/* Retrieves a specific record
* Returns 1 if successful or -1 on error
*/
int libesedb_index_get_record(
libesedb_index_t *index,
int record_entry,
libesedb_record_t **record,
libcerror_error_t **error )
{
libesedb_data_definition_t *index_data_definition = NULL;
libesedb_data_definition_t *record_data_definition = NULL;
libesedb_internal_index_t *internal_index = NULL;
libesedb_key_t *key = NULL;
uint8_t *index_data = NULL;
static char *function = "libesedb_index_get_record";
size_t index_data_size = 0;
if( index == NULL )
{
libcerror_error_set(
error,
LIBCERROR_ERROR_DOMAIN_ARGUMENTS,
LIBCERROR_ARGUMENT_ERROR_INVALID_VALUE,
"%s: invalid index.",
function );
return( -1 );
}
internal_index = (libesedb_internal_index_t *) index;
if( record == NULL )
{
libcerror_error_set(
error,
LIBCERROR_ERROR_DOMAIN_ARGUMENTS,
LIBCERROR_ARGUMENT_ERROR_INVALID_VALUE,
"%s: invalid record.",
function );
return( -1 );
}
if( *record != NULL )
{
libcerror_error_set(
error,
LIBCERROR_ERROR_DOMAIN_RUNTIME,
LIBCERROR_RUNTIME_ERROR_VALUE_ALREADY_SET,
"%s: invalid record value already set.",
function );
return( -1 );
}
if( libfdata_btree_get_leaf_value_by_index(
internal_index->index_values_tree,
(intptr_t *) internal_index->file_io_handle,
internal_index->index_values_cache,
record_entry,
(intptr_t **) &index_data_definition,
0,
error ) != 1 )
{
libcerror_error_set(
error,
LIBCERROR_ERROR_DOMAIN_RUNTIME,
LIBCERROR_RUNTIME_ERROR_GET_FAILED,
"%s: unable to retrieve leaf value: %d from index values tree.",
function,
record_entry );
goto on_error;
}
if( libesedb_data_definition_read_data(
index_data_definition,
internal_index->file_io_handle,
internal_index->io_handle,
internal_index->pages_vector,
internal_index->pages_cache,
&index_data,
&index_data_size,
error ) != 1 )
{
libcerror_error_set(
error,
LIBCERROR_ERROR_DOMAIN_IO,
LIBCERROR_IO_ERROR_READ_FAILED,
"%s: unable to read index data definition data.",
function );
goto on_error;
}
if( libesedb_key_initialize(
&key,
error ) != 1 )
{
libcerror_error_set(
error,
LIBCERROR_ERROR_DOMAIN_RUNTIME,
LIBCERROR_RUNTIME_ERROR_INITIALIZE_FAILED,
"%s: unable to create key.",
function );
goto on_error;
}
if( libesedb_key_set_data(
key,
index_data,
index_data_size,
error ) != 1 )
{
libcerror_error_set(
error,
LIBCERROR_ERROR_DOMAIN_RUNTIME,
LIBCERROR_RUNTIME_ERROR_SET_FAILED,
"%s: unable to set index data in key.",
function );
goto on_error;
}
key->type = LIBESEDB_KEY_TYPE_INDEX_VALUE;
if( libfdata_btree_get_leaf_value_by_key(
internal_index->table_values_tree,
(intptr_t *) internal_index->file_io_handle,
internal_index->table_values_cache,
(intptr_t *) key,
(int (*)(intptr_t *, intptr_t *, libcerror_error_t **)) &libesedb_key_compare,
LIBFDATA_BTREE_SEARCH_FLAG_SCAN_NEXT_NODE,
(intptr_t **) &record_data_definition,
0,
error ) != 1 )
{
libcerror_error_set(
error,
LIBCERROR_ERROR_DOMAIN_RUNTIME,
LIBCERROR_RUNTIME_ERROR_GET_FAILED,
"%s: unable to retrieve leaf value by key.",
function );
goto on_error;
}
if( libesedb_key_free(
&key,
error ) != 1 )
{
libcerror_error_set(
error,
LIBCERROR_ERROR_DOMAIN_RUNTIME,
LIBCERROR_RUNTIME_ERROR_FINALIZE_FAILED,
"%s: unable to free key.",
function );
goto on_error;
}
if( libesedb_record_initialize(
record,
internal_index->file_io_handle,
internal_index->io_handle,
