Top Level Namespace

Defined Under Namespace

Modules: Resilience Classes: Array, Fixnum, NilClass, String

Constant Summary

FS_SIGNATURE =

ReFS Constants Copyright © 2015 Red Hat Inc.

[0x00, 0x00, 0x00, 0x52, 0x65, 0x46, 0x53, 0x00]

PAGE_SIZE =

0x4000

ROOT_DIR_ID =

[0, 0, 0, 0, 0, 0, 0, 0, 0, 6, 0, 0, 0, 0, 0, 0]

DIR_ENTRY =

0x20030

FILE_ENTRY =

0x10030

DIR_TREE =

0x301

DIR_LIST =

0x200

PAGES =

DIR_BRANCH = 0x000 ?

{
  # page id's:
  :first        => 0x1e,

  # virtual page numbers:
  :root         => 0x00,
  :object_table => 0x02,
  :object_tree  => 0x03
}

ADDRESSES =

{
  # size / bounds
  :bytes_per_sector    => 0x20,
  :sectors_per_cluster => 0x24,

  # page
  :page_sequence       => 0x08, # shadow pages share the same virtual page number
  :virtual_page_number => 0x18,
  :first_attr          => 0x30,

  # on page 0x1e:
  :system_table_page   => 0xA0,

  # on system table:
  :system_pages        => 0x58,

  # generic table:
  # referenced from start of first attr
  :object_id           => 0x0C,
  :num_objects         => 0x20,

  # referenced from start of table header
  :table_length        => 0x04,

  # object tree:
  :object_tree_start1 => 0x10,
  :object_tree_end1   => 0x1F,
  :object_tree_start2 => 0x20,
  :object_tree_end2   => 0x2F
}

Instance Method Summary

• #axe_option_parser ⇒ Object
• #check_sequence ⇒ Object
• #dump_info ⇒ Object
• #extract ⇒ Object
• #extract_cluster(cluster) ⇒ Object
• #fcomp_option_parser ⇒ Object
• #object_table_output ⇒ Object
• #object_tree_output ⇒ Object
• #page_attribute_output(page) ⇒ Object
• #page_output(page) ⇒ Object
• #pages_output ⇒ Object
• #pex_option_parser ⇒ Object
• #rarser_option_parser ⇒ Object
• #reach_option_parser ⇒ Object
• #rex_option_parser ⇒ Object
• #rinfo_option_parser ⇒ Object
• #run_search ⇒ Object
• #sequence_length ⇒ Object
• #target_clusters ⇒ Object
• #validate_file!(file) ⇒ Object
• #write_match ⇒ Object
• #write_results(image) ⇒ Object

Instance Method Details

#axe_option_parser ⇒ Object

# File 'lib/resilience/cli/bin/axe.rb', line 9

def axe_option_parser
  OptionParser.new do |opts|
    default_options     opts
    image_options       opts
    file_select_options opts
  end
end

#check_sequence ⇒ Object

# File 'lib/resilience/cli/bin/reach.rb', line 16

def check_sequence
  @check_sequence  ||= 0xe010002800000038 # inverted due to endian ordering
end

#dump_info ⇒ Object

# File 'lib/resilience/cli/bin/rinfo.rb', line 17

def dump_info
  puts header_output
end

#extract ⇒ Object

# File 'lib/resilience/cli/bin/pex.rb', line 27

def extract
  create_output_dir!
  setup_image

  target_clusters.each do |cluster|
    extract_cluster cluster
  end
end

#extract_cluster(cluster) ⇒ Object

# File 'lib/resilience/cli/bin/pex.rb', line 36

def extract_cluster(cluster)
  out = File.open("#{conf.dir}/#{cluster.to_s(16)}", 'wb')
  offset = cluster * PAGE_SIZE
  image.seek(offset)
  contents = image.read(PAGE_SIZE)
  out.write contents
  out.close
end

#fcomp_option_parser ⇒ Object

# File 'lib/resilience/cli/bin/fcomp.rb', line 9

def fcomp_option_parser
  OptionParser.new do |opts|
    default_options    opts
    image_options      opts
  end
end

#object_table_output ⇒ Object

# File 'lib/resilience/cli/bin/rarser.rb', line 43

def object_table_output
  return "" unless conf.object_table?

  output = image.object_table.pages.collect { |obj_id, cluster|
    "#{obj_id.big_endian_str[0..4]} | #{cluster.big_endian_str}\n"
  }.join

  "\nObject table:\n" \
  "Obj   | Cluster\n" \
  "-------------\n#{output}"
end

#object_tree_output ⇒ Object

# File 'lib/resilience/cli/bin/rarser.rb', line 55

def object_tree_output
  return "" unless conf.object_tree?

