Contains the structures and function APIs for TSK FAT (FAT12, FAT16, FAT32, exFAT) file system support.
More...
|
|
#define | EXFATFS_MASK 0x0fffffff |
| |
|
#define | FATFS_12_MASK 0x00000fff |
| |
|
#define | FATFS_16_MASK 0x0000ffff |
| |
|
#define | FATFS_32_MASK 0x0fffffff |
| |
|
#define | FATFS_ATTR_ALL 0x3f /* all flags set */ |
| |
|
#define | FATFS_ATTR_ARCHIVE 0x20 /* file is new or modified */ |
| |
|
#define | FATFS_ATTR_DIRECTORY 0x10 /* entry is a directory name */ |
| |
|
#define | FATFS_ATTR_HIDDEN 0x02 /* file is hidden */ |
| |
|
#define | FATFS_ATTR_LFN 0x0f /* A long file name entry */ |
| |
|
#define | FATFS_ATTR_NORMAL 0x00 /* normal file */ |
| |
|
#define | FATFS_ATTR_READONLY 0x01 /* file is readonly */ |
| |
|
#define | FATFS_ATTR_SYSTEM 0x04 /* file is a system file */ |
| |
|
#define | FATFS_ATTR_VOLUME 0x08 /* entry is a volume label */ |
| |
|
#define | FATFS_BAD 0x0ffffff7 |
| |
|
#define | FATFS_CLUST_2_SECT(fatfs, c) (TSK_DADDR_T)(fatfs->firstclustsect + ((((c) & fatfs->mask) - 2) * fatfs->csize)) |
| |
|
#define | FATFS_DAY_MASK 0x1f /* day of month 1-31 */ |
| |
|
#define | FATFS_DAY_MAX 31 |
| |
|
#define | FATFS_DAY_MIN 1 |
| |
|
#define | FATFS_DAY_SHIFT 0 |
| |
|
#define | FATFS_DENTRY_SIZE 32 |
| | Directory entries for all FAT file systems are currently 32 bytes long.
|
| |
|
#define | FATFS_EOFE 0x0fffffff |
| |
|
#define | FATFS_EOFS 0x0ffffff8 |
| |
|
#define | FATFS_FAIL 1 |
| |
|
#define | FATFS_FAT1NAME "$FAT1" |
| |
|
#define | FATFS_FAT2NAME "$FAT2" |
| |
|
#define | FATFS_FAT_CACHE_B 4096 |
| |
|
#define | FATFS_FAT_CACHE_N 4 |
| |
|
#define | FATFS_FILE_CONTENT_LEN sizeof(TSK_DADDR_T) |
| |
|
#define | FATFS_FIRST_CLUSTER_ADDR 2 |
| |
|
#define | FATFS_FIRST_NORMINO 3 |
| |
|
#define | FATFS_FIRSTINO 2 |
| |
|
#define | FATFS_FS_MAGIC 0xaa55 |
| |
|
#define | FATFS_HOUR_MASK 0xf800 /* number of hours 0-23 */ |
| |
|
#define | FATFS_HOUR_MAX 23 |
| |
|
#define | FATFS_HOUR_MIN 0 |
| |
|
#define | FATFS_HOUR_SHIFT 11 |
| |
|
#define | FATFS_INODE_2_OFF(fatfs, i) (size_t)(((i - FATFS_FIRST_NORMINO) % fatfs->dentry_cnt_se) * sizeof(FATFS_DENTRY)) |
| |
|
#define | FATFS_INODE_2_SECT(fatfs, i) (TSK_DADDR_T)((i - FATFS_FIRST_NORMINO)/(fatfs->dentry_cnt_se) + fatfs->firstdatasect) |
| |
|
#define | FATFS_ISBAD(val, mask) ((val) == (FATFS_BAD & mask)) |
| |
| #define | FATFS_ISDATE(x) |
| |
|
#define | FATFS_ISEOF(val, mask) ((val >= (FATFS_EOFS & mask)) && (val <= (FATFS_EOFE))) |
| |
| #define | FATFS_ISTIME(x) |
| |
|
#define | FATFS_MASTER_BOOT_RECORD_SIZE 512 |
| |
|
#define | FATFS_MAXNAMLEN_UTF8 1024 |
| |
|
#define | FATFS_MBRNAME "$MBR" |
| |
|
#define | FATFS_MIN_MASK 0x7e0 /* number of minutes 0-59 */ |
| |
|
#define | FATFS_MIN_MAX 59 |
| |
|
#define | FATFS_MIN_MIN 0 |
| |
|
#define | FATFS_MIN_SHIFT 5 |
| |
|
#define | FATFS_MON_MASK 0x1e0 /* month 1-12 */ |
| |
|
#define | FATFS_MON_MAX 12 |
