search for: windows_ticks

Displaying 10 results from an estimated 10 matches for "windows_ticks".

2011 Sep 17
1
[PATCH] hivexml: Do not print null input times
...walk.cpp. * * The caller should free the returned buffer. + * + * This function returns NULL on a 0 input. In the context of + * hives, which only have mtimes, 0 will always be a complete + * absence of data. */ #define WINDOWS_TICK 10000000LL @@ -182,6 +186,9 @@ filetime_to_8601 (int64_t windows_ticks) time_t t; struct tm *tm; + if (windows_ticks == 0LL) + return NULL; + t = windows_ticks / WINDOWS_TICK - SEC_TO_UNIX_EPOCH; tm = gmtime (&t); if (tm == NULL) -- 1.7.6
2011 Aug 10
1
[Hivex][PATCH v2] Report last-modified time of hive root and nodes
...* Convert Windows filetime to ISO 8601 format. + * Source for filetime->time_t conversion: http://stackoverflow.com/questions/6161776/convert-windows-filetime-to-second-in-unix-linux/6161842#6161842 + * Source for time_t->char* conversion: Fiwalk version 0.6.14's fiwalk.cpp. + * @param windows_ticks Expected to not have any remaining Endian issues. + */ +int +filetime_to_8601 (char *buf, int bufsize, uint64_t windows_ticks) +{ + if (buf == NULL) { + fprintf (stderr, "filetime_to_8601: Received null output buffer, unable to proceed.\n"); + return -1; + } + uint64_t nanos = wi...
2011 Aug 13
2
[Hivex] [PATCH v3] Report last-modified time of hive root and nodes
...keys in lh-records must be kept sorted. If you just add a diff --git a/xml/hivexml.c b/xml/hivexml.c index 90cb22b..c68a3d2 100644 --- a/xml/hivexml.c +++ b/xml/hivexml.c @@ -64,6 +64,8 @@ static struct hivex_visitor visitor = { .value_other = value_other }; +char * filetime_to_8601 (int64_t windows_ticks); + #define XML_CHECK(proc, args) \ do { \ if ((proc args) == -1) { \ @@ -124,6 +126,20 @@ main (int argc, char *argv[]) XML_CHECK (xmlTe...
2011 Oct 13
1
[hivex][PATCH] Increase filetime printing resolution to sub-second
...ex Nelson <ajnelson at cs.ucsc.edu> --- xml/hivexml.c | 20 +++++++++++++++++--- 1 files changed, 17 insertions(+), 3 deletions(-) diff --git a/xml/hivexml.c b/xml/hivexml.c index 5030c24..98b90c5 100644 --- a/xml/hivexml.c +++ b/xml/hivexml.c @@ -185,6 +185,8 @@ filetime_to_8601 (int64_t windows_ticks) char *ret; time_t t; struct tm *tm; + int64_t sub_seconds; + size_t ftd; /* # chars formatted so far. */ if (windows_ticks == 0LL) return NULL; @@ -194,16 +196,28 @@ filetime_to_8601 (int64_t windows_ticks) if (tm == NULL) return NULL; - ret = malloc (TIMESTAMP_BUF...
2011 Aug 10
1
[PATCH] Report last-modified time of hive root and nodes
...* Convert Windows filetime to ISO 8601 format. + * Source for filetime->time_t conversion: http://stackoverflow.com/questions/6161776/convert-windows-filetime-to-second-in-unix-linux/6161842#6161842 + * Source for time_t->char* conversion: Fiwalk version 0.6.14's fiwalk.cpp. + * @param windows_ticks Expected to not have any remaining Endian issues. + */ +int +filetime_to_8601 (char *buf, int bufsize, uint64_t windows_ticks) +{ + if (buf == NULL) { + fprintf (stderr, "filetime_to_8601: Received null output buffer, unable to proceed.\n"); + return -1; + } + uint64_t nanos = wi...
