The Sleuth Kit  4.13.0
Functions
C Hash Database Functions

Functions

void  hdb_base_db_name_from_path (TSK_HDB_INFO *hdb_info)
  Sets hash database name in hdb_info based on database file path. More...
 
int8_t  hdb_binsrch_lookup_bin (TSK_HDB_INFO *hdb_info, uint8_t *hash, uint8_t len, TSK_HDB_FLAG_ENUM flags, TSK_HDB_LOOKUP_FN action, void *ptr)
  Search the index for the given hash value given (in binary form). More...
 
int8_t  hdb_binsrch_lookup_str (TSK_HDB_INFO *hdb_info_base, const char *hash, TSK_HDB_FLAG_ENUM flags, TSK_HDB_LOOKUP_FN action, void *ptr)
  Search the index for a text/ASCII hash value. More...
 
int8_t  hdb_binsrch_lookup_verbose_str (TSK_HDB_INFO *hdb_info_base, const char *hash, void *lookup_result)
 
void  hdb_info_base_close (TSK_HDB_INFO *hdb_info)
  De-initializes struct representation of a hash database. More...
 
uint8_t  hdb_info_base_open (TSK_HDB_INFO *hdb_info, const TSK_TCHAR *db_path)
 
uint8_t  sqlite_hdb_add_entry (TSK_HDB_INFO *hdb_info_base, const char *filename, const char *md5, const char *, const char *, const char *comment)
 
uint8_t  sqlite_hdb_begin_transaction (TSK_HDB_INFO *hdb_info_base)
 
uint8_t  sqlite_hdb_commit_transaction (TSK_HDB_INFO *hdb_info_base)
 
uint8_t  sqlite_hdb_create_db (TSK_TCHAR *db_file_path)
 
uint8_t  sqlite_hdb_is_sqlite_file (FILE *hFile)
 
int8_t  sqlite_hdb_lookup_bin (TSK_HDB_INFO *hdb_info_base, uint8_t *hash, uint8_t len, TSK_HDB_FLAG_ENUM flags, TSK_HDB_LOOKUP_FN action, void *ptr)
 
int8_t  sqlite_hdb_lookup_str (TSK_HDB_INFO *hdb_info_base, const char *hash, TSK_HDB_FLAG_ENUM flags, TSK_HDB_LOOKUP_FN action, void *ptr)
 
int8_t  sqlite_hdb_lookup_verbose_bin (TSK_HDB_INFO *hdb_info_base, uint8_t *hash, uint8_t hash_len, void *lookup_result)
 
int8_t  sqlite_hdb_lookup_verbose_str (TSK_HDB_INFO *hdb_info_base, const char *hash, void *result)
 
TSK_HDB_INFOsqlite_hdb_open (TSK_TCHAR *db_path)
 
uint8_t  sqlite_hdb_rollback_transaction (TSK_HDB_INFO *hdb_info_base)
 
uint8_t  tsk_hdb_accepts_updates (TSK_HDB_INFO *hdb_info)
  Indicates whether a hash database accepts updates. More...
 
uint8_t  tsk_hdb_add_entry (TSK_HDB_INFO *hdb_info, const char *filename, const char *md5, const char *sha1, const char *sha256, const char *comment)
  Adds a new entry to a hash database. More...
 
uint8_t  tsk_hdb_begin_transaction (TSK_HDB_INFO *hdb_info)
  Begins a transaction on a hash database. More...
 
void  tsk_hdb_close (TSK_HDB_INFO *hdb_info)
  Closes an open hash database. More...
 
uint8_t  tsk_hdb_commit_transaction (TSK_HDB_INFO *hdb_info)
  Commits a transaction on a hash database. More...
 
uint8_t  tsk_hdb_create (TSK_TCHAR *file_path)
  Creates a new hash database. More...
 
uint8_t  tsk_hdb_has_idx (TSK_HDB_INFO *hdb_info, TSK_HDB_HTYPE_ENUM htype)
  Determine if the open hash database has an index. More...
 
uint8_t  tsk_hdb_is_idx_only (TSK_HDB_INFO *hdb_info)
  Test for index only (legacy) Assumes that the db was opened using the TSK_HDB_OPEN_TRY option. More...
 
int8_t  tsk_hdb_lookup_raw (TSK_HDB_INFO *hdb_info, uint8_t *hash, uint8_t len, TSK_HDB_FLAG_ENUM flags, TSK_HDB_LOOKUP_FN action, void *ptr)
  Search the index for the given hash value given (in binary form). More...
 
int8_t  tsk_hdb_lookup_str (TSK_HDB_INFO *hdb_info, const char *hash, TSK_HDB_FLAG_ENUM flags, TSK_HDB_LOOKUP_FN action, void *ptr)
  Searches a hash database for a text/ASCII hash value. More...
 
uint8_t  tsk_hdb_make_index (TSK_HDB_INFO *hdb_info, TSK_TCHAR *type)
  Create an index for an open hash database. More...
 
