/* Reads the volume values
* Returns the number of bytes read, 0 if not able to read or -1 on error
*/
ssize_t libfwsi_volume_values_read(
libfwsi_volume_values_t *volume_values,
const uint8_t *shell_item_data,
size_t shell_item_data_size,
int ascii_codepage,
libcerror_error_t **error )
{
static char *function = "libfwsi_volume_values_read";
size_t shell_item_data_offset = 0;
size_t string_size = 0;
uint8_t class_type_indicator = 0;
#if defined( HAVE_DEBUG_OUTPUT )
libcstring_system_character_t guid_string[ 48 ];
libcstring_system_character_t *value_string = NULL;
libfguid_identifier_t *guid = NULL;
size_t value_string_size = 0;
uint16_t value_16bit = 0;
int result = 0;
#endif
if( volume_values == NULL )
{
libcerror_error_set(
error,
LIBCERROR_ERROR_DOMAIN_ARGUMENTS,
LIBCERROR_ARGUMENT_ERROR_INVALID_VALUE,
"%s: invalid volume values.",
function );
return( -1 );
}
if( shell_item_data == NULL )
{
libcerror_error_set(
error,
LIBCERROR_ERROR_DOMAIN_ARGUMENTS,
LIBCERROR_ARGUMENT_ERROR_INVALID_VALUE,
"%s: invalid shell item data.",
function );
return( -1 );
}
if( shell_item_data_size > (size_t) SSIZE_MAX )
{
libcerror_error_set(
error,
LIBCERROR_ERROR_DOMAIN_ARGUMENTS,
LIBCERROR_ARGUMENT_ERROR_VALUE_EXCEEDS_MAXIMUM,
"%s: shell item data size exceeds maximum.",
function );
return( -1 );
}
/* Do not try to parse unsupported shell item data sizes
*/
if( shell_item_data_size < 20 )
{
return( 0 );
}
/* Do not try to parse unknown class type indicators
*/
if( ( shell_item_data[ 2 ] != 0x23 )
&& ( shell_item_data[ 2 ] != 0x25 )
&& ( shell_item_data[ 2 ] != 0x29 )
&& ( shell_item_data[ 2 ] != 0x2a )
&& ( shell_item_data[ 2 ] != 0x2e )
&& ( shell_item_data[ 2 ] != 0x2f ) )
{
return( 0 );
}
class_type_indicator = shell_item_data[ 2 ];
volume_values->ascii_codepage = ascii_codepage;
#if defined( HAVE_DEBUG_OUTPUT )
if( libcnotify_verbose != 0 )
{
if( libfguid_identifier_initialize(
&guid,
error ) != 1 )
{
libcerror_error_set(
error,
LIBCERROR_ERROR_DOMAIN_RUNTIME,
LIBCERROR_RUNTIME_ERROR_INITIALIZE_FAILED,
"%s: unable to create GUID.",
function );
goto on_error;
}
}
#endif
if( class_type_indicator == 0x2e )
{
#if defined( HAVE_DEBUG_OUTPUT )
if( libcnotify_verbose != 0 )
{
libcnotify_printf(
"%s: unknown1\t\t\t\t\t: 0x%02" PRIx8 "\n",
function,
shell_item_data[ 3 ] );
}
#endif
volume_values->has_name = 0;
if( memory_copy(
volume_values->identifier,
&( shell_item_data[ 4 ] ),
16 ) == NULL )
{
libcerror_error_set(
error,
LIBCERROR_ERROR_DOMAIN_MEMORY,
LIBCERROR_MEMORY_ERROR_COPY_FAILED,
"%s: unable to copy volume identifier.",
function );
goto on_error;
}
#if defined( HAVE_DEBUG_OUTPUT )
if( libcnotify_verbose != 0 )
{
if( libfguid_identifier_copy_from_byte_stream(
guid,
volume_values->identifier,
16,
LIBFGUID_ENDIAN_LITTLE,
error ) != 1 )
{
libcerror_error_set(
error,
LIBCERROR_ERROR_DOMAIN_RUNTIME,
LIBCERROR_RUNTIME_ERROR_COPY_FAILED,
"%s: unable to copy byte stream to GUID.",
function );
goto on_error;
}
