search for: filetime_to_8601

...;time_t conversion: http://stackoverflow.com/questions/6161776/convert-windows-filetime-to-second-in-unix-linux/6161842#6161842 + * Source for time_t->char* conversion: Fiwalk version 0.6.14's fiwalk.cpp. + * @param windows_ticks Expected to not have any remaining Endian issues. + */ +int +filetime_to_8601 (char *buf, int bufsize, uint64_t windows_ticks) +{ + if (buf == NULL) { + fprintf (stderr, "filetime_to_8601: Received null output buffer, unable to proceed.\n"); + return -1; + } + uint64_t nanos = windows_ticks % WINDOWS_TICK; + time_t tt = (windows_ticks / WINDOWS_TICK - SEC...

...d anywhere): the * subkeys in lh-records must be kept sorted. If you just add a diff --git a/xml/hivexml.c b/xml/hivexml.c index 90cb22b..c68a3d2 100644 --- a/xml/hivexml.c +++ b/xml/hivexml.c @@ -64,6 +64,8 @@ static struct hivex_visitor visitor = { .value_other = value_other }; +char * filetime_to_8601 (int64_t windows_ticks); + #define XML_CHECK(proc, args) \ do { \ if ((proc args) == -1) { \ @@ -124,6 +126,20 @@ main (int argc, char *argv...

...;time_t conversion: http://stackoverflow.com/questions/6161776/convert-windows-filetime-to-second-in-unix-linux/6161842#6161842 + * Source for time_t->char* conversion: Fiwalk version 0.6.14's fiwalk.cpp. + * @param windows_ticks Expected to not have any remaining Endian issues. + */ +int +filetime_to_8601 (char *buf, int bufsize, uint64_t windows_ticks) +{ + if (buf == NULL) { + fprintf (stderr, "filetime_to_8601: Received null output buffer, unable to proceed.\n"); + return -1; + } + uint64_t nanos = windows_ticks % WINDOWS_TICK; + time_t tt = (windows_ticks / WINDOWS_TICK - SEC...

...argc, char *argv[]) * fiwalk.cpp. * * The caller should free the returned buffer. + * + * This function returns NULL on a 0 input. In the context of + * hives, which only have mtimes, 0 will always be a complete + * absence of data. */ #define WINDOWS_TICK 10000000LL @@ -182,6 +186,9 @@ filetime_to_8601 (int64_t windows_ticks) time_t t; struct tm *tm; + if (windows_ticks == 0LL) + return NULL; + t = windows_ticks / WINDOWS_TICK - SEC_TO_UNIX_EPOCH; tm = gmtime (&t); if (tm == NULL) -- 1.7.6

Signed-off-by: Alex Nelson <ajnelson at cs.ucsc.edu> --- xml/hivexml.c | 20 +++++++++++++++++--- 1 files changed, 17 insertions(+), 3 deletions(-) diff --git a/xml/hivexml.c b/xml/hivexml.c index 5030c24..98b90c5 100644 --- a/xml/hivexml.c +++ b/xml/hivexml.c @@ -185,6 +185,8 @@ filetime_to_8601 (int64_t windows_ticks) char *ret; time_t t; struct tm *tm; + int64_t sub_seconds; + size_t ftd; /* # chars formatted so far. */ if (windows_ticks == 0LL) return NULL; @@ -194,16 +196,28 @@ filetime_to_8601 (int64_t windows_ticks) if (tm == NULL) return NULL; - ret...

...t a/xml/hivexml.c b/xml/hivexml.c index cf11676..110c8fb 100644 --- a/xml/hivexml.c +++ b/xml/hivexml.c @@ -27,6 +27,7 @@ #include <errno.h> #include <time.h> #include <locale.h> +#include <ctype.h> #ifdef HAVE_LIBINTL_H #include <libintl.h> @@ -201,6 +202,52 @@ filetime_to_8601 (int64_t windows_ticks) return ret; } +/* Caller need not free return value afterwards. */ +static char * +encoding_recommendation (const char *data) +{ + /* Note that this function assumes data is null-terminated. */ + //See if the data are printable + int is_printable = 0; + size_t i; +...

