|
The Sleuth Kit
4.3
|
Functions | |
| void | tsk_error_errstr2_concat (const char *format,...) |
| Concatenate a message onto the end of the errstr2. More... | |
| const char * | tsk_error_get () |
| Return the string with the current error message. More... | |
| uint32_t | tsk_error_get_errno () |
| Return the current error number. More... | |
| char * | tsk_error_get_errstr () |
| Retrieve the current, basic error string. More... | |
| char * | tsk_error_get_errstr2 () |
| Retrieve the current error string #2. More... | |
| void | tsk_error_print (FILE *hFile) |
| Print the current fully formed error message to a file. More... | |
| void | tsk_error_reset () |
| Clear the error number and error message. | |
| void | tsk_error_set_errno (uint32_t t_errno) |
| Set the current TSK error number. More... | |
| void | tsk_error_set_errstr (const char *format,...) |
| Set the error string #1. More... | |
| void | tsk_error_set_errstr2 (const char *format,...) |
| Set the error string #2. More... | |
| void | tsk_error_vset_errstr (const char *format, va_list args) |
| Set the error string. More... | |
| void | tsk_error_vset_errstr2 (const char *format, va_list args) |
| Set the error string. More... | |
| void | tsk_fprintf (FILE *fd, const char *msg,...) |
| fprintf wrapper function that takes UTF-8 strings as input (on all platforms) and does what is necessary to output strings in the correct encoding (UTF-8 on Unix and UTF-16 on Windows). More... | |
| uint8_t | tsk_list_add (TSK_LIST **a_tsk_list_head, uint64_t a_key) |
| Add an entry to a TSK_LIST (and create one if one does not exist) More... | |
| uint8_t | tsk_list_find (TSK_LIST *a_tsk_list_head, uint64_t a_key) |
| Search a TSK_LIST for the existence of a value. More... | |
| void | tsk_list_free (TSK_LIST *a_tsk_list_head) |
| Free a TSK_LIST. More... | |
| void | TSK_MD5_Final (unsigned char digest[16], TSK_MD5_CTX *context) |
| Calculate the MD5 hash of the data added to this context. More... | |
| void | TSK_MD5_Init (TSK_MD5_CTX *context) |
| Initialize a MD5 context structure so that data can be added to it. More... | |
| void | TSK_MD5_Update (TSK_MD5_CTX *context, unsigned char *input, unsigned int inputLen) |
| Add data to an initialized MD5 operation. More... | |
| TSK_OFF_T | tsk_parse_offset (const TSK_TCHAR *a_offset_str) |
| Parse a TSK_TCHAR block address string. More... | |
| int | tsk_parse_pnum (const TSK_TCHAR *a_pnum_str, TSK_PNUM_T *a_pnum) |
| Parse a TSK_TCHAR string of a partition byte offset and the integer version of it. More... | |
| int | tsk_print_sanitized (FILE *fd, const char *str) |
| Prints the string removing control characters. More... | |
| void | tsk_printf (const char *msg,...) |
| printf wrapper function that takes UTF-8 strings as input (on all platforms) and does what is necessary to output strings in the correct encoding (UTF-8 on Unix and UTF-16 on Windows). More... | |
| void | TSK_SHA_Final (BYTE output[SHS_DIGESTSIZE], TSK_SHA_CTX *shsInfo) |
| Calculate the hash of the data added to the context. More... | |
| void | TSK_SHA_Init (TSK_SHA_CTX *shsInfo) |
