Year of Python (YOP) – Week Four

26Jan15

Hello Reader!

So we’ve made it to one month, and this week we have a two part code snippet.  Both parts of code for this week and next are designed to parse the header of an index.dat file.  I’m using the following paper from Joachim Metz to parse the code:

https://github.com/libyal/libmsiecf/wiki (click on the Documentation link)

The code parses the first 72 bytes of the file header.  What I decided to do when I was writing this is create two functions.  One to parse out a 4 byte value, and the other to parse out an 8 byte value.  That way I’m able to reuse the same functions multiple times.  The same two functions will also be used in part 2 of this script when I post it next week.

def ie_ind_four_byte(decoder):
    ind_four_byte = struct.unpack("<L", decoder[0:4])
    return ind_four_byte[0]
def ie_ind_eight_byte(decoder):
     ind_eight_byte = struct.unpack("<Q", decoder[0:8])
     return ind_eight_byte[0]

Once the data is all parsed out, it prints the output for the user.  Part 2 next week will be the code I wrote to parse the cache directory table.

Until then!

https://github.com/CdtDelta/YOP

Advertisements


No Responses Yet to “Year of Python (YOP) – Week Four”

  1. Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: