Concatenate a message onto the end of the errstr2.

Parameters

format

Referenced by btrfs_open(), and fatfs_inode_walk().

Return the string with the current error message.

Return a human-readable form of tsk_error_get_errno.

The string does not end with a newline.

Returns

String with error message or NULL if there is no error

Referenced by TskError::get(), and tsk_error_print().

Return the current error number.

Returns

the current error number.

Referenced by TskAuto::findFilesInVs(), TskAuto::registerError(), tsk_error_print(), and tsk_fs_open_img_decrypt().

Retrieve the current, basic error string.

Additional information is in errstr2. Use tsk_error_get() to get a fully formatted string.

Returns

the string. This is only valid until the next call to a tsk function.

Referenced by TskIsImageSupported::getMessageForIsImageSupportedNat(), TskAuto::registerError(), and tsk_fs_open_img_decrypt().

Retrieve the current error string #2.

This has additional information than string #1.

Returns

the string. This is only valid until the next call to a tsk function.

Referenced by TskAuto::registerError().

Print the current fully formed error message to a file.

Parameters

hFile File to print message to

References tsk_error_get(), tsk_error_get_errno(), and tsk_fprintf().

Referenced by fatfs_inode_walk(), fatfs_istat(), fatxxfs_dent_parse_buf(), TskError::print(), and tsk_fs_dir_get().

Set the current TSK error number.

Parameters

t_errno the error number.

Referenced by TskAutoDb::addFilesInImgToDb(), TskAutoDb::commitAddImage(), TskAuto::enableImageWriter(), encase_make_index(), fatfs_inode_walk(), fatxxfs_dent_parse_buf(), TskAuto::findFilesInFs(), TskAuto::findFilesInFsRet(), TskAuto::findFilesInImg(), TskAuto::findFilesInPool(), TskAuto::findFilesInVs(), TskDbSqlite::getFsInfos(), TskDbSqlite::getVsInfos(), TskDbSqlite::getVsPartInfos(), TskAuto::hasPool(), hdb_binsrch_idx_finalize(), hdb_binsrch_idx_initialize(), hdb_binsrch_lookup_bin(), hdb_binsrch_lookup_str(), hk_getentry(), hk_makeindex(), idxonly_open(), md5sum_makeindex(), TskCaseDb::newDb(), nsrl_makeindex(), TskCaseDb::openDb(), TskAutoDb::revertAddImage(), TskAutoDb::startAddImage(), tsk_fs_attr_read(), tsk_fs_attr_walk(), tsk_fs_blkcat(), tsk_fs_block_get_flag(), tsk_fs_block_walk(), tsk_fs_dir_get(), tsk_fs_dir_get_name(), tsk_fs_dir_getsize(), tsk_fs_dir_open(), tsk_fs_file_attr_get_id(), tsk_fs_file_get_owner_sid(), tsk_fs_file_hash_calc(), tsk_fs_file_open(), tsk_fs_file_open_meta(), tsk_fs_file_read(), tsk_fs_file_read_type(), tsk_fs_file_walk(), tsk_fs_file_walk_type(), tsk_fs_ifind_path(), tsk_fs_open_img_decrypt(), tsk_fs_open_vol_decrypt(), tsk_fs_path2inum(), tsk_fs_read_block_decrypt(), tsk_fs_read_decrypt(), tsk_hdb_accepts_updates(), tsk_hdb_add_entry(), tsk_hdb_begin_transaction(), tsk_hdb_close(), tsk_hdb_commit_transaction(), tsk_hdb_create(), tsk_hdb_has_idx(), tsk_hdb_is_idx_only(), tsk_hdb_lookup_raw(), tsk_hdb_lookup_str(), tsk_hdb_make_index(), tsk_hdb_open(), tsk_hdb_rollback_transaction(), tsk_img_open_external(), tsk_img_read(), tsk_ntfs_usnjentry_walk(), tsk_ntfs_usnjopen(), tsk_parse_offset(), tsk_parse_pnum(), tsk_vs_open(), tsk_vs_part_get(), tsk_vs_part_read_block(), tsk_vs_part_walk(), and tsk_vs_read_block().

Set the error string #1.

This should contain the basic message.

