/* Frees an block object */ void pyvshadow_block_free( pyvshadow_block_t *pyvshadow_block ) { libcerror_error_t *error = NULL; struct _typeobject *ob_type = NULL; static char *function = "pyvshadow_block_free"; if( pyvshadow_block == NULL ) { PyErr_Format( PyExc_TypeError, "%s: invalid block.", function ); return; } if( pyvshadow_block->block == NULL ) { PyErr_Format( PyExc_TypeError, "%s: invalid block - missing libvshadow block.", function ); return; } ob_type = Py_TYPE( pyvshadow_block ); if( ob_type == NULL ) { PyErr_Format( PyExc_ValueError, "%s: missing ob_type.", function ); return; } if( ob_type->tp_free == NULL ) { PyErr_Format( PyExc_ValueError, "%s: invalid ob_type - missing tp_free.", function ); return; } if( libvshadow_block_free( &( pyvshadow_block->block ), &error ) != 1 ) { pyvshadow_error_raise( error, PyExc_IOError, "%s: unable to free libvshadow block.", function ); libcerror_error_free( &error ); } if( pyvshadow_block->store_object != NULL ) { Py_DecRef( (PyObject *) pyvshadow_block->store_object ); } ob_type->tp_free( (PyObject*) pyvshadow_block ); }
/* Prints the store information to a stream * Returns 1 if successful or -1 on error */ int info_handle_store_fprint( info_handle_t *info_handle, int store_index, libvshadow_store_t *store, libcerror_error_t **error ) { uint8_t guid_buffer[ 16 ]; libcstring_system_character_t filetime_string[ 32 ]; libcstring_system_character_t guid_string[ 48 ]; libfdatetime_filetime_t *filetime = NULL; libfguid_identifier_t *guid = NULL; libvshadow_block_t *block = NULL; static char *function = "info_handle_store_fprint"; size64_t volume_size = 0; uint64_t value_64bit = 0; uint32_t attribute_flags = 0; int block_index = 0; int number_of_blocks = 0; int result = 0; if( info_handle == NULL ) { libcerror_error_set( error, LIBCERROR_ERROR_DOMAIN_ARGUMENTS, LIBCERROR_ARGUMENT_ERROR_INVALID_VALUE, "%s: invalid info handle.", function ); return( -1 ); } fprintf( info_handle->notify_stream, "Store: %d\n", store_index + 1 ); if( libfdatetime_filetime_initialize( &filetime, error ) != 1 ) { libcerror_error_set( error, LIBCERROR_ERROR_DOMAIN_RUNTIME, LIBCERROR_RUNTIME_ERROR_INITIALIZE_FAILED, "%s: unable to create filetime.", function ); goto on_error; } if( libfguid_identifier_initialize( &guid, error ) != 1 ) { libcerror_error_set( error, LIBCERROR_ERROR_DOMAIN_RUNTIME, LIBCERROR_RUNTIME_ERROR_INITIALIZE_FAILED, "%s: unable to create GUID.", function ); goto on_error; } if( libvshadow_store_get_identifier( store, guid_buffer, 16, error ) != 1 ) { libcerror_error_set( error, LIBCERROR_ERROR_DOMAIN_RUNTIME, LIBCERROR_RUNTIME_ERROR_GET_FAILED, "%s: unable to retrieve store: %d identifier.", function, store_index ); goto on_error; } if( libfguid_identifier_copy_from_byte_stream( guid, guid_buffer, 16, LIBFGUID_ENDIAN_LITTLE, error ) != 1 ) { libcerror_error_set( error, LIBCERROR_ERROR_DOMAIN_RUNTIME, LIBCERROR_RUNTIME_ERROR_COPY_FAILED, "%s: unable to copy byte stream to GUID.", function ); goto on_error; } #if defined( LIBCSTRING_HAVE_WIDE_SYSTEM_CHARACTER ) result = libfguid_identifier_copy_to_utf16_string( guid, (uint16_t *) guid_string, 48, LIBFGUID_STRING_FORMAT_FLAG_USE_LOWER_CASE, error ); #else result = libfguid_identifier_copy_to_utf8_string( guid, (uint8_t *) guid_string, 