Autopsy  4.14.0
Graphical digital forensics platform for The Sleuth Kit and other tools.
RegeditExeValueFormatter.java
Go to the documentation of this file.
1 /*
2  * Autopsy
3  *
4  * Copyright 2019 Basis Technology Corp.
5  * Contact: carrier <at> sleuthkit <dot> org
6  *
7  * Copyright 2013 Willi Ballenthin
8  * Contact: willi.ballenthin <at> gmail <dot> com
9  *
10  * Licensed under the Apache License, Version 2.0 (the "License");
11  * you may not use this file except in compliance with the License.
12  * You may obtain a copy of the License at
13  *
14  * http://www.apache.org/licenses/LICENSE-2.0
15  *
16  * Unless required by applicable law or agreed to in writing, software
17  * distributed under the License is distributed on an "AS IS" BASIS,
18  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
19  * See the License for the specific language governing permissions and
20  * limitations under the License.
21  */
22 package org.sleuthkit.autopsy.rejview;
23 
24 import com.williballenthin.rejistry.HexDump;
25 import com.williballenthin.rejistry.RegistryParseException;
26 import com.williballenthin.rejistry.ValueData;
27 import java.io.UnsupportedEncodingException;
28 import java.nio.ByteBuffer;
29 import java.util.Iterator;
30 import org.openide.util.NbBundle.Messages;
31 
37 final class RegeditExeValueFormatter {
38 
39  private static final int MAX_STRING_LENGTH = 48;
40  private static final int MAX_BUFFER_SIZE = 16;
41  private static final String OVER_MAX_LENGTH_ENDING = "...";
42 
43  @Messages({"RegeditExeValueFormatter.valueNotSet.text=(value not set)"})
44  static String format(ValueData val) throws UnsupportedEncodingException, RegistryParseException {
45  StringBuilder sb = new StringBuilder();
46 
47  switch (val.getValueType()) {
48  case REG_SZ: // empty case - intentional fall-through
49  case REG_EXPAND_SZ: {
50 
51  String valString = val.getAsString();
52  if (valString.length() == 0) {
53  sb.append(Bundle.RegeditExeValueFormatter_valueNotSet_text());
54  } else {
55  sb.append(valString);
56  }
57  if (sb.length() > MAX_STRING_LENGTH) {
58  sb.setLength(MAX_STRING_LENGTH - OVER_MAX_LENGTH_ENDING.length());
59  sb.append(OVER_MAX_LENGTH_ENDING);
60  }
61  break;
62  }
63  case REG_MULTI_SZ: {
64  Iterator<String> it = val.getAsStringList().iterator();
65  while (it.hasNext()) {
66  sb.append(it.next());
67  if (it.hasNext()) {
68  sb.append(", ");
69  }
70  }
71  if (sb.length() > MAX_STRING_LENGTH) {
72  sb.setLength(MAX_STRING_LENGTH - OVER_MAX_LENGTH_ENDING.length());
73  sb.append(OVER_MAX_LENGTH_ENDING);
74  }
75  break;
76  }
77  case REG_DWORD: // empty case - intentional fall-through
78  case REG_BIG_ENDIAN: {
79  sb.append(String.format("0x%08x (%d)", val.getAsNumber(), val.getAsNumber()));
80  break;
81  }
82  case REG_QWORD: {
83  sb.append(String.format("0x%016x (%d)", val.getAsNumber(), val.getAsNumber())); // can you even do %016x?
84  break;
85  }
86  default: {
87  ByteBuffer valData = val.getAsRawData();
88  valData.position(0x0);
89  for (int i = 0; i < Math.min(MAX_BUFFER_SIZE, valData.limit()); i++) {
90  byte b = valData.get();
91  sb.append(HexDump.toHexString(b));
92  if (i != MAX_BUFFER_SIZE - 1) { // don't append when at index for max length
93  sb.append(' ');
94  }
95  }
96  if (valData.limit() > MAX_BUFFER_SIZE) {
97  sb.append(OVER_MAX_LENGTH_ENDING);
98  }
99  break;
100  }
101  }
102  return sb.toString();
103  }
104 
105  private RegeditExeValueFormatter() {
106  //contrsuctor intentially left blank
107  }
108 }

Copyright © 2012-2020 Basis Technology. Generated on: Wed Apr 8 2020
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.