");
+ println(" ");
+ println(" ");
+ PrintTableHeaderCell("Name");
+ PrintTableHeaderCell("Directory(ies) / File(s)");
+ println("
");
for(var i=0;i");
- println(" ",values[i]," | ");
- println(" ");
var strings=RegistryKeyValueToStringList(val.value);
- for(var ii=0;ii");
+ if(strings.length>1) {
+ println(" | ");
+ PrintTableDataRowSpanCell("left",strings.length,values[i]);
+ PrintTableDataCell("left",strings[0]);
+ println("
");
+ for(var ii=1;ii");
+ PrintTableDataCell("left",strings[ii]);
+ println(" ");
+ }
+ } else {
+ println(" ");
+ PrintTableDataCell("left",values[i]);
+ PrintTableDataCell("left",strings.length!=0 ? strings[0] : "");
+ println("
");
}
- println(" ");
- println(" ");
}
}
println("
");
println(" ");
} else {
- println(" None");
+ println(" ");
+ println(" None");
+ println("
");
}
}
function fred_report_html() {
var val;
println(" Backup / Restore settings
");
// Get current controlset
var cur_controlset=GetRegistryKeyValue("\\Select","Current");
if(IsValid(cur_controlset)) {
cur_controlset=RegistryKeyValueToString(cur_controlset.value,cur_controlset.type);
// Current holds a DWORD value, thus we get a string like 0x00000000, but
// control sets are referenced only with the last 3 digits.
cur_controlset="ControlSet"+String(cur_controlset).substr(7,3);
- println(" Directories / files not to back up in Volume Shadow Copies");
+ println(" ");
+ println(" Directories / files not to back up in Volume Shadow Copies");
+ println("
");
ListValues(cur_controlset+"\\Control\\BackupRestore\\FilesNotToSnapshot");
- println(" Directories / files not to back up or restore by backup apps");
+ println(" ");
+ println(" Directories / files not to back up or restore by backup apps");
+ println("
");
ListValues(cur_controlset+"\\Control\\BackupRestore\\FilesNotToBackup");
- println(" Registry nodes or values not to restore by backup apps");
+ println(" ");
+ println(" Registry nodes or values not to restore by backup apps");
+ println("
");
ListValues(cur_controlset+"\\Control\\BackupRestore\\KeysNotToRestore");
} else {
println(" ");
println(" Unable to determine current control set!
");
println(" Are you sure you are running this report against the correct registry hive?");
println("
");
}
}
diff --git a/trunk/report_templates/SYSTEM_CurrentNetworkSettings.qs b/trunk/report_templates/SYSTEM_CurrentNetworkSettings.qs
index 6a0a940..19eea09 100644
--- a/trunk/report_templates/SYSTEM_CurrentNetworkSettings.qs
+++ b/trunk/report_templates/SYSTEM_CurrentNetworkSettings.qs
@@ -1,136 +1,169 @@
function fred_report_info() {
var info={report_cat : "SYSTEM",
report_name : "Current network settings",
report_author : "Gillen Daniel",
report_desc : "Dump current network settings",
fred_api : 2,
hive : "SYSTEM"
};
return info;
}
+var table_style = "border-collapse:collapse; margin-left:20px; font-family:arial; font-size:12";
+var cell_style = "border:1px solid #888888; padding:5; white-space:nowrap;";
+
function IsValid(val) {
- if(typeof val !== 'undefined') return true;
- else return false;
+ return (typeof val!=='undefined');
+}
+
+function PrintTableHeaderCell(str) {
+ println(" ",str," | ");
}
-function print_table_row(cell01,cell02) {
- println(" | ",cell01," | ",cell02," |
");
+function PrintTableDataCell(alignment,str) {
+ var style=cell_style+" text-align:"+alignment+";";
+ println(" ",str," | ");
}
function ZeroPad(number,padlen) {
var ret=number.toString(10);
if(!padlen || ret.length>=padlen) return ret;
return Math.pow(10,padlen-ret.length).toString().slice(1)+ret;
}
function fred_report_html() {
// See Appendix A: TCP/IP Configuration Parameters:
// http://technet.microsoft.com/de-de/library/cc739819%28v=WS.10%29.aspx
var val;
println(" Current network settings (Tcp/Ip)
");
// Get current controlset
var cur_controlset=GetRegistryKeyValue("\\Select","Current");
if(IsValid(cur_controlset)) {
cur_controlset=RegistryKeyValueToString(cur_controlset.value,cur_controlset.type);
// Current holds a DWORD value, thus we get a string like 0x00000000, but
// control sets are referenced by its decimal representation.
cur_controlset="ControlSet"+ZeroPad(parseInt(String(cur_controlset).substr(2,8),16),3)
- println(" ");
- println("
");
- print_table_row("Active control set:",cur_controlset);
-
// Computer name
val=GetRegistryKeyValue(cur_controlset+"\\Control\\ComputerName\\ComputerName","ComputerName");
- print_table_row("Computer name:",(IsValid(val)) ? RegistryKeyValueToString(val.value,val.type) : "");
+ println(" ");
+ println("
");
+ println(" | Active control set: | ",cur_controlset," |
");
+ println(" | Computer name: | ",(IsValid(val)) ? RegistryKeyValueToString(val.value,val.type) : ""," |
");
println("
");
println("
");
+ println(" ");
+ println(" ");
+ PrintTableHeaderCell("Adapter");
+ PrintTableHeaderCell("Configuration");
+ PrintTableHeaderCell("IP address");
+ PrintTableHeaderCell("Subnet mask");
+ PrintTableHeaderCell("Nameserver(s)");
+ PrintTableHeaderCell("Domain");
+ PrintTableHeaderCell("Default gateway");
+ PrintTableHeaderCell("DHCP server");
+ PrintTableHeaderCell("DHCP lease optained");
+ PrintTableHeaderCell("DHCP lease terminates");
+ println("
");
// Iterate over all available network adapters
var adapters=GetRegistryNodes(cur_controlset+"\\Services\\Tcpip\\Parameters\\Adapters");
for(var i=0;i",RegistryKeyValueToString(val.value,val.type),"");
- } else {
- println(" ",adapters[i],"");
- }
+ var adapter_name=IsValid(val) ? RegistryKeyValueToString(val.value,val.type) : adapters[i];
// Get settings node
- var adapter_settings_node=GetRegistryKeyValue(cur_controlset+"\\Services\\Tcpip\\Parameters\\Adapters\\"+adapters[i],"IpConfig");
- adapter_settings_node=RegistryKeyValueToVariant(adapter_settings_node.value,"utf16",0);
-
- println(" ");
- //print_table_row("Adapter id:",adapters[i]);
+ val=GetRegistryKeyValue(cur_controlset+"\\Services\\Tcpip\\Parameters\\Adapters\\"+adapters[i],"IpConfig");
+ var adapter_settings_node=RegistryKeyValueToVariant(val.value,"utf16",0);
// Get configuration mode
val=GetRegistryKeyValue(cur_controlset+"\\Services\\"+adapter_settings_node,"EnableDHCP");
- val=Number(RegistryKeyValueToString(val.value,val.type));
- if(val) {
- // DHCP enabled
- print_table_row("Configuration mode:","DHCP");
+ var dhcp_enabled=Number(RegistryKeyValueToString(val.value,val.type));
+
+ var ip_address="";
+ var subnet_mask="";
+ var nameservers="";
+ var domain="";
+ var default_gateway="";
+ var dhcp_server="";
+ var lease_obtained="";
+ var lease_terminates="";
+
+ if(dhcp_enabled) {
// DHCP server
val=GetRegistryKeyValue(cur_controlset+"\\Services\\"+adapter_settings_node,"DhcpServer");
- print_table_row("Last used DHCP server:",(IsValid(val)) ? RegistryKeyValueToString(val.value,val.type) : "");
+ dhcp_server=(IsValid(val)) ? RegistryKeyValueToString(val.value,val.type) : "";
// IP address
val=GetRegistryKeyValue(cur_controlset+"\\Services\\"+adapter_settings_node,"DhcpIPAddress");
- print_table_row("IP address:",(IsValid(val)) ? RegistryKeyValueToString(val.value,val.type) : "");
+ ip_address=(IsValid(val)) ? RegistryKeyValueToString(val.value,val.type) : "";
// Subnet mask
val=GetRegistryKeyValue(cur_controlset+"\\Services\\"+adapter_settings_node,"DhcpSubnetMask");
- print_table_row("Subnet mask:",(IsValid(val)) ? RegistryKeyValueToString(val.value,val.type) : "");
