Share via


An Exploration of CFB using Python 6

Directory Entries

The general concept of a CFB File is the containment of a
hierarchical structure of storages and streams. These are analogous to
directories and files in the traditional FAT file system used in the DOS and
Windows Operating Systems. A storage can be considered a folder or a directory
while a stream is considered to be like that of a file. Both storages and
streams are represented by Directory Sectors which are a type of file sector. The
number of directory entries per sector depends on the version of the file.
Version 3 equates to 4 directory entries per sector while version 4 has 32
directory entries per sector.

These entries take on a form similar to that of the CFB
Header. Thus to read a Directory Sector would take on a logic similar to the
following:

if majver == 3:
                for
i in range ( 0, 3 ):

                                read_dir_entry
( )

if majver == 4:
                for
j in range ( 0, 31 ):

                                read_dir_entry
( )

This logic would continue based upon the Directory Sector
Markers found in the FAT. The Directory Entry itself takes on a rather simple
form:

def read_dir_entry:
                dir_entry_name
= f.read (
64 )

                dir_entry_name_len
= f.read ( 2 )

                object_type
=
f.read ( 1 )

                color_flag
=
f.read ( 1 )

                left_sibling_id
= f.read
( 4 )

                right_sibling_id =
f.read ( 4 )

                child_id
=
f.read ( 4 )

                clsid
=
f.read ( 16 )

                state_bits
=
f.read ( 4 )

                creation_time
=
f.read ( 8 )

                modified_time
= f.read
( 8 )
                starting_sector_location
= f.read ( 4 )

                stream_size
=
f.read ( 8 )

Thus, every time a directory sector is located inside of the FAT, this
logic could be used in the subsequent storing of each individual directory
entry.