search for: tsk_inode

Displaying 20 results from an estimated 52 matches for "tsk_inode".

2016 Mar 20
1
[PATCH] ffind API to retrieve a file name given its inode
...ns a struct "tsknode" which contains the file name, its inode and it's allocation status. The struct will be employed by other APIs as well (fls, ifind etc..). $ ./run guestfish --ro -a /home/noxdafox/disks/ubuntu.qcow2 ><fs> run ><fs> ffind /dev/sda1 2 tsk_name: / tsk_inode: 2 tsk_allocated: 1 ><fs> ffind /dev/sda1 3 tsk_name: /usr/bin/ tsk_inode: 3 tsk_allocated: 0 /usr/bin/ has been reallocated to node 786577 ><fs> mount /dev/sda1 / ><fs> stat /usr/bin/ dev: 2049 ino: 786577 ... Matteo Cafasso (1): added ffind API daemon/tsk.c...
2016 Apr 05
1
Re: [PATCH v3 1/5] generator: Added tsk_dirent struct
On Tuesday 05 April 2016 18:47:28 Matteo Cafasso wrote: > The tsk_dirent struct contains the information gathered via TSK APIs. > > The struct contains the following fields: > * tsk_inode: inode of a file > * tsk_type: type of file such as for dirwalk command > * tsk_size: file size in bytes > * tsk_name: path relative to its disk partition > * tsk_allocated: whether the file has been deleted > > Signed-off-by: Matteo Cafasso <noxdafox@gmail.com> > --...
2016 Mar 22
0
[PATCH v2] added find_inode API
...ode); +} + +static guestfs_int_tsk_node* +parse_ffind (const char *out, int64_t inode) +{ + size_t len; + guestfs_int_tsk_node *ret; + + ret = calloc (1, sizeof *ret); + if (ret == NULL) { + reply_with_perror ("calloc"); + return NULL; + } + + len = strlen(out) - 1; + ret->tsk_inode = inode; + + if STRPREFIX (out, "File name not found for inode") { + reply_with_error ("%ld Inode not in use", inode); + return NULL; + } + else if STRPREFIX (out, "* ") { + ret->tsk_allocated = 0; + ret->tsk_name = strndup (&out[2], len - 2);...
2016 Jun 13
7
[PATCH v8 0/3] New API: filesystem_walk
v8: - rebase on master - bump version to 1.33.37 - squash commits 1, 2, 3 Kept original commits messages when squashing them. Matteo Cafasso (3): New API: internal_filesystem_walk New API: filesystem_walk lib: Added filesystem_walk command tests daemon/Makefile.am | 4 +- daemon/tsk.c | 249 ++++++++++++++++++++++++++++++++++++++
2016 Apr 11
5
[PATCH v5 0/5] New API: filesystem_walk
v5: - fixed compile-time warning - removed unused flag enumeration - new version 1.33.19 Patch ready for review. Matteo Cafasso (5): generator: Added tsk_dirent struct configure: Added libtsk compile-time check New API: internal_filesystem_walk New API: filesystem_walk lib: Added filesystem_walk command tests daemon/Makefile.am | 4 +- daemon/tsk.c
2016 Apr 06
5
[PATCH v4 0/5] New API: filesystem_walk
v4: - Changed tsk_allocated struct field into tsk_flags. - Added optional dependency in documentation. - Use asprintf and perror instead of asprintf_nowarn and fprintf. - Ensure CLEANUP_FREE vars are initialised. - Reworked the function documentation. - Improved tests robustness. Matteo Cafasso (5): generator: Added tsk_dirent struct configure: Added libtsk compile-time check
2016 Apr 05
0
[PATCH v3 1/5] generator: Added tsk_dirent struct
The tsk_dirent struct contains the information gathered via TSK APIs. The struct contains the following fields: * tsk_inode: inode of a file * tsk_type: type of file such as for dirwalk command * tsk_size: file size in bytes * tsk_name: path relative to its disk partition * tsk_allocated: whether the file has been deleted Signed-off-by: Matteo Cafasso <noxdafox@gmail.com> --- generator/structs.ml | 16 ++++++...
2016 Apr 11
0
[PATCH v5 1/5] generator: Added tsk_dirent struct
The tsk_dirent struct contains the information gathered via TSK APIs. The struct contains the following fields: * tsk_inode: inode of a file * tsk_type: type of file such as for dirwalk command * tsk_size: file size in bytes * tsk_name: path relative to its disk partition * tsk_flags: bitfield containing extra information Signed-off-by: Matteo Cafasso <noxdafox@gmail.com> --- generator/structs.ml | 15 ++++++...
2016 Jun 15
1
Re: [PATCH v8 1/3] New API: internal_filesystem_walk
...ructs.ml > @@ -444,6 +444,19 @@ let structs = [ > ]; > s_camel_name = "InternalMountable"; > }; > + > + (* The Sleuth Kit directory entry information. *) > + { defaults with > + s_name = "tsk_dirent"; > + s_cols = [ > + "tsk_inode", FUInt64; > + "tsk_type", FChar; > + "tsk_size", FInt64; > + "tsk_name", FString; > + "tsk_flags", FUInt32; Note if you ever need to add more columns in future, you won't be able to, unless you reserve some space in the stru...
2016 Apr 04
2
Re: [PATCH v2 3/5] daemon: Added internal_filesystem_walk command
...t+found } [3] = { ino: 2 ftyp: d name: .. } You can see the file names are not quoted. > > > + if (ret < 0) { > > > + fprintf (stderr, "asprintf: %m"); > > > + return TSK_WALK_ERROR; > > > + } > > > + > > > + dirent.tsk_inode = fsfile->name->meta_addr; > > > + dirent.tsk_type = file_type (fsfile); > > > + dirent.tsk_size = (fsfile->meta != NULL) ? fsfile->meta->size : 0; > > > > If 'meta' is null, then I guess the size should be -1 to indicate it > > was not a...
2016 May 02
5
[PATCH v6 0/5] New API: filesystem_walk
v6: - added metadata reallocation flag in tsk_flags Certain filesystems separate file name structures and metadata ones. Therefore, deleted entries with file name structures in an unallocated state might point to metadata structures which have been reallocated to new files. A flag set to 1 is generally an indication that the information gathered from the metadata structure (file
2016 Jun 28
2
[PATCH] Reserve entries to tsk_dirent struct
Already implemented entries. tsk_inode tsk_type tsk_size tsk_name tsk_flags Easy ones to add. tsk_atime_sec tsk_atime_nsec tsk_mtime_sec tsk_mtime_nsec tsk_ctime_sec tsk_ctime_nsec tsk_blksize tsk_blocks Further ideas. tsk_nlink tsk_link_name Signed-off-by: Matteo Cafasso <noxdafox@gmail.com> --- daemon/tsk.c...
2016 Jun 12
6
[PATCH v7 0/5] New API: filesystem_walk
v7: - iterate over output file instead of reading it into memory Instead of reading the whole output file in memory and iterating over the resulting buffer, use XDR primitives to directly iterate over the file itself. This should reduce the API memory consumption. Patch ready for review. Code available at: https://github.com/noxdafox/libguestfs/tree/filesystem_walk Matteo Cafasso
2016 Apr 03
7
[PATCH v2 0/5] Added filesystem_walk command
v2: - Increased the amount of collected information from the FS content. - Moved filesystem_walk0 as internal command. - Code improvement based on comments. - Adhere to project's coding style. - Better command documentation. - More robust tests. Patch ready for review, code available at: https://github.com/noxdafox/libguestfs/tree/filesystem_walk Matteo Cafasso (5): generator:
2016 Jun 13
0
[PATCH v8 3/3] lib: Added filesystem_walk command tests
...ero-sized" + exit 77 +fi + +output=$( +guestfish --ro -a ../../test-data/phony-guests/windows.img <<EOF +run +mount /dev/sda2 / +write /test.txt "foobar" +rm /test.txt +umount / +filesystem-walk /dev/sda2 +EOF +) + +# test $MFT is in the list +echo $output | grep -zq "{ tsk_inode: 0 tsk_type: r tsk_size: .* tsk_name: \$MFT tsk_flags: 1 }" +if [ $? != 0 ]; then + echo "$0: \$MFT not found in files list." + echo "File list:" + echo $output + exit 1 +fi + +# test deleted file is in the list +echo $output | grep -zq "{ tsk_inode: .* tsk...
2016 Apr 05
0
[PATCH v3 5/5] appliance: Added filesystem_walk command tests
...txt "foobar" : \ + rm /test.txt : \ + umount / : \ + filesystem-walk /dev/sda2) + +# test $MFT is in the list +echo $output | grep -q "{ tsk_inode: 0 tsk_type: r tsk_size: .* tsk_name: \$MFT tsk_allocated: 1 }" +if [ $? != 0 ]; then + echo "$0: \$MFT not found in files list." + echo "File list:" + echo $output + exit 1 +fi + +# test deleted file is in the list +echo $output | grep -q "{ tsk_inode: .*...
2016 Jun 15
4
[PATCH v9 0/3] New API: filesystem_walk
v9: - add missing files: java/Makefile.inc, java/com/redhat/et/libguestfs/.gitignore, gobject/Makefile.inc - reserve space in tsk_dirent struct for future usage - use int instead of bool_t type - improve API documentation Matteo Cafasso (3): New API: internal_filesystem_walk New API: filesystem_walk lib: Added filesystem_walk command tests daemon/Makefile.am
2016 Apr 05
10
[PATCH v3 0/5] Added filesystem_walk command
v3: - File size will be reported as - 1 if it cannot be retrieved. - Code improvements based on comments. Matteo Cafasso (5): generator: Added tsk_dirent struct configure: Added libtsk compile-time check daemon: Added internal_filesystem_walk command appliance: Added filesystem_walk command appliance: Added filesystem_walk command tests daemon/Makefile.am | 4 +-
2016 Jun 13
0
[PATCH v8 1/3] New API: internal_filesystem_walk
- generator: Added tsk_dirent struct The tsk_dirent struct contains the information gathered via TSK APIs. The struct contains the following fields: * tsk_inode: inode of a file * tsk_type: type of file such as for dirwalk command * tsk_size: file size in bytes * tsk_name: path relative to its disk partition * tsk_flags: bitfield containing extra information - configure: Added libtsk compile-time check Ensure libtsk is available at compile time. If...
2016 Apr 04
2
Re: [PATCH v2 3/5] daemon: Added internal_filesystem_walk command
...intf_nowarn (&fname, "%Q%Q", path, fsfile->name->name); Why the quoting? We don't quote results in similar APIs (e.g. readdir). > + if (ret < 0) { > + fprintf (stderr, "asprintf: %m"); > + return TSK_WALK_ERROR; > + } > + > + dirent.tsk_inode = fsfile->name->meta_addr; > + dirent.tsk_type = file_type (fsfile); > + dirent.tsk_size = (fsfile->meta != NULL) ? fsfile->meta->size : 0; If 'meta' is null, then I guess the size should be -1 to indicate it was not available; otherwise, there is no difference betwe...