disk_t *fewf_init(const char *device, const int mode)
{
unsigned int num_files=0;
char **filenames= NULL;
disk_t *disk=NULL;
struct info_fewf_struct *data;
#if !defined( HAVE_LIBEWF_V2_API ) && defined( HAVE_GLOB_H )
glob_t globbuf;
#endif
data=(struct info_fewf_struct *)MALLOC(sizeof(struct info_fewf_struct));
memset(data, 0, sizeof(struct info_fewf_struct));
data->file_name = strdup(device);
data->handle=NULL;
data->mode = mode;
#ifdef DEBUG_EWF
#if defined( HAVE_LIBEWF_V2_API )
libewf_notify_set_stream( stderr, NULL );
libewf_notify_set_verbose( 1 );
#else
libewf_set_notify_values( stderr, 1 );
#endif
#endif
#if defined( HAVE_LIBEWF_V2_API )
if( libewf_glob(
data->file_name,
strlen(data->file_name),
LIBEWF_FORMAT_UNKNOWN,
&filenames,
(int *)&num_files,
NULL ) != 1 )
{
log_error("libewf_glob failed\n");
free(data);
return NULL;
}
#elif defined( HAVE_GLOB_H )
{
globbuf.gl_offs = 0;
glob(data->file_name, GLOB_DOOFFS, NULL, &globbuf);
if(globbuf.gl_pathc>0)
{
filenames=(char **)MALLOC(globbuf.gl_pathc * sizeof(*filenames));
for (num_files=0; num_files<globbuf.gl_pathc; num_files++) {
filenames[num_files]=globbuf.gl_pathv[num_files];
}
}
}
if(filenames==NULL)
{
globfree(&globbuf);
free(data);
return NULL;
}
#else
{
filenames=(char **)MALLOC(1*sizeof(*filenames));
filenames[num_files] = data->file_name;
num_files++;
}
#endif
if((mode&TESTDISK_O_RDWR)==TESTDISK_O_RDWR)
{
#if defined( HAVE_LIBEWF_V2_API )
if( libewf_handle_initialize(
&( data->handle ),
NULL ) != 1 )
{
log_error("libewf_handle_initialize failed\n");
libewf_glob_free(
filenames,
num_files,
NULL );
free(data);
return NULL;
}
if( libewf_handle_open(
data->handle,
filenames,
num_files,
LIBEWF_OPEN_READ_WRITE,
NULL ) != 1 )
{
log_error("libewf_handle_open(%s) failed\n", device);
}
#else
data->handle=libewf_open(filenames, num_files, LIBEWF_OPEN_READ_WRITE);
if(data->handle==NULL)
{
log_error("libewf_open(%s) failed\n", device);
}
#endif /* defined( HAVE_LIBEWF_V2_API ) */
}
if(data->handle==NULL)
{
data->mode&=~TESTDISK_O_RDWR;
#if defined( HAVE_LIBEWF_V2_API )
if( libewf_handle_initialize(
&( data->handle ),
NULL ) != 1 )
{
log_error("libewf_handle_initialize failed\n");
libewf_glob_free(
filenames,
num_files,
NULL );
free(data);
return NULL;
}
if( libewf_handle_open(
data->handle,
filenames,
num_files,
LIBEWF_OPEN_READ,
NULL ) != 1 )
{
log_error("libewf_handle_open(%s) failed\n", device);
libewf_handle_free(
&( data->handle ),
NULL );
libewf_glob_free(
filenames,
num_files,
NULL );
free(data);
return NULL;
}
#else
data->handle=libewf_open(filenames, num_files, LIBEWF_OPEN_READ);
if(data->handle==NULL)
{
log_error("libewf_open(%s) failed\n", device);
#if defined( HAVE_GLOB_H )
globfree(&globbuf);
#endif
free(filenames);
free(data);
return NULL;
}
#endif /* defined( HAVE_LIBEWF_V2_API ) */
}
#if defined( HAVE_LIBEWF_V2_API )
if( libewf_handle_set_header_values_date_format(
data->handle,
LIBEWF_DATE_FORMAT_DAYMONTH,
NULL ) != 1 )
{
log_error("%s Unable to set header values date format\n", device);
}
#else
if( libewf_parse_header_values( data->handle, LIBEWF_DATE_FORMAT_DAYMONTH) != 1 )
{