internal_index->table_definition,
internal_index->template_table_definition,
internal_index->pages_vector,
internal_index->pages_cache,
internal_index->long_values_pages_vector,
internal_index->long_values_pages_cache,
record_data_definition,
internal_index->long_values_tree,
internal_index->long_values_cache,
error ) != 1 )
{
libcerror_error_set(
error,
LIBCERROR_ERROR_DOMAIN_RUNTIME,
LIBCERROR_RUNTIME_ERROR_INITIALIZE_FAILED,
"%s: unable to create record.",
function );
goto on_error;
}
return( 1 );
on_error:
if( key != NULL )
{
libesedb_key_free(
&key,
NULL );
}
return( -1 );
}
/* Reads a page
* Returns 1 if successful or -1 on error
*/
int libesedb_page_tree_read_page(
libesedb_page_tree_t *page_tree,
libbfio_handle_t *file_io_handle,
off64_t page_offset,
uint32_t page_number,
libfdata_btree_node_t *node,
libcerror_error_t **error )
{
libesedb_key_t *key = NULL;
libesedb_page_t *page = NULL;
libesedb_page_tree_value_t *page_tree_value = NULL;
libesedb_page_value_t *header_page_value = NULL;
libesedb_page_value_t *page_value = NULL;
static char *function = "libesedb_page_tree_read_page";
off64_t element_data_offset = 0;
off64_t sub_node_data_offset = 0;
uint32_t child_page_number = 0;
uint32_t supported_flags = 0;
uint16_t number_of_page_values = 0;
uint16_t page_value_index = 0;
uint16_t page_value_offset = 0;
int element_index = 0;
#if defined( HAVE_DEBUG_OUTPUT )
uint8_t *page_key_data = NULL;
size_t page_key_size = 0;
#endif
if( page_tree == NULL )
{
libcerror_error_set(
error,
LIBCERROR_ERROR_DOMAIN_ARGUMENTS,
LIBCERROR_ARGUMENT_ERROR_INVALID_VALUE,
"%s: invalid page tree.",
function );
return( -1 );
}
if( page_tree->io_handle == NULL )
{
libcerror_error_set(
error,
LIBCERROR_ERROR_DOMAIN_RUNTIME,
LIBCERROR_RUNTIME_ERROR_VALUE_MISSING,
"%s: invalid page tree - missing IO handle.",
function );
return( -1 );
}
if( libfdata_vector_get_element_value_at_offset(
page_tree->pages_vector,
(intptr_t *) file_io_handle,
(libfdata_cache_t *) page_tree->pages_cache,
page_offset,
&element_data_offset,
(intptr_t **) &page,
0,
error ) != 1 )
{
libcerror_error_set(
error,
LIBCERROR_ERROR_DOMAIN_RUNTIME,
LIBCERROR_RUNTIME_ERROR_GET_FAILED,
"%s: unable to retrieve page: %" PRIu32 " at offset: 0x%08" PRIx64 ".",
function,
page_number,
page_offset );
goto on_error;
}
if( page == NULL )
{
libcerror_error_set(
error,
LIBCERROR_ERROR_DOMAIN_RUNTIME,
LIBCERROR_RUNTIME_ERROR_VALUE_MISSING,
"%s: missing page.",
function );
goto on_error;
}
if( ( page->header->flags & LIBESEDB_PAGE_FLAG_IS_EMPTY ) != 0 )
{
return( 1 );
}
supported_flags = LIBESEDB_PAGE_FLAG_IS_ROOT
| LIBESEDB_PAGE_FLAG_IS_LEAF
| LIBESEDB_PAGE_FLAG_IS_PARENT
| LIBESEDB_PAGE_FLAG_IS_INDEX
| LIBESEDB_PAGE_FLAG_IS_LONG_VALUE
| LIBESEDB_PAGE_FLAG_0x0400
| LIBESEDB_PAGE_FLAG_0x0800
| LIBESEDB_PAGE_FLAG_IS_NEW_RECORD_FORMAT
| LIBESEDB_PAGE_FLAG_IS_SCRUBBED
| LIBESEDB_PAGE_FLAG_0x8000
| LIBESEDB_PAGE_FLAG_0x10000;
if( ( page->header->flags & ~supported_flags ) != 0 )
{
libcerror_error_set(
error,
LIBCERROR_ERROR_DOMAIN_RUNTIME,
LIBCERROR_RUNTIME_ERROR_UNSUPPORTED_VALUE,
"%s: unsupported page flags: 0x%08" PRIx32 ".",
function,
page->header->flags );
goto on_error;
}
#if defined( HAVE_DEBUG_OUTPUT )
if( ( page->header->flags & LIBESEDB_PAGE_FLAG_IS_ROOT ) != 0 )
{
/* TODO uncache the root page?