| Initialize a SHA-1 context so that data can be added to it. More... | |
| void | TSK_SHA_Update (TSK_SHA_CTX *shsInfo, BYTE *buffer, int count) |
| Add data to an initialized SHA-1 context. More... | |
| TSK_STACK * | tsk_stack_create () |
| Create a TSK_STACK structure. More... | |
| uint8_t | tsk_stack_find (TSK_STACK *a_tsk_stack, uint64_t a_val) |
| Search a TSK_STACK for a given value. More... | |
| void | tsk_stack_free (TSK_STACK *a_tsk_stack) |
| Free an allocated TSK_STACK structure. More... | |
| void | tsk_stack_pop (TSK_STACK *a_tsk_stack) |
| Pop a value from the top of the stack. More... | |
| uint8_t | tsk_stack_push (TSK_STACK *a_tsk_stack, uint64_t a_val) |
| Push a value to the top of TSK_STACK. More... | |
| TSKConversionResult | tsk_UTF16toUTF8 (TSK_ENDIAN_ENUM endian, const UTF16 **sourceStart, const UTF16 *sourceEnd, UTF8 **targetStart, UTF8 *targetEnd, TSKConversionFlags flags) |
| Convert a UTF-16 string to UTF-8. More... | |
| TSKConversionResult | tsk_UTF16toUTF8_lclorder (const UTF16 **sourceStart, const UTF16 *sourceEnd, UTF8 **targetStart, UTF8 *targetEnd, TSKConversionFlags flags) |
| Convert a UTF-16 string in local endian ordering to UTF-8. More... | |
| TSKConversionResult | tsk_UTF8toUTF16 (const UTF8 **sourceStart, const UTF8 *sourceEnd, UTF16 **targetStart, UTF16 *targetEnd, TSKConversionFlags flags) |
| Convert a UTF-8 string to UTF-16 (in local endian ordering). More... | |
| const char * | tsk_version_get_str () |
| Return the library version as a string. More... | |
| void | tsk_version_print (FILE *hFile) |
| Print the library name and version to a handle (such as "The Sleuth Kit ver 1.00"). More... | |
| void tsk_error_errstr2_concat | ( | const char * | format, |
| ... | |||
| ) |
Concatenate a message onto the end of the errstr2.
| format |
Referenced by fatfs_inode_walk(), and ntfs_open().
| const char* tsk_error_get | ( | ) |
Return the string with the current error message.
Return a human-readable form of tsk_error_get_errno.
The string does not end with a newline.
Referenced by TskError::get(), ntfs_open(), and tsk_error_print().
| uint32_t tsk_error_get_errno | ( | ) |
Return the current error number.
Referenced by TskAuto::registerError(), tsk_error_print(), and tsk_img_open().
| char* tsk_error_get_errstr | ( | ) |
Retrieve the current, basic error string.
Additional information is in errstr2. Use tsk_error_get() to get a fully formatted string.
Referenced by TskAuto::registerError().
| char* tsk_error_get_errstr2 | ( | ) |
Retrieve the current error string #2.
This has additional information than string #1.
Referenced by TskAuto::registerError().
| void tsk_error_print | ( | FILE * | hFile | ) |
Print the current fully formed error message to a file.
| hFile | File to print message to |
References tsk_error_get(), tsk_error_get_errno(), and tsk_fprintf().
Referenced by fatfs_inode_walk(), fatfs_istat(), fatxxfs_dent_parse_buf(), TskError::print(), and tsk_fs_dir_get().
| void tsk_error_set_errno | ( | uint32_t | t_errno | ) |
Set the current TSK error number.
