mirror of https://github.com/x64dbg/btparser
63 lines
2.1 KiB
Plaintext
63 lines
2.1 KiB
Plaintext
//--------------------------------------
|
|
//--- 010 Editor v5.0beta1 Binary Template
|
|
//
|
|
// File: UTMPTemplate.bt
|
|
// Author: Matthew Geiger
|
|
// Revision: 0.1
|
|
// Purpose: Parsing entries in wtmp and utmp files on *nix hosts
|
|
//--------------------------------------
|
|
|
|
#define UT_LINESIZE 32
|
|
#define UT_NAMESIZE 32
|
|
#define UT_HOSTSIZE 256
|
|
|
|
LittleEndian();
|
|
|
|
typedef enum <uint> { /* Should be a short(?), but not on Linux systems I have seen */
|
|
EMPTY = 0, /* Record does not contain valid info
|
|
(formerly known as UT_UNKNOWN on Linux) */
|
|
RUN_LVL = 1, /* Change in system run-level (see
|
|
init(8)) */
|
|
BOOT_TIME = 2, /* Time of system boot (in ut_tv) */
|
|
NEW_TIME = 3, /* Time after system clock change
|
|
(in ut_tv) */
|
|
OLD_TIME = 4, /* Time before system clock change
|
|
(in ut_tv) */
|
|
INIT_PROCESS = 5, /* Process spawned by init(8) */
|
|
LOGIN_PROCESS = 6, /* Session leader process for user login */
|
|
USER_PROCESS = 7, /* Normal process */
|
|
DEAD_PROCESS = 8, /* Terminated process */
|
|
ACCOUNTING = 9 /* Not implemented */
|
|
} LOGIN_TYPE;
|
|
|
|
|
|
struct exit_status
|
|
{
|
|
short e_termination; /* Process termination status. */
|
|
short e_exit; /* Process exit status. */
|
|
};
|
|
|
|
|
|
struct utmp
|
|
{
|
|
LOGIN_TYPE ut_type; /* Type of login. */
|
|
int ut_pid; /* Process ID of login process. */
|
|
char ut_line[UT_LINESIZE]; /* Devicename. */
|
|
char ut_id[4]; /* Inittab ID. */
|
|
char ut_user[UT_NAMESIZE]; /* Username. */
|
|
char ut_host[UT_HOSTSIZE]; /* Hostname for remote login. */
|
|
struct exit_status ut_exit; /* Exit status of a process marked
|
|
as DEAD_PROCESS. */
|
|
long ut_session; /* Session ID, used for windowing. */
|
|
time_t high_timeval; /* Time entry was made. */
|
|
int low_timeval;
|
|
int ut_addr_v6[4]; /* Internet address of remote host. */
|
|
char __unused[20]; /* Reserved for future use. */
|
|
};
|
|
|
|
|
|
FSeek(0);
|
|
while( !FEof() )
|
|
{
|
|
utmp UTMP_entry;
|
|
} |