/* * EwfOpen */ static int EwfOpen(void *p_handle, const char **pp_filename_arr, uint64_t filename_arr_len) { pts_EwfHandle p_ewf_handle=(pts_EwfHandle)p_handle; // We need at least one file if(filename_arr_len==0) return EWF_NO_INPUT_FILES; // Make sure all files are EWF files for(uint64_t i=0;i<filename_arr_len;i++) { #ifdef HAVE_LIBEWF_V2_API if(libewf_check_file_signature(pp_filename_arr[i],NULL)!=1) #else if(libewf_check_file_signature(pp_filename_arr[i])!=1) #endif { return EWF_INVALID_INPUT_FILES; } } // Open EWF file #ifdef HAVE_LIBEWF_V2_API if(libewf_handle_open(p_ewf_handle->h_ewf, (char* const*)pp_filename_arr, filename_arr_len, libewf_get_access_flags_read(), NULL)!=1) #else p_ewf_handle->h_ewf=libewf_open((char* const*)pp_filename_arr, filename_arr_len, libewf_get_flags_read()); if(p_ewf_handle->h_ewf==NULL) #endif { return EWF_OPEN_FAILED; } #ifndef HAVE_LIBEWF_V2_API // Parse EWF header if(libewf_parse_header_values(p_ewf_handle->h_ewf, LIBEWF_DATE_FORMAT_ISO8601)!=1) { return EWF_HEADER_PARSING_FAILED; } #endif return EWF_OK; }
disk_t *fewf_init(const char *device, const int mode) { unsigned int num_files=0; char **filenames= NULL; disk_t *disk=NULL; struct info_fewf_struct *data; #if !defined( HAVE_LIBEWF_V2_API ) && defined( HAVE_GLOB_H ) glob_t globbuf; #endif data=(struct info_fewf_struct *)MALLOC(sizeof(struct info_fewf_struct)); memset(data, 0, sizeof(struct info_fewf_struct)); data->file_name = strdup(device); data->handle=NULL; data->mode = mode; #ifdef DEBUG_EWF #if defined( HAVE_LIBEWF_V2_API ) libewf_notify_set_stream( stderr, NULL ); libewf_notify_set_verbose( 1 ); #else libewf_set_notify_values( stderr, 1 ); #endif #endif #if defined( HAVE_LIBEWF_V2_API ) if( libewf_glob( data->file_name, strlen(data->file_name), LIBEWF_FORMAT_UNKNOWN, &filenames, (int *)&num_files, NULL ) != 1 ) { log_error("libewf_glob failed\n"); free(data); return NULL; } #elif defined( HAVE_GLOB_H ) { globbuf.gl_offs = 0; glob(data->file_name, GLOB_DOOFFS, NULL, &globbuf); if(globbuf.gl_pathc>0) { filenames=(char **)MALLOC(globbuf.gl_pathc * sizeof(*filenames)); for (num_files=0; num_files<globbuf.gl_pathc; num_files++) { filenames[num_files]=globbuf.gl_pathv[num_files]; } } } if(filenames==NULL) { globfree(&globbuf); free(data); return NULL; } #else { filenames=(char **)MALLOC(1*sizeof(*filenames)); filenames[num_files] = data->file_name; num_files++; } #endif if((mode&TESTDISK_O_RDWR)==TESTDISK_O_RDWR) { #if defined( HAVE_LIBEWF_V2_API ) if( libewf_handle_initialize( &( data->handle ), NULL ) != 1 ) { log_error("libewf_handle_initialize failed\n"); libewf_glob_free( filenames, num_files, NULL ); free(data); return NULL; } if( libewf_handle_open( data->handle, filenames, num_files, LIBEWF_OPEN_READ_WRITE, NULL ) != 1 ) { log_error("libewf_handle_open(%s) failed\n", device); } #else data->handle=libewf_open(filenames, num_files, LIBEWF_OPEN_READ_WRITE); if(data->handle==NULL) { log_error("libewf_open(%s) failed\n", device); } #endif /* defined( HAVE_LIBEWF_V2_API ) */ } if(data->handle==NULL) { data->mode&=~TESTDISK_O_RDWR; #if defined( HAVE_LIBEWF_V2_API ) if( libewf_handle_initialize( &( data->handle ), NULL ) != 1 ) { log_error("libewf_handle_initialize