48, LIBFGUID_STRING_FORMAT_FLAG_USE_LOWER_CASE, error ); #endif if( result != 1 ) { libcerror_error_set( error, LIBCERROR_ERROR_DOMAIN_RUNTIME, LIBCERROR_RUNTIME_ERROR_COPY_FAILED, "%s: unable to copy GUID to string.", function ); goto on_error; } fprintf( info_handle->notify_stream, "\tIdentifier\t\t: %" PRIs_LIBCSTRING_SYSTEM "\n", guid_string ); if( libvshadow_store_get_copy_set_identifier( store, guid_buffer, 16, error ) != 1 ) { libcerror_error_set( error, LIBCERROR_ERROR_DOMAIN_RUNTIME, LIBCERROR_RUNTIME_ERROR_GET_FAILED, "%s: unable to retrieve store: %d shadow copy set identifier.", function, store_index ); goto on_error; } if( libfguid_identifier_copy_from_byte_stream( guid, guid_buffer, 16, LIBFGUID_ENDIAN_LITTLE, error ) != 1 ) { libcerror_error_set( error, LIBCERROR_ERROR_DOMAIN_RUNTIME, LIBCERROR_RUNTIME_ERROR_COPY_FAILED, "%s: unable to copy byte stream to GUID.", function ); goto on_error; } #if defined( LIBCSTRING_HAVE_WIDE_SYSTEM_CHARACTER ) result = libfguid_identifier_copy_to_utf16_string( guid, (uint16_t *) guid_string, 48, LIBFGUID_STRING_FORMAT_FLAG_USE_LOWER_CASE, error ); #else result = libfguid_identifier_copy_to_utf8_string( guid, (uint8_t *) guid_string, 48, LIBFGUID_STRING_FORMAT_FLAG_USE_LOWER_CASE, error ); #endif if( result != 1 ) { libcerror_error_set( error, LIBCERROR_ERROR_DOMAIN_RUNTIME, LIBCERROR_RUNTIME_ERROR_COPY_FAILED, "%s: unable to copy GUID to string.", function ); goto on_error; } fprintf( info_handle->notify_stream, "\tShadow copy set ID\t: %" PRIs_LIBCSTRING_SYSTEM "\n", guid_string ); if( libvshadow_store_get_creation_time( store, &value_64bit, error ) != 1 ) { libcerror_error_set( error, LIBCERROR_ERROR_DOMAIN_RUNTIME, LIBCERROR_RUNTIME_ERROR_GET_FAILED, "%s: unable to retrieve store: %d creation time.", function, store_index ); goto on_error; } if( libfdatetime_filetime_copy_from_64bit( filetime, value_64bit, error ) != 1 ) { libcerror_error_set( error, LIBCERROR_ERROR_DOMAIN_CONVERSION, LIBCERROR_CONVERSION_ERROR_GENERIC, "%s: unable to create filetime.", function ); goto on_error; } #if defined( LIBCSTRING_HAVE_WIDE_SYSTEM_CHARACTER ) result = libfdatetime_filetime_copy_to_utf16_string( filetime, (uint16_t *) filetime_string, 32, LIBFDATETIME_STRING_FORMAT_TYPE_CTIME | LIBFDATETIME_STRING_FORMAT_FLAG_DATE_TIME_NANO_SECONDS, error ); #else result = libfdatetime_filetime_copy_to_utf8_string( filetime, (uint8_t *) filetime_string, 32, LIBFDATETIME_STRING_FORMAT_TYPE_CTIME | LIBFDATETIME_STRING_FORMAT_FLAG_DATE_TIME_NANO_SECONDS, error ); #endif if( result != 1 ) { libcerror_error_set( error, LIBCERROR_ERROR_DOMAIN_RUNTIME, LIBCERROR_RUNTIME_ERROR_COPY_FAILED, "%s: unable to copy filetime to string.", function ); goto on_error; } fprintf( info_handle->notify_stream, "\tCreation time\t\t: %" PRIs_LIBCSTRING_SYSTEM " UTC\n", filetime_string ); if( libvshadow_store_get_copy_identifier( store, guid_buffer, 16, error ) != 1 ) { libcerror_error_set( error, LIBCERROR_ERROR_DOMAIN_RUNTIME, LIBCERROR_RUNTIME_ERROR_GET_FAILED, "%s: unable to retrieve store: %d shadow copy identifier.", function, store_index ); goto on_error; } if( libfguid_identifier_copy_from_byte_stream( guid, guid_buffer, 16, LIBFGUID_ENDIAN_LITTLE, error ) != 1 ) { libcerror_error_set( error, LIBCERROR_ERROR_DOMAIN_RUNTIME, LIBCERROR_RUNTIME_ERROR_COPY_FAILED, "%s: unable to copy byte stream to GUID.", function ); goto on_error; } #if defined( LIBCSTRING_HAVE_WIDE_SYSTEM_CHARACTER ) result = libfguid_identifier_copy_to_utf16_string( guid, (uint16_t *) guid_string, 48, LIBFGUID_STRING_FORMAT_FLAG_USE_LOWER_CASE, error ); #else result = libfguid_identifier_copy_to_utf8_string( guid, (uint8_t *) guid_string, 48, LIBFGUID_STRING_FORMAT_FLAG_USE_LOWER_CASE, error ); #endif if( result != 1 ) { libcerror_error_set( error, LIBCERROR_ERROR_DOMAIN_RUNTIME, LIBCERROR_RUNTIME_ERROR_COPY_FAILED, "%s: unable to copy GUID to string.", function ); goto on_error; } fprintf( info_handle->notify_stream, "\tShadow copy ID\t\t: %" PRIs_LIBCSTRING_SYSTEM "\n", guid_string ); if( libvshadow_store_get_volume_size( store, &volume_size, error ) != 1 ) { libcerror_error_set( error, LIBCERROR_ERROR_DOMAIN_RUNTIME, LIBCERROR_RUNTIME_ERROR_GET_FAILED, "%s: unable to retrieve store: %d volume size.", function, store_index ); goto on_error; } fprintf( info_handle->notify_stream, "\tVolume size\t\t: %" PRIu64 " bytes\n", volume_size ); if( libvshadow_store_get_attribute_flags( store, &attribute_flags, error ) != 1 ) { libcerror_error_set( error, LIBCERROR_ERROR_DOMAIN_RUNTIME, LIBCERROR_RUNTIME_ERROR_GET_FAILED, "%s: unable to retrieve store: %d attribute flags.", function, store_index ); goto on_error; } /* TODO print a description of the flags */ fprintf( info_handle->notify_stream, "\tAttribute flags\t\t: 0x%08" PRIx32 "\n", attribute_flags ); if( libfguid_identifier_free( &guid, error ) != 1 ) { libcerror_error_set( error, LIBCERROR_ERROR_DOMAIN_RUNTIME, LIBCERROR_RUNTIME_ERROR_FINALIZE_FAILED, "%s: unable to free GUID.", function ); goto on_error; } if( libfdatetime_filetime_free( &filetime, error ) != 1 ) { libcerror_error_set( error, LIBCERROR_ERROR_DOMAIN_RUNTIME, LIBCERROR_RUNTIME_ERROR_FINALIZE_FAILED, "%s: unable to free filetime.", function ); goto on_error; } if( info_handle->show_allocation_information != 0 ) { if( libvshadow_store_get_number_of_blocks( store, &number_of_blocks, error ) != 1 ) { libcerror_error_set( error, LIBCERROR_ERROR_DOMAIN_RUNTIME, LIBCERROR_RUNTIME_ERROR_GET_FAILED, "%s: unable to retrieve store: %d number of blocks.", function, store_index ); goto on_error; } fprintf( info_handle->notify_stream, "\tNumber of blocks\t: %d\n", number_of_blocks ); for( block_index = 0; block_index < number_of_blocks; block_index++ ) { if( libvshadow_store_get_block_by_index( store, block_index, &block, error ) != 1 ) { libcerror_error_set( error, LIBCERROR_ERROR_DOMAIN_RUNTIME, LIBCERROR_RUNTIME_ERROR_GET_FAILED, "%s: unable to retrieve block: %d.", function, block_index ); goto on_error; } if( info_handle_block_fprint( info_handle, block_index, block, error ) != 1 ) { goto on_error; } if( libvshadow_block_free( &block, error ) != 1 ) { libcerror_error_set( error, LIBCERROR_ERROR_DOMAIN_RUNTIME, LIBCERROR_RUNTIME_ERROR_FINALIZE_FAILED, "%s: unable to free block: %d.", function, block_index ); goto on_error; } } } fprintf( info_handle->notify_stream, "\n" ); return( 1 ); on_error: if( block != NULL ) { libvshadow_block_free( &block, NULL ); } if( guid != NULL ) { libfguid_identifier_free( &guid, NULL ); } if( filetime != NULL ) { libfdatetime_filetime_free( &filetime, NULL ); } return( -1 ); }