ewfcommon.c

来自「sleuthit-2.09 一个磁盘的工具集」· C语言 代码 · 共 2,239 行 · 第 1/5 页

		return( user_input_char_t );
	}
	LIBEWF_WARNING_PRINT( "ewfcommon_get_user_input_variable_char_t: character conversion unsupported.\n" );

	return( NULL );
}

/* Get variable containing a size definnition input from the user
 * with a maximum of 1023 characters
 */
uint64_t ewfcommon_get_user_input_size_variable( FILE *stream, LIBEWF_CHAR *request_string, uint64_t minimum, uint64_t maximum, uint64_t default_value )
{
	LIBEWF_CHAR user_input_buffer[ 1024 ];

	LIBEWF_CHAR *user_input_buffer_ptr = &user_input_buffer[ 0 ];
	size_t input_length                = 0;
	uint64_t size_value                = 0;

	if( stream == NULL )
	{
		LIBEWF_WARNING_PRINT( "ewfcommon_get_user_input_size_variable: Invalid output stream.\n" );

		return( 0 );
	}
	if( request_string == NULL )
	{
		LIBEWF_WARNING_PRINT( "ewfcommon_get_user_input_size_variable: Invalid request string.\n" );

		return( 0 );
	}
	while( 1 )
	{
		fprintf( stream, "%" PRIs_EWF " (%" PRIu64 " >= value >= %" PRIu64 ") [%" PRIu64 "]: ", request_string, minimum, maximum, default_value );

		user_input_buffer_ptr = libewf_string_get_from_stream( user_input_buffer_ptr, 1023, stdin );

		if( user_input_buffer_ptr != NULL )
		{
			/* Remove the trailing newline character
			 */
			input_length = libewf_string_length( user_input_buffer_ptr ) - 1;

			if( input_length <= 0 )
			{
				return( default_value );
			}
			size_value = libewf_string_to_uint64( user_input_buffer_ptr, input_length );

			if( ( size_value >= minimum ) && ( size_value <= maximum ) )
			{
				break;
			}
			else
			{
				fprintf( stream, "Value not within specified range, please try again or terminate using Ctrl^C.\n" );
			}
		}
		else
		{
			fprintf( stream, "Error reading input, please try again or terminate using Ctrl^C.\n" );
		}
	}
	return( size_value );
}

/* Get fixed value input from the user
 * The first value is considered the default value
 */
LIBEWF_CHAR *ewfcommon_get_user_input_fixed_value( FILE *stream, LIBEWF_CHAR *request_string, LIBEWF_CHAR **values, uint8_t amount, uint8_t default_value )
{
	LIBEWF_CHAR user_input_buffer[ 1024 ];

	LIBEWF_CHAR *user_input_buffer_ptr = &user_input_buffer[ 0 ];
	LIBEWF_CHAR *user_input            = NULL;
	size_t input_length                = 0;
	size_t value_length                = 0;
	uint8_t iterator                   = 0;
	uint8_t value_match                = 0;

	if( stream == NULL )
	{
		LIBEWF_WARNING_PRINT( "ewfcommon_get_user_input_fixed_value: Invalid output stream.\n" );

		return( NULL );
	}
	if( request_string == NULL )
	{
		LIBEWF_WARNING_PRINT( "ewfcommon_get_user_input_fixed_value: Invalid request string.\n" );

		return( NULL );
	}
	if( default_value >= amount )
	{
		LIBEWF_WARNING_PRINT( "ewfcommon_get_user_input_fixed_value: Default value cannot be larger than or equal as amount.\n" );

		return( NULL );
	}
	while( 1 )
	{
		fprintf( stream, "%" PRIs_EWF " (", request_string );

		for( iterator = 0; iterator < amount; iterator++ )
		{
			if( iterator > 0 )
			{
				fprintf( stream, ", " );
			}
			fprintf( stream, "%" PRIs_EWF "", values[ iterator ] );
		}
		fprintf( stream, ") [%" PRIs_EWF "]: ", values[ default_value ] );

		user_input_buffer_ptr = libewf_string_get_from_stream( user_input_buffer_ptr, 1023, stdin );

		if( user_input_buffer_ptr != NULL )
		{
			iterator = 0;