+ subnet_mask=(IsValid(val)) ? RegistryKeyValueToString(val.value,val.type) : "";
// Nameserver(s)
val=GetRegistryKeyValue(cur_controlset+"\\Services\\"+adapter_settings_node,"DhcpNameServer");
- print_table_row("Nameserver(s):",(IsValid(val)) ? RegistryKeyValueToString(val.value,val.type) : "");
+ nameservers=(IsValid(val)) ? RegistryKeyValueToString(val.value,val.type) : "";
// Domain
val=GetRegistryKeyValue(cur_controlset+"\\Services\\"+adapter_settings_node,"DhcpDomain");
- print_table_row("Domain:",(IsValid(val)) ? RegistryKeyValueToString(val.value,val.type) : "");
+ domain=(IsValid(val)) ? RegistryKeyValueToString(val.value,val.type) : "";
// Default gw
val=GetRegistryKeyValue(cur_controlset+"\\Services\\"+adapter_settings_node,"DhcpDefaultGateway");
- print_table_row("Default gateway:",(IsValid(val)) ? RegistryKeyValueToVariant(val.value,"utf16",0) : "");
+ default_gateway=(IsValid(val)) ? RegistryKeyValueToVariant(val.value,"utf16",0) : "";
// Lease obtained
val=GetRegistryKeyValue(cur_controlset+"\\Services\\"+adapter_settings_node,"LeaseObtainedTime");
- print_table_row("Lease obtained:",(IsValid(val)) ? RegistryKeyValueToVariant(val.value,"unixtime",0) : "");
+ lease_obtained=(IsValid(val)) ? RegistryKeyValueToVariant(val.value,"unixtime",0) : "";
// Lease valid until
val=GetRegistryKeyValue(cur_controlset+"\\Services\\"+adapter_settings_node,"LeaseTerminatesTime");
- print_table_row("Lease terminates:",(IsValid(val)) ? RegistryKeyValueToVariant(val.value,"unixtime",0) : "");
+ lease_terminates=(IsValid(val)) ? RegistryKeyValueToVariant(val.value,"unixtime",0) : "";
} else {
- print_table_row("Configuration mode:","Manual");
// IP address
val=GetRegistryKeyValue(cur_controlset+"\\Services\\"+adapter_settings_node,"IPAddress");
- print_table_row("IP address:",(IsValid(val)) ? RegistryKeyValueToVariant(val.value,"utf16",0) : "");
+ ip_address=(IsValid(val)) ? RegistryKeyValueToVariant(val.value,"utf16",0) : "";
// Subnet mask
val=GetRegistryKeyValue(cur_controlset+"\\Services\\"+adapter_settings_node,"SubnetMask");
- print_table_row("Subnet mask:",(IsValid(val)) ? RegistryKeyValueToVariant(val.value,"utf16",0) : "");
+ subnet_mask=(IsValid(val)) ? RegistryKeyValueToVariant(val.value,"utf16",0) : "";
// Nameserver
val=GetRegistryKeyValue(cur_controlset+"\\Services\\"+adapter_settings_node,"NameServer");
- print_table_row("Nameserver:",(IsValid(val)) ? RegistryKeyValueToVariant(val.value,"utf16",0) : "");
+ nameservers=(IsValid(val)) ? RegistryKeyValueToVariant(val.value,"utf16",0) : "";
// Domain
val=GetRegistryKeyValue(cur_controlset+"\\Services\\"+adapter_settings_node,"Domain");
- print_table_row("Domain:",(IsValid(val)) ? RegistryKeyValueToString(val.value,val.type) : "");
+ domain=(IsValid(val)) ? RegistryKeyValueToString(val.value,val.type) : "";
// Default gw
val=GetRegistryKeyValue(cur_controlset+"\\Services\\"+adapter_settings_node,"DefaultGateway");
- print_table_row("Default gateway:",(IsValid(val)) ? RegistryKeyValueToVariant(val.value,"utf16",0) : "");
+ default_gateway=(IsValid(val)) ? RegistryKeyValueToVariant(val.value,"utf16",0) : "";
+ dhcp_server="n/a";
+ lease_obtained="n/a";
+ lease_terminates="n/a";
}
- // TODO: Check for EnableSecurityFilters, TCPAllowedPorts and UDPAllowedPorts to get firewall status.
