Location: PHPKode > projects > Ptk-forensics > ptk/lib/get_ram_live_search.php
<?
/*
PTK  - DFLabs
Copyright (C) 2008 - DFLabs srl - All rights reserved
hide@address.com
*/
include("check_session.php");
include("check_session_image.php");
include("lib_commands.php");
include("loggerClass.php");
include("lib_std.php");

if (isset($_SESSION['key_token']) && strcmp($_SESSION['key_token'],$_GET['tk']) == 0){

$str = time().md5($_GET['string']);
$string = mysql_real_escape_string($_GET['string']);
$regexp = $_GET['regexp'];
$ascii = sanitize($_GET['ascii'],PARANOID);
$unicode = sanitize($_GET['unicode'],PARANOID);
$part_id = sanitize($_SESSION["partition0_id"],INT);

$result = ram_live_search($_SESSION['image_path'], $string, $regexp, $ascii, $unicode);
$result = preg_split("/\<br\>/", $result);
?>
<p style="font-size:8pt; margin-bottom:0px; margin-left:10px">
<img src="../img/select_all.png" style="vertical-align: middle">&nbsp;If selected: <u style="cursor:pointer" onclick="goto_multiple_bookmarks_kw('<?=$str?>', 6, '<?=$part_id?>')">bookmark all</u><!-- |  <u style="cursor:pointer">export all</u>-->
</p>
<table class="keyword" id="result_table">
<th><input type='checkbox' id='bookmark_all<?=$str?>' onclick="check_uncheck_all_kw('<?=$str?>')"></th><th></th></th><th>Offset</th><th>Content</th>
<?
for($i=0;$i<sizeof($result);$i++){
	$line = $result[$i];
	if(preg_match("/(\S+)\s+(.+)/", $line, $out)){
		$offset = $out[1];
		$content = $out[2];
		$cont = $out[2];
		$cont = "Memory at offset $offset. Found using keyword: $string";
		$bn = $string." - ".$offset;
		$content = preg_replace("/$string/", "<span style='background-color: #FFFF99'>$string</span>", $content); 
	}
		$is_bookmark = check_bookmark($_SESSION['user'], $_SESSION['case_id'], $part_id, $offset, 6, $bn);
	?>
	<tr>

	<td style='text-align: center'><input type='checkbox' name='bookmark_it<?=$str?>' value="<?=$offset?>|<?=$bn?>|<?=$cont?>"></td>
	<?if($is_bookmark==0){?>
		<td style='text-align: center'><img id='star<?=$bn?>' src='../img/star_empty.png' style='cursor:pointer' onclick="displayMessage('modal_bookmark.php?arg1=6&arg2=<?=$offset?>&arg3=<?=$part_id?>&arg4=<?=$bn?>&arg5=<?=$cont?>', '340', '250');return false"></td>
	<?}else{?>
		<td style='text-align: center'><img id='star<?=$bn?>' src='../img/star.png' style='cursor:pointer' onclick="delete_bookmark('6', '<?=$offset?>', '<?=$part_id?>', '<?=$bn?>');"></td>
	<?}?>

	<td><?=$offset;?></td>
	<td><?=$content;?></td>
	</tr>	
	<?
}
?></table><?
}else{
	new AuditLog('Unauthorized access to get_ram_live_search');
        header("location: goto_home.php");
}?>
Return current item: Ptk-forensics