->size())) return QScriptValue(); return uint(ba->at(pos)) & 255; } return QScriptValue(); } void ByteArray::setProperty(QScriptValue &object, const QScriptString &name, uint id, const QScriptValue &value) { QByteArray *ba=qscriptvalue_cast(object.data()); if(!ba) return; if(name==length) this->resize(*ba,value.toInt32()); else { qint32 pos=id; if(pos<0) return; if(ba->size()<=pos) this->resize(*ba,pos + 1); (*ba)[pos]=char(value.toInt32()); } } QScriptValue::PropertyFlags ByteArray::propertyFlags(const QScriptValue &object, const QScriptString &name, uint id) { Q_UNUSED(object); Q_UNUSED(id); if(name==length) { return QScriptValue::Undeletable | QScriptValue::SkipInEnumeration; } return QScriptValue::Undeletable; } QScriptClassPropertyIterator *ByteArray::newIterator(const QScriptValue &object) { return new ByteArrayIterator(object); } QString ByteArray::name() const { return QLatin1String("ByteArray"); } QScriptValue ByteArray::prototype() const { return proto; } QScriptValue ByteArray::constructor() { return ctor; } QScriptValue ByteArray::newInstance(int size) { #if QT_VERSION >= 0x040700 this->engine()->reportAdditionalMemoryCost(size); #endif return newInstance(QByteArray(size,0)); } QScriptValue ByteArray::newInstance(const QByteArray &ba) { QScriptValue data=engine()->newVariant(qVariantFromValue(ba)); return engine()->newObject(this,data); } QScriptValue ByteArray::construct(QScriptContext *ctx, QScriptEngine *) { ByteArray *cls=qscriptvalue_cast(ctx->callee().data()); if(!cls) return QScriptValue(); QScriptValue arg=ctx->argument(0); if(arg.instanceOf(ctx->callee())) return cls->newInstance(qscriptvalue_cast(arg)); int size=arg.toInt32(); return cls->newInstance(size); } QScriptValue ByteArray::toScriptValue(QScriptEngine *eng, const QByteArray &ba) { QScriptValue ctor=eng->globalObject().property("ByteArray"); ByteArray *cls=qscriptvalue_cast(ctor.data()); if(!cls) return eng->newVariant(qVariantFromValue(ba)); return cls->newInstance(ba); } void ByteArray::fromScriptValue(const QScriptValue &obj, QByteArray &ba) { ba=qvariant_cast(obj.data().toVariant()); } void ByteArray::resize(QByteArray &ba, int newSize) { int oldSize=ba.size(); ba.resize(newSize); #if QT_VERSION >= 0x040700 if(newSize>oldSize) this->engine()->reportAdditionalMemoryCost(newSize-oldSize); #endif } diff --git a/trunk/qtscript_types/bytearray.h b/trunk/qtscript_types/bytearray.h index 6b59be6..bb8dea8 100644 --- a/trunk/qtscript_types/bytearray.h +++ b/trunk/qtscript_types/bytearray.h @@ -1,76 +1,79 @@ /******************************************************************************* * Copyright (c) 2011-2014 by Gillen Daniel * * * * Derived from code by Nokia Corporation and/or its subsidiary(-ies) under a * * compatible license: * * * * Copyright (C) 2009 Nokia Corporation and/or its subsidiary(-ies). * * All rights reserved. * * * * This program is free software: you can redistribute it and/or modify it * * under the terms of the GNU General Public License as published by the Free * * Software Foundation, either version 3 of the License, or (at your option) * * any later version. * * * * This program is distributed in the hope that it will be useful, but WITHOUT * * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or * * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for * * more details. * * * * You should have received a copy of the GNU General Public License along with * * this program. If not, see . * *******************************************************************************/ // Description: http://cs.karelia.ru/~aborod/doc/qt/script-customclass.html #ifndef BYTEARRAY_H #define BYTEARRAY_H #include -#include -#include +#include +#include + +class QScriptContext; class ByteArray : public QObject, public QScriptClass { + Q_OBJECT public: ByteArray(QScriptEngine *engine); ~ByteArray(); QScriptValue constructor(); QScriptValue newInstance(int size = 0); QScriptValue newInstance(const QByteArray &ba); QueryFlags queryProperty(const QScriptValue &object, const QScriptString &name, QueryFlags flags, uint *id); QScriptValue property(const QScriptValue &object, const QScriptString &name, uint id); void setProperty(QScriptValue &object, const QScriptString &name, uint id, const QScriptValue &value); QScriptValue::PropertyFlags propertyFlags(const QScriptValue &object, const QScriptString &name, uint id); QScriptClassPropertyIterator *newIterator(const QScriptValue &object); QString name() const; QScriptValue prototype() const; private: static QScriptValue construct(QScriptContext *ctx, QScriptEngine *eng); static QScriptValue toScriptValue(QScriptEngine *eng, const QByteArray &ba); static void fromScriptValue(const QScriptValue &obj, QByteArray &ba); void resize(QByteArray &ba, int newSize); QScriptString length; QScriptValue proto; QScriptValue ctor; }; #endif // BYTEARRAY_H diff --git a/trunk/registryhive.cpp b/trunk/registryhive.cpp index 4d43172..d926c78 100644 --- a/trunk/registryhive.cpp +++ b/trunk/registryhive.cpp @@ -1,1401 +1,1401 @@ /******************************************************************************* * fred Copyright (c) 2011-2014 by Gillen Daniel * * * * Forensic Registry EDitor (fred) is a cross-platform M$ registry hive editor * * with special feautures useful during forensic analysis. * * * * This program is free software: you can redistribute it and/or modify it * * under the terms of the GNU General Public License as published by the Free * * Software Foundation, either version 3 of the License, or (at your option) * * any later version. * * * * This program is distributed in the hope that it will be useful, but WITHOUT * * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or * * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for * * more details. * * * * You should have received a copy of the GNU General Public License along with * * this program. If not, see . * *******************************************************************************/ #include #include #include #include #include #include #include "registryhive.h" // TODO: __WORDSIZE is not defined under mingw and I currently have no idea how // to identify a 64bit windows #ifndef __WORDSIZE #define __WORDSIZE 32 #endif #if __WORDSIZE == 64 #define EPOCH_DIFF 0x19DB1DED53E8000 #else #define EPOCH_DIFF 0x19DB1DED53E8000LL #endif // Macros to ease UTF16 endianness conversions #undef UTF16LETOH #define UTF16LETOH(buf,buf_len) { \ for(int buf_off=0;buf_off<((buf_len)-1);buf_off+=2) { \ *((quint16*)((buf)+buf_off))=qFromLittleEndian(*((quint16*)((buf)+buf_off))); \ } \ } #undef UTF16BETOH #define UTF16BETOH(buf,buf_len) { \ for(int buf_off=0;buf_off<((buf_len)-1);buf_off+=2) { \ *((quint16*)((buf)+buf_off))=qFromBigEndian(*((quint16*)((buf)+buf_off))); \ } \ } #undef HTOUTF16LE #define HTOUTF16LE(buf,buf_len) { \ for(int buf_off=0;buf_off<((buf_len)-1);buf_off+=2) { \ *((quint16*)((buf)+buf_off))=qToLittleEndian(*((quint16*)((buf)+buf_off))); \ } \ } #undef HTOUTF16BE #define HTOUTF16BE(buf,buf_len) { \ for(int buf_off=0;buf_off<((buf_len)-1);buf_off+=2) { \ *((quint16*)((buf)+buf_off))=qToBigEndian(*((quint16*)((buf)+buf_off))); \ } \ } // Some errno numbers that hivex uses are not defined under Windows #if (defined _WIN32 || defined __WIN32__) && ! defined __CYGWIN__ // These are the same values as defined by MSVC 10, for interoperability. #ifndef ENOTSUP #define ENOTSUP 129 #endif #ifndef ELOOP #define ELOOP 114 #endif #endif /******************************************************************************* * Public ******************************************************************************/ /* * RegistryHive */ RegistryHive::RegistryHive(QObject *p_parent) : QObject(p_parent) { this->erro_msg=""; this->is_error=false; this->hive_file=""; this->p_hive=NULL; this->is_hive_open=false; this->is_hive_writable=false; this->has_changes_to_commit=false; } /* * ~RegistryHive */ RegistryHive::~RegistryHive() { if(this->is_hive_open) this->Close(); } /* * Error */ bool RegistryHive::Error() { return this->is_error; } /* * GetErrorMsg */ QString RegistryHive::GetErrorMsg() { QString msg=this->erro_msg; this->erro_msg=""; this->is_error=false; return msg; } /* * Open */ bool RegistryHive::Open(QString file, bool read_only) { if(this->is_hive_open) return false; // Open hive file this->p_hive=hivex_open(file.toLocal8Bit().constData(), read_only ? 