failed\n"); libewf_glob_free( filenames, num_files, NULL ); free(data); return NULL; } if( libewf_handle_open( data->handle, filenames, num_files, LIBEWF_OPEN_READ, NULL ) != 1 ) { log_error("libewf_handle_open(%s) failed\n", device); libewf_handle_free( &( data->handle ), NULL ); libewf_glob_free( filenames, num_files, NULL ); free(data); return NULL; } #else data->handle=libewf_open(filenames, num_files, LIBEWF_OPEN_READ); if(data->handle==NULL) { log_error("libewf_open(%s) failed\n", device); #if defined( HAVE_GLOB_H ) globfree(&globbuf); #endif free(filenames); free(data); return NULL; } #endif /* defined( HAVE_LIBEWF_V2_API ) */ } #if defined( HAVE_LIBEWF_V2_API ) if( libewf_handle_set_header_values_date_format( data->handle, LIBEWF_DATE_FORMAT_DAYMONTH, NULL ) != 1 ) { log_error("%s Unable to set header values date format\n", device); } #else if( libewf_parse_header_values( data->handle, LIBEWF_DATE_FORMAT_DAYMONTH) != 1 ) { log_error("%s Unable to parse EWF header values\n", device); } #endif disk=(disk_t *)MALLOC(sizeof(*disk)); init_disk(disk); disk->arch=&arch_none; disk->device=strdup(device); disk->data=data; disk->description=fewf_description; disk->description_short=fewf_description_short; disk->pread_fast=fewf_pread_fast; disk->pread=fewf_pread; disk->pwrite=(data->mode&TESTDISK_O_RDWR?fewf_pwrite:fewf_nopwrite); disk->sync=fewf_sync; disk->access_mode=(data->mode&TESTDISK_O_RDWR); disk->clean=fewf_clean; #if defined( HAVE_LIBEWF_V2_API ) || defined( LIBEWF_GET_BYTES_PER_SECTOR_HAVE_TWO_ARGUMENTS ) { uint32_t bytes_per_sector = 0; #if defined( HAVE_LIBEWF_V2_API ) if( libewf_handle_get_bytes_per_sector( data->handle, &bytes_per_sector, NULL ) != 1 ) #else if( libewf_get_bytes_per_sector(data->handle, &bytes_per_sector)<0) #endif { disk->sector_size=DEFAULT_SECTOR_SIZE; } else { disk->sector_size=bytes_per_sector; } } #else disk->sector_size=libewf_get_bytes_per_sector(data->handle); #endif // printf("libewf_get_bytes_per_sector %u\n",disk->sector_size); if(disk->sector_size==0) disk->sector_size=DEFAULT_SECTOR_SIZE; /* Set geometry */ disk->geom.cylinders=0; disk->geom.heads_per_cylinder=1; disk->geom.sectors_per_head=1; disk->geom.bytes_per_sector=disk->sector_size; /* Get disk_real_size */ #if defined( HAVE_LIBEWF_V2_API ) || defined( LIBEWF_GET_MEDIA_SIZE_HAVE_TWO_ARGUMENTS ) { size64_t media_size = 0; #if defined( HAVE_LIBEWF_V2_API ) if( libewf_handle_get_media_size( data->handle, &media_size, NULL ) != 1 ) #else if(libewf_get_media_size(data->handle, &media_size)<0) #endif { disk->disk_real_size=0; } else { disk->disk_real_size=media_size; } } #else disk->disk_real_size=libewf_get_media_size(data->handle); #endif update_disk_car_fields(disk); #if defined( HAVE_LIBEWF_V2_API ) libewf_glob_free( filenames, num_files, NULL ); #else #if defined( HAVE_GLOB_H ) globfree(&globbuf); #endif free(filenames); #endif return disk; }
