/* Returns 0 on success and 1 on error */
uint8_t
tsk_fs_fls(TSK_FS_INFO * fs, TSK_FS_FLS_FLAG_ENUM lclflags,
TSK_INUM_T inode, TSK_FS_DIR_WALK_FLAG_ENUM flags, TSK_TCHAR * tpre,
int32_t skew)
{
FLS_DATA data;
data.flags = lclflags;
data.sec_skew = skew;
#ifdef TSK_WIN32
{
size_t clen;
UTF8 *ptr8;
UTF16 *ptr16;
int retval;
if ((tpre != NULL) && (TSTRLEN(tpre) > 0)) {
clen = TSTRLEN(tpre) * 4;
data.macpre = (char *) tsk_malloc(clen);
if (data.macpre == NULL) {
return 1;
}
ptr8 = (UTF8 *) data.macpre;
ptr16 = (UTF16 *) tpre;
retval =
tsk_UTF16toUTF8_lclorder((const UTF16 **) &ptr16, (UTF16 *)
& ptr16[TSTRLEN(tpre) + 1], &ptr8,
(UTF8 *) ((uintptr_t) ptr8 + clen), TSKlenientConversion);
if (retval != TSKconversionOK) {
tsk_error_reset();
tsk_error_set_errno(TSK_ERR_FS_UNICODE);
tsk_error_set_errstr
("Error converting fls mactime pre-text to UTF-8 %d\n",
retval);
return 1;
}
}
else {
data.macpre = (char *) tsk_malloc(1);
if (data.macpre == NULL) {
return 1;
}
data.macpre[0] = '\0';
}
retval = tsk_fs_dir_walk(fs, inode, flags, print_dent_act, &data);
free(data.macpre);
data.macpre = NULL;
return retval;
}
#else
data.macpre = tpre;
return tsk_fs_dir_walk(fs, inode, flags, print_dent_act, &data);
#endif
}
/**
* Find the meta data address for a given file TCHAR name
*
* @param fs FS to analyze
* @param tpath Path of file to search for
* @param [out] result Meta data address of file
* @returns -1 on error, 0 if found, and 1 if not found
*/
int8_t
tsk_fs_ifind_path(TSK_FS_INFO * fs, TSK_TCHAR * tpath, TSK_INUM_T * result)
{
#ifdef TSK_WIN32
// Convert the UTF-16 path to UTF-8
{
size_t clen;
UTF8 *ptr8;
UTF16 *ptr16;
int retval;
char *cpath;
clen = TSTRLEN(tpath) * 4;
if ((cpath = (char *) tsk_malloc(clen)) == NULL) {
return -1;
}
ptr8 = (UTF8 *) cpath;
ptr16 = (UTF16 *) tpath;
retval =
tsk_UTF16toUTF8_lclorder((const UTF16 **) &ptr16, (UTF16 *)
& ptr16[TSTRLEN(tpath) + 1], &ptr8,
(UTF8 *) ((uintptr_t) ptr8 + clen), TSKlenientConversion);
if (retval != TSKconversionOK) {
tsk_error_reset();
tsk_error_set_errno(TSK_ERR_FS_UNICODE);
tsk_error_set_errstr
("tsk_fs_ifind_path: Error converting path to UTF-8: %d",
retval);
free(cpath);
return -1;
}
return tsk_fs_path2inum(fs, cpath, result, NULL);
}
#else
return tsk_fs_path2inum(fs, (const char *) tpath, result, NULL);
#endif
}
TSK_IMG_INFO *
aff_open(const TSK_TCHAR * const images[], unsigned int a_ssize)
{
IMG_AFF_INFO *aff_info;
TSK_IMG_INFO *img_info;
int type;
char *image;
#ifdef TSK_WIN32
// convert wchar_t* image path to char* to conform to
// the AFFLIB API
UTF16 *utf16 = (UTF16 *)images[0];
size_t ilen = wcslen(utf16);
size_t olen = ilen*4 + 1;
UTF8 *utf8 = (UTF8 *) tsk_malloc(olen);
image = (char *) utf8;
if ( image == NULL )
return NULL;
TSKConversionResult retval =
tsk_UTF16toUTF8_lclorder( (const UTF16 **) &utf16,
&utf16[ilen], &utf8,
&utf8[olen], TSKlenientConversion );
*utf8 = '\0';
if (retval != TSKconversionOK) {
tsk_error_reset();
tsk_error_set_errno(TSK_ERR_FS_UNICODE);
