Added support for voidtools everything DB #515
Conversation
cobyge
force-pushed
the
feature/add-everything-plugin
branch
3 times, most recently
from
90979c3 to
a228c74
Compare
|
I've now added support for all filesystem types supported by Everything stable (Currently NTFS/REFS/EFU/Folder), along with tests for each. When I have some more time I'll add support for more versions (Everything 1.5.0alpha currently uses version 1.7.49 and also supports FAT, network drives, and network indexes) |
|
Really cool PR! Since this is another big one, please give it some time for us to do the review :). Stay tuned! |
tests/_data/plugins/os/windows/everything/Everything_NTFS_ONLY.db
Outdated
Show resolved
Hide resolved
|
Hey, thanks for the review. The only request I haven't worked on yet is the request regarding using dissect.cstruct. I'll have to think a bit about how to implement it, because of differences between structs for multiple versions. I'd be happy to hear thoughts about how I handled different versions in the code (I'm not quite happy about with the version handling). |
cobyge
force-pushed
the
feature/add-everything-plugin
branch
from
f5d0fb9 to
b101283
Compare
|
Hey! I haven't been following any project changes for a while, so if I need to change anything let me know (the tests pass 🤷). I'm resolving the previous comments as they are no longer relevant (and are all fixed in this implementation) |
|
@cobyge yes, it has been a while! Thanks for the time you took to change your implementation. We plan to make time so we can properly review it soon :) |
Inspired by #505, I remembered I had some code lying around to parse the database of Voidtools Everything, very similar to mlocate/plocate, but for Windows.
I updated the code and added it to the codebase.
Because Everything is closed source, this is completely based off of reverse-engineering the code, and I haven't found any reference implementation on the internet to help (AFAIK this is the only parser), so this is all based off of my (not too great) reversing skills.
I've tested this on ~10 random database files I had lying around, from multiple computers, all of them have given exactly the same exact results as Everything itself (checked by exporting to CSV and comparing md5sums).
It should support any DB created since 2017, and if given a broken file, I'm willing to add support for earlier versions as well.
All comments are mine, written while reversing the code.
This is relatively slow code (takes 4.5 seconds for a DB with 126828 files),
I have a version written in Rust which is 22 times faster, and if that's something you are interested in, then I'm happy to try creating bindings with Py03.