TskVsInfo Class Reference

Stores information about an open volume system. More...

#include <tsk_vs.h>

Public Member Functions
void	close ()
	Closes an open volume system. More...
unsigned int	getBlockSize () const
	Return size of volume system blocks in bytes. More...
const TskImgInfo *	getImgInfo () const
	Get a reference to the parent image object. More...
TSK_DADDR_T	getOffset () const
	Return the byte offset where volume system starts in disk image. More...
const TskVsPartInfo *	getPart (TSK_PNUM_T a_idx) const
	Get reference to a volume in the volume system. More...
TSK_PNUM_T	getPartCount () const
	Return number of partitions. More...
TSK_VS_TYPE_ENUM	getVsType () const
	Return type of volume system / media management. More...
uint8_t	open (TskImgInfo *a_imgInfo, TSK_DADDR_T a_offset, TSK_VS_TYPE_ENUM a_type)
	Open a disk image and process the media management system data. More...
ssize_t	readBlock (TSK_DADDR_T a_addr, char *a_buf, size_t a_len)
	Reads one or more blocks of data with an address relative to the start of the volume system. More...
	TskVsInfo (TSK_VS_INFO *a_vsInfo)
uint8_t	vsPartWalk (TSK_PNUM_T a_start, TSK_PNUM_T a_last, TSK_VS_PART_FLAG_ENUM a_flags, TSK_VS_PART_WALK_CPP_CB a_action, void *a_ptr)
	Walk a range of partitions and pass the data to a callback function. More...

Static Public Member Functions
static void	typePrint (FILE *a_hFile)
	Print the supported volume system type names to an open handle. More...
static TSK_VS_TYPE_ENUM	typeSupported ()
	Return the supported volume system types. More...
static const char *	typeToDesc (TSK_VS_TYPE_ENUM a_type)
	Return the string description of a partition type ID. More...
static TSK_VS_TYPE_ENUM	typeToId (const TSK_TCHAR *a_str)
	Parse a string with the volume system type and return its internal ID. More...
static const char *	typeToName (TSK_VS_TYPE_ENUM a_type)
	Return the string name of a partition type ID. More...

Detailed Description

Stores information about an open volume system.

To use this object, open() should be called first.

Member Function Documentation

void TskVsInfo::close ( )

inline

Closes an open volume system.

See for tsk_vs_close() details.

References tsk_vs_close().

unsigned int TskVsInfo::getBlockSize ( ) const

inline

Return size of volume system blocks in bytes.

Returns

size of a block in bytes

References TSK_VS_INFO::block_size.

const TskImgInfo* TskVsInfo::getImgInfo ( ) const

inline

Get a reference to the parent image object.

Returns

Pointer to object or NULL on error. Caller is responsible for freeing object.

References TSK_VS_INFO::img_info.

TSK_DADDR_T TskVsInfo::getOffset ( ) const

inline

Return the byte offset where volume system starts in disk image.

Returns

byte offset

References TSK_VS_INFO::offset.

const TskVsPartInfo* TskVsInfo::getPart ( TSK_PNUM_T  a_idx ) const

inline

Get reference to a volume in the volume system.

See tsk_vs_part_get() for details.

Parameters

a_idx

Index for volume to return (0-based)

Returns

Pointer to partition or NULL on error. Caller is responsible for freeing object.

References tsk_vs_part_get().

TSK_PNUM_T TskVsInfo::getPartCount ( ) const

inline

Return number of partitions.

Returns

number of partitions

References TSK_VS_INFO::part_count.

TSK_VS_TYPE_ENUM TskVsInfo::getVsType ( ) const

inline

Return type of volume system / media management.

Returns

type of volume system / media management

References TSK_VS_INFO::vstype.

uint8_t TskVsInfo::open ( TskImgInfo *  a_imgInfo, TSK_DADDR_T  a_offset, TSK_VS_TYPE_ENUM  a_type  )

inline

Open a disk image and process the media management system data.

See tsk_vs_open() for details.

Parameters

a_imgInfo	The opened disk image.
a_offset	Byte offset in the disk image to start analyzing from.
a_type	Type of volume system (including auto detect)

Returns

1 on error and 0 on success.

References tsk_vs_open().

ssize_t TskVsInfo::readBlock ( TSK_DADDR_T  a_addr, char *  a_buf, size_t  a_len  )

inline

Reads one or more blocks of data with an address relative to the start of the volume system.

See tsk_vs_read_block() for details.

Parameters

a_addr	Sector address to read from, relative to start of VOLUME SYSTEM.
a_buf	Buffer to store data in
a_len	Amount of data to read (in bytes - must be a multiple of block_size)

Returns

Number of bytes read or -1 on error

References tsk_vs_read_block().

static void TskVsInfo::typePrint ( FILE *  a_hFile )

inlinestatic

Print the supported volume system type names to an open handle.

See tsk_vs_type_print() for details.

Parameters

a_hFile

Handle to print to.

References tsk_vs_type_print().

static TSK_VS_TYPE_ENUM TskVsInfo::typeSupported ( )

inlinestatic

Return the supported volume system types.

See tsk_vs_type_supported() for details.

Returns

The bit in the return value is 1 if the type is supported.

References tsk_vs_type_supported().

static const char* TskVsInfo::typeToDesc ( TSK_VS_TYPE_ENUM  a_type )

inlinestatic

Return the string description of a partition type ID.

See tsk_vs_type_todesc() for details.

Parameters

a_type

Volume system type

Returns

description of type or NULL on error

References tsk_vs_type_todesc().

static TSK_VS_TYPE_ENUM TskVsInfo::typeToId ( const TSK_TCHAR *  a_str )

inlinestatic

Parse a string with the volume system type and return its internal ID.

See tsk_vs_type_toid() for details.

Parameters

a_str

String to parse.

Returns

ID of string (or unsupported if the name is unknown)

References tsk_vs_type_toid().

static const char* TskVsInfo::typeToName ( TSK_VS_TYPE_ENUM  a_type )

inlinestatic

Return the string name of a partition type ID.

See tsk_vs_type_toname() for details.

Parameters

a_type

Volume system type

Returns

name of type or NULL on error

References tsk_vs_type_toname().

uint8_t TskVsInfo::vsPartWalk ( TSK_PNUM_T  a_start, TSK_PNUM_T  a_last, TSK_VS_PART_FLAG_ENUM  a_flags, TSK_VS_PART_WALK_CPP_CB  a_action, void *  a_ptr  )

inline

Walk a range of partitions and pass the data to a callback function.

See tsk_vs_part_walk() for details.

Parameters

a_start	Address of first partition to walk from.
a_last	Address of last partition to walk to.
a_flags	Flags that are used to identify which of the partitions in the range should be returned (if 0, all partitions will be returned).
a_action	Callback action to call for each partition.
a_ptr	Pointer to data that will be passed to callback.

Returns

1 on error and 0 on success

References tsk_vs_part_walk().

---

The documentation for this class was generated from the following file:

• tsk/vs/tsk_vs.h