ewfcommon.c

来自「sleuthit-2.09 一个磁盘的工具集」· C语言 代码 · 共 2,239 行 · 第 1/5 页

	fprintf( stream, "Wipe sectors on read error:\t" );

	if( wipe_block_on_read_error == 0 )
	{
		fprintf( stream, "no\n" );
	}
	else
	{
		fprintf( stream, "yes\n" );
	}
	fprintf( stream, "\n" );
}

/* Print the acquiry read errors (error2) to a stream
 */
void ewfcommon_acquiry_errors_fprint( FILE *stream, LIBEWF_HANDLE *handle )
{
	LIBEWF_INTERNAL_HANDLE *internal_handle = NULL;
	uint64_t sector                         = 0;
	uint32_t amount_of_sectors              = 0;
	uint32_t iterator                       = 0;

	if( stream == NULL )
	{
		LIBEWF_WARNING_PRINT( "ewfcommon_acquiry_errors_fprint: invalid stream.\n" );

		return;
	}
	if( handle == NULL )
	{
		LIBEWF_WARNING_PRINT( "ewfcommon_acquiry_errors_fprint: invalid handle.\n" );

		return;
	}
	internal_handle = (LIBEWF_INTERNAL_HANDLE *) handle;

	if( internal_handle->acquiry_amount_of_errors > 0 )
	{
		if( internal_handle->acquiry_error_sectors == NULL )
		{
			LIBEWF_WARNING_PRINT( "ewfcommon_acquiry_errors_fprint: missing acquiry read error sector list.\n" );

			return;
		}
		fprintf( stream, "Read errors during acquiry:\n" );
		fprintf( stream, "\ttotal amount: %" PRIu32 "\n", internal_handle->acquiry_amount_of_errors );
		
		for( iterator = 0; iterator < internal_handle->acquiry_amount_of_errors; iterator++ )
		{
			sector            = internal_handle->acquiry_error_sectors[ iterator ].sector;
			amount_of_sectors = internal_handle->acquiry_error_sectors[ iterator ].amount_of_sectors;

			fprintf( stream, "\tin sector(s): %" PRIu64 " - %" PRIu64 " amount: %" PRIu32 "\n", sector, ( sector + amount_of_sectors ), amount_of_sectors );
		}
		fprintf( stream, "\n" );
	}
}

/* Print the read (CRC) errors to a stream
 */
void ewfcommon_crc_errors_fprint( FILE *stream, LIBEWF_HANDLE *handle )
{
	LIBEWF_INTERNAL_HANDLE *internal_handle = NULL;
	uint64_t sector                         = 0;
	uint32_t amount_of_sectors              = 0;
	uint32_t iterator                       = 0;

	if( stream == NULL )
	{
		LIBEWF_WARNING_PRINT( "ewfcommon_crc_errors_fprint: invalid stream.\n" );

		return;
	}
	if( handle == NULL )
	{
		LIBEWF_WARNING_PRINT( "ewfcommon_crc_errors_fprint: invalid handle.\n" );

		return;
	}
	internal_handle = (LIBEWF_INTERNAL_HANDLE *) handle;

	if( internal_handle->read == NULL )
	{
		LIBEWF_WARNING_PRINT( "ewfcommon_crc_errors_fprint: invalid handle - missing subhandle read.\n" );

		return;
	}
	if( internal_handle->read->crc_amount_of_errors > 0 )
	{
		if( internal_handle->read->crc_error_sectors == NULL )
		{
			LIBEWF_WARNING_PRINT( "ewfcommon_crc_errors_fprint: missing CRC error sector list.\n" );

			return;
		}
		fprintf( stream, "Sector validation errors:\n" );
		fprintf( stream, "\ttotal amount: %" PRIu32 "\n", internal_handle->read->crc_amount_of_errors );

		for( iterator = 0; iterator < internal_handle->read->crc_amount_of_errors; iterator++ )
		{
			sector            = internal_handle->read->crc_error_sectors[ iterator ].sector;
			amount_of_sectors = internal_handle->read->crc_error_sectors[ iterator ].amount_of_sectors;

			fprintf( stream, "\tin sector(s): %" PRIu64 " - %" PRIu64 " amount: %" PRIu32 "\n", sector, (sector + amount_of_sectors), amount_of_sectors );
		}
		fprintf( stream, "\n" );
	}
}

/* Print the header values to a stream
 */
void ewfcommon_header_values_fprint( FILE *stream, LIBEWF_HANDLE *handle )
{
	LIBEWF_CHAR header_value[ 128 ];