0 : HIVEX_OPEN_WRITE); if(this->p_hive==NULL) return false; // Set local vars this->hive_file=file; this->is_hive_open=true; this->is_hive_writable=!read_only; this->has_changes_to_commit=false; return true; } /* * Reopen */ bool RegistryHive::Reopen(bool read_only) { if(!this->is_hive_open) return false; // Close hive first if(hivex_close(this->p_hive)!=0) { // According to the docs, even if hivex_close fails, it frees all handles. // So we consider this fatal and final! this->hive_file=""; this->is_hive_open=false; this->is_hive_writable=false; this->has_changes_to_commit=false; return false; } // Reopen same hive this->p_hive=hivex_open(this->hive_file.toLocal8Bit().constData(), read_only ? 0 : HIVEX_OPEN_WRITE); if(this->p_hive==NULL) { this->hive_file=""; this->is_hive_open=false; this->is_hive_writable=false; this->has_changes_to_commit=false; return false; } // Update local vars this->is_hive_writable=!read_only; this->has_changes_to_commit=false; return true; } /* * CommitChanges */ bool RegistryHive::CommitChanges() { if(!this->is_hive_open || !this->is_hive_writable) return false; if(!this->has_changes_to_commit) return true; // TODO: Maybe it would be more secure to commit changes to a new file and // then move it over the original one. if(hivex_commit(this->p_hive,NULL,0)!=0) { return false; } this->has_changes_to_commit=false; return true; } /* * Close */ bool RegistryHive::Close() { if(this->is_hive_open) { // As hivex_close will _ALWAYS_ free the handle, we don't need the following // values anymore this->hive_file=""; this->is_hive_open=false; this->is_hive_writable=false; this->has_changes_to_commit=false; // Close hive if(hivex_close(this->p_hive)!=0) return false; } return true; } /* * Filename */ QString RegistryHive::Filename() { if(this->is_hive_open) return this->hive_file; return QString(); } /* * HiveType */ RegistryHive::teHiveType RegistryHive::HiveType() { // Check for SYSTEM hive if(this->PathExists("\\Select") && this->PathExists("\\MountedDevices")) return RegistryHive::eHiveType_SYSTEM; // Check for SOFTWARE hive if(this->PathExists("\\Microsoft\\Windows\\CurrentVersion") && this->PathExists("\\Microsoft\\Windows NT\\CurrentVersion")) return RegistryHive::eHiveType_SOFTWARE; // Check for SAM if(this->PathExists("SAM\\Domains\\Account\\Users")) return RegistryHive::eHiveType_SAM; // Check for SECURITY if(this->PathExists("\\Policy\\Accounts") && this->PathExists("\\Policy\\PolAdtEv")) return RegistryHive::eHiveType_SECURITY; // Check for NTUSER.DAT if(this->PathExists("\\Software\\Microsoft\\Windows\\CurrentVersion")) return RegistryHive::eHiveType_NTUSER; // Unknown hive return RegistryHive::eHiveType_UNKNOWN; } /* * HiveTypeToString */ QString RegistryHive::HiveTypeToString(teHiveType hive_type) { switch(hive_type) { case RegistryHive::eHiveType_SYSTEM: return "SYSTEM"; break; case RegistryHive::eHiveType_SOFTWARE: return "SOFTWARE"; break; case RegistryHive::eHiveType_SAM: return "SAM"; break; case RegistryHive::eHiveType_SECURITY: return "SECURITY"; break; case RegistryHive::eHiveType_NTUSER: return "NTUSER"; break; default: return "UNKNOWN"; } } /* * HasChangesToCommit */ bool RegistryHive::HasChangesToCommit() { return this->has_changes_to_commit; } /* * GetNodes */ QMap RegistryHive::GetNodes(QString path) { hive_node_h parent_node; // Get handle to last node in path if(!this->GetNodeHandle(path,&parent_node)) return QMap(); // Get and return nodes return this->GetNodesHelper(parent_node); } /* * GetNodes */ QMap RegistryHive::GetNodes(int parent_node) { if(parent_node==0) { this->SetError(tr("Invalid parent node handle specified!")); return QMap(); } // Get and return nodes return this->GetNodesHelper(parent_node); } /* * GetKeys */ QMap RegistryHive::GetKeys(QString path) { hive_node_h parent_node; // Get handle to last node in path if(!this->GetNodeHandle(path,&parent_node)) return QMap(); // Get and return keys return this->GetKeysHelper(parent_node); } /* * GetKeys */ QMap RegistryHive::GetKeys(int parent_node) { if(parent_node==0) { this->SetError(tr("Invalid parent node handle specified!")); return QMap(); } // Get and return keys return this->GetKeysHelper(parent_node); } /* * GetKeyName */ bool RegistryHive::GetKeyName(int hive_key, QString &key_name) { char *buf; if(!this->is_hive_open) { this->SetError(tr("Need to operate on an open hive!")); return false; } buf=hivex_value_key(this->p_hive,(hive_value_h)hive_key); if(buf==NULL) { this->SetError(tr("Unable to get key name for key '%1'").arg(hive_key)); return false; } key_name=QString(buf); free(buf); return true; } /* * GetKeyValue */ QByteArray RegistryHive::GetKeyValue(QString path, QString key, int *p_value_type, size_t *p_value_len) { hive_node_h parent_node; hive_value_h hive_key; // Get handle to last node in path if(!this->GetNodeHandle(path,&parent_node)) return QByteArray(); // Get key handle hive_key=hivex_node_get_value(this->p_hive, - parent_node,key.toAscii().constData()); + parent_node,key.toLatin1().constData()); if(hive_key==0) { this->SetError(tr("Unable to get key handle!")); *p_value_len=-1; return QByteArray(); } // Get and return key value return this->GetKeyValueHelper(hive_key,p_value_type,p_value_len); } /* * GetKeyValue */ QByteArray RegistryHive::GetKeyValue(int hive_key, int *p_value_type, size_t *p_value_len) { if(hive_key==0) { this->SetError(tr("Invalid key handle specified!")); *p_value_type=-1; return QByteArray(); } // Get and return key value return this->GetKeyValueHelper(hive_key,p_value_type,p_value_len); } /* * GetKeyModTime */ qint64 RegistryHive::GetNodeModTime(QString path) { hive_node_h node; // Get handle to last node in path if(!this->GetNodeHandle(path,&node)) { this->SetError(tr("Unable to get node handle!")); return 0; } // Get and return node's last modification timestamp return this->GetNodeModTime(node); } /* * GetKeyModTime */ qint64 RegistryHive::GetNodeModTime(int node) { if(node==0) { this->SetError(tr("Invalid node handle specified!")); return 0; } // Get and return key's last modification timestamp return hivex_node_timestamp(this->p_hive,node); } /* * KeyValueToString */ QString RegistryHive::KeyValueToString(QByteArray value, int value_type) { QString ret=""; #define ToHexStr() { \ for(int i=0;i=2 && value.endsWith(QByteArray("\x00\x00",2))) { // Seems to be a unicode string, convert to host endianness and return // TODO: What if it is UTF16-BE?? Thx Billy! QByteArray buf=value; UTF16LETOH(buf.data(),buf.size()); - ret=QString().fromUtf16((ushort*)(buf.constData())); + ret=QString().fromUtf16((ushort*)(buf.constData())).toHtmlEscaped(); } else if(value.endsWith(QByteArray("\x00",1))) { // Seems to be an ansi string - ret=QString().fromAscii((char*)value.constData()); + ret=QString().fromLatin1((char*)value.constData()).toHtmlEscaped(); } else { // If we can't detect encoding, return string as hex ToHexStr(); } break; case hive_t_REG_MULTI_SZ: // Multiple Windows strings. // I suppose this is always LE encoded! M$ devs really suck! ret=RegistryHive::KeyValueToStringList(value).join("\n"); break; case hive_t_REG_DWORD: // DWORD (32 bit integer), little endian ret=QString("0x%1") .arg(qFromLittleEndian(*(quint32*)value.constData()), 8,16,QChar('0')); break; case hive_t_REG_DWORD_BIG_ENDIAN: // DWORD (32 bit integer), big endian ret=QString("0x%1") .arg(qFromBigEndian(*(quint32*)value.constData()), 8,16,QChar('0')); break; case hive_t_REG_QWORD: // QWORD (64 bit integer). Usually little endian (grrrr). ret=QString("0x%1") .arg(qFromLittleEndian(*(quint64*)value.constData()), 