tsk_error_set_errstr("aff_open file: %" PRIttocTSK
": Error converting path to UTF-8 %d\n",
images[0], retval);
free(image);
return NULL;
}
utf8 = (UTF8 *) image;
while ( *utf8 ) {
if ( *utf8 > 127 ) {
tsk_error_reset();
tsk_error_set_errno(TSK_ERR_FS_UNICODE);
tsk_error_set_errstr("aff_open file: %" PRIttocTSK
": Non-Latin paths are not supported for AFF images\n",
images[0]);
free(image);
return NULL;
}
utf8++;
}
#else
image = (char *) tsk_malloc( strlen(images[0])+1 );
if ( image == NULL )
return NULL;
strncpy(image, images[0], strlen(images[0])+1 );
#endif
if ((aff_info =
(IMG_AFF_INFO *) tsk_img_malloc(sizeof(IMG_AFF_INFO))) ==
NULL) {
free(image);
return NULL;
}
img_info = (TSK_IMG_INFO *) aff_info;
img_info->read = aff_read;
img_info->close = aff_close;
img_info->imgstat = aff_imgstat;
img_info->sector_size = 512;
if (a_ssize)
img_info->sector_size = a_ssize;
type = af_identify_file_type(image, 1);
if ((type == AF_IDENTIFY_ERR) || (type == AF_IDENTIFY_NOEXIST)) {
if (tsk_verbose) {
tsk_fprintf(stderr,
"aff_open: Error determining type of file: %" PRIttocTSK
"\n", images[0]);
perror("aff_open");
}
tsk_error_reset();
tsk_error_set_errno(TSK_ERR_IMG_OPEN);
tsk_error_set_errstr("aff_open file: %" PRIttocTSK
": Error checking type", images[0]);
tsk_img_free(aff_info);
free(image);
return NULL;
}
else if (type == AF_IDENTIFY_AFF) {
img_info->itype = TSK_IMG_TYPE_AFF_AFF;
}
else if (type == AF_IDENTIFY_AFD) {
img_info->itype = TSK_IMG_TYPE_AFF_AFD;
}
else if (type == AF_IDENTIFY_AFM) {
img_info->itype = TSK_IMG_TYPE_AFF_AFM;
}
else {
img_info->itype = TSK_IMG_TYPE_AFF_ANY;
}
aff_info->af_file = af_open(image, O_RDONLY | O_BINARY, 0);
if (!aff_info->af_file) {
// @@@ Need to check here if the open failed because of an incorrect password.
tsk_error_reset();
tsk_error_set_errno(TSK_ERR_IMG_OPEN);
tsk_error_set_errstr("aff_open file: %" PRIttocTSK
": Error opening - %s", images[0], strerror(errno));
tsk_img_free(aff_info);
if (tsk_verbose) {
tsk_fprintf(stderr, "Error opening AFF/AFD/AFM file\n");
perror("aff_open");
}
free(image);
return NULL;
}
// verify that a password was given and we can read encrypted data.
if (af_cannot_decrypt(aff_info->af_file)) {
tsk_error_reset();
tsk_error_set_errno(TSK_ERR_IMG_PASSWD);
tsk_error_set_errstr("aff_open file: %" PRIttocTSK, images[0]);
tsk_img_free(aff_info);
if (tsk_verbose) {
tsk_fprintf(stderr,
"Error opening AFF/AFD/AFM file (incorrect password)\n");
}
free(image);
return NULL;
}
aff_info->type = type;
img_info->size = af_imagesize(aff_info->af_file);
af_seek(aff_info->af_file, 0, SEEK_SET);
aff_info->seek_pos = 0;
free(image);
return img_info;
}
/* This interface needs some more thought because the size of wchar is not standard.
* If the goal i to provide a constant wchar interface, then we need to incorporate
* UTF-32 to UTF-8 support as well. If the goal is to provide a standard UTF-16
* interface, we should use another type besiddes wchar_t.
*/
TSK_IMG_INFO *
tsk_img_open_utf16(int num_img,
wchar_t * const images[], TSK_IMG_TYPE_ENUM type)
{
#if TSK_WIN32
return tsk_img_open(num_img, images, type);
#else
{
TSK_IMG_INFO *retval;
int i;
char **images8;
TSK_ENDIAN_ENUM endian;
uint16_t tmp1;
/* The unicode conversio routines are primarily to convert Unicode
* in file and volume system images, which means they could be in
* an endian ordering different from the local one. We need to figure
* out our local ordering so we can give it the right flag */
tmp1 = 1;
if (tsk_guess_end_u16(&endian, (uint8_t *) & tmp1, 1)) {
// @@@@
return NULL;
}
// convert UTF16 to UTF8
if ((images8 =
(char **) tsk_malloc(sizeof(char *) * num_img)) == NULL) {
return NULL;
}
for (i = 0; i < num_img; i++) {
size_t ilen;
UTF16 *utf16;
UTF8 *utf8;
TSKConversionResult retval2;
// we allocate the buffer to be four times the utf-16 length.
ilen = wcslen(images[i]);
ilen <<= 2;
if ((images8[i] = (char *) tsk_malloc(ilen)) == NULL) {
return NULL;
}
utf16 = (UTF16 *) images[i];
utf8 = (UTF8 *) images8[i];
retval2 =
tsk_UTF16toUTF8_lclorder((const UTF16 **) &utf16,
&utf16[wcslen(images[i]) + 1], &utf8,
&utf8[ilen + 1], TSKlenientConversion);
if (retval2 != TSKconversionOK) {
tsk_errno = TSK_ERR_IMG_CONVERT;
snprintf(tsk_errstr, TSK_ERRSTR_L,
"tsk_img_open_utf16: Error converting image %d %d", i,
retval2);
return NULL;
}
*utf8 = '\0';
}
retval = tsk_img_open(num_img, (const TSK_TCHAR **) images8, type);
for (i = 0; i < num_img; i++) {
free(images8[i]);
}
free(images8);
return retval;
}
#endif
}
int TskImageFileTsk::extractFiles()
{
// @@@ Add Sanity check that DB is empty
if (m_img_info == NULL) {
LOGERROR(L"TskImageFileTsk::extractFiles: Images not open yet\n");
return 1;
}
m_db.addImageInfo((int)m_img_info->itype, m_img_info->sector_size);
for (uint32_t i = 0; i < m_images.size(); i++) {
char *img_ptr = NULL;
#ifdef TSK_WIN32
char img2[1024];
UTF8 *ptr8;
UTF16 *ptr16;
ptr8 = (UTF8 *) img2;
ptr16 = (UTF16 *) m_images_ptrs[i];
TSKConversionResult retval =
tsk_UTF16toUTF8_lclorder((const UTF16 **) &ptr16, (UTF16 *)
& ptr16[wcslen(m_images_ptrs[i]) + 1], &ptr8,
(UTF8 *) ((uintptr_t) ptr8 + 1024), TSKlenientConversion);
if (retval != TSKconversionOK)
{
std::wstringstream msg;
msg << L"TskImageFileTsk::extractFiles: Error converting image to UTF-8" << std::endl;
LOGERROR(msg.str());
return 1;
}
img_ptr = img2;
#else
img_ptr = (char *) a_images[i];
#endif
m_db.addImageName(img_ptr);
}
TSKAutoImpl tskAutoImpl;
if (tskAutoImpl.openImage(m_img_info))
{
std::wstringstream msg;
msg << L"TSKExtract::processImage - Error opening image: " << tsk_error_get() << std::endl;
LOGERROR(msg.str());
return 1;
}
// TskAutoImpl will log errors as they occur
tskAutoImpl.findFilesInImg();
// It's possible that this is an image with no volumes or file systems.
// Scan the image for file systems starting at sector 0.
// By default it will scan 1024 sectors.
if (m_db.getNumVolumes() == 0)
{
tskAutoImpl.scanImgForFs(0);
}
return 0;
}