	LIBEWF_INTERNAL_HANDLE *internal_handle = NULL;
	uint32_t header_value_length            = 128;
	uint32_t iterator                       = 0;

	if( stream == NULL )
	{
		LIBEWF_WARNING_PRINT( "ewfcommon_header_values_fprint: invalid stream.\n" );

		return;
	}
	if( handle == NULL )
	{
		LIBEWF_WARNING_PRINT( "ewfcommon_header_values_fprint: invalid handle.\n" );

		return;
	}
	internal_handle = (LIBEWF_INTERNAL_HANDLE *) handle;

	if( internal_handle->header_values == NULL )
	{
		fprintf( stream, "\tNo information found in file.\n" );

		return;
	}
	if( libewf_get_header_value_case_number( handle, header_value, header_value_length ) == 1 )
	{
		fprintf( stream, "\tCase number:\t\t%" PRIs_EWF "\n", header_value );
	}
	if( libewf_get_header_value_description( handle, header_value, header_value_length ) == 1 )
	{
		fprintf( stream, "\tDescription:\t\t%" PRIs_EWF "\n", header_value );
	}
	if( libewf_get_header_value_examiner_name( handle, header_value, header_value_length ) == 1 )
	{
		fprintf( stream, "\tExaminer name:\t\t%" PRIs_EWF "\n", header_value );
	}
	if( libewf_get_header_value_evidence_number( handle, header_value, header_value_length ) == 1 )
	{
		fprintf( stream, "\tEvidence number:\t%" PRIs_EWF "\n", header_value );
	}
	if( libewf_get_header_value_notes( handle, header_value, header_value_length ) == 1 )
	{
		fprintf( stream, "\tNotes:\t\t\t%" PRIs_EWF "\n", header_value );
	}
	if( libewf_get_header_value_acquiry_date( handle, header_value, header_value_length ) == 1 )
	{
		fprintf( stream, "\tAcquiry date:\t\t%" PRIs_EWF "\n", header_value );
	}
	if( libewf_get_header_value_system_date( handle, header_value, header_value_length ) == 1 )
	{
		fprintf( stream, "\tSystem date:\t\t%" PRIs_EWF "\n", header_value );
	}
	if( libewf_get_header_value_acquiry_operating_system( handle, header_value, header_value_length ) == 1 )
	{
		fprintf( stream, "\tOperating system used:\t%" PRIs_EWF "\n", header_value );
	}
	if( libewf_get_header_value_acquiry_software_version( handle, header_value, header_value_length ) == 1 )
	{
		fprintf( stream, "\tSoftware version used:\t%" PRIs_EWF "\n", header_value );
	}
	if( libewf_get_header_value_password( handle, header_value, header_value_length ) == 1 )
	{
		fprintf( stream, "\tPassword:\t\t(hash: %" PRIs_EWF ")\n", header_value );
	}
	else
	{
		fprintf( stream, "\tPassword:\t\tN/A\n" );
	}
	if( libewf_get_header_value_compression_type( handle, header_value, header_value_length ) == 1 )
	{
		if( libewf_string_compare( header_value, LIBEWF_COMPRESSION_TYPE_NONE, 1 ) == 0 )
		{
			fprintf( stream, "\tCompression type:\tno compression\n" );
		}
		else if( libewf_string_compare( header_value, LIBEWF_COMPRESSION_TYPE_FAST, 1 ) == 0 )
		{
			fprintf( stream, "\tCompression type:\tgood (fast) compression\n" );
		}
		else if( libewf_string_compare( header_value, LIBEWF_COMPRESSION_TYPE_BEST, 1 ) == 0 )
		{
			fprintf( stream, "\tCompression type:\tbest compression\n" );
		}
		else
		{
			fprintf( stream, "\tCompression type:\tunknown compression\n" );
		}
	}
	if( libewf_get_header_value_model( handle, header_value, header_value_length ) == 1 )
	{
		fprintf( stream, "\tModel:\t\t\t%" PRIs_EWF "\n", header_value );
	}
	if( libewf_get_header_value_serial_number( handle, header_value, header_value_length ) == 1 )
	{
		fprintf( stream, "\tSerial number:\t\t%" PRIs_EWF "\n", header_value );
	}
	/* TODO figure out what this value represents and add get & set API functions to libewf
	 */
	if( libewf_get_header_value( handle, _S_LIBEWF_CHAR( "unknown_dc" ), header_value, header_value_length ) == 1 )
	{
		fprintf( stream, "\tUnknown value dc:\t%" PRIs_EWF "\n", header_value );
	}
	if( internal_handle->header_values->amount > LIBEWF_HEADER_VALUES_DEFAULT_AMOUNT )
	{
		fprintf( stream, "\n\tAdditional values:\n" );