16,16,QChar('0')); break; case hive_t_REG_NONE: case hive_t_REG_BINARY: case hive_t_REG_LINK: case hive_t_REG_RESOURCE_LIST: case hive_t_REG_FULL_RESOURCE_DESCRIPTOR: case hive_t_REG_RESOURCE_REQUIREMENTS_LIST: default: // A key without a value (REG_NONE), a blob of binary (REG_BINARY), a // symbolic link to another part of the registry tree (REG_LINK), a // resource list (REG_RESOURCE_LIST), a resource descriptor // (FULL_RESOURCE_DESCRIPTOR), a resource requirements list // (REG_RESOURCE_REQUIREMENTS_LIST) or something unknown. // All these are converted to hex. ToHexStr(); } #undef ToHexStr return ret; } /* * KeyValueToString */ QString RegistryHive::KeyValueToString(QByteArray key_value, QString format, int offset, int length, bool little_endian) { int remaining_data_len; const char *p_data; QString ret=""; // Calculate how many bytes are remainig after specified offset remaining_data_len=key_value.size()-offset; if(!remaining_data_len>0) { // Nothing to show return QString(); } // Get pointer to data at specified offset p_data=key_value.constData(); p_data+=offset; // Convert value if(format=="int8" && remaining_data_len>=1) { ret=QString("%1").arg(*(qint8*)p_data); } else if(format=="uint8" && remaining_data_len>=1) { ret=QString("%1").arg(*(quint8*)p_data); } else if(format=="int16" && remaining_data_len>=2) { qint16 val; if(little_endian) val=qFromLittleEndian(*(qint16*)p_data); else val=qFromBigEndian(*(qint16*)p_data); ret=QString("%1").arg(val); } else if(format=="uint16" && remaining_data_len>=2) { quint16 val; if(little_endian) val=qFromLittleEndian(*(quint16*)p_data); else val=qFromBigEndian(*(quint16*)p_data); ret=QString("%1").arg(val); } else if(format=="int32" && remaining_data_len>=4) { qint32 val; if(little_endian) val=qFromLittleEndian(*(qint32*)p_data); else val=qFromBigEndian(*(qint32*)p_data); ret=QString("%1").arg(val); } else if(format=="uint32" && remaining_data_len>=4) { quint32 val; if(little_endian) val=qFromLittleEndian(*(quint32*)p_data); else val=qFromBigEndian(*(quint32*)p_data); ret=QString("%1").arg(val); } else if(format=="unixtime" && remaining_data_len>=4) { quint32 val; if(little_endian) val=qFromLittleEndian(*(quint32*)p_data); else val=qFromBigEndian(*(quint32*)p_data); if(val==0) { ret="n/a"; } else { QDateTime date_time; date_time.setTimeSpec(Qt::UTC); date_time.setTime_t(val); ret=date_time.toString("yyyy/MM/dd hh:mm:ss"); } } else if(format=="int64" && remaining_data_len>=8) { qint64 val; if(little_endian) val=qFromLittleEndian(*(qint64*)p_data); else val=qFromBigEndian(*(qint64*)p_data); ret=QString("%1").arg(val); } else if(format=="uint64" && remaining_data_len>=8) { quint64 val; if(little_endian) val=qFromLittleEndian(*(quint64*)p_data); else val=qFromBigEndian(*(quint64*)p_data); ret=QString("%1").arg(val); /* // TODO: Check how one could implement this } else if(format=="unixtime64" && remaining_data_len>=8) { if(*(quint64*)p_data==0) { ret="n/a"; } else { quint64 secs=*(quint64*)p_data; QDateTime date_time; date_time.setTimeSpec(Qt::UTC); // Set 32bit part of date/time date_time.setTime_t(secs&0xFFFFFFFF); // Now add high 32bit part of date/time date_time.addSecs(secs>>32); ret=date_time.toString("yyyy/MM/dd hh:mm:ss"); } */ } else if(format=="filetime" && remaining_data_len>=8) { quint64 val; if(little_endian) val=qFromLittleEndian(*(quint64*)p_data); else val=qFromBigEndian(*(quint64*)p_data); if(val==0) { ret="n/a"; } else { // TODO: Warn if >32bit QDateTime date_time; date_time.setTimeSpec(Qt::UTC); date_time.setTime_t(RegistryHive::FiletimeToUnixtime(val)); ret=date_time.toString("yyyy/MM/dd hh:mm:ss"); } } else if(format=="ascii") { if(length!=-1) { // User specified how many bytes to convert - ret=QString().fromAscii((char*)p_data,length); + ret=QString().fromLatin1((char*)p_data,length).toHtmlEscaped(); } else { // User did not specify how many bytes to convert, make sure data is 0 // terminated if(key_value.indexOf("\x00",offset)!=-1) { // Data is 0 terminated - ret=QString().fromAscii((char*)p_data); + ret=QString().fromLatin1((char*)p_data).toHtmlEscaped(); } else { // Data is not 0 terminated, convert all remaining_data_len bytes - ret=QString().fromAscii((char*)p_data,remaining_data_len); + ret=QString().fromLatin1((char*)p_data,remaining_data_len).toHtmlEscaped(); } } } else if(format=="utf16" && remaining_data_len>=2) { QByteArray buf; if(length!=-1) { // User specified how many bytes to convert buf=key_value.mid(offset,(length%2)==0 ? length : length-1); buf.append("\x00\x00",2); } else { // User did not specify how many bytes to convert, make sure data is // double 0 terminated int null_offset=RegistryHive::FindUnicodeStringEnd(key_value.mid(offset)); if(null_offset!=-1) { // Data is double 0 terminated buf=key_value.mid(offset,null_offset+2); } else { // Data is not double 0 terminated, convert all remaining_data_len bytes buf=key_value.mid(offset, (remaining_data_len%2)==0 ? remaining_data_len : remaining_data_len-1); buf.append("\x00\x00",2); } } // Convert from requested endianness to host if(little_endian) { UTF16LETOH(buf.data(),buf.size()); } else { UTF16BETOH(buf.data(),buf.size()); } - ret=QString().fromUtf16((ushort*)buf.constData()); + ret=QString().fromUtf16((ushort*)buf.constData()).toHtmlEscaped(); } else { // Unknown variant type or another error // TODO: Maybe return an error return QString(); } return ret; } /* * KeyValueToStringList * * Should only be used for REG_MULTI_SZ values */ QStringList RegistryHive::KeyValueToStringList(QByteArray value, bool little_endian, bool *p_ansi_encoded) { // Try to find value encoding (ANSI vs UNICODE) bool is_ansi; if(value.size()<=2) { // http://blogs.msdn.com/b/oldnewthing/archive/2009/10/08/9904646.aspx // Ansi version of a REG_MULTI_SZ needs to be terminated by 2 \0 chars. // So as long as the byte array has less or equal to 2 chars, it must be // empty. return QStringList(); } else if(value.size()==3) { // Only 3 chars, this can only be an ansi string consisting of 1 char and 2 // \0 to terminate it return QStringList() - < strings_it(strings); while(strings_it.hasNext()) { cur_string=strings_it.next(); if(ansi_encoded) { // Ansi encoding, simply append char string and terminating \0 - result.append(cur_string.toAscii().constData(),cur_string.size()); + result.append(cur_string.toLatin1().constData(),cur_string.size()); result.append("\x00",1); } else { // Unicode encoding // First, convert value to utf16 // TODO: May fail if there is a char that needs more than 16 bit buf=QByteArray((char*)(cur_string.utf16()),cur_string.size()*2); // Then convert to correct endianness if(little_endian) { HTOUTF16LE(buf.data(),buf.size()); } else { HTOUTF16BE(buf.data(),buf.size()); } // And finally append converted value and terminating \0\0 to result result.append(buf); result.append("\x00\x00",2); } } // Append terminating \0 chars and return if(ansi_encoded) result.append("\x00",1); else result.append("\x00\x00",2); return result; } /* * GetKeyValueTypes */ QStringList RegistryHive::GetKeyValueTypes() { return QStringList()<<"REG_NONE" <<"REG_SZ" <<"REG_EXPAND_SZ" <<"REG_BINARY" <<"REG_DWORD" <<"REG_DWORD_BIG_ENDIAN" <<"REG_LINK" <<"REG_MULTI_SZ" <<"REG_RESOURCE_LIST" <<"REG_FULL_RESOURCE_DESC" <<"REG_RESOURCE_REQ_LIST" <<"REG_QWORD"; } /* * KeyTypeToString */ QString RegistryHive::KeyValueTypeToString(int value_type) { QString ret=""; switch(value_type) { case hive_t_REG_NONE: ret="REG_NONE"; break; case hive_t_REG_SZ: ret="REG_SZ"; break; case hive_t_REG_EXPAND_SZ: ret="REG_EXPAND_SZ"; break; case hive_t_REG_BINARY: ret="REG_BINARY"; break; case hive_t_REG_DWORD: ret="REG_DWORD"; break; case hive_t_REG_DWORD_BIG_ENDIAN: ret="REG_DWORD_BIG_ENDIAN"; break; case hive_t_REG_LINK: ret="REG_LINK"; break; case hive_t_REG_MULTI_SZ: ret="REG_MULTI_SZ"; break; case hive_t_REG_RESOURCE_LIST: ret="REG_RESOURCE_LIST"; break; case hive_t_REG_FULL_RESOURCE_DESCRIPTOR: ret="REG_FULL_RESOURCE_DESC"; break; case