diff --git a/trunk/datareporter.cpp b/trunk/datareporter.cpp new file mode 100644 index 0000000..4f01ffe --- /dev/null +++ b/trunk/datareporter.cpp @@ -0,0 +1,99 @@ +/******************************************************************************* +* fred Copyright (c) 2011 by Gillen Daniel * +* * +* Forensic Registry EDitor (fred) is a cross-platform M$ registry hive editor * +* with special feautures useful during forensic analysis. * +* * +* This program is free software: you can redistribute it and/or modify it * +* under the terms of the GNU General Public License as published by the Free * +* Software Foundation, either version 3 of the License, or (at your option) * +* any later version. * +* * +* This program is distributed in the hope that it will be useful, but WITHOUT * +* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or * +* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for * +* more details. * +* * +* You should have received a copy of the GNU General Public License along with * +* this program. If not, see . * +*******************************************************************************/ + +#include + +#include "datareporter.h" +#include "reporttemplatexmlhandler.h" + +DataReporter::DataReporter() { + this->report_templates.clear(); +} + +DataReporter::~DataReporter() { + qDeleteAll(this->report_templates); +} + +void DataReporter::LoadReportTemplates() { + QString report_template=""; + QXmlSimpleReader xml_parser; + int i=0; + ReportTemplate *p_report; + + QDir report_dir("../trunk/report_templates/"); + QStringList report_templates=report_dir.entryList(QStringList()<<"*.fred"); + + for(i=0;iGetReportCategory(), + p_report_handler->GetReportName(), + report_template); + this->report_templates.append(p_report); + + delete p_report_handler; + delete p_xml_file; + delete p_report_template_file; + } +} + +QStringList DataReporter::GetAvailableReportCategories() { + QStringList ret; + QString cat; + int i=0; + + ret.clear(); + for(i=0;ireport_templates.count();i++) { + cat=this->report_templates.value(i)->Category(); + if(ret.indexOf(cat)==-1) ret.append(cat); + } + + return ret; +} + +QStringList DataReporter::GetAvailableReports(QString category) { + QStringList ret; + QString cat; + int i=0; + + ret.clear(); + for(i=0;ireport_templates.count();i++) { + cat=this->report_templates.value(i)->Category(); + if(cat==category) ret.append(this->report_templates.value(i)->Name()); + } + + return ret; +} + +QString DataReporter::GenerateReport(hive_h *hhive, + QString report_category, + QString report_name) +{ + +} diff --git a/trunk/datareporter.h b/trunk/datareporter.h new file mode 100644 index 0000000..92f06c2 --- /dev/null +++ b/trunk/datareporter.h @@ -0,0 +1,47 @@ +/******************************************************************************* +* fred Copyright (c) 2011 by Gillen Daniel * +* * +* Forensic Registry EDitor (fred) is a cross-platform M$ registry hive editor * +* with special feautures useful during forensic analysis. * +* * +* This program is free software: you can redistribute it and/or modify it * +* under the terms of the GNU General Public License as published by the Free * +* Software Foundation, either version 3 of the License, or (at your option) * +* any later version. * +* * +* This program is distributed in the hope that it will be useful, but WITHOUT * +* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or * +* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for * +* more details. * +* * +* You should have received a copy of the GNU General Public License along with * +* this program. If not, see . * +*******************************************************************************/ + +#ifndef DATAREPORTER_H +#define DATAREPORTER_H + +#include + +#include + +#include "reporttemplate.h" + +class DataReporter { + public: + DataReporter(); + ~DataReporter(); + + void LoadReportTemplates(); + QStringList GetAvailableReportCategories(); + QStringList GetAvailableReports(QString category); + + QString GenerateReport(hive_h *hhive, + QString report_category, + QString report_name); + + private: + QList report_templates; +}; + +#endif // DATAREPORTER_H diff --git a/trunk/fred.pro b/trunk/fred.pro index 00c417b..c8ef416 100644 --- a/trunk/fred.pro +++ b/trunk/fred.pro @@ -1,61 +1,67 @@ #******************************************************************************* # fred Copyright (c) 2011 by Gillen Daniel * # * # Forensic Registry EDitor (fred) is a cross-platform M$ registry hive editor * # with special feautures useful during forensic analysis. * # * # This program is free software: you can redistribute it and/or modify it * # under the terms of the GNU General Public License as published by the Free * # Software Foundation, either version 3 of the License, or (at your option) * # any later version. * # * # This program is distributed in the hope that it will be useful, but WITHOUT * # ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or * # FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for * # more details. * # * # You should have received a copy of the GNU General Public License along with * # this program. If not, see . * #******************************************************************************/ system(bash compileinfo.sh > compileinfo.h) -QT += core \ - gui - -TARGET = fred - -TEMPLATE = app - - -SOURCES += main.cpp\ - mainwindow.cpp \ - registrynode.cpp \ - registrynodetreemodel.cpp \ - registrykey.cpp \ - registrykeytablemodel.cpp \ - dlgabout.cpp \ - dlgkeydetails.cpp \ - qhexedit/qhexedit_p.cpp \ - qhexedit/qhexedit.cpp \ - datainterpreter.cpp - -HEADERS += mainwindow.h \ - registrynode.h \ - registrynodetreemodel.h \ - registrykey.h \ - registrykeytablemodel.h \ - dlgabout.h \ - dlgkeydetails.h \ - qhexedit/qhexedit_p.h \ - qhexedit/qhexedit.h \ - datainterpreter.h - -FORMS += mainwindow.ui \ - dlgabout.ui \ - dlgkeydetails.ui - -LIBS += -lhivex - -RESOURCES += \ - fred.qrc +QT += core \ + gui \ + xml + +TARGET = fred + +TEMPLATE = app + + +SOURCES += main.cpp\ + mainwindow.cpp \ + registrynode.cpp \ + registrynodetreemodel.cpp \ + registrykey.cpp \ + registrykeytablemodel.cpp \ + dlgabout.cpp \ + dlgkeydetails.cpp \ + qhexedit/qhexedit_p.cpp \ + qhexedit/qhexedit.cpp \ + datainterpreter.cpp \ + reporttemplatexmlhandler.cpp \ + reporttemplate.cpp \ + datareporter.cpp + +HEADERS += mainwindow.h \ + registrynode.h \ + registrynodetreemodel.h \ + registrykey.h \ + registrykeytablemodel.h \ + dlgabout.h \ + dlgkeydetails.h \ + qhexedit/qhexedit_p.h \ + qhexedit/qhexedit.h \ + datainterpreter.h \ + reporttemplatexmlhandler.h \ + reporttemplate.h \ + datareporter.h + +FORMS += mainwindow.ui \ + dlgabout.ui \ + dlgkeydetails.ui + +LIBS += -lhivex + +RESOURCES += fred.qrc diff --git a/trunk/mainwindow.cpp b/trunk/mainwindow.cpp index feb7728..a7f9401 100644 --- a/trunk/mainwindow.cpp +++ b/trunk/mainwindow.cpp @@ -1,445 +1,468 @@ /******************************************************************************* * fred Copyright (c) 2011 by Gillen Daniel * * * * Forensic Registry EDitor (fred) is a cross-platform M$ registry hive editor * * with special feautures useful during forensic analysis. * * * * This program is free software: you can redistribute it and/or modify it * * under the terms of the GNU General Public License as published by the Free * * Software Foundation, either version 3 of the License, or (at your option) * * any later version. * * * * This program is distributed in the hope that it will be useful, but WITHOUT * * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or * * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for * * more details. * * * * You should have received a copy of the GNU General Public License along with * * this program. If not, see . * *******************************************************************************/ #include #include #include #include #include #include -#include #include "mainwindow.h" #include "ui_mainwindow.h" #include "dlgabout.h" #include "dlgkeydetails.h" #include "compileinfo.h" MainWindow::MainWindow(QWidget *parent) : QMainWindow(parent), ui(new Ui::MainWindow) { ui->setupUi(this); // Initialize private vars this->hhive=NULL; this->is_hive_open=false; this->p_reg_node_tree_model=NULL; this->p_reg_key_table_model=NULL; // Set main window size int cur_screen=QApplication::desktop()->screenNumber(this); int window_width= QApplication::desktop()->availableGeometry(cur_screen).width()*0.5; int window_height= QApplication::desktop()->availableGeometry(cur_screen).height()*0.5; int window_x= (QApplication::desktop()->availableGeometry(cur_screen).width()/2)- (window_width/2); int window_y= (QApplication::desktop()->availableGeometry(cur_screen).height()/2)- (window_height/2); this->setGeometry(window_x, window_y, window_width, window_height); // Create widgets this->p_horizontal_splitter=new QSplitter(); this->p_horizontal_splitter->setOrientation(Qt::Horizontal); this->p_node_tree=new QTreeView(this->p_horizontal_splitter); this->p_node_tree->setHeaderHidden(true); this->p_vertical_splitter=new QSplitter(this->p_horizontal_splitter); this->p_vertical_splitter->setOrientation(Qt::Vertical); this->p_key_table=new QTableView(this->p_vertical_splitter); this->p_key_table->setSelectionBehavior(QAbstractItemView::SelectRows); this->p_horizontal_splitter2=new QSplitter(this->p_vertical_splitter); this->p_horizontal_splitter2->setOrientation(Qt::Horizontal); this->p_hex_edit_widget=new QWidget(this->p_horizontal_splitter2); this->p_hex_edit_layout=new QVBoxLayout(this->p_hex_edit_widget); this->p_hex_edit_layout->setContentsMargins(0,0,0,0); this->p_hex_edit=new QHexEdit(); this->p_hex_edit->setReadOnly(true); this->p_hex_edit_status_bar=new QLabel(); this->p_data_interpreter=new DataInterpreter(this->p_horizontal_splitter2); // Make sure hex viewer font is monospaced. QFont mono_font("Monospace"); mono_font.setStyleHint(QFont::TypeWriter); this->p_hex_edit->setFont(mono_font); // Lay out widgets this->p_hex_edit_layout->addWidget(this->p_hex_edit); this->p_hex_edit_layout->addWidget(this->p_hex_edit_status_bar); this->p_horizontal_splitter2->addWidget(this->p_hex_edit_widget); this->p_horizontal_splitter2->addWidget(this->p_data_interpreter); this->p_vertical_splitter->addWidget(this->p_key_table); this->p_vertical_splitter->addWidget(this->p_horizontal_splitter2); this->p_horizontal_splitter->addWidget(this->p_node_tree); this->p_horizontal_splitter->addWidget(this->p_vertical_splitter); // Set stretch factors QSizePolicy node_tree_policy=this->p_node_tree->sizePolicy(); node_tree_policy.setHorizontalStretch(1); node_tree_policy.setVerticalStretch(100); this->p_node_tree->setSizePolicy(node_tree_policy); QSizePolicy vertical_splitter_policy=this->p_vertical_splitter->sizePolicy(); vertical_splitter_policy.setHorizontalStretch(4); vertical_splitter_policy.setVerticalStretch(100); this->p_vertical_splitter->setSizePolicy(vertical_splitter_policy); QSizePolicy key_table_policy=this->p_key_table->sizePolicy(); key_table_policy.setVerticalStretch(5); key_table_policy.setHorizontalStretch(100); this->p_key_table->setSizePolicy(key_table_policy); QSizePolicy hex_edit_widget_policy=this->p_hex_edit_widget->sizePolicy(); hex_edit_widget_policy.setVerticalStretch(2); hex_edit_widget_policy.setHorizontalStretch(200); this->p_hex_edit_widget->setSizePolicy(hex_edit_widget_policy); QSizePolicy