static RIODesc *ewf__open(RIO *io, const char *pathname, int rw, int mode) {
RIOEwf *rewf;
libewf_handle_t *ewf_h;
// XXX filename list should be dynamic. 1024 limit is ugly
const char *filenames[1024];
char *ptr,*optr;
ut8 hash[1024];
size64_t media_size;
uint32_t bytes_per_sector;
//uint64_t amount_of_sectors;
uint32_t error_granularity;
//uint32_t amount_of_acquiry_errors;
int8_t compression_level;
uint8_t media_type;
uint8_t media_flags;
uint8_t compress_empty_block;
uint8_t format;
int i;
if (!memcmp (pathname, "els://", 6)) {
FILE *fd = r_sandbox_fopen (pathname+6, "r");
ut64 len;
char *buf;
if (fd == NULL)
return NULL;
fseek (fd, 0, SEEK_END);
len = ftell (fd);
fseek(fd, 0, SEEK_SET);
buf = (char *)malloc (len);
fread (buf, len, 1, fd);
ptr = strchr (buf, '\n');
for (i=0, optr = buf; ptr&&(ptr=strchr(ptr, '\n')); optr=ptr) {
*ptr = '\0';
ptr++;
filenames[i++] = optr;
}
filenames[i] = NULL;
free (buf);
fclose (fd);
for (i=0; filenames[i]; i++)
eprintf ("%02x: %s)\n", i, filenames[i]);
} else {
filenames[0] = pathname + 6;
filenames[1] = NULL;
}
libewf_handle_initialize (&ewf_h, NULL);
if (libewf_handle_open (ewf_h, (char * const *)filenames, (int)1, rw?
LIBEWF_OPEN_READ_WRITE: LIBEWF_OPEN_READ, NULL) != 1)
return NULL;
#if 0
if( ((libewf_internal_plugin_t*)ewf_h)->header_values == NULL ) {
fprintf( stream, "\tNo information found in file.\n" );
} else {
libewf_get_header_value_examiner_name(ewf_h, hash, 128);
eprintf("ExaminerName: %s\n", hash);
libewf_get_header_value_case_number(ewf_h, hash, 128);
eprintf("CaseNumber: %s\n", hash);
}
#endif
libewf_handle_get_format (ewf_h, &format, NULL);
eprintf ("FormatVersion: %d\n", format);
libewf_handle_get_compression_values (ewf_h,
&compression_level, &compress_empty_block, NULL);
eprintf ("CompressionLevel: %d\n", compression_level);
libewf_handle_get_error_granularity (ewf_h, &error_granularity, NULL);
eprintf ("ErrorGranurality: %d\n", error_granularity);
//libewf_handle_get_number_of_sectors (ewf_h, &amount_of_sectors, NULL);
//eprintf ("AmountOfSectors: %"PFMT64d"\n", amount_of_sectors);
libewf_handle_get_bytes_per_sector (ewf_h, &bytes_per_sector, NULL);
eprintf ("BytesPerSector: %d\n", bytes_per_sector);
libewf_handle_get_media_size (ewf_h, &media_size, NULL);
eprintf ("MediaSize: %"PFMT64d"\n", media_size);
libewf_handle_get_media_type (ewf_h, &media_type, NULL);
eprintf ("MediaType: %d\n", media_type);
libewf_handle_get_media_flags (ewf_h, &media_flags, NULL);
eprintf ("MediaFlags: %d\n", media_flags);
libewf_handle_get_md5_hash (ewf_h, hash, 128, NULL);
eprintf ("CalculatedHash: %s\n", hash);
rewf = R_NEW (RIOEwf);
rewf->handle = ewf_h;
rewf->fd = RIOEWF_TO_FD (rewf);
return r_io_desc_new (&r_io_plugin_shm, rewf->fd, pathname, rw, mode, rewf);
