static RIODesc *ewf__open(RIO *io, const char *pathname, int rw, int mode) { RIOEwf *rewf; libewf_handle_t *ewf_h; // XXX filename list should be dynamic. 1024 limit is ugly const char *filenames[1024]; char *ptr,*optr; ut8 hash[1024]; size64_t media_size; uint32_t bytes_per_sector; //uint64_t amount_of_sectors; uint32_t error_granularity; //uint32_t amount_of_acquiry_errors; int8_t compression_level; uint8_t media_type; uint8_t media_flags; uint8_t compress_empty_block; uint8_t format; int i; if (!memcmp (pathname, "els://", 6)) { FILE *fd = r_sandbox_fopen (pathname+6, "r"); ut64 len; char *buf; if (fd == NULL) return NULL; fseek (fd, 0, SEEK_END); len = ftell (fd); fseek(fd, 0, SEEK_SET); buf = (char *)malloc (len); fread (buf, len, 1, fd); ptr = strchr (buf, '\n'); for (i=0, optr = buf; ptr&&(ptr=strchr(ptr, '\n')); optr=ptr) { *ptr = '\0'; ptr++; filenames[i++] = optr; } filenames[i] = NULL; free (buf); fclose (fd); for (i=0; filenames[i]; i++) eprintf ("%02x: %s)\n", i, filenames[i]); } else { filenames[0] = pathname + 6; filenames[1] = NULL; } libewf_handle_initialize (&ewf_h, NULL); if (libewf_handle_open (ewf_h, (char * const *)filenames, (int)1, rw? LIBEWF_OPEN_READ_WRITE: LIBEWF_OPEN_READ, NULL) != 1) return NULL; #if 0 if( ((libewf_internal_plugin_t*)ewf_h)->header_values == NULL ) { fprintf( stream, "\tNo information found in file.\n" ); } else { libewf_get_header_value_examiner_name(ewf_h, hash, 128); eprintf("ExaminerName: %s\n", hash); libewf_get_header_value_case_number(ewf_h, hash, 128); eprintf("CaseNumber: %s\n", hash); } #endif libewf_handle_get_format (ewf_h, &format, NULL); eprintf ("FormatVersion: %d\n", format); libewf_handle_get_compression_values (ewf_h, &compression_level, &compress_empty_block, NULL); eprintf ("CompressionLevel: %d\n", compression_level); libewf_handle_get_error_granularity (ewf_h, &error_granularity, NULL); eprintf ("ErrorGranurality: %d\n", error_granularity); //libewf_handle_get_number_of_sectors (ewf_h, &amount_of_sectors, NULL); //eprintf ("AmountOfSectors: %"PFMT64d"\n", amount_of_sectors); libewf_handle_get_bytes_per_sector (ewf_h, &bytes_per_sector, NULL); eprintf ("BytesPerSector: %d\n", bytes_per_sector); libewf_handle_get_media_size (ewf_h, &media_size, NULL); eprintf ("MediaSize: %"PFMT64d"\n", media_size); libewf_handle_get_media_type (ewf_h, &media_type, NULL); eprintf ("MediaType: %d\n", media_type); libewf_handle_get_media_flags (ewf_h, &media_flags, NULL); eprintf ("MediaFlags: %d\n", media_flags); libewf_handle_get_md5_hash (ewf_h, hash, 128, NULL); eprintf ("CalculatedHash: %s\n", hash); rewf = R_NEW (RIOEwf); rewf->handle = ewf_h; rewf->fd = RIOEWF_TO_FD (rewf); return r_io_desc_new (&r_io_plugin_shm, rewf->fd, pathname, rw, mode, rewf); }
