diff --git a/trunk/registrykey.cpp b/trunk/registrykey.cpp index 709d3e7..b3f13e6 100644 --- a/trunk/registrykey.cpp +++ b/trunk/registrykey.cpp @@ -1,54 +1,54 @@ /******************************************************************************* * fred Copyright (c) 2011-2013 by Gillen Daniel * * * * Forensic Registry EDitor (fred) is a cross-platform M$ registry hive editor * * with special feautures useful during forensic analysis. * * * * This program is free software: you can redistribute it and/or modify it * * under the terms of the GNU General Public License as published by the Free * * Software Foundation, either version 3 of the License, or (at your option) * * any later version. * * * * This program is distributed in the hope that it will be useful, but WITHOUT * * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or * * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for * * more details. * * * * You should have received a copy of the GNU General Public License along with * * this program. If not, see . * *******************************************************************************/ #include "registrykey.h" RegistryKey::RegistryKey(const QList &data) { this->key_data=data; } RegistryKey::~RegistryKey() { qDeleteAll(this->keys); } void RegistryKey::Append(RegistryKey *p_key) { this->keys.append(p_key); } RegistryKey* RegistryKey::Key(uint64_t row) { return this->keys.value(row); } uint64_t RegistryKey::RowCount() { return this->keys.count(); } -QVariant RegistryKey::Data(uint64_t column) const { - if(column>=0 && column<4) { +QVariant RegistryKey::Data(int column) const { + if(column>=0 && column<3) { return this->key_data.value(column); } else { return QVariant(); } } uint64_t RegistryKey::Row() const { return this->keys.indexOf(const_cast(this)); } diff --git a/trunk/registrykey.h b/trunk/registrykey.h index 6a9cbf4..7dcf192 100644 --- a/trunk/registrykey.h +++ b/trunk/registrykey.h @@ -1,44 +1,45 @@ /******************************************************************************* * fred Copyright (c) 2011-2013 by Gillen Daniel * * * * Forensic Registry EDitor (fred) is a cross-platform M$ registry hive editor * * with special feautures useful during forensic analysis. * * * * This program is free software: you can redistribute it and/or modify it * * under the terms of the GNU General Public License as published by the Free * * Software Foundation, either version 3 of the License, or (at your option) * * any later version. * * * * This program is distributed in the hope that it will be useful, but WITHOUT * * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or * * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for * * more details. * * * * You should have received a copy of the GNU General Public License along with * * this program. If not, see . * *******************************************************************************/ #ifndef REGISTRYKEY_H #define REGISTRYKEY_H #include #include + #include class RegistryKey { public: RegistryKey(const QList &data); ~RegistryKey(); void Append(RegistryKey *p_key); RegistryKey *Key(uint64_t row); uint64_t RowCount(); - QVariant Data(uint64_t column) const; + QVariant Data(int column) const; uint64_t Row() const; private: QList keys; QList key_data; }; #endif // REGISTRYKEY_H diff --git a/trunk/registrykeytablemodel.cpp b/trunk/registrykeytablemodel.cpp index 3219772..36182a6 100644 --- a/trunk/registrykeytablemodel.cpp +++ b/trunk/registrykeytablemodel.cpp @@ -1,201 +1,202 @@ /******************************************************************************* * fred Copyright (c) 2011-2013 by Gillen Daniel * * * * Forensic Registry EDitor (fred) is a cross-platform M$ registry hive editor * * with special feautures useful during forensic analysis. * * * * This program is free software: you can redistribute it and/or modify it * * under the terms of the GNU General Public License as published by the Free * * Software Foundation, either version 3 of the License, or (at your option) * * any later version. * * * * This program is distributed in the hope that it will be useful, but WITHOUT * * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or * * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for * * more details. * * * * You should have received a copy of the GNU General Public License along with * * this program. If not, see . * *******************************************************************************/ #include "registrykeytablemodel.h" #include RegistryKeyTableModel::RegistryKeyTableModel(RegistryHive *p_hive, QString node_path, QObject *p_parent) : QAbstractTableModel(p_parent) { // Create the "root" key. It's values will be used for as header