void Carver::fillResult(context* ctx)
{
std::stringstream totalheaders;
std::stringstream totalfooters;
std::map<std::string, Variant_p >::iterator mit;
std::list<Variant_p > vlistptr;
totalheaders.str("");
totalheaders << "Header " << ctx->headers.size() << " (pattern " << this->needleToHexString(ctx->descr->header->needle, ctx->descr->header->size) << ") ";
if ((mit = this->res.find(std::string(ctx->descr->type))) != this->res.end())
{
mit->second->convert(typeId::List, &vlistptr);
totalheaders << ctx->headers.size() << " header(s) found";
}
else
{
std::list<Variant_p > vlist;
vlist.push_back(Variant_p(new Variant(totalheaders.str())));
this->res[std::string(ctx->descr->type)] = Variant_p(new Variant(vlist));
this->res[std::string(ctx->descr->type)]->convert(typeId::List, &vlistptr);
vlistptr.push_back(Variant_p(new Variant(totalheaders.str())));
this->res[std::string(ctx->descr->type)] = Variant_p(new Variant(vlistptr));
}
std::cout << vlistptr.size() << std::endl;
}
Attributes UnallocatedSpace::_attributes(void)
{
Attributes attrs;
attrs["starting cluster"] = Variant_p(new Variant(this->__scluster));
attrs["total clusters"] = Variant_p(new Variant(this->__count));
return attrs;
}
Attributes ReservedSectors::_attributes(void)
{
Attributes attrs;
attrs["starting sector"] = Variant_p(new Variant(1));
attrs["total sectors"] = Variant_p(new Variant(this->fs->bs->reserved));
return attrs;
}
Attributes EWFNode::_attributes()
{
Attributes attr;
uint32_t numval;
std::string identifier;
std::string value;
if (libewf_handle_set_header_values_date_format(this->ewfso->ewf_ghandle, LIBEWF_DATE_FORMAT_CTIME, NULL) == 1)
{
if (libewf_handle_get_number_of_header_values(this->ewfso->ewf_ghandle, &numval, NULL) == 1)
{
for (uint32_t i = 0; i != numval; i++)
{
try
{
identifier = this->__getIdentifier(i);
if (!identifier.empty())
{
value = this->__getValue(identifier);
if (!value.empty())
attr[identifier] = Variant_p(new Variant(value));
}
}
catch (std::exception)
{
}
}
}
}
if (libewf_handle_get_number_of_hash_values(this->ewfso->ewf_ghandle, &numval, NULL) == 1)
{
for (uint32_t i = 0; i != numval; i++)
{
try
{
identifier = this->__getHashIdentifier(i);
if (!identifier.empty())
{
value = this->__getHashValue(identifier);
if (!value.empty())
attr[identifier] = Variant_p(new Variant(value));
}
}
catch (std::exception)
{
}
}
}
return attr;
}
Attributes FileSystemSlack::_attributes(void)
{
Attributes attrs;
uint64_t esect;
uint64_t tsect;
uint64_t ssect;
esect = this->fs->parent->size() / this->fs->bs->ssize;
tsect = (this->fs->parent->size() - this->fs->bs->totalsize) / this->fs->bs->ssize;
ssect = esect - tsect;
attrs["ending sector"] = Variant_p(new Variant(esect));
attrs["total sectors"] = Variant_p(new Variant(tsect));
attrs["starting sector"] = Variant_p(new Variant(ssect));
return attrs;
}
Attributes FileSystemSlack::dataType()
{
Attributes dtype;
dtype["fatfs"] = Variant_p(new Variant(std::string("file system slack")));
return dtype;
}
Attributes ReservedSectors::dataType()
{
Attributes dtype;
dtype["fatfs"] = Variant_p(new Variant(std::string("reserved sectors")));
return dtype;
}
Attributes UnallocatedSpace::dataType()
{
Attributes dtype;
dtype["fatfs"] = Variant_p(new Variant(std::string("unallocated space")));
return dtype;
}
void aff::start(std::map<std::string, Variant_p > args)
{
std::list<Variant_p > vl;
std::list<Variant_p >::iterator vpath;
AffNode* node;
if (args.find("parent") != args.end())
this->parent = args["parent"]->value<Node* >();
else
this->parent = VFS::Get().GetNode("/");
if (args.find("path") != args.end())
vl = args["path"]->value<std::list<Variant_p > >();
else
throw(envError("aff module requires path argument"));
if (args.find("cache size") != args.end())
{
std::ostringstream cs;
cs << args["cache size"]->value<uint32_t >();
this->cache_size = cs.str();
}
else
this->cache_size = "2";
#ifndef WIN32
setenv("AFFLIB_CACHE_PAGES", this->cache_size.c_str(), 1);
#else
_putenv_s("AFFLIB_CACHE_PAGES", this->cache_size.c_str());
#endif
for (vpath = vl.begin(); vpath != vl.end(); vpath++)
{
std::string path = (*vpath)->value<Path* >()->path;
AFFILE* affile = af_open(path.c_str(), O_RDONLY, 0);
if (affile)
{
std::string nname = path.substr(path.rfind('/') + 1);
node = new AffNode(nname, af_get_imagesize(affile), NULL, this, path, affile);
this->registerTree(this->parent, node);
this->res[path] = Variant_p(new Variant(std::string("added successfully by aff module")));
}
else
this->res[path] = Variant_p(new Variant(std::string("can't be added by aff module")));
}
return ;
}
void fso::registerTree(Node* parent, Node* head)
{
event* e = new event;
e->value = Variant_p(new Variant(head));
fso* pfsobj;
if (((pfsobj = parent->fsobj()) != NULL) && (pfsobj != this))
pfsobj->addChild(this);
//AttributesIndexer::Get().registerAttributes(head);
parent->addChild(head);
VFS::Get().notify(e);
}
Attributes FatNode::_attributes()
{
Attributes attr;
VFile* vf;
std::vector<uint32_t> clusters;
uint8_t* entry;
EntriesManager* em;
dosentry* dos;
em = new EntriesManager(this->fs->bs->fattype);
vf = this->fs->parent->open();
attr["lfn entries start offset"] = Variant_p(new Variant(this->lfnmetaoffset));
attr["dos entry offset"] = Variant_p(new Variant(this->dosmetaoffset));
if ((entry = (uint8_t*)malloc(sizeof(dosentry))) != NULL)
{
vf->seek(this->dosmetaoffset);
if (vf->read(entry, sizeof(dosentry)) != sizeof(dosentry))
{
free(entry);
return attr;
}
dos = em->toDos(entry);
free(entry);
attr["modified"] = Variant_p(new Variant(new vtime(dos->mtime, dos->mdate)));
attr["accessed"] = Variant_p(new Variant(new vtime(0, dos->adate)));
attr["created"] = Variant_p(new Variant(new vtime(dos->ctime, dos->cdate)));
attr["dos name (8+3)"] = Variant_p(new Variant(em->formatDosname(dos)));
delete em;
attr["Read Only"] = Variant_p(new Variant(bool(dos->attributes & ATTR_READ_ONLY)));
attr["Hidden"] = Variant_p(new Variant(bool(dos->attributes & ATTR_HIDDEN)));
attr["System"] = Variant_p(new Variant(bool(dos->attributes & ATTR_SYSTEM)));
attr["Archive"] = Variant_p(new Variant(bool(dos->attributes & ATTR_ARCHIVE)));
attr["Volume"] = Variant_p(new Variant(bool(dos->attributes & ATTR_VOLUME)));
delete dos;
try
{
uint64_t clustsize = (uint64_t)this->fs->bs->csize * this->fs->bs->ssize;
if (this->__clustrealloc)
attr["first cluster (!! reallocated to another existing entry)"] = Variant_p(new Variant(this->cluster));
else
{
if (!this->isDeleted() && this->size())
{
clusters = this->fs->fat->clusterChain(this->cluster);
uint64_t clistsize = clusters.size();
attr["allocated clusters"] = Variant_p(new Variant(clistsize));
if (this->size() < clistsize * clustsize)
{
uint64_t ssize = clistsize * clustsize - this->size();
attr["slack space size"] = Variant_p(new Variant(ssize));
}
else
{
uint32_t missclust;
uint64_t gap;
gap = this->size() - clistsize * clustsize;
missclust = gap / clustsize;
attr["file truncated"] = Variant_p(new Variant(true));
attr["missing cluters"] = Variant_p(new Variant(missclust));
attr["missing size"] = Variant_p(new Variant(gap));
}
}
//for (i = 0; i != clusters.size(); i++)
//clustlist.push_back(new Variant(clusters[i]));
attr["first cluster"] = Variant_p(new Variant(this->cluster));
//attr["allocated clusters"] = new Variant(clustlist);
}
}
catch(vfsError e)
{
}
}
if (vf != NULL)
{
vf->close();
delete vf;
}
return attr;
}
void FsStat::attr_stat(const SuperBlock * SB, VFile * vfile,
Attributes * attr)
{
_gd_table = getGroupDescriptor(SB->block_size(), vfile, SB->offset());
bool sparse = SB->useRoFeatures(SuperBlock::_SPARSE_SUPERBLOCK,
SB->ro_features_flags());
std::map<std::string, Variant_p > l;
std::map<std::string, Variant_p > m;
std::map<std::string, Variant_p > details;
for (unsigned int i = 0; i < SB->group_number(); ++i)
{
std::ostringstream oss;
std::string key;
m.clear();
details.clear();
key = __build_range(inode_range(SB->inodes_in_group_number(), i));
m["Inode range"] = Variant_p(new Variant(key));
key = __build_range(block_range(i, SB->block_in_groups_number(),
SB->blocks_number()));
m["Block range"] = Variant_p(new Variant(key));
m["Directories number"] = Variant_p(new Variant(_gd_table[i].dir_nbr));
key = unallocated_blocks(SB->block_in_groups_number(), i,
SB->blocks_number(), false);
m["Unallocated blocks"] = Variant_p(new Variant(key));
key = unallocated_inodes(SB->inodes_in_group_number(), i, false);
m["Unallocated inodes"] = Variant_p(new Variant(key));
oss << i;
std::pair<uint32_t, uint32_t> sb_gd_bkp
= sb_gd_backups(sparse, i, SB->block_in_groups_number());
if (sb_gd_bkp.first != sb_gd_bkp.second)
{
details["Superblock"] = Variant_p(new Variant(sb_gd_bkp.first));
details["Group descriptor"] = Variant_p(new Variant(sb_gd_bkp.second));
}
details["Block bitmap"] = Variant_p(new Variant(_gd_table[i].block_bitmap_addr));
details["Inode bitmap"] = Variant_p(new Variant(_gd_table[i].inode_bitmap_addr));
std::pair<uint32_t, uint32_t> it_range
= inode_table_range(i, (SuperBlock *)SB);
key = __build_range(it_range);
details["Inode table block range"] = Variant_p(new Variant(key));
key = __build_range(d_range(i, SB->block_in_groups_number(),
it_range.second + 1));
details["Data blocks range"] = Variant_p(new Variant(key));
m["Details"] = Variant_p(new Variant(details));
l[std::string("Group ") + oss.str()] = Variant_p(new Variant(m));
}
(*attr)[std::string("File system layout")] = Variant_p(new Variant(l));
}