#if defined( LIBCSTRING_HAVE_WIDE_SYSTEM_CHARACTER )
result = libfguid_identifier_copy_to_utf16_string(
guid,
(uint16_t *) guid_string,
48,
LIBFGUID_STRING_FORMAT_FLAG_USE_UPPER_CASE | LIBFGUID_STRING_FORMAT_FLAG_USE_SURROUNDING_BRACES,
error );
#else
result = libfguid_identifier_copy_to_utf8_string(
guid,
(uint8_t *) guid_string,
48,
LIBFGUID_STRING_FORMAT_FLAG_USE_UPPER_CASE | LIBFGUID_STRING_FORMAT_FLAG_USE_SURROUNDING_BRACES,
error );
#endif
if( result != 1 )
{
libcerror_error_set(
error,
LIBCERROR_ERROR_DOMAIN_RUNTIME,
LIBCERROR_RUNTIME_ERROR_COPY_FAILED,
"%s: unable to copy GUID to string.",
function );
goto on_error;
}
libcnotify_printf(
"%s: shell folder identifier\t\t\t: %" PRIs_LIBCSTRING_SYSTEM "\n",
function,
guid_string );
libcnotify_printf(
"%s: shell folder name\t\t\t\t: %s\n",
function,
libfwsi_shell_folder_identifier_get_name(
volume_values->identifier ) );
}
#endif
shell_item_data_offset = 20;
}
else
{
/* Do not try to parse unsupported shell item data sizes
*/
if( shell_item_data_size < 25 )
{
return( 0 );
}
volume_values->has_name = 1;
if( memory_copy(
volume_values->name,
&( shell_item_data[ 3 ] ),
20 ) == NULL )
{
libcerror_error_set(
error,
LIBCERROR_ERROR_DOMAIN_MEMORY,
LIBCERROR_MEMORY_ERROR_COPY_FAILED,
"%s: unable to copy volume name.",
function );
goto on_error;
}
for( string_size = 0;
string_size < 20;
string_size++ )
{
if( volume_values->name[ string_size ] == 0 )
{
break;
}
}
volume_values->name_size = string_size;
#if defined( HAVE_DEBUG_OUTPUT )
if( libcnotify_verbose != 0 )
{
#if defined( LIBCSTRING_HAVE_WIDE_SYSTEM_CHARACTER )
result = libuna_utf16_string_size_from_byte_stream(
volume_values->name,
volume_values->name_size,
volume_values->ascii_codepage,
&value_string_size,
error );
#else
result = libuna_utf8_string_size_from_byte_stream(
volume_values->name,
volume_values->name_size,
volume_values->ascii_codepage,
&value_string_size,
error );
#endif
if( result != 1 )
{
libcerror_error_set(
error,
LIBCERROR_ERROR_DOMAIN_RUNTIME,
LIBCERROR_RUNTIME_ERROR_GET_FAILED,
"%s: unable to determine size of volume name string.",
function );
goto on_error;
}
if( value_string_size > (size_t) ( SSIZE_MAX / sizeof( libcstring_system_character_t ) ) )
{
libcerror_error_set(
error,
LIBCERROR_ERROR_DOMAIN_RUNTIME,
LIBCERROR_RUNTIME_ERROR_VALUE_EXCEEDS_MAXIMUM,
"%s: invalid volume name string size value exceeds maximum.",
function );
goto on_error;
}
value_string = libcstring_system_string_allocate(
value_string_size );
if( value_string == NULL )
{
libcerror_error_set(
error,
LIBCERROR_ERROR_DOMAIN_MEMORY,
LIBCERROR_MEMORY_ERROR_INSUFFICIENT,
"%s: unable to create volume name string.",
function );
goto on_error;
}
#if defined( LIBCSTRING_HAVE_WIDE_SYSTEM_CHARACTER )
result = libuna_utf16_string_copy_from_byte_stream(
(libuna_utf16_character_t *) value_string,
value_string_size,
volume_values->name,
volume_values->name_size,
volume_values->ascii_codepage,
error );
#else
result = libuna_utf8_string_copy_from_byte_stream(