}
/*
* EwfGetInfofileContent
*/
static int EwfGetInfofileContent(void *p_handle, const char **pp_info_buf) {
pts_EwfHandle p_ewf_handle=(pts_EwfHandle)p_handle;
char *p_infobuf=NULL;
int ret;
char buf[512];
uint8_t uint8value;
uint32_t uint32value;
uint64_t uint64value;
#define EWF_INFOBUF_REALLOC(size) { \
p_infobuf=(char*)realloc(p_infobuf,size); \
if(p_infobuf==NULL) return EWF_MEMALLOC_FAILED; \
}
#define EWF_INFOBUF_APPEND_STR(str) { \
if(p_infobuf!=NULL) { \
EWF_INFOBUF_REALLOC(strlen(p_infobuf)+strlen(str)+1); \
strcpy(p_infobuf+strlen(p_infobuf),str); \
} else { \
EWF_INFOBUF_REALLOC(strlen(str)+1); \
strcpy(p_infobuf,str); \
} \
}
#define EWF_INFOBUF_APPEND_VALUE(desc) { \
if(ret==1) { \
EWF_INFOBUF_APPEND_STR(desc); \
EWF_INFOBUF_APPEND_STR(buf); \
EWF_INFOBUF_APPEND_STR("\n"); \
} \
}
EWF_INFOBUF_APPEND_STR("_Acquiry information_\n");
#ifdef HAVE_LIBEWF_V2_API
#define EWF_GET_HEADER_VALUE(fun) { \
ret=fun(p_ewf_handle->h_ewf,(uint8_t*)buf,sizeof(buf),NULL); \
}
EWF_GET_HEADER_VALUE(libewf_handle_get_utf8_header_value_case_number);
EWF_INFOBUF_APPEND_VALUE("Case number: ");
EWF_GET_HEADER_VALUE(libewf_handle_get_utf8_header_value_description);
EWF_INFOBUF_APPEND_VALUE("Description: ");
EWF_GET_HEADER_VALUE(libewf_handle_get_utf8_header_value_examiner_name);
EWF_INFOBUF_APPEND_VALUE("Examiner: ");
EWF_GET_HEADER_VALUE(libewf_handle_get_utf8_header_value_evidence_number);
EWF_INFOBUF_APPEND_VALUE("Evidence number: ");
EWF_GET_HEADER_VALUE(libewf_handle_get_utf8_header_value_notes);
EWF_INFOBUF_APPEND_VALUE("Notes: ");
EWF_GET_HEADER_VALUE(libewf_handle_get_utf8_header_value_acquiry_date);
EWF_INFOBUF_APPEND_VALUE("Acquiry date: ");
EWF_GET_HEADER_VALUE(libewf_handle_get_utf8_header_value_system_date);
EWF_INFOBUF_APPEND_VALUE("System date: ");
EWF_GET_HEADER_VALUE(libewf_handle_get_utf8_header_value_acquiry_operating_system);
EWF_INFOBUF_APPEND_VALUE("Acquiry os: ");
EWF_GET_HEADER_VALUE(libewf_handle_get_utf8_header_value_acquiry_software_version);
EWF_INFOBUF_APPEND_VALUE("Acquiry sw version: ");
EWF_GET_HEADER_VALUE(libewf_handle_get_utf8_header_value_model);
EWF_INFOBUF_APPEND_VALUE("Model: ");
EWF_GET_HEADER_VALUE(libewf_handle_get_utf8_header_value_serial_number);
EWF_INFOBUF_APPEND_VALUE("Serial number: ");
EWF_GET_HEADER_VALUE(libewf_handle_get_utf8_hash_value_md5);
EWF_INFOBUF_APPEND_VALUE("MD5 hash: ");
EWF_GET_HEADER_VALUE(libewf_handle_get_utf8_hash_value_sha1);
EWF_INFOBUF_APPEND_VALUE("SHA1 hash: ");
#undef EWF_GET_HEADER_VALUE
#else
#define EWF_GET_HEADER_VALUE(fun) { \
ret=fun(p_ewf_handle->h_ewf,buf,sizeof(buf)); \
}
EWF_GET_HEADER_VALUE(libewf_get_header_value_case_number);
EWF_INFOBUF_APPEND_VALUE("Case number: ");
EWF_GET_HEADER_VALUE(libewf_get_header_value_description);
EWF_INFOBUF_APPEND_VALUE("Description: ");
EWF_GET_HEADER_VALUE(libewf_get_header_value_examiner_name);
EWF_INFOBUF_APPEND_VALUE("Examiner: ");
EWF_GET_HEADER_VALUE(libewf_get_header_value_evidence_number);
EWF_INFOBUF_APPEND_VALUE("Evidence number: ");
EWF_GET_HEADER_VALUE(libewf_get_header_value_notes);
EWF_INFOBUF_APPEND_VALUE("Notes: ");
EWF_GET_HEADER_VALUE(libewf_get_header_value_acquiry_date);
EWF_INFOBUF_APPEND_VALUE("Acquiry date: ");
EWF_GET_HEADER_VALUE(libewf_get_header_value_system_date);
EWF_INFOBUF_APPEND_VALUE("System date: ");
EWF_GET_HEADER_VALUE(libewf_get_header_value_acquiry_operating_system);
EWF_INFOBUF_APPEND_VALUE("Acquiry os: ");
EWF_GET_HEADER_VALUE(libewf_get_header_value_acquiry_software_version);
EWF_INFOBUF_APPEND_VALUE("Acquiry sw version: ");
EWF_GET_HEADER_VALUE(libewf_get_header_value_model);
EWF_INFOBUF_APPEND_VALUE("Model: ");
EWF_GET_HEADER_VALUE(libewf_get_header_value_serial_number);
EWF_INFOBUF_APPEND_VALUE("Serial number: ");
EWF_GET_HEADER_VALUE(libewf_get_hash_value_md5);
EWF_INFOBUF_APPEND_VALUE("MD5 hash: ");
EWF_GET_HEADER_VALUE(libewf_get_hash_value_sha1);
EWF_INFOBUF_APPEND_VALUE("SHA1 hash: ");
#undef EWF_GET_HEADER_VALUE
#endif
EWF_INFOBUF_APPEND_STR("\n_Media information_\n");
#ifdef HAVE_LIBEWF_V2_API
ret=libewf_handle_get_media_type(p_ewf_handle->h_ewf,&uint8value,NULL);
#else
ret=libewf_get_media_type(p_ewf_handle->h_ewf,&uint8value);
#endif
if(ret==1) {
EWF_INFOBUF_APPEND_STR("Media type: ");
switch(uint8value) {
case LIBEWF_MEDIA_TYPE_REMOVABLE:
EWF_INFOBUF_APPEND_STR("removable disk\n");
break;
case LIBEWF_MEDIA_TYPE_FIXED:
EWF_INFOBUF_APPEND_STR("fixed disk\n");
break;
case LIBEWF_MEDIA_TYPE_OPTICAL:
EWF_INFOBUF_APPEND_STR("optical\n");
break;
case LIBEWF_MEDIA_TYPE_SINGLE_FILES:
EWF_INFOBUF_APPEND_STR("single files\n");
break;
case LIBEWF_MEDIA_TYPE_MEMORY:
EWF_INFOBUF_APPEND_STR("memory\n");
break;
default:
EWF_INFOBUF_APPEND_STR("unknown\n");
}
}
#ifdef HAVE_LIBEWF_V2_API
ret=libewf_handle_get_bytes_per_sector(p_ewf_handle->h_ewf,&uint32value,NULL);
sprintf(buf,"%" PRIu32,uint32value);
EWF_INFOBUF_APPEND_VALUE("Bytes per sector: ");
ret=libewf_handle_get_number_of_sectors(p_ewf_handle->h_ewf,&uint64value,NULL);
sprintf(buf,"%" PRIu64,uint64value);
EWF_INFOBUF_APPEND_VALUE("Number of sectors: ");
#else
ret=libewf_get_bytes_per_sector(p_ewf_handle->h_ewf,&uint32value);
sprintf(buf,"%" PRIu32,uint32value);
EWF_INFOBUF_APPEND_VALUE("Bytes per sector: ");
ret=libewf_handle_get_amount_of_sectors(p_ewf_handle->h_ewf,&uint64value);
sprintf(buf,"%" PRIu64,uint64value);
EWF_INFOBUF_APPEND_VALUE("Number of sectors: ");
#endif
#undef EWF_INFOBUF_APPEND_VALUE
#undef EWF_INFOBUF_APPEND_STR
#undef EWF_INFOBUF_REALLOC
*pp_info_buf=p_infobuf;
return EWF_OK;
}
