afinfo.cpp

sleuthit-2.09 一个磁盘的工具集

/*
 * afinfo.cpp:
 *
 * print information about an aff file
 */

/*
 * Copyright (c) 2005
 *	Simson L. Garfinkel and Basis Technology, Inc. 
 *      All rights reserved.
 *
 * This code is derrived from software contributed by
 * Simson L. Garfinkel
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. All advertising materials mentioning features or use of this software
 *    must display the following acknowledgement:
 *    This product includes software developed by Simson L. Garfinkel
 *    and Basis Technology Corp.
 * 4. Neither the name of Simson Garfinkel, Basis Technology, or other
 *    contributors to this program may be used to endorse or promote
 *    products derived from this software without specific prior written
 *    permission.
 *
 * THIS SOFTWARE IS PROVIDED BY SIMSON GARFINKEL, BASIS TECHNOLOGY,
 * AND CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
 * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
 * DISCLAIMED.  IN NO EVENT SHALL SIMSON GARFINKEL, BAIS TECHNOLOGy,
 * OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
 * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.  
 */


#include "config.h"
#include "../lib/afflib.h"
#include "afflib_i.h"
#include "quads.h"

#ifdef USE_S3
#include "s3_glue.h"
#endif

#include <ctype.h>
#include <zlib.h>
#include <openssl/md5.h>
#include <openssl/sha.h>
#include <assert.h>

#include <algorithm>
#include <cstdlib>
#include <vector>
#include <string>
using namespace std;

#ifdef HAVE_CURSES_H
#include <curses.h>
#endif

#ifdef HAVE_TERM_H
#include <term.h>
#endif

#ifdef HAVE_NCURSES_TERM_H
#include <ncurses/term.h>
#endif

#ifdef WIN32
#include "unix4win32.h"
#include <malloc.h>
#endif

char *progname = "afinfo";

#define VALIDATE_MD5  0x01
#define VALIDATE_SHA1 0x02

int opt_validate = 0;
int opt_info = 1;
int opt_all  = 0;
int opt_wide = 0;
unsigned int cols = 80;				// default
int opt_x = 0;
int opt_b = 0;
int opt_identify = 1;
int opt_verbose = 0;
int opt_y = 0;
int opt_hexbuf = AF_HEXBUF_SPACE4 | AF_HEXBUF_UPPERCASE;
int opt_page_validate = 0;
int opt_no_data = 0;

vector<string> opt_seglist;		// just info these segments


void usage()
{
    printf("%s version %s\n",progname,PACKAGE_VERSION);
    printf("usage: %s [options] infile\n",progname);
    printf("   -a = print ALL segments (normally data segments are suppressed)\n");
    printf("   -b = print how many bad blocks in each segment (implies -a)\n");
    printf("   -i = identify the files, don't do info on them.\n");
    printf("   -w = wide output; print more than 1 line if necessary.\n");
    printf("   -s segment =   Just print information about 'segment'.\n");
    printf("                    (may be repeated)\n");
    printf("   -X = no data preview; just print the segment names\n");
    printf("   -x = print binary values in hex (default is ASCII)\n");
    printf("   -m = validate MD5 hash of entire image\n");
    printf("   -S = validate SHA1 hash of entire image\n");
    printf("   -p = validate the hash of each page (if present)\n");
    printf("   -y = don't print segments of lengths 16 and 20 as hex)\n");
    printf("   -V = Just print the version number and exit.\n");
    exit(0);
}


AFFILE *af=0;

void sig_info(int arg)
{
    if(af==0) return;
    printf("Validating %"I64d" of %"I64d"\n", af->pos,af->image_size);
}




void validate(const char *infile)
{
    af = af_open(infile,O_RDONLY,0);
    switch(af_identify(af)){
    case AF_IDENTIFY_AFF:
    case AF_IDENTIFY_AFM:
    case AF_IDENTIFY_AFD:
	break;
    default:
	printf("%s is not an AFF file\n",infile);
	af_close(af);
	return;
    }

    printf("\nValidating ");
    if(opt_validate & VALIDATE_MD5) printf("MD5 ");
    if(opt_validate == (VALIDATE_MD5|VALIDATE_SHA1)) printf("and ");
    if(opt_validate & VALIDATE_SHA1) printf("SHA1 ");
    printf("hash codes.\n");


#ifdef SIGINFO
    signal(SIGINFO,sig_info);
#endif

    /* Get a list of all the segments to see if there is a space */
    af_rewind_seg(af);
    char segname[AF_MAX_NAME_LEN];
    vector <int> pages;
    memset(segname,0,sizeof(segname));
    while(af_get_next_seg(af,segname,sizeof(segname),0,0,0)==0){
	int page_num = af_segname_page_number(segname);
	if(page_num>=0) pages.push_back(page_num);
    }

    if(pages.size()==0){
	printf("No pages to validate.\n");
	af_close(af);
    }

    sort(pages.begin(),pages.end());
    vector<int>::iterator i = pages.begin();
    int last = *i;
    i++;
    for(; i!= pages.end();i++){
	if(last+1 != *i){
	    printf("gap in pages (%d!=%d); %s can't be validated.\n",last+1,*i,infile);
	    af_close(af);
	    return;
	}
	last = *i;
    }