(libuna_utf8_character_t *) value_string,
value_string_size,
volume_values->name,
volume_values->name_size,
volume_values->ascii_codepage,
error );
#endif
if( result != 1 )
{
libcerror_error_set(
error,
LIBCERROR_ERROR_DOMAIN_RUNTIME,
LIBCERROR_RUNTIME_ERROR_SET_FAILED,
"%s: unable to set volume name string.",
function );
goto on_error;
}
libcnotify_printf(
"%s: volume name\t\t\t\t\t: %" PRIs_LIBCSTRING_SYSTEM "\n",
function,
value_string );
memory_free(
value_string );
value_string = NULL;
}
#endif
#if defined( HAVE_DEBUG_OUTPUT )
if( libcnotify_verbose != 0 )
{
byte_stream_copy_to_uint16_little_endian(
&( shell_item_data[ 23 ] ),
value_16bit );
libcnotify_printf(
"%s: unknown2\t\t\t\t\t: 0x%04" PRIx16 "\n",
function,
value_16bit );
}
#endif
shell_item_data_offset = 25;
if( shell_item_data_offset <= ( shell_item_data_size - 16 ) )
{
if( memory_copy(
volume_values->shell_folder_identifier,
&( shell_item_data[ shell_item_data_offset ] ),
16 ) == NULL )
{
libcerror_error_set(
error,
LIBCERROR_ERROR_DOMAIN_MEMORY,
LIBCERROR_MEMORY_ERROR_COPY_FAILED,
"%s: unable to copy shell folder identifier.",
function );
goto on_error;
}
#if defined( HAVE_DEBUG_OUTPUT )
if( libcnotify_verbose != 0 )
{
if( libfguid_identifier_copy_from_byte_stream(
guid,
volume_values->shell_folder_identifier,
16,
LIBFGUID_ENDIAN_LITTLE,
error ) != 1 )
{
libcerror_error_set(
error,
LIBCERROR_ERROR_DOMAIN_RUNTIME,
LIBCERROR_RUNTIME_ERROR_COPY_FAILED,
"%s: unable to copy byte stream to GUID.",
function );
goto on_error;
}
#if defined( LIBCSTRING_HAVE_WIDE_SYSTEM_CHARACTER )
result = libfguid_identifier_copy_to_utf16_string(
guid,
(uint16_t *) guid_string,
48,
LIBFGUID_STRING_FORMAT_FLAG_USE_UPPER_CASE | LIBFGUID_STRING_FORMAT_FLAG_USE_SURROUNDING_BRACES,
error );
#else
result = libfguid_identifier_copy_to_utf8_string(
guid,
(uint8_t *) guid_string,
48,
LIBFGUID_STRING_FORMAT_FLAG_USE_UPPER_CASE | LIBFGUID_STRING_FORMAT_FLAG_USE_SURROUNDING_BRACES,
error );
#endif
if( result != 1 )
{
libcerror_error_set(
error,
LIBCERROR_ERROR_DOMAIN_RUNTIME,
LIBCERROR_RUNTIME_ERROR_COPY_FAILED,
"%s: unable to copy GUID to string.",
function );
goto on_error;
}
libcnotify_printf(
"%s: shell folder identifier\t\t\t: %" PRIs_LIBCSTRING_SYSTEM "\n",
function,
guid_string );
libcnotify_printf(
"%s: shell folder name\t\t\t\t: %s\n",
function,
libfwsi_shell_folder_identifier_get_name(
&( shell_item_data[ shell_item_data_offset ] ) ) );
}
#endif
shell_item_data_offset += 16;
}
}
#if defined( HAVE_DEBUG_OUTPUT )
if( libcnotify_verbose != 0 )
{
if( libfguid_identifier_free(
&guid,
error ) != 1 )
{
libcerror_error_set(
error,
LIBCERROR_ERROR_DOMAIN_RUNTIME,
LIBCERROR_RUNTIME_ERROR_FINALIZE_FAILED,
"%s: unable to free GUID.",
function );
goto on_error;
}
libcnotify_printf(
"\n" );
}
#endif
return( (ssize_t) shell_item_data_offset );
on_error:
#if defined( HAVE_DEBUG_OUTPUT )
if( guid != NULL )
{
libfguid_identifier_free(
&guid,
NULL );
}
if( value_string != NULL )
{
