diff --git a/tools/logicalimager/tsk_logical_imager.cpp b/tools/logicalimager/tsk_logical_imager.cpp
index b81424f0b1df2f23ea569aafa4f4369f57ea0070..3f991ef18b9cddd2590c08c0007f91e85ca1e54d 100644
--- a/tools/logicalimager/tsk_logical_imager.cpp
+++ b/tools/logicalimager/tsk_logical_imager.cpp
@@ -69,7 +69,7 @@ string GetErrorStdStr(DWORD err) {
*
* @returns error message wide string
*/
-std::wstring GetLastErrorStdStrW() {
+static std::wstring GetLastErrorStdStrW() {
DWORD error = GetLastError();
return GetErrorStdStrW(error);
}
@@ -80,7 +80,7 @@ std::wstring GetLastErrorStdStrW() {
* @param err error code
* @returns error message wide string
*/
-std::wstring GetErrorStdStrW(DWORD a_err) {
+static std::wstring GetErrorStdStrW(DWORD a_err) {
if (ERROR_SUCCESS != a_err) {
LPVOID lpMsgBuf;
DWORD bufLen = FormatMessageW(
@@ -125,7 +125,7 @@ std::wstring GetErrorStdStrW(DWORD a_err) {
* FALSE otherwise
*
*/
-BOOL isWinXPOrOlder() {
+static BOOL isWinXPOrOlder() {
OSVERSIONINFO vi;
memset(&vi, 0, sizeof vi);
vi.dwOSVersionInfoSize = sizeof vi;
@@ -177,7 +177,7 @@ static BOOL isProcessElevated() {
* -1 if error
*
*/
-int getLocalHost(string &a_hostName) {
+static int getLocalHost(string &a_hostName) {
// Initialize Winsock
WSADATA wsaData;
@@ -206,7 +206,7 @@ int getLocalHost(string &a_hostName) {
* -1 if error
*
*/
-int createDirectory(string &directoryPathname) {
+static int createDirectory(string &directoryPathname) {
time_t now;
struct tm localTime;
@@ -246,7 +246,7 @@ int createDirectory(string &directoryPathname) {
*
*/
-long wmi_init(const std::wstring& wmiNamespace, IWbemLocator **ppWbemLocator, IWbemServices **ppWbemServices) {
+static long wmi_init(const std::wstring& wmiNamespace, IWbemLocator **ppWbemLocator, IWbemServices **ppWbemServices) {
HRESULT hres;
// Step 1: Initialize COM.
@@ -346,7 +346,7 @@ long wmi_init(const std::wstring& wmiNamespace, IWbemLocator **ppWbemLocator, IW
* -1 if error
*
*/
-int wmi_close(IWbemLocator **ppWbemLocator, IWbemServices **ppWbemServices) {
+static int wmi_close(IWbemLocator **ppWbemLocator, IWbemServices **ppWbemServices) {
// Cleanup
// ========
@@ -370,7 +370,7 @@ int wmi_close(IWbemLocator **ppWbemLocator, IWbemServices **ppWbemServices) {
* -1 if error, or if drive not found
*
*/
-int checkDriveForLDM(const string& driveLetter) {
+static int checkDriveForLDM(const string& driveLetter) {
IWbemLocator *pWbemLocator = NULL;
IWbemServices *pWbemServices = NULL;
@@ -456,7 +456,7 @@ int checkDriveForLDM(const string& driveLetter) {
* -1 if error
*
*/
-int checkDriveForBitlocker(const string& driveLetter) {
+static int checkDriveForBitlocker(const string& driveLetter) {
IWbemLocator *pWbemLocator = NULL;
IWbemServices *pWbemServices = NULL;
@@ -539,16 +539,18 @@ int checkDriveForBitlocker(const string& driveLetter) {
* @param output a vector of physicalDrives
* @returns true on success, or false on error
*/
-BOOL getPhysicalDrives(std::vector<std::wstring> &phyiscalDrives) {
+static BOOL getPhysicalDrives(std::vector<std::wstring> &phyiscalDrives) {
char physical[60000];
+ /* Get list of Windows devices. Result is a list of NULL
+ * terminated device names. */
if (QueryDosDeviceA(NULL, (LPSTR)physical, sizeof(physical))) {
phyiscalDrives.clear();
for (char *pos = physical; *pos; pos += strlen(pos) + 1) {
std::wstring str(TskHelper::toWide(pos));
if (str.rfind(_TSK_T("PhysicalDrive")) == 0) {
phyiscalDrives.push_back(str);
- printDebug("Found %s", pos);
+ printDebug("Found %s from QueryDosDeviceA", pos);
}
}
} else {
@@ -568,7 +570,7 @@ BOOL getPhysicalDrives(std::vector<std::wstring> &phyiscalDrives) {
* @returns TRUE on success or FALSE in case of failure.
*
*/
-BOOL getDrivesToProcess(std::vector<std::wstring> &drivesToProcess) {
+static BOOL getDrivesToProcess(std::vector<std::wstring> &drivesToProcess) {
// check if they are admin before we give them some ugly error messages
if (isProcessElevated() == FALSE) {
@@ -618,7 +620,7 @@ BOOL getDrivesToProcess(std::vector<std::wstring> &drivesToProcess) {
}
}
-void openFs(TSK_IMG_INFO *img, TSK_OFF_T byteOffset) {
+static void openFs(TSK_IMG_INFO *img, TSK_OFF_T byteOffset) {
TSK_FS_INFO *fs_info;
if ((fs_info = tsk_fs_open_img(img, byteOffset, TSK_FS_TYPE_DETECT)) != NULL) {
// Tell TSKHelper about this FS
@@ -648,7 +650,7 @@ void openFs(TSK_IMG_INFO *img, TSK_OFF_T byteOffset) {
* @param image - path to image
* @return true if found, false otherwise
*/
-bool hasTskLogicalImager(const TSK_TCHAR *image) {
+static bool hasTskLogicalImager(const TSK_TCHAR *image) {
TSK_IMG_INFO *img;
TSK_IMG_TYPE_ENUM imgtype = TSK_IMG_TYPE_DETECT;
unsigned int ssize = 0;
@@ -713,7 +715,7 @@ std::string driveToProcess;
*
* @param alertFilename Name of the alert file
*/
-void openAlert(const std::string &alertFilename) {
+static void openAlert(const std::string &alertFilename) {
m_alertFile = fopen(alertFilename.c_str(), "w");
if (!m_alertFile) {
fprintf(stderr, "ERROR: Failed to open alert file %s\n", alertFilename.c_str());
@@ -739,7 +741,7 @@ void openAlert(const std::string &alertFilename) {
* @param fs_file TSK_FS_FILE that matches
* @param path Parent path of fs_file
*/
-void alert(const std::string driveName, TSK_RETVAL_ENUM extractStatus, const RuleMatchResult *ruleMatchResult, TSK_FS_FILE *fs_file, const char *path) {
+static void alert(const std::string driveName, TSK_RETVAL_ENUM extractStatus, const RuleMatchResult *ruleMatchResult, TSK_FS_FILE *fs_file, const char *path) {
if (fs_file->name && (strcmp(fs_file->name->name, ".") == 0 || strcmp(fs_file->name->name, "..") == 0)) {
// Don't alert . and ..
return;
@@ -768,7 +770,7 @@ void alert(const std::string driveName, TSK_RETVAL_ENUM extractStatus, const Rul
/*
* Close the alert file.
*/
-void closeAlert() {
+static void closeAlert() {
if (m_alertFile) {
fclose(m_alertFile);
}
@@ -780,7 +782,7 @@ void closeAlert() {
* @param fs_file File details
* @returns TSK_RETVAL_ENUM TSK_OK if file is extracted, TSK_ERR otherwise.
*/
-TSK_RETVAL_ENUM extractFile(TSK_FS_FILE *fs_file) {
+static TSK_RETVAL_ENUM extractFile(TSK_FS_FILE *fs_file) {
TSK_OFF_T offset = 0;
size_t bufferLen = 16 * 1024;
char buffer[16 * 1024];
@@ -819,7 +821,7 @@ TSK_RETVAL_ENUM extractFile(TSK_FS_FILE *fs_file) {
*
* @returns TSK_IMG_TYPE_ENUM TSK_OK if callback has no error
*/
-TSK_RETVAL_ENUM matchCallback(const RuleMatchResult *matchResult, TSK_FS_FILE *fs_file, const char *path) {
+static TSK_RETVAL_ENUM matchCallback(const RuleMatchResult *matchResult, TSK_FS_FILE *fs_file, const char *path) {
TSK_RETVAL_ENUM extractStatus = TSK_ERR;
if (matchResult->isShouldSave()) {
extractStatus = extractFile(fs_file);
@@ -1074,4 +1076,4 @@ main(int argc, char **argv1)
}
printDebug("Exiting");
exit(0);
-}
\ No newline at end of file
+}
diff --git a/win32/updateAndBuildAll.py b/win32/updateAndBuildAll.py
index 6b1c8d7906a99d5b28960f1eb834bf3d939e3b50..8e7693fa67ea3af7c0fdee729818201a7213aba0 100644
--- a/win32/updateAndBuildAll.py
+++ b/win32/updateAndBuildAll.py
@@ -77,16 +77,16 @@ def buildTSKAll():
if not MINIMAL:
if(passed):
buildTSK(32, "Release")
- if(passed):
- buildTSK(32, "Release_NoLibs")
if(passed):
buildTSK(32, "Release_PostgreSQL")
-
if(passed):
buildTSK(64, "Release")
if(passed):
buildTSK(64, "Release_NoLibs")
+ # MINIMAL is 64-bit for Autopsy and 32-bit with no deps for logical imager et al.
+ if(passed):
+ buildTSK(32, "Release_NoLibs")
if(passed):
buildTSK(64, "Release_PostgreSQL")