diff --git a/tsk/auto/auto_db.cpp b/tsk/auto/auto_db.cpp
index 4e9847f1937d657cddaed68eb215309e95464e70..3323b506fe1ede9b95353514b5c28fd5f9ed9228 100755
--- a/tsk/auto/auto_db.cpp
+++ b/tsk/auto/auto_db.cpp
@@ -222,27 +222,7 @@ TskAutoDb::addImageDetails(const char* deviceId)
sha1 = ewf_info->sha1hash;
}
- //Need 1MB for libewf read and extra 100 bytes for header name and formatting
- const size_t buffer_size = 1024100;
- char* result = (char*) malloc(buffer_size * sizeof(char));
- if (result != NULL) {
- //Populate all of the libewf header values for the acquisition details column
- collectionDetails.append(libewf_read_description(ewf_info->handle, result, buffer_size));
- collectionDetails.append(libewf_read_case_number(ewf_info->handle, result, buffer_size));
- collectionDetails.append(libewf_read_evidence_number(ewf_info->handle, result, buffer_size));
- collectionDetails.append(libewf_read_examiner_name(ewf_info->handle, result, buffer_size));
- collectionDetails.append(libewf_read_notes(ewf_info->handle, result, buffer_size));
- collectionDetails.append(libewf_read_model(ewf_info->handle, result, buffer_size));
- collectionDetails.append(libewf_read_serial_number(ewf_info->handle, result, buffer_size));
- collectionDetails.append(libewf_read_device_label(ewf_info->handle, result, buffer_size));
- collectionDetails.append(libewf_read_version(ewf_info->handle, result, buffer_size));
- collectionDetails.append(libewf_read_platform(ewf_info->handle, result, buffer_size));
- collectionDetails.append(libewf_read_acquired_date(ewf_info->handle, result, buffer_size));
- collectionDetails.append(libewf_read_system_date(ewf_info->handle, result, buffer_size));
- collectionDetails.append(libewf_read_acquiry_operating_system(ewf_info->handle, result, buffer_size));
- collectionDetails.append(libewf_read_acquiry_software_version(ewf_info->handle, result, buffer_size));
- free(result);
- }
+ collectionDetails = ewf_get_details(ewf_info);
}
#endif
diff --git a/tsk/img/ewf.c b/tsk/img/ewf.cpp
similarity index 73%
rename from tsk/img/ewf.c
rename to tsk/img/ewf.cpp
index 55ed89d4c6df19ccc5a4ec6ac222a50203c7fdc0..ba3ef0eef5348218b267c6561b19ed724a425885 100755
--- a/tsk/img/ewf.c
+++ b/tsk/img/ewf.cpp
@@ -17,6 +17,9 @@
#if HAVE_LIBEWF
#include "ewf.h"
+#include <cctype>
+
+using std::string;
#define TSK_EWF_ERROR_STRING_SIZE 512
@@ -564,4 +567,135 @@ ewf_open(int a_num_img,
return (img_info);
}
+
+
+
+static int is_blank(const char* str) {
+ while (*str != '\0') {
+ if (!isspace((unsigned char)*str)) {
+ return 0;
+ }
+ str++;
+ }
+ return 1;
+}
+
+/**
+* Reads from libewf what is left in the buffer after the addition of the key and new line
+ * @param handle
+ * @param result_buffer Buffer to read results into
+ * @param buffer_size Size of buffer
+
+ * @param identifier Name of value to get from E01
+ * @param key Display name of the value (with a space at end)
+*/
+static char* read_libewf_header_value(libewf_handle_t *handle, char* result_buffer, const size_t buffer_size, const uint8_t *identifier, const char* key) {
+ result_buffer[0] = '\0';
+ size_t identifier_length = strlen((char *)identifier);
+ strcpy(result_buffer, key);
+ libewf_error_t * ewf_error;
+ size_t key_len = strlen(key);
+
+ //buffer_size - key_len - 1 for the new line at the end
+ int result = libewf_handle_get_utf8_header_value(handle, identifier, identifier_length, (uint8_t *)(result_buffer + key_len), buffer_size - key_len - 1, &ewf_error);
+ if (result != -1 && !is_blank(result_buffer + key_len)) {
+ strcat(result_buffer, "\n");
+ }
+ else {
+ //if blank or error, return nothing!
