diff options
| author | Alex Nelson <ajnelson@cs.ucsc.edu> | 2011-08-12 23:03:37 -0700 |
|---|---|---|
| committer | Richard W.M. Jones <rjones@redhat.com> | 2011-08-13 09:42:27 +0100 |
| commit | e0b21193257f9784b28e931525f2a382a74775c6 (patch) | |
| tree | 970d790ff798a915d8ec8b24b421dce551c107f2 /python | |
| parent | 98d83de9444c893fded2e92a3c454ffbda4bd4ad (diff) | |
| download | hivex-e0b21193257f9784b28e931525f2a382a74775c6.tar.gz hivex-e0b21193257f9784b28e931525f2a382a74775c6.tar.xz hivex-e0b21193257f9784b28e931525f2a382a74775c6.zip | |
Report last-modified time of hive root and nodes
The infrastructure for modified-time reporting has been essentially
unused. These changes report the registry time by treating the
time fields as Windows filetime fields stored in little-Endian
(which means they can be treated as a single 64-bit little-Endian
integer).
This patch adds to the hivex ABI:
* int64_t hivex_last_modified (hive_h *)
* int64_t hivex_node_timestamp (hive_h *, hive_node_h)
These two functions return the hive's last-modified time and
a particular node's last-modified time, respectively. Credit
to Richard Jones for the ABI suggestion, and for the tip on
Microsoft's filetime time span.
hivexml employs these two functions to produce mtime elements
for a hive and all of its nodes, producing ISO-8601 formatted
time.
Signed-off-by: Alex Nelson <ajnelson@cs.ucsc.edu>
A lot of code cleanup by RWMJ.
Diffstat (limited to 'python')
0 files changed, 0 insertions, 0 deletions