ext2fs_journal.c

linux下开发的针对所有磁盘的数据恢复的源码

                        if (++i > jinfo->last_block)
                            break;

                    }

                    /* Increment to the next */
                    if (big_tsk_getu32(dentry->flag) & EXT2_J_DENTRY_LAST)
                        break;

                    /* If the SAMEID value is set, then we advance by the size of the entry, otherwise add 16 for the ID */
                    else if (big_tsk_getu32(dentry->flag) &
                        EXT2_J_DENTRY_SAMEID)
                        dentry =
                            (ext2fs_journ_dentry *) ((uintptr_t) dentry +
                            sizeof(ext2fs_journ_dentry));

                    else
                        dentry =
                            (ext2fs_journ_dentry *) ((uintptr_t) dentry +
                            sizeof(ext2fs_journ_dentry)
                            + 16);

                }
            }
#endif
            else {
                tsk_printf("%" PRIuDADDR
                    ":\tUnallocated FS Block Unknown\n", i);
            }
        }

        /* The super block */
        else if ((big_tsk_getu32(head->entry_type) == EXT2_J_ETYPE_SB1) ||
            (big_tsk_getu32(head->entry_type) == EXT2_J_ETYPE_SB2)) {
            tsk_printf("%" PRIuDADDR ":\tSuperblock (seq: %" PRIu32 ")\n",
                i, big_tsk_getu32(head->entry_seq));
        }

        /* Revoke Block */
        else if (big_tsk_getu32(head->entry_type) == EXT2_J_ETYPE_REV) {
            tsk_printf("%" PRIuDADDR ":\t%sRevoke Block (seq: %" PRIu32
                ")\n", i, ((i < jinfo->start_blk)
                    || (big_tsk_getu32(head->entry_seq) <
                        jinfo->start_seq)) ? "Unallocated " : "Allocated ",
                big_tsk_getu32(head->entry_seq));
        }

        /* The commit is the end of the entries */
        else if (big_tsk_getu32(head->entry_type) == EXT2_J_ETYPE_COM) {
            tsk_printf("%" PRIuDADDR ":\t%sCommit Block (seq: %" PRIu32
                ")\n", i, ((i < jinfo->start_blk)
                    || (big_tsk_getu32(head->entry_seq) <
                        jinfo->start_seq)) ? "Unallocated " : "Allocated ",
                big_tsk_getu32(head->entry_seq));
        }

        /* The descriptor describes the FS blocks that follow it */
        else if (big_tsk_getu32(head->entry_type) == EXT2_J_ETYPE_DESC) {
            ext2fs_journ_dentry *dentry;
            ext2fs_journ_head *head2;
            int unalloc = 0;

            b_desc_seen = 1;


            /* Is this an unallocated journ block or sequence */
            if ((i < jinfo->start_blk) ||
                (big_tsk_getu32(head->entry_seq) < jinfo->start_seq))
                unalloc = 1;

            tsk_printf("%" PRIuDADDR ":\t%sDescriptor Block (seq: %" PRIu32
                ")\n", i, (unalloc) ? "Unallocated " : "Allocated ",
                big_tsk_getu32(head->entry_seq));

            dentry =
                (ext2fs_journ_dentry *) ((uintptr_t) head +
                sizeof(ext2fs_journ_head));;

            /* Cycle through the descriptor entries to account for the journal blocks */
            while ((uintptr_t) dentry <=
                ((uintptr_t) head + jinfo->bsize -
                    sizeof(ext2fs_journ_head))) {


                /* Our counter is over the end of the journ */
                if (++i > jinfo->last_block)
                    break;


                /* Look at the block that this entry refers to */
                head2 = (ext2fs_journ_head *) & journ[i * jinfo->bsize];
                if ((big_tsk_getu32(head2->magic) == EXT2_JMAGIC) &&
                    (big_tsk_getu32(head2->entry_seq) >=
                        big_tsk_getu32(head->entry_seq))) {
                    i--;
                    break;
                }

                /* If it doesn't have the magic, then it is a
                 * journal entry and we print the FS info */
                tsk_printf("%" PRIuDADDR ":\t%sFS Block %" PRIu32 "\n", i,
                    (unalloc) ? "Unallocated " : "Allocated ",
                    big_tsk_getu32(dentry->fs_blk));

                /* Increment to the next */
                if (big_tsk_getu32(dentry->flag) & EXT2_J_DENTRY_LAST)
                    break;

                /* If the SAMEID value is set, then we advance by the size of the entry, otherwise add 16 for the ID */
                else if (big_tsk_getu32(dentry->
                        flag) & EXT2_J_DENTRY_SAMEID)
                    dentry =
                        (ext2fs_journ_dentry *) ((uintptr_t) dentry +
                        sizeof(ext2fs_journ_dentry));

                else
                    dentry =
                        (ext2fs_journ_dentry *) ((uintptr_t) dentry +
                        sizeof(ext2fs_journ_dentry) + 16);
            }
        }
    }

    free(journ);
    return 0;
}





/* 
 * Limitations for 1st version: start must equal end and action is ignored
 *
 * Return 0 on success and 1 on error
 */
uint8_t
ext2fs_jblk_walk(TSK_FS_INFO * fs, TSK_DADDR_T start, TSK_DADDR_T end,
    int flags, TSK_FS_JBLK_WALK_CB action, void *ptr)
{
    EXT2FS_INFO *ext2fs = (EXT2FS_INFO *) fs;
    EXT2FS_JINFO *jinfo = ext2fs->jinfo;
    char *journ;
    TSK_FS_LOAD_FILE buf1;
    TSK_DADDR_T i;
    ext2fs_journ_head *head;