*/
if( libesedb_page_tree_read_root_page(
page_tree,
file_io_handle,
page_offset,
page_number,
error ) != 1 )
{
libcerror_error_set(
error,
LIBCERROR_ERROR_DOMAIN_IO,
LIBCERROR_IO_ERROR_READ_FAILED,
"%s: unable to read root page: %" PRIu32 ".",
function,
page_number );
goto on_error;
}
/* Since the previous function reads the space tree
* page can be cached out and we must be sure to re-read it.
*/
if( libfdata_vector_get_element_value_at_offset(
page_tree->pages_vector,
(intptr_t *) file_io_handle,
(libfdata_cache_t *) page_tree->pages_cache,
page_offset,
&element_data_offset,
(intptr_t **) &page,
0,
error ) != 1 )
{
libcerror_error_set(
error,
LIBCERROR_ERROR_DOMAIN_RUNTIME,
LIBCERROR_RUNTIME_ERROR_GET_FAILED,
"%s: unable to retrieve page: %" PRIu32 " at offset: 0x%08" PRIx64 ".",
function,
page_number,
page_offset );
goto on_error;
}
if( page == NULL )
{
libcerror_error_set(
error,
LIBCERROR_ERROR_DOMAIN_RUNTIME,
LIBCERROR_RUNTIME_ERROR_VALUE_MISSING,
"%s: missing page.",
function );
goto on_error;
}
}
#endif
if( ( page->header->flags & LIBESEDB_PAGE_FLAG_IS_LEAF ) != 0 )
{
#ifdef TODO
/* TODO refactor */
if( libcnotify_verbose != 0 )
{
if( page_value_index > 1 )
{
if( child_page->page_number != previous_next_child_page_number )
{
libcnotify_printf(
"%s: mismatch in child page number (%" PRIu32 " != %" PRIu32 ").\n",
function,
previous_next_child_page_number,
child_page->page_number );
}
if( child_page->header->previous_page_number != previous_child_page_number )
{
libcnotify_printf(
"%s: mismatch in previous child page number (%" PRIu32 " != %" PRIu32 ").\n",
function,
previous_child_page_number,
child_page->header->previous_page_number );
}
}
/* TODO need the actual values for the following checks
if( page_value_index == 1 )
{
if( child_page->header->previous_page_number != 0 )
{
libcnotify_printf(
"%s: mismatch in previous child page number (%" PRIu32 " != %" PRIu32 ").",
function,
0,
child_page->header->previous_page_number );
}
}
if( page_value_index == ( number_of_page_values - 1 ) )
{
if( child_page->header->next_page_number != 0 )
{
libcnotify_printf(
"%s: mismatch in next child page number (%" PRIu32 " != %" PRIu32 ").",
function,
0,
child_page->header->previous_page_number );
}
}
*/
}
previous_child_page_number = child_page->page_number;
previous_next_child_page_number = child_page->header->next_page_number;
#endif
}
else
{
if( page->header->previous_page_number != 0 )
{
libcerror_error_set(
error,
LIBCERROR_ERROR_DOMAIN_RUNTIME,
LIBCERROR_RUNTIME_ERROR_UNSUPPORTED_VALUE,
"%s: unsupported previous page number: %" PRIu32 ".",
function,
page->header->previous_page_number );
goto on_error;
}
if( page->header->next_page_number != 0 )
{
libcerror_error_set(
error,
LIBCERROR_ERROR_DOMAIN_RUNTIME,
LIBCERROR_RUNTIME_ERROR_UNSUPPORTED_VALUE,
"%s: unsupported next page number: %" PRIu32 ".",
