@@ -67,27 +67,17 @@ def _generator(self):
6767 )
6868 # We will update this on each pass in the next loop and use it as the new offset.
6969 attr_base_offset = mft_record .FirstAttrOffset
70-
71- attr_header = self .context .object (
72- header_object ,
70+ attr = self .context .object (
71+ attribute_object ,
7372 offset = offset + attr_base_offset ,
7473 layer_name = layer .name ,
7574 )
7675
7776 # There is no field that has a count of Attributes
7877 # Keep Attempting to read attributes until we get an invalid attr_header.AttrType
7978
80- while attr_header .AttrType .is_valid_choice :
81- vollog .debug (f"Attr Type: { attr_header .AttrType .lookup ()} )
82-
83- # Offset past the headers to the attribute data
84- attr_data_offset = (
85- offset
86- + attr_base_offset
87- + self .context .symbol_space .get_type (
88- attribute_object
89- ).relative_child_offset ("Attr_Data" )
90- )
79+ while attr .Attr_Header .AttrType .is_valid_choice :
80+ vollog .debug (f"Attr Type: { attr .Attr_Header .AttrType .lookup ()} )
9181
9282 # MFT Flags determine the file type or dir
9383 # If we don't have a valid enum, coerce to hex so we can keep the record
@@ -97,19 +87,16 @@ def _generator(self):
9787 mft_flag = hex (mft_record .Flags )
9888
9989 # Standard Information Attribute
100- if attr_header .AttrType .lookup () == "STANDARD_INFORMATION" :
101- attr_data = self .context .object (
102- si_object , offset = attr_data_offset , layer_name = layer .name
103- )
104-
90+ if attr .Attr_Header .AttrType .lookup () == "STANDARD_INFORMATION" :
91+ attr_data = attr .Attr_Data .cast (si_object )
10592 yield 0 , (
106- format_hints .Hex (attr_data_offset ),
93+ format_hints .Hex (attr_data . vol . offset ),
10794 mft_record .get_signature (),
10895 mft_record .RecordNumber ,
10996 mft_record .LinkCount ,
11097 mft_flag ,
11198 renderers .NotApplicableValue (),
112- attr_header .AttrType .lookup (),
99+ attr . Attr_Header .AttrType .lookup (),
113100 conversion .wintime_to_datetime (attr_data .CreationTime ),
114101 conversion .wintime_to_datetime (attr_data .ModifiedTime ),
115102 conversion .wintime_to_datetime (attr_data .UpdatedTime ),
@@ -118,10 +105,8 @@ def _generator(self):
118105 )
119106
120107 # File Name Attribute
121- if attr_header .AttrType .lookup () == "FILE_NAME" :
122- attr_data = self .context .object (
123- fn_object , offset = attr_data_offset , layer_name = layer .name
124- )
108+ if attr .Attr_Header .AttrType .lookup () == "FILE_NAME" :
109+ attr_data = attr .Attr_Data .cast (fn_object )
125110 file_name = attr_data .get_full_name ()
126111
127112 # If we don't have a valid enum, coerce to hex so we can keep the record
@@ -131,13 +116,13 @@ def _generator(self):
131116 permissions = hex (attr_data .Flags )
132117
133118 yield 1 , (
134- format_hints .Hex (attr_data_offset ),
119+ format_hints .Hex (attr_data . vol . offset ),
135120 mft_record .get_signature (),
136121 mft_record .RecordNumber ,
137122 mft_record .LinkCount ,
138123 mft_flag ,
139124 permissions ,
140- attr_header .AttrType .lookup (),
125+ attr . Attr_Header .AttrType .lookup (),
141126 conversion .wintime_to_datetime (attr_data .CreationTime ),
142127 conversion .wintime_to_datetime (attr_data .ModifiedTime ),
143128 conversion .wintime_to_datetime (attr_data .UpdatedTime ),
@@ -146,14 +131,13 @@ def _generator(self):
146131 )
147132
148133 # If there's no advancement the loop will never end, so break it now
149- if attr_header .Length == 0 :
134+ if attr . Attr_Header .Length == 0 :
150135 break
151136
152137 # Update the base offset to point to the next attribute
153- attr_base_offset += attr_header .Length
154- # Get the next attribute
155- attr_header = self .context .object (
156- header_object ,
138+ attr_base_offset += attr .Attr_Header .Length
139+ attr = self .context .object (
140+ attribute_object ,
157141 offset = offset + attr_base_offset ,
158142 layer_name = layer .name ,
159143 )
0 commit comments