		for( iterator = LIBEWF_HEADER_VALUES_DEFAULT_AMOUNT; iterator < internal_handle->header_values->amount; iterator++ )
		{
			if( libewf_get_header_value( handle, internal_handle->header_values->identifiers[ iterator ], header_value, header_value_length ) == 1 )
			{
				fprintf( stream, "\t%" PRIs_EWF ": %" PRIs_EWF "\n", internal_handle->header_values->identifiers[ iterator ], header_value );
			}
		}
	}
}

/* Print the hash values to a stream
 */
void ewfcommon_hash_values_fprint( FILE *stream, LIBEWF_HANDLE *handle )
{
	LIBEWF_CHAR hash_value[ 128 ];

	LIBEWF_INTERNAL_HANDLE *internal_handle = NULL;
	LIBEWF_CHAR *stored_md5_hash_string     = NULL;
	uint32_t hash_value_length              = 128;
	uint32_t iterator                       = 0;

	if( stream == NULL )
	{
		LIBEWF_WARNING_PRINT( "ewfcommon_hash_values_fprint: invalid stream.\n" );

		return;
	}
	if( handle == NULL )
	{
		LIBEWF_WARNING_PRINT( "ewfcommon_hash_values_fprint: invalid handle.\n" );

		return;
	}
	internal_handle = (LIBEWF_INTERNAL_HANDLE *) handle;

	stored_md5_hash_string = (LIBEWF_CHAR *) libewf_common_alloc( LIBEWF_CHAR_SIZE * LIBEWF_STRING_DIGEST_HASH_LENGTH_MD5 );

	if( ( stored_md5_hash_string != NULL ) && ( libewf_get_stored_md5_hash( handle, stored_md5_hash_string, LIBEWF_STRING_DIGEST_HASH_LENGTH_MD5 ) == 1 ) )
	{
		fprintf( stream, "\tMD5 hash in file:\t%" PRIs_EWF "\n", stored_md5_hash_string );

		libewf_common_free( stored_md5_hash_string );
	}
	else
	{
		fprintf( stream, "\tMD5 hash in file:\tN/A\n" );
	}
	if( ( libewf_parse_hash_values( handle ) == 1 ) && ( internal_handle->hash_values != NULL ) )
	{
		if( internal_handle->hash_values->amount > LIBEWF_HASH_VALUES_DEFAULT_AMOUNT )
		{
			fprintf( stream, "\n\tAdditional hash values:\n" );

			for( iterator = LIBEWF_HASH_VALUES_DEFAULT_AMOUNT; iterator < internal_handle->hash_values->amount; iterator++ )
			{
				if( libewf_get_hash_value( handle, internal_handle->hash_values->identifiers[ iterator ], hash_value, hash_value_length ) == 1 )
				{
					fprintf( stream, "\t%" PRIs_EWF ": %" PRIs_EWF "\n", internal_handle->hash_values->identifiers[ iterator ], hash_value );
				}
			}
		}
	}
}

/* Prints a time stamp (with a leading space) to a stream
 */
void ewfcommon_timestamp_fprint( FILE *stream, time_t timestamp )
{
	struct tm *time_elements = NULL;

	if( stream == NULL )
	{
		return;
	}
	time_elements = libewf_common_localtime( &timestamp );

	if( time_elements != NULL )
	{
		fprintf( stream, " in" );

		if( time_elements->tm_yday > 0 )
		{
			fprintf( stream, " %i day(s), %i hour(s), %i minute(s) and", time_elements->tm_yday, ( time_elements->tm_hour - 1 ), time_elements->tm_min );
		}
		else if( time_elements->tm_hour > 1 )
		{
			fprintf( stream, " %i hour(s), %i minute(s) and", ( time_elements->tm_hour - 1 ), time_elements->tm_min );
		}
		else if( time_elements->tm_min > 0 )
		{
			fprintf( stream, " %i minute(s) and", time_elements->tm_min );
		}
		fprintf( stream, " %i second(s)", time_elements->tm_sec );

		libewf_common_free( time_elements );
	}
}

/* Prints the amount of bytes per second (with a leading space) to a stream
 */
void ewfcommon_bytes_per_second_fprint( FILE *stream, uint64_t bytes, uint64_t seconds )
{
	LIBEWF_CHAR *bytes_per_second_string = NULL;
	uint64_t bytes_per_second            = 0;

