dissect.esedb.record

Module Contents

Classes

Record

Wrapper class for records in a table.

RecordData

Record class for parsing and interacting with the on-disk record format.

TagField

Represents a TAGFLD, which contains information about a tagged field in a record.

Functions

dissect.esedb.record.noop(value: Any)
class dissect.esedb.record.Record(table: dissect.esedb.table.Table, node: dissect.esedb.page.Node)

Wrapper class for records in a table.

The actual parsing of the data is done in RecordData, but this class allows you to easily retrieve all the values by either using the .get() method, accessing them as attributes or dictionary keys on this class.

Parameters:
  • table – The table this record is from.

  • node – The node of this record.

get(attr: str, raw: bool = False) dissect.esedb.c_esedb.RecordValue

Retrieve a value from the record with the given name.

Optionally receive the raw data as it’s stored in the record.

Parameters:
  • attr – The column name to retrieve the value of.

  • raw – Whether to return the raw data stored in the record instead of the parsed value.

as_dict(raw: bool = False) dict[str, dissect.esedb.c_esedb.RecordValue]
__getitem__(attr: str) dissect.esedb.c_esedb.RecordValue
__getattr__(attr: str) dissect.esedb.c_esedb.RecordValue
__str__() str
__repr__() str
class dissect.esedb.record.RecordData(table: dissect.esedb.table.Table, node: dissect.esedb.page.Node)

Record class for parsing and interacting with the on-disk record format.

Templated columns are currently not implemented.

Parameters:
  • table – The table this record is from.

  • data – The node data of this record.

Raises:

NotImplementedError – If old format tagged fields are encountered.

table
esedb
node
data
header = None
get(column: dissect.esedb.table.Column, raw: bool = False) dissect.esedb.c_esedb.RecordValue

Retrieve the value for the specified column.

Optionally receive the raw data as it’s stored in the record.

If the database has been opened in impacket compatibility mode, skip most of the parsing and return the values that impacket expects.

Parameters:
  • column – The column to retrieve the value of.

  • raw – Whether to return the raw data stored in the record instead of the parsed value.

as_dict(raw: bool = False) dict[str, dissect.esedb.c_esedb.RecordValue]

Serialize the record as a dictionary.

class dissect.esedb.record.TagField(record: RecordData, value: int)

Represents a TAGFLD, which contains information about a tagged field in a record.

__slots__ = ('record', 'identifier', '_offset', 'offset', 'has_extended_info', 'flags')
fNullSmallPage = 8192
fDerived = 32768
record
identifier
__repr__() str
property is_null: bool

Return whether this tagged field is null.

property is_derived: bool

Return whether this tagged field is derived.

dissect.esedb.record.serialise_record_column_values(record: Record, column_names: list[str] = None, max_columns: int = 10) str