+ println(" ");
+ PrintTableDataCell("left",adapter_name);
+ PrintTableDataCell("left",dhcp_enabled ? "DHCP" : "Static");
+ PrintTableDataCell("left",ip_address);
+ PrintTableDataCell("left",subnet_mask);
+ PrintTableDataCell("left",nameservers);
+ PrintTableDataCell("left",domain);
+ PrintTableDataCell("left",default_gateway);
+ PrintTableDataCell("left",dhcp_server);
+ PrintTableDataCell("left",lease_obtained);
+ PrintTableDataCell("left",lease_terminates);
+ println("
");
- println("
");
- println("
");
+ // TODO: Check for EnableSecurityFilters, TCPAllowedPorts and UDPAllowedPorts to get firewall status.
// TODO: Get persistent routes from \ControlSet001\Services\Tcpip\Parameters\PersistentRoutes
}
+ println("
");
println(" ");
} else {
println(" ");
println(" Unable to determine current control set!
");
println(" Are you sure you are running this report against the correct registry hive?");
println("
");
}
}
diff --git a/trunk/report_templates/SYSTEM_Services.qs b/trunk/report_templates/SYSTEM_Services.qs
index 64c2748..408ed29 100644
--- a/trunk/report_templates/SYSTEM_Services.qs
+++ b/trunk/report_templates/SYSTEM_Services.qs
@@ -1,106 +1,131 @@
function fred_report_info() {
var info={report_cat : "SYSTEM",
report_name : "Services",
report_author : "Gillen Daniel",
report_desc : "Dump services",
fred_api : 2,
hive : "SYSTEM"
};
return info;
}
+var table_style = "border-collapse:collapse; margin-left:20px; font-family:arial; font-size:12";
+var cell_style = "border:1px solid #888888; padding:5; white-space:nowrap;";
+
function IsValid(val) {
- if(typeof val !== 'undefined') return true;
- else return false;
+ return (typeof val!=='undefined');
+}
+
+function PrintTableHeaderCell(str) {
+ println(" ",str," | ");
+}
+
+function PrintTableDataCell(alignment,str) {
+ var style=cell_style+" text-align:"+alignment+";";
+ println(" ",str," | ");
}
function ZeroPad(number,padlen) {
var ret=number.toString(10);
if(!padlen || ret.length>=padlen) return ret;
return Math.pow(10,padlen-ret.length).toString().slice(1)+ret;
}
function PrintTableRow(cell01,cell02,cell03,cell04,cell05) {
- println(" | ",cell01," | ",cell02," | ",cell03," | ",cell04," | ",cell05," |
");
+ println(" ");
+ PrintTableDataCell("left",cell01);
+ PrintTableDataCell("left",cell02);
+ PrintTableDataCell("left",cell03);
+ PrintTableDataCell("left",cell04);
+ PrintTableDataCell("left",cell05);
+ println("
");
}
function ListService(service_node) {
// Service name
var name=GetRegistryKeyValue(service_node,"DisplayName");
name=(IsValid(name)) ? RegistryKeyValueToString(name.value,name.type) : "Unknwon";
// Service group
var group=GetRegistryKeyValue(service_node,"Group");
group=(IsValid(group)) ? RegistryKeyValueToString(group.value,group.type) : "";
// Service exe
var image=GetRegistryKeyValue(service_node,"ImagePath");
image=(IsValid(image)) ? RegistryKeyValueToString(image.value,image.type) : "Unknwon";
// Start
var start=GetRegistryKeyValue(service_node,"Start");
start=(IsValid(start)) ? RegistryKeyValueToString(start.value,start.type) : -1;
switch(Number(start)) {
case 0:
start="Boot";
break;
case 1:
start="System";
break;
case 2:
start="Automatic";
break;
case 3:
start="Manual";
break;
case 4:
start="Disabled";
break;
default:
start="Unknown";
}
// Description
var desc=GetRegistryKeyValue(service_node,"Description");
desc=(IsValid(desc)) ? RegistryKeyValueToString(desc.value,desc.type) : "";
PrintTableRow(name,group,start,image,desc)
}
function fred_report_html() {
var val;
println(" Services
");
// Get current controlset
var cur_controlset=GetRegistryKeyValue("\\Select","Current");
if(IsValid(cur_controlset)) {
cur_controlset=RegistryKeyValueToString(cur_controlset.value,cur_controlset.type);
// Current holds a DWORD value, thus we get a string like 0x00000000, but
// control sets are referenced by its decimal representation.