			/* Remove the trailing newline character
			 */
			input_length = libewf_string_length( user_input_buffer_ptr ) - 1;

			/* Check if the default value was selected
			 */
			if( input_length == 0 )
			{
				iterator     = default_value;
				input_length = libewf_string_length( values[ iterator ] );
				value_match  = 1;
			}
			else
			{
				while( iterator < amount )
				{
					value_length = libewf_string_length( values[ iterator ] );

					if( libewf_string_compare( user_input_buffer_ptr, values[ iterator ], value_length ) == 0 )
					{
						/* Make sure no trailing characters were given
						 */
						if( user_input_buffer_ptr[ value_length ] == (LIBEWF_CHAR) '\n' )
						{
							value_match = 1;

							break;
						}
					}
					iterator++;
				}
			}
		}
		else
		{
			fprintf( stream, "Error reading input, please try again or terminate using Ctrl^C.\n" );
		}
		if( value_match == 1 )
		{
			value_length = libewf_string_length( values[ iterator ] );

			/* One additional character required for end of string
			 */
			user_input = libewf_string_duplicate( values[ iterator ], value_length );

			if( user_input == NULL )
			{
				LIBEWF_WARNING_PRINT( "ewfcommon_get_user_input_fixed_value: unable to create string.\n" );

				return( NULL );
			}
			break;
		}
		else
		{
			fprintf( stream, "Selected option not supported, please try again or terminate using Ctrl^C.\n" );
		}
	}
	return( user_input );
}

/* Finalize the SHA1 digest context and retrieve the SHA1 hash string
 * Returns 1 if successful, or -1 on errror
 */
int8_t ewfcommon_get_sha1_hash( EWFSHA1_CONTEXT *sha1_context, LIBEWF_CHAR *sha1_hash_string, size_t size )
{
	EWF_DIGEST_HASH *sha1_hash = NULL;
	size_t sha1_hash_size      = EWF_DIGEST_HASH_SIZE_SHA1;

	if( sha1_context == NULL )
	{
		LIBEWF_WARNING_PRINT( "ewfcommon_get_sha1_hash: invalid SHA1 digest context.\n" );

		return( -1 );
	}
	if( sha1_hash_string == NULL )
	{
		LIBEWF_WARNING_PRINT( "ewfcommon_get_sha1_hash: invalid SHA1 hash string.\n" );

		return( -1 );
	}
	if( size < LIBEWF_STRING_DIGEST_HASH_LENGTH_SHA1 )
	{
		LIBEWF_WARNING_PRINT( "ewfcommon_get_sha1_hash: SHA1 hash string too small.\n" );

		return( -1 );
	}
	sha1_hash = (EWF_DIGEST_HASH *) libewf_common_alloc( sha1_hash_size );

	if( sha1_hash == NULL )
	{
		LIBEWF_WARNING_PRINT( "ewfcommon_get_sha1_hash: unable to create SHA1 hash.\n" );

		return( -1 );
	}
	if( ( ewfsha1_finalize( sha1_context, sha1_hash, &sha1_hash_size ) != 1 )
	 || ( sha1_hash_size != EWF_DIGEST_HASH_SIZE_SHA1 ) )
	{
		LIBEWF_WARNING_PRINT( "ewfcommon_get_sha1_hash: unable to set SHA1 hash.\n" );

		libewf_common_free( sha1_hash );

		return( -1 );
	}
	if( libewf_string_copy_from_digest_hash( sha1_hash_string, size, sha1_hash, EWF_DIGEST_HASH_SIZE_SHA1 ) != 1 )
	{
		LIBEWF_WARNING_PRINT( "ewfcommon_get_sha1_hash: unable to set SHA1 hash string.\n" );

		libewf_common_free( sha1_hash );