  output = image.object_tree.map.collect { |obj, refs|
    references = refs.collect { |ref| ref[0..4] }.join(', ')
    "#{obj[0..4]} -> #{references}\n"
  }.join

  "\nObject tree:\n" \
  "-------------\n#{output}"
end

#page_attribute_output(page) ⇒ Object

# File 'lib/resilience/cli/bin/rarser.rb', line 20

def page_attribute_output(page)
  output = page.attributes.collect { |attribute|
    "  #{attribute.to_s[0...10]}...\n"
  }.join

  " Attributes:\n" + output
end

#page_output(page) ⇒ Object

# File 'lib/resilience/cli/bin/rarser.rb', line 28

def page_output(page)
  page_out = "Page      #{page.id.indented(4).blue.bold}: "                   \
             "number    #{page.virtual_page_number.indented(3).blue.bold} - " \
             "sequence  #{page.sequence.indented(2).blue.bold} - "            \
             "object id #{page.object_id.indented(2).blue.bold} - "           \
             "records   #{page.entries.indented(2).blue.bold}\n"

  page_out += page_attribute_output(page) if conf.attributes? && page.has_attributes?
  page_out
end

#pages_output ⇒ Object

# File 'lib/resilience/cli/bin/rarser.rb', line 39

def pages_output
  image.pages.collect { |page_id, page| page_output(page) }.join
end

#pex_option_parser ⇒ Object

# File 'lib/resilience/cli/bin/pex.rb', line 9

def pex_option_parser
  OptionParser.new do |opts|
    default_options    opts
    image_options      opts
    output_fs_options  opts
  end
end

#rarser_option_parser ⇒ Object

# File 'lib/resilience/cli/bin/rarser.rb', line 9

def rarser_option_parser
  conf.pages = true

  OptionParser.new do |opts|
    default_options   opts
    image_options     opts
    metadata_options  opts
  end
end

#reach_option_parser ⇒ Object

# File 'lib/resilience/cli/bin/reach.rb', line 9

def reach_option_parser
  OptionParser.new do |opts|
    default_options opts
    image_options   opts
  end
end

#rex_option_parser ⇒ Object

# File 'lib/resilience/cli/bin/rex.rb', line 9

def rex_option_parser
  OptionParser.new do |opts|
    default_options    opts
    image_options      opts
    output_fs_options  opts
    stdout_options     opts
  end
end

#rinfo_option_parser ⇒ Object

# File 'lib/resilience/cli/bin/rinfo.rb', line 9

def rinfo_option_parser
  OptionParser.new do |opts|
    default_options    opts
    image_options      opts
    disk_options       opts
  end
end

#run_search ⇒ Object

# File 'lib/resilience/cli/bin/reach.rb', line 24

def run_search
  while check = image.read(sequence_length)
    unpacked = check.unpack('Q').first
    write_match if unpacked == check_sequence
  end
end

#sequence_length ⇒ Object

# File 'lib/resilience/cli/bin/reach.rb', line 20

def sequence_length
  @sequence_length ||= 8
end

#target_clusters ⇒ Object

# File 'lib/resilience/cli/bin/pex.rb', line 17

def target_clusters
  @target_clusters ||= [0x1e,  0x20,  0x21,  0x22,  0x28, 0x29,
                        0x2a,  0x2b,  0x2c,  0x2d,  0x2e, 0x2f,
                        0x30,  0x31,  0x32,  0x33,  0x34, 0x35,
                        0x36,  0x37,  0x38,
                        0x2c0, 0x2c1, 0x2c2, 0x2c3, 0x2c4,
                        0x2c5, 0x2c6, 0x2c7, 0x2c8, 0x2cc,
                        0x2cd, 0x2ce, 0x2cf]
end

#validate_file!(file) ⇒ Object

# File 'lib/resilience/cli/bin/axe.rb', line 17

def validate_file!(file)
  if file.nil?
    puts "File #{conf.file} not found"
    exit 1
  end
end

#write_match ⇒ Object

# File 'lib/resilience/cli/bin/reach.rb', line 31

def write_match
  puts 'File at: 0x' + image.total_pos.to_s(16)      +
       ' cluster '   + (image.pos / 0x4000).to_s(16)
end

#write_results(image) ⇒ Object

# File 'lib/resilience/cli/bin/axe.rb', line 24

def write_results
  file = image.root_dir.files.at(conf.file)
  validate_file!(file)
  puts "File: #{file.fullname} attributes: "
  file.metadata_attrs.each_index { |attr_index|
    attr = file.metadata_attrs[attr_index]
    print "Attribute #{attr_index}: "
    print attr.collect { |b| b.to_s(16) }.join(' ')
    puts "\n\n"
  }
end