ewfacquirestream.c

sleuthit-2.09 一个磁盘的工具集

			examiner_name  = (LIBEWF_CHAR *) libewf_common_alloc( LIBEWF_CHAR_SIZE * string_length );

			if( examiner_name == NULL )
			{
				fprintf( stderr, "Unable to create examiner name string.\n" );

				return( EXIT_FAILURE );
			}
			if( ewfcommon_copy_libewf_char_from_char_t( examiner_name, option_examiner_name, string_length ) != 1 )
			{
				fprintf( stderr, "Unable to set examiner name string.\n" );

				return( EXIT_FAILURE );
			}
		}
	}
	if( option_evidence_number != NULL )
	{
		string_length = CHAR_T_LENGTH( option_evidence_number );

		if( string_length > 0 )
		{
			string_length  += 1;
			evidence_number = (LIBEWF_CHAR *) libewf_common_alloc( LIBEWF_CHAR_SIZE * string_length );

			if( evidence_number == NULL )
			{
				fprintf( stderr, "Unable to create evidence number string.\n" );

				return( EXIT_FAILURE );
			}
			if( ewfcommon_copy_libewf_char_from_char_t( evidence_number, option_evidence_number, string_length ) != 1 )
			{
				fprintf( stderr, "Unable to set evidence number string.\n" );

				return( EXIT_FAILURE );
			}
		}
	}
	if( option_notes != NULL )
	{
		string_length = CHAR_T_LENGTH( option_notes );

		if( string_length > 0 )
		{
			string_length += 1;
			notes          = (LIBEWF_CHAR *) libewf_common_alloc( LIBEWF_CHAR_SIZE * string_length );

			if( notes == NULL )
			{
				fprintf( stderr, "Unable to create notes string.\n" );

				return( EXIT_FAILURE );
			}
			if( ewfcommon_copy_libewf_char_from_char_t( notes, option_notes, string_length ) != 1 )
			{
				fprintf( stderr, "Unable to set notes string.\n" );

				return( EXIT_FAILURE );
			}
		}
	}
	acquiry_operating_system = ewfcommon_determine_operating_system();
	acquiry_software_version = LIBEWF_VERSION;

	fprintf( stdout, "Using the following acquiry parameters:\n" );

	ewfcommon_acquiry_paramters_fprint( stdout, filenames[ 0 ], case_number, description, evidence_number, examiner_name, notes, media_type, volume_type, compression_level, compress_empty_block, libewf_format, acquiry_offset, acquiry_size, (uint32_t) segment_file_size, sectors_per_chunk, sector_error_granularity, read_error_retry, wipe_block_on_read_error );

	handle = libewf_open( (CHAR_T * const *) filenames, 1, LIBEWF_OPEN_WRITE );

	if( handle == NULL )
	{
		fprintf( stderr, "Unable to create EWF file handle.\n" );

		return( EXIT_FAILURE );
	}
	if( libewf_set_media_values( handle, (uint32_t) sectors_per_chunk, 512 ) != 1 )
	{
		fprintf( stderr, "Unable to set media values in handle.\n" );

		if( libewf_close( handle ) != 0 )
		{
			fprintf( stderr, "Unable to close EWF file handle.\n" );
		}
		return( EXIT_FAILURE );
	}
	if( libewf_set_write_segment_file_size( handle, (uint32_t) segment_file_size ) != 1 )
	{
		fprintf( stderr, "Unable to set write segment file size in handle.\n" );

		if( libewf_close( handle ) != 0 )
		{
			fprintf( stderr, "Unable to close EWF file handle.\n" );
		}
		return( EXIT_FAILURE );
	}
	if( libewf_set_write_media_type( handle, media_type, volume_type ) != 1 )
	{
		fprintf( stderr, "Unable to set write media type in handle.\n" );

		if( libewf_close( handle ) != 0 )
		{
			fprintf( stderr, "Unable to close EWF file handle.\n" );
		}
		return( EXIT_FAILURE );
	}
	if( libewf_set_write_compression_values( handle, compression_level, compress_empty_block ) != 1 )
	{
		fprintf( stderr, "Unable to set write compression values in handle.\n" );

		if( libewf_close( handle ) != 0 )
		{
			fprintf( stderr, "Unable to close EWF file handle.\n" );
		}
		return( EXIT_FAILURE );
	}
	if( libewf_set_write_format( handle, libewf_format ) != 1 )
	{
		fprintf( stderr, "Unable to set write format in handle.\n" );

		if( libewf_close( handle ) != 0 )
		{
			fprintf( stderr, "Unable to close EWF file handle.\n" );
		}
		return( EXIT_FAILURE );
	}
	if( libewf_set_swap_byte_pairs( handle, swap_byte_pairs ) != 1 )
	{
		fprintf( stderr, "Unable to set swap byte pairs in handle.\n" );

		if( libewf_close( handle ) != 0 )
		{
			fprintf( stderr, "Unable to close EWF file handle.\n" );
		}
		return( EXIT_FAILURE );
	}
	if( case_number == NULL )
	{
		string_length = 0;
	}
	else
	{
		string_length = libewf_string_length( case_number );
	}
	if( libewf_set_header_value_case_number( handle, case_number, string_length ) != 1 )
	{
		fprintf( stderr, "Unable to set header value case number in handle.\n" );

