tsk_fs_i.h File Reference

Contains the internal library definitions for the file system functions. More...

#include "tsk/base/tsk_base_i.h"
#include "tsk/img/tsk_img_i.h"
#include "tsk/vs/tsk_vs_i.h"
#include "tsk_fs.h"
#include <time.h>
#include <locale.h>
#include <sys/fcntl.h>
#include <sys/time.h>

Classes
struct	TSK_FS_LOAD_FILE

Macros
#define	isset(a, i)   (((uint8_t *)(a))[(i)/NBBY] & (1<<((i)%NBBY)))
#define	NBBY   8
#define	setbit(a, i)   (((uint8_t *)(a))[(i)/NBBY] |= (1<<((i)%NBBY)))
#define	tsk_fs_guessu16(fs, x, mag)   tsk_guess_end_u16(&(fs->endian), (x), (mag))
#define	tsk_fs_guessu32(fs, x, mag)   tsk_guess_end_u32(&(fs->endian), (x), (mag))
#define	TSK_USE_HFS   1

Functions
TSK_FS_INFO *	ext2fs_open (TSK_IMG_INFO *, TSK_OFF_T, TSK_FS_TYPE_ENUM, uint8_t)
TSK_FS_INFO *	fatfs_open (TSK_IMG_INFO *, TSK_OFF_T, TSK_FS_TYPE_ENUM, uint8_t)
TSK_FS_INFO *	ffs_open (TSK_IMG_INFO *, TSK_OFF_T, TSK_FS_TYPE_ENUM)
TSK_FS_INFO *	hfs_open (TSK_IMG_INFO *, TSK_OFF_T, TSK_FS_TYPE_ENUM, uint8_t)
TSK_FS_INFO *	iso9660_open (TSK_IMG_INFO *, TSK_OFF_T, TSK_FS_TYPE_ENUM, uint8_t)
TSK_FS_INFO *	ntfs_open (TSK_IMG_INFO *, TSK_OFF_T, TSK_FS_TYPE_ENUM, uint8_t)
	Open part of a disk image as an NTFS file system. More...
TSK_FS_INFO *	rawfs_open (TSK_IMG_INFO *, TSK_OFF_T)
TSK_FS_INFO *	swapfs_open (TSK_IMG_INFO *, TSK_OFF_T)
uint8_t	tsk_fs_attr_add_run (TSK_FS_INFO *fs, TSK_FS_ATTR *a_fs_attr, TSK_FS_ATTR_RUN *data_run_new)
TSK_FS_ATTR *	tsk_fs_attr_alloc (TSK_FS_ATTR_FLAG_ENUM)
void	tsk_fs_attr_append_run (TSK_FS_INFO *fs, TSK_FS_ATTR *a_fs_attr, TSK_FS_ATTR_RUN *a_data_run)
	Append a data run to the end of the attribute and update its offset value. More...
void	tsk_fs_attr_clear (TSK_FS_ATTR *)
void	tsk_fs_attr_free (TSK_FS_ATTR *)
TSK_FS_ATTR_RUN *	tsk_fs_attr_run_alloc ()
void	tsk_fs_attr_run_free (TSK_FS_ATTR_RUN *)
uint8_t	tsk_fs_attr_set_run (TSK_FS_FILE *, TSK_FS_ATTR *a_fs_attr, TSK_FS_ATTR_RUN *data_run_new, const char *name, TSK_FS_ATTR_TYPE_ENUM type, uint16_t id, TSK_OFF_T size, TSK_OFF_T initsize, TSK_OFF_T allocsize, TSK_FS_ATTR_FLAG_ENUM flags, uint32_t compsize)
uint8_t	tsk_fs_attr_set_str (TSK_FS_FILE *, TSK_FS_ATTR *, const char *, TSK_FS_ATTR_TYPE_ENUM, uint16_t, void *, size_t)
uint8_t	tsk_fs_attrlist_add (TSK_FS_ATTRLIST *, TSK_FS_ATTR *)
TSK_FS_ATTRLIST *	tsk_fs_attrlist_alloc ()
void	tsk_fs_attrlist_free (TSK_FS_ATTRLIST *)
const TSK_FS_ATTR *	tsk_fs_attrlist_get (const TSK_FS_ATTRLIST *, TSK_FS_ATTR_TYPE_ENUM)
const TSK_FS_ATTR *	tsk_fs_attrlist_get_id (const TSK_FS_ATTRLIST *, TSK_FS_ATTR_TYPE_ENUM, uint16_t)
const TSK_FS_ATTR *	tsk_fs_attrlist_get_idx (const TSK_FS_ATTRLIST *, int)
int	tsk_fs_attrlist_get_len (const TSK_FS_ATTRLIST *a_fs_attrlist)
const TSK_FS_ATTR *	tsk_fs_attrlist_get_name_type (const TSK_FS_ATTRLIST *, TSK_FS_ATTR_TYPE_ENUM, const char *)
TSK_FS_ATTR *	tsk_fs_attrlist_getnew (TSK_FS_ATTRLIST *, TSK_FS_ATTR_FLAG_ENUM a_atype)
void	tsk_fs_attrlist_markunused (TSK_FS_ATTRLIST *)
TSK_FS_BLOCK *	tsk_fs_block_alloc (TSK_FS_INFO *fs)
int	tsk_fs_block_set (TSK_FS_INFO *fs, TSK_FS_BLOCK *fs_block, TSK_DADDR_T a_addr, TSK_FS_BLOCK_FLAG_ENUM a_flags, char *a_buf)
uint8_t	tsk_fs_dir_add (TSK_FS_DIR *a_fs_dir, const TSK_FS_NAME *a_fs_dent)
TSK_FS_DIR *	tsk_fs_dir_alloc (TSK_FS_INFO *a_fs, TSK_INUM_T a_addr, size_t a_cnt)
uint8_t	tsk_fs_dir_find_inum_named (TSK_FS_INFO *a_fs, TSK_INUM_T a_inum)
TSK_RETVAL_ENUM	tsk_fs_dir_find_orphans (TSK_FS_INFO *a_fs, TSK_FS_DIR *a_fs_dir)