log_error("%s Unable to parse EWF header values\n", device);
}
#endif
disk=(disk_t *)MALLOC(sizeof(*disk));
init_disk(disk);
disk->arch=&arch_none;
disk->device=strdup(device);
disk->data=data;
disk->description=fewf_description;
disk->description_short=fewf_description_short;
disk->pread_fast=fewf_pread_fast;
disk->pread=fewf_pread;
disk->pwrite=(data->mode&TESTDISK_O_RDWR?fewf_pwrite:fewf_nopwrite);
disk->sync=fewf_sync;
disk->access_mode=(data->mode&TESTDISK_O_RDWR);
disk->clean=fewf_clean;
#if defined( HAVE_LIBEWF_V2_API ) || defined( LIBEWF_GET_BYTES_PER_SECTOR_HAVE_TWO_ARGUMENTS )
{
uint32_t bytes_per_sector = 0;
#if defined( HAVE_LIBEWF_V2_API )
if( libewf_handle_get_bytes_per_sector(
data->handle,
&bytes_per_sector,
NULL ) != 1 )
#else
if( libewf_get_bytes_per_sector(data->handle, &bytes_per_sector)<0)
#endif
{
disk->sector_size=DEFAULT_SECTOR_SIZE;
}
else
{
disk->sector_size=bytes_per_sector;
}
}
#else
disk->sector_size=libewf_get_bytes_per_sector(data->handle);
#endif
// printf("libewf_get_bytes_per_sector %u\n",disk->sector_size);
if(disk->sector_size==0)
disk->sector_size=DEFAULT_SECTOR_SIZE;
/* Set geometry */
disk->geom.cylinders=0;
disk->geom.heads_per_cylinder=1;
disk->geom.sectors_per_head=1;
disk->geom.bytes_per_sector=disk->sector_size;
/* Get disk_real_size */
#if defined( HAVE_LIBEWF_V2_API ) || defined( LIBEWF_GET_MEDIA_SIZE_HAVE_TWO_ARGUMENTS )
{
size64_t media_size = 0;
#if defined( HAVE_LIBEWF_V2_API )
if( libewf_handle_get_media_size(
data->handle,
&media_size,
NULL ) != 1 )
#else
if(libewf_get_media_size(data->handle, &media_size)<0)
#endif
{
disk->disk_real_size=0;
}
else
{
disk->disk_real_size=media_size;
}
}
#else
disk->disk_real_size=libewf_get_media_size(data->handle);
#endif
update_disk_car_fields(disk);
#if defined( HAVE_LIBEWF_V2_API )
libewf_glob_free(
filenames,
num_files,
NULL );
#else
#if defined( HAVE_GLOB_H )
globfree(&globbuf);
#endif
free(filenames);
#endif
return disk;
}
static RIODesc *ewf__open(RIO *io, const char *pathname, int rw, int mode) {
RIOEwf *rewf;
libewf_handle_t *ewf_h;
// XXX filename list should be dynamic. 1024 limit is ugly
const char *filenames[1024];
char *ptr,*optr;
ut8 hash[1024];
size64_t media_size;
uint32_t bytes_per_sector;
//uint64_t amount_of_sectors;
uint32_t error_granularity;
//uint32_t amount_of_acquiry_errors;
int8_t compression_level;
uint8_t media_type;
uint8_t media_flags;
uint8_t compress_empty_block;
uint8_t format;
int i;
if (!memcmp (pathname, "els://", 6)) {
FILE *fd = r_sandbox_fopen (pathname+6, "r");
ut64 len;
char *buf;
if (fd == NULL)
return NULL;
fseek (fd, 0, SEEK_END);
len = ftell (fd);
fseek(fd, 0, SEEK_SET);
buf = (char *)malloc (len);
fread (buf, len, 1, fd);
ptr = strchr (buf, '\n');
for (i=0, optr = buf; ptr&&(ptr=strchr(ptr, '\n')); optr=ptr) {
*ptr = '\0';
ptr++;
filenames[i++] = optr;
}
filenames[i] = NULL;
free (buf);
fclose (fd);
for (i=0; filenames[i]; i++)
eprintf ("%02x: %s)\n", i, filenames[i]);
} else {
filenames[0] = pathname + 6;
filenames[1] = NULL;
}
libewf_handle_initialize (&ewf_h, NULL);
if (libewf_handle_open (ewf_h, (char * const *)filenames, (int)1, rw?
