dissect.archive.wim#
Module Contents#
Classes#
Windows Imaging Format implementation. |
|
Utility class for parsing reparse point buffers. |
|
Basic buffered stream that provides easy aligned reads. |
Attributes#
- dissect.archive.wim.DEFAULT_CHUNK_SIZE#
- class dissect.archive.wim.WIM(fh: BinaryIO)#
Windows Imaging Format implementation.
Supports reading resources and browsing images from WIM files.
- class dissect.archive.wim.Resource(wim: WIM, size: int, flags: dissect.archive.c_wim.RESHDR_FLAG, offset: int, original_size: int, part_number: int | None = None, reference_count: int | None = None, hash: bytes | None = None)#
- property is_metadata: bool#
- property is_compressed: bool#
- property is_spanned: bool#
- __slots__ = ('wim', 'size', 'flags', 'offset', 'original_size', 'part_number', 'reference_count', 'hash')#
- classmethod from_short_header(wim: WIM, reshdr: dissect.archive.c_wim.c_wim.RESHDR_DISK_SHORT) Resource#
- open() BinaryIO#
- class dissect.archive.wim.Image(wim: WIM, fh: BinaryIO)#
- __repr__() str#
Return repr(self).
- get(path: str, entry: DirectoryEntry | None = None) DirectoryEntry#
- class dissect.archive.wim.SecurityBlock(fh: BinaryIO)#
- class dissect.archive.wim.DirectoryEntry(image: Image, fh: BinaryIO)#
- property last_write_time_ns: int#
Return the last write time in nanoseconds.
- __repr__() str#
Return repr(self).
- is_dir() bool#
Return whether this entry is a directory.
- is_file() bool#
Return whether this entry is a regular file.
- is_reparse_point() bool#
Return whether this entry is a reparse point.
- is_symlink() bool#
Return whether this entry is a symlink reparse point.
- is_mount_point() bool#
Return whether this entry is a mount point reparse point.
- reparse_point() ReparsePoint#
Return parsed reparse point data if this directory entry is a reparse point.
- readlink() str#
- size(name: str = '') int#
Return the entry size.
- creation_time() datetime.datetime#
Return the creation time.
- creation_time_ns() int#
Return the creation time in nanoseconds.
- last_access_time() datetime.datetime#
Return the last access time.
- last_access_time_ns() int#
Return the last access time in nanoseconds.
- last_write_time() datetime.datetime#
Return the last write time.
- listdir() dict[str, DirectoryEntry]#
Return a directory listing.
- iterdir() Iterator[DirectoryEntry]#
Iterate directory contents.
- open(name: str = '') BinaryIO#
Return a file-like object for the contents of this directory entry.
- Parameters:
name – Optional alternate stream name to open.
- class dissect.archive.wim.ReparsePoint(tag: dissect.archive.c_wim.IO_REPARSE_TAG, fh: BinaryIO)#
Utility class for parsing reparse point buffers.
- Parameters:
tag – The type of reparse point to parse.
fh – A file-like object of the reparse point buffer.
- property substitute_name: str | None#
- property print_name: str | None#
- property absolute: bool#
- property relative: bool#
- class dissect.archive.wim.CompressedStream(fh: BinaryIO, offset: int, compressed_size: int, original_size: int, decompressor: Callable[[bytes], bytes])#
Bases:
dissect.util.stream.AlignedStreamBasic buffered stream that provides easy aligned reads.
- Must be subclassed for various stream implementations. Subclasses can implement:
_read(offset, length)
_seek(pos, whence=io.SEEK_SET)
The offset and length for _read are guaranteed to be aligned. The only time that overriding _seek would make sense is if there’s no known size of your stream, but still want to provide SEEK_END functionality.
Most subclasses of AlignedStream take one or more file-like objects as source. Operations on these subclasses, like reading, will modify the source file-like object as a side effect.
- Parameters:
size – The size of the stream. This is used in read and seek operations. None if unknown.
align – The alignment size. Read operations are aligned on this boundary. Also determines buffer size.