		if( libewf_close( handle ) != 0 )
		{
			fprintf( stderr, "Unable to close EWF file handle.\n" );
		}
		return( EXIT_FAILURE );
	}
	libewf_common_free( case_number );

	if( description == NULL )
	{
		string_length = 0;
	}
	else
	{
		string_length = libewf_string_length( description );
	}
	if( libewf_set_header_value_description( handle, description, string_length ) != 1 )
	{
		fprintf( stderr, "Unable to set header value description in handle.\n" );

		if( libewf_close( handle ) != 0 )
		{
			fprintf( stderr, "Unable to close EWF file handle.\n" );
		}
		return( EXIT_FAILURE );
	}
	libewf_common_free( description );

	if( examiner_name == NULL )
	{
		string_length = 0;
	}
	else
	{
		string_length = libewf_string_length( examiner_name );
	}
	if( libewf_set_header_value_examiner_name( handle, examiner_name, string_length ) != 1 )
	{
		fprintf( stderr, "Unable to set header value examiner name in handle.\n" );

		if( libewf_close( handle ) != 0 )
		{
			fprintf( stderr, "Unable to close EWF file handle.\n" );
		}
		return( EXIT_FAILURE );
	}
	libewf_common_free( examiner_name );

	if( evidence_number == NULL )
	{
		string_length = 0;
	}
	else
	{
		string_length = libewf_string_length( evidence_number );
	}
	if( libewf_set_header_value_evidence_number( handle, evidence_number, string_length ) != 1 )
	{
		fprintf( stderr, "Unable to set header value evidence number in handle.\n" );

		if( libewf_close( handle ) != 0 )
		{
			fprintf( stderr, "Unable to close EWF file handle.\n" );
		}
		return( EXIT_FAILURE );
	}
	libewf_common_free( evidence_number );

	if( notes == NULL )
	{
		string_length = 0;
	}
	else
	{
		string_length = libewf_string_length( notes );
	}
	if( libewf_set_header_value_notes( handle, notes, string_length ) != 1 )
	{
		fprintf( stderr, "Unable to set header value notes in handle.\n" );

		if( libewf_close( handle ) != 0 )
		{
			fprintf( stderr, "Unable to close EWF file handle.\n" );
		}
		return( EXIT_FAILURE );
	}
	libewf_common_free( notes );

	/* Acquiry date, system date and compression type will be generated automatically when set to NULL
	 */
	if( acquiry_operating_system != NULL )
	{
		if( libewf_set_header_value_acquiry_operating_system( handle, acquiry_operating_system, libewf_string_length( acquiry_operating_system ) ) != 1 )
		{
			fprintf( stderr, "Unable to set header value acquiry operating system in handle.\n" );

			if( libewf_close( handle ) != 0 )
			{
				fprintf( stderr, "Unable to close EWF file handle.\n" );
			}
			return( EXIT_FAILURE );
		}
		libewf_common_free( acquiry_operating_system );
	}
	if( libewf_set_header_value( handle, _S_LIBEWF_CHAR( "acquiry_software" ), _S_LIBEWF_CHAR( "ewfacquirestream" ), 16 ) != 1 )
	{
		fprintf( stderr, "Unable to set header value acquiry software in handle.\n" );

		if( libewf_close( handle ) != 0 )
		{
			fprintf( stderr, "Unable to close EWF file handle.\n" );
		}
		return( EXIT_FAILURE );
	}
	if( libewf_set_header_value_acquiry_software_version( handle, acquiry_software_version, libewf_string_length( acquiry_software_version ) ) != 1 )
	{
		fprintf( stderr, "Unable to set header value acquiry software version number in handle.\n" );

		if( libewf_close( handle ) != 0 )
		{
			fprintf( stderr, "Unable to close EWF file handle.\n" );
		}
		return( EXIT_FAILURE );
	}
#if defined(HAVE_UUID_UUID_H) && defined(HAVE_LIBUUID)
	/* Add a system GUID if necessary
	 */
	if( ewfcommon_determine_guid( guid, libewf_format ) != 1 )
	{
		fprintf( stderr, "Unable to create GUID.\n" );

		if( libewf_close( handle ) != 0 )
		{
			fprintf( stderr, "Unable to close EWF file handle.\n" );
		}
		return( EXIT_FAILURE );
	}
	if( libewf_set_guid( handle, guid, 16 ) != 1 )
	{
		fprintf( stderr, "Unable to set GUID in handle.\n" );

		if( libewf_close( handle ) != 0 )
		{
			fprintf( stderr, "Unable to close EWF file handle.\n" );
		}
		return( EXIT_FAILURE );
	}
#endif
	/* Start acquiring data
	 */
	timestamp_start = time( NULL );
	time_string     = libewf_common_ctime( &timestamp_start );

	if( time_string != NULL )
	{
		fprintf( stderr, "Acquiry started at: %" PRIs "\n", time_string );

		libewf_common_free( time_string );
	}
	else
	{
		fprintf( stderr, "Acquiry started.\n" );
	}
	if( callback != NULL )
	{
		ewfcommon_process_status_initialize( stderr, _S_LIBEWF_CHAR( "acquired" ), timestamp_start );
	}
	fprintf( stderr, "This could take a while.\n\n" );

	count = ewfcommon_write_from_file_descriptor( handle, 0, acquiry_size, acquiry_offset, read_error_retry, sector_error_granularity, wipe_block_on_read_error, seek_on_error, calculate_sha1, callback );