	if( stream == NULL )
	{
		return;
	}
	if( seconds > 0 )
	{
		bytes_per_second        = bytes / seconds;
		bytes_per_second_string = ewfcommon_determine_human_readable_size_string( bytes_per_second );

		fprintf( stream, " with" );

		if( bytes_per_second_string != NULL )
		{
			fprintf( stream, " %" PRIs_EWF "/s (%" PRIu64 " bytes/second)", bytes_per_second_string, bytes_per_second );

			libewf_common_free( bytes_per_second_string );
		}
		else
		{
			fprintf( stream, " %" PRIu64 " bytes/second", bytes_per_second );
		}
	}
}

/* Prints the amount of bytes (with a leading space) to a stream
 * Creates a human readable version of the amount of bytes if possible
 */
void ewfcommon_bytes_fprint( FILE *stream, uint64_t bytes )
{
	LIBEWF_CHAR *bytes_string = NULL;

	if( stream == NULL )
	{
		return;
	}
	bytes_string = ewfcommon_determine_human_readable_size_string( bytes );

	if( bytes_string != NULL )
	{
		fprintf( stream, " %" PRIs_EWF " (%" PRIi64 " bytes)", bytes_string, bytes );

		libewf_common_free( bytes_string );
	}
	else
	{
		fprintf( stream, " %" PRIi64 " bytes", bytes );
	}
}

/* Static values for status information of the process
 */
FILE* ewfcommon_process_status_stream              = NULL;
LIBEWF_CHAR *ewfcommon_process_status_string       = NULL;
time_t ewfcommon_process_status_timestamp_start    = 0;
time_t ewfcommon_process_status_timestamp_last     = 0;
int8_t ewfcommon_process_status_last_percentage    = -1;
uint64_t ewfcommon_process_status_last_bytes_total = 0;

/* Initializes the status information of the process
 */
void ewfcommon_process_status_initialize( FILE *stream, LIBEWF_CHAR *string, time_t timestamp_start )
{
	ewfcommon_process_status_stream          = stream;
	ewfcommon_process_status_string          = string;
	ewfcommon_process_status_timestamp_start = timestamp_start;
	ewfcommon_process_status_timestamp_last  = timestamp_start;
}

/* Prints status information of the process
 */
void ewfcommon_process_status_fprint( uint64_t bytes_read, uint64_t bytes_total )
{
	time_t timestamp_current  = 0;
	int64_t seconds_remaining = 0;
	uint64_t seconds_current  = 0;
	uint64_t seconds_total    = 0;
	int8_t new_percentage     = 0;

	if( ewfcommon_process_status_stream == NULL )
	{
		return;
	}
	if( ewfcommon_process_status_string == NULL )
	{
		return;
	}
	if( ( bytes_total > 0 ) && ( bytes_read > 0 ) )
	{
		new_percentage = (int8_t) ( (uint64_t) ( bytes_read * 100 ) / bytes_total );
	}
	/* Estimate the remaining acquiry time
	 */
	timestamp_current = time( NULL );

	if( ( new_percentage > ewfcommon_process_status_last_percentage )
	 && ( timestamp_current > ewfcommon_process_status_timestamp_last ) )
	{
		ewfcommon_process_status_last_percentage = new_percentage;

		fprintf( ewfcommon_process_status_stream, "Status: at %" PRIu8 "%%.\n", new_percentage );
		fprintf( ewfcommon_process_status_stream, "        %" PRIs_EWF "", ewfcommon_process_status_string );

		ewfcommon_bytes_fprint( ewfcommon_process_status_stream, bytes_read );

		fprintf( ewfcommon_process_status_stream, " of total" );

		ewfcommon_bytes_fprint( ewfcommon_process_status_stream, bytes_total );

		fprintf( ewfcommon_process_status_stream, ".\n" );

		if( ( timestamp_current > ewfcommon_process_status_timestamp_start ) && ( new_percentage > 0 ) )
		{
			ewfcommon_process_status_timestamp_last = timestamp_current;

			seconds_current   = (uint64_t) difftime( timestamp_current, ewfcommon_process_status_timestamp_start );
			seconds_total     = ( (uint64_t) ( seconds_current * 100 ) / new_percentage );
			seconds_remaining = seconds_total - seconds_current;

			/* Negative time means nearly finished
			 */
			if( seconds_remaining < 0 )
			{
				seconds_remaining = 0;