cur_controlset="ControlSet"+ZeroPad(parseInt(String(cur_controlset).substr(2,8),16),3)
// Get list of possible services
var services=GetRegistryNodes(cur_controlset+"\\Services");
if(IsValid(services)) {
println(" ");
- println("
");
- println(" | Name | Group | Startup | Image path | Description |
");
+ println(" ");
+ println(" ");
+ PrintTableHeaderCell("Name");
+ PrintTableHeaderCell("Group");
+ PrintTableHeaderCell("Startup");
+ PrintTableHeaderCell("Image path");
+ PrintTableHeaderCell("Description");
+ println("
");
+
for(var i=0;i");
println(" ");
} else {
println(" ");
println(" This registry hive does not contain any services!
");
println("
");
}
} else {
println(" ");
println(" Unable to determine current control set!
");
println(" Are you sure you are running this report against the correct registry hive?");
println("
");
}
}
diff --git a/trunk/report_templates/SYSTEM_SystemTimeInfo.qs b/trunk/report_templates/SYSTEM_SystemTimeInfo.qs
index 0f7ae70..b9880ec 100644
--- a/trunk/report_templates/SYSTEM_SystemTimeInfo.qs
+++ b/trunk/report_templates/SYSTEM_SystemTimeInfo.qs
@@ -1,117 +1,141 @@
function fred_report_info() {
var info={report_cat : "SYSTEM",
report_name : "System time info",
report_author : "Gillen Daniel",
report_desc : "Dump system time info",
fred_api : 2,
hive : "SYSTEM"
};
return info;
}
+var table_style = "border-collapse:collapse; margin-left:20px; font-family:arial; font-size:12";
+var cell_style = "border:1px solid #888888; padding:5; white-space:nowrap;";
+
function IsValid(val) {
- if(typeof val !== 'undefined') return true;
- else return false;
+ return (typeof val!=='undefined');
+}
+
+function PrintTableHeaderCell(str) {
+ println(" ",str," | ");
}
-function print_table_row(cell01,cell02) {
- println(" | ",cell01," | ",cell02," |
");
+function PrintTableDataCell(alignment,str) {
+ var style=cell_style+" text-align:"+alignment+";";
+ println(" ",str," | ");
}
function ToUTC(num) {
var retnum=new Number(num);
if(retnum&0x80000000) {
retnum=((0xFFFFFFFF-retnum)+1)/60;
return "UTC+"+Number(retnum).toString(10);
} else {
retnum=retnum/60;
if(retnum!=0) return "UTC-"+Number(retnum).toString(10);
else return "UTC+"+Number(retnum).toString(10);
}
}
function ZeroPad(number,padlen) {
var ret=number.toString(10);
if(!padlen || ret.length>=padlen) return ret;
return Math.pow(10,padlen-ret.length).toString().slice(1)+ret;
}
function fred_report_html() {
var val;
println(" System time info
");
// Get current controlset
var cur_controlset=GetRegistryKeyValue("\\Select","Current");
if(IsValid(cur_controlset)) {
cur_controlset=RegistryKeyValueToString(cur_controlset.value,cur_controlset.type);
// Current holds a DWORD value, thus we get a string like 0x00000000, but
// control sets are referenced by its decimal representation.