2011 Sep 17
3
[PATCH 1/1] hivexml: Base64-encode non-printable data
...vexml.c index cf11676..110c8fb 100644 --- a/xml/hivexml.c +++ b/xml/hivexml.c @@ -27,6 +27,7 @@ #include <errno.h> #include <time.h> #include <locale.h> +#include <ctype.h> #ifdef HAVE_LIBINTL_H #include <libintl.h> @@ -201,6 +202,52 @@ filetime_to_8601 (int64_t windows_ticks) return ret; } +/* Caller need not free return value afterwards. */ +static char * +encoding_recommendation (const char *data) +{ + /* Note that this function assumes data is null-terminated. */ + //See if the data are printable + int is_printable = 0; + size_t i; + size_t data_len = str...
2012 Feb 01
1
[PATCH] hivexml
...+++ hivex-1.3.3-new/xml/hivexml.c 2012-01-30 23:39:14.995639422 -0500 > @@ -33,6 +33,7 @@ > #endif > > #include <libxml/xmlwriter.h> > +#include <libxml/chvalid.h> > > #include "hivex.h" > > @@ -209,6 +210,22 @@ filetime_to_8601 (int64_t windows_ticks) > } > > static int > +isValidXMLString(const char *string) Can we call this is_valid_xml_string? I hate camel-casing. > +{ > + int c; > + int len = strlen(string); > + int pos = 0; > + int charlen = len; > + while ((c = xmlGetUTF8Char(string+pos, &charl...
2012 Mar 31
2
[PATCH v6] hivexml: Add byte run reporting functions
...s. --- xml/hivexml.c | 105 ++++++++++++++++++++++++++++++++++++++++++++++++++++----- 1 files changed, 96 insertions(+), 9 deletions(-) diff --git a/xml/hivexml.c b/xml/hivexml.c index 54d9049..a4bc7eb 100644 --- a/xml/hivexml.c +++ b/xml/hivexml.c @@ -210,11 +210,40 @@ filetime_to_8601 (int64_t windows_ticks) return ret; } +#define BYTE_RUN_BUF_LEN 32 + +static int +node_byte_runs (hive_h *h, void *writer_v, hive_node_h node) +{ + xmlTextWriterPtr writer = (xmlTextWriterPtr) writer_v; + char buf[1+BYTE_RUN_BUF_LEN]; + errno = 0; + size_t node_struct_length = hivex_node_struct_length (h, node)...
2011 Dec 08
1
[hivex] [PATCH 8/8] hivexml: Add byte run reporting functions
...gt; --- xml/hivexml.c | 104 ++++++++++++++++++++++++++++++++++++++++++++++++++++----- 1 files changed, 95 insertions(+), 9 deletions(-) diff --git a/xml/hivexml.c b/xml/hivexml.c index d38e9d4..6591c98 100644 --- a/xml/hivexml.c +++ b/xml/hivexml.c @@ -210,6 +210,34 @@ filetime_to_8601 (int64_t windows_ticks) return ret; } +#define BYTE_RUN_BUF_LEN 32 + +static int +node_byte_runs (hive_h *h, void *writer_v, hive_node_h node) +{ + xmlTextWriterPtr writer = (xmlTextWriterPtr) writer_v; + char buf[1+BYTE_RUN_BUF_LEN]; + errno = 0; + size_t node_struct_length = hivex_node_struct_length (h, node)...
2011 Aug 31
1
[PATCH] hivex: Add byte runs for nodes and values
...return data_offset; +} + char * hivex_value_value (hive_h *h, hive_value_h value, hive_type *t_rtn, size_t *len_rtn) diff --git a/xml/hivexml.c b/xml/hivexml.c index f29c80c..db9cd7d 100644 --- a/xml/hivexml.c +++ b/xml/hivexml.c @@ -194,11 +194,39 @@ filetime_to_8601 (int64_t windows_ticks) return ret; } +#define BYTE_RUN_BUF_LEN 32 + +static int +node_byte_runs (hive_h *h, void *writer_v, hive_node_h node) +{ + xmlTextWriterPtr writer = (xmlTextWriterPtr) writer_v; + char buf[1+BYTE_RUN_BUF_LEN]; + size_t node_struct_length = hivex_node_struct_length (h, node); + if (errno...