int main( int argc, char * const argv[] ) #endif { uint8_t guid[ 16 ]; #ifndef HAVE_GLOB_H EWFGLOB *glob = NULL; int32_t glob_count = 0; #endif LIBEWF_HANDLE *handle = NULL; INT_T option = 0; int8_t format = 0; int8_t compression_level = 0; int8_t media_type = 0; int8_t media_flags = 0; int8_t volume_type = 0; uint8_t verbose = 0; uint8_t date_format = LIBEWF_DATE_FORMAT_DAYMONTH; char info_option = 'a'; ewfsignal_initialize(); ewfcommon_version_fprint( stderr, _S_LIBEWF_CHAR( "ewfinfo" ) ); while( ( option = ewfgetopt( argc, argv, _S_CHAR_T( "d:himvV" ) ) ) != (INT_T) -1 ) { switch( option ) { case (INT_T) '?': default: fprintf( stderr, "Invalid argument: %" PRIs "\n", argv[ optind ] ); usage(); return( EXIT_FAILURE ); case (INT_T) 'd': if( CHAR_T_COMPARE( optarg, _S_CHAR_T( "md" ), 3 ) == 0 ) { date_format = LIBEWF_DATE_FORMAT_MONTHDAY; } else if( CHAR_T_COMPARE( optarg, _S_CHAR_T( "iso8601" ), 8 ) == 0 ) { date_format = LIBEWF_DATE_FORMAT_ISO8601; } else if( CHAR_T_COMPARE( optarg, _S_CHAR_T( "dm" ), 3 ) != 0 ) { fprintf( stderr, "Unsupported date format: %" PRIs " using default day/month.\n", optarg ); } break; case (INT_T) 'e': if( info_option != 'a' ) { fprintf( stderr, "Conflicting options: %" PRIc " and %c\n", option, info_option ); usage(); return( EXIT_FAILURE ); } info_option = 'e'; break; case (INT_T) 'h': usage(); return( EXIT_SUCCESS ); case (INT_T) 'i': if( info_option != 'a' ) { fprintf( stderr, "Conflicting options: %" PRIc " and %c\n", option, info_option ); usage(); return( EXIT_FAILURE ); } info_option = 'i'; break; case (INT_T) 'm': if( info_option != 'a' ) { fprintf( stderr, "Conflicting options: %" PRIc " and %c\n", option, info_option ); usage(); return( EXIT_FAILURE ); } info_option = 'm'; break; case (INT_T) 'v': verbose = 1; break; case (INT_T) 'V': ewfcommon_copyright_fprint( stderr ); return( EXIT_SUCCESS ); } } if( optind == argc ) { fprintf( stderr, "Missing EWF image file(s).\n" ); usage(); return( EXIT_FAILURE ); } libewf_set_notify_values( stderr, verbose ); #ifndef HAVE_GLOB_H glob = ewfglob_alloc(); if( glob == NULL ) { fprintf( stderr, "Unable to create glob.\n" ); return( EXIT_FAILURE ); } glob_count = ewfglob_resolve( glob, &argv[ optind ], ( argc - optind ) ); if( glob_count <= 0 ) { fprintf( stderr, "Unable to resolve glob.\n" ); ewfglob_free( glob ); return( EXIT_FAILURE ); } handle = libewf_open( glob->results, glob->amount, LIBEWF_OPEN_READ ); ewfglob_free( glob ); #else handle = libewf_open( &argv[ optind ], ( argc - optind ), LIBEWF_OPEN_READ ); #endif if( handle == NULL ) { fprintf( stderr, "Unable to open EWF image file(s).\n" ); return( EXIT_FAILURE ); } if( libewf_parse_header_values( handle, date_format ) != 1 ) { fprintf( stderr, "Unable to parse header values.\n" ); } format = libewf_get_format( handle ); if( verbose == 1 ) { fprintf( stdout, "File format:\t\t\t" ); switch( format ) { case LIBEWF_FORMAT_EWF: fprintf( stdout, "original EWF" ); break; case LIBEWF_FORMAT_SMART: fprintf( stdout, "SMART" ); break; case LIBEWF_FORMAT_FTK: fprintf( stdout, "FTK Imager" ); break; case LIBEWF_FORMAT_ENCASE1: fprintf( stdout, "EnCase 1" ); break; case LIBEWF_FORMAT_ENCASE2: fprintf( stdout, "EnCase 2" ); break; case LIBEWF_FORMAT_ENCASE3: fprintf( stdout, "EnCase 3" ); break; case LIBEWF_FORMAT_ENCASE4: fprintf( stdout, "EnCase 4" ); break; case LIBEWF_FORMAT_ENCASE5: fprintf( stdout, "EnCase 5" ); break; case LIBEWF_FORMAT_ENCASE6: fprintf( stdout, "EnCase 6" ); break; case LIBEWF_FORMAT_LINEN5: fprintf( stdout, "linen 