memory_free(
value_string );
}
#endif
return( -1 );
}
/* Reads the users property view values
* Returns 1 if successful, 0 if not supported or -1 on error
*/
int libfwsi_users_property_view_values_read_data(
libfwsi_users_property_view_values_t *users_property_view_values,
const uint8_t *data,
size_t data_size,
int ascii_codepage,
libcerror_error_t **error )
{
static char *function = "libfwsi_users_property_view_values_read_data";
size_t data_offset = 0;
uint32_t signature = 0;
uint16_t identifier_size = 0;
uint16_t item_data_size = 0;
uint16_t property_store_size = 0;
#if defined( HAVE_DEBUG_OUTPUT )
uint32_t value_32bit = 0;
uint16_t value_16bit = 0;
#endif
if( users_property_view_values == NULL )
{
libcerror_error_set(
error,
LIBCERROR_ERROR_DOMAIN_ARGUMENTS,
LIBCERROR_ARGUMENT_ERROR_INVALID_VALUE,
"%s: invalid users property view values.",
function );
return( -1 );
}
if( data == NULL )
{
libcerror_error_set(
error,
LIBCERROR_ERROR_DOMAIN_ARGUMENTS,
LIBCERROR_ARGUMENT_ERROR_INVALID_VALUE,
"%s: invalid data.",
function );
return( -1 );
}
if( data_size > (size_t) SSIZE_MAX )
{
libcerror_error_set(
error,
LIBCERROR_ERROR_DOMAIN_ARGUMENTS,
LIBCERROR_ARGUMENT_ERROR_VALUE_EXCEEDS_MAXIMUM,
"%s: data size exceeds maximum.",
function );
return( -1 );
}
/* Do not try to parse unsupported data sizes
*/
if( data_size < 14 )
{
return( 0 );
}
/* Do not try to parse unsupported shell item signatures
*/
byte_stream_copy_to_uint32_little_endian(
&( data[ 6 ] ),
signature );
switch( signature )
{
case 0x10141981UL:
case 0x23a3dfd5UL:
case 0x23febbeeUL:
case 0x3b93afbbUL:
case 0xbeebee00UL:
break;
default:
return( 0 );
}
byte_stream_copy_to_uint32_little_endian(
&( data[ 4 ] ),
item_data_size );
byte_stream_copy_to_uint16_little_endian(
&( data[ 10 ] ),
property_store_size );
byte_stream_copy_to_uint16_little_endian(
&( data[ 12 ] ),
identifier_size );
#if defined( HAVE_DEBUG_OUTPUT )
if( libcnotify_verbose != 0 )
{
libcnotify_printf(
"%s: class type indicator\t\t: 0x%02" PRIx8 "\n",
function,
data[ 2 ] );
libcnotify_printf(
"%s: unknown1\t\t\t: 0x%02" PRIx8 "\n",
function,
data[ 3 ] );
libcnotify_printf(
"%s: data size\t\t\t: %" PRIu16 "\n",
function,
item_data_size );
libcnotify_printf(
"%s: data signature\t\t\t: 0x%08" PRIx32 "\n",
function,
signature );
libcnotify_printf(
"%s: property store size\t\t: %" PRIu16 "\n",
function,
property_store_size );
libcnotify_printf(
"%s: identifier size\t\t: %" PRIu16 "\n",
function,
identifier_size );
}
#endif
data_offset = 14;
if( item_data_size != 0 )
{
if( item_data_size <= 2 )
{
libcerror_error_set(
error,
LIBCERROR_ERROR_DOMAIN_RUNTIME,
LIBCERROR_RUNTIME_ERROR_VALUE_OUT_OF_BOUNDS,
"%s: invalid data size value out of bounds.",
function );
return( -1 );
}
}
/* TODO add identifier_size bounds check */
#if defined( HAVE_DEBUG_OUTPUT )
if( libcnotify_verbose != 0 )
{
libcnotify_printf(
"%s: identifier data:\n",
function );
libcnotify_print_data(
&( data[ data_offset ] ),
identifier_size,
