diff --git a/tsk/auto/auto_db.cpp b/tsk/auto/auto_db.cpp
index 6d3effe974302ea7d295f65f53201145b6d1172f..3b24fb03fc20d2caf3f032d2a4eaebe103b2e398 100755
--- a/tsk/auto/auto_db.cpp
+++ b/tsk/auto/auto_db.cpp
@@ -307,36 +307,60 @@ TSK_FILTER_ENUM TskAutoDb::filterVs(const TSK_VS_INFO * vs_info)
TSK_FILTER_ENUM
TskAutoDb::filterPool(const TSK_POOL_INFO * pool_info)
{
+ int64_t poolObjId;
m_poolFound = true;
if (m_volFound && m_vsFound) {
// there's a volume system and volume
- if (m_db->addPoolInfoAndVS(pool_info, m_curVolId, m_curPoolVs)) {
+ if (m_db->addPoolInfoAndVS(pool_info, m_curVolId, poolObjId, m_curPoolVs)) {
registerError();
return TSK_FILTER_STOP;
}
}
else {
// pool doesn't live in a volume, use image as parent
- if (m_db->addPoolInfoAndVS(pool_info, m_curImgId, m_curPoolVs)) {
+ if (m_db->addPoolInfoAndVS(pool_info, m_curImgId, poolObjId, m_curPoolVs)) {
registerError();
return TSK_FILTER_STOP;
}
}
-
+ if (addUnallocatedPoolBlocksToDb(pool_info, poolObjId)) {
+ registerError();
+ return TSK_FILTER_STOP;
+ }
return TSK_FILTER_CONT;
}
TSK_FILTER_ENUM
-TskAutoDb::addUnallocatedPoolBlocks(const TSK_POOL_INFO * pool_info) {
+TskAutoDb::addUnallocatedPoolBlocksToDb(const TSK_POOL_INFO * pool_info, int64_t poolObjId) {
/* Only APFS pools are currently supported */
if (pool_info->ctype != TSK_POOL_TYPE_APFS) {
return TSK_FILTER_CONT;
}
+ TSK_FS_ATTR_RUN * unalloc_runs = tsk_pool_unallocated_runs(pool_info);
+ TSK_FS_ATTR_RUN * current_run = unalloc_runs;
+ vector<TSK_DB_FILE_LAYOUT_RANGE> ranges;
+ while (current_run != NULL) {
+
+ TSK_DB_FILE_LAYOUT_RANGE tempRange(current_run->addr * pool_info->block_size, current_run->len * pool_info->block_size, 0);
+
+ ranges.push_back(tempRange);
+ int64_t fileObjId = 0;
+ if (m_db->addUnallocBlockFile(poolObjId, NULL, current_run->len * pool_info->block_size, ranges, fileObjId, m_curImgId)) {
+ registerError();
+ tsk_fs_attr_run_free(unalloc_runs);
+ return TSK_FILTER_STOP;
+ }
+
+ current_run = current_run->next;
+ ranges.clear();
+ }
+ tsk_fs_attr_run_free(unalloc_runs);
+ return TSK_FILTER_CONT;
}
TSK_FILTER_ENUM
diff --git a/tsk/auto/db_postgresql.cpp b/tsk/auto/db_postgresql.cpp
index af07656dc8bb5a61ab730ab24a730907ef08e4a0..486c6f9c492aa2e53830a3054cfea6aeadb2cf54 100755
--- a/tsk/auto/db_postgresql.cpp
+++ b/tsk/auto/db_postgresql.cpp
@@ -1012,13 +1012,23 @@ int TskDbPostgreSQL::addImageName(int64_t objId, char const *imgName, int sequen
return ret;
}
+/**
+* Creates a new tsk_pool_info database entry and a new tsk_vs_info
+* entry with the tsk_pool_info as its parent.
+*
+* @ param pool_info The pool to save to the database
+* @ param parObjId The ID of the parent of the pool object
+* @ param poolObjId Will be set to the object ID of the new pool
+* @ param vsObjId Will be set to the object ID of the new volume system created as a child of
+* the new pool.