5" ); break; case LIBEWF_FORMAT_LINEN6: fprintf( stdout, "linen 6" ); break; case LIBEWF_FORMAT_EWFX: fprintf( stdout, "extended EWF (libewf)" ); break; case LIBEWF_FORMAT_UNKNOWN: default: fprintf( stdout, "unknown" ); break; } fprintf( stdout, "\n\n" ); } if( ( info_option == 'a' ) || ( info_option == 'i' ) ) { fprintf( stdout, "Acquiry information\n" ); ewfcommon_header_values_fprint( stdout, handle ); fprintf( stdout, "\n" ); } if( ( info_option == 'a' ) || ( info_option == 'm' ) ) { fprintf( stdout, "Media information\n" ); if( ( format != LIBEWF_FORMAT_EWF ) && ( format != LIBEWF_FORMAT_SMART ) ) { media_type = libewf_get_media_type( handle ); media_flags = libewf_get_media_flags( handle ); volume_type = libewf_get_volume_type( handle ); if( media_type == LIBEWF_MEDIA_TYPE_REMOVABLE ) { fprintf( stdout, "\tMedia type:\t\tremovable disk\n" ); } else if( media_type == LIBEWF_MEDIA_TYPE_FIXED ) { fprintf( stdout, "\tMedia type:\t\tfixed disk\n" ); } else { fprintf( stdout, "\tMedia type:\t\tunknown (0x%" PRIx8 ")\n", media_type ); } if( verbose == 1 ) { fprintf( stdout, "\tMedia flags:\t\t0x%" PRIx8 "\n", media_flags ); } if( volume_type == LIBEWF_VOLUME_TYPE_LOGICAL ) { fprintf( stdout, "\tMedia is physical:\tno\n" ); } else if( volume_type == LIBEWF_VOLUME_TYPE_PHYSICAL ) { fprintf( stdout, "\tMedia is physical:\tyes\n" ); } else { fprintf( stdout, "\tVolume type:\t\tunknown (0x%" PRIx8 ")\n", volume_type ); } } fprintf( stdout, "\tAmount of sectors:\t%" PRIu32 "\n", libewf_get_amount_of_sectors( handle ) ); fprintf( stdout, "\tBytes per sector:\t%" PRIu32 "\n", libewf_get_bytes_per_sector( handle ) ); fprintf( stdout, "\tMedia size:\t\t%" PRIu64 "\n", libewf_get_media_size( handle ) ); if( ( format == LIBEWF_FORMAT_ENCASE5 ) || ( format == LIBEWF_FORMAT_ENCASE6 ) || ( format == LIBEWF_FORMAT_LINEN5 ) || ( format == LIBEWF_FORMAT_LINEN6 ) || ( format == LIBEWF_FORMAT_EWFX ) ) { fprintf( stdout, "\tError granularity:\t%" PRIu32 "\n", libewf_get_error_granularity( handle ) ); compression_level = libewf_get_compression_level( handle ); if( compression_level == LIBEWF_COMPRESSION_NONE ) { fprintf( stdout, "\tCompression type:\tno compression\n" ); } else if( compression_level == LIBEWF_COMPRESSION_FAST ) { fprintf( stdout, "\tCompression type:\tgood (fast) compression\n" ); } else if( compression_level == LIBEWF_COMPRESSION_BEST ) { fprintf( stdout, "\tCompression type:\tbest compression\n" ); } else { fprintf( stdout, "\tCompression type:\tunknown compression\n" ); } if( libewf_get_guid( handle, guid, 16 ) == 1 ) { fprintf( stdout, "\tGUID:\t\t\t%.2" PRIx8 "%.2" PRIx8 "%.2" PRIx8 "%.2" PRIx8 "-%.2" PRIx8 "%.2" PRIx8 "-%.2" PRIx8 "%.2" PRIx8 "-%.2" PRIx8 "%.2" PRIx8 "-%.2" PRIx8 "%.2" PRIx8 "%.2" PRIx8 "%.2" PRIx8 "%.2" PRIx8 "%.2" PRIx8 "\n", guid[ 0 ], guid[ 1 ], guid[ 2 ], guid[ 3 ], guid[ 4 ], guid[ 5 ], guid[ 6 ], guid[ 7 ], guid[ 8 ], guid[ 9 ], guid[ 10 ], guid[ 11 ], guid[ 12 ], guid[ 13 ], guid[ 14 ], guid[ 15 ] ); } } ewfcommon_hash_values_fprint( stdout, handle ); fprintf( stdout, "\n" ); } if( ( info_option == 'a' ) || ( info_option == 'e' ) ) { ewfcommon_acquiry_errors_fprint( stdout, handle ); } if( libewf_close( handle ) != 0 ) { fprintf( stdout, "Unable to close EWF file handle.\n" ); return( EXIT_FAILURE ); } return( EXIT_SUCCESS ); }