0 );
}
#endif
switch( signature )
{
case 0x23a3dfd5UL:
case 0x3b93afbbUL:
case 0xbeebee00UL:
if( identifier_size == 4 )
{
#if defined( HAVE_DEBUG_OUTPUT )
if( libcnotify_verbose != 0 )
{
byte_stream_copy_to_uint32_little_endian(
&( data[ data_offset ] ),
value_32bit );
libcnotify_printf(
"%s: identifier\t\t\t: 0x%08" PRIx32 "\n",
function,
value_32bit );
}
#endif
data_offset += 4;
}
break;
case 0x23febbeeUL:
if( identifier_size == 16 )
{
#if defined( HAVE_DEBUG_OUTPUT )
if( libcnotify_verbose != 0 )
{
if( libfwsi_debug_print_guid_value(
function,
"known folder identifier\t",
&( data[ data_offset ] ),
16,
LIBFGUID_ENDIAN_LITTLE,
LIBFGUID_STRING_FORMAT_FLAG_USE_UPPER_CASE | LIBFGUID_STRING_FORMAT_FLAG_USE_SURROUNDING_BRACES,
error ) != 1 )
{
libcerror_error_set(
error,
LIBCERROR_ERROR_DOMAIN_RUNTIME,
LIBCERROR_RUNTIME_ERROR_PRINT_FAILED,
"%s: unable to print GUID value.",
function );
return( -1 );
}
libcnotify_printf(
"%s: known folder name\t\t: %s\n",
function,
libfwsi_known_folder_identifier_get_name(
&( data[ data_offset ] ) ) );
}
#endif
data_offset += 16;
}
break;
default:
data_offset += identifier_size;
break;
}
/* TODO add property store size bounds check */
#if defined( HAVE_DEBUG_OUTPUT )
if( libcnotify_verbose != 0 )
{
libcnotify_printf(
"%s: property store data:\n",
function );
libcnotify_print_data(
&( data[ data_offset ] ),
property_store_size,
LIBCNOTIFY_PRINT_DATA_FLAG_GROUP_DATA );
}
#endif
if( property_store_size > 0 )
{
/* TODO look for multiple stores */
#if defined( HAVE_DEBUG_OUTPUT )
if( libcnotify_verbose != 0 )
{
if( libfwsi_debug_print_property_storage_value(
&( data[ data_offset ] ),
property_store_size,
ascii_codepage,
error ) != 1 )
{
libcerror_error_set(
error,
LIBCERROR_ERROR_DOMAIN_RUNTIME,
LIBCERROR_RUNTIME_ERROR_PRINT_FAILED,
"%s: unable to print property storage value.",
function );
return( -1 );
}
}
#endif
data_offset += property_store_size;
}
#if defined( HAVE_DEBUG_OUTPUT )
if( libcnotify_verbose != 0 )
{
byte_stream_copy_to_uint16_little_endian(
&( data[ data_offset ] ),
value_16bit );
libcnotify_printf(
"%s: unknown1 size\t\t\t: %" PRIu16 "\n",
function,
value_16bit );
}
#endif
data_offset += 2;
if( signature == 0x23a3dfd5UL )
{
if( data_offset > data_size - 32 )
{
libcerror_error_set(
error,
LIBCERROR_ERROR_DOMAIN_RUNTIME,
LIBCERROR_RUNTIME_ERROR_VALUE_OUT_OF_BOUNDS,
"%s: invalid data size value out of bounds.",
function );
return( -1 );
}
#if defined( HAVE_DEBUG_OUTPUT )
if( libcnotify_verbose != 0 )
{
if( libfwsi_debug_print_guid_value(
function,
"delegate item identifier\t",
&( data[ data_offset ] ),
16,
LIBFGUID_ENDIAN_LITTLE,
LIBFGUID_STRING_FORMAT_FLAG_USE_UPPER_CASE | LIBFGUID_STRING_FORMAT_FLAG_USE_SURROUNDING_BRACES,
error ) != 1 )
{
libcerror_error_set(
error,
LIBCERROR_ERROR_DOMAIN_RUNTIME,
LIBCERROR_RUNTIME_ERROR_PRINT_FAILED,
"%s: unable to print GUID value.",
function );
return( -1 );
}
}
#endif
data_offset += 16;
#if defined( HAVE_DEBUG_OUTPUT )