hive_t_REG_RESOURCE_REQUIREMENTS_LIST: ret="REG_RESOURCE_REQ_LIST"; break; case hive_t_REG_QWORD: ret="REG_QWORD"; break; default: ret=QString("0x%1").arg((quint32)value_type,8,16,QChar('0')); } return ret; } /* * StringToKeyValueType */ int RegistryHive::StringToKeyValueType(QString value_type) { if(value_type=="REG_NONE") return hive_t_REG_NONE; if(value_type=="REG_SZ") return hive_t_REG_SZ; if(value_type=="REG_EXPAND_SZ") return hive_t_REG_EXPAND_SZ; if(value_type=="REG_BINARY") return hive_t_REG_BINARY; if(value_type=="REG_DWORD") return hive_t_REG_DWORD; if(value_type=="REG_DWORD_BIG_ENDIAN") return hive_t_REG_DWORD_BIG_ENDIAN; if(value_type=="REG_LINK") return hive_t_REG_LINK; if(value_type=="REG_MULTI_SZ") return hive_t_REG_MULTI_SZ; if(value_type=="REG_RESOURCE_LIST") return hive_t_REG_RESOURCE_LIST; if(value_type=="REG_FULL_RESOURCE_DESC") return hive_t_REG_FULL_RESOURCE_DESCRIPTOR; if(value_type=="REG_RESOURCE_REQ_LIST") return hive_t_REG_RESOURCE_REQUIREMENTS_LIST; if(value_type=="REG_QWORD") return hive_t_REG_QWORD; // I think this might be a good default :-) return hive_t_REG_BINARY; } /* * FiletimeToUnixtime */ quint64 RegistryHive::FiletimeToUnixtime(qint64 filetime) { return (unsigned)((filetime-EPOCH_DIFF)/10000000); } /* * AddNode */ int RegistryHive::AddNode(QString parent_node_path, QString node_name) { if(!this->is_hive_writable) return 0; // Make sure name does not contain a backslash char if(node_name.contains('\\')) { this->SetError(tr("Unable to add node with name '%1'. " "Names can not include a backslash character.") .arg(node_name)); return 0; } // Get node handle to the parent where the new node should be created hive_node_h parent_node; if(!this->GetNodeHandle(parent_node_path,&parent_node)) { this->SetError(tr("Unable to get node handle for '%1'!") .arg(parent_node_path)); return 0; } // Make sure there is no other node with same name QMap child_nodes=this->GetNodes(parent_node); - if(child_nodes.contains(node_name.toAscii())) { + if(child_nodes.contains(node_name.toLatin1())) { this->SetError(tr("The node '%1\\%2' already exists!") .arg(parent_node_path,node_name)); return 0; } // Add new node hive_node_h new_node=hivex_node_add_child(this->p_hive, parent_node, - node_name.toAscii().constData()); + node_name.toLatin1().constData()); if(new_node==0) { this->SetError(tr("Unable to create new node '%1\\%2'!") .arg(parent_node_path,node_name)); return 0; } this->has_changes_to_commit=true; return new_node; } /* * DeleteNode */ bool RegistryHive::DeleteNode(QString node_path) { if(!this->is_hive_writable) return false; // Get node handle to the node that should be deleted hive_node_h node; if(!this->GetNodeHandle(node_path,&node)) { this->SetError(tr("Unable to get node handle for '%1'!") .arg(node_path)); return false; } // Delete node if(hivex_node_delete_child(this->p_hive,node)==-1) { this->SetError(tr("Unable to delete node '%1'!") .arg(node_path)); return false; } this->has_changes_to_commit=true; return true; } /* * AddKey */ int RegistryHive::AddKey(QString parent_node_path, QString key_name, QString key_value_type, QByteArray key_value) { if(!this->is_hive_open || !this->is_hive_writable) { this->SetError(tr("Hive has not been opened or opened read-only!")); return false; } return this->SetKey(parent_node_path, key_name, key_value_type, key_value, true); } /* * UpdateKey */ int RegistryHive::UpdateKey(QString parent_node_path, QString key_name, QString key_value_type, QByteArray key_value) { if(!this->is_hive_open || !this->is_hive_writable) { this->SetError(tr("Hive has not been opened or opened read-only!")); return false; } return this->SetKey(parent_node_path, key_name, key_value_type, key_value, false); } /* * DeleteKey */ bool RegistryHive::DeleteKey(QString parent_node_path, QString key_name) { if(!this->is_hive_open || !this->is_hive_writable) { this->SetError(tr("Hive has not been opened or opened read-only!")); return false; } // libhivex offers no possibility to delete a single key :-( // As a work around, this function temporarly stores all keys of the specified // node, then deletes them all an re-creates all but the one that should be // deleted. // Get handle to parent node hive_node_h parent_node; if(!this->GetNodeHandle(parent_node_path,&parent_node)) { return false; } // Get all child keys hive_value_h *p_keys=hivex_node_values(this->p_hive,parent_node); if(p_keys==NULL) { this->SetError(tr("Unable to enumerate child keys for parent '%1'!") .arg(parent_node_path)); return false; } // Get all child key values except the one that should be deleted int i=0; char *p_name; int node_keys_count=0; hive_set_value *node_keys=NULL; #define FREE_NODE_KEYS() { \ for(int x=0;xp_hive,p_keys[i]); if(p_name==NULL) { this->SetError(tr("Unable to get key name for a child of '%1'!") .arg(parent_node_path)); return false; } if(QString(p_name)!=key_name) { // Current key is not the one that should be deleted, save it // Alloc mem for new hive_set_value struct in node_keys array node_keys=(hive_set_value*)realloc(node_keys, sizeof(hive_set_value)* (node_keys_count+1)); if(node_keys==NULL) { this->SetError(tr("Unable to alloc enough memory for all child keys!")); return false; } // Save key name in hive_set_value struct node_keys[node_keys_count].key=p_name; // Get key value, key value type and key value len and save to // hive_set_value struct node_keys[node_keys_count].value= hivex_value_value(this->p_hive, p_keys[i], &(node_keys[node_keys_count].t), &(node_keys[node_keys_count].len)); if(node_keys[node_keys_count].value==NULL) { this->SetError(tr("Unable to get value for key '%1'!").arg(p_name)); free(p_name); // Free all temporary stored keys FREE_NODE_KEYS(); return false; } node_keys_count++; } else { // Current key is to be deleted, ignore it free(p_name); } i++; } // Save all stored keys to hive, which will discard the one that should be // deleted if(hivex_node_set_values(this->p_hive, parent_node, node_keys_count, node_keys, 0)!=0) { this->SetError(tr("Unable to re-save all child keys! Please discard any " "changes you made and start over. No doing so might end " "in data loss!")); // Free all temporary stored keys FREE_NODE_KEYS(); return false; } // Free all temporary stored keys and return FREE_NODE_KEYS(); #undef FREE_NODE_KEYS this->has_changes_to_commit=true; return true; } /******************************************************************************* * Private ******************************************************************************/ /* * HivexError2String */ QString RegistryHive::HivexError2String(int error) { switch(error) { case ENOTSUP: return QString("Corrupt or unsupported Registry file format."); break; case HIVEX_NO_KEY: return QString("Missing root key."); break; case EINVAL: return QString("Passed an invalid argument to the function."); break; case EFAULT: return QString("Followed a Registry pointer which goes outside the " "registry or outside a registry block."); break; case ELOOP: return QString("Registry contains cycles."); break; case ERANGE: return QString("Field in the registry out of range."); break; case EEXIST: return QString("Registry key already exists."); break; case EROFS: return QString("Tried to write to a registry which is not opened for " "writing."); break; default: return QString("Unknown error."); } } /* * SetError */ void RegistryHive::SetError(QString msg) { this->erro_msg=msg; this->is_error=true; } /* * GetNodeHandle */ bool RegistryHive::GetNodeHandle(QString &path, hive_node_h *p_node) { QStringList nodes; int i=0; // Get root node handle *p_node=hivex_root(this->p_hive); if(*p_node==0) { this->SetError(tr("Unable to get root node!")); return false; } if(path!