int main( int argc, char * const argv[] ) #endif { character_t media_size_string[ 16 ]; uint8_t guid[ 16 ]; character_t *program = _CHARACTER_T_STRING( "ewfinfo" ); #if !defined( HAVE_GLOB_H ) ewfglob_t *glob = NULL; int32_t glob_count = 0; #endif #if defined( HAVE_STRERROR_R ) || defined( HAVE_STRERROR ) system_character_t *error_string = NULL; #endif char *file_format_string = NULL; system_integer_t option = 0; size64_t media_size = 0; uint32_t bytes_per_sector = 0; uint32_t amount_of_sectors = 0; uint32_t error_granularity = 0; uint32_t amount_of_acquiry_errors = 0; uint32_t amount_of_sessions = 0; int8_t compression_level = 0; int8_t media_type = 0; int8_t media_flags = 0; int8_t volume_type = 0; uint8_t compress_empty_block = 0; uint8_t format = 0; uint8_t verbose = 0; uint8_t date_format = LIBEWF_DATE_FORMAT_CTIME; char info_option = 'a'; int result = 0; /* ewfoutput_version_fprint( stdout, program ); */ while( ( option = ewfgetopt( argc, argv, _SYSTEM_CHARACTER_T_STRING( "d:ehimvcV" ) ) ) != (system_integer_t) -1 ) { switch( option ) { case (system_integer_t) '?': default: fprintf( stderr, "Invalid argument: %" PRIs_SYSTEM "\n", argv[ optind ] ); usage_fprint( stdout ); return( EXIT_FAILURE ); case (system_integer_t) 'd': if( system_string_compare( optarg, _SYSTEM_CHARACTER_T_STRING( "dm" ), 3 ) == 0 ) { date_format = LIBEWF_DATE_FORMAT_DAYMONTH; } else if( system_string_compare( optarg, _SYSTEM_CHARACTER_T_STRING( "md" ), 3 ) == 0 ) { date_format = LIBEWF_DATE_FORMAT_MONTHDAY; } else if( system_string_compare( optarg, _SYSTEM_CHARACTER_T_STRING( "iso8601" ), 8 ) == 0 ) { date_format = LIBEWF_DATE_FORMAT_ISO8601; } else if( system_string_compare( optarg, _SYSTEM_CHARACTER_T_STRING( "ctime" ), 3 ) != 0 ) { fprintf( stderr, "Unsupported date format: %" PRIs_SYSTEM " using default ctime.\n", optarg ); } break; case (system_integer_t) 'e': if( info_option != 'a' ) { fprintf( stderr, "Conflicting options: %" PRIc_SYSTEM " and %c\n", option, info_option ); usage_fprint( stdout ); return( EXIT_FAILURE ); } info_option = 'e'; break; case (system_integer_t) 'h': usage_fprint( stdout ); return( EXIT_SUCCESS ); case (system_integer_t) 'i': if( info_option != 'a' ) { fprintf( stderr, "Conflicting options: %" PRIc_SYSTEM " and %c\n", option, info_option ); usage_fprint( stdout ); return( EXIT_FAILURE ); } info_option = 'i'; break; case (system_integer_t) 'c': info_option = 'c'; break; case (system_integer_t) 'm': if( info_option != 'a' ) { fprintf( stderr, "Conflicting options: %" PRIc_SYSTEM " and %c\n", option, info_option ); usage_fprint( stdout ); return( EXIT_FAILURE ); } info_option = 'm'; break; case (system_integer_t) 'v': verbose = 1; break; case (system_integer_t) 'V': ewfoutput_copyright_fprint( stdout ); return( EXIT_SUCCESS ); } } if( optind == argc ) { fprintf( stderr, "Missing EWF image file(s).\n" ); usage_fprint( stdout ); return( EXIT_FAILURE ); } libewf_set_notify_values( stderr, verbose ); if( ewfsignal_attach( ewfcommon_signal_handler ) != 1 ) { fprintf( stderr, "Unable to attach signal handler.