From 006c28c7a8541c03217def62a0fbb6baa69cda65 Mon Sep 17 00:00:00 2001
From: Ann Priestman <apriestman@basistech.com>
Date: Wed, 6 Nov 2019 11:02:17 -0500
Subject: [PATCH] Adding pool volumes to db
---
tsk/auto/auto_db.cpp | 6 ++++++
tsk/auto/db_sqlite.cpp | 26 ++++++++++++++++++++++++++
tsk/auto/tsk_case_db.h | 1 +
tsk/auto/tsk_db.h | 2 ++
tsk/auto/tsk_db_sqlite.h | 2 ++
5 files changed, 37 insertions(+)
diff --git a/tsk/auto/auto_db.cpp b/tsk/auto/auto_db.cpp
index 516be1479..506173e1a 100755
--- a/tsk/auto/auto_db.cpp
+++ b/tsk/auto/auto_db.cpp
@@ -308,6 +308,12 @@ TskAutoDb::filterPoolVol(const TSK_POOL_VOLUME_INFO * pool_vol)
{
printf("filterPoolVol 0x%llx\n", pool_vol->index);
m_curPoolVol = pool_vol->index;
+
+ if (m_db->addPoolVolumeInfo(pool_vol, m_curPoolVsId, m_curPoolVol)) {
+ registerError();
+ return TSK_FILTER_STOP;
+ }
+
return TSK_FILTER_CONT;
}
diff --git a/tsk/auto/db_sqlite.cpp b/tsk/auto/db_sqlite.cpp
index a0c95f221..d15a3d5ed 100755
--- a/tsk/auto/db_sqlite.cpp
+++ b/tsk/auto/db_sqlite.cpp
@@ -749,6 +749,32 @@ TskDbSqlite::addVsInfo(const TSK_VS_INFO* vs_info, int64_t parObjId,
}
+/**
+* Adds the sector addresses of the pool volumes into the db.
+* @returns 1 on error, 0 on success
+*/
+int
+TskDbSqlite::addPoolVolumeInfo(const TSK_POOL_VOLUME_INFO* pool_vol,
+ int64_t parObjId, int64_t& objId)
+{
+ char* zSQL;
+ int ret;
+
+ if (addObject(TSK_DB_OBJECT_TYPE_VOL, parObjId, objId))
+ return 1;
+
+ zSQL = sqlite3_mprintf(
+ "INSERT INTO tsk_vs_parts (obj_id, addr, start, length, desc, flags)"
+ "VALUES (%lld, %" PRIuPNUM ",%" PRIuDADDR ",%" PRIuDADDR ",'%q',%d)",
+ objId, (int)pool_vol->index, pool_vol->block, pool_vol->num_blocks,
+ pool_vol->desc, pool_vol->flags);
+
+ ret = attempt_exec(zSQL,
+ "Error adding data to tsk_vs_parts table: %s\n");
+ sqlite3_free(zSQL);
+ return ret;
+}
+
/**
* Adds the sector addresses of the volumes into the db.
* @returns 1 on error, 0 on success
diff --git a/tsk/auto/tsk_case_db.h b/tsk/auto/tsk_case_db.h
index 6ebbde487..c408363b3 100644
--- a/tsk/auto/tsk_case_db.h
+++ b/tsk/auto/tsk_case_db.h
@@ -128,6 +128,7 @@ class TskAutoDb:public TskAuto {
int64_t m_curVsId; ///< Object ID of volume system currently being processed
int64_t m_curVolId; ///< Object ID of volume currently being processed
int64_t m_curPoolVol; // POOL
+ int64_t m_curPoolVsId = 59; // POOL - temp
int64_t m_curFsId; ///< Object ID of file system currently being processed
int64_t m_curFileId; ///< Object ID of file currently being processed
TSK_INUM_T m_curDirAddr; ///< Meta address the directory currently being processed
diff --git a/tsk/auto/tsk_db.h b/tsk/auto/tsk_db.h
index c929ac766..8db94738c 100755
--- a/tsk/auto/tsk_db.h
+++ b/tsk/auto/tsk_db.h
@@ -175,6 +175,8 @@ class TskDb {
virtual int addImageName(int64_t objId, char const *imgName, int sequence) = 0;
virtual int addVsInfo(const TSK_VS_INFO * vs_info, int64_t parObjId, int64_t & objId) = 0;
virtual int addVolumeInfo(const TSK_VS_PART_INFO * vs_part, int64_t parObjId, int64_t & objId) = 0;
+ virtual int addPoolVolumeInfo(const TSK_POOL_VOLUME_INFO* pool_vol,
+ int64_t parObjId, int64_t& objId) = 0;
virtual int addFsInfo(const TSK_FS_INFO * fs_info, int64_t parObjId, int64_t & objId) = 0;
virtual int addFsFile(TSK_FS_FILE * fs_file, const TSK_FS_ATTR * fs_attr,
const char *path, const unsigned char *const md5,
diff --git a/tsk/auto/tsk_db_sqlite.h b/tsk/auto/tsk_db_sqlite.h
index 3bfb165fe..4c90d3803 100755
--- a/tsk/auto/tsk_db_sqlite.h
+++ b/tsk/auto/tsk_db_sqlite.h
@@ -50,6 +50,8 @@ class TskDbSqlite : public TskDb {
int addImageName(int64_t objId, char const *imgName, int sequence);
int addVsInfo(const TSK_VS_INFO * vs_info, int64_t parObjId,
int64_t & objId);
+ int addPoolVolumeInfo(const TSK_POOL_VOLUME_INFO* pool_vol,
+ int64_t parObjId, int64_t& objId);
int addVolumeInfo(const TSK_VS_PART_INFO * vs_part, int64_t parObjId,
int64_t & objId);
int addFsInfo(const TSK_FS_INFO * fs_info, int64_t parObjId,
--
GitLab