cur_controlset="ControlSet"+ZeroPad(parseInt(String(cur_controlset).substr(2,8),16),3)
- println(" ");
- println(" Time zone info");
- println("
");
-
- // Active time bias
- val=GetRegistryKeyValue(cur_controlset+"\\Control\\TimeZoneInformation","ActiveTimeBias");
- print_table_row("Active time bias:",(IsValid(val)) ? ToUTC(RegistryKeyValueToString(val.value,val.type)) : "n/a");
-
- // Std. tz name and bias
- val=GetRegistryKeyValue(cur_controlset+"\\Control\\TimeZoneInformation","StandardName");
- print_table_row("Std. time zone name:",(IsValid(val)) ? RegistryKeyValueToString(val.value,val.type) : "n/a");
- val=GetRegistryKeyValue(cur_controlset+"\\Control\\TimeZoneInformation","StandardBias");
- print_table_row("Std. time bias:",(IsValid(val)) ? ToUTC(RegistryKeyValueToString(val.value,val.type)) : "n/a");
-
- // Daylight tz name and bias
- val=GetRegistryKeyValue(cur_controlset+"\\Control\\TimeZoneInformation","DaylightName");
- print_table_row("Daylight time zone name:",(IsValid(val)) ? RegistryKeyValueToString(val.value,val.type) : "n/a");
- val=GetRegistryKeyValue(cur_controlset+"\\Control\\TimeZoneInformation","DaylightBias");
- print_table_row("Daylight time bias:",(IsValid(val)) ? ToUTC(RegistryKeyValueToString(val.value,val.type)) : "n/a");
-
- println("
");
- println("
");
- println(" W32Time service info");
- println(" ");
-
// Get W32Time service settings
+ var w32time_startup_method="n/a";
+ var w32time_time_servers="n/a";
val=GetRegistryKeyValue(cur_controlset+"\\Services\\W32Time","Start");
if(IsValid(val)) {
- print(" | Startup method: | ");
val=RegistryKeyValueToString(val.value,val.type);
switch(Number(val)) {
case 0:
- print("Boot");
+ w32time_startup_method="Boot";
break;
case 1:
- print("System");
+ w32time_startup_method="System";
break;
case 2:
- print("Automatic");
+ w32time_startup_method="Automatic";
break;
case 3:
- print("Manual");
+ w32time_startup_method="Manual";
break;
case 4:
- print("Disabled");
+ w32time_startup_method="Disabled";
break;
default:
- print("Unknown");
+ w32time_startup_method="Unknown";
}
- println(" |
");
// If service is enabled, get ntp server
if(Number(val)<4) {
val=GetRegistryKeyValue(cur_controlset+"\\Services\\W32Time\\Parameters","NtpServer");
- print_table_row("NTP server(s):",(IsValid(val)) ? RegistryKeyValueToString(val.value,val.type) : "n/a");
+ if(IsValid(val)) w32time_time_servers=RegistryKeyValueToString(val.value,val.type);
}
- } else print_table_row("Startup method:","n/a");
+ }
+
+ println(" ");
+ println("
");
+ println(" | Active control set: | ",cur_controlset," |
");
+ println(" | W32Time startup method: | ",w32time_startup_method," |
");
+ println(" | W32Time NTP servers: | ",w32time_time_servers," |
");
+ println("
");
+ println("
");
+ println(" ");
+ println(" ");
+ PrintTableHeaderCell("XXX");
+ PrintTableHeaderCell("Time zone");
+ println("
");
+
+ // Active time bias
+ val=GetRegistryKeyValue(cur_controlset+"\\Control\\TimeZoneInformation","ActiveTimeBias");
+ var active_bias=(IsValid(val)) ? ToUTC(RegistryKeyValueToString(val.value,val.type)) : "n/a"
+
+ // Std. tz name and bias
+ val=GetRegistryKeyValue(cur_controlset+"\\Control\\TimeZoneInformation","StandardName");
+ var std_name=(IsValid(val)) ? RegistryKeyValueToString(val.value,val.type) : "n/a";
+ val=GetRegistryKeyValue(cur_controlset+"\\Control\\TimeZoneInformation","StandardBias");
+ var std_bias=(IsValid(val)) ? ToUTC(RegistryKeyValueToString(val.value,val.type)) : "n/a";