values. this->p_keys=new RegistryKey(QList()<< tr("Key")<< tr("Type")<< - tr("Value")<< - tr("Last modified")); + tr("Value")); // Build key list this->SetupModelData(p_hive,node_path); } RegistryKeyTableModel::~RegistryKeyTableModel() { delete this->p_keys; } QVariant RegistryKeyTableModel::data(const QModelIndex &index, int role) const { bool ok; if(!index.isValid()) return QVariant(); RegistryKey *p_key=static_cast(index.internalPointer()); switch(role) { case Qt::DisplayRole: { switch(index.column()) { case RegistryKeyTableModel::ColumnContent_KeyName: { return p_key->Data(index.column()); break; } case RegistryKeyTableModel::ColumnContent_KeyType: { int value_type=p_key->Data(index.column()).toInt(&ok); if(!ok) return QVariant(); return RegistryHive::KeyTypeToString(value_type); break; } case RegistryKeyTableModel::ColumnContent_KeyValue: { // Get index to value type QModelIndex type_index=this->index(index.row(), RegistryKeyTableModel:: ColumnContent_KeyType); // Get value type int value_type=this->data(type_index, RegistryKeyTableModel:: AdditionalRoles_GetRawData).toInt(&ok); if(!ok) return QVariant(); // Return value converted to human readeable string QByteArray value_array=p_key->Data(index.column()).toByteArray(); return RegistryHive::KeyValueToString(value_array,value_type); break; } +/* case RegistryKeyTableModel::ColumnContent_KeyModTime: { QDateTime date_time; bool ok=false; date_time.setTimeSpec(Qt::UTC); date_time.setTime_t(RegistryHive::FiletimeToUnixtime( p_key->Data(index.column()).toLongLong(&ok))); if(ok) return date_time.toString("yyyy/MM/dd hh:mm:ss"); else return tr("Unknown"); break; } +*/ default: return QVariant(); } break; } case RegistryKeyTableModel::AdditionalRoles_GetRawData: { return p_key->Data(index.column()); break; } default: return QVariant(); } return QVariant(); } Qt::ItemFlags RegistryKeyTableModel::flags(const QModelIndex &index) const { if(!index.isValid()) return 0; return Qt::ItemIsEnabled | Qt::ItemIsSelectable; } QVariant RegistryKeyTableModel::headerData(int section, Qt::Orientation orientation, int role) const { // Only horizontal header is supported if(orientation!=Qt::Horizontal) return QVariant(); switch(role) { case Qt::TextAlignmentRole: // Handle text alignment if(section==2) return Qt::AlignLeft; else return Qt::AlignCenter; break; case Qt::DisplayRole: // Header text return this->p_keys->Data(section); break; default: return QVariant(); } } QModelIndex RegistryKeyTableModel::index(int row, int column, const QModelIndex &parent) const { if(!this->hasIndex(row,column,parent)) return QModelIndex(); RegistryKey *p_key=this->p_keys->Key(row); return this->createIndex(row,column,p_key); } int RegistryKeyTableModel::rowCount(const QModelIndex &parent) const { // According to Qt doc, when parent in TableModel is valid, we should return 0 if(parent.isValid()) return 0; // Get and return row count from the keys list return this->p_keys->RowCount(); } int RegistryKeyTableModel::columnCount(const QModelIndex &parent) const { // According to Qt doc, when parent in TableModel is valid, we should return 0 if(parent.isValid()) return 0; - // There are always 4 columns - return 4; + // There are always 3 columns + return 3; } int RegistryKeyTableModel::GetKeyRow(QString key_name) const { int i; for(i=0;ip_keys->RowCount();i++) { if(this->p_keys->Key(i)->Data(0)==key_name) { return i; } } // When key isn't found, return the first row return 0; } void RegistryKeyTableModel::SetupModelData(RegistryHive *p_hive, QString &node_path) { QMap node_keys; RegistryKey *p_key; QByteArray key_value; int key_value_type; - int64_t key_mod_time; +// int64_t key_mod_time; size_t key_value_len; // Get all keys for current node node_keys=p_hive->GetKeys(node_path); if(node_keys.isEmpty()) return; // Add all keys to list QMapIterator i(node_keys); while(i.hasNext()) { i.next(); key_value=p_hive->GetKeyValue(i.value(), &key_value_type, &key_value_len); if(p_hive->GetErrorMsg()!="") continue; - key_mod_time=p_hive->GetKeyModTime(i.value()); +// key_mod_time=p_hive->GetKeyModTime(i.value()); // TODO: Maybe we have to call GetErrorMsg in case an error occured p_key=new RegistryKey(QList()<< QString(i.key().length() ? i.key() : "(default)")<< QVariant(key_value_type)<< - key_value<< - QVariant((qlonglong)key_mod_time)); + key_value); //<< +// QVariant((qlonglong)key_mod_time)); this->p_keys->Append(p_key); } } diff --git a/trunk/registrynode.cpp b/trunk/registrynode.cpp index 9a3845b..87b6621 100644 --- a/trunk/registrynode.cpp +++ b/trunk/registrynode.cpp @@ -1,61 +1,65 @@ /******************************************************************************* * fred Copyright (c) 2011-2013 by Gillen Daniel * * * * Forensic Registry