1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
use crate::attribute::FileAttributeFlags;
use crate::err::{self, Result};
use crate::ReadSeek;
use byteorder::{LittleEndian, ReadBytesExt};
use chrono::{DateTime, Utc};
use log::trace;
use serde::Serialize;
use snafu::ResultExt;
use winstructs::timestamp::WinTimestamp;
#[derive(Serialize, Debug, Clone)]
pub struct StandardInfoAttr {
pub created: DateTime<Utc>,
pub modified: DateTime<Utc>,
pub mft_modified: DateTime<Utc>,
pub accessed: DateTime<Utc>,
pub file_flags: FileAttributeFlags,
pub max_version: u32,
pub version: u32,
pub class_id: u32,
pub owner_id: u32,
pub security_id: u32,
pub quota: u64,
pub usn: u64,
}
impl StandardInfoAttr {
pub fn from_reader<S: ReadSeek>(reader: &mut S) -> Result<StandardInfoAttr> {
trace!("Offset {}: StandardInfoAttr", reader.tell()?);
let created = WinTimestamp::from_reader(reader)
.context(err::FailedToReadWindowsTime)?
.to_datetime();
let modified = WinTimestamp::from_reader(reader)
.context(err::FailedToReadWindowsTime)?
.to_datetime();
let mft_modified = WinTimestamp::from_reader(reader)
.context(err::FailedToReadWindowsTime)?
.to_datetime();
let accessed = WinTimestamp::from_reader(reader)
.context(err::FailedToReadWindowsTime)?
.to_datetime();
Ok(StandardInfoAttr {
created,
modified,
mft_modified,
accessed,
file_flags: FileAttributeFlags::from_bits_truncate(reader.read_u32::<LittleEndian>()?),
max_version: reader.read_u32::<LittleEndian>()?,
version: reader.read_u32::<LittleEndian>()?,
class_id: reader.read_u32::<LittleEndian>()?,
owner_id: reader.read_u32::<LittleEndian>()?,
security_id: reader.read_u32::<LittleEndian>()?,
quota: reader.read_u64::<LittleEndian>()?,
usn: reader.read_u64::<LittleEndian>()?,
})
}
}