+
+ // Daylight tz name and bias
+ val=GetRegistryKeyValue(cur_controlset+"\\Control\\TimeZoneInformation","DaylightName");
+ var daylight_name=(IsValid(val)) ? RegistryKeyValueToString(val.value,val.type) : "n/a";
+ val=GetRegistryKeyValue(cur_controlset+"\\Control\\TimeZoneInformation","DaylightBias");
+ var daylight_bias=(IsValid(val)) ? ToUTC(RegistryKeyValueToString(val.value,val.type)) : "n/a";
+
+ println(" ");
+ PrintTableDataCell("left","Active");
+ PrintTableDataCell("left",active_bias);
+ println("
");
+ println(" ");
+ PrintTableDataCell("left","Standard");
+ PrintTableDataCell("left",std_bias+" ("+std_name+")");
+ println("
");
+ println(" ");
+ PrintTableDataCell("left","Daylight");
+ PrintTableDataCell("left",daylight_bias+" ("+daylight_name+")");
+ println("
");
println("
");
println(" ");
} else {
println(" ");
println(" Unable to determine current control set!
");
println(" Are you sure you are running this report against the correct registry hive?");
println("
");
}
}
diff --git a/trunk/report_templates/SYSTEM_UsbStorageDevices2.qs b/trunk/report_templates/SYSTEM_UsbStorageDevices2.qs
index 0b11e6a..8fe3652 100644
--- a/trunk/report_templates/SYSTEM_UsbStorageDevices2.qs
+++ b/trunk/report_templates/SYSTEM_UsbStorageDevices2.qs
@@ -1,181 +1,190 @@
function fred_report_info() {
var info={report_cat : "SYSTEM",
report_name : "USB storage devices as table",
report_author : "Gillen Daniel, Voncken Guy",
report_desc : "Dump USB storage devices",
fred_api : 2,
hive : "SYSTEM"
};
return info;
}
+var table_style = "border-collapse:collapse; margin-left:20px; font-family:arial; font-size:12";
+var cell_style = "border:1px solid #888888; padding:5; white-space:nowrap;";
+
function IsValid(val) {
- if(typeof val !== 'undefined') return true;
- else return false;
+ return (typeof val!=='undefined');
+}
+
+function PrintTableHeaderCell(str) {
+ println(" ",str," | ");
}
-function print_table_row(cell01,cell02) {
- println(" | ",cell01," | ",cell02," |
");
+function PrintTableDataCell(alignment,str) {
+ var style=cell_style+" text-align:"+alignment+";";
+ println(" ",str," | ");
}
-function print_dev_table_row(VendorProd,
- ID,
- Class,
- Name,
- MountPoint,
- ParentId,
- Desc)
-{
- println(" ");
- println(" | ",VendorProd," | ");
- println(" ",ID," | ");
- println(" ",Class," | ");
- println(" ",Name," | ");
- println(" ",MountPoint," | ");
- println(" ",ParentId," | ");
- println(" ",Desc," | ");
- println("
");
+function PrintTableDataRowSpanCell(alignment,rows,str) {
+ var style=cell_style+" text-align: "+alignment+";";
+ println(" ",str," | ");
}
function ZeroPad(number,padlen) {
var ret=number.toString(10);
if(!padlen || ret.length>=padlen) return ret;
return Math.pow(10,padlen-ret.length).toString().slice(1)+ret;
}
function GetKeyVal(path, key) {
var val=GetRegistryKeyValue(path, key);
return (IsValid(val)) ? RegistryKeyValueToString(val.value,val.type) : "";
}
function fred_report_html() {
// TODO: There is more here.
// Check http://www.forensicswiki.org/wiki/USB_History_Viewing
var val;
println(" USB storage devices
");
// Preload MountedDevices to possibly identify mount points of USB storage
// devices
var mnt_keys=GetRegistryKeys("\\MountedDevices");
var mnt_values=new Array();
if(IsValid(mnt_keys)) {
for(var i=0;i");
- println(" Settings
");
- println(" ");
+ println(" ");
// Are USB storage devices enabled?