if( libcnotify_verbose != 0 )
{
if( libfwsi_debug_print_guid_value(
function,
"item class identifier\t\t",
&( data[ data_offset ] ),
16,
LIBFGUID_ENDIAN_LITTLE,
LIBFGUID_STRING_FORMAT_FLAG_USE_UPPER_CASE | LIBFGUID_STRING_FORMAT_FLAG_USE_SURROUNDING_BRACES,
error ) != 1 )
{
libcerror_error_set(
error,
LIBCERROR_ERROR_DOMAIN_RUNTIME,
LIBCERROR_RUNTIME_ERROR_PRINT_FAILED,
"%s: unable to print GUID value.",
function );
return( -1 );
}
libcnotify_printf(
"%s: shell folder name\t\t: %s\n",
function,
libfwsi_shell_folder_identifier_get_name(
&( data[ data_offset ] ) ) );
}
#endif
data_offset += 16;
}
#if defined( HAVE_DEBUG_OUTPUT )
if( libcnotify_verbose != 0 )
{
libcnotify_printf(
"\n" );
}
#endif
return( 1 );
}
/* Reads the extension block 0xbeef0003 values
* Returns 1 if successful, 0 if not supported or -1 on error
*/
int libfwsi_extension_block_0xbeef0003_values_read_data(
libfwsi_extension_block_0xbeef0003_values_t *extension_block_0xbeef0003_values,
const uint8_t *data,
size_t data_size,
libcerror_error_t **error )
{
static char *function = "libfwsi_extension_block_0xbeef0003_values_read_data";
uint32_t signature = 0;
if( extension_block_0xbeef0003_values == NULL )
{
libcerror_error_set(
error,
LIBCERROR_ERROR_DOMAIN_ARGUMENTS,
LIBCERROR_ARGUMENT_ERROR_INVALID_VALUE,
"%s: invalid extension block 0xbeef0003 values.",
function );
return( -1 );
}
if( data == NULL )
{
libcerror_error_set(
error,
LIBCERROR_ERROR_DOMAIN_ARGUMENTS,
LIBCERROR_ARGUMENT_ERROR_INVALID_VALUE,
"%s: invalid data.",
function );
return( -1 );
}
if( data_size > (size_t) SSIZE_MAX )
{
libcerror_error_set(
error,
LIBCERROR_ERROR_DOMAIN_ARGUMENTS,
LIBCERROR_ARGUMENT_ERROR_VALUE_EXCEEDS_MAXIMUM,
"%s: data size exceeds maximum.",
function );
return( -1 );
}
/* Do not try to parse unsupported data sizes
*/
if( data_size != 26 )
{
return( 0 );
}
/* Do not try to parse unsupported extension block signatures
*/
byte_stream_copy_to_uint32_little_endian(
&( data[ 4 ] ),
signature );
if( signature != 0xbeef0003 )
{
return( 0 );
}
#if defined( HAVE_DEBUG_OUTPUT )
if( libcnotify_verbose != 0 )
{
if( libfwsi_debug_print_guid_value(
function,
"shell folder identifier\t",
&( data[ 8 ] ),
16,
LIBFGUID_ENDIAN_LITTLE,
LIBFGUID_STRING_FORMAT_FLAG_USE_LOWER_CASE,
error ) != 1 )
{
libcerror_error_set(
error,
LIBCERROR_ERROR_DOMAIN_RUNTIME,
LIBCERROR_RUNTIME_ERROR_PRINT_FAILED,
"%s: unable to print GUID value.",
function );
return( -1 );
}
libcnotify_printf(
"%s: shell folder name\t: %s\n",
function,
libfwsi_shell_folder_identifier_get_name(
&( data[ 8 ] ) ) );
libcnotify_printf(
"\n" );
}
#endif
return( 1 );
}
/* Reads the delegate values
* Returns 1 if successful, 0 if not supported or -1 on error
*/
int libfwsi_delegate_values_read_data(
libfwsi_delegate_values_t *delegate_values,
const uint8_t *data,
size_t data_size,
libcerror_error_t **error )
{
static char *function = "libfwsi_delegate_values_read_data";
size_t data_offset = 0;
uint16_t item_data_size = 0;