TSK_HDB_INFOtsk_hdb_open (TSK_TCHAR *file_path, TSK_HDB_OPEN_ENUM flags)
  Opens an existing hash database. More...
 
uint8_t  tsk_hdb_rollback_transaction (TSK_HDB_INFO *hdb_info)
  Rolls back a transaction on a hash database. More...
 

Detailed Description

Function Documentation

void hdb_base_db_name_from_path ( TSK_HDB_INFOhdb_info )

Sets hash database name in hdb_info based on database file path.

Parameters
hdb_info Struct representation of an open hash database.

References TSK_HDB_INFO::db_fname, and TSK_HDB_INFO::db_name.

int8_t hdb_binsrch_lookup_bin ( TSK_HDB_INFOhdb_info,
uint8_t *  hash,
uint8_t  len,
TSK_HDB_FLAG_ENUM  flags,
TSK_HDB_LOOKUP_FN  action,
void *  ptr 
)

Search the index for the given hash value given (in binary form).

Parameters
hdb_info Open hash database (with index)
hash Array with binary hash value to search for
len Number of bytes in binary hash value
flags Flags to use in lookup
action Callback function to call for each hash db entry (not called if QUICK flag is given)
ptr Pointer to data to pass to each callback
Returns
-1 on error, 0 if hash value not found, and 1 if value was found.

References tsk_error_reset(), tsk_error_set_errno(), tsk_error_set_errstr(), TSK_HDB_HTYPE_SHA1_LEN, and tsk_hdb_lookup_str().

Referenced by hdb_binsrch_open().

int8_t hdb_binsrch_lookup_str ( TSK_HDB_INFOhdb_info_base,
const char *  hash,
TSK_HDB_FLAG_ENUM  flags,
TSK_HDB_LOOKUP_FN  action,
void *  ptr 
)

Search the index for a text/ASCII hash value.

Parameters
hdb_info_base Open hash database (with index)
hash Hash value to search for (NULL terminated string)
flags Flags to use in lookup
action Callback function to call for each hash db entry (not called if QUICK flag is given)
ptr Pointer to data to pass to each callback
Returns
-1 on error, 0 if hash value not found, and 1 if value was found.

References TSK_HDB_BINSRCH_INFO::hash_len, TSK_HDB_BINSRCH_INFO::hIdx, TSK_HDB_BINSRCH_INFO::idx_lbuf, TSK_HDB_BINSRCH_INFO::idx_llen, TSK_HDB_BINSRCH_INFO::idx_off, TSK_HDB_BINSRCH_INFO::idx_offsets, TSK_HDB_BINSRCH_INFO::idx_size, TSK_HDB_INFO::lock, PRIuSIZE, tsk_error_reset(), tsk_error_set_errno(), tsk_error_set_errstr(), tsk_error_set_errstr2(), TSK_HDB_FLAG_QUICK, TSK_HDB_HTYPE_MD5_ID, TSK_HDB_HTYPE_MD5_LEN, TSK_HDB_HTYPE_SHA1_ID, and TSK_HDB_HTYPE_SHA1_LEN.

Referenced by hdb_binsrch_open().

void hdb_info_base_close ( TSK_HDB_INFOhdb_info )

De-initializes struct representation of a hash database.

Parameters
hdb_info Struct representation of a hash database.
Returns
0 on success, 1 on failure.

References TSK_HDB_INFO::db_fname, and TSK_HDB_INFO::lock.

uint8_t tsk_hdb_accepts_updates ( TSK_HDB_INFOhdb_info )

Indicates whether a hash database accepts updates.

Parameters
hdb_info The hash database object
Returns
1 if hash database accepts updates, 0 if it does not

References tsk_error_reset(), tsk_error_set_errno(), and tsk_error_set_errstr().

uint8_t tsk_hdb_add_entry ( TSK_HDB_INFOhdb_info,
const char *  filename,
const char *  md5,
const char *  sha1,
const char *  sha256,
const char *  comment 
)

Adds a new entry to a hash database.

