forked from difcareer/010templates
-
Notifications
You must be signed in to change notification settings - Fork 1
/
UTMPTemplate.bt
executable file
·63 lines (54 loc) · 2.09 KB
/
UTMPTemplate.bt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
//--------------------------------------
//--- 010 Editor v5.0beta1 Binary Template
//
// File: UTMPTemplate.bt
// Author: Matthew Geiger
// Revision: 0.1
// Purpose: Parsing entries in wtmp and utmp files on *nix hosts
//--------------------------------------
#define UT_LINESIZE 32
#define UT_NAMESIZE 32
#define UT_HOSTSIZE 256
LittleEndian();
typedef enum <uint> { /* Should be a short(?), but not on Linux systems I have seen */
EMPTY = 0, /* Record does not contain valid info
(formerly known as UT_UNKNOWN on Linux) */
RUN_LVL = 1, /* Change in system run-level (see
init(8)) */
BOOT_TIME = 2, /* Time of system boot (in ut_tv) */
NEW_TIME = 3, /* Time after system clock change
(in ut_tv) */
OLD_TIME = 4, /* Time before system clock change
(in ut_tv) */
INIT_PROCESS = 5, /* Process spawned by init(8) */
LOGIN_PROCESS = 6, /* Session leader process for user login */
USER_PROCESS = 7, /* Normal process */
DEAD_PROCESS = 8, /* Terminated process */
ACCOUNTING = 9 /* Not implemented */
} LOGIN_TYPE;
struct exit_status
{
short e_termination; /* Process termination status. */
short e_exit; /* Process exit status. */
};
struct utmp
{
LOGIN_TYPE ut_type; /* Type of login. */
int ut_pid; /* Process ID of login process. */
char ut_line[UT_LINESIZE]; /* Devicename. */
char ut_id[4]; /* Inittab ID. */
char ut_user[UT_NAMESIZE]; /* Username. */
char ut_host[UT_HOSTSIZE]; /* Hostname for remote login. */
struct exit_status ut_exit; /* Exit status of a process marked
as DEAD_PROCESS. */
long ut_session; /* Session ID, used for windowing. */
time_t high_timeval; /* Time entry was made. */
int low_timeval;
int ut_addr_v6[4]; /* Internet address of remote host. */
char __unused[20]; /* Reserved for future use. */
};
FSeek(0);
while( !FEof() )
{
utmp UTMP_entry;
}