if( delegate_values == NULL )
{
libcerror_error_set(
error,
LIBCERROR_ERROR_DOMAIN_ARGUMENTS,
LIBCERROR_ARGUMENT_ERROR_INVALID_VALUE,
"%s: invalid delegate values.",
function );
return( -1 );
}
if( data == NULL )
{
libcerror_error_set(
error,
LIBCERROR_ERROR_DOMAIN_ARGUMENTS,
LIBCERROR_ARGUMENT_ERROR_INVALID_VALUE,
"%s: invalid data.",
function );
return( -1 );
}
if( data_size > (size_t) SSIZE_MAX )
{
libcerror_error_set(
error,
LIBCERROR_ERROR_DOMAIN_ARGUMENTS,
LIBCERROR_ARGUMENT_ERROR_VALUE_EXCEEDS_MAXIMUM,
"%s: data size exceeds maximum.",
function );
return( -1 );
}
/* Do not try to parse unsupported data sizes
*/
if( data_size < 38 )
{
return( 0 );
}
/* Do not try to parse unknown class type indicators
*/
if( memory_compare(
&( data[ data_size - 32 ] ),
libfwsi_delegate_item_identifier,
16 ) != 0 )
{
return( 0 );
}
byte_stream_copy_to_uint32_little_endian(
&( data[ 4 ] ),
item_data_size );
#if defined( HAVE_DEBUG_OUTPUT )
if( libcnotify_verbose != 0 )
{
libcnotify_printf(
"%s: class type indicator\t\t\t: 0x%02" PRIx8 "\n",
function,
data[ 2 ] );
libcnotify_printf(
"%s: unknown1\t\t\t\t: 0x%02" PRIx8 "\n",
function,
data[ 3 ] );
libcnotify_printf(
"%s: delegate item data size\t\t: %" PRIu16 "\n",
function,
item_data_size );
}
#endif
data_offset = 6;
if( item_data_size > 0 )
{
if( item_data_size > ( data_size - 32 ) )
{
libcerror_error_set(
error,
LIBCERROR_ERROR_DOMAIN_RUNTIME,
LIBCERROR_RUNTIME_ERROR_VALUE_OUT_OF_BOUNDS,
"%s: invalid data size value out of bounds.",
function );
return( -1 );
}
#if defined( HAVE_DEBUG_OUTPUT )
if( libcnotify_verbose != 0 )
{
libcnotify_printf(
"%s: delegate item data:\n",
function );
libcnotify_print_data(
&( data[ 6 ] ),
item_data_size,
LIBCNOTIFY_PRINT_DATA_FLAG_GROUP_DATA );
}
#endif
data_offset += item_data_size;
}
#if defined( HAVE_DEBUG_OUTPUT )
if( libcnotify_verbose != 0 )
{
if( libfwsi_debug_print_guid_value(
function,
"delegate item class identifier\t",
&( data[ data_offset ] ),
16,
LIBFGUID_ENDIAN_LITTLE,
LIBFGUID_STRING_FORMAT_FLAG_USE_UPPER_CASE | LIBFGUID_STRING_FORMAT_FLAG_USE_SURROUNDING_BRACES,
error ) != 1 )
{
libcerror_error_set(
error,
LIBCERROR_ERROR_DOMAIN_RUNTIME,
LIBCERROR_RUNTIME_ERROR_PRINT_FAILED,
"%s: unable to print GUID value.",
function );
return( -1 );
}
}
#endif
data_offset += 16;
#if defined( HAVE_DEBUG_OUTPUT )
if( libcnotify_verbose != 0 )
{
if( libfwsi_debug_print_guid_value(
function,
"item class identifier\t\t",
&( data[ data_offset ] ),
16,
LIBFGUID_ENDIAN_LITTLE,
LIBFGUID_STRING_FORMAT_FLAG_USE_UPPER_CASE | LIBFGUID_STRING_FORMAT_FLAG_USE_SURROUNDING_BRACES,
error ) != 1 )
{
libcerror_error_set(
error,
LIBCERROR_ERROR_DOMAIN_RUNTIME,
LIBCERROR_RUNTIME_ERROR_PRINT_FAILED,
"%s: unable to print GUID value.",
function );
return( -1 );
}
libcnotify_printf(
"%s: shell folder name\t\t\t: %s\n",
function,
libfwsi_shell_folder_identifier_get_name(
&( data[ data_offset ] ) ) );
libcnotify_printf(
"\n" );
}
#endif
data_offset += 16;
return( 1 );
}
