Rietveld Code Review Tool
Help | Bug tracker | Discussion group | Source code | Sign in
(846)

Side by Side Diff: plaso/parsers/recycler.yaml

Issue 348940043: [plaso] Migrated Windows Recycler and Recycle.Bin construct-based parsers to use dtfabric #1893 (Closed)
Patch Set: Changes after review Created 5 years, 9 months ago
Left:
Right:
Use n/p to move between diff chunks; N/P to move between comments. Please Sign in to add in-line comments.
Jump to:
View unified diff | Download patch
« no previous file with comments | « plaso/parsers/recycler.py ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 name: recycler
2 type: format
3 description: Windows Recycler and Recycle.Bin formats
4 urls:
5 - "https://github.com/libyal/dtformats/blob/master/documentation/Windows%20Recyc ler%20file%20formats.asciidoc"
6 - "https://github.com/libyal/dtformats/blob/master/documentation/Windows%20Recyc le.Bin%20file%20formats.asciidoc"
7 ---
8 name: byte
9 type: integer
10 attributes:
11 format: unsigned
12 size: 1
13 units: bytes
14 ---
15 name: uint32
16 type: integer
17 attributes:
18 format: unsigned
19 size: 4
20 units: bytes
21 ---
22 name: uint64
23 type: integer
24 attributes:
25 format: unsigned
26 size: 8
27 units: bytes
28 ---
29 name: wchar16
30 type: character
31 attributes:
32 size: 2
33 units: bytes
34 ---
35 name: recycler_info2_file_header
36 description: Windows Recycler INFO2 file header
37 type: structure
38 attributes:
39 byte_order: little-endian
40 members:
41 - name: unknown1
42 data_type: uint32
43 - name: number_of_file_entries
44 data_type: uint32
45 - name: unknown2
46 data_type: uint32
47 - name: file_entry_size
48 data_type: uint32
49 - name: unknown3
50 data_type: uint32
51 ---
52 name: recycler_info2_file_entry_utf16le_string
53 description: Windows Recycler INFO2 file entry Unicode original filename string
54 type: string
55 encoding: utf-16-le
56 element_data_type: wchar16
57 elements_terminator: "\x00\x00"
58 ---
59 name: recycler_info2_file_entry
60 description: Windows Recycler INFO2 file entry
61 type: structure
62 attributes:
63 byte_order: little-endian
64 members:
65 - name: original_filename
66 type: stream
67 element_data_type: byte
68 elements_data_size: 260
69 - name: index
70 data_type: uint32
71 - name: drive_number
72 data_type: uint32
73 - name: deletion_time
74 data_type: uint64
75 - name: original_file_size
76 data_type: uint32
77 ---
78 name: recycle_bin_metadata_file_header
79 description: Windows Recycle.Bin metadata ($I) format 1 and 2 file header
80 type: structure
81 attributes:
82 byte_order: little-endian
83 members:
84 - name: format_version
85 data_type: uint64
86 - name: original_file_size
87 data_type: uint64
88 - name: deletion_time
89 data_type: uint64
90 ---
91 name: recycle_bin_metadata_utf16le_string
92 description: Windows Recycle.Bin metadata ($I) format 1 original filename string
93 type: string
94 encoding: utf-16-le
95 element_data_type: wchar16
96 elements_terminator: "\x00\x00"
97 ---
98 name: recycle_bin_metadata_utf16le_string_with_size
99 description: Windows Recycle.Bin metadata ($I) format 2 original filename string
100 type: structure
101 attributes:
102 byte_order: little-endian
103 members:
104 - name: number_of_characters
105 data_type: uint32
106 - name: string
107 type: string
108 encoding: utf-16-le
109 element_data_type: wchar16
110 number_of_elements: recycle_bin_metadata_utf16le_string_with_size.number_of_ch aracters
OLDNEW
« no previous file with comments | « plaso/parsers/recycler.py ('k') | no next file » | no next file with comments »

Powered by Google App Engine
RSS Feeds Recent Issues | This issue
This is Rietveld f62528b