\n" ); } #if 0 && !defined( HAVE_GLOB_H ) glob = ewfglob_alloc(); if( glob == NULL ) { fprintf( stderr, "Unable to create glob.\n" ); return( EXIT_FAILURE ); } glob_count = ewfglob_resolve( glob, &argv[ optind ], ( argc - optind ) ); if( glob_count <= 0 ) { fprintf( stderr, "Unable to resolve glob.\n" ); ewfglob_free( glob ); return( EXIT_FAILURE ); } ewfcommon_libewf_handle = libewf_open( glob->results, glob->amount, LIBEWF_OPEN_READ ); ewfglob_free( glob ); #else ewfcommon_libewf_handle = libewf_open( &argv[ optind ], ( argc - optind ), LIBEWF_OPEN_READ ); #endif if( ( ewfcommon_abort == 0 ) && ( ewfcommon_libewf_handle == NULL ) ) { #if defined( HAVE_STRERROR_R ) || defined( HAVE_STRERROR ) if( errno != 0 ) { error_string = ewfcommon_strerror( errno ); } if( error_string != NULL ) { fprintf( stderr, "Unable to open EWF file(s) with failure: %" PRIs_SYSTEM ".\n", error_string ); memory_free( error_string ); } else { fprintf( stderr, "Unable to open EWF file(s).\n" ); } #else fprintf( stderr, "Unable to open EWF file(s).\n" ); #endif return( EXIT_FAILURE ); } if( ( ewfcommon_abort == 0 ) && ( libewf_parse_header_values( ewfcommon_libewf_handle, date_format ) != 1 ) ) { fprintf( stderr, "Unable to parse header values.\n" ); } if( ( ewfcommon_abort == 0 ) && ( libewf_get_format( ewfcommon_libewf_handle, &format ) != 1 ) ) { fprintf( stderr, "Unable to determine format.\n" ); } else if( verbose == 1 ) { switch( format ) { case LIBEWF_FORMAT_EWF: file_format_string = "original EWF"; break; case LIBEWF_FORMAT_SMART: file_format_string = "SMART"; break; case LIBEWF_FORMAT_FTK: file_format_string = "FTK Imager"; break; case LIBEWF_FORMAT_ENCASE1: file_format_string = "EnCase 1"; break; case LIBEWF_FORMAT_ENCASE2: file_format_string = "EnCase 2"; break; case LIBEWF_FORMAT_ENCASE3: file_format_string = "EnCase 3"; break; case LIBEWF_FORMAT_ENCASE4: file_format_string = "EnCase 4"; break; case LIBEWF_FORMAT_ENCASE5: file_format_string = "EnCase 5"; break; case LIBEWF_FORMAT_ENCASE6: file_format_string = "EnCase 6"; break; case LIBEWF_FORMAT_LINEN5: file_format_string = "linen 5"; break; case LIBEWF_FORMAT_LINEN6: file_format_string = "linen 6"; break; case LIBEWF_FORMAT_EWFX: file_format_string = "extended EWF (libewf)"; break; case LIBEWF_FORMAT_UNKNOWN: default: file_format_string = "unknown"; break; } fprintf( stdout, "File format:\t\t\t%s\n\n", file_format_string ); } if( ( ewfcommon_abort == 0 ) && ( ( info_option == 'a' ) || ( info_option == 'i' ) ) ) { fprintf( stdout, "Acquiry information\n" ); ewfoutput_header_values_fprint( stdout, ewfcommon_libewf_handle ); fprintf( stdout, "\n" ); } if( ( ewfcommon_abort == 0 ) && ( ( info_option == 'a' ) || ( info_option == 'm' ) ) ) { fprintf( stdout, "Media information\n" ); if( ( format != LIBEWF_FORMAT_EWF ) && ( format != LIBEWF_FORMAT_SMART ) ) { if( libewf_get_media_type( ewfcommon_libewf_handle, &media_type ) != 1 ) { fprintf( stderr, "Unable to determine media type.\n" ); } else if( media_type == LIBEWF_MEDIA_TYPE_REMOVABLE ) { fprintf( stdout, "\tMedia type:\t\tremovable disk\n" ); } else if( media_type == LIBEWF_MEDIA_TYPE_FIXED ) { fprintf( stdout, "\tMedia type:\t\tfixed disk\n" ); } else if( media_type == LIBEWF_MEDIA_TYPE_CD ) { fprintf( stdout, "\tMedia type:\t\tCD/DVD\n" ); } else { fprintf( stdout, "\tMedia type:\t\tunknown (0x%" PRIx8 ")\n", media_type ); } if( libewf_get_media_flags( ewfcommon_libewf_handle, &media_flags ) != 1 ) { fprintf( stderr, "Unable to determine media flags.\n" ); } else if( verbose == 1 ) { fprintf( stdout, "\tMedia flags:\t\t0x%" PRIx8 "\n", media_flags ); } if( libewf_get_volume_type( ewfcommon_libewf_handle, &volume_type ) != 1 ) { fprintf( stderr, "Unable to determine volume type.\n" ); } else if( volume_type == LIBEWF_VOLUME_TYPE_LOGICAL ) { fprintf( stdout, "\tMedia is physical:\tno\n" ); } else if( volume_type == LIBEWF_VOLUME_TYPE_PHYSICAL ) { fprintf( stdout, "\tMedia is physical:\tyes\n" ); } else { fprintf( stdout, "\tVolume type:\t\tunknown (0x%" PRIx8 ")\n", volume_type ); } } if( libewf_get_amount_of_sectors( ewfcommon_libewf_handle, &amount_of_sectors ) == 1 ) { fprintf( stdout, "\tAmount of sectors:\t%" PRIu32 "\n", amount_of_sectors ); } else { fprintf( stderr, "Unable to determine amount of sectors.\n" ); } if( libewf_get_bytes_per_sector( ewfcommon_libewf_handle, &bytes_per_sector ) == 1 ) { fprintf( stdout, "\tBytes per sector:\t%" PRIu32 "\n", bytes_per_sector ); } else { fprintf( stderr, "Unable to determine bytes per sector.\n" ); } if( libewf_get_media_size( ewfcommon_libewf_handle, &media_size ) == 1 ) { result = ewfbyte_size_string_create( media_size_string, 16, media_size, EWFBYTE_SIZE_STRING_UNIT_MEBIBYTE ); if( result == 1 ) { fprintf( stdout, "\tMedia size:\t\t%" PRIs " (%" PRIu64 " bytes)\n", media_size_string, media_size ); } else { fprintf( stdout, "\tMedia size:\t\t%" PRIu64 " bytes\n", media_size ); } } else { fprintf( stderr, "Unable to determine media size.\n" ); } if( ( format == LIBEWF_FORMAT_ENCASE5 ) || ( format == LIBEWF_FORMAT_ENCASE6 ) || ( format == LIBEWF_FORMAT_LINEN5 ) || ( format == LIBEWF_FORMAT_LINEN6 ) || ( format == LIBEWF_FORMAT_EWFX ) ) { if( libewf_get_error_granularity( ewfcommon_libewf_handle, &error_granularity ) == 1 ) { fprintf( stdout, "\tError granularity:\t%" PRIu32 "\n", error_granularity ); } else { fprintf( stderr, "Unable to determine error granularity.\n" ); } if( libewf_get_compression_values( ewfcommon_libewf_handle, &compression_level, &compress_empty_block ) == 1 ) { if( compression_level == LIBEWF_COMPRESSION_NONE ) { fprintf( stdout, "\tCompression type:\tno compression\n" ); } else if( compression_level == LIBEWF_COMPRESSION_FAST ) { fprintf( stdout, "\tCompression type:\tgood (fast) compression\n" ); } else if( compression_level == LIBEWF_COMPRESSION_BEST ) { fprintf( stdout, "\tCompression type:\tbest compression\n" ); } else { fprintf( stdout, "\tCompression type:\tunknown compression\n" ); } } else { fprintf( stderr, "Unable to determine compression level.