data_interpreter_policy=this->p_data_interpreter->sizePolicy(); data_interpreter_policy.setVerticalStretch(2); data_interpreter_policy.setHorizontalStretch(0); this->p_data_interpreter->setSizePolicy(data_interpreter_policy); // Connect signals this->connect(this->p_node_tree, SIGNAL(clicked(QModelIndex)), this, SLOT(SlotNodeTreeClicked(QModelIndex))); this->connect(this->p_node_tree, SIGNAL(activated(QModelIndex)), this, SLOT(SlotNodeTreeClicked(QModelIndex))); this->connect(this->p_key_table, SIGNAL(clicked(QModelIndex)), this, SLOT(SlotKeyTableClicked(QModelIndex))); this->connect(this->p_key_table, SIGNAL(doubleClicked(QModelIndex)), this, SLOT(SlotKeyTableDoubleClicked(QModelIndex))); this->connect(this->p_hex_edit, SIGNAL(currentAddressChanged(int)), this, SLOT(SlotHexEditAddressChanged(int))); // Add central widget this->setContentsMargins(4,4,4,0); this->setCentralWidget(this->p_horizontal_splitter); // Set window title this->UpdateWindowTitle(); // Set last open location to home dir this->last_open_location=QDir::homePath(); + + // Load report templates + this->data_reporter().LoadReportTemplates(); } MainWindow::~MainWindow() { if(this->is_hive_open) { hivex_close(this->hhive); } delete ui; } void MainWindow::on_action_Quit_triggered() { qApp->exit(); } void MainWindow::on_action_Open_hive_triggered() { QString hive_file=""; hive_file=QFileDialog::getOpenFileName(this, tr("Open registry hive"), this->last_open_location, tr("All files (*)")); if(hive_file=="") return; // Update last open location this->last_open_location=hive_file.left(hive_file. lastIndexOf(QDir::separator())); // If another hive is currently open, close it if(this->is_hive_open) this->on_action_Close_hive_triggered(); // Try to open hive this->hhive=hivex_open(hive_file.toAscii().constData(),0); if(this->hhive==NULL) { QMessageBox::critical(this, tr("Error opening hive file"), tr("Unable to open file '%1'").arg(hive_file)); return; } // Create tree model hive_node_h root_node=hivex_root(hhive); if(root_node==0) { QMessageBox::critical(this, tr("Error opening hive file"), tr("This hive seems to have no root node!") .arg(hive_file)); return; } this->p_reg_node_tree_model= new RegistryNodeTreeModel(this->hhive, root_node); this->p_node_tree->setModel(this->p_reg_node_tree_model); this->is_hive_open=true; this->ui->action_Close_hive->setEnabled(true); this->UpdateWindowTitle(hive_file); } void MainWindow::on_action_Close_hive_triggered() { if(this->is_hive_open) { // Delete models if(this->p_reg_node_tree_model!=NULL) { delete this->p_reg_node_tree_model; this->p_reg_node_tree_model=NULL; } if(this->p_reg_key_table_model!=NULL) { delete this->p_reg_key_table_model; this->p_reg_key_table_model=NULL; } // Remove any data from hex edit and data interpreter this->p_hex_edit->setData(QByteArray()); this->p_hex_edit_status_bar->setText(""); this->p_data_interpreter->ClearValues(); // Close hive hivex_close(this->hhive); this->is_hive_open=false; this->ui->action_Close_hive->setEnabled(false); this->UpdateWindowTitle(); } } void MainWindow::on_actionAbout_Qt_triggered() { QMessageBox::aboutQt(this,tr("About Qt")); } void MainWindow::on_actionAbout_fred_triggered() { DlgAbout dlg_about(this); dlg_about.exec(); } void MainWindow::SlotNodeTreeClicked(QModelIndex index) { QStringList nodes; //Built node path nodes.clear(); nodes.append(this->p_reg_node_tree_model-> data(index,Qt::DisplayRole).toString()); while(this->p_reg_node_tree_model->parent(index)!=QModelIndex()) { // Prepend all parent nodes index=this->p_reg_node_tree_model->parent(index); nodes.prepend(this->p_reg_node_tree_model-> data(index,Qt::DisplayRole).toString()); } // Get hive_node handle for current node hive_node_h hive_node=hivex_root(this->hhive); QString cur_node; for(QStringList::iterator it=nodes.begin();it!