/* * EwfGetInfofileContent */ static int EwfGetInfofileContent(void *p_handle, const char **pp_info_buf) { pts_EwfHandle p_ewf_handle=(pts_EwfHandle)p_handle; char *p_infobuf=NULL; int ret; char buf[512]; uint8_t uint8value; uint32_t uint32value; uint64_t uint64value; #define EWF_INFOBUF_REALLOC(size) { \ p_infobuf=(char*)realloc(p_infobuf,size); \ if(p_infobuf==NULL) return EWF_MEMALLOC_FAILED; \ } #define EWF_INFOBUF_APPEND_STR(str) { \ if(p_infobuf!=NULL) { \ EWF_INFOBUF_REALLOC(strlen(p_infobuf)+strlen(str)+1); \ strcpy(p_infobuf+strlen(p_infobuf),str); \ } else { \ EWF_INFOBUF_REALLOC(strlen(str)+1); \ strcpy(p_infobuf,str); \ } \ } #define EWF_INFOBUF_APPEND_VALUE(desc) { \ if(ret==1) { \ EWF_INFOBUF_APPEND_STR(desc); \ EWF_INFOBUF_APPEND_STR(buf); \ EWF_INFOBUF_APPEND_STR("\n"); \ } \ } EWF_INFOBUF_APPEND_STR("_Acquiry information_\n"); #ifdef HAVE_LIBEWF_V2_API #define EWF_GET_HEADER_VALUE(fun) { \ ret=fun(p_ewf_handle->h_ewf,(uint8_t*)buf,sizeof(buf),NULL); \ } EWF_GET_HEADER_VALUE(libewf_handle_get_utf8_header_value_case_number); EWF_INFOBUF_APPEND_VALUE("Case number: "); EWF_GET_HEADER_VALUE(libewf_handle_get_utf8_header_value_description); EWF_INFOBUF_APPEND_VALUE("Description: "); EWF_GET_HEADER_VALUE(libewf_handle_get_utf8_header_value_examiner_name); EWF_INFOBUF_APPEND_VALUE("Examiner: "); EWF_GET_HEADER_VALUE(libewf_handle_get_utf8_header_value_evidence_number); EWF_INFOBUF_APPEND_VALUE("Evidence number: "); EWF_GET_HEADER_VALUE(libewf_handle_get_utf8_header_value_notes); EWF_INFOBUF_APPEND_VALUE("Notes: "); EWF_GET_HEADER_VALUE(libewf_handle_get_utf8_header_value_acquiry_date); EWF_INFOBUF_APPEND_VALUE("Acquiry date: "); EWF_GET_HEADER_VALUE(libewf_handle_get_utf8_header_value_system_date); EWF_INFOBUF_APPEND_VALUE("System date: "); EWF_GET_HEADER_VALUE(libewf_handle_get_utf8_header_value_acquiry_operating_system); EWF_INFOBUF_APPEND_VALUE("Acquiry os: "); EWF_GET_HEADER_VALUE(libewf_handle_get_utf8_header_value_acquiry_software_version); EWF_INFOBUF_APPEND_VALUE("Acquiry sw version: "); EWF_GET_HEADER_VALUE(libewf_handle_get_utf8_header_value_model); EWF_INFOBUF_APPEND_VALUE("Model: "); EWF_GET_HEADER_VALUE(libewf_handle_get_utf8_header_value_serial_number); EWF_INFOBUF_APPEND_VALUE("Serial number: "); EWF_GET_HEADER_VALUE(libewf_handle_get_utf8_hash_value_md5); EWF_INFOBUF_APPEND_VALUE("MD5 hash: "); EWF_GET_HEADER_VALUE(libewf_handle_get_utf8_hash_value_sha1); EWF_INFOBUF_APPEND_VALUE("SHA1 hash: "); #undef EWF_GET_HEADER_VALUE #else #define EWF_GET_HEADER_VALUE(fun) { \ ret=fun(p_ewf_handle->h_ewf,buf,sizeof(buf)); \ } EWF_GET_HEADER_VALUE(libewf_get_header_value_case_number); EWF_INFOBUF_APPEND_VALUE("Case number: "); EWF_GET_HEADER_VALUE(libewf_get_header_value_description); EWF_INFOBUF_APPEND_VALUE("Description: "); EWF_GET_HEADER_VALUE(libewf_get_header_value_examiner_name); EWF_INFOBUF_APPEND_VALUE("Examiner: "); EWF_GET_HEADER_VALUE(libewf_get_header_value_evidence_number); EWF_INFOBUF_APPEND_VALUE("Evidence number: "); EWF_GET_HEADER_VALUE(libewf_get_header_value_notes); EWF_INFOBUF_APPEND_VALUE("Notes: "); EWF_GET_HEADER_VALUE(libewf_get_header_value_acquiry_date); EWF_INFOBUF_APPEND_VALUE("Acquiry date: "); EWF_GET_HEADER_VALUE(libewf_get_header_value_system_date); EWF_INFOBUF_APPEND_VALUE("System date: "); EWF_GET_HEADER_VALUE(libewf_get_header_value_acquiry_operating_system); EWF_INFOBUF_APPEND_VALUE("Acquiry os: "); EWF_GET_HEADER_VALUE(libewf_get_header_value_acquiry_software_version); EWF_INFOBUF_APPEND_VALUE("Acquiry sw version: "); EWF_GET_HEADER_VALUE(libewf_get_header_value_model); EWF_INFOBUF_APPEND_VALUE("Model: "); EWF_GET_HEADER_VALUE(libewf_get_header_value_serial_number); EWF_INFOBUF_APPEND_VALUE("Serial number: "); EWF_GET_HEADER_VALUE(libewf_get_hash_value_md5); EWF_INFOBUF_APPEND_VALUE("MD5 hash: "); EWF_GET_HEADER_VALUE(libewf_get_hash_value_sha1); EWF_INFOBUF_APPEND_VALUE("SHA1 hash: "); #undef EWF_GET_HEADER_VALUE #endif EWF_INFOBUF_APPEND_STR("\n_Media information_\n"); #ifdef HAVE_LIBEWF_V2_API ret=libewf_handle_get_media_type(p_ewf_handle->h_ewf,&uint8value,NULL); #else ret=libewf_get_media_type(p_ewf_handle->h_ewf,&uint8value); #endif if(ret==1) { EWF_INFOBUF_APPEND_STR("Media type: "); switch(uint8value) { case LIBEWF_MEDIA_TYPE_REMOVABLE: EWF_INFOBUF_APPEND_STR("removable disk\n"); break; case LIBEWF_MEDIA_TYPE_FIXED: EWF_INFOBUF_APPEND_STR("fixed disk\n"); break; case LIBEWF_MEDIA_TYPE_OPTICAL: EWF_INFOBUF_APPEND_STR("optical\n"); break; case LIBEWF_MEDIA_TYPE_SINGLE_FILES: EWF_INFOBUF_APPEND_STR("single files\n"); break; case LIBEWF_MEDIA_TYPE_MEMORY: EWF_INFOBUF_APPEND_STR("memory\n"); break; default: EWF_INFOBUF_APPEND_STR("unknown\n"); } } #ifdef HAVE_LIBEWF_V2_API ret=libewf_handle_get_bytes_per_sector(p_ewf_handle->h_ewf,&uint32value,NULL); sprintf(buf,"%" PRIu32,uint32value); EWF_INFOBUF_APPEND_VALUE("Bytes per sector: "); ret=libewf_handle_get_number_of_sectors(p_ewf_handle->h_ewf,&uint64value,NULL); sprintf(buf,"%" PRIu64,uint64value); EWF_INFOBUF_APPEND_VALUE("Number of sectors: "); #else ret=libewf_get_bytes_per_sector(p_ewf_handle->h_ewf,&uint32value); sprintf(buf,"%" PRIu32,uint32value); EWF_INFOBUF_APPEND_VALUE("Bytes per sector: "); ret=libewf_handle_get_amount_of_sectors(p_ewf_handle->h_ewf,&uint64value); sprintf(buf,"%" PRIu64,uint64value); EWF_INFOBUF_APPEND_VALUE("Number of sectors: "); #endif #undef EWF_INFOBUF_APPEND_VALUE #undef EWF_INFOBUF_APPEND_STR #undef EWF_INFOBUF_REALLOC *pp_info_buf=p_infobuf; return EWF_OK; }