TSK_RETVAL_ENUM	tsk_fs_dir_load_inum_named (TSK_FS_INFO *a_fs)
uint8_t	tsk_fs_dir_make_orphan_dir_meta (TSK_FS_INFO *a_fs, TSK_FS_META *a_fs_meta)
uint8_t	tsk_fs_dir_make_orphan_dir_name (TSK_FS_INFO *a_fs, TSK_FS_NAME *a_fs_name)
uint8_t	tsk_fs_dir_realloc (TSK_FS_DIR *a_fs_dir, size_t a_cnt)
void	tsk_fs_dir_reset (TSK_FS_DIR *a_fs_dir)
TSK_FS_FILE *	tsk_fs_file_alloc (TSK_FS_INFO *)
void	tsk_fs_free (TSK_FS_INFO *)
TSK_WALK_RET_ENUM	tsk_fs_load_file_action (TSK_FS_FILE *fs_file, TSK_OFF_T, TSK_DADDR_T, char *, size_t, TSK_FS_BLOCK_FLAG_ENUM, void *)
TSK_FS_INFO *	tsk_fs_malloc (size_t)
TSK_FS_META *	tsk_fs_meta_alloc (size_t)
void	tsk_fs_meta_close (TSK_FS_META *fs_meta)
TSK_FS_META *	tsk_fs_meta_realloc (TSK_FS_META *, size_t)
void	tsk_fs_meta_reset (TSK_FS_META *)
TSK_FS_NAME *	tsk_fs_name_alloc (size_t, size_t)
uint8_t	tsk_fs_name_copy (TSK_FS_NAME *a_fs_name_to, const TSK_FS_NAME *a_fs_name_from)
void	tsk_fs_name_free (TSK_FS_NAME *)
void	tsk_fs_name_print (FILE *, const TSK_FS_FILE *, const char *, TSK_FS_INFO *, const TSK_FS_ATTR *, uint8_t)
void	tsk_fs_name_print_long (FILE *, const TSK_FS_FILE *, const char *, TSK_FS_INFO *, const TSK_FS_ATTR *, uint8_t, int32_t)
void	tsk_fs_name_print_mac (FILE *, const TSK_FS_FILE *, const char *, const TSK_FS_ATTR *fs_attr, const char *, int32_t)
void	tsk_fs_name_print_mac_md5 (FILE *, const TSK_FS_FILE *, const char *, const TSK_FS_ATTR *fs_attr, const char *, int32_t, const unsigned char *)
uint8_t	tsk_fs_name_realloc (TSK_FS_NAME *, size_t)
void	tsk_fs_name_reset (TSK_FS_NAME *a_fs_name)
TSK_FS_BLOCK_FLAG_ENUM	tsk_fs_nofs_block_getflags (TSK_FS_INFO *a_fs, TSK_DADDR_T a_addr)
uint8_t	tsk_fs_nofs_block_walk (TSK_FS_INFO *fs, TSK_DADDR_T a_start_blk, TSK_DADDR_T a_end_blk, TSK_FS_BLOCK_WALK_FLAG_ENUM a_flags, TSK_FS_BLOCK_WALK_CB a_action, void *a_ptr)
void	tsk_fs_nofs_close (TSK_FS_INFO *fs)
TSK_RETVAL_ENUM	tsk_fs_nofs_dir_open_meta (TSK_FS_INFO *a_fs, TSK_FS_DIR **a_fs_dir, TSK_INUM_T a_addr)
uint8_t	tsk_fs_nofs_file_add_meta (TSK_FS_INFO *fs, TSK_FS_FILE *a_fs_file, TSK_INUM_T inum)
uint8_t	tsk_fs_nofs_fsstat (TSK_FS_INFO *fs, FILE *hFile)
TSK_FS_ATTR_TYPE_ENUM	tsk_fs_nofs_get_default_attr_type (const TSK_FS_FILE *a_file)
uint8_t	tsk_fs_nofs_inode_walk (TSK_FS_INFO *fs, TSK_INUM_T a_start_inum, TSK_INUM_T a_end_inum, TSK_FS_META_FLAG_ENUM a_flags, TSK_FS_META_WALK_CB a_action, void *a_ptr)
uint8_t	tsk_fs_nofs_istat (TSK_FS_INFO *a_fs, FILE *hFile, TSK_INUM_T inum, TSK_DADDR_T numblock, int32_t sec_skew)
uint8_t	tsk_fs_nofs_jblk_walk (TSK_FS_INFO *a_fs, TSK_INUM_T start, TSK_INUM_T end, int a_flags, TSK_FS_JBLK_WALK_CB a_action, void *a_ptr)
uint8_t	tsk_fs_nofs_jentry_walk (TSK_FS_INFO *a_fs, int a_flags, TSK_FS_JENTRY_WALK_CB a_action, void *a_ptr)
uint8_t	tsk_fs_nofs_jopen (TSK_FS_INFO *a_fs, TSK_INUM_T inum)
uint8_t	tsk_fs_nofs_make_data_run (TSK_FS_FILE *)
int	tsk_fs_nofs_name_cmp (TSK_FS_INFO *, const char *, const char *)
char *	tsk_fs_time_to_str (time_t, char buf[128])
	Converts a time value to a string representation. More...
char *	tsk_fs_time_to_str_subsecs (time_t, unsigned int subsecs, char buf[128])
	Converts a time value to a string representation. More...
TSK_FS_ATTR_TYPE_ENUM	tsk_fs_unix_get_default_attr_type (const TSK_FS_FILE *a_file)
uint8_t	tsk_fs_unix_make_data_run (TSK_FS_FILE *fs_file)
int	tsk_fs_unix_name_cmp (TSK_FS_INFO *a_fs_info, const char *s1, const char *s2)
TSK_FS_INFO *	yaffs2_open (TSK_IMG_INFO *, TSK_OFF_T, TSK_FS_TYPE_ENUM, uint8_t)