=nodes.end();++it) { cur_node=*it; hive_node=hivex_node_get_child(this->hhive, hive_node, cur_node.toAscii().constData()); } // Create table model and attach it to the table view if(this->p_reg_key_table_model!=NULL) delete this->p_reg_key_table_model; this->p_reg_key_table_model=new RegistryKeyTableModel(this->hhive, hive_node); this->p_key_table->setModel(this->p_reg_key_table_model); // Resize table rows / columns to fit data this->p_key_table->resizeColumnsToContents(); this->p_key_table->horizontalHeader()->stretchLastSection(); } void MainWindow::SlotKeyTableDoubleClicked(QModelIndex index) { QModelIndex key_index; QModelIndex node_index; QStringList nodes; QString key_name; QString key_type; QByteArray key_value; if(!index.isValid()) return; // Get key name, type and value key_index=this->p_reg_key_table_model->index(index.row(),0); key_name=this->p_reg_key_table_model->data(key_index,Qt::DisplayRole) .toString(); key_index=this->p_reg_key_table_model->index(index.row(),1); key_type=this->p_reg_key_table_model->data(key_index,Qt::DisplayRole) .toString(); key_index=this->p_reg_key_table_model->index(index.row(),2); key_value=this->p_reg_key_table_model->data(key_index, RegistryKeyTableModel:: AdditionalRoles_GetRawData) .toByteArray(); // Get current node node_index=this->p_node_tree->currentIndex(); //Built node path nodes.clear(); nodes.append(this->p_reg_node_tree_model-> data(node_index,Qt::DisplayRole).toString()); while(this->p_reg_node_tree_model->parent(node_index)!=QModelIndex()) { // Prepend all parent nodes node_index=this->p_reg_node_tree_model->parent(node_index); nodes.prepend(this->p_reg_node_tree_model-> data(node_index,Qt::DisplayRole).toString()); } DlgKeyDetails dlg_key_details(this); dlg_key_details.SetValues(nodes,key_name,key_type,key_value); dlg_key_details.exec(); } void MainWindow::SlotKeyTableClicked(QModelIndex index) { if(!index.isValid()) return; this->selected_key_value= this->p_reg_key_table_model->data(this->p_reg_key_table_model-> index(index.row(),2), RegistryKeyTableModel:: AdditionalRoles_GetRawData) .toByteArray(); this->p_hex_edit->setData(this->selected_key_value); } void MainWindow::SlotHexEditAddressChanged(int hex_offset) { // Update hex edit status bar this->p_hex_edit_status_bar-> setText(QString().sprintf("Byte offset: 0x%04X (%u)",hex_offset,hex_offset)); // Update data interpreter this->UpdateDataInterpreter(hex_offset); } void MainWindow::UpdateWindowTitle(QString filename) { if(filename=="") { this->setWindowTitle(QString().sprintf("%s v%s",APP_TITLE,APP_VERSION)); } else { this->setWindowTitle(QString().sprintf("%s v%s - %s", APP_TITLE, APP_VERSION, filename.toLocal8Bit().constData())); } } void MainWindow::UpdateDataInterpreter(int hex_offset) { QDateTime date_time; const char *p_data; int remaining_data_len; // Remove all old values from data interpreter this->p_data_interpreter->ClearValues(); // Calculate how many bytes are remainig after current offset remaining_data_len=this->selected_key_value.size()-hex_offset; if(!remaining_data_len>0) { // Nothing to show return; } // Get pointer to data at current offset p_data=this->selected_key_value.constData(); p_data+=hex_offset; #define rotl32(x,n) (((x) << n) | ((x) >> (32 - n))) //#define rotr32(x,n) (((x) >> n) | ((x) << (32 - n))) #define rotl64(x,n) (((x) << n) | ((x) >> (64 - n))) //#define rotr64(x,n) (((x) >> n) | ((x) << (64 - n))) if(remaining_data_len>=1) { this->p_data_interpreter->AddValue("int8:", QString().sprintf("%d", *(int8_t*)p_data)); this->p_data_interpreter->AddValue("uint8:", QString().sprintf("%u", *(uint8_t*)p_data)); } if(remaining_data_len>=2) { this->p_data_interpreter->AddValue("int16:", QString().sprintf("%d", *(int16_t*)p_data)); this->p_data_interpreter->AddValue("uint16:", QString().sprintf("%u", *(uint16_t*)p_data)); } if(remaining_data_len>=4) { this->p_data_interpreter->AddValue("int32:", QString().sprintf("%d", *(int32_t*)p_data)); this->p_data_interpreter->AddValue("uint32:", QString().sprintf("%d", *(uint32_t*)p_data)); date_time.setTime_t(*(uint32_t*)p_data); this->p_data_interpreter->AddValue("Unixtime:", date_time. toString("yyyy/MM/dd hh:mm:ss")); } if(remaining_data_len>=8) { this->p_data_interpreter->AddValue("int64:", QString().sprintf("%d", *(int64_t*)p_data)); this->p_data_interpreter->AddValue("uint64:", QString().sprintf("%d", *(uint64_t*)p_data)); date_time.setTime_t((*(uint64_t*)p_data-116444736000000000)/10000000); this->p_data_interpreter->AddValue("Win64time:", date_time. toString("yyyy/MM/dd hh:mm:ss")); } #undef rotl32 #undef rotl64 } +/* void MainWindow::LoadReportTemplates() { - QXmlSimpleReader xmlReader; + //#include + + QString report_template=""; + QXmlSimpleReader xml_parser; + + qDebug("Loading report templates..."); - QDir report_dir("./report_templates/"); - QStringList report_templates=report_dir.entryList("*.fred"); + QDir report_dir("../trunk/report_templates/"); + QStringList report_templates=report_dir.entryList(QStringList()<<"*.fred"); int i=0; for(i=0;i * * * * Forensic Registry EDitor (fred) is a cross-platform M$ registry hive editor * * with special feautures useful during forensic analysis. * * * * This program is free software: you can redistribute it and/or modify it * * under the terms of the GNU General Public License as published by the Free * * Software Foundation, either version 3 of the License, or (at your option) * * any later version. * * * * This program is distributed in the hope that it will be useful, but WITHOUT * * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or * * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for * * more details. * * * * You should have received a copy of the GNU General Public License along with * * this program. If not, see . * *******************************************************************************/ #ifndef MAINWINDOW_H #define MAINWINDOW_H #include #include #include "registrynodetreemodel.h" #include "registrykeytablemodel.h" #include "qhexedit/qhexedit.h" #include "datainterpreter.h" +#include "datareporter.h" namespace Ui { class MainWindow; } class MainWindow : public QMainWindow { Q_OBJECT public: explicit MainWindow(QWidget *parent = 0); ~MainWindow(); private slots: void on_action_Quit_triggered(); void on_action_Open_hive_triggered(); void on_action_Close_hive_triggered(); void on_actionAbout_Qt_triggered(); void on_actionAbout_fred_triggered(); void SlotNodeTreeClicked(QModelIndex index); void SlotKeyTableClicked(QModelIndex index); void SlotKeyTableDoubleClicked(QModelIndex index); void SlotHexEditAddressChanged(int hex_offset); private: Ui::MainWindow *ui; QString last_open_location; hive_h *hhive; bool is_hive_open; RegistryNodeTreeModel *p_reg_node_tree_model; RegistryKeyTableModel *p_reg_key_table_model; QByteArray selected_key_value; // Widgets etc... QTreeView *p_node_tree; QTableView *p_key_table; QWidget *p_hex_edit_widget; QHexEdit *p_hex_edit; QLabel *p_hex_edit_status_bar; DataInterpreter *p_data_interpreter; QVBoxLayout *p_hex_edit_layout; QSplitter *p_horizontal_splitter; QSplitter *p_horizontal_splitter2; QSplitter *p_vertical_splitter; + DataReporter data_reporter(); + /* * UpdateWindowTitle * * Updates the window title */ void UpdateWindowTitle(QString filename=""); /* * UpdateDataInterpreter * * Update data interpreter */ void UpdateDataInterpreter(int hex_offset); /* * * */ void LoadReportTemplates(); }; #endif // MAINWINDOW_H diff --git a/trunk/reporttemplate.cpp b/trunk/reporttemplate.cpp