...17:09.000000000 -0400 > +++ hivex-1.3.3-new/xml/hivexml.c 2012-01-30 23:39:14.995639422 -0500 > @@ -33,6 +33,7 @@ > #endif > > #include <libxml/xmlwriter.h> > +#include <libxml/chvalid.h> > > #include "hivex.h" > > @@ -209,6 +210,22 @@ filetime_to_8601 (int64_t windows_ticks) > } > > static int > +isValidXMLString(const char *string) Can we call this is_valid_xml_string? I hate camel-casing. > +{ > + int c; > + int len = strlen(string); > + int pos = 0; > + int charlen = len; > + while ((c = xmlGetUTF8Char...

...(writer, BAD_CAST "name", BAD_CAST name)); + if (node == hivex_root (h)) { + XML_CHECK (xmlTextWriterWriteAttribute, (writer, BAD_CAST "root", BAD_CAST "1")); + } + last_modified = hivex_node_timestamp (h, node); if (last_modified >= 0) { timebuf = filetime_to_8601 (last_modified); -- 1.7.6

..."name")); + XML_CHECK (xmlTextWriterWriteString, (writer, BAD_CAST hive_name)); + XML_CHECK (xmlTextWriterEndAttribute, (writer)); + free (hive_name); + hive_name = NULL; + } + int64_t hive_mtime = hivex_last_modified (h); if (hive_mtime >= 0) { char *timebuf = filetime_to_8601 (hive_mtime); -- 1.7.6.4

...e, and similarly for values. --- xml/hivexml.c | 105 ++++++++++++++++++++++++++++++++++++++++++++++++++++----- 1 files changed, 96 insertions(+), 9 deletions(-) diff --git a/xml/hivexml.c b/xml/hivexml.c index 54d9049..a4bc7eb 100644 --- a/xml/hivexml.c +++ b/xml/hivexml.c @@ -210,11 +210,40 @@ filetime_to_8601 (int64_t windows_ticks) return ret; } +#define BYTE_RUN_BUF_LEN 32 + +static int +node_byte_runs (hive_h *h, void *writer_v, hive_node_h node) +{ + xmlTextWriterPtr writer = (xmlTextWriterPtr) writer_v; + char buf[1+BYTE_RUN_BUF_LEN]; + errno = 0; + size_t node_struct_length = hivex_node_...

...K (xmlTextWriterWriteString, (writer, BAD_CAST hive_version_buf)); + XML_CHECK (xmlTextWriterEndAttribute, (writer)); + free (hive_version_buf); + hive_version_buf = NULL; + } + } + int64_t hive_mtime = hivex_last_modified (h); if (hive_mtime >= 0) { char *timebuf = filetime_to_8601 (hive_mtime); -- 1.7.6.4

...t;ajnelson at cs.ucsc.edu> --- xml/hivexml.c | 104 ++++++++++++++++++++++++++++++++++++++++++++++++++++----- 1 files changed, 95 insertions(+), 9 deletions(-) diff --git a/xml/hivexml.c b/xml/hivexml.c index d38e9d4..6591c98 100644 --- a/xml/hivexml.c +++ b/xml/hivexml.c @@ -210,6 +210,34 @@ filetime_to_8601 (int64_t windows_ticks) return ret; } +#define BYTE_RUN_BUF_LEN 32 + +static int +node_byte_runs (hive_h *h, void *writer_v, hive_node_h node) +{ + xmlTextWriterPtr writer = (xmlTextWriterPtr) writer_v; + char buf[1+BYTE_RUN_BUF_LEN]; + errno = 0; + size_t node_struct_length = hivex_node_...

...T; + return 0; + } + return data_offset; +} + char * hivex_value_value (hive_h *h, hive_value_h value, hive_type *t_rtn, size_t *len_rtn) diff --git a/xml/hivexml.c b/xml/hivexml.c index f29c80c..db9cd7d 100644 --- a/xml/hivexml.c +++ b/xml/hivexml.c @@ -194,11 +194,39 @@ filetime_to_8601 (int64_t windows_ticks) return ret; } +#define BYTE_RUN_BUF_LEN 32 + +static int +node_byte_runs (hive_h *h, void *writer_v, hive_node_h node) +{ + xmlTextWriterPtr writer = (xmlTextWriterPtr) writer_v; + char buf[1+BYTE_RUN_BUF_LEN]; + size_t node_struct_length = hivex_node_struct_length...