btparser/cparser/UTMPTemplate.bt

63 lines
2.1 KiB
Plaintext
Raw Normal View History

//--------------------------------------
//--- 010 Editor v5.0beta1 Binary Template
//
// File: UTMPTemplate.bt
// Author: Matthew Geiger
// Revision: 0.1
// Purpose: Parsing entries in wtmp and utmp files on *nix hosts
//--------------------------------------
#define UT_LINESIZE 32
#define UT_NAMESIZE 32
#define UT_HOSTSIZE 256
LittleEndian();
typedef enum <uint> { /* Should be a short(?), but not on Linux systems I have seen */
EMPTY = 0, /* Record does not contain valid info
(formerly known as UT_UNKNOWN on Linux) */
RUN_LVL = 1, /* Change in system run-level (see
init(8)) */
BOOT_TIME = 2, /* Time of system boot (in ut_tv) */
NEW_TIME = 3, /* Time after system clock change
(in ut_tv) */
OLD_TIME = 4, /* Time before system clock change
(in ut_tv) */
INIT_PROCESS = 5, /* Process spawned by init(8) */
LOGIN_PROCESS = 6, /* Session leader process for user login */
USER_PROCESS = 7, /* Normal process */
DEAD_PROCESS = 8, /* Terminated process */
ACCOUNTING = 9 /* Not implemented */
} LOGIN_TYPE;
struct exit_status
{
short e_termination; /* Process termination status. */
short e_exit; /* Process exit status. */
};
struct utmp
{
LOGIN_TYPE ut_type; /* Type of login. */
int ut_pid; /* Process ID of login process. */
char ut_line[UT_LINESIZE]; /* Devicename. */
char ut_id[4]; /* Inittab ID. */
char ut_user[UT_NAMESIZE]; /* Username. */
char ut_host[UT_HOSTSIZE]; /* Hostname for remote login. */
struct exit_status ut_exit; /* Exit status of a process marked
as DEAD_PROCESS. */
long ut_session; /* Session ID, used for windowing. */
time_t high_timeval; /* Time entry was made. */
int low_timeval;
int ut_addr_v6[4]; /* Internet address of remote host. */
char __unused[20]; /* Reserved for future use. */
};
FSeek(0);
while( !FEof() )
{
utmp UTMP_entry;
}