LIBEWF_OPEN_READ_WRITE: LIBEWF_OPEN_READ, NULL) != 1)
return NULL;
#if 0
if( ((libewf_internal_plugin_t*)ewf_h)->header_values == NULL ) {
fprintf( stream, "\tNo information found in file.\n" );
} else {
libewf_get_header_value_examiner_name(ewf_h, hash, 128);
eprintf("ExaminerName: %s\n", hash);
libewf_get_header_value_case_number(ewf_h, hash, 128);
eprintf("CaseNumber: %s\n", hash);
}
#endif
libewf_handle_get_format (ewf_h, &format, NULL);
eprintf ("FormatVersion: %d\n", format);
libewf_handle_get_compression_values (ewf_h,
&compression_level, &compress_empty_block, NULL);
eprintf ("CompressionLevel: %d\n", compression_level);
libewf_handle_get_error_granularity (ewf_h, &error_granularity, NULL);
eprintf ("ErrorGranurality: %d\n", error_granularity);
//libewf_handle_get_number_of_sectors (ewf_h, &amount_of_sectors, NULL);
//eprintf ("AmountOfSectors: %"PFMT64d"\n", amount_of_sectors);
libewf_handle_get_bytes_per_sector (ewf_h, &bytes_per_sector, NULL);
eprintf ("BytesPerSector: %d\n", bytes_per_sector);
libewf_handle_get_media_size (ewf_h, &media_size, NULL);
eprintf ("MediaSize: %"PFMT64d"\n", media_size);
libewf_handle_get_media_type (ewf_h, &media_type, NULL);
eprintf ("MediaType: %d\n", media_type);
libewf_handle_get_media_flags (ewf_h, &media_flags, NULL);
eprintf ("MediaFlags: %d\n", media_flags);
libewf_handle_get_md5_hash (ewf_h, hash, 128, NULL);
eprintf ("CalculatedHash: %s\n", hash);
rewf = R_NEW (RIOEwf);
rewf->handle = ewf_h;
rewf->fd = RIOEWF_TO_FD (rewf);
return r_io_desc_new (&r_io_plugin_shm, rewf->fd, pathname, rw, mode, rewf);
}
/*
* EwfGetInfofileContent
*/
static int EwfGetInfofileContent(void *p_handle, const char **pp_info_buf) {
pts_EwfHandle p_ewf_handle=(pts_EwfHandle)p_handle;
char *p_infobuf=NULL;
int ret;
char buf[512];
uint8_t uint8value;
uint32_t uint32value;
uint64_t uint64value;
#define EWF_INFOBUF_REALLOC(size) { \
p_infobuf=(char*)realloc(p_infobuf,size); \
if(p_infobuf==NULL) return EWF_MEMALLOC_FAILED; \
}
#define EWF_INFOBUF_APPEND_STR(str) { \
if(p_infobuf!=NULL) { \
EWF_INFOBUF_REALLOC(strlen(p_infobuf)+strlen(str)+1); \
strcpy(p_infobuf+strlen(p_infobuf),str); \
} else { \
EWF_INFOBUF_REALLOC(strlen(str)+1); \
strcpy(p_infobuf,str); \
} \
}
#define EWF_INFOBUF_APPEND_VALUE(desc) { \
if(ret==1) { \
EWF_INFOBUF_APPEND_STR(desc); \
EWF_INFOBUF_APPEND_STR(buf); \
