btparser/cparser/UTMPTemplate.bt

//--------------------------------------
//--- 010 Editor v5.0beta1 Binary Template
//
// File:  UTMPTemplate.bt
// Author:  Matthew Geiger
// Revision: 0.1
// Purpose:  Parsing entries in wtmp and utmp files on *nix hosts
//--------------------------------------

#define UT_LINESIZE	32
#define UT_NAMESIZE	32
#define UT_HOSTSIZE	256

LittleEndian();

typedef enum <uint> { /* Should be a short(?), but not on Linux systems I have seen */
    EMPTY           = 0, /* Record does not contain valid info
                                      (formerly known as UT_UNKNOWN on Linux) */
    RUN_LVL         = 1,  /* Change in system run-level (see
                                      init(8)) */
    BOOT_TIME       = 2, /* Time of system boot (in ut_tv) */
    NEW_TIME        = 3, /* Time after system clock change
                           (in ut_tv) */
    OLD_TIME        = 4, /* Time before system clock change
                                      (in ut_tv) */
    INIT_PROCESS    = 5, /* Process spawned by init(8) */
    LOGIN_PROCESS   = 6, /* Session leader process for user login */
    USER_PROCESS    = 7, /* Normal process */
    DEAD_PROCESS    = 8, /* Terminated process */
    ACCOUNTING      = 9 /* Not implemented */
} LOGIN_TYPE;


struct exit_status
{
   short e_termination;	/* Process termination status.  */
   short e_exit;		/* Process exit status.  */
};


struct utmp
{
  LOGIN_TYPE ut_type;		    /* Type of login.  */
  int ut_pid;			        /* Process ID of login process.  */
  char ut_line[UT_LINESIZE];	/* Devicename.  */
  char ut_id[4];		        /* Inittab ID.  */
  char ut_user[UT_NAMESIZE];	/* Username.  */
  char ut_host[UT_HOSTSIZE];	/* Hostname for remote login.  */
  struct exit_status ut_exit;	/* Exit status of a process marked
				                as DEAD_PROCESS.  */
  long ut_session;		        /* Session ID, used for windowing.  */
  time_t high_timeval;		    /* Time entry was made.  */
  int low_timeval;
  int ut_addr_v6[4];	        /* Internet address of remote host.  */
  char __unused[20];		    /* Reserved for future use.  */
};


FSeek(0);
while( !FEof() )
{
    utmp UTMP_entry;
}
initial commit (lexer working for very very simple files) 2016-06-05 06:00:36 +08:00			`//--------------------------------------`
			`//--- 010 Editor v5.0beta1 Binary Template`
			`//`
			`// File: UTMPTemplate.bt`
			`// Author: Matthew Geiger`
			`// Revision: 0.1`
			`// Purpose: Parsing entries in wtmp and utmp files on *nix hosts`
			`//--------------------------------------`

			`#define UT_LINESIZE 32`
			`#define UT_NAMESIZE 32`
			`#define UT_HOSTSIZE 256`

			`LittleEndian();`

			`typedef enum <uint> { /* Should be a short(?), but not on Linux systems I have seen */`
			`EMPTY = 0, /* Record does not contain valid info`
			`(formerly known as UT_UNKNOWN on Linux) */`
			`RUN_LVL = 1, /* Change in system run-level (see`
			`init(8)) */`
			`BOOT_TIME = 2, /* Time of system boot (in ut_tv) */`
			`NEW_TIME = 3, /* Time after system clock change`
			`(in ut_tv) */`
			`OLD_TIME = 4, /* Time before system clock change`
			`(in ut_tv) */`
			`INIT_PROCESS = 5, /* Process spawned by init(8) */`
			`LOGIN_PROCESS = 6, /* Session leader process for user login */`
			`USER_PROCESS = 7, /* Normal process */`
			`DEAD_PROCESS = 8, /* Terminated process */`
			`ACCOUNTING = 9 /* Not implemented */`
			`} LOGIN_TYPE;`


			`struct exit_status`
			`{`
			`short e_termination; /* Process termination status. */`
			`short e_exit; /* Process exit status. */`
			`};`


			`struct utmp`
			`{`
			`LOGIN_TYPE ut_type; /* Type of login. */`
			`int ut_pid; /* Process ID of login process. */`
			`char ut_line[UT_LINESIZE]; /* Devicename. */`
			`char ut_id[4]; /* Inittab ID. */`
			`char ut_user[UT_NAMESIZE]; /* Username. */`
			`char ut_host[UT_HOSTSIZE]; /* Hostname for remote login. */`
			`struct exit_status ut_exit; /* Exit status of a process marked`
			`as DEAD_PROCESS. */`
			`long ut_session; /* Session ID, used for windowing. */`
			`time_t high_timeval; /* Time entry was made. */`
			`int low_timeval;`
			`int ut_addr_v6[4]; /* Internet address of remote host. */`
			`char __unused[20]; /* Reserved for future use. */`
			`};`


			`FSeek(0);`
			`while( !FEof() )`
			`{`
			`utmp UTMP_entry;`
			`}`