コード例 #1
0
ファイル: fls_lib.c プロジェクト: nrv3/sleuthkit 
/* this is a wrapper type function that takes care of the runtime
 * flags
 *
 * fs_attr should be set to NULL for all non-NTFS file systems
 */
static void
printit(TSK_FS_FILE * fs_file, const char *a_path,
        const TSK_FS_ATTR * fs_attr, const FLS_DATA * fls_data)
{
    unsigned int i;

    if ((!(fls_data->flags & TSK_FS_FLS_FULL)) && (a_path)) {
        uint8_t printed = 0;
        // lazy way to find out how many dirs there could be
        for (i = 0; a_path[i] != '\0'; i++) {
            if ((a_path[i] == '/') && (i != 0)) {
                tsk_fprintf(stdout, "+");
                printed = 1;
            }
        }
        if (printed)
            tsk_fprintf(stdout, " ");
    }


    if (fls_data->flags & TSK_FS_FLS_MAC) {
        tsk_fs_name_print_mac(stdout, fs_file, a_path,
                              fs_attr, fls_data->macpre, fls_data->sec_skew);
    }
    else if (fls_data->flags & TSK_FS_FLS_LONG) {
        tsk_fs_name_print_long(stdout, fs_file, a_path, fs_file->fs_info,
                               fs_attr, TSK_FS_FLS_FULL & fls_data->flags ? 1 : 0,
                               fls_data->sec_skew);
    }
    else {
        tsk_fs_name_print(stdout, fs_file, a_path, fs_file->fs_info,
                          fs_attr, TSK_FS_FLS_FULL & fls_data->flags ? 1 : 0);
        tsk_printf("\n");
    }
}
コード例 #2
0
ファイル: fls_lib.c プロジェクト: eugene7646/sleuthkit 
/* this is a wrapper type function that takes care of the runtime
 * flags
 *
 * fs_attr should be set to NULL for all non-NTFS file systems
 */
static void
printit(TSK_FS_FILE * fs_file, const char *a_path,
    const TSK_FS_ATTR * fs_attr, const FLS_DATA * fls_data)
{
    TSK_FS_HASH_RESULTS hash_results;
	unsigned char null_buf[16];
    unsigned int i;

    if ((!(fls_data->flags & TSK_FS_FLS_FULL)) && (a_path)) {
        uint8_t printed = 0;
        // lazy way to find out how many dirs there could be
        for (i = 0; a_path[i] != '\0'; i++) {
            if ((a_path[i] == '/') && (i != 0)) {
                tsk_fprintf(stdout, "+");
                printed = 1;
            }
        }
        if (printed)
            tsk_fprintf(stdout, " ");
    }


    if (fls_data->flags & TSK_FS_FLS_MAC) {
        if (fls_data->flags & TSK_FS_FLS_HASH) {
            if(0 == tsk_fs_file_hash_calc(fs_file, &hash_results,
                TSK_BASE_HASH_MD5)){
				tsk_fs_name_print_mac_md5(stdout, fs_file, a_path, fs_attr,
					fls_data->macpre, fls_data->sec_skew,
					hash_results.md5_digest);
                                tsk_printf("\n");
			}
			else{
				// If the hash calculation had errors, pass in a buffer of nulls
				memset(null_buf, 0, 16);
				tsk_fs_name_print_mac_md5(stdout, fs_file, a_path, fs_attr,
					fls_data->macpre, fls_data->sec_skew,
					null_buf);
                                tsk_printf("\n");
			}
        }
        else {
            tsk_fs_name_print_mac(stdout, fs_file, a_path,
                fs_attr, fls_data->macpre, fls_data->sec_skew);
            tsk_printf("\n");
        }
    }
    else if (fls_data->flags & TSK_FS_FLS_LONG) {
        tsk_fs_name_print_long(stdout, fs_file, a_path, fs_file->fs_info,
            fs_attr, TSK_FS_FLS_FULL & fls_data->flags ? 1 : 0,
            fls_data->sec_skew);
        tsk_printf("\n");
    }
    else {
        tsk_fs_name_print(stdout, fs_file, a_path, fs_file->fs_info,
            fs_attr, TSK_FS_FLS_FULL & fls_data->flags ? 1 : 0);
        tsk_printf("\n");
    }
}