/**
* Return the system properties service. If no service was setup, a
* default memory-based version is created.
* @returns system properties reference.
*/
TskSystemProperties& TskServices::getSystemProperties()
{
if (m_systemProperties == NULL)
{
TskSystemPropertiesImpl *prop = new TskSystemPropertiesImpl();
prop->initialize();
setSystemProperties(*prop);
LOGINFO(L"TskServices::getSystemProperties - SystemProperties has not been set, using default implementation.");
}
return *m_systemProperties;
}
int main(int argc, char **argv)
{
progname = argv[0];
if (argc != 3) {
usage();
return 1;
}
char *frameworkConfigPath = argv[1];
char *pipelineConfigPath = argv[2];
fprintf(stderr, "Validating %s\n", pipelineConfigPath);
// open the log temp file
Log log;
Poco::TemporaryFile filename;
log.open(filename.path().c_str());
TskServices::Instance().setLog(log);
std::string progDirPath = TskUtilities::getProgDir();
// Initialize properties based on the config file. Do this to shutdown noise in validation.
TskSystemPropertiesImpl systemProperties;
systemProperties.initialize(frameworkConfigPath);
TskServices::Instance().setSystemProperties(systemProperties);
SetSystemProperty(TskSystemProperties::PROG_DIR, progDirPath);
ValidatePipeline vp;
bool valid = vp.isValid(pipelineConfigPath);
fprintf(stdout, "%s is %s\n", pipelineConfigPath, (valid ? "valid." : "invalid."));
// close the log file and dump content to stdout
log.close();
#define MAX_BUF 1024
char buf[MAX_BUF];
std::ifstream fin(filename.path().c_str());
fprintf(stdout, "\nLog messages created during validation: \n");
while (fin.getline(buf, MAX_BUF)) {
fprintf(stdout, "%s\n", buf);
}
fin.close();
if (valid)
return 0;
else
return 1;
}
int main(int argc, char **argv1)
{
TSK_TCHAR **argv;
extern int OPTIND;
int ch;
struct STAT_STR stat_buf;
TSK_TCHAR *pipeline_config = NULL;
TSK_TCHAR *framework_config = NULL;
#ifdef TSK_WIN32
// On Windows, get the wide arguments (mingw doesn't support wmain)
argv = CommandLineToArgvW(GetCommandLineW(), &argc);
if (argv == NULL) {
fprintf(stderr, "Error getting wide arguments\n");
exit(1);
}
#else
argv = (TSK_TCHAR **) argv1;
#endif
while ((ch =
GETOPT(argc, argv, _TSK_T("c:p:vV"))) > 0) {
switch (ch) {
case _TSK_T('?'):
default:
TFPRINTF(stderr, _TSK_T("Invalid argument: %s\n"),
argv[OPTIND]);
usage();
case _TSK_T('c'):
framework_config = OPTARG;
break;
case _TSK_T('p'):
pipeline_config = OPTARG;
break;
case _TSK_T('v'):
tsk_verbose++;
break;
case _TSK_T('V'):
tsk_version_print(stdout);
exit(0);
}
}
/* We need at least one more argument */
if (OPTIND == argc) {
tsk_fprintf(stderr, "Missing image name\n");
usage();
}
TSK_TCHAR *imagePath = argv[OPTIND];
// Load the framework config if they specified it
Poco::AutoPtr<Poco::Util::XMLConfiguration> pXMLConfig;
if (framework_config) {
// @@@ Not Unix-friendly
try {
pXMLConfig = new Poco::Util::XMLConfiguration(TskUtilities::toUTF8(framework_config));
}
catch (std::exception& e) {
fprintf(stderr, "Error opening framework config file (%s)\n", e.what());
return 1;
}
// Initialize properties based on the config file.
TskSystemPropertiesImpl *systemProperties = new TskSystemPropertiesImpl();
systemProperties->initialize(*pXMLConfig);
TskServices::Instance().setSystemProperties(*systemProperties);
}
// make up an output folder to store the database and such in
TSK_TCHAR outDirPath[1024];
TSNPRINTF(outDirPath, 1024, _TSK_T("%s_tsk_out"), imagePath);
if (TSTAT(outDirPath, &stat_buf) == 0) {
fprintf(stderr, "Output directory already exists (%"PRIttocTSK")\n", outDirPath);
return 1;
}
if (makeDir(outDirPath)) {
return 1;
}
// @@@ Not UNIX-friendly
TSK_SYS_PROP_SET(TskSystemPropertiesImpl::OUT_DIR, outDirPath);
// Create and register our SQLite ImgDB class
std::auto_ptr<TskImgDB> pImgDB(NULL);
pImgDB = std::auto_ptr<TskImgDB>(new TskImgDBSqlite(outDirPath));
if (pImgDB->initialize() != 0) {
fprintf(stderr, "Error initializing SQLite database\n");
tsk_error_print(stderr);
return 1;
}
// @@@ Call pImgDB->addToolInfo() as needed to set version info...
TskServices::Instance().setImgDB(*pImgDB);
// Create a Blackboard and register it with the framework.
TskServices::Instance().setBlackboard(TskDBBlackboard::instance());
// @@@ Not UNIX-friendly
if (pipeline_config != NULL)
TSK_SYS_PROP_SET(TskSystemPropertiesImpl::PIPELINE_CONFIG, pipeline_config);
// Create an ImageFile and register it with the framework.
TskImageFileTsk imageFileTsk;
if (imageFileTsk.open(imagePath) != 0) {
fprintf(stderr, "Error opening image: %"PRIttocTSK"\n", imagePath);
tsk_error_print(stderr);
return 1;
}
TskServices::Instance().setImageFile(imageFileTsk);
// Let's get the pipelines setup to make sure there are no errors.
TskPipelineManager pipelineMgr;
TskPipeline *filePipeline;
try {
filePipeline = pipelineMgr.createPipeline(TskPipelineManager::FILE_ANALYSIS_PIPELINE);
}
catch (TskException &e ) {
fprintf(stderr, "Error creating file analysis pipeline\n");
std::cerr << e.message() << endl;
filePipeline = NULL;
}
TskPipeline *reportPipeline;
try {
reportPipeline = pipelineMgr.createPipeline(TskPipelineManager::REPORTING_PIPELINE);
}
catch (TskException &e ) {
fprintf(stderr, "Error creating reporting pipeline\n");
std::cerr << e.message() << endl;
reportPipeline = NULL;
}
// now we analyze the data.
// Extract
if (imageFileTsk.extractFiles() != 0) {
fprintf(stderr, "Error adding file system info to database\n");
tsk_error_print(stderr);
return 1;
}
//Run pipeline on all files
// @@@ this needs to cycle over the files to analyze, 10 is just here for testing
if (filePipeline) {
for (int i = 0; i < 10; i++) {
try {
filePipeline->run(i);
}
catch (...) {
// error message has been logged already.
}
}
}
if (reportPipeline) {
try {
reportPipeline->run();
}
catch (...) {
fprintf(stderr, "Error running reporting pipeline\n");
return 1;
}
}
fprintf(stderr, "image analysis complete\n");
return 0;
}