function,
page->header->next_page_number );
goto on_error;
}
}
if( libesedb_page_get_number_of_values(
page,
&number_of_page_values,
error ) != 1 )
{
libcerror_error_set(
error,
LIBCERROR_ERROR_DOMAIN_RUNTIME,
LIBCERROR_RUNTIME_ERROR_GET_FAILED,
"%s: unable to retrieve number of page values.",
function );
goto on_error;
}
if( number_of_page_values == 0 )
{
return( 1 );
}
for( page_value_index = 1;
page_value_index < number_of_page_values;
page_value_index++ )
{
if( libesedb_page_get_value(
page,
page_value_index,
&page_value,
error ) != 1 )
{
libcerror_error_set(
error,
LIBCERROR_ERROR_DOMAIN_RUNTIME,
LIBCERROR_RUNTIME_ERROR_GET_FAILED,
"%s: unable to retrieve page value: %" PRIu16 ".",
function,
page_value_index );
goto on_error;
}
if( page_value == NULL )
{
libcerror_error_set(
error,
LIBCERROR_ERROR_DOMAIN_RUNTIME,
LIBCERROR_RUNTIME_ERROR_VALUE_MISSING,
"%s: missing page value: %" PRIu16 ".",
function,
page_value_index );
goto on_error;
}
#if defined( HAVE_DEBUG_OUTPUT )
if( libcnotify_verbose != 0 )
{
libcnotify_printf(
"%s: page value: %03" PRIu16 " page tag flags\t\t: 0x%02" PRIx8 "",
function,
page_value_index,
page_value->flags );
libesedb_debug_print_page_tag_flags(
page_value->flags );
libcnotify_printf(
"\n" );
}
#endif
/* TODO are defunct data definition of any value recovering */
if( ( page_value->flags & LIBESEDB_PAGE_TAG_FLAG_IS_DEFUNCT ) != 0 )
{
#if defined( HAVE_DEBUG_OUTPUT )
if( libcnotify_verbose != 0 )
{
libcnotify_printf(
"%s: page value: %03" PRIu16 " data:\n",
function,
page_value_index );
libcnotify_print_data(
page_value->data,
(size_t) page_value->size,
LIBCNOTIFY_PRINT_DATA_FLAG_GROUP_DATA );
}
#endif
continue;
}
if( ( page_value->flags & LIBESEDB_PAGE_TAG_FLAG_HAS_COMMON_KEY_SIZE ) != 0 )
{
if( ( page->header->flags & LIBESEDB_PAGE_FLAG_IS_ROOT ) != 0 )
{
libcerror_error_set(
error,
LIBCERROR_ERROR_DOMAIN_RUNTIME,
LIBCERROR_RUNTIME_ERROR_UNSUPPORTED_VALUE,
"%s: unsupported page flags - root flag is set.",
function );
goto on_error;
}
}
if( libesedb_page_tree_value_initialize(
&page_tree_value,
error ) != 1 )
{
libcerror_error_set(
error,
LIBCERROR_ERROR_DOMAIN_RUNTIME,
LIBCERROR_RUNTIME_ERROR_INITIALIZE_FAILED,
"%s: unable to create page tree value.",
function );
goto on_error;
}
if( libesedb_page_tree_value_read_data(
page_tree_value,
page_value->data,
(size_t) page_value->size,
page_value->flags,
error ) != 1 )
{
libcerror_error_set(
error,
LIBCERROR_ERROR_DOMAIN_IO,
LIBCERROR_IO_ERROR_READ_FAILED,
"%s: unable to read page tree value: %" PRIu16 ".",
function,
page_value_index );
goto on_error;
}
if( libesedb_key_initialize(
&key,
error ) != 1 )
{
libcerror_error_set(
error,
LIBCERROR_ERROR_DOMAIN_RUNTIME,
LIBCERROR_RUNTIME_ERROR_INITIALIZE_FAILED,
"%s: unable to create key.",
function );
goto on_error;
}
if( page_tree_value->common_key_size > 0 )