+* @returns 1 on error, 0 on success
+*/
int
-TskDbPostgreSQL::addPoolInfoAndVS(const TSK_POOL_INFO *pool_info, int64_t parObjId, int64_t& objId) {
+TskDbPostgreSQL::addPoolInfoAndVS(const TSK_POOL_INFO *pool_info, int64_t parObjId, int64_t& poolObjId, int64_t& vsObjId) {
char stmt[1024];
// Add pool
- int64_t poolObjId;
if (addObject(TSK_DB_OBJECT_TYPE_POOL, parObjId, poolObjId))
return 1;
@@ -1032,11 +1042,11 @@ TskDbPostgreSQL::addPoolInfoAndVS(const TSK_POOL_INFO *pool_info, int64_t parObj
}
// Add volume system
- if (addObject(TSK_DB_OBJECT_TYPE_VS, poolObjId, objId))
+ if (addObject(TSK_DB_OBJECT_TYPE_VS, poolObjId, vsObjId))
return 1;
snprintf(stmt, 1024,
- "INSERT INTO tsk_vs_info (obj_id, vs_type, img_offset, block_size) VALUES (%" PRId64 ", %d,%" PRIuDADDR ",%d)", objId, TSK_VS_TYPE_APFS, pool_info->img_offset, pool_info->block_size);
+ "INSERT INTO tsk_vs_info (obj_id, vs_type, img_offset, block_size) VALUES (%" PRId64 ", %d,%" PRIuDADDR ",%d)", vsObjId, TSK_VS_TYPE_APFS, pool_info->img_offset, pool_info->block_size);
return attempt_exec(stmt,
"Error adding data to tsk_vs_info table: %s\n");
diff --git a/tsk/auto/db_sqlite.cpp b/tsk/auto/db_sqlite.cpp
index f2c61826d1d68c467a4ba8bf3585936d00a700fb..72c79655d09d8fbecb3f134edaf2f465428a4f96 100644
--- a/tsk/auto/db_sqlite.cpp
+++ b/tsk/auto/db_sqlite.cpp
@@ -754,23 +754,23 @@ TskDbSqlite::addVsInfo(const TSK_VS_INFO* vs_info, int64_t parObjId,
}
/**
-* Creats a new tsk_pool_info database entry and a new tsk_vs_info
+* Creates a new tsk_pool_info database entry and a new tsk_vs_info
* entry with the tsk_pool_info as its parent.
*
* @ param pool_info The pool to save to the database
* @ param parObjId The ID of the parent of the pool object
-* @ param objId Will be set to the object ID of the new volume system created as a child of
+* @ param poolObjId Will be set to the object ID of the new pool
+* @ param vsObjId Will be set to the object ID of the new volume system created as a child of
* the new pool.
* @returns 1 on error, 0 on success
*/
int
-TskDbSqlite::addPoolInfoAndVS(const TSK_POOL_INFO *pool_info, int64_t parObjId, int64_t& objId) {
+TskDbSqlite::addPoolInfoAndVS(const TSK_POOL_INFO *pool_info, int64_t parObjId, int64_t& poolObjId, int64_t& vsObjId) {
char
stmt[1024];
// Add pool
- int64_t poolObjId;
if (addObject(TSK_DB_OBJECT_TYPE_POOL, parObjId, poolObjId))
return 1;
@@ -784,11 +784,11 @@ TskDbSqlite::addPoolInfoAndVS(const TSK_POOL_INFO *pool_info, int64_t parObjId,
}
// Add volume system
- if (addObject(TSK_DB_OBJECT_TYPE_VS, poolObjId, objId))
+ if (addObject(TSK_DB_OBJECT_TYPE_VS, poolObjId, vsObjId))
return 1;
snprintf(stmt, 1024,
- "INSERT INTO tsk_vs_info (obj_id, vs_type, img_offset, block_size) VALUES (%" PRId64 ", %d,%" PRIuDADDR ",%d)", objId, TSK_VS_TYPE_APFS, pool_info->img_offset, pool_info->block_size); // TODO - offset
+ "INSERT INTO tsk_vs_info (obj_id, vs_type, img_offset, block_size) VALUES (%" PRId64 ", %d,%" PRIuDADDR ",%d)", vsObjId, TSK_VS_TYPE_APFS, pool_info->img_offset, pool_info->block_size); // TODO - offset
return attempt_exec(stmt,
"Error adding data to tsk_vs_info table: %s\n");
diff --git a/tsk/auto/tsk_case_db.h b/tsk/auto/tsk_case_db.h
index d8750f6153897c35eb6ba9eceab8e0ec659d58df..25df18e0956e3f91bb67d58d1c2d4bfebf042405 100644
--- a/tsk/auto/tsk_case_db.h
+++ b/tsk/auto/tsk_case_db.h
@@ -186,7 +186,7 @@ class TskAutoDb:public TskAuto {
TSK_OFF_T offset, TSK_DADDR_T addr, char *buf, size_t size,
TSK_FS_BLOCK_FLAG_ENUM a_flags, void *ptr);
int md5HashAttr(unsigned char md5Hash[16], const TSK_FS_ATTR * fs_attr);
- TSK_FILTER_ENUM addUnallocatedPoolBlocks(const TSK_POOL_INFO * pool_info);
+ TSK_FILTER_ENUM addUnallocatedPoolBlocksToDb(const TSK_POOL_INFO * pool_info, int64_t poolObjId);