="\\") { // If we aren't listing the root node, we have to get a handle to the // last node in the path. Split path into nodes nodes=path.split('\\',QString::SkipEmptyParts); // Iterate to the correct parent node for(i=0;ip_hive, *p_node, - nodes.value(i).toAscii().constData()); + nodes.value(i).toLatin1().constData()); if(*p_node==0) { this->SetError(tr("Unable to find node '%1'!").arg(nodes.value(i))); return false; } } } return true; } /* * GetKeyHandle */ bool RegistryHive::GetKeyHandle(QString &parent_node_path, QString &key_name, hive_value_h *p_key) { // Get handle to parent node hive_node_h parent_node; if(!this->GetNodeHandle(parent_node_path,&parent_node)) { return false; } // Get handle to key *p_key=hivex_node_get_value(this->p_hive, parent_node, - key_name.toAscii().constData()); + key_name.toLatin1().constData()); if(*p_key==0) { this->SetError(tr("Unable to get handle to key '%1\\%2'!") .arg(parent_node_path,key_name)); return false; } return true; } /* * GetNodesHelper */ QMap RegistryHive::GetNodesHelper(hive_node_h parent_node) { QMap keys; char *p_name; int i=0; // Get child nodes hive_node_h *child_nodes=hivex_node_children(this->p_hive,parent_node); if(child_nodes==NULL) { this->SetError( tr("Unable to enumerate child nodes!")); return QMap(); } // Build result keys.clear(); i=0; while(child_nodes[i]) { p_name=hivex_node_name(this->p_hive,child_nodes[i]); if(p_name==NULL) { this->SetError(tr("Unable to get node name!")); free(child_nodes); return QMap(); } keys.insert(QString(p_name),(int)child_nodes[i]); free(p_name); i++; } free(child_nodes); return keys; } /* * GetKeysHelper */ QMap RegistryHive::GetKeysHelper(hive_node_h parent_node) { QMap keys; char *p_name; int i=0; // Get child keys hive_value_h *p_keys=hivex_node_values(this->p_hive,parent_node); if(p_keys==NULL) { this->SetError( tr("Unable to enumerate child keys!")); return QMap(); } // Build result list keys.clear(); i=0; while(p_keys[i]) { p_name=hivex_value_key(this->p_hive,p_keys[i]); if(p_name==NULL) { this->SetError(tr("Unable to get key name!")); return QMap(); } keys.insert(QString(p_name),p_keys[i]); free(p_name); i++; } free(p_keys); return keys; } /* * GetKeyValueHelper */ QByteArray RegistryHive::GetKeyValueHelper(hive_value_h hive_key, int *p_value_type, size_t *p_value_len) { QByteArray key_value; char *p_key_value; p_key_value=hivex_value_value(this->p_hive, hive_key, (hive_type*)p_value_type, p_value_len); if(p_key_value==NULL) { this->SetError(tr("Unable to get key value!")); *p_value_type=-1; return QByteArray(); } // Feed QByteArray and free p_key_value key_value=QByteArray(p_key_value,*p_value_len); free(p_key_value); return key_value; } /* * PathExists */ bool RegistryHive::PathExists(QString path) { bool ret; hive_node_h node; ret=this->GetNodeHandle(path,&node); if(!ret || this->Error()) { // Clear error and return false this->GetErrorMsg(); return false; } return true; } /* * SetKey */ int RegistryHive::SetKey(QString &parent_node_path, QString &key_name, QString &key_value_type, QByteArray &key_value, bool create_key) { // Get node handle to the node that holds the key to create/update hive_node_h parent_node; if(!this->GetNodeHandle(parent_node_path,&parent_node)) { return 0; } // Make sure key exists if we should update it if(!create_key) { hive_value_h temp_key=hivex_node_get_value(this->p_hive, parent_node, - key_name.toAscii().constData()); + key_name.toLatin1().constData()); if(temp_key==0) { this->SetError(tr("Inexisting key '%1\\%2' can't be updated!") .arg(parent_node_path,key_name)); return 0; } } // Create and populate hive_set_value structure hive_set_value key_val; - key_val.key=(char*)malloc((sizeof(char)*key_name.toAscii().count())+1); + key_val.key=(char*)malloc((sizeof(char)*key_name.toLatin1().count())+1); key_val.value=(char*)malloc(sizeof(char)*key_value.size()); if(key_val.key==NULL || key_val.value==NULL) { this->SetError(tr("Unable to alloc memory for hive_set_value struct!")); return 0; } - strcpy(key_val.key,key_name.toAscii().constData()); + strcpy(key_val.key,key_name.toLatin1().constData()); key_val.t=(hive_type)this->StringToKeyValueType(key_value_type); key_val.len=key_value.size(); memcpy(key_val.value,key_value.constData(),key_value.size()); // Create/Update key if(hivex_node_set_value(this->p_hive,parent_node,&key_val,0)!=0) { this->SetError(tr("Unable to update key '%1\\%2'!") .arg(parent_node_path,key_name)); return 0; } // Free the hive_set_value structure free(key_val.key); free(key_val.value); // To make sure everything worked, a hadle to the new key is now requeried // from hive and then returned hive_value_h key; if(!this->GetKeyHandle(parent_node_path,key_name,&key)) { return 0; } this->has_changes_to_commit=true; return key; } /* * FindUnicodeStringEnd */ int RegistryHive::FindUnicodeStringEnd(QByteArray data, int offset) { int end_pos; for(end_pos=offset;end_pos<(data.size()-1);end_pos+=2) { if(*((quint16*)(data.constData()+end_pos))==0) break; } return end_pos<(data.size()-1) ? end_pos : -1; } diff --git a/trunk/registrynodetree.cpp b/trunk/registrynodetree.cpp index 4503468..2c90eff 100644 --- a/trunk/registrynodetree.cpp +++ b/trunk/registrynodetree.cpp @@ -1,185 +1,185 @@ /******************************************************************************* * fred Copyright (c) 2011-2014 by Gillen Daniel * * * * Forensic Registry EDitor (fred) is a cross-platform M$ registry hive editor * * with special feautures useful during forensic analysis. * * * * This program is free software: you can redistribute it and/or modify it * * under the terms of the GNU General Public License as published by the Free * * Software Foundation, either version 3 of the License, or (at your option) * * any later version. * * * * This program is distributed in the hope that it will be useful, but WITHOUT * * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or * * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for * * more details. * * * * You should have received a copy of the GNU General Public License along with * * this program. If not, see . * *******************************************************************************/ #include #include #include #include #include "registrynodetree.h" #include "registrynodetreemodel.h" /******************************************************************************* * Public ******************************************************************************/ RegistryNodeTree::RegistryNodeTree(QWidget *p_parent) : QTreeView(p_parent) { this->is_writable=false; // Configure widget this->setTextElideMode(Qt::ElideNone); this->setSelectionMode(QAbstractItemView::SingleSelection); this->setSelectionBehavior(QAbstractItemView::SelectRows); this->sortByColumn(0,Qt::AscendingOrder); this->setSortingEnabled(true); // Create context menu items this->p_action_add_node=new QAction(tr("Add new node"),this); this->p_action_delete_node=new QAction(tr("Delete selected node"),this); this->p_menu_copy=new QMenu(tr("Copy"),this); this->p_action_copy_node_name= new QAction(tr("Selected node name"),this->p_menu_copy); this->p_menu_copy->addAction(this->p_action_copy_node_name); this->p_action_copy_node_path= new QAction(tr("Selected node path"),this->p_menu_copy); this->p_menu_copy->addAction(this->p_action_copy_node_path); // Connect context menu signals this->connect(this->p_action_add_node, SIGNAL(triggered()), this, SLOT(SlotAddNode())); this->connect(this->p_action_delete_node, SIGNAL(triggered()), this, SLOT(SlotDeleteNode())); this->connect(this->p_action_copy_node_name, SIGNAL(triggered()), this, SLOT(SlotCopyNodeName())); this->connect(this->p_action_copy_node_path, SIGNAL(triggered()), this, SLOT(SlotCopyNodePath())); } RegistryNodeTree::~RegistryNodeTree() { // Delete context menu delete this->p_action_copy_node_name; delete this->p_action_copy_node_path; delete this->p_menu_copy; delete this->p_action_delete_node; delete this->p_action_add_node; } void RegistryNodeTree::setModel(QAbstractItemModel *p_model, bool writable) { // Assign model to view QTreeView::setModel(p_model); - this->header()->setResizeMode(0,QHeaderView::ResizeToContents); + this->header()->setSectionResizeMode(QHeaderView::ResizeToContents); this->header()->setStretchLastSection(true); if(p_model!