| t_errno | the error number. |
Referenced by TskAutoDb::addFilesInImgToDb(), TskAutoDb::commitAddImage(), TskAuto::enableImageWriter(), encase_get_entry(), encase_make_index(), fatfs_inode_walk(), fatxxfs_dent_parse_buf(), TskAuto::findFilesInFs(), TskAuto::findFilesInFsRet(), TskAuto::findFilesInImg(), TskAuto::findFilesInVs(), TskDbSqlite::getFsInfos(), TskDbSqlite::getVsInfos(), TskDbSqlite::getVsPartInfos(), hdb_binsrch_idx_finalize(), hdb_binsrch_idx_initialize(), hdb_binsrch_lookup_bin(), hdb_binsrch_lookup_str(), hk_getentry(), hk_makeindex(), md5sum_getentry(), md5sum_makeindex(), TskCaseDb::newDb(), nsrl_getentry(), nsrl_makeindex(), ntfs_dinode_lookup(), ntfs_open(), TskCaseDb::openDb(), TskAutoDb::revertAddImage(), TskAutoDb::startAddImage(), tsk_fs_attr_read(), tsk_fs_attr_walk(), tsk_fs_blkcat(), tsk_fs_block_get_flag(), tsk_fs_block_walk(), tsk_fs_dir_get(), tsk_fs_dir_get_name(), tsk_fs_dir_getsize(), tsk_fs_dir_open(), tsk_fs_dir_open_meta(), tsk_fs_dir_walk(), tsk_fs_file_attr_get_id(), tsk_fs_file_get_owner_sid(), tsk_fs_file_hash_calc(), tsk_fs_file_open(), tsk_fs_file_open_meta(), tsk_fs_file_read(), tsk_fs_file_read_type(), tsk_fs_file_walk(), tsk_fs_file_walk_type(), tsk_fs_ifind_path(), tsk_fs_open_img(), tsk_fs_open_vol(), tsk_fs_path2inum(), tsk_fs_read(), tsk_fs_read_block(), tsk_hdb_accepts_updates(), tsk_hdb_add_entry(), tsk_hdb_begin_transaction(), tsk_hdb_close(), tsk_hdb_commit_transaction(), tsk_hdb_create(), tsk_hdb_has_idx(), tsk_hdb_is_idx_only(), tsk_hdb_lookup_raw(), tsk_hdb_lookup_str(), tsk_hdb_make_index(), tsk_hdb_open(), tsk_hdb_rollback_transaction(), tsk_img_open(), tsk_img_open_external(), tsk_img_open_utf8(), tsk_img_read(), tsk_ntfs_usnjentry_walk(), tsk_ntfs_usnjopen(), tsk_parse_offset(), tsk_parse_pnum(), tsk_vs_open(), tsk_vs_part_get(), tsk_vs_part_read_block(), tsk_vs_part_walk(), and tsk_vs_read_block().
| void tsk_error_set_errstr | ( | const char * | format, |
| ... | |||
| ) |
Set the error string #1.
This should contain the basic message.
| format | the printf-style format string |
Referenced by TskAutoDb::addFilesInImgToDb(), TskAutoDb::commitAddImage(), TskAuto::enableImageWriter(), encase_get_entry(), encase_make_index(), fatfs_inode_walk(), fatxxfs_dent_parse_buf(), TskAuto::findFilesInFs(), TskAuto::findFilesInFsRet(), TskAuto::findFilesInImg(), TskAuto::findFilesInVs(), TskDbSqlite::getFsInfos(), TskDbSqlite::getVsInfos(), TskDbSqlite::getVsPartInfos(), hdb_binsrch_idx_finalize(), hdb_binsrch_idx_initialize(), hdb_binsrch_lookup_bin(), hdb_binsrch_lookup_str(), hk_getentry(), hk_makeindex(), md5sum_getentry(), md5sum_makeindex(), TskCaseDb::newDb(), nsrl_getentry(), nsrl_makeindex(), ntfs_dinode_lookup(), ntfs_open(), TskCaseDb::openDb(), TskAutoDb::revertAddImage(), TskAutoDb::startAddImage(), tsk_fs_attr_read(), tsk_fs_attr_walk(), tsk_fs_blkcat(), tsk_fs_block_get_flag(), tsk_fs_block_walk(), tsk_fs_dir_get(), tsk_fs_dir_get_name(), tsk_fs_dir_getsize(), tsk_fs_dir_open(), tsk_fs_dir_open_meta(), tsk_fs_dir_walk(), tsk_fs_file_attr_get_id(), tsk_fs_file_get_owner_sid(), tsk_fs_file_hash_calc(), tsk_fs_file_open(), tsk_fs_file_open_meta(), tsk_fs_file_read(), tsk_fs_file_read_type(), tsk_fs_file_walk(), tsk_fs_file_walk_type(), tsk_fs_ifind_path(), tsk_fs_open_img(), tsk_fs_open_vol(), tsk_fs_path2inum(), tsk_fs_read(), tsk_fs_read_block(), tsk_hdb_accepts_updates(), tsk_hdb_add_entry(), tsk_hdb_begin_transaction(), tsk_hdb_close(), tsk_hdb_commit_transaction(), tsk_hdb_create(), tsk_hdb_has_idx(), tsk_hdb_is_idx_only(), tsk_hdb_lookup_raw(), tsk_hdb_lookup_str(), tsk_hdb_make_index(), tsk_hdb_open(), tsk_hdb_rollback_transaction(), tsk_img_open(), tsk_img_open_external(), tsk_img_open_utf8(), tsk_img_read(), tsk_ntfs_usnjentry_walk(), tsk_ntfs_usnjopen(), tsk_parse_offset(), tsk_parse_pnum(), tsk_vs_open(), tsk_vs_part_get(), tsk_vs_part_read_block(), tsk_vs_part_walk(), and tsk_vs_read_block().