\n" ); } if( libewf_get_guid( ewfcommon_libewf_handle, guid, 16 ) == 1 ) { fprintf( stdout, "\tGUID:\t\t\t%.2" PRIx8 "%.2" PRIx8 "%.2" PRIx8 "%.2" PRIx8 "-%.2" PRIx8 "%.2" PRIx8 "-%.2" PRIx8 "%.2" PRIx8 "-%.2" PRIx8 "%.2" PRIx8 "-%.2" PRIx8 "%.2" PRIx8 "%.2" PRIx8 "%.2" PRIx8 "%.2" PRIx8 "%.2" PRIx8 "\n", guid[ 0 ], guid[ 1 ], guid[ 2 ], guid[ 3 ], guid[ 4 ], guid[ 5 ], guid[ 6 ], guid[ 7 ], guid[ 8 ], guid[ 9 ], guid[ 10 ], guid[ 11 ], guid[ 12 ], guid[ 13 ], guid[ 14 ], guid[ 15 ] ); } } ewfoutput_hash_values_fprint( stdout, ewfcommon_libewf_handle ); fprintf( stdout, "\n" ); ewfoutput_sessions_fprint( stdout, ewfcommon_libewf_handle, &amount_of_sessions ); } if ( ( ewfcommon_abort == 0) && ( ( info_option =='c' ))) { libewf_internal_handle_t *handle = (libewf_internal_handle_t *)ewfcommon_libewf_handle; int i; struct libewf_chunk_offset *chunk = handle->offset_table->chunk_offset; // Print some attributes printf("size=%lld\n", handle->media_values->media_size); printf("chunk_size=%d\n", handle->media_values->chunk_size); printf("count=%d\n", handle->offset_table->amount); for(i=0; i<handle->offset_table->amount; i++) { printf("%d,%lld,%d,%d,%s\n", i, chunk[i].file_offset, chunk[i].size, chunk[i].compressed, chunk[i].segment_file_handle->filename); }; }; if( ( ewfcommon_abort == 0 ) && ( ( info_option == 'a' ) || ( info_option == 'e' ) ) ) { ewfoutput_acquiry_errors_fprint( stdout, ewfcommon_libewf_handle, &amount_of_acquiry_errors ); } if( ewfsignal_detach() != 1 ) { fprintf( stderr, "Unable to detach signal handler.\n" ); } if( ewfcommon_abort != 0 ) { fprintf( stdout, "%" PRIs ": ABORTED\n", program ); return( EXIT_FAILURE ); } if( libewf_close( ewfcommon_libewf_handle ) != 0 ) { fprintf( stderr, "Unable to close EWF file(s).\n" ); return( EXIT_FAILURE ); } return( EXIT_SUCCESS ); }
/* * EwfOpen */ static int EwfOpen(void *p_handle, const char **pp_filename_arr, uint64_t filename_arr_len) { pts_EwfHandle p_ewf_handle=(pts_EwfHandle)p_handle; // We need at least one file if(filename_arr_len==0) return EWF_NO_INPUT_FILES; // Make sure all files are EWF files for(uint64_t i=0;i<filename_arr_len;i++) { #ifdef HAVE_LIBEWF_V2_API if(libewf_check_file_signature(pp_filename_arr[i],NULL)!=1) #else if(libewf_check_file_signature(pp_filename_arr[i])!=1) #endif { return EWF_INVALID_INPUT_FILES; } } // Open EWF file #ifdef HAVE_LIBEWF_V2_API if(libewf_handle_open(p_ewf_handle->h_ewf, (char* const*)pp_filename_arr, filename_arr_len, libewf_get_access_flags_read(), NULL)!=1) #else p_ewf_handle->h_ewf=libewf_open((char* const*)pp_filename_arr, filename_arr_len, libewf_get_flags_read()); if(p_ewf_handle->h_ewf==NULL) #endif { return EWF_OPEN_FAILED; } #ifdef HAVE_LIBEWF_V2_API // Try to read 1 byte from the image end to verify that all segments were // specified (Only needed because libewf_handle_open() won't fail even if not // all segments were specified!) uint64_t image_size=0; char buf; if(libewf_handle_get_media_size(p_ewf_handle->h_ewf,&image_size,NULL)!=1) { return EWF_GET_SIZE_FAILED; } if(image_size==0) return EWF_OK; LIBXMOUNT_LOG_DEBUG(p_ewf_handle->debug, "Trying to read last byte of image at offset %" PRIu64 " (image size = %" PRIu64 " bytes)\n", image_size-1, image_size); if(libewf_handle_seek_offset(p_ewf_handle->h_ewf, image_size-1, SEEK_SET, NULL)==-1) { return EWF_OPEN_FAILED_SEEK; } if(libewf_handle_read_buffer(p_ewf_handle->h_ewf,&buf,1,NULL)!=1) { return EWF_OPEN_FAILED_READ; } #endif #ifndef HAVE_LIBEWF_V2_API // Parse EWF header if(libewf_parse_header_values(p_ewf_handle->h_ewf, LIBEWF_DATE_FORMAT_ISO8601)!=1) { return EWF_HEADER_PARSING_FAILED; } #endif return EWF_OK; }