The Sleuth Kit
4.11.1
|
Contains the MD5sum hash database specific extraction and printing routines. More...
#include "tsk_hashdb_i.h"
Macros | |
#define | STR_EMPTY "" |
Functions | |
uint8_t | md5sum_getentry (TSK_HDB_INFO *hdb_info, const char *hash, TSK_OFF_T offset, TSK_HDB_FLAG_ENUM flags, TSK_HDB_LOOKUP_FN action, void *cb_ptr) |
Find the corresponding name at a given offset. More... | |
uint8_t | md5sum_makeindex (TSK_HDB_INFO *hdb_info_base, TSK_TCHAR *dbtype) |
Process the database to create a sorted index of it. More... | |
TSK_HDB_INFO * | md5sum_open (FILE *hDb, const TSK_TCHAR *db_path) |
uint8_t | md5sum_test (FILE *hFile) |
Test the file to see if it is a md5sum database. More... | |
Contains the MD5sum hash database specific extraction and printing routines.
uint8_t md5sum_getentry | ( | TSK_HDB_INFO * | hdb_info, |
const char * | hash, | ||
TSK_OFF_T | offset, | ||
TSK_HDB_FLAG_ENUM | flags, | ||
TSK_HDB_LOOKUP_FN | action, | ||
void * | cb_ptr | ||
) |
Find the corresponding name at a given offset.
The offset was likely determined from the index. The entries in the DB following the one specified are also processed if they have the same hash value and their name is different. The callback is called for each entry.
hdb_info | Hash database to get data from |
hash | MD5 hash value that was searched for |
offset | Byte offset where hash value should be located in db_file |
flags | (not used) |
action | Callback used for each entry found in lookup |
cb_ptr | Pointer to data passed to callback |
References TSK_HDB_BINSRCH_INFO::hDb, tsk_error_reset(), tsk_error_set_errno(), tsk_error_set_errstr(), TSK_HDB_MAXLEN, tsk_verbose, TSK_WALK_ERROR, and TSK_WALK_STOP.
uint8_t md5sum_makeindex | ( | TSK_HDB_INFO * | hdb_info_base, |
TSK_TCHAR * | dbtype | ||
) |
Process the database to create a sorted index of it.
Consecutive entries with the same hash value are not added to the index, but will be found during lookup.
hdb_info_base | Hash database to make index of. |
dbtype | Type of hash database (should always be TSK_HDB_DBTYPE_MD5SUM_STR) |
References TSK_HDB_INFO::db_fname, TSK_HDB_BINSRCH_INFO::hDb, hdb_binsrch_idx_add_entry_str(), hdb_binsrch_idx_finalize(), hdb_binsrch_idx_initialize(), PRIttocTSK, tsk_error_reset(), tsk_error_set_errno(), tsk_error_set_errstr(), tsk_error_set_errstr2(), TSK_HDB_MAXLEN, and tsk_verbose.
uint8_t md5sum_test | ( | FILE * | hFile | ) |
Test the file to see if it is a md5sum database.
hFile | File handle to hash database |
References TSK_HDB_HTYPE_MD5_LEN, and TSK_HDB_MAXLEN.
Copyright © 2007-2020 Brian Carrier. (carrier -at- sleuthkit -dot- org)
This work is licensed under a
Creative Commons Attribution-Share Alike 3.0 United States License.