EWF_INFOBUF_APPEND_STR("\n"); \
} \
}
EWF_INFOBUF_APPEND_STR("_Acquiry information_\n");
#ifdef HAVE_LIBEWF_V2_API
#define EWF_GET_HEADER_VALUE(fun) { \
ret=fun(p_ewf_handle->h_ewf,(uint8_t*)buf,sizeof(buf),NULL); \
}
EWF_GET_HEADER_VALUE(libewf_handle_get_utf8_header_value_case_number);
EWF_INFOBUF_APPEND_VALUE("Case number: ");
EWF_GET_HEADER_VALUE(libewf_handle_get_utf8_header_value_description);
EWF_INFOBUF_APPEND_VALUE("Description: ");
EWF_GET_HEADER_VALUE(libewf_handle_get_utf8_header_value_examiner_name);
EWF_INFOBUF_APPEND_VALUE("Examiner: ");
EWF_GET_HEADER_VALUE(libewf_handle_get_utf8_header_value_evidence_number);
EWF_INFOBUF_APPEND_VALUE("Evidence number: ");
EWF_GET_HEADER_VALUE(libewf_handle_get_utf8_header_value_notes);
EWF_INFOBUF_APPEND_VALUE("Notes: ");
EWF_GET_HEADER_VALUE(libewf_handle_get_utf8_header_value_acquiry_date);
EWF_INFOBUF_APPEND_VALUE("Acquiry date: ");
EWF_GET_HEADER_VALUE(libewf_handle_get_utf8_header_value_system_date);
EWF_INFOBUF_APPEND_VALUE("System date: ");
EWF_GET_HEADER_VALUE(libewf_handle_get_utf8_header_value_acquiry_operating_system);
EWF_INFOBUF_APPEND_VALUE("Acquiry os: ");
EWF_GET_HEADER_VALUE(libewf_handle_get_utf8_header_value_acquiry_software_version);
EWF_INFOBUF_APPEND_VALUE("Acquiry sw version: ");
EWF_GET_HEADER_VALUE(libewf_handle_get_utf8_header_value_model);
EWF_INFOBUF_APPEND_VALUE("Model: ");
EWF_GET_HEADER_VALUE(libewf_handle_get_utf8_header_value_serial_number);
EWF_INFOBUF_APPEND_VALUE("Serial number: ");
EWF_GET_HEADER_VALUE(libewf_handle_get_utf8_hash_value_md5);
EWF_INFOBUF_APPEND_VALUE("MD5 hash: ");
EWF_GET_HEADER_VALUE(libewf_handle_get_utf8_hash_value_sha1);
EWF_INFOBUF_APPEND_VALUE("SHA1 hash: ");
#undef EWF_GET_HEADER_VALUE
#else
#define EWF_GET_HEADER_VALUE(fun) { \
ret=fun(p_ewf_handle->h_ewf,buf,sizeof(buf)); \
}
EWF_GET_HEADER_VALUE(libewf_get_header_value_case_number);
EWF_INFOBUF_APPEND_VALUE("Case number: ");
EWF_GET_HEADER_VALUE(libewf_get_header_value_description);
EWF_INFOBUF_APPEND_VALUE("Description: ");
EWF_GET_HEADER_VALUE(libewf_get_header_value_examiner_name);
EWF_INFOBUF_APPEND_VALUE("Examiner: ");
EWF_GET_HEADER_VALUE(libewf_get_header_value_evidence_number);
EWF_INFOBUF_APPEND_VALUE("Evidence number: ");
EWF_GET_HEADER_VALUE(libewf_get_header_value_notes);
EWF_INFOBUF_APPEND_VALUE("Notes: ");
EWF_GET_HEADER_VALUE(libewf_get_header_value_acquiry_date);