| |
|
#define | FATFS_MON_MIN 1 |
| |
|
#define | FATFS_MON_SHIFT 5 |
| |
|
#define | FATFS_NUM_VIRT_FILES(fatfs) (fatfs->numfat + 2) |
| |
|
#define | FATFS_OK 0 |
| |
|
#define | FATFS_ROOTINO 2 /* location of root directory inode */ |
| |
|
#define | FATFS_ROOTNAME "$ROOT" |
| |
|
#define | FATFS_SEC_MASK 0x1f /* number of seconds div by 2 */ |
| |
|
#define | FATFS_SEC_MAX 30 |
| |
|
#define | FATFS_SEC_MIN 0 |
| |
|
#define | FATFS_SEC_SHIFT 0 |
| |
|
#define | FATFS_SECT_2_CLUST(fatfs, s) (TSK_DADDR_T)(2 + ((s) - fatfs->firstclustsect) / fatfs->csize) |
| |
|
#define | FATFS_SECT_2_INODE(fatfs, s) (TSK_INUM_T)((s - fatfs->firstdatasect) * fatfs->dentry_cnt_se + FATFS_FIRST_NORMINO) |
| |
|
#define | FATFS_UNALLOC 0 |
| |
|
#define | FATFS_YEAR_MASK 0xfe00 /* year, from 1980 0-127 */ |
| |
|
#define | FATFS_YEAR_MAX 127 |
| |
|
#define | FATFS_YEAR_MIN 0 |
| |
|
#define | FATFS_YEAR_SHIFT 9 |
| |
|
|
TSK_FS_BLOCK_FLAG_ENUM | fatfs_block_getflags (TSK_FS_INFO *a_fs, TSK_DADDR_T a_addr) |
| |
|
uint8_t | fatfs_block_walk (TSK_FS_INFO *fs, TSK_DADDR_T a_start_blk, TSK_DADDR_T a_end_blk, TSK_FS_BLOCK_WALK_FLAG_ENUM a_flags, TSK_FS_BLOCK_WALK_CB a_action, void *a_ptr) |
| |
|
void | fatfs_cleanup_ascii (char *) |
| |
|
void | fatfs_close (TSK_FS_INFO *fs) |
| |
|
uint8_t | fatfs_dentry_load (FATFS_INFO *a_fatfs, FATFS_DENTRY *a_dentry, TSK_INUM_T a_inum) |
| |
| uint8_t | fatfs_dir_buf_add (FATFS_INFO *fatfs, TSK_INUM_T par_inum, TSK_INUM_T dir_inum) |
| | Adds an entry to the parent directory map. More...
|
| |
|
void | fatfs_dir_buf_free (FATFS_INFO *fatfs) |
| | Frees the memory associated with the parent map.
|
| |
| uint8_t | fatfs_dir_buf_get (FATFS_INFO *fatfs, TSK_INUM_T dir_inum, TSK_INUM_T *par_inum) |
| | Looks up the parent meta address for a child from the cached list. More...
|
| |
|
TSK_RETVAL_ENUM | fatfs_dir_open_meta (TSK_FS_INFO *a_fs, TSK_FS_DIR **a_fs_dir, TSK_INUM_T a_addr, int recursion_depth) |
| |
|
uint32_t | fatfs_dos_2_nanosec (uint8_t timetens) |
| |
|
time_t | fatfs_dos_2_unix_time (uint16_t date, uint16_t time, uint8_t timetens) |
| |
|
TSK_WALK_RET_ENUM | fatfs_find_parent_act (TSK_FS_FILE *fs_file, const char *a_path, void *ptr) |
| |
|
uint8_t | fatfs_fscheck (TSK_FS_INFO *fs, FILE *hFile) |
| |
|
TSK_FS_ATTR_TYPE_ENUM | fatfs_get_default_attr_type (const TSK_FS_FILE *a_file) |
| |
|
uint8_t | fatfs_getFAT (FATFS_INFO *fatfs, TSK_DADDR_T clust, TSK_DADDR_T *value) |
| |
|
uint8_t | fatfs_inode_lookup (TSK_FS_INFO *a_fs, TSK_FS_FILE *a_fs_file, TSK_INUM_T a_inum) |
| |
| uint8_t | fatfs_inode_walk (TSK_FS_INFO *fs, TSK_INUM_T start_inum, TSK_INUM_T end_inum, TSK_FS_META_FLAG_ENUM a_flags, TSK_FS_META_WALK_CB a_action, void *a_ptr) |
| | Walk the inodes in a specified range and do a TSK_FS_META_WALK_CB callback for each inode that satisfies criteria specified by a set of TSK_FS_META_FLAG_ENUM flags. More...
