dissect.esedb.record
¶
Module Contents¶
Classes¶
Wrapper class for records in a table. |
|
Record class for parsing and interacting with the on-disk record format. |
|
Represents a |
Functions¶
- dissect.esedb.record.noop(value: Any)¶
- class dissect.esedb.record.Record(table: dissect.esedb.table.Table, node: dissect.esedb.page.Node)¶
Wrapper class for records in a table.
The actual parsing of the data is done in
RecordData
, but this class allows you to easily retrieve all the values by either using the .get() method, accessing them as attributes or dictionary keys on this class.- Parameters:
table – The table this record is from.
node – The node of this record.
- get(attr: str, raw: bool = False) dissect.esedb.c_esedb.RecordValue ¶
Retrieve a value from the record with the given name.
Optionally receive the raw data as it’s stored in the record.
- Parameters:
attr – The column name to retrieve the value of.
raw – Whether to return the raw data stored in the record instead of the parsed value.
- as_dict(raw: bool = False) dict[str, dissect.esedb.c_esedb.RecordValue] ¶
- __getitem__(attr: str) dissect.esedb.c_esedb.RecordValue ¶
- __getattr__(attr: str) dissect.esedb.c_esedb.RecordValue ¶
- __str__() str ¶
- __repr__() str ¶
- class dissect.esedb.record.RecordData(table: dissect.esedb.table.Table, node: dissect.esedb.page.Node)¶
Record class for parsing and interacting with the on-disk record format.
Templated columns are currently not implemented.
- Parameters:
table – The table this record is from.
data – The node data of this record.
- Raises:
NotImplementedError – If old format tagged fields are encountered.
- table¶
- esedb¶
- node¶
- data¶
- header = None¶
- get(column: dissect.esedb.table.Column, raw: bool = False) dissect.esedb.c_esedb.RecordValue ¶
Retrieve the value for the specified column.
Optionally receive the raw data as it’s stored in the record.
If the database has been opened in impacket compatibility mode, skip most of the parsing and return the values that impacket expects.
- Parameters:
column – The column to retrieve the value of.
raw – Whether to return the raw data stored in the record instead of the parsed value.
- as_dict(raw: bool = False) dict[str, dissect.esedb.c_esedb.RecordValue] ¶
Serialize the record as a dictionary.
- class dissect.esedb.record.TagField(record: RecordData, value: int)¶
Represents a
TAGFLD
, which contains information about a tagged field in a record.- __slots__ = ('record', 'identifier', '_offset', 'offset', 'has_extended_info', 'flags')¶
- fNullSmallPage = 8192¶
- fDerived = 32768¶
- record¶
- identifier¶
- __repr__() str ¶
- property is_null: bool¶
Return whether this tagged field is null.
- property is_derived: bool¶
Return whether this tagged field is derived.