    // clean up any error messages that are lying around
    tsk_error_reset();

    if ((jinfo == NULL) || (jinfo->fs_file == NULL)
        || (jinfo->fs_file->meta == NULL)) {
        tsk_error_reset();
        tsk_errno = TSK_ERR_FS_ARG;
        snprintf(tsk_errstr, TSK_ERRSTR_L,
            "ext2fs_jblk_walk: journal is not open");
        return 1;
    }

    if (jinfo->last_block < end) {
        tsk_error_reset();
        tsk_errno = TSK_ERR_FS_WALK_RNG;
        snprintf(tsk_errstr, TSK_ERRSTR_L,
            "ext2fs_jblk_walk: end is too large ");
        return 1;
    }

    if (start != end) {
        tsk_error_reset();
        tsk_errno = TSK_ERR_FS_ARG;
        snprintf(tsk_errstr, TSK_ERRSTR_L,
            "ext2fs_blk_walk: only start == end is currently supported");
        return 1;
    }

    if (jinfo->fs_file->meta->size !=
        (jinfo->last_block + 1) * jinfo->bsize) {
        tsk_error_reset();
        tsk_errno = TSK_ERR_FS_UNSUPFUNC;
        snprintf(tsk_errstr, TSK_ERRSTR_L,
            "ext2fs_jblk_walk: journal file size is different from size reported in journal super block");
        return 1;
    }


    /* Load into buffer and then process it 
     * Only get the minimum needed
     */
    buf1.left = buf1.total = (size_t) ((end + 1) * jinfo->bsize);
    journ = buf1.cur = buf1.base = tsk_malloc(buf1.left);
    if (journ == NULL) {
        return 1;
    }

    if (tsk_fs_file_walk(jinfo->fs_file, 0, tsk_fs_load_file_action,
            (void *) &buf1)) {
        free(journ);
        return 1;
    }

    if (buf1.left > 0) {
        tsk_error_reset();
        tsk_errno = TSK_ERR_FS_FWALK;
        snprintf(tsk_errstr, TSK_ERRSTR_L,
            "ext2fs_jblk_walk: Buffer not fully copied");
        free(journ);
        return 1;
    }

    head = (ext2fs_journ_head *) & journ[end * jinfo->bsize];


    /* Check if our target block is a journal data structure.
     * 
     * If not, 
     * we need to look for its descriptor to see if it has been
     * escaped
     */
    if (big_tsk_getu32(head->magic) != EXT2_JMAGIC) {

        /* cycle backwards until we find a desc block */
        for (i = end - 1; i >= 0; i--) {
            ext2fs_journ_dentry *dentry;
            TSK_DADDR_T diff;

            head = (ext2fs_journ_head *) & journ[i * jinfo->bsize];

            if (big_tsk_getu32(head->magic) != EXT2_JMAGIC)
                continue;

            /* If we get a commit, then any desc we find will not
             * be for our block, so forget about it */
            if (big_tsk_getu32(head->entry_type) == EXT2_J_ETYPE_COM)
                break;

            /* Skip any other data structure types */
            if (big_tsk_getu32(head->entry_type) != EXT2_J_ETYPE_DESC)
                continue;

            /* We now have the previous descriptor 
             *
             * NOTE: We have no clue if this is the correct 
             * descriptor if it is not the current 'run' of 
             * transactions, but this is the best we can do
             */
            diff = end - i;

            dentry =
                (ext2fs_journ_dentry *) (&journ[i * jinfo->bsize] +
                sizeof(ext2fs_journ_head));

            while ((uintptr_t) dentry <=
                ((uintptr_t) & journ[(i + 1) * jinfo->bsize] -
                    sizeof(ext2fs_journ_head))) {

                if (--diff == 0) {
                    if (big_tsk_getu32(dentry->flag) & EXT2_J_DENTRY_ESC) {
                        journ[end * jinfo->bsize] = 0xC0;
                        journ[end * jinfo->bsize + 1] = 0x3B;
                        journ[end * jinfo->bsize + 2] = 0x39;
                        journ[end * jinfo->bsize + 3] = 0x98;
                    }
                    break;
                }

                /* If the SAMEID value is set, then we advance by the size of the entry, otherwise add 16 for the ID */
                if (big_tsk_getu32(dentry->flag) & EXT2_J_DENTRY_SAMEID)
                    dentry =
                        (ext2fs_journ_dentry *) ((uintptr_t) dentry +
                        sizeof(ext2fs_journ_dentry));
                else
                    dentry =
                        (ext2fs_journ_dentry *) ((uintptr_t) dentry +
                        sizeof(ext2fs_journ_dentry) + 16);

            }
            break;
        }
    }

    if (fwrite(&journ[end * jinfo->bsize], jinfo->bsize, 1, stdout) != 1) {
        tsk_error_reset();
        tsk_errno = TSK_ERR_FS_WRITE;
        snprintf(tsk_errstr, TSK_ERRSTR_L,
            "ext2fs_jblk_walk: error writing buffer block");
        free(journ);
        return 1;
    }

    free(journ);
    return 0;
}