Parameters

format the printf-style format string

Referenced by TskAutoDb::addFilesInImgToDb(), TskAutoDb::commitAddImage(), TskAuto::enableImageWriter(), encase_make_index(), fatfs_inode_walk(), fatxxfs_dent_parse_buf(), TskAuto::findFilesInFs(), TskAuto::findFilesInFsRet(), TskAuto::findFilesInImg(), TskAuto::findFilesInPool(), TskAuto::findFilesInVs(), TskDbSqlite::getFsInfos(), TskDbSqlite::getVsInfos(), TskDbSqlite::getVsPartInfos(), TskAuto::hasPool(), hdb_binsrch_idx_finalize(), hdb_binsrch_idx_initialize(), hdb_binsrch_lookup_bin(), hdb_binsrch_lookup_str(), hk_getentry(), hk_makeindex(), idxonly_open(), md5sum_makeindex(), TskCaseDb::newDb(), nsrl_makeindex(), TskCaseDb::openDb(), TskAutoDb::revertAddImage(), TskAutoDb::startAddImage(), tsk_fs_attr_read(), tsk_fs_attr_walk(), tsk_fs_blkcat(), tsk_fs_block_get_flag(), tsk_fs_block_walk(), tsk_fs_dir_get(), tsk_fs_dir_get_name(), tsk_fs_dir_getsize(), tsk_fs_dir_open(), tsk_fs_file_attr_get_id(), tsk_fs_file_get_owner_sid(), tsk_fs_file_hash_calc(), tsk_fs_file_open(), tsk_fs_file_open_meta(), tsk_fs_file_read(), tsk_fs_file_read_type(), tsk_fs_file_walk(), tsk_fs_file_walk_type(), tsk_fs_ifind_path(), tsk_fs_open_img_decrypt(), tsk_fs_open_vol_decrypt(), tsk_fs_path2inum(), tsk_fs_read_block_decrypt(), tsk_fs_read_decrypt(), tsk_hdb_accepts_updates(), tsk_hdb_add_entry(), tsk_hdb_begin_transaction(), tsk_hdb_close(), tsk_hdb_commit_transaction(), tsk_hdb_create(), tsk_hdb_has_idx(), tsk_hdb_is_idx_only(), tsk_hdb_lookup_raw(), tsk_hdb_lookup_str(), tsk_hdb_make_index(), tsk_hdb_open(), tsk_hdb_rollback_transaction(), tsk_img_open_external(), tsk_img_read(), tsk_ntfs_usnjentry_walk(), tsk_ntfs_usnjopen(), tsk_parse_offset(), tsk_parse_pnum(), tsk_vs_open(), tsk_vs_part_get(), tsk_vs_part_read_block(), tsk_vs_part_walk(), and tsk_vs_read_block().

Set the error string #2.

This is called by methods who encounter the error, but did not set errno.

Parameters

format the printf-style format string

Referenced by btrfs_open(), encase_make_index(), fatfs_inode_walk(), TskAuto::findFilesInFs(), TskAuto::findFilesInFsRet(), TskAuto::findFilesInPool(), hdb_binsrch_idx_finalize(), hdb_binsrch_lookup_str(), hk_makeindex(), md5sum_makeindex(), nsrl_makeindex(), TskAutoDb::startAddImage(), and tsk_fs_attr_read().

Set the error string.

Parameters

format the printf-style format string

args the printf-style args

Set the error string.

Parameters

format the printf-style format string

args the printf-style format args

fprintf wrapper function that takes UTF-8 strings as input (on all platforms) and does what is necessary to output strings in the correct encoding (UTF-8 on Unix and UTF-16 on Windows).

Parameters

fd File to print to

msg printf message

Referenced by btrfs_open(), TskAutoDb::commitAddImage(), fatfs_inode_walk(), fatfs_istat(), fatxxfs_dent_parse_buf(), fatxxfs_istat_attr_flags(), hdb_binsrch_idx_finalize(), TskAutoDb::processFile(), TskAutoDb::revertAddImage(), TskAutoDb::startAddImage(), TskAutoDb::stopAddImage(), tsk_error_print(), tsk_fs_file_walk(), tsk_fs_file_walk_type(), tsk_fs_open_img_decrypt(), tsk_fs_path2inum(), tsk_fs_type_print(), tsk_img_type_print(), tsk_ntfs_usnjopen(), tsk_print_sanitized(), tsk_version_print(), tsk_vs_open(), and tsk_vs_type_print().

Add an entry to a TSK_LIST (and create one if one does not exist)

Parameters

a_tsk_list_head Pointer to pointer for head of list (can point to NULL if no list exists).

a_key Value to add to list

Returns

1 on error

References TSK_LIST::key, TSK_LIST::len, and TSK_LIST::next.

Search a TSK_LIST for the existence of a value.

Parameters

a_tsk_list_head Head of list to search

a_key Value to search for

Returns

1 if value is found and 0 if not

References TSK_LIST::key, TSK_LIST::len, and TSK_LIST::next.

Free a TSK_LIST.

Parameters

a_tsk_list_head Head of list to free

References TSK_LIST::next.

Calculate the MD5 hash of the data added to this context.

Context will be zeroed after this call.

Parameters

context Context that has data added to it.

digest Buffer to store MD5 value in.

References TSK_MD5_Update().

Referenced by tsk_fs_file_hash_calc().

Initialize a MD5 context structure so that data can be added to it.