		return( -1 );
	}
	libewf_common_free( sha1_hash );

	return( 1 );
}

/* Print the version information to a stream
 */
void ewfcommon_version_fprint( FILE *stream, LIBEWF_CHAR *program )
{
	if( stream == NULL )
	{
		LIBEWF_WARNING_PRINT( "ewfcommon_version_fprint: invalid stream.\n" );

		return;
	}
	if( program == NULL )
	{
		LIBEWF_WARNING_PRINT( "ewfcommon_version_fprint: invalid program name.\n" );

		return;
	}
	fprintf( stream, "%" PRIs_EWF " %" PRIs_EWF " (libewf %" PRIs_EWF ", zlib %s", program, LIBEWF_VERSION, LIBEWF_VERSION, ZLIB_VERSION );
#ifdef HAVE_LIBCRYPTO
	fprintf( stream, ", libcrypto %s", SHLIB_VERSION_NUMBER );
#endif
#ifdef HAVE_LIBUUID
	fprintf( stream, ", libuuid" );
#endif
	fprintf( stream, ")\n\n" );
}

/* Prints the executable version information
 */
void ewfcommon_copyright_fprint( FILE *stream )
{
	if( stream == NULL )
	{
		LIBEWF_WARNING_PRINT( "ewfcommon_version_fprint: invalid stream.\n" );

		return;
	}
	fprintf( stream, "Copyright (c) 2006-2007, Joachim Metz, Hoffmann Investigations <%s> and contributors.\n", PACKAGE_BUGREPORT );
	fprintf( stream, "This is free software; see the source for copying conditions. There is NO\n" );
	fprintf( stream, "warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.\n" );
}

/* Prints an overview of the aquiry parameters
 */
void ewfcommon_acquiry_paramters_fprint( FILE *stream, CHAR_T *filename, LIBEWF_CHAR *case_number, LIBEWF_CHAR *description, LIBEWF_CHAR *evidence_number, LIBEWF_CHAR *examiner_name, LIBEWF_CHAR *notes, uint8_t media_type, uint8_t volume_type, int8_t compression_level, uint8_t compress_empty_block, uint8_t libewf_format, uint64_t acquiry_offset, uint64_t acquiry_size, uint32_t segment_file_size, uint64_t sectors_per_chunk, uint32_t sector_error_granularity, uint8_t read_error_retry, uint8_t wipe_block_on_read_error )
{
	if( stream == NULL )
	{
		LIBEWF_WARNING_PRINT( "ewfcommon_acquiry_paramters_fprint: invalid stream.\n" );

		return;
	}
	fprintf( stream, "Image path and filename:\t%" PRIs ".", filename );

	if( libewf_format == LIBEWF_FORMAT_SMART )
	{
		fprintf( stream, "s01\n" );
	}
	else
	{
		fprintf( stream, "E01\n" );
	}
	fprintf( stream, "Case number:\t\t\t" );

	if( case_number != NULL )
	{
		fprintf( stream, "%" PRIs_EWF "", case_number );
	}
	fprintf( stream, "\n" );

	fprintf( stream, "Description:\t\t\t" );

	if( description != NULL )
	{
		fprintf( stream, "%" PRIs_EWF "", description );
	}
	fprintf( stream, "\n" );

	fprintf( stream, "Evidence number:\t\t" );

	if( evidence_number != NULL )
	{
		fprintf( stream, "%" PRIs_EWF "", evidence_number );
	}
	fprintf( stream, "\n" );

	fprintf( stream, "Examiner name:\t\t\t" );

	if( examiner_name != NULL )
	{
		fprintf( stream, "%" PRIs_EWF "", examiner_name );
	}
	fprintf( stream, "\n" );

	fprintf( stream, "Notes:\t\t\t\t" );

	if( notes != NULL )
	{
		fprintf( stream, "%" PRIs_EWF "", notes );
	}
	fprintf( stream, "\n" );

	fprintf( stream, "Media type:\t\t\t" );

