fixing details regarding the data format

[janstarke]

• checksum: I found the value you specified is not the starting value for checksum calculation. However, it seems that the starting value you gave is exactly the magic number "\xef\xcd\xab\x89". So, if you start at byte offset 4, using this starting value, it gets nulled out when XORing with the magic number. So, either you start with offset 4 using the starting value you supplied ((which is what you are doing;

  libesedb/libesedb/libesedb_file_header.c

  Lines 678 to 683 in d959e1e

  	if( libesedb_checksum_calculate_little_endian_xor32(
  	&calculated_xor32_checksum,
  	&( data[ 4 ] ),
  	data_size - 4,
  	0x89abcdef,
  	error ) != 1 )

  )), or you start at offset 8 with no starting value.
• DBTIME: I found in my test data that the structure contains three 1-byte-values (which follow your assertions and do look like a time), followed by 5 NULL-bytes.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 16.83%. Comparing base (d959e1e) to head (8c57e22).

❗ There is a different number of reports uploaded between BASE (d959e1e) and HEAD (8c57e22). Click for more details.

HEAD has 2 uploads less than BASE

Flag	BASE (d959e1e)	HEAD (8c57e22)
	4	2

Additional details and impacted files

@@            Coverage Diff             @@
##             main      #72      +/-   ##
==========================================
- Coverage   22.19%   16.83%   -5.37%     
==========================================
  Files          53       53              
  Lines       12299    12296       -3     
  Branches     2843     2842       -1     
==========================================
- Hits         2730     2070     -660     
- Misses       9141     9894     +753     
+ Partials      428      332      -96     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.