Hi,
I have coded a patch for a better hexdump.
Benefit:
Ability for expressive comparisons with diff tools.
Example output:
ich@ThinkPad-T500:~$ ntfs-3g.secaudit -v Dokumente
secaudit 1.4.3 : NTFS security data auditing
Directory Dokumente
00 01000480 6c000000 88000000 00000000 14000000
14 02005800 03000000
1c 00031400 ff011f00
24 01010000 00000005 12000000
30 00031800 ff011f00
38 01020000 00000005 20000000 20020000
48 00032400 ff011f00
50 01050000 00000005 15000000 647f0a93 0d02ff2a 56280d32 eb030000
6c 01050000 00000005 15000000 647f0a93 0d02ff2a 56280d32 eb030000
88 01050000 00000005 15000000 647f0a93 0d02ff2a 56280d32 01020000
Computed hash : 0x427dd302
Windows attrib : 0x11
** Could not find the user mapping file
Retry with full path of file
Windows owner S-1-5-21-2466938724-721355277-839723094-1003
Windows group S-1-5-21-2466938724-721355277-839723094-513
Interpreted Unix owner 0, group 0, mode 0700
** 1 error was found
Hopefully you enjoy it,
-Ulf
# HG changeset patch
# User Ulf Zibis
# Date 1454108501 -3600
# Sat Jan 30 00:01:41 2016 +0100
# Node ID 598cf6acbc29ebc92a67873573a381f15945de72
# Parent 08179df8a3fb0196d92100f80ad44995dc4034fd
Intelligent hexdump
diff --git a/src/secaudit.c b/src/secaudit.c
--- a/src/secaudit.c
+++ b/src/secaudit.c
@@ -212,7 +212,10 @@
* - decoded more "well-known" and generic SIDs
* - showed Windows ownership in verbose situations
* - fixed apparent const violations
- */
+ *
+ * Jan 2016, version 1.4.3
+ * - intelligent hexdump (Ulf Zibis)
+*/
/*
* This program is free software; you can redistribute it and/or modify
@@ -235,7 +238,7 @@
* General parameters which may have to be adapted to needs
*/
-#define AUDT_VERSION "1.4.2"
+#define AUDT_VERSION "1.4.3"
#define GET_FILE_SECURITY "ntfs_get_file_security"
#define SET_FILE_SECURITY "ntfs_set_file_security"
@@ -908,14 +911,22 @@
void hexdump(const char *attr, int size, int level)
{
- int i,j;
-
- for (i=0; i<size; i+=16) {
+ int offUSID = (int)get4l(attr,4);
+ int offGSID = (int)get4l(attr,8);
+ int offSACL = (int)get4l(attr,12);
+ int offDACL = (int)get4l(attr,16);
+ int i, next;
+ BOOL isSID = FALSE;
+
+ for (i=0, next=0x14; i<size; next+=0x8) {
+ if (isSID)
+ next += attr[i+1] * 4;
+ isSID = !isSID && i != 0 && i != offSACL && i != offDACL || next == offUSID || next == offGSID;
if (level)
printf("%*c",level,' ');
- printf("%06x ",i);
- for (j=i; (j<(i+16)) && (j<size); j++)
- printf((j & 3 ? "%02x" : " %02x"),attr[j] & 255);
+ printf((size <= 0x100 ? "%02x " : size <= 0x10000 ? "%04x " : "%06x "),i);
+ for (; i<next && i<size; i++)
+ printf((i & 3 ? "%02x" : " %02x"),attr[i] & 255);
printf("\n");
}
}
# HG changeset patch
# User Ulf Zibis
# Date 1454109602 -3600
# Sat Jan 30 00:20:02 2016 +0100
# Node ID 1ebc5924fafa24158a962d17485468466c2b6cc6
# Parent 598cf6acbc29ebc92a67873573a381f15945de72
Reduced indentation level for hexdump
diff --git a/src/secaudit.c b/src/secaudit.c
--- a/src/secaudit.c
+++ b/src/secaudit.c
@@ -3118,7 +3118,7 @@
isdir,(SID*)owner_sid,(SID*)group_sid);
if (attr && ntfs_valid_descr(attr, ntfs_attr_size(attr))) {
if (opt_v)
- hexdump(attr,ntfs_attr_size(attr),8);
+ hexdump(attr,ntfs_attr_size(attr),0);
if (opt_v >= 2) {
showheader(attr,4);
showusid(attr,4);
@@ -3829,7 +3829,7 @@
printf("** no or wrong permission settings "
"for kind %d perm %03o\n",kind,perm);
if (attr && opt_v)
- hexdump(attr,ntfs_attr_size(attr),8);
+ hexdump(attr,ntfs_attr_size(attr),0);
if (attr && (opt_v >= 2)) {
showheader(attr,4);
showusid(attr,4);
@@ -3850,7 +3850,7 @@
"kind %d perm 0%03o, gotback %03o\n",
kind, perm, gotback);
if (opt_v)
- hexdump(pxattr,ntfs_attr_size(pxattr),8);
+ hexdump(pxattr,ntfs_attr_size(pxattr),0);
if (opt_v >= 2) {
showheader(pxattr,4);
showusid(pxattr,4);
@@ -3870,7 +3870,7 @@
"kind %d perm 0%03o, gotback %03o\n",
kind, perm, gotback);
if (opt_v)
- hexdump(attr,ntfs_attr_size(attr),8);
+ hexdump(attr,ntfs_attr_size(attr),0);
if (opt_v >= 2) {
showheader(attr,4);
showusid(attr,4);
@@ -5024,7 +5024,7 @@
attrsz = getfull(attr, fullname);
if (attrsz) {
if (opt_v || opt_b) {
- hexdump(attr,attrsz,8);
+ hexdump(attr,attrsz,0);
printf("Computed hash : 0x%08lx\n",
(unsigned long)hash((le32*)attr,attrsz));
}
@@ -5381,7 +5381,7 @@
|| !psecurdata
|| (!psecurdata->filecount
&& !psecurdata->flags))) {
- hexdump(attr,attrsz,8);
+ hexdump(attr,attrsz,0);
printf("Computed hash : 0x%08lx\n",
(unsigned long)hash((le32*)attr,attrsz));
}
@@ -5586,7 +5586,7 @@
attrsz = ntfs_getxattr(fullname,"system.ntfs_acl",attr,MAXATTRSZ);
if (attrsz > 0) {
if (opt_v) {
- hexdump(attr,attrsz,8);
+ hexdump(attr,attrsz,0);
printf("Computed hash : 0x%08lx\n",
(unsigned long)hash((le32*)attr,attrsz));
}
@@ -5679,7 +5679,7 @@
attrsz = ntfs_getxattr(fullname,"system.ntfs_acl",attr,MAXATTRSZ);
if (attrsz > 0) {
if (opt_v) {
- hexdump(attr,attrsz,8);
+ hexdump(attr,attrsz,0);
printf("Computed hash : 0x%08lx\n",
(unsigned long)hash((le32*)attr,attrsz));
}
@@ -6268,7 +6268,7 @@
else {
if (opt_v) {
printf("Entry size %d bytes\n",entrysz);
- hexdump(&attr[20],size,8);
+ hexdump(&attr[20],size,0);
}
unsane = !valid_sds(attr,offset,entrysz,
------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
_______________________________________________
ntfs-3g-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/ntfs-3g-devel