Parameters

context Pointer to context to initialize

Referenced by tsk_fs_file_hash_calc().

Add data to an initialized MD5 operation.

Parameters

context Initialized context to add data to

input Buffer of data to process

inputLen Number of bytes in input

Referenced by TSK_MD5_Final().

Parse a TSK_TCHAR block address string.

Note that the cnt@size format is no longer supported. Set the device sector size in img_open to set the block size.

Parameters

[in] a_offset_str The string version of the offset

Returns

-1 on error or block offset on success

References PRIttocTSK, tsk_error_reset(), tsk_error_set_errno(), and tsk_error_set_errstr().

Parse a TSK_TCHAR string of a partition byte offset and the integer version of it.

Parameters

[in] a_pnum_str The string version of the address

[out] a_pnum The parsed integer version of the address

Returns

1 on error and 0 on success

References PRIttocTSK, tsk_error_reset(), tsk_error_set_errno(), and tsk_error_set_errstr().

Prints the string removing control characters.

Parameters

fd File to print to

str string to be printed

Returns

0 on success and 1 on error

References tsk_fprintf().

printf wrapper function that takes UTF-8 strings as input (on all platforms) and does what is necessary to output strings in the correct encoding (UTF-8 on Unix and UTF-16 on Windows).

Parameters

msg printf message

Referenced by tsk_fs_blkcat().

Calculate the hash of the data added to the context.

Parameters

shsInfo Context that has data added to it.

output Buffer to store hash value

Referenced by tsk_fs_file_hash_calc().

Initialize a SHA-1 context so that data can be added to it.

Parameters

shsInfo Pointer to context structure to initialize

Referenced by tsk_fs_file_hash_calc().

Add data to an initialized SHA-1 context.

Parameters

shsInfo Context to add data to

buffer Data to process

count Number of bytes in buffer

Create a TSK_STACK structure.

Returns

Pointer to structure or NULL on error

References TSK_STACK::len, TSK_STACK::top, and TSK_STACK::vals.

Search a TSK_STACK for a given value.

Parameters

a_tsk_stack Stack to search

a_val Value to search for

Returns

1 if found and 0 if not

References TSK_STACK::top, and TSK_STACK::vals.

Free an allocated TSK_STACK structure.

Parameters

a_tsk_stack Stack to free

References TSK_STACK::vals.

Pop a value from the top of the stack.

Parameters

a_tsk_stack Stack to pop from

References TSK_STACK::top.

Push a value to the top of TSK_STACK.

Parameters

a_tsk_stack Pointer to stack to push onto

a_val Value to push on

Returns

1 on error

References TSK_STACK::len, TSK_STACK::top, and TSK_STACK::vals.

Convert a UTF-16 string to UTF-8.

Parameters

endian Endian ordering flag of UTF-16 text

sourceStart Pointer to pointer to start of UTF-16 string. Will be updated to last char processed.

sourceEnd Pointer to one entry past end of UTF-16 string

targetStart Pointer to pointer to place where UTF-8 string should be written. Will be updated to next place to write to.

targetEnd Pointer to end of UTF-8 buffer

flags Flags used during conversion

Returns

error code

References TSKconversionOK, TSKsourceExhausted, TSKsourceIllegal, TSKstrictConversion, and TSKtargetExhausted.

Referenced by fatxxfs_dent_parse_buf().

Convert a UTF-16 string in local endian ordering to UTF-8.

Parameters

sourceStart Pointer to pointer to start of UTF-16 string. Will be updated to last char processed.

sourceEnd Pointer to one entry past end of UTF-16 string

targetStart Pointer to pointer to place where UTF-8 string should be written. Will be updated to next place to write to.

targetEnd Pointer to end of UTF-8 buffer

flags Flags used during conversion

Returns

error code

References TSKconversionOK, TSKsourceExhausted, TSKsourceIllegal, TSKstrictConversion, and TSKtargetExhausted.

Referenced by tsk_fs_ifind_path().

Convert a UTF-8 string to UTF-16 (in local endian ordering).

Parameters

sourceStart Pointer to pointer to start of UTF-8 string. Will be updated to last char processed.

sourceEnd Pointer to one entry past end of UTF-8 string

targetStart Pointer to pointer to place where UTF-16 string should be written. Will be updated to next place to write to.

targetEnd Pointer to end of UTF-16 buffer

flags Flags used during conversion

Returns

error code

References TSKconversionOK, TSKsourceExhausted, TSKsourceIllegal, TSKstrictConversion, and TSKtargetExhausted.

Referenced by TskAuto::enableImageWriter().

Return the library version as a string.

Returns

String version of version (1.00 for example)

References TSK_VERSION_STR.

Print the library name and version to a handle (such as "The Sleuth Kit ver 1.00").

Parameters

hFile Handle to print to

References tsk_fprintf(), and TSK_VERSION_STR.