	if( media_type == LIBEWF_MEDIA_TYPE_FIXED )
	{
		fprintf( stream, "fixed\n" );
	}
	else if( media_type == LIBEWF_MEDIA_TYPE_REMOVABLE )
	{
		fprintf( stream, "removable\n" );
	}
	fprintf( stream, "Volume type:\t\t\t" );

	if( volume_type == LIBEWF_VOLUME_TYPE_LOGICAL )
	{
		fprintf( stream, "logical\n" );
	}
	else if( volume_type == LIBEWF_VOLUME_TYPE_PHYSICAL )
	{
		fprintf( stream, "physical\n" );
	}
	fprintf( stream, "Compression used:\t\t" );

	if( compression_level == LIBEWF_COMPRESSION_FAST )
	{
		fprintf( stream, "fast\n" );
	}
	else if( compression_level == LIBEWF_COMPRESSION_BEST )
	{
		fprintf( stream, "best\n" );
	}
	else if( compression_level == LIBEWF_COMPRESSION_NONE )
	{
		fprintf( stream, "none\n" );

		fprintf( stream, "Compress empty blocks:\t\t" );

		if( compress_empty_block == 0 )
		{
			fprintf( stream, "no\n" );
		}
		else
		{
			fprintf( stream, "yes\n" );
		}
	}
	fprintf( stream, "EWF file format:\t\t" );

	if( libewf_format == LIBEWF_FORMAT_EWF )
	{
		fprintf( stream, "original EWF\n" );
	}
	else if( libewf_format == LIBEWF_FORMAT_SMART )
	{
		fprintf( stream, "SMART\n" );
	}
	else if( libewf_format == LIBEWF_FORMAT_FTK )
	{
		fprintf( stream, "FTK Imager\n" );
	}
	else if( libewf_format == LIBEWF_FORMAT_ENCASE1 )
	{
		fprintf( stream, "EnCase 1\n" );
	}
	else if( libewf_format == LIBEWF_FORMAT_ENCASE2 )
	{
		fprintf( stream, "EnCase 2\n" );
	}
	else if( libewf_format == LIBEWF_FORMAT_ENCASE3 )
	{
		fprintf( stream, "EnCase 3\n" );
	}
	else if( libewf_format == LIBEWF_FORMAT_ENCASE4 )
	{
		fprintf( stream, "EnCase 4\n" );
	}
	else if( libewf_format == LIBEWF_FORMAT_ENCASE5 )
	{
		fprintf( stream, "EnCase 5\n" );
	}
	else if( libewf_format == LIBEWF_FORMAT_ENCASE6 )
	{
		fprintf( stream, "EnCase 6\n" );
	}
	else if( libewf_format == LIBEWF_FORMAT_LINEN5 )
	{
		fprintf( stream, "linen 5\n" );
	}
	else if( libewf_format == LIBEWF_FORMAT_LINEN6 )
	{
		fprintf( stream, "linen 6\n" );
	}
	else if( libewf_format == LIBEWF_FORMAT_EWFX )
	{
		fprintf( stream, "extended EWF (libewf)\n" );
	}
	else
	{
		fprintf( stream, "\n" );
	}
	fprintf( stream, "Acquiry start offet:\t\t%" PRIu64 "\n", acquiry_offset );
	fprintf( stream, "Amount of bytes to acquire:\t%" PRIu64 "", acquiry_size );

	if( acquiry_size == 0 )
	{
		fprintf( stream, " (until end of input)" );
	}
	fprintf( stream, "\n" );

	fprintf( stream, "Evidence segment file size:\t%" PRIu32 " kbytes\n", ( segment_file_size / 1024 ) );
	fprintf( stream, "Block size:\t\t\t%" PRIu64 " sectors\n", sectors_per_chunk );
	fprintf( stream, "Error granularity:\t\t%" PRIu32 " sectors\n", sector_error_granularity );
	fprintf( stream, "Retries on read error:\t\t%" PRIu8 "\n", read_error_retry );