new file mode 100644 index 0000000..8f6ee11 --- /dev/null +++ b/trunk/reporttemplate.cpp @@ -0,0 +1,42 @@ +/******************************************************************************* +* fred Copyright (c) 2011 by Gillen Daniel * +* * +* Forensic Registry EDitor (fred) is a cross-platform M$ registry hive editor * +* with special feautures useful during forensic analysis. * +* * +* This program is free software: you can redistribute it and/or modify it * +* under the terms of the GNU General Public License as published by the Free * +* Software Foundation, either version 3 of the License, or (at your option) * +* any later version. * +* * +* This program is distributed in the hope that it will be useful, but WITHOUT * +* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or * +* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for * +* more details. * +* * +* You should have received a copy of the GNU General Public License along with * +* this program. If not, see . * +*******************************************************************************/ + +#include "reporttemplate.h" + +ReportTemplate::ReportTemplate(QString report_category, + QString report_name, + QString report_template_file) +{ + this->category=report_category; + this->name=report_name; + this->template_file=report_template_file; +} + +QString ReportTemplate::ReportTemplate::Category() { + return this->category; +} + +QString ReportTemplate::ReportTemplate::Name() { + return this->name; +} + +QString ReportTemplate::ReportTemplate::File() { + return this->template_file; +} diff --git a/trunk/reporttemplate.h b/trunk/reporttemplate.h new file mode 100644 index 0000000..5acebeb --- /dev/null +++ b/trunk/reporttemplate.h @@ -0,0 +1,42 @@ +/******************************************************************************* +* fred Copyright (c) 2011 by Gillen Daniel * +* * +* Forensic Registry EDitor (fred) is a cross-platform M$ registry hive editor * +* with special feautures useful during forensic analysis. * +* * +* This program is free software: you can redistribute it and/or modify it * +* under the terms of the GNU General Public License as published by the Free * +* Software Foundation, either version 3 of the License, or (at your option) * +* any later version. * +* * +* This program is distributed in the hope that it will be useful, but WITHOUT * +* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or * +* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for * +* more details. * +* * +* You should have received a copy of the GNU General Public License along with * +* this program. If not, see . * +*******************************************************************************/ + +#ifndef REPORTTEMPLATE_H +#define REPORTTEMPLATE_H + +#include + +class ReportTemplate { + public: + ReportTemplate(QString report_category, + QString report_name, + QString report_template_file); + + QString Category(); + QString Name(); + QString File(); + + private: + QString category; + QString name; + QString template_file; +}; + +#endif // REPORTTEMPLATE_H diff --git a/trunk/reporttemplatexmlhandler.cpp b/trunk/reporttemplatexmlhandler.cpp new file mode 100644 index 0000000..a50ecbd --- /dev/null +++ b/trunk/reporttemplatexmlhandler.cpp @@ -0,0 +1,79 @@ +/******************************************************************************* +* fred Copyright (c) 2011 by Gillen Daniel * +* * +* Forensic Registry EDitor (fred) is a cross-platform M$ registry hive editor * +* with special feautures useful during forensic analysis. * +* * +* This program is free software: you can redistribute it and/or modify it * +* under the terms of the GNU General Public License as published by the Free * +* Software Foundation, either version 3 of the License, or (at your