EDitor (fred) is a cross-platform M$ registry hive editor * * with special feautures useful during forensic analysis. * * * * This program is free software: you can redistribute it and/or modify it * * under the terms of the GNU General Public License as published by the Free * * Software Foundation, either version 3 of the License, or (at your option) * * any later version. * * * * This program is distributed in the hope that it will be useful, but WITHOUT * * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or * * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for * * more details. * * * * You should have received a copy of the GNU General Public License along with * * this program. If not, see . * *******************************************************************************/ #include "registrynode.h" -RegistryNode::RegistryNode(const QString name, +RegistryNode::RegistryNode(const QList &data, RegistryNode *p_parent) { + this->node_data=data; this->p_parent_node=p_parent; - this->node_name=name; } RegistryNode::~RegistryNode() { qDeleteAll(this->child_nodes); } void RegistryNode::AppendChild(RegistryNode *p_child) { this->child_nodes.append(p_child); } -RegistryNode* RegistryNode::child(uint64_t row) { +RegistryNode* RegistryNode::Child(uint64_t row) { return this->child_nodes.value(row); } -uint64_t RegistryNode::childCount() const { +uint64_t RegistryNode::ChildCount() const { return this->child_nodes.count(); } -QString RegistryNode::data() const { - return this->node_name; +QVariant RegistryNode::Data(int column) const { + if(column>=0 && column<2) { + return this->node_data.value(column); + } else { + return QVariant(); + } } -uint64_t RegistryNode::row() const { +uint64_t RegistryNode::Row() const { if(this->p_parent_node) { return this->p_parent_node-> child_nodes.indexOf(const_cast(this)); } else { return 0; } } -RegistryNode *RegistryNode::parent() { +RegistryNode *RegistryNode::Parent() { return this->p_parent_node; } diff --git a/trunk/registrynode.h b/trunk/registrynode.h index c1fd624..9becba9 100644 --- a/trunk/registrynode.h +++ b/trunk/registrynode.h @@ -1,47 +1,48 @@ /******************************************************************************* * fred Copyright (c) 2011-2013 by Gillen Daniel * * * * Forensic Registry EDitor (fred) is a cross-platform M$ registry hive editor * * with special feautures useful during forensic analysis. * * * * This program is free software: you can redistribute it and/or modify it * * under the terms of the GNU General Public License as published by the Free * * Software Foundation, either version 3 of the License, or (at your option) * * any later version. * * * * This program is distributed in the hope that it will be useful, but WITHOUT * * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or * * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for * * more details. * * * * You should have received a copy of the GNU General Public License along with * * this program. If not, see . * *******************************************************************************/ #ifndef REGISTRYNODE_H #define REGISTRYNODE_H #include -#include +#include #include class RegistryNode { public: - RegistryNode(const QString name, RegistryNode *p_parent=0); + RegistryNode(const QList &data, + RegistryNode *p_parent=0); ~RegistryNode(); void AppendChild(RegistryNode *p_child); - RegistryNode *child(uint64_t row); - uint64_t childCount() const; - QString data() const; - uint64_t row() const; - RegistryNode *parent(); + RegistryNode *Child(uint64_t row); + uint64_t ChildCount() const; + QVariant Data(int column) const; + uint64_t Row() const; + RegistryNode *Parent(); private: QList child_nodes; - QString node_name; + QList node_data; RegistryNode *p_parent_node; }; #endif // REGISTRYNODE_H diff --git a/trunk/registrynodetreemodel.cpp b/trunk/registrynodetreemodel.cpp index 91bc8e8..b239d4e 100644 --- a/trunk/registrynodetreemodel.cpp +++ b/trunk/registrynodetreemodel.cpp @@ -1,183 +1,185 @@ /******************************************************************************* * fred Copyright (c) 2011-2013 by Gillen Daniel * * * * Forensic Registry EDitor (fred) is a cross-platform M$ registry hive editor * * with special feautures useful during forensic analysis. * * * * This program is free software: you can redistribute it and/or modify it * * under the terms of the GNU General Public License as published by the Free * * Software Foundation, either version 3 of the License, or (at your option) * * any later version. * * * * This program is distributed in the hope that it will be useful, but WITHOUT * * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or * * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for * * more details. * * * * You should have received a copy of the GNU General Public License along with * * this program. If not, see . * *******************************************************************************/ #include "registrynodetreemodel.h" +#include #include +#include #include RegistryNodeTreeModel::RegistryNodeTreeModel(RegistryHive *p_hive, QObject *p_parent) : QAbstractItemModel(p_parent) { // Create root node - this->p_root_node=new RegistryNode("ROOT"); + this->p_root_node=new RegistryNode(QList()<SetupModelData(p_hive,this->p_root_node); } RegistryNodeTreeModel::~RegistryNodeTreeModel() { delete this->p_root_node; } QVariant RegistryNodeTreeModel::data(const QModelIndex &index, int role) const { if(!index.isValid()) return QVariant(); if(role!=Qt::DisplayRole) return QVariant(); RegistryNode *p_node=static_cast(index.internalPointer()); - return p_node->data(); + return p_node->Data(); } Qt::ItemFlags RegistryNodeTreeModel::flags(const QModelIndex &index) const { if(!index.isValid()) return 0; return Qt::ItemIsEnabled | Qt::ItemIsSelectable; } QVariant RegistryNodeTreeModel::headerData(int section, Qt::Orientation orientation, int role) const { Q_UNUSED(section); if(orientation==Qt::Horizontal && role==Qt::DisplayRole) { return QVariant("Registry key folders"); } else { return QVariant(); } } QModelIndex RegistryNodeTreeModel::index(int row, int column, const QModelIndex &parent) const { if(!this->hasIndex(row,column,parent)) return QModelIndex(); RegistryNode *p_parent_node; if(!parent.isValid()) { p_parent_node=this->p_root_node; } else { p_parent_node=static_cast(parent.internalPointer()); } - RegistryNode *p_child_node=p_parent_node->child(row); + RegistryNode *p_child_node=p_parent_node->Child(row); if(p_child_node) { return this->createIndex(row,column,p_child_node); } else { return QModelIndex(); } } QModelIndex RegistryNodeTreeModel::parent(const QModelIndex &index) const { if(!index.isValid()) return QModelIndex(); RegistryNode *p_child_node= static_cast(index.internalPointer()); - RegistryNode *p_parent_node=p_child_node->parent(); + RegistryNode *p_parent_node=p_child_node->Parent(); if(p_parent_node==this->p_root_node) { return QModelIndex(); } else { - return this->createIndex(p_parent_node->row(),0,p_parent_node); + return this->createIndex(p_parent_node->Row(),0,p_parent_node); } } int RegistryNodeTreeModel::rowCount(const QModelIndex &parent) const { if(parent.column()>0) return 0; RegistryNode *p_parent_node; if(!parent.isValid()) { p_parent_node=this->p_root_node; } else { p_parent_node=static_cast(parent.internalPointer()); } - return p_parent_node->childCount(); + return p_parent_node->ChildCount(); } int RegistryNodeTreeModel::columnCount(const QModelIndex &parent) const { Q_UNUSED(parent); - return 1; + return 2; } QList RegistryNodeTreeModel::GetIndexListOf(QString path) const { RegistryNode *p_parent_node=this->p_root_node; QList ret; QStringList nodes=path.split("\\",QString::SkipEmptyParts); bool found=false; // Create a list of all index's that form the supplied path ret.clear(); for(int i=0;ichildCount();ii++) { - if(p_parent_node->child(ii)->data()==nodes.at(i)) { - ret.append(this->createIndex(ii,0,p_parent_node->child(ii))); - p_parent_node=p_parent_node->child(ii); + for(uint64_t ii=0;iiChildCount();ii++) { + if(p_parent_node->Child(ii)->Data()==nodes.at(i)) { + ret.append(this->createIndex(ii,0,p_parent_node->Child(ii))); + p_parent_node=p_parent_node->Child(ii); found=true; break; } } // Break when last child node was found if(found && i==nodes.count()-1) break; // Return an empty list when a child node wasn't found else if(!found) return QList(); } return ret; } QString RegistryNodeTreeModel::GetNodePath(QModelIndex child_index) const { QString path; // Get current node name path=this->data(child_index,Qt::DisplayRole).toString().prepend("\\"); // Build node path by prepending all parent nodes names while(this->parent(child_index)!=QModelIndex()) { child_index=this->parent(child_index); path.prepend(this->data(child_index, Qt::DisplayRole).toString().prepend("\\")); } return path; } void RegistryNodeTreeModel::SetupModelData(RegistryHive *p_hive, RegistryNode *p_parent, int hive_node) { QMap hive_children; RegistryNode *p_node; // Get all sub nodes of current hive node if(hive_node) hive_children=p_hive->GetNodes(hive_node); else hive_children=p_hive->GetNodes("\\"); if(hive_children.isEmpty()) return; // Recursivly iterate over all sub nodes QMapIterator i(hive_children); while(i.hasNext()) { i.next(); - p_node=new RegistryNode(i.key(),p_parent); + p_node=new RegistryNode(QList()<AppendChild(p_node); this->SetupModelData(p_hive,p_node,i.value()); } }