Parameters
hdb_info The hash database object
filename Name of the file that was hashed (can be NULL)
md5 Text representation of MD5 hash (can be NULL)
sha1 Text representation of SHA1 hash (can be NULL)
sha256 Text representation of SHA256 hash (can be NULL)
comment A comment to associate with the hash (can be NULL)
Returns
1 on error, 0 on success

References TSK_HDB_INFO::db_type, tsk_error_reset(), tsk_error_set_errno(), and tsk_error_set_errstr().

uint8_t tsk_hdb_begin_transaction ( TSK_HDB_INFOhdb_info )

Begins a transaction on a hash database.

Parameters
hdb_info A hash database info object
Returns
1 on error, 0 on success

References TSK_HDB_INFO::db_type, TSK_HDB_INFO::transaction_in_progress, tsk_error_reset(), tsk_error_set_errno(), and tsk_error_set_errstr().

void tsk_hdb_close ( TSK_HDB_INFOhdb_info )

Closes an open hash database.

Parameters
hdb_info The hash database object

References tsk_error_reset(), tsk_error_set_errno(), and tsk_error_set_errstr().

Referenced by TskHdbInfo::~TskHdbInfo().

uint8_t tsk_hdb_commit_transaction ( TSK_HDB_INFOhdb_info )

Commits a transaction on a hash database.

Parameters
hdb_info A hash database info object
Returns
1 on error, 0 on success

References TSK_HDB_INFO::db_type, TSK_HDB_INFO::transaction_in_progress, tsk_error_reset(), tsk_error_set_errno(), and tsk_error_set_errstr().

uint8_t tsk_hdb_create ( TSK_TCHARfile_path )

Creates a new hash database.

Parameters
file_path Path for database to create.
Returns
0 on success, 1 otherwise

References tsk_error_reset(), tsk_error_set_errno(), and tsk_error_set_errstr().

uint8_t tsk_hdb_has_idx ( TSK_HDB_INFOhdb_info,
TSK_HDB_HTYPE_ENUM  htype 
)

Determine if the open hash database has an index.

Parameters
hdb_info Hash database to consider
htype Hash type that index should be of
Returns
1 if index exists and 0 if not

References tsk_error_reset(), tsk_error_set_errno(), and tsk_error_set_errstr().

Referenced by TskHdbInfo::hasIndex().

uint8_t tsk_hdb_is_idx_only ( TSK_HDB_INFOhdb_info )

Test for index only (legacy) Assumes that the db was opened using the TSK_HDB_OPEN_TRY option.

Parameters
hdb_info Hash database to consider
Returns
1 if there is only a legacy index AND no db, 0 otherwise

References TSK_HDB_INFO::db_type, tsk_error_reset(), tsk_error_set_errno(), tsk_error_set_errstr(), and TSK_HDB_DBTYPE_IDXONLY_ID.

int8_t tsk_hdb_lookup_raw ( TSK_HDB_INFOhdb_info,
uint8_t *  hash,
uint8_t  len,
TSK_HDB_FLAG_ENUM  flags,
TSK_HDB_LOOKUP_FN  action,
void *  ptr 
)

Search the index for the given hash value given (in binary form).

Parameters
hdb_info Open hash database (with index)
hash Array with binary hash value to search for
len Number of bytes in binary hash value
flags Flags to use in lookup
action Callback function to call for each hash db entry (not called if QUICK flag is given)
ptr Pointer to data to pass to each callback
Returns
-1 on error, 0 if hash value not found, and 1 if value was found.

References tsk_error_reset(), tsk_error_set_errno(), and tsk_error_set_errstr().

Referenced by TskHdbInfo::lookupRaw().

int8_t tsk_hdb_lookup_str ( TSK_HDB_INFOhdb_info,
const char *  hash,
TSK_HDB_FLAG_ENUM  flags,
TSK_HDB_LOOKUP_FN  action,
void *  ptr 
)

Searches a hash database for a text/ASCII hash value.

Parameters
hdb_info Struct representing an open hash database.
hash Hash value to search for (NULL terminated string).
flags Flags to control behavior of the lookup.
action Callback function to call for each entry in the hash database that matches the hash value argument (not called if QUICK flag is given).
ptr Pointer to data to pass to each invocation of the callback.
Returns
-1 on error, 0 if hash value not found, and 1 if value was found.

References tsk_error_reset(), tsk_error_set_errno(), and tsk_error_set_errstr().

Referenced by hdb_binsrch_lookup_bin(), and TskHdbInfo::lookupStr().

uint8_t tsk_hdb_make_index ( TSK_HDB_INFOhdb_