=NULL && p_model->index(0,0).isValid()) { // Select first tree item this->setCurrentIndex(p_model->index(0,0)); } // Set writable status this->SetWritable(writable); } void RegistryNodeTree::SetWritable(bool writable) { this->is_writable=writable; this->p_action_add_node->setEnabled(this->is_writable); this->p_action_delete_node->setEnabled(this->is_writable); } /******************************************************************************* * Protected ******************************************************************************/ void RegistryNodeTree::contextMenuEvent(QContextMenuEvent *p_event) { // Only show context menu when a node is selected if(this->selectedIndexes().count()!=2) return; // Only show context menu when user clicked on selected row if(this->indexAt(p_event->pos()).row()!=this->selectedIndexes().at(0).row()) return; // Emit a click signal emit(this->clicked(this->indexAt(p_event->pos()))); // Create context menu and add actions QMenu context_menu(this); context_menu.addAction(this->p_action_add_node); context_menu.addAction(this->p_action_delete_node); context_menu.addSeparator(); context_menu.addMenu(this->p_menu_copy); context_menu.exec(p_event->globalPos()); } void RegistryNodeTree::keyPressEvent(QKeyEvent *p_event) { // Only react if a node is selected and user pressed Key_Left if(this->selectedIndexes().count()==2 && p_event->key()==Qt::Key_Left) { QModelIndex cur_index=this->selectedIndexes().at(0); if(this->model()->hasChildren(cur_index) && this->isExpanded(cur_index)) { // Current node is expanded. Only collapse this one this->collapse(cur_index); return; } if(!cur_index.parent().isValid()) { // Do no try to collapse anything above root node return; } this->collapse(cur_index.parent()); this->setCurrentIndex(cur_index.parent()); return; } // If we didn't handle the key event, let our parent handle it QTreeView::keyPressEvent(p_event); } void RegistryNodeTree::currentChanged(const QModelIndex ¤t, const QModelIndex &previous) { // Call parent class's currentChanged first QTreeView::currentChanged(current,previous); // Now emit our signal QModelIndex current_item=QModelIndex(current); emit(RegistryNodeTree::CurrentItemChanged(current_item)); } /******************************************************************************* * Private slots ******************************************************************************/ void RegistryNodeTree::SlotAddNode() { emit(RegistryNodeTree::SignalAddNode(this->selectedIndexes().at(0))); } void RegistryNodeTree::SlotDeleteNode() { emit(RegistryNodeTree::SignalDeleteNode(this->selectedIndexes().at(0))); } void RegistryNodeTree::SlotCopyNodeName() { QApplication::clipboard()-> setText(this->selectedIndexes().at(0).data().toString(), QClipboard::Clipboard); } void RegistryNodeTree::SlotCopyNodePath() { QString path=((RegistryNodeTreeModel*)(this->model()))-> GetNodePath(this->selectedIndexes().at(0)); QApplication::clipboard()->setText(path,QClipboard::Clipboard); } diff --git a/trunk/reportengine.cpp b/trunk/reportengine.cpp index ca572a9..42e14c0 100644 --- a/trunk/reportengine.cpp +++ b/trunk/reportengine.cpp @@ -1,562 +1,562 @@ /******************************************************************************* * fred Copyright (c) 2011-2014 by Gillen Daniel * * * * Forensic Registry EDitor (fred) is a cross-platform M$ registry hive editor * * with special feautures useful during forensic analysis. * * * * This program is free software: you can redistribute it and/or modify it * * under the terms of the GNU General Public License as published by the Free * * Software Foundation, either version 3 of the License, or (at your option) * * any later version. * * * * This program is distributed in the hope that it will be useful, but WITHOUT * * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or * * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for * * more details. * * * * You should have received a copy of the GNU General Public License along with * * this program. If not, see . * *******************************************************************************/ #include #include #include #include #include #include "reportengine.h" /******************************************************************************* * Public ******************************************************************************/ ReportEngine::ReportEngine(RegistryHive *p_hive) : QScriptEngine() { // Init vars this->p_registry_hive=p_hive; this->report_content=""; // Add our constants this->globalObject().setProperty("ENGINE_API_VERSION", FRED_REPORTENGINE_API_VERSION, QScriptValue::ReadOnly| QScriptValue::Undeletable); /* this->globalObject().setProperty("HIVE_FILE", this->p_registry_hive->Filename(), QScriptValue::ReadOnly| QScriptValue::Undeletable); */ // Add our types to engine qScriptRegisterMetaType(this, this->RegistryKeyValueToScript, this->RegistryKeyValueFromScript); this->p_type_byte_array=new ByteArray(this); this->globalObject().setProperty("ByteArray", this->p_type_byte_array->constructor()); // TODO: Is it really necessary to explicitly export these functions // here ?????????? // Add our functions // print QScriptValue func_print=this->newFunction(this->Print); this->globalObject().setProperty("print",func_print); // println QScriptValue func_println=this->newFunction(this->PrintLn); this->globalObject().setProperty("println",func_println); // RegistryKeyValueToString QScriptValue func_value_to_string= this->newFunction(this->RegistryKeyValueToString,2); this->globalObject().setProperty("RegistryKeyValueToString", func_value_to_string); // RegistryKeyValueToVariant QScriptValue func_value_to_variant= this->newFunction(this->RegistryKeyValueToVariant); this->globalObject().setProperty("RegistryKeyValueToVariant", func_value_to_variant); // RegistryKeyValueToStringList QScriptValue func_value_to_string_list= this->newFunction(this->RegistryKeyValueToStringList); this->globalObject().setProperty("RegistryKeyValueToStringList", func_value_to_string_list); // RegistryKeyTypeToString QScriptValue func_type_to_string= this->newFunction(this->RegistryKeyTypeToString,1); this->globalObject().setProperty("RegistryKeyTypeToString", func_type_to_string); } ReportEngine::~ReportEngine() { delete this->p_type_byte_array; } /* * GetReportTemplateInfo */ QMap ReportEngine::GetReportTemplateInfo(QString file) { // Read template file QString report_code; if(!this->GetReportTemplateFileContents(file,report_code)) { QMap error_msg; error_msg["error"]=report_code; return error_msg; } // Evaluate report template script QScriptValue report_result=this->evaluate(report_code,file); if (report_result.isError() || this->hasUncaughtException()) { QMap error_msg; error_msg["error"]=QString("File: %1\n Line: %2\nError: %3") .arg(file) .arg(report_result.property("lineNumber").toInt32()) .arg(report_result.toString()); return error_msg; } // Try to call the fred_report_info script function and return result QScriptValue fred_report_info_func= this->globalObject().property("fred_report_info"); if(!fred_report_info_func.isFunction()) { QMap error_msg; error_msg["error"]= QString("Report template '%1' does not have a fred_report_info function!") .arg(file) .arg(report_result.property("lineNumber").toInt32()) .arg(report_result.toString()); return error_msg; } QScriptValue fred_report_info_res=fred_report_info_func.call(); // TODO: Maybe do more checking on return value return fred_report_info_res.toVariant().toMap(); } /* * GenerateReport */ bool ReportEngine::GenerateReport(RegistryHive *p_hive, QString report_file, QString &report_result, bool console_mode) { // TODO: Support or remove console_mode Q_UNUSED(console_mode); // Clear internal buffer this->report_content.clear(); // Update exported functions this->UpdateExportedFunctions(p_hive); // Read template file QString report_code; if(!this->GetReportTemplateFileContents(report_file,report_code)) { report_result=report_code; return