Esempi in C++ (Cpp) per nsrl_test

Esempio n. 1

File: tsk_hashdb.c Progetto: Bayinformationtechnologies/sleuthkit

static TSK_HDB_DBTYPE_ENUM
    hdb_determine_db_type(FILE *hDb, const TSK_TCHAR *db_path)
{
    TSK_HDB_DBTYPE_ENUM db_type = TSK_HDB_DBTYPE_INVALID_ID;

    if (sqlite_hdb_is_sqlite_file(hDb)) {
        fseeko(hDb, 0, SEEK_SET);
        return TSK_HDB_DBTYPE_SQLITE_ID;
    }

    // Try each supported text-format database type to ensure a confident
    // identification. Only one of the tests should succeed. 
    fseeko(hDb, 0, SEEK_SET);
    if (nsrl_test(hDb)) {
        db_type = TSK_HDB_DBTYPE_NSRL_ID;
    }

    fseeko(hDb, 0, SEEK_SET);
    if (md5sum_test(hDb)) {
        if (db_type != TSK_HDB_DBTYPE_INVALID_ID) {
            fseeko(hDb, 0, SEEK_SET);
            return TSK_HDB_DBTYPE_INVALID_ID;
        }
        db_type = TSK_HDB_DBTYPE_MD5SUM_ID;
    }

    fseeko(hDb, 0, SEEK_SET);
    if (encase_test(hDb)) {
        if (db_type != TSK_HDB_DBTYPE_INVALID_ID) {
            fseeko(hDb, 0, SEEK_SET);
            return TSK_HDB_DBTYPE_INVALID_ID;
        }
        db_type = TSK_HDB_DBTYPE_ENCASE_ID;
    }

    fseeko(hDb, 0, SEEK_SET);
    if (hk_test(hDb)) {
        if (db_type != TSK_HDB_DBTYPE_INVALID_ID) {
            fseeko(hDb, 0, SEEK_SET);
            return TSK_HDB_DBTYPE_INVALID_ID;
        }
        db_type = TSK_HDB_DBTYPE_HK_ID;
    }

    fseeko(hDb, 0, SEEK_SET);
    return db_type;
}

Esempio n. 2

File: tm_lookup.c Progetto: anarchivist/pyflag

/**
 * Open a hash database and index for lookup.
 *
 * @param db_file Path to database.
 * @param flags Flags for opening the database.  
 *
 * @return Poiner to hash database state structure or NULL on error
 */
TSK_HDB_INFO *
tsk_hdb_open(TSK_TCHAR * db_file, TSK_HDB_OPEN_ENUM flags)
{
    TSK_HDB_INFO *hdb_info;
    size_t flen;
    FILE *hDb;
    uint8_t dbtype = 0;

    if ((flags & TSK_HDB_OPEN_IDXONLY) == 0) {
        /* Open the database file */
#ifdef TSK_WIN32
        {
            HANDLE hWin;

            if ((hWin = CreateFile(db_file, GENERIC_READ,
                                   FILE_SHARE_READ, 0, OPEN_EXISTING, 0,
                                   0)) == INVALID_HANDLE_VALUE) {
                tsk_error_reset();
                tsk_errno = TSK_ERR_HDB_OPEN;
                snprintf(tsk_errstr, TSK_ERRSTR_L,
                         "hdb_open: Error opening database file: %s",
                         db_file);
                return NULL;
            }
            hDb =
                _fdopen(_open_osfhandle((intptr_t) hWin, _O_RDONLY), "r");
            if (hDb == NULL) {
                tsk_error_reset();
                tsk_errno = TSK_ERR_HDB_OPEN;
                snprintf(tsk_errstr, TSK_ERRSTR_L,
                         "hdb_open: Error converting Windows handle to C handle");
                return NULL;
            }
        }
#else
        if (NULL == (hDb = fopen(db_file, "r"))) {
            tsk_error_reset();
            tsk_errno = TSK_ERR_HDB_OPEN;
            snprintf(tsk_errstr, TSK_ERRSTR_L,
                     "hdb_open: Error opening database file: %s", db_file);
            return NULL;
        }
#endif

        /* Try to figure out what type of DB it is */
        if (nsrl_test(hDb)) {
            dbtype = TSK_HDB_DBTYPE_NSRL_ID;
        }
        if (md5sum_test(hDb)) {
            if (dbtype != 0) {
                tsk_error_reset();
                tsk_errno = TSK_ERR_HDB_UNKTYPE;
                snprintf(tsk_errstr, TSK_ERRSTR_L,
                         "hdb_open: Error determining DB type (MD5sum)");
                return NULL;
            }
            dbtype = TSK_HDB_DBTYPE_MD5SUM_ID;
        }
        if (hk_test(hDb)) {
            if (dbtype != 0) {
                tsk_error_reset();
                tsk_errno = TSK_ERR_HDB_UNKTYPE;
                snprintf(tsk_errstr, TSK_ERRSTR_L,
                         "hdb_open: Error determining DB type (HK)");
                return NULL;
            }
            dbtype = TSK_HDB_DBTYPE_HK_ID;
        }
        if (dbtype == 0) {
            tsk_error_reset();
            tsk_errno = TSK_ERR_HDB_UNKTYPE;
            snprintf(tsk_errstr, TSK_ERRSTR_L,
                     "hdb_open: Error determining DB type");
            return NULL;
        }
        fseeko(hDb, 0, SEEK_SET);
    }
    else {
        dbtype = TSK_HDB_DBTYPE_IDXONLY_ID;
        hDb = NULL;
    }

    if ((hdb_info = talloc(NULL, TSK_HDB_INFO)) == NULL)
        return NULL;

    hdb_info->hDb = hDb;

    /* Get database specific information */
    hdb_info->db_type = dbtype;
    switch (dbtype) {
    case TSK_HDB_DBTYPE_NSRL_ID:
        hdb_info->getentry = nsrl_getentry;
        hdb_info->makeindex = nsrl_makeindex;
        break;

    case TSK_HDB_DBTYPE_MD5SUM_ID:
        hdb_info->getentry = md5sum_getentry;
        hdb_info->makeindex = md5sum_makeindex;
        break;

    case TSK_HDB_DBTYPE_HK_ID:
        hdb_info->getentry = hk_getentry;
        hdb_info->makeindex = hk_makeindex;
        break;

    case TSK_HDB_DBTYPE_IDXONLY_ID:
        hdb_info->getentry = idxonly_getentry;
        hdb_info->makeindex = idxonly_makeindex;
        break;

    default:
        return NULL;
    }

    hdb_info->hash_type = 0;
    hdb_info->hash_len = 0;
    hdb_info->idx_fname = NULL;

    hdb_info->uns_fname = NULL;
    hdb_info->hIdxTmp = NULL;
    hdb_info->hIdx = NULL;

    hdb_info->idx_size = 0;
    hdb_info->idx_off = 0;

    hdb_info->idx_lbuf = NULL;


    /* Copy the database name into the structure */
    flen = TSTRLEN(db_file) + 8;        // + 32;

    hdb_info->db_fname =
        (TSK_TCHAR *) talloc_size(hdb_info, flen * sizeof(TSK_TCHAR));
    if (hdb_info->db_fname == NULL) {
        talloc_free(hdb_info);
        return NULL;
    }
    TSTRNCPY(hdb_info->db_fname, db_file, flen);

    return hdb_info;
}