{
if( header_page_value == NULL )
{
if( libesedb_page_get_value(
page,
0,
&header_page_value,
error ) != 1 )
{
libcerror_error_set(
error,
LIBCERROR_ERROR_DOMAIN_RUNTIME,
LIBCERROR_RUNTIME_ERROR_GET_FAILED,
"%s: unable to retrieve page value: 0.",
function );
goto on_error;
}
if( header_page_value == NULL )
{
libcerror_error_set(
error,
LIBCERROR_ERROR_DOMAIN_RUNTIME,
LIBCERROR_RUNTIME_ERROR_VALUE_MISSING,
"%s: missing page value: 0.",
function );
goto on_error;
}
}
if( page_tree_value->common_key_size > header_page_value->size )
{
libcerror_error_set(
error,
LIBCERROR_ERROR_DOMAIN_RUNTIME,
LIBCERROR_RUNTIME_ERROR_VALUE_OUT_OF_BOUNDS,
"%s: common key size exceeds header page value size.",
function );
goto on_error;
}
#if defined( HAVE_DEBUG_OUTPUT )
if( libcnotify_verbose != 0 )
{
libcnotify_printf(
"%s: page value: %03" PRIu16 " common key value\t\t: ",
function,
page_value_index );
page_key_data = header_page_value->data;
page_key_size = page_tree_value->common_key_size;
while( page_key_size > 0 )
{
if( libcnotify_verbose != 0 )
{
libcnotify_printf(
"%02" PRIx8 " ",
*page_key_data );
}
page_key_data++;
page_key_size--;
}
libcnotify_printf(
"\n" );
}
#endif
if( libesedb_key_set_data(
key,
header_page_value->data,
(size_t) page_tree_value->common_key_size,
error ) != 1 )
{
libcerror_error_set(
error,
LIBCERROR_ERROR_DOMAIN_RUNTIME,
LIBCERROR_RUNTIME_ERROR_SET_FAILED,
"%s: unable to set common key data in key.",
function );
goto on_error;
}
}
if( libesedb_key_append_data(
key,
page_value->data,
(size_t) page_tree_value->local_key_size,
error ) != 1 )
{
libcerror_error_set(
error,
LIBCERROR_ERROR_DOMAIN_RUNTIME,
LIBCERROR_RUNTIME_ERROR_SET_FAILED,
"%s: unable to append local key data to key.",
function );
goto on_error;
}
#if defined( HAVE_DEBUG_OUTPUT )
if( libcnotify_verbose != 0 )
{
libcnotify_printf(
"%s: page value: %03" PRIu16 " key value\t\t\t: ",
function,
page_value_index );
page_key_data = key->data;
page_key_size = key->data_size;
while( page_key_size > 0 )
{
libcnotify_printf(
"%02" PRIx8 " ",
*page_key_data );
page_key_data++;
page_key_size--;
}
libcnotify_printf(
"\n" );
}
#endif
if( ( page->header->flags & LIBESEDB_PAGE_FLAG_IS_LEAF ) != 0 )
{
#if defined( HAVE_DEBUG_OUTPUT )
if( libcnotify_verbose != 0 )
{
libcnotify_printf(
"\n" );
}
#endif
key->type = LIBESEDB_KEY_TYPE_LEAF;
page_value_offset = page_value->offset + 2 + page_tree_value->local_key_size;
if( ( page_value->flags & LIBESEDB_PAGE_TAG_FLAG_HAS_COMMON_KEY_SIZE ) != 0 )
{
page_value_offset += 2;
}
if( libfdata_btree_node_append_leaf_value(
node,
&element_index,
(int) page_value_index,
page_offset + page_value_offset,
(size64_t) page_tree_value->data_size,
0,
(intptr_t *) key,
(int (*)(intptr_t **, libcerror_error_t **)) &libesedb_key_free,
LIBFDATA_KEY_VALUE_FLAG_MANAGED,
error ) != 1 )
{
libcerror_error_set(