Detailed Description

Contains the internal library definitions for the file system functions.

This should be included by the code in the file system library.

Function Documentation

TSK_FS_INFO* ntfs_open	(	TSK_IMG_INFO *	img_info,
		TSK_OFF_T	offset,
		TSK_FS_TYPE_ENUM	ftype,
		uint8_t	test
	)

Open part of a disk image as an NTFS file system.

Parameters

img_info	Disk image to analyze
offset	Byte offset where NTFS file system starts
ftype	Specific type of NTFS file system
test	NOT USED

Returns

NULL on error or if data is not an NTFS file system

References TSK_FS_META::attr, TSK_FS_INFO::block_count, TSK_FS_INFO::block_size, TSK_FS_INFO::block_walk, TSK_FS_INFO::close, TSK_FS_INFO::dev_bsize, TSK_FS_INFO::duname, TSK_FS_INFO::endian, TSK_FS_INFO::first_block, TSK_FS_INFO::first_inum, TSK_FS_INFO::flags, TSK_FS_INFO::fs_id, TSK_FS_INFO::fs_id_used, TSK_FS_INFO::ftype, TSK_FS_INFO::img_info, TSK_FS_INFO::inode_walk, TSK_FS_INFO::inum_count, TSK_FS_INFO::istat, TSK_FS_INFO::journ_inum, TSK_FS_INFO::last_block, TSK_FS_INFO::last_block_act, TSK_FS_INFO::last_inum, TSK_FS_FILE::meta, TSK_FS_INFO::offset, TSK_FS_INFO::root_inum, TSK_IMG_INFO::sector_size, TSK_IMG_INFO::size, TSK_FS_ATTR::size, tsk_error_errstr2_concat(), tsk_error_get(), tsk_error_reset(), tsk_error_set_errno(), tsk_error_set_errstr(), tsk_error_set_errstr2(), tsk_fprintf(), tsk_fs_file_close(), tsk_fs_file_open_meta(), TSK_FS_INFO_FLAG_HAVE_SEQ, tsk_fs_read(), TSK_FS_TYPE_ISNTFS, TSK_FS_TYPE_NTFS, and tsk_verbose.

Referenced by tsk_fs_open_img().

void tsk_fs_attr_append_run	(	TSK_FS_INFO *	a_fs,
		TSK_FS_ATTR *	a_fs_attr,
		TSK_FS_ATTR_RUN *	a_data_run
	)

Append a data run to the end of the attribute and update its offset value.

This ignores the offset in the data run and blindly appends.

Parameters

a_fs	File system run is from
a_fs_attr	Data attribute to append to
a_data_run	Data run to append.

References TSK_FS_ATTR_RUN::len, TSK_FS_ATTR_RUN::next, TSK_FS_ATTR::nrd, TSK_FS_ATTR_RUN::offset, TSK_FS_ATTR::run, and TSK_FS_ATTR::run_end.