Exemplos de tsk_fs_name_print_mac_md5 em C++ (Cpp)

Exemplo n.º 1

Arquivo: fls_lib.c Projeto: eugene7646/sleuthkit

/* this is a wrapper type function that takes care of the runtime
 * flags
 *
 * fs_attr should be set to NULL for all non-NTFS file systems
 */
static void
printit(TSK_FS_FILE * fs_file, const char *a_path,
    const TSK_FS_ATTR * fs_attr, const FLS_DATA * fls_data)
{
    TSK_FS_HASH_RESULTS hash_results;
	unsigned char null_buf[16];
    unsigned int i;

    if ((!(fls_data->flags & TSK_FS_FLS_FULL)) && (a_path)) {
        uint8_t printed = 0;
        // lazy way to find out how many dirs there could be
        for (i = 0; a_path[i] != '\0'; i++) {
            if ((a_path[i] == '/') && (i != 0)) {
                tsk_fprintf(stdout, "+");
                printed = 1;
            }
        }
        if (printed)
            tsk_fprintf(stdout, " ");
    }


    if (fls_data->flags & TSK_FS_FLS_MAC) {
        if (fls_data->flags & TSK_FS_FLS_HASH) {
            if(0 == tsk_fs_file_hash_calc(fs_file, &hash_results,
                TSK_BASE_HASH_MD5)){
				tsk_fs_name_print_mac_md5(stdout, fs_file, a_path, fs_attr,
					fls_data->macpre, fls_data->sec_skew,
					hash_results.md5_digest);
                                tsk_printf("\n");
			}
			else{
				// If the hash calculation had errors, pass in a buffer of nulls
				memset(null_buf, 0, 16);
				tsk_fs_name_print_mac_md5(stdout, fs_file, a_path, fs_attr,
					fls_data->macpre, fls_data->sec_skew,
					null_buf);
                                tsk_printf("\n");
			}
        }
        else {
            tsk_fs_name_print_mac(stdout, fs_file, a_path,
                fs_attr, fls_data->macpre, fls_data->sec_skew);
            tsk_printf("\n");
        }
    }
    else if (fls_data->flags & TSK_FS_FLS_LONG) {
        tsk_fs_name_print_long(stdout, fs_file, a_path, fs_file->fs_info,
            fs_attr, TSK_FS_FLS_FULL & fls_data->flags ? 1 : 0,
            fls_data->sec_skew);
        tsk_printf("\n");
    }
    else {
        tsk_fs_name_print(stdout, fs_file, a_path, fs_file->fs_info,
            fs_attr, TSK_FS_FLS_FULL & fls_data->flags ? 1 : 0);
        tsk_printf("\n");
    }
}

Exemplo n.º 2

Arquivo: fs_name.c Projeto: dmmd/sleuthkit

/**
 * \internal
 *
** Print output in the format that mactime reads.
**
** If the flags in the fs_file->meta structure are set to FS_FLAG_ALLOC
** then it is assumed that the inode has been reallocated and the
** contents are not displayed
**
** fs is not required (only used for block size).
 * @param hFile handle to print results to
 * @param fs_file File to print details about
 * @param a_path Parent directory of file (needs to end with "/")
 * @param fs_attr Attribute in file that is being called for (NULL for non-NTFS)
 * @param prefix Path of mounting point for image
 * @param time_skew number of seconds skew to adjust time
*/
void
tsk_fs_name_print_mac(FILE * hFile, const TSK_FS_FILE * fs_file,
    const char *a_path, const TSK_FS_ATTR * fs_attr,
    const char *prefix, int32_t time_skew)
{
	tsk_fs_name_print_mac_md5(hFile, fs_file, a_path, fs_attr, prefix, time_skew, NULL);
}