EWF_INFOBUF_APPEND_VALUE("Acquiry date: ");
EWF_GET_HEADER_VALUE(libewf_get_header_value_system_date);
EWF_INFOBUF_APPEND_VALUE("System date: ");
EWF_GET_HEADER_VALUE(libewf_get_header_value_acquiry_operating_system);
EWF_INFOBUF_APPEND_VALUE("Acquiry os: ");
EWF_GET_HEADER_VALUE(libewf_get_header_value_acquiry_software_version);
EWF_INFOBUF_APPEND_VALUE("Acquiry sw version: ");
EWF_GET_HEADER_VALUE(libewf_get_header_value_model);
EWF_INFOBUF_APPEND_VALUE("Model: ");
EWF_GET_HEADER_VALUE(libewf_get_header_value_serial_number);
EWF_INFOBUF_APPEND_VALUE("Serial number: ");
EWF_GET_HEADER_VALUE(libewf_get_hash_value_md5);
EWF_INFOBUF_APPEND_VALUE("MD5 hash: ");
EWF_GET_HEADER_VALUE(libewf_get_hash_value_sha1);
EWF_INFOBUF_APPEND_VALUE("SHA1 hash: ");
#undef EWF_GET_HEADER_VALUE
#endif
EWF_INFOBUF_APPEND_STR("\n_Media information_\n");
#ifdef HAVE_LIBEWF_V2_API
ret=libewf_handle_get_media_type(p_ewf_handle->h_ewf,&uint8value,NULL);
#else
ret=libewf_get_media_type(p_ewf_handle->h_ewf,&uint8value);
#endif
if(ret==1) {
EWF_INFOBUF_APPEND_STR("Media type: ");
switch(uint8value) {
case LIBEWF_MEDIA_TYPE_REMOVABLE:
EWF_INFOBUF_APPEND_STR("removable disk\n");
break;
case LIBEWF_MEDIA_TYPE_FIXED:
EWF_INFOBUF_APPEND_STR("fixed disk\n");
break;
case LIBEWF_MEDIA_TYPE_OPTICAL:
EWF_INFOBUF_APPEND_STR("optical\n");
break;
case LIBEWF_MEDIA_TYPE_SINGLE_FILES:
EWF_INFOBUF_APPEND_STR("single files\n");
break;
case LIBEWF_MEDIA_TYPE_MEMORY:
EWF_INFOBUF_APPEND_STR("memory\n");
break;
default:
EWF_INFOBUF_APPEND_STR("unknown\n");
}
}
#ifdef HAVE_LIBEWF_V2_API
ret=libewf_handle_get_bytes_per_sector(p_ewf_handle->h_ewf,&uint32value,NULL);
sprintf(buf,"%" PRIu32,uint32value);
EWF_INFOBUF_APPEND_VALUE("Bytes per sector: ");
ret=libewf_handle_get_number_of_sectors(p_ewf_handle->h_ewf,&uint64value,NULL);
sprintf(buf,"%" PRIu64,uint64value);
EWF_INFOBUF_APPEND_VALUE("Number of sectors: ");
#else
ret=libewf_get_bytes_per_sector(p_ewf_handle->h_ewf,&uint32value);
sprintf(buf,"%" PRIu32,uint32value);
EWF_INFOBUF_APPEND_VALUE("Bytes per sector: ");
ret=libewf_handle_get_amount_of_sectors(p_ewf_handle->h_ewf,&uint64value);
sprintf(buf,"%" PRIu64,uint64value);
EWF_INFOBUF_APPEND_VALUE("Number of sectors: ");
#endif
#undef EWF_INFOBUF_APPEND_VALUE
#undef EWF_INFOBUF_APPEND_STR
#undef EWF_INFOBUF_REALLOC
*pp_info_buf=p_infobuf;
return EWF_OK;
}
