/*
* Find the inode that has allocated block blk
* Return 1 on error, 0 if no error */
uint8_t
tsk_fs_ifind_data(TSK_FS_INFO * fs, TSK_FS_IFIND_FLAG_ENUM lclflags,
TSK_DADDR_T blk)
{
IFIND_DATA_DATA data;
memset(&data, 0, sizeof(IFIND_DATA_DATA));
data.flags = lclflags;
data.block = blk;
if (fs->inode_walk(fs, fs->first_inum, fs->last_inum,
TSK_FS_META_FLAG_ALLOC | TSK_FS_META_FLAG_UNALLOC,
ifind_data_act, &data)) {
return 1;
}
/* If we did not find an inode yet, get the block's
* flags so we can identify it as a meta data block */
if (!data.found) {
TSK_FS_BLOCK *fs_block;
if ((fs_block = tsk_fs_block_get(fs, NULL, blk)) != NULL) {
if (fs_block->flags & TSK_FS_BLOCK_FLAG_META) {
tsk_printf("Meta Data\n");
data.found = 1;
}
tsk_fs_block_free(fs_block);
}
}
if (!data.found) {
tsk_printf("Inode not found\n");
}
return 0;
}
// Find the inode that has allocated the specified block
//
// \param fs filesystem info structure defined in sleuthkit
// \param lclflags traverse options defined in sleuthkit
// \param blk the target block
//
// Return 0 if error, otherwise a pointer
static MBA_IFIND_DATA_DATA*
fs_ifind_data(TSK_FS_INFO * fs, TSK_FS_IFIND_FLAG_ENUM lclflags,
TSK_DADDR_T blk)
{
MBA_IFIND_DATA_DATA* data;
data = (MBA_IFIND_DATA_DATA*)malloc(sizeof(MBA_IFIND_DATA_DATA));
if(data == NULL)
{
printf("Cannot allocate memory\n");
return NULL;
}
memset(data, 0, sizeof(MBA_IFIND_DATA_DATA));
data->flags = lclflags;
data->block = blk;
if (fs->inode_walk(fs, fs->first_inum, fs->last_inum,
TSK_FS_META_FLAG_ALLOC | TSK_FS_META_FLAG_UNALLOC,
ifind_data_act, data)) {
free(data);
return NULL;
}
/* If we did not find an inode yet, get the block's
* flags so we can identify it as a meta data block */
if (!data->found) {
TSK_FS_BLOCK *fs_block;
if ((fs_block = tsk_fs_block_get(fs, NULL, blk)) != NULL) {
if (fs_block->flags & TSK_FS_BLOCK_FLAG_META) {
tsk_printf("Meta Data\n");
data->found = 1;
}
tsk_fs_block_free(fs_block);
}
}
if (!data->found) {
//tsk_printf("Inode not found\n");
free(data);
return NULL;
}
return data;
}
/** \internal
*
* return 1 on error and 0 on success
*/
uint8_t
tsk_fs_nofs_block_walk(TSK_FS_INFO * fs, TSK_DADDR_T a_start_blk,
TSK_DADDR_T a_end_blk, TSK_FS_BLOCK_WALK_FLAG_ENUM a_flags,
TSK_FS_BLOCK_WALK_CB a_action, void *a_ptr)
{
TSK_FS_BLOCK *fs_block;
TSK_DADDR_T addr;
// clean up any error messages that are lying around
tsk_error_reset();
/*
* Sanity checks.
*/
if (a_start_blk < fs->first_block || a_start_blk > fs->last_block) {
tsk_error_reset();
tsk_error_set_errno(TSK_ERR_FS_WALK_RNG);
tsk_error_set_errstr("nofs_block_walk: Start block number: %"
PRIuDADDR, a_start_blk);
return 1;
}
if (a_end_blk < fs->first_block || a_end_blk > fs->last_block
|| a_end_blk < a_start_blk) {
tsk_error_reset();
tsk_error_set_errno(TSK_ERR_FS_WALK_RNG);
tsk_error_set_errstr("nofs_block_walk: Last block number: %"
PRIuDADDR, a_end_blk);
return 1;
}
/* Sanity check on a_flags -- make sure at least one ALLOC is set */
if (((a_flags & TSK_FS_BLOCK_WALK_FLAG_ALLOC) == 0) &&
((a_flags & TSK_FS_BLOCK_WALK_FLAG_UNALLOC) == 0)) {
a_flags |=
(TSK_FS_BLOCK_WALK_FLAG_ALLOC |
TSK_FS_BLOCK_WALK_FLAG_UNALLOC);
}
/* All swap has is allocated blocks... exit if not wanted */
if (!(a_flags & TSK_FS_BLOCK_FLAG_ALLOC)) {
return 0;
}
if ((fs_block = tsk_fs_block_alloc(fs)) == NULL) {
return 1;
}
for (addr = a_start_blk; addr <= a_end_blk; addr++) {
int retval;
if (tsk_fs_block_get(fs, fs_block, addr) == NULL) {
tsk_error_set_errstr2("nofs_block_walk: Block %" PRIuDADDR,
addr);
tsk_fs_block_free(fs_block);
return 1;
}
retval = a_action(fs_block, a_ptr);
if (retval == TSK_WALK_STOP) {
break;
}
else if (retval == TSK_WALK_ERROR) {
tsk_fs_block_free(fs_block);
return 1;
}
}
/*
* Cleanup.
*/
tsk_fs_block_free(fs_block);
return 0;
}