| void tsk_error_set_errstr2 | ( | const char * | format, |
| ... | |||
| ) |
Set the error string #2.
This is called by methods who encounter the error, but did not set errno.
| format | the printf-style format string |
Referenced by encase_make_index(), fatfs_inode_walk(), TskAuto::findFilesInFs(), TskAuto::findFilesInFsRet(), hdb_binsrch_idx_finalize(), hdb_binsrch_lookup_str(), hk_makeindex(), md5sum_makeindex(), nsrl_getentry(), nsrl_makeindex(), ntfs_dinode_lookup(), ntfs_open(), TskAutoDb::startAddImage(), and tsk_fs_attr_read().
| void tsk_error_vset_errstr | ( | const char * | format, |
| va_list | args | ||
| ) |
Set the error string.
| format | the printf-style format string |
| args | the printf-style args |
| void tsk_error_vset_errstr2 | ( | const char * | format, |
| va_list | args | ||
| ) |
Set the error string.
| format | the printf-style format string |
| args | the printf-style format args |
| void tsk_fprintf | ( | FILE * | fd, |
| const char * | msg, | ||
| ... | |||
| ) |
fprintf wrapper function that takes UTF-8 strings as input (on all platforms) and does what is necessary to output strings in the correct encoding (UTF-8 on Unix and UTF-16 on Windows).
| fd | File to print to |
| msg | printf message |
Referenced by TskAutoDb::commitAddImage(), fatfs_inode_walk(), fatfs_istat(), fatxxfs_dent_parse_buf(), fatxxfs_istat_attr_flags(), hdb_binsrch_idx_finalize(), ntfs_dinode_lookup(), ntfs_open(), TskAutoDb::processFile(), TskAutoDb::revertAddImage(), TskAutoDb::startAddImage(), TskAutoDb::stopAddImage(), tsk_error_print(), tsk_fs_file_walk(), tsk_fs_file_walk_type(), tsk_fs_open_img(), tsk_fs_path2inum(), tsk_fs_type_print(), tsk_img_findFiles(), tsk_img_type_print(), tsk_ntfs_usnjopen(), tsk_print_sanitized(), tsk_version_print(), tsk_vs_open(), and tsk_vs_type_print().
| uint8_t tsk_list_add | ( | TSK_LIST ** | a_tsk_list_head, |
| uint64_t | a_key | ||
| ) |
Add an entry to a TSK_LIST (and create one if one does not exist)
| a_tsk_list_head | Pointer to pointer for head of list (can point to NULL if no list exists). |
| a_key | Value to add to list |
References TSK_LIST::key, TSK_LIST::len, and TSK_LIST::next.
| uint8_t tsk_list_find | ( | TSK_LIST * | a_tsk_list_head, |
| uint64_t | a_key | ||
| ) |
Search a TSK_LIST for the existence of a value.
| a_tsk_list_head | Head of list to search |
| a_key | Value to search for |
References TSK_LIST::key, TSK_LIST::len, and TSK_LIST::next.
| void tsk_list_free | ( | TSK_LIST * | a_tsk_list_head | ) |
Free a TSK_LIST.
| a_tsk_list_head | Head of list to free |
References TSK_LIST::next.
