Method: Rex::Parser::NTFS#initialize
- Defined in:
- lib/rex/parser/fs/ntfs.rb
#initialize(file_handler) ⇒ NTFS
Returns a new instance of NTFS.
17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 |
# File 'lib/rex/parser/fs/ntfs.rb', line 17 def initialize(file_handler) @file_handler = file_handler data = @file_handler.read(4096) # Boot sector reading @bytes_per_sector = data[11, 2].unpack('v')[0] @sector_per_cluster = data[13].unpack('C')[0] @cluster_per_mft_record = data[64].unpack('c')[0] if @cluster_per_mft_record < 0 @bytes_per_mft_record = 2**(-@cluster_per_mft_record) @cluster_per_mft_record = @bytes_per_mft_record.to_f / @bytes_per_sector / @sector_per_cluster else @bytes_per_mft_record = @bytes_per_sector * @sector_per_cluster * @cluster_per_mft_record end @bytes_per_cluster = @sector_per_cluster * @bytes_per_sector @mft_logical_cluster_number = data[48, 8].unpack('Q<')[0] @mft_offset = @mft_logical_cluster_number * @sector_per_cluster * @bytes_per_sector @file_handler.seek(@mft_offset) @mft = @file_handler.read(@bytes_per_mft_record) end |