    /* Set up the hash machinery */
    MD5_CTX md5;
    MD5_Init(&md5);

    SHA_CTX sha;
    SHA1_Init(&sha);
    
    uint64 total_bytes = 0;
    while(!af_eof(af)){
	unsigned char buf[65536];		// a decent size
	size_t bytes = af_read(af,buf,sizeof(buf));
	if(bytes==0) break;		// reached sparse region of file
	total_bytes += bytes;
	if(opt_validate & VALIDATE_MD5) MD5_Update(&md5,buf,bytes);
	if(opt_validate & VALIDATE_SHA1) SHA1_Update(&sha,buf,bytes);
    }
    
    /* Finish the hash calculations and write to the db */

    if(opt_validate & VALIDATE_MD5){
	unsigned char md5_stored[16];
	size_t md5len = sizeof(md5_stored);
	unsigned char md5_computed[16];
	char buf[256];
	
	MD5_Final(md5_computed,&md5);
	printf("computed md5: %s\n",
	       af_hexbuf(buf,sizeof(buf),md5_computed,16,opt_hexbuf));
	if(af_get_seg(af,AF_MD5,0,md5_stored,&md5len)==0){
	    printf("  stored md5: %s ",
		   af_hexbuf(buf,sizeof(buf),md5_stored,16,opt_hexbuf));
	    if(md5len==16 && !memcmp((const char *)md5_stored,
				     (const char *)md5_computed,16)){
		printf(" MATCH\n");
	    }
	    else {
		printf(" NO MATCH!\n");
	    }
	}
	else {
	    printf("(no MD5 in AFF file)\n");
	}
    }
    

    if(opt_validate & VALIDATE_SHA1){
	unsigned char sha1_stored[20];
	size_t sha1len = sizeof(sha1_stored);
	unsigned char sha1_computed[20];
	char buf[256];
	
	SHA1_Final(sha1_computed,&sha);
	printf("computed sha1: %s \n",af_hexbuf(buf,sizeof(buf),sha1_computed,20,opt_hexbuf));
	if(af_get_seg(af,AF_SHA1,0,sha1_stored,&sha1len)==0){
	    printf("  stored sha1: %s ",af_hexbuf(buf,sizeof(buf),sha1_stored,20,opt_hexbuf));
	    if(sha1len==20 && !memcmp((const char *)sha1_stored,
				      (const char *)sha1_computed,20)){
		printf(" MATCH\n");
	    }
	    else {
		printf(" NO MATCH!\n");
	    }
	}
	else {
	    printf("(no SHA1 in AFF file)\n");
	}
    }
    
    af_close(af);
}

#define OUTLINE_LEN 65536


bool display_as_time(const char *segname)
{
    if(strcmp(segname,AF_ACQUISITION_SECONDS)==0) return true;
    return false;
}

bool display_as_hex(const char *segname,int data_len)
{
    if(strcmp(segname,AF_MD5)==0) return true;
    if(strcmp(segname,AF_SHA1)==0) return true;
    if(data_len==16 && strstr(segname,"md5")) return true;
    if(data_len==20 && strstr(segname,"sha1")) return true;
    if(opt_x) return true;
    return false;
}

void badscan(AFFILE *af,int page_number,size_t data_len)
{
    size_t page_size = af->image_pagesize;
    unsigned char *buf = (unsigned char *)malloc(page_size);
    if(af_get_page(af,page_number,buf,&page_size)){
	err(1,"Could not read page %d",page_number);
    }
    printf("page_size = %d\n",(int)page_size);
    int sectors = 0;
    int bad_sectors = 0;
    int funny_sectors = 0;
    for(unsigned int offset=0;offset<page_size;offset+=af->image_sectorsize){
	sectors++;
	if(af_is_badsector(af,buf+offset)){
	    bad_sectors ++;
	    continue;
	}
#ifdef __FreeBSD__
	/* Look for the part of the bad flag that we know and love */
	if(strnstr((char *)buf+offset,"BAD SECTOR",af->image_sectorsize)){
	    funny_sectors++;
	    continue;
	}
#endif
    }
    printf("           sectors scanned: %d    bad: %d   ", sectors,bad_sectors);
    if(funny_sectors){
	printf("suspicious: %d ",funny_sectors);
    }
    printf("\n");
    free(buf);
}


/* print_info:
 * Print the info on a given segment name
 */
void print_info(AFFILE *af,const char *segname)