Referenced by tsk_fs_dir_walk().
| void TSK_MD5_Final | ( | unsigned char | digest[16], |
| TSK_MD5_CTX * | context | ||
| ) |
Calculate the MD5 hash of the data added to this context.
Context will be zeroed after this call.
| digest | Buffer to store MD5 value in. |
| context | Context that has data added to it. |
References TSK_MD5_Update().
Referenced by tsk_fs_file_hash_calc().
| void TSK_MD5_Init | ( | TSK_MD5_CTX * | context | ) |
Initialize a MD5 context structure so that data can be added to it.
| context | Pointer to context to initialize |
Referenced by tsk_fs_file_hash_calc().
| void TSK_MD5_Update | ( | TSK_MD5_CTX * | context, |
| unsigned char * | input, | ||
| unsigned int | inputLen | ||
| ) |
Add data to an initialized MD5 operation.
| context | Initialized context to add data to |
| input | Buffer of data to process |
| inputLen | Number of bytes in input |
Referenced by tsk_fs_file_hash_calc_callback(), and TSK_MD5_Final().
Parse a TSK_TCHAR block address string.
Note that the cnt@size format is no longer supported. Set the device sector size in img_open to set the block size.
| [in] | a_offset_str | The string version of the offset |
References PRIttocTSK, tsk_error_reset(), tsk_error_set_errno(), and tsk_error_set_errstr().
| int tsk_parse_pnum | ( | const TSK_TCHAR * | a_pnum_str, |
| TSK_PNUM_T * | a_pnum | ||
| ) |
Parse a TSK_TCHAR string of a partition byte offset and the integer version of it.
| [in] | a_pnum_str | The string version of the address |
| [out] | a_pnum | The parsed integer version of the address |
References PRIttocTSK, tsk_error_reset(), tsk_error_set_errno(), and tsk_error_set_errstr().
| int tsk_print_sanitized | ( | FILE * | fd, |
| const char * | str | ||
| ) |
Prints the string removing control characters.
| fd | File to print to |
| str | string to be printed |
References tsk_fprintf().
| void tsk_printf | ( | const char * | msg, |
| ... | |||
| ) |
printf wrapper function that takes UTF-8 strings as input (on all platforms) and does what is necessary to output strings in the correct encoding (UTF-8 on Unix and UTF-16 on Windows).
| msg | printf message |
Referenced by tsk_fs_blkcat().
| void TSK_SHA_Final | ( | BYTE | output[SHS_DIGESTSIZE], |
| TSK_SHA_CTX * | shsInfo | ||
| ) |
Calculate the hash of the data added to the context.
| output | Buffer to store hash value |
| shsInfo | Context that has data added to it. |
Referenced by tsk_fs_file_hash_calc().
| void TSK_SHA_Init | ( | TSK_SHA_CTX * | shsInfo | ) |
Initialize a SHA-1 context so that data can be added to it.
| shsInfo | Pointer to context structure to initialize |
Referenced by tsk_fs_file_hash_calc().
| void TSK_SHA_Update | ( | TSK_SHA_CTX * | shsInfo, |
| BYTE * | buffer, | ||
| int | count | ||
| ) |
Add data to an initialized SHA-1 context.
| shsInfo | Context to add data to |
| buffer | Data to process |
| count | Number of bytes in buffer |
Referenced by tsk_fs_file_hash_calc_callback().
| TSK_STACK* tsk_stack_create | ( | ) |
Create a TSK_STACK structure.
References TSK_STACK::len, TSK_STACK::top, and TSK_STACK::vals.
Referenced by tsk_fs_dir_walk().
| uint8_t tsk_stack_find | ( | TSK_STACK * | a_tsk_stack, |
| uint64_t | a_val | ||
| ) |
Search a TSK_STACK for a given value.
| a_tsk_stack | Stack to search |
| a_val | Value to search for |
References TSK_STACK::top, and TSK_STACK::vals.
| void tsk_stack_free | ( | TSK_STACK * | a_tsk_stack | ) |
Free an allocated TSK_STACK structure.
| a_tsk_stack | Stack to free |
References TSK_STACK::vals.