|
| |
|
uint8_t | fatfs_inum_arg_is_in_range (FATFS_INFO *a_fatfs, TSK_INUM_T a_inum, const char *func_name) |
| |
|
uint8_t | fatfs_inum_is_in_range (FATFS_INFO *a_fatfs, TSK_INUM_T a_inum) |
| |
|
int8_t | fatfs_is_sectalloc (FATFS_INFO *, TSK_DADDR_T) |
| |
| uint8_t | fatfs_istat (TSK_FS_INFO *fs, TSK_FS_ISTAT_FLAG_ENUM istat_flags, FILE *hFile, TSK_INUM_T inum, TSK_DADDR_T numblock, int32_t sec_skew) |
| | Print details on a specific file to a file handle. More...
|
| |
|
uint8_t | fatfs_jblk_walk (TSK_FS_INFO *fs, TSK_DADDR_T start, TSK_DADDR_T end, int a_flags, TSK_FS_JBLK_WALK_CB a_action, void *a_ptr) |
| |
|
uint8_t | fatfs_jentry_walk (TSK_FS_INFO *fs, int a_flags, TSK_FS_JENTRY_WALK_CB a_action, void *a_ptr) |
| |
|
uint8_t | fatfs_jopen (TSK_FS_INFO *fs, TSK_INUM_T inum) |
| |
|
uint8_t | fatfs_make_data_runs (TSK_FS_FILE *a_fs_file) |
| |
|
int | fatfs_name_cmp (TSK_FS_INFO *, const char *, const char *) |
| |
|
TSK_FS_INFO * | fatfs_open (TSK_IMG_INFO *a_img_info, TSK_OFF_T a_offset, TSK_FS_TYPE_ENUM a_ftype, uint8_t a_test) |
| |
|
uint8_t | fatfs_ptr_arg_is_null (void *ptr, const char *param_name, const char *func_name) |
| |
|
TSKConversionResult | fatfs_utf16_inode_str_2_utf8 (FATFS_INFO *a_fatfs, UTF16 *src, size_t src_len, UTF8 *dest, size_t dest_len, TSK_INUM_T a_inum, const char *a_desc) |
| |
Contains the structures and function APIs for TSK FAT (FAT12, FAT16, FAT32, exFAT) file system support.
Walk the inodes in a specified range and do a TSK_FS_META_WALK_CB callback for each inode that satisfies criteria specified by a set of TSK_FS_META_FLAG_ENUM flags.
The following flags are supported: TSK_FS_META_FLAG_ALLOC, TSK_FS_META_FLAG_UNALLOC, TSK_FS_META_FLAG_ORPHAN, TSK_FS_META_FLAG_USED (FATXX only), and TSK_FS_META_FLAG_UNUSED (FATXX only).
- Parameters
-
| [in] | a_fs | File system that contains the inodes. |
| [in] | a_start_inum | Inclusive lower bound of inode range. |
| [in] | a_end_inum | Inclusive upper bound of inode range. |
| [in] | a_selection_flags | Inode selection criteria. |
| [in] | a_action | Callback function for selected inodes. |
| [in] | a_ptr | Private data pointer passed through to callback function. |
- Returns
- 0 on success, 1 on failure, per TSK convention
References TSK_FS_INFO::block_count, TSK_FS_INFO::last_block, TSK_FS_INFO::last_inum, TSK_FS_FILE::meta, TSK_FS_INFO::root_inum, TSK_COR, tsk_error_errstr2_concat(), tsk_error_print(), tsk_error_reset(), tsk_error_set_errno(), tsk_error_set_errstr(), tsk_error_set_errstr2(), tsk_fprintf(), tsk_fs_dir_walk(), TSK_FS_DIR_WALK_FLAG_ALLOC, TSK_FS_DIR_WALK_FLAG_NOORPHAN, TSK_FS_DIR_WALK_FLAG_RECURSE, tsk_fs_file_close(), tsk_fs_file_walk(), TSK_FS_FILE_WALK_FLAG_AONLY, TSK_FS_FILE_WALK_FLAG_SLACK, TSK_FS_META_FLAG_ALLOC, TSK_FS_META_FLAG_ORPHAN, TSK_FS_META_FLAG_UNALLOC, TSK_FS_META_FLAG_UNUSED, TSK_FS_META_FLAG_USED, tsk_fs_read_block(), TSK_OK, tsk_verbose, TSK_WALK_CONT, TSK_WALK_ERROR, and TSK_WALK_STOP.