option) * +* any later version. * +* * +* This program is distributed in the hope that it will be useful, but WITHOUT * +* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or * +* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for * +* more details. * +* * +* You should have received a copy of the GNU General Public License along with * +* this program. If not, see . * +*******************************************************************************/ + +#include "reporttemplatexmlhandler.h" + +ReportTemplateXmlHandler::ReportTemplateXmlHandler(bool only_get_info) + : QXmlDefaultHandler() +{ + this->get_info=only_get_info; +} + +bool ReportTemplateXmlHandler::startDocument() { + this->report_category=""; + this->report_name=""; +} + +bool ReportTemplateXmlHandler::startElement(const QString &namespaceURI, + const QString &localName, + const QString &qName, + const QXmlAttributes &atts) +{ + int i=0; + + // If we should only extract report info... + if(this->get_info) { + if(qName=="report") { + this->report_category=atts.value(QString("category")); + this->report_name=atts.value(QString("name")); + } + return true; + } + + qDebug("%s",QString("--> %3").arg(qName).toAscii().constData()); + for(i=0;i Name: '%1'', Value: '%2'").arg(atts.qName(i),atts.value(i)).toAscii().constData()); + } + + return true; +} + +bool ReportTemplateXmlHandler::endElement(const QString &namespaceURI, + const QString &localName, + const QString &qName) +{ + return true; +} + +bool ReportTemplateXmlHandler::error(const QXmlParseException &exception) { + return false; +} + +bool ReportTemplateXmlHandler::fatalError(const QXmlParseException &exception) { + return false; +} + +QString ReportTemplateXmlHandler::GetReportCategory() { + return this->report_category; +} + +QString ReportTemplateXmlHandler::GetReportName() { + return this->report_name; +} diff --git a/trunk/reporttemplatexmlhandler.h b/trunk/reporttemplatexmlhandler.h new file mode 100644 index 0000000..4390420 --- /dev/null +++ b/trunk/reporttemplatexmlhandler.h @@ -0,0 +1,52 @@ +/******************************************************************************* +* fred Copyright (c) 2011 by Gillen Daniel * +* * +* Forensic Registry EDitor (fred) is a cross-platform M$ registry hive editor * +* with special feautures useful during forensic analysis. * +* * +* This program is free software: you can redistribute it and/or modify it * +* under the terms of the GNU General Public License as published by the Free * +* Software Foundation, either version 3 of the License, or (at your option) * +* any later version. * +* * +* This program is distributed in the hope that it will be useful, but WITHOUT * +* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or * +* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for * +* more details. * +* * +* You should have received a copy of the GNU General Public License along with * +* this program. If not, see . * +*******************************************************************************/ + +#ifndef REPORTTEMPLATEXMLHANDLER_H +#define REPORTTEMPLATEXMLHANDLER_H + +#include + +class ReportTemplateXmlHandler : public QXmlDefaultHandler { + + public: + explicit ReportTemplateXmlHandler(bool only_get_info=true); + + bool startDocument(); + bool startElement(const QString &namespaceURI, + const QString &localName, + const QString &qName, + const QXmlAttributes &atts); + bool endElement(const QString &namespaceURI, + const QString &localName, + const QString &qName); + bool error(const QXmlParseException &exception); + bool fatalError(const QXmlParseException &exception); + + QString GetReportCategory(); + QString GetReportName(); + + private: + bool get_info; + QString report_category; + QString report_name; + +}; + +#endif // REPORTTEMPLATEXMLHANDLER_H