Referenced by tsk_fs_dir_walk().
| void tsk_stack_pop | ( | TSK_STACK * | a_tsk_stack | ) |
Pop a value from the top of the stack.
| a_tsk_stack | Stack to pop from |
References TSK_STACK::top.
| uint8_t tsk_stack_push | ( | TSK_STACK * | a_tsk_stack, |
| uint64_t | a_val | ||
| ) |
Push a value to the top of TSK_STACK.
| a_tsk_stack | Pointer to stack to push onto |
| a_val | Value to push on |
References TSK_STACK::len, TSK_STACK::top, and TSK_STACK::vals.
| TSKConversionResult tsk_UTF16toUTF8 | ( | TSK_ENDIAN_ENUM | endian, |
| const UTF16 ** | sourceStart, | ||
| const UTF16 * | sourceEnd, | ||
| UTF8 ** | targetStart, | ||
| UTF8 * | targetEnd, | ||
| TSKConversionFlags | flags | ||
| ) |
Convert a UTF-16 string to UTF-8.
| endian | Endian ordering flag of UTF-16 text |
| sourceStart | Pointer to pointer to start of UTF-16 string. Will be updated to last char processed. |
| sourceEnd | Pointer to one entry past end of UTF-16 string |
| targetStart | Pointer to pointer to place where UTF-8 string should be written. Will be updated to next place to write to. |
| targetEnd | Pointer to end of UTF-8 buffer |
| flags | Flags used during conversion |
References TSKconversionOK, TSKsourceExhausted, TSKsourceIllegal, TSKstrictConversion, and TSKtargetExhausted.
Referenced by fatxxfs_dent_parse_buf().
| TSKConversionResult tsk_UTF16toUTF8_lclorder | ( | const UTF16 ** | sourceStart, |
| const UTF16 * | sourceEnd, | ||
| UTF8 ** | targetStart, | ||
| UTF8 * | targetEnd, | ||
| TSKConversionFlags | flags | ||
| ) |
Convert a UTF-16 string in local endian ordering to UTF-8.
| sourceStart | Pointer to pointer to start of UTF-16 string. Will be updated to last char processed. |
| sourceEnd | Pointer to one entry past end of UTF-16 string |
| targetStart | Pointer to pointer to place where UTF-8 string should be written. Will be updated to next place to write to. |
| targetEnd | Pointer to end of UTF-8 buffer |
| flags | Flags used during conversion |
References TSKconversionOK, TSKsourceExhausted, TSKsourceIllegal, TSKstrictConversion, and TSKtargetExhausted.
Referenced by tsk_fs_ifind_path().
| TSKConversionResult tsk_UTF8toUTF16 | ( | const UTF8 ** | sourceStart, |
| const UTF8 * | sourceEnd, | ||
| UTF16 ** | targetStart, | ||
| UTF16 * | targetEnd, | ||
| TSKConversionFlags | flags | ||
| ) |
Convert a UTF-8 string to UTF-16 (in local endian ordering).
| sourceStart | Pointer to pointer to start of UTF-8 string. Will be updated to last char processed. |
| sourceEnd | Pointer to one entry past end of UTF-8 string |
| targetStart | Pointer to pointer to place where UTF-16 string should be written. Will be updated to next place to write to. |
| targetEnd | Pointer to end of UTF-16 buffer |
| flags | Flags used during conversion |
References TSKconversionOK, TSKsourceExhausted, TSKsourceIllegal, TSKstrictConversion, and TSKtargetExhausted.
Referenced by TskAuto::enableImageWriter(), and tsk_img_open_utf8().
| const char* tsk_version_get_str | ( | ) |
Return the library version as a string.
References TSK_VERSION_STR.
| void tsk_version_print | ( | FILE * | hFile | ) |
Print the library name and version to a handle (such as "The Sleuth Kit ver 1.00").
| hFile | Handle to print to |
References tsk_fprintf(), and TSK_VERSION_STR.
Copyright © 2007-2015 Brian Carrier. (carrier -at- sleuthkit -dot- org)
This work is licensed under a
Creative Commons Attribution-Share Alike 3.0 United States License.