NAME

Log2t::BinRead - support for reading binary log file in Log2timeline

METHODS

This method sets the endian of the binary file. By default values are returned as if the coding was done in a little endian systems, but that can be changed. The types are:

0 BIG_E
Represents a big endian ending
1 LITTLE_E
Represents a little endian ending (the default settings)

read_ascii ( \*FH, \$ofs, $length )

This function returns an ASCII string of length $length read from the binary file FH (accepts FH as a reference to a typeglob of the filehandle). The variable offset dictates where in the binary file we find the start of the string, the offset variable is a reference, since the offset variable is increased as each character is read (so the offset variable will be $ofs+$length at the end of the function)

read_ascii_end ( \*FH, \$ofs, $max )

This function returns an ASCII string of maximum length $length, from the binary file FH (accepts FH as a reference to a typeglob of the filehandle), but otherwise until an \0 or a null character is seen. The variable offset dictates where in the binary file we find the start of the string, the offset variable is a reference, since the offset variable is increased as each character is read (the offset variable will be set at the end of the string)

read_unicode ( \*FH, \$ofs, $length )

This function returns an Unicode encoded string of length $length read from the binary file FH (accepts FH as a reference to a typeglob of the filehandle). The variable offset dictates where in the binary file we find the start of the string, the offset variable is a reference, since the offset variable is increased as each character is read (so the offset variable will be $ofs+($length*2) at the end of the function)

read_unicode_end ( \*FH, \$ofs, $max )

This function returns an Unicode encoded string of maximum length $length from the binary file FH (accepts FH as a reference to a typeglob of the filehandle), but otherwise until an \00 or a null character is seen. The variable offset dictates where in the binary file we find the start of the string, the offset variable is a reference, since the offset variable is increased as each character is read (the offset variable will be set at the end of the string)

read_4 ( \*FH, \$ofs, $loc )

This function reads four bits or a nibble (half a byte) from the file FH (accepts FH as a reference to a typeglob of the filehandle) and return it. The offset is increased by one byte even though the operation returns only a nibble.

The variable $loc defines whether the higher or lower nibble is returned (one byte is read, which is then divided accordingly). Accepted values are:

0 The lower four bits are returned
1 The upper four bits are returned

read_8 ( \*FH, \$ofs )

This function reads 8 bits or one byte from the file FH (accepts FH as a reference to a typeglob of the filehandle) and return it according to the set endian of the file (default is little endian). The offset is then increased by one.

read_16 ( \*FH, \$ofs )

This function reads 16 bits or two bytes from the file FH (accepts FH as a reference to a typeglob of the filehandle) and return it according to the set endian of the file (default is little endian). The offset is then increased by two.

read_32 ( \*FH, \$ofs )

This function reads 32 bits or four bytes from the file FH (accepts FH as a reference to a typeglob of the filehandle) and return it according to the set endian of the file (default is little endian). The offset is then increased by four.

AUTHOR

Kristinn Gudjonsson <kristinn (a t) log2timeline ( d o t ) net> is the original author of the program.

The tool is released under GPL so anyone can contribute to the tool. Some parts of the code have been copied from other GPL'ed programs, such as RegRipper written by H. Carvey.