error,
LIBCERROR_ERROR_DOMAIN_RUNTIME,
LIBCERROR_RUNTIME_ERROR_APPEND_FAILED,
"%s: unable to append page: %" PRIu32 " value: %" PRIu16 " as leaf value.",
function,
page_number,
page_value_index );
goto on_error;
}
key = NULL;
}
else
{
if( page_tree_value->data_size < 4 )
{
libcerror_error_set(
error,
LIBCERROR_ERROR_DOMAIN_RUNTIME,
LIBCERROR_RUNTIME_ERROR_VALUE_OUT_OF_BOUNDS,
"%s: invalid page tree value data size value out of bounds.",
function );
goto on_error;
}
byte_stream_copy_to_uint32_little_endian(
page_tree_value->data,
child_page_number );
#if defined( HAVE_DEBUG_OUTPUT )
if( libcnotify_verbose != 0 )
{
libcnotify_printf(
"%s: page value: %03" PRIu16 " child page number\t\t: %" PRIu32 "",
function,
page_value_index,
child_page_number );
if( child_page_number == 0 )
{
libcnotify_printf(
" (invalid page number)\n" );
}
else if( child_page_number > page_tree->io_handle->last_page_number )
{
libcnotify_printf(
" (exceeds last page number: %" PRIu32 ")\n",
page_tree->io_handle->last_page_number );
}
libcnotify_printf(
"\n" );
libcnotify_printf(
"\n" );
}
#endif
#if defined( HAVE_DEBUG_OUTPUT )
if( ( libcnotify_verbose != 0 )
&& ( page_tree_value->data_size > 4 ) )
{
libcnotify_printf(
"%s: page value: %03" PRIu16 " trailing data:\n",
function,
page_value_index );
libcnotify_print_data(
&( page_tree_value->data[ 4 ] ),
page_tree_value->data_size - 4,
LIBCNOTIFY_PRINT_DATA_FLAG_GROUP_DATA );
}
#endif
if( ( child_page_number > 0 )
&& ( child_page_number <= page_tree->io_handle->last_page_number ) )
{
sub_node_data_offset = child_page_number - 1;
sub_node_data_offset *= page_tree->io_handle->page_size;
key->type = LIBESEDB_KEY_TYPE_BRANCH;
if( libfdata_btree_node_append_sub_node(
node,
&element_index,
0,
sub_node_data_offset,
(size64_t) page_tree->io_handle->page_size,
0,
(intptr_t *) key,
(int (*)(intptr_t **, libcerror_error_t **)) &libesedb_key_free,
LIBFDATA_KEY_VALUE_FLAG_MANAGED,
error ) != 1 )
{
libcerror_error_set(
error,
LIBCERROR_ERROR_DOMAIN_RUNTIME,
LIBCERROR_RUNTIME_ERROR_APPEND_FAILED,
"%s: unable to append page: %" PRIu32 " value: %" PRIu16 " as sub node.",
function,
page_number,
page_value_index );
goto on_error;
}
key = NULL;
}
}
if( key != NULL )
{
if( libesedb_key_free(
&key,
error ) != 1 )
{
libcerror_error_set(
error,
LIBCERROR_ERROR_DOMAIN_RUNTIME,
LIBCERROR_RUNTIME_ERROR_FINALIZE_FAILED,
"%s: unable to free key.",
function );
goto on_error;
}
}
if( libesedb_page_tree_value_free(
&page_tree_value,
error ) != 1 )
{
libcerror_error_set(
error,
LIBCERROR_ERROR_DOMAIN_RUNTIME,
LIBCERROR_RUNTIME_ERROR_FINALIZE_FAILED,
"%s: unable to free page tree value.",
function );
goto on_error;
}
}
return( 1 );
on_error:
if( key != NULL )
{
libesedb_key_free(
&key,
NULL );
}
if( page_tree_value != NULL )
{
libesedb_page_tree_value_free(
&page_tree_value,
NULL );
}
return( -1 );
}