	/* Done acquiring data
	 */
	if( count > -1 )
	{
		calculated_md5_hash_string = (LIBEWF_CHAR *) libewf_common_alloc( LIBEWF_CHAR_SIZE * LIBEWF_STRING_DIGEST_HASH_LENGTH_MD5 );

		if( calculated_md5_hash_string == NULL )
		{
			fprintf( stderr, "Unable to create calculated MD5 hash string.\n" );

			if( libewf_close( handle ) != 0 )
			{
				fprintf( stderr, "Unable to close EWF file handle.\n" );
			}
			return( EXIT_FAILURE );
		}
		result_md5_hash = libewf_get_calculated_md5_hash( handle, calculated_md5_hash_string, LIBEWF_STRING_DIGEST_HASH_LENGTH_MD5 );

		if( calculate_sha1 == 1 )
		{
			calculated_sha1_hash_string = (LIBEWF_CHAR *) libewf_common_alloc( LIBEWF_CHAR_SIZE * LIBEWF_STRING_DIGEST_HASH_LENGTH_SHA1 );

			if( calculated_sha1_hash_string == NULL )
			{
				fprintf( stderr, "Unable to create calculated SHA1 hash string.\n" );

				libewf_common_free( calculated_md5_hash_string );

				if( libewf_close( handle ) != 0 )
				{
					fprintf( stderr, "Unable to close EWF file handle.\n" );
				}
				return( EXIT_FAILURE );
			}
			result_sha1_hash = libewf_get_hash_value( handle, _S_LIBEWF_CHAR( "SHA1" ), calculated_sha1_hash_string, LIBEWF_STRING_DIGEST_HASH_LENGTH_SHA1 );
		}
	}
	timestamp_end = time( NULL );
	time_string   = libewf_common_ctime( &timestamp_end );

	if( count <= -1 )
	{
		if( time_string != NULL )
		{
			fprintf( stderr, "Acquiry failed at: %" PRIs "\n", time_string );

			libewf_common_free( time_string );
		}
		else
		{
			fprintf( stderr, "Acquiry failed.\n" );
		}
		if( libewf_close( handle ) != 0 )
		{
			fprintf( stderr, "Unable to close EWF file handle.\n" );
		}
		return( EXIT_FAILURE );
	}
	if( time_string != NULL )
	{
		fprintf( stderr, "Acquiry completed at: %" PRIs "\n", time_string );

		libewf_common_free( time_string );
	}
	else
	{
		fprintf( stderr, "Acquiry completed.\n" );
	}
	ewfcommon_process_summary_fprint( stderr, _S_LIBEWF_CHAR( "Written" ), count, timestamp_start, timestamp_end );

	fprintf( stderr, "\n" );

	ewfcommon_acquiry_errors_fprint( stderr, handle );

	if( libewf_close( handle ) != 0 )
	{
		fprintf( stderr, "Unable to close EWF file handle.\n" );

		libewf_common_free( calculated_md5_hash_string );

		if( calculate_sha1 == 1 )
		{
			libewf_common_free( calculated_sha1_hash_string );
		}
		return( EXIT_FAILURE );
	}
	if( result_md5_hash == -1 )
	{
		fprintf( stderr, "Unable to get calculated MD5 hash.\n" );

		libewf_common_free( calculated_md5_hash_string );

		if( calculate_sha1 == 1 )
		{
			libewf_common_free( calculated_sha1_hash_string );
		}
		return( EXIT_FAILURE );
	}
	else if( result_md5_hash == 0 )
	{
		fprintf( stderr, "MD5 hash calculated over data: N/A\n" );
	}
	else
	{
		fprintf( stderr, "MD5 hash calculated over data: %" PRIs_EWF "\n", calculated_md5_hash_string );
	}
	libewf_common_free( calculated_md5_hash_string );

	if( calculate_sha1 == 1 )
	{
		if( result_sha1_hash == -1 )
		{
			fprintf( stderr, "Unable to get calculated SHA1 hash.\n" );

			libewf_common_free( calculated_sha1_hash_string );

			return( EXIT_FAILURE );
		}
		else if( result_sha1_hash == 0 )
		{
			fprintf( stderr, "SHA1 hash calculated over data:\tN/A\n" );
		}
		else
		{
			fprintf( stderr, "SHA1 hash calculated over data:\t%" PRIs_EWF "\n", calculated_sha1_hash_string );
		}
		libewf_common_free( calculated_sha1_hash_string );
	}
	return( EXIT_SUCCESS );
}