// http://www.forensicmag.com/article/windows-7-registry-forensics-part-5
// Is this true for WinXP etc.. ???
var val=GetRegistryKeyValue(cur_controlset+"\\services\\USBSTOR","Start");
if(IsValid(val)) {
val=RegistryKeyValueToString(val.value,val.type);
val=parseInt(String(val).substr(2,8),10);
switch(val) {
case 3:
- print_table_row("Storage driver enabled:","Yes");
+ println(" | Storage driver enabled: | Yes |
");
break;
case 4:
- print_table_row("Storage driver enabled:","No");
+ println(" | Storage driver enabled: | No |
");
break;
default:
- print_table_row("Storage driver enabled:","Unknown");
+ println(" | Storage driver enabled: | Unknown |
");
}
} else {
- print_table_row("Storage driver enabled:","Unknown");
+ println(" | Storage driver enabled: | Unknown |
");
}
println("
");
println(" ");
println(" ");
- println(" Devices
");
var storage_roots=GetRegistryNodes(cur_controlset+"\\Enum\\USBSTOR");
if(IsValid(storage_roots)) {
- println("
");
- print_dev_table_row("Vendor Name",
- "Unique ID",
- "Class",
- "Friendly name",
- "Mount point(s)",
- "Parent ID",
- "Device description");
- for(var i=0; i");
+ println(" ");
+ PrintTableHeaderCell("Vendor Name");
+ PrintTableHeaderCell("Unique ID");
+ PrintTableHeaderCell("Class");
+ PrintTableHeaderCell("Friendly name");
+ PrintTableHeaderCell("Mount point(s)");
+ PrintTableHeaderCell("Parent ID");
+ PrintTableHeaderCell("Device description");
+ println("
");
+
+ for(var i=0;i";
- else br=1;
- MountPoints = MountPoints + mnt_keys[iii];
+ if(String(mnt_values[iii]).indexOf(search_string)!=-1) {
+ device_mount_points.push(mnt_keys[iii]);
+ }
+ }
+
+ var mount_points=device_mount_points.length;
+ if(mount_points>1) {
+ println(" ");
+ PrintTableDataRowSpanCell("left",mount_points,storage_roots[i]);
+ PrintTableDataRowSpanCell("left",mount_points,device_id);
+ PrintTableDataRowSpanCell("left",mount_points,device_class);
+ PrintTableDataRowSpanCell("left",mount_points,device_friendly_name);
+ PrintTableDataCell("left",device_mount_points[0]);
+ PrintTableDataRowSpanCell("left",mount_points,device_parent_id);
+ PrintTableDataRowSpanCell("left",mount_points,device_desc);
+ println("
");
+ for(var iii=1;iii");
+ PrintTableDataCell("left",device_mount_points[iii]);
+ println(" ");
+ }
+ } else {
+ println(" ");
+ PrintTableDataCell("left",storage_roots[i]);
+ PrintTableDataCell("left",device_id);
+ PrintTableDataCell("left",device_class);
+ PrintTableDataCell("left",device_friendly_name);
+ if(mount_points!=0) {
+ PrintTableDataCell("left",device_mount_points[0]);
+ } else {
+ PrintTableDataCell("left","n/a");
}
+ PrintTableDataCell("left",device_parent_id);
+ PrintTableDataCell("left",device_desc);
+ println("
");
}
- if(br==0) MountPoints = MountPoints + "n/a";
-
- print_dev_table_row(storage_roots[i],
- ID,
- Class,
- FriendlyName,
- MountPoints,
- ParentID,
- DeviceDesc);
}
}
println("
");
println("
");
} else {
- println(" This registry hive does not contain a ",
- "list of attached USB storage devices!");
+ println(" This registry hive does not contain a list of attached USB storage devices!");
}
println(" ");
} else {
println(" ");
println(" Unable to determine current control set!
");
- println(" Are you sure you are running this report against the correct ",
- "registry hive?");
+ println(" Are you sure you are running this report against the correct registry hive?");
println("
");
}
}