false; } // Evaluate report template script QScriptValue script_result=this->evaluate(report_code,report_file); if (script_result.isError() || this->hasUncaughtException()) { script_result=QString("File: %1\n Line: %2\nError: %3") .arg(report_file) .arg(script_result.property("lineNumber").toInt32()) .arg(script_result.toString()); return false; } // Try to call the fred_report_html script function and return result QScriptValue fred_report_html_func= this->globalObject().property("fred_report_html"); if(!fred_report_html_func.isFunction()) { report_result= QString("Report template '%1' does not have a fred_report_info function!") .arg(report_file) .arg(script_result.property("lineNumber").toInt32()) .arg(script_result.toString()); return false; } QScriptValue fred_report_html_res=fred_report_html_func.call(); // TODO: Maybe do more checking on return value report_result=this->report_content; return true; } /******************************************************************************* * Public Slots ******************************************************************************/ /******************************************************************************* * Private ******************************************************************************/ /* * Print */ QScriptValue ReportEngine::Print(QScriptContext *context, QScriptEngine *engine) { int i; QString content; // Append all arguments to content for(i=0;iargumentCount();++i) { //if(i>0) content.append(" "); content.append(context->argument(i).toString()); } qobject_cast(engine)->report_content.append(content); return engine->undefinedValue(); } /* * PrintLn */ QScriptValue ReportEngine::PrintLn(QScriptContext *context, QScriptEngine *engine) { int i; QString content; // Append all arguments to content for(i=0;iargumentCount();++i) { //if(i>0) content.append(" "); content.append(context->argument(i).toString()); } qobject_cast(engine)-> report_content.append(content).append("\n"); return engine->undefinedValue(); } /* * GetRegistryNodes */ QScriptValue ReportEngine::GetRegistryNodes(QScriptContext *context, QScriptEngine *engine) { QScriptValue calleeData; RegistryHive *p_hive; QMap nodes; QScriptValue ret_nodes; int ii=0; // This function needs one argument, parent node path if(context->argumentCount()!=1) return engine->undefinedValue(); // Get calle data (Pointer to RegistryHive class) calleeData=context->callee().data(); p_hive=qobject_cast(calleeData.toQObject()); // Get nodes nodes=p_hive->GetNodes(context->argument(0).toString()); if(p_hive->Error()) { // Clear error state p_hive->GetErrorMsg(); return engine->undefinedValue(); } // Build script array ret_nodes=engine->newArray(nodes.count()); QMapIterator i(nodes); while(i.hasNext()) { i.next(); ret_nodes.setProperty(ii++,QScriptValue(i.key())); } return ret_nodes; } /* * GetRegistryKeys */ QScriptValue ReportEngine::GetRegistryKeys(QScriptContext *context, QScriptEngine *engine) { QScriptValue calleeData; RegistryHive *p_hive; QMap keys; QScriptValue ret_keys; int ii=0; // This function needs one argument, parent node path if(context->argumentCount()!=1) return engine->undefinedValue(); // Get calle data (Pointer to RegistryHive class) calleeData=context->callee().data(); p_hive=qobject_cast(calleeData.toQObject()); // Get keys keys=p_hive->GetKeys(context->argument(0).toString()); if(p_hive->Error()) { // Clear error state p_hive->GetErrorMsg(); return engine->undefinedValue(); } // Build script array ret_keys=engine->newArray(keys.count()); QMapIterator i(keys); while(i.hasNext()) { i.next(); ret_keys.setProperty(ii++,QScriptValue(i.key())); } return ret_keys; } /* * RegistryKeyValueToScript */ QScriptValue ReportEngine::RegistryKeyValueToScript(QScriptEngine *engine, const s_RegistryKeyValue &s) { QScriptValue obj=engine->newObject(); obj.setProperty("type",s.type); obj.setProperty("length",s.length); ByteArray *p_byte_array=new ByteArray(engine); obj.setProperty("value",p_byte_array->newInstance(s.value)); return obj; } /* * RegistryKeyValueFromScriptValue */ void ReportEngine::RegistryKeyValueFromScript(const QScriptValue &obj, s_RegistryKeyValue &s) { s.type=obj.property("type").toInt32(); s.length=obj.property("length").toInt32(); s.value=qvariant_cast(obj.property("value").data().toVariant()); } /* * GetRegistryKeyValue */ QScriptValue ReportEngine::GetRegistryKeyValue(QScriptContext *context, QScriptEngine *engine) { QScriptValue calleeData; RegistryHive *p_hive; QByteArray key_value; int key_type=0; size_t key_length=0; s_RegistryKeyValue script_key_value; // This function needs two arguments, key path and key name if(context->argumentCount()!=2) return engine->undefinedValue(); // Get calle data (Pointer to RegistryHive class) calleeData=context->callee().data(); p_hive=qobject_cast(calleeData.toQObject()); // Get key value key_value=p_hive->GetKeyValue(context->argument(0).toString(), context->argument(1).toString(), &key_type, &key_length); if(p_hive->Error()) { // Get error message to clear error state p_hive->GetErrorMsg(); -// printf("\nError: %s\n",p_hive->GetErrorMsg().toAscii().constData()); +// printf("\nError: %s\n",p_hive->GetErrorMsg().toLatin1().constData()); return engine->undefinedValue(); } // Save key value to s_RegistryKeyValue struct script_key_value.type=key_type; script_key_value.length=key_length; script_key_value.value=key_value; return ReportEngine::RegistryKeyValueToScript(engine,script_key_value); } /* * RegistryKeyValueToString */ QScriptValue ReportEngine::RegistryKeyValueToString(QScriptContext *context, QScriptEngine *engine) { QByteArray key_value; QString ret=""; // This function needs two arguments, key value and value type if(context->argumentCount()!=2) return engine->undefinedValue(); // Cast ByteArray argument to QByteArray and convert key_value=qvariant_cast(context->argument(0).data().toVariant()); ret=RegistryHive::KeyValueToString(key_value, context->argument(1).toInt32()); return engine->newVariant(ret); } /* * RegistryKeyValueToVariant */ QScriptValue ReportEngine::RegistryKeyValueToVariant(QScriptContext *context, QScriptEngine *engine) { int offset=0; int length=-1; bool little_endian=true; QByteArray key_value; QString format=""; QString ret=""; // This function needs at least two arguments, key value and variant type, // and may have three optional arguments, offset, length and little_endian if(context->argumentCount()<2 || context->argumentCount()>5) { return engine->undefinedValue(); } if(context->argumentCount()==3) { offset=context->argument(2).toInt32(); } if(context->argumentCount()==4) { offset=context->argument(2).toInt32(); length=context->argument(3).toInt32(); } if(context->argumentCount()==5) { offset=context->argument(2).toInt32(); length=context->argument(3).toInt32(); little_endian=(context->argument(4).toInt32()==1); } // Cast ByteArray argument to QByteArray key_value=qvariant_cast(context->argument(0).data().toVariant()); format=context->argument(1).toString(); ret=RegistryHive::KeyValueToString(key_value,format,offset,length,little_endian); return engine->newVariant(ret); } /* * RegistryKeyValueToStringList */ QScriptValue ReportEngine::RegistryKeyValueToStringList(QScriptContext *context, QScriptEngine *engine) { QByteArray value; QStringList strings; QScriptValue ret; int i=0; bool little_endian=true; // This function needs one arguments, key value, and may have a second // specifying endianness if(context->argumentCount()==0 || context->argumentCount()>2) return engine->undefinedValue(); if(context->argumentCount()==2) { little_endian=context->argument(2).toBool(); } // Cast ByteArray argument to QByteArray and convert value=qvariant_cast(context->argument(0).data().toVariant()); strings=RegistryHive::KeyValueToStringList(value,little_endian); // Build script array ret=engine->newArray(strings.count()); QListIterator str_it(strings); while(str_it.hasNext()) { ret.setProperty(i++,QScriptValue(str_it.next())); } return ret; } /* * RegistryKeyTypeToString */ QScriptValue ReportEngine::RegistryKeyTypeToString(QScriptContext *context, QScriptEngine *engine) { QString ret=""; // This function needs one argument, key type if(context->argumentCount()!=1) return engine->undefinedValue(); ret=RegistryHive::KeyValueTypeToString(context->argument(0).toInt32()); return engine->newVariant(ret); } /* * GetRegistryNodeModTime */ QScriptValue ReportEngine::GetRegistryNodeModTime(QScriptContext *context, QScriptEngine *engine) { QScriptValue calleeData; RegistryHive *p_hive; qint64 mod_time=0; // This function needs one argument, node path if(context->argumentCount()!=1) return engine->undefinedValue(); // Get calle data (Pointer to RegistryHive class) calleeData=context->callee().data(); p_hive=qobject_cast(calleeData.toQObject()); mod_time=p_hive->GetNodeModTime(context->argument(0).toString()); if(p_hive->Error()) { // Get error message to clear error state p_hive->GetErrorMsg(); return engine->undefinedValue(); } QDateTime date_time; date_time.setTimeSpec(Qt::UTC); date_time.setTime_t(RegistryHive::FiletimeToUnixtime(mod_time)); return engine->newVariant(date_time.toString("yyyy/MM/dd hh:mm:ss")); } /* * GetReportTemplateFileContents */ bool ReportEngine::GetReportTemplateFileContents(QString file, QString &contents) { // Open report template file QFile template_file(file); if(!template_file.open(QIODevice::ReadOnly | QIODevice::Text)) { contents=QString("Couldn't open report template file '%1'!").arg(file); return false; } // Read template file and close it contents.clear(); QTextStream in(&template_file); while(!in.atEnd()) contents.append(in.readLine()).append("\n"); template_file.close(); return true; } /* * UpdateExportedFunctions */ void ReportEngine::UpdateExportedFunctions(RegistryHive *p_hive) { this->p_registry_hive=p_hive; // GetRegistryNodes QScriptValue func_get_nodes=this->newFunction(this->GetRegistryNodes,1); func_get_nodes.setData(this->newQObject(this->p_registry_hive)); this->globalObject().setProperty("GetRegistryNodes",func_get_nodes); // GetRegistryKeys QScriptValue func_get_keys=this->newFunction(this->GetRegistryKeys,1); func_get_keys.setData(this->newQObject(this->p_registry_hive)); this->globalObject().setProperty("GetRegistryKeys",func_get_keys); // GetRegistryKeyValue QScriptValue func_get_key_value=this->newFunction(this->GetRegistryKeyValue, 2); func_get_key_value.setData(this->newQObject(this->p_registry_hive)); this->globalObject().setProperty("GetRegistryKeyValue",func_get_key_value); // GetRegistryNodeModTime QScriptValue func_get_node_modt= this->newFunction(this->GetRegistryNodeModTime,1); func_get_node_modt.setData(this->newQObject(this->p_registry_hive)); this->globalObject().setProperty("GetRegistryNodeModTime",func_get_node_modt); } diff --git a/trunk/threadsearch.cpp b/trunk/threadsearch.cpp index b0a2657..c88222b 100644 --- a/trunk/threadsearch.cpp +++ b/trunk/threadsearch.cpp @@ -1,195 +1,195 @@ /******************************************************************************* * fred Copyright (c) 2011-2014 by Gillen Daniel * * * * Forensic Registry EDitor (fred) is a cross-platform M$ registry hive editor * * with special feautures useful during forensic analysis. * * * * This program is free software: you can redistribute it and/or modify it * * under the terms of the GNU General Public License as published by the Free * * Software Foundation, either version 3 of the License, or (at your option) * * any later version. * * * * This program is distributed in the hope that it will be useful, but WITHOUT * * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or * * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for * * more details. * * * * You should have received a copy of the GNU General Public License along with * * this program. If not, see . * *******************************************************************************/ #include #include #include "threadsearch.h" #include "registryhive.h" ThreadSearch::ThreadSearch(QObject *p_parent) : QThread(p_parent) { this->hive_file=""; this->h_hive=NULL; this->keywords=QList(); this->search_nodes=false; this->search_keys=false; this->search_values=false; this->root_node=0; // Register meta types to be used in signals qRegisterMetaType("ThreadSearch::eMatchType"); } bool ThreadSearch::Search(QString registry_hive, QList search_keywords, bool search_node_names, bool search_key_names, bool search_key_values, QString search_path) { this->hive_file=registry_hive; this->keywords=search_keywords; this->search_nodes=search_node_names; this->search_keys=search_key_names; this->search_values=search_key_values; this->root_path=search_path=="\\" ? "" : search_path; // Try to open hive - this->h_hive=hivex_open(this->hive_file.toAscii().constData(),0); + this->h_hive=hivex_open(this->hive_file.toLatin1().constData(),0); if(this->h_hive==NULL) return false; // Get root node this->root_node=hivex_root(this->h_hive); if(this->root_node==0) { hivex_close(this->h_hive); return false; } // If a root path was specified, iterate to it if(this->root_path!="") { QStringList path_nodes=search_path.split("\\",QString::SkipEmptyParts); int i; for(i=0;iroot_node=hivex_node_get_child(this->h_hive, this->root_node, - path_nodes.at(i).toAscii().constData()); + path_nodes.at(i).toLatin1().constData()); if(this->root_node==0) { hivex_close(this->h_hive); return false; } } } this->start(); return true; } void ThreadSearch::run() { this->Match(); hivex_close(this->h_hive); } void ThreadSearch::Match(QString path, hive_node_h node) { char *p_node_name; int i,ii; hive_node_h *p_node_childs; QByteArray *p_byte_array; if(node!=0) { p_node_name=hivex_node_name(this->h_hive,node); if(p_node_name==NULL) return; if(this->search_nodes) { // Compare node name to keywords p_byte_array=new QByteArray(p_node_name); for(i=0;ikeywords.count();i++) { if(p_byte_array->indexOf(this->keywords.at(i))!=-1) { emit(SignalFoundMatch(ThreadSearch::eMatchType_NodeName, path, QString(p_node_name), QString())); break; } } delete p_byte_array; } if(this->search_keys || this->search_values) { // Get key,value pairs for current node hive_value_h *p_keys=hivex_node_values(this->h_hive,node); if(p_keys==NULL) { delete p_node_name; return; } if(this->search_keys) { // Compare key names to keywords char *p_keyname; for(i=0;p_keys[i];i++) { p_keyname=hivex_value_key(this->h_hive,p_keys[i]); if(p_keyname==NULL) continue; p_byte_array=new QByteArray(p_keyname); for(ii=0;iikeywords.count();ii++) { if(p_byte_array->indexOf(this->keywords.at(ii))!=-1) { emit(SignalFoundMatch(ThreadSearch::eMatchType_KeyName, path+"\\"+p_node_name, strlen(p_keyname)==0 ? QString("(default)") : QString(p_keyname), QString())); break; } } delete p_byte_array; delete p_keyname; } } if(this->search_values) { // Compare key values to keywords char *p_value; hive_type val_type; size_t val_len; for(i=0;p_keys[i];i++) { p_value=hivex_value_value(this->h_hive,p_keys[i],&val_type,&val_len); if(p_value==NULL) continue; p_byte_array=new QByteArray(p_value,val_len); for(ii=0;iikeywords.count();ii++) { if(p_byte_array->indexOf(this->keywords.at(ii))!=-1) { char *p_keyname=hivex_value_key(this->h_hive,p_keys[i]); if(p_keyname==NULL) continue; emit(SignalFoundMatch(ThreadSearch::eMatchType_KeyValue, path+"\\"+p_node_name, strlen(p_keyname)==0 ? QString("(default)") : QString(p_keyname), RegistryHive::KeyValueToString(*p_byte_array,val_type))); delete p_keyname; break; } } delete p_byte_array; delete p_value; } } delete p_keys; } // Search in subnodes p_node_childs=hivex_node_children(this->h_hive,node); if(p_node_childs!=NULL) { i=0; while(p_node_childs[i]) { this->Match(path+"\\"+p_node_name,p_node_childs[i]); i++; } delete p_node_childs; } delete p_node_name; } else { p_node_childs=hivex_node_children(this->h_hive,this->root_node); if(p_node_childs!=NULL) { i=0; while(p_node_childs[i]) { this->Match(this->root_path,p_node_childs[i]); i++; } delete p_node_childs; } } }