static TSK_WALK_RET_ENUM fsWalkUnallocBlocksCb(const TSK_FS_BLOCK *a_block, void *a_ptr);
TSK_RETVAL_ENUM addFsInfoUnalloc(const TSK_DB_FS_INFO & dbFsInfo);
diff --git a/tsk/auto/tsk_db.h b/tsk/auto/tsk_db.h
index 291f0c30c821b66fc53deff128af666987e9d4d7..770aa9e4800c25977c7a4c13c1d66caf679ab029 100755
--- a/tsk/auto/tsk_db.h
+++ b/tsk/auto/tsk_db.h
@@ -180,7 +180,7 @@ class TskDb {
virtual int addImageName(int64_t objId, char const *imgName, int sequence) = 0;
virtual int addVsInfo(const TSK_VS_INFO * vs_info, int64_t parObjId, int64_t & objId) = 0;
virtual int addVolumeInfo(const TSK_VS_PART_INFO * vs_part, int64_t parObjId, int64_t & objId) = 0;
- virtual int addPoolInfoAndVS(const TSK_POOL_INFO *pool_info, int64_t parObjId, int64_t& objId) = 0;
+ virtual int addPoolInfoAndVS(const TSK_POOL_INFO *pool_info, int64_t parObjId, int64_t& poolObjId, int64_t& vsObjId) = 0;
virtual int addPoolVolumeInfo(const TSK_POOL_VOLUME_INFO* pool_vol,
int64_t parObjId, int64_t& objId) = 0;
virtual int addFsInfo(const TSK_FS_INFO * fs_info, int64_t parObjId, int64_t & objId) = 0;
diff --git a/tsk/auto/tsk_db_postgresql.h b/tsk/auto/tsk_db_postgresql.h
index 873b142babca2158d569deeb9c580a089da15d79..fcc3c620def43d1e62b6fbb38ea4444dee879d6f 100755
--- a/tsk/auto/tsk_db_postgresql.h
+++ b/tsk/auto/tsk_db_postgresql.h
@@ -58,7 +58,7 @@ class TskDbPostgreSQL : public TskDb {
int64_t & objId);
int addFsInfo(const TSK_FS_INFO * fs_info, int64_t parObjId,
int64_t & objId);
- int addPoolInfoAndVS(const TSK_POOL_INFO *pool_info, int64_t parObjId, int64_t& objId);
+ int addPoolInfoAndVS(const TSK_POOL_INFO *pool_info, int64_t parObjId, int64_t& poolObjId, int64_t& vsObjId);
int addPoolVolumeInfo(const TSK_POOL_VOLUME_INFO* pool_vol,
int64_t parObjId, int64_t& objId);
int addFsFile(TSK_FS_FILE * fs_file, const TSK_FS_ATTR * fs_attr,
diff --git a/tsk/auto/tsk_db_sqlite.h b/tsk/auto/tsk_db_sqlite.h
index 7fa3abae9a08da0c338145d9b6ce865a174720e6..f0aec6536e16e6acae434ce709c9d4d57159b631 100755
--- a/tsk/auto/tsk_db_sqlite.h
+++ b/tsk/auto/tsk_db_sqlite.h
@@ -50,7 +50,7 @@ class TskDbSqlite : public TskDb {
int addImageName(int64_t objId, char const *imgName, int sequence);
int addVsInfo(const TSK_VS_INFO * vs_info, int64_t parObjId,
int64_t & objId);
- int addPoolInfoAndVS(const TSK_POOL_INFO *pool_info, int64_t parObjId, int64_t& objId);
+ int addPoolInfoAndVS(const TSK_POOL_INFO *pool_info, int64_t parObjId, int64_t& poolObjId, int64_t& vsObjId);
int addPoolVolumeInfo(const TSK_POOL_VOLUME_INFO* pool_vol,
int64_t parObjId, int64_t& objId);
int addVolumeInfo(const TSK_VS_PART_INFO * vs_part, int64_t parObjId,
diff --git a/tsk/pool/pool_read.cpp b/tsk/pool/pool_read.cpp
index 1c565ffaedc90352dea59c3cfaa359c591c82c5f..abe531885f9af739601d915895ffd63de7eafb64 100755
--- a/tsk/pool/pool_read.cpp
+++ b/tsk/pool/pool_read.cpp
@@ -21,8 +21,14 @@ TSK_FS_ATTR_RUN *tsk_pool_unallocated_runs(const TSK_POOL_INFO *a_pool) {
TSK_DADDR_T offset = 0;
+ int count = 0;
+ printf("Pool block size: %lld\n", pool->block_size());
// Create the runs
for (const auto &range : ranges) {
+ count++;
+ if (count < 10) {
+ printf("Range start block: %lld, num blocks; %lld\n", range.start_block, range.num_blocks);
+ }
auto data_run = tsk_fs_attr_run_alloc();
if (data_run == nullptr) {
tsk_fs_attr_run_free(data_run_head);
@@ -34,6 +40,9 @@ TSK_FS_ATTR_RUN *tsk_pool_unallocated_runs(const TSK_POOL_INFO *a_pool) {
data_run->len = range.num_blocks;
data_run->flags = TSK_FS_ATTR_RUN_FLAG_NONE;
data_run->next = nullptr;
+ if (count < 10) {
+ printf("Run addr: %lld, offset: %lld, len: %lld\n\n", data_run->addr, data_run->offset, data_run->len);
+ }
offset += range.num_blocks;