+ result_buffer[0] = '\0';
+ }
+
+ return result_buffer;
+}
+
+static char* libewf_read_description(libewf_handle_t *handle, char* result_buffer, const size_t buffer_size) {
+ return read_libewf_header_value(handle, result_buffer, buffer_size, (uint8_t *) "description", "Description: ");
+}
+
+static char* libewf_read_case_number(libewf_handle_t *handle, char* result_buffer, size_t buffer_size) {
+ return read_libewf_header_value(handle, result_buffer, buffer_size, (uint8_t *) "case_number", "Case Number: ");
+}
+
+static char* libewf_read_evidence_number(libewf_handle_t *handle, char* result_buffer, size_t buffer_size) {
+ return read_libewf_header_value(handle, result_buffer, buffer_size, (uint8_t *) "evidence_number", "Evidence Number: ");
+}
+
+static char* libewf_read_examiner_name(libewf_handle_t *handle, char* result_buffer, size_t buffer_size) {
+ return read_libewf_header_value(handle, result_buffer, buffer_size, (uint8_t *) "examiner_name", "Examiner Name: ");
+}
+
+static char* libewf_read_notes(libewf_handle_t *handle, char* result_buffer, size_t buffer_size) {
+ return read_libewf_header_value(handle, result_buffer, buffer_size, (uint8_t *) "notes", "Notes: ");
+}
+
+static char* libewf_read_model(libewf_handle_t *handle, char* result_buffer, size_t buffer_size) {
+ return read_libewf_header_value(handle, result_buffer, buffer_size, (uint8_t *) "model", "Model: ");
+}
+
+static char* libewf_read_serial_number(libewf_handle_t *handle, char* result_buffer, size_t buffer_size) {
+ return read_libewf_header_value(handle, result_buffer, buffer_size, (uint8_t *) "serial_number", "Serial Number: ");
+}
+
+static char* libewf_read_device_label(libewf_handle_t *handle, char* result_buffer, size_t buffer_size) {
+ return read_libewf_header_value(handle, result_buffer, buffer_size, (uint8_t *) "device_label", "Device Label:");
+}
+
+static char* libewf_read_version(libewf_handle_t *handle, char* result_buffer, size_t buffer_size) {
+ return read_libewf_header_value(handle, result_buffer, buffer_size, (uint8_t *) "version", "Version: ");
+}
+
+static char* libewf_read_platform(libewf_handle_t *handle, char* result_buffer, size_t buffer_size) {
+ return read_libewf_header_value(handle, result_buffer, buffer_size, (uint8_t *) "platform", "Platform: ");
+}
+
+static char* libewf_read_acquired_date(libewf_handle_t *handle, char* result_buffer, size_t buffer_size) {
+ return read_libewf_header_value(handle, result_buffer, buffer_size, (uint8_t *) "acquiry_date", "Acquired Date: ");
+}
+
+static char* libewf_read_system_date(libewf_handle_t *handle, char* result_buffer, size_t buffer_size) {
+ return read_libewf_header_value(handle, result_buffer, buffer_size, (uint8_t *) "system_date", "System Date: ");
+}
+
+static char* libewf_read_acquiry_operating_system(libewf_handle_t *handle, char* result_buffer, size_t buffer_size) {
+ return read_libewf_header_value(handle, result_buffer, buffer_size, (uint8_t *) "acquiry_operating_system", "Acquiry Operating System: ");
+}
+
+static char* libewf_read_acquiry_software_version(libewf_handle_t *handle, char* result_buffer, size_t buffer_size) {
+ return read_libewf_header_value(handle, result_buffer, buffer_size, (uint8_t *) "acquiry_software_version", "Acquiry Software Version: ");
+}
+
+
+
+/**
+ * Return text with name/value pairs from the E01 image.
+ */
+std::string ewf_get_details(IMG_EWF_INFO *ewf_info) {
+ //Need 1MB for libewf read and extra 100 bytes for header name and formatting
+ const size_t buffer_size = 1024100;
+
+ char* result = (char*)tsk_malloc(buffer_size);
+ if (result == NULL) {
+ return NULL;
+ }
+
+ string collectionDetails = "";
+ //Populate all of the libewf header values for the acquisition details column
+ collectionDetails.append(libewf_read_description(ewf_info->handle, result, buffer_size));
+ collectionDetails.append(libewf_read_case_number(ewf_info->handle, result, buffer_size));
+ collectionDetails.append(libewf_read_evidence_number(ewf_info->handle, result, buffer_size));
+ collectionDetails.append(libewf_read_examiner_name(ewf_info->handle, result, buffer_size));
+ collectionDetails.append(libewf_read_notes(ewf_info->handle, result, buffer_size));
+ collectionDetails.append(libewf_read_model(ewf_info->handle, result, buffer_size));
+ collectionDetails.append(libewf_read_serial_number(ewf_info->handle, result, buffer_size));
+ collectionDetails.append(libewf_read_device_label(ewf_info->handle, result, buffer_size));
+ collectionDetails.append(libewf_read_version(ewf_info->handle, result, buffer_size));
+ collectionDetails.append(libewf_read_platform(ewf_info->handle, result, buffer_size));
+ collectionDetails.append(libewf_read_acquired_date(ewf_info->handle, result, buffer_size));
+ collectionDetails.append(libewf_read_system_date(ewf_info->handle, result, buffer_size));
+ collectionDetails.append(libewf_read_acquiry_operating_system(ewf_info->handle, result, buffer_size));
+ collectionDetails.append(libewf_read_acquiry_software_version(ewf_info->handle, result, buffer_size));
+ free(result);
+ return collectionDetails;
+}
#endif /* HAVE_LIBEWF */
diff --git a/tsk/img/ewf.h b/tsk/img/ewf.h
index f3f8efe42953835855251a5d9e3df62bb3db8d85..4b3d079adefab01704080a94aab3cef1e87b3db3 100755
--- a/tsk/img/ewf.h
+++ b/tsk/img/ewf.h
@@ -19,6 +19,7 @@
#if HAVE_LIBEWF
#include <libewf.h>
+#include <string>
// libewf version 2 no longer defines LIBEWF_HANDLE
#undef HAVE_LIBEWF_V2_API
@@ -44,8 +45,10 @@ extern "C" {
tsk_lock_t read_lock; ///< Lock for reads since libewf is not thread safe -- only works if you have a single instance of EWF_INFO for all threads.
} IMG_EWF_INFO;
+
#ifdef __cplusplus
}
#endif
+ extern std::string ewf_get_details(IMG_EWF_INFO *);
#endif
#endif
diff --git a/tsk/img/img_open.c b/tsk/img/img_open.cpp
similarity index 100%
rename from tsk/img/img_open.c
rename to tsk/img/img_open.cpp
diff --git a/tsk/img/tsk_img_i.h b/tsk/img/tsk_img_i.h
index 16a5c510340f488e81f95cee77f757399e55c2fa..85b7df9e7834ba650d340adda98b67e874015a76 100755
--- a/tsk/img/tsk_img_i.h
+++ b/tsk/img/tsk_img_i.h
@@ -31,98 +31,6 @@
extern "C" {
#endif
-#if HAVE_LIBEWF
-#include "libewf.h"
-
-inline int is_blank(const char* str) {
- while (*str != '\0') {
- if (!isspace((unsigned char)*str)) {
- return 0;
- }
- str++;
- }
- return 1;
-}
-
-/**
-* Reads from libewf what is left in the buffer after the addition of the key and new line
-*/
-inline char* read_libewf_header_value(libewf_handle_t *handle, char* result_buffer, const size_t buffer_size, const uint8_t *identifier, size_t identifier_length, const char* key) {
- result_buffer[0] = '\0';
-
- strcpy(result_buffer, key);
- libewf_error_t * ewf_error;
- size_t key_len = strlen(key);
-
- //buffer_size - key_len - 1 for the new line at the end
- int result = libewf_handle_get_utf8_header_value(handle, identifier, identifier_length, (uint8_t *)(result_buffer + key_len), buffer_size - key_len - 1, &ewf_error);
- if (result != -1 && !is_blank(result_buffer + key_len)) {
- strcat(result_buffer, "\n");
- } else {
- //if blank or error, return nothing!
- result_buffer[0] = '\0';
- }
-
- return result_buffer;
-}
-
-inline char* libewf_read_description(libewf_handle_t *handle, char* result_buffer, const size_t buffer_size) {
- return read_libewf_header_value(handle, result_buffer, buffer_size, (uint8_t *) "description", 11, "Description: ");
-}
-
-inline char* libewf_read_case_number(libewf_handle_t *handle, char* result_buffer, size_t buffer_size) {
- return read_libewf_header_value(handle, result_buffer, buffer_size, (uint8_t *) "case_number", 11, "Case Number: ");
-}
-
-inline char* libewf_read_evidence_number(libewf_handle_t *handle, char* result_buffer, size_t buffer_size) {
- return read_libewf_header_value(handle, result_buffer, buffer_size, (uint8_t *) "evidence_number", 15, "Evidence Number: ");
-}
-
-inline char* libewf_read_examiner_name(libewf_handle_t *handle, char* result_buffer, size_t buffer_size) {
- return read_libewf_header_value(handle, result_buffer, buffer_size, (uint8_t *) "examiner_name", 13, "Examiner Name: ");
-}
-
-inline char* libewf_read_notes(libewf_handle_t *handle, char* result_buffer, size_t buffer_size) {
- return read_libewf_header_value(handle, result_buffer, buffer_size, (uint8_t *) "notes", 5, "Notes: ");
-}
-
-inline char* libewf_read_model(libewf_handle_t *handle, char* result_buffer, size_t buffer_size) {
- return read_libewf_header_value(handle, result_buffer, buffer_size, (uint8_t *) "model", 5, "Model: ");
-}
-
-inline char* libewf_read_serial_number(libewf_handle_t *handle, char* result_buffer, size_t buffer_size) {
- return read_libewf_header_value(handle, result_buffer, buffer_size, (uint8_t *) "serial_number", 13, "Serial Number: ");
-}
-
-inline char* libewf_read_device_label(libewf_handle_t *handle, char* result_buffer, size_t buffer_size) {
- return read_libewf_header_value(handle, result_buffer, buffer_size, (uint8_t *) "device_label", 12, "Device Label:");
-}
-
-inline char* libewf_read_version(libewf_handle_t *handle, char* result_buffer, size_t buffer_size) {
- return read_libewf_header_value(handle, result_buffer, buffer_size, (uint8_t *) "version", 7, "Version: ");
-}
-
-inline char* libewf_read_platform(libewf_handle_t *handle, char* result_buffer, size_t buffer_size) {
- return read_libewf_header_value(handle, result_buffer, buffer_size, (uint8_t *) "platform", 8, "Platform: ");
-}
-
-inline char* libewf_read_acquired_date(libewf_handle_t *handle, char* result_buffer, size_t buffer_size) {
- return read_libewf_header_value(handle, result_buffer, buffer_size, (uint8_t *) "acquiry_date", 12, "Acquired Date: ");
-}
-
-inline char* libewf_read_system_date(libewf_handle_t *handle, char* result_buffer, size_t buffer_size) {
- return read_libewf_header_value(handle, result_buffer, buffer_size, (uint8_t *) "system_date", 11, "System Date: ");
-}
-
-inline char* libewf_read_acquiry_operating_system(libewf_handle_t *handle, char* result_buffer, size_t buffer_size) {
- return read_libewf_header_value(handle, result_buffer, buffer_size, (uint8_t *) "acquiry_operating_system", 24, "Acquiry Operating System: ");
-}
-
-inline char* libewf_read_acquiry_software_version(libewf_handle_t *handle, char* result_buffer, size_t buffer_size) {
- return read_libewf_header_value(handle, result_buffer, buffer_size, (uint8_t *) "acquiry_software_version", 24, "Acquiry Software Version: ");
-}
-#endif
-
// Cygwin needs this, but not everyone defines it
#ifndef O_BINARY
#define O_BINARY 0
diff --git a/win32/libtsk/libtsk.vcxproj b/win32/libtsk/libtsk.vcxproj
index c4028519535a8906fcf97fd59b109a75c1869c48..6aedb708df72ee32987272199485859e2108c332 100755
--- a/win32/libtsk/libtsk.vcxproj
+++ b/win32/libtsk/libtsk.vcxproj
@@ -567,9 +567,9 @@ xcopy /E /Y "$(VCInstallDir)\redist\$(PlatformTarget)\Microsoft.VC140.CRT" "$(Ou
<ClCompile Include="..\..\tsk\hashdb\tsk_hashdb.c" />
<ClCompile Include="..\..\tsk\hashdb\sqlite_hdb.cpp" />
<ClCompile Include="..\..\tsk\img\aff.c" />
- <ClCompile Include="..\..\tsk\img\ewf.c" />
+ <ClCompile Include="..\..\tsk\img\ewf.cpp" />
<ClCompile Include="..\..\tsk\img\img_io.c" />
- <ClCompile Include="..\..\tsk\img\img_open.c" />
+ <ClCompile Include="..\..\tsk\img\img_open.cpp" />
<ClCompile Include="..\..\tsk\img\img_types.c" />
<ClCompile Include="..\..\tsk\img\mult_files.c" />
<ClCompile Include="..\..\tsk\img\raw.c" />
diff --git a/win32/libtsk/libtsk.vcxproj.filters b/win32/libtsk/libtsk.vcxproj.filters
index 1fcb9d8827a2a140c8481fe1e08801cd87fc7396..81842600ff78a5162c42fe9c6ddba45f78d0399b 100755
--- a/win32/libtsk/libtsk.vcxproj.filters
+++ b/win32/libtsk/libtsk.vcxproj.filters
@@ -225,15 +225,9 @@
<ClCompile Include="..\..\tsk\img\aff.c">
<Filter>img</Filter>
</ClCompile>
- <ClCompile Include="..\..\tsk\img\ewf.c">
- <Filter>img</Filter>
- </ClCompile>
<ClCompile Include="..\..\tsk\img\img_io.c">
<Filter>img</Filter>
</ClCompile>
- <ClCompile Include="..\..\tsk\img\img_open.c">
- <Filter>img</Filter>
- </ClCompile>
<ClCompile Include="..\..\tsk\img\img_types.c">
<Filter>img</Filter>
</ClCompile>
@@ -327,6 +321,12 @@
<ClCompile Include="..\..\tsk\fs\lzvn.c">
<Filter>fs</Filter>
</ClCompile>
+ <ClCompile Include="..\..\tsk\img\ewf.cpp">
+ <Filter>img</Filter>
+ </ClCompile>
+ <ClCompile Include="..\..\tsk\img\img_open.cpp">
+ <Filter>img</Filter>
+ </ClCompile>
</ItemGroup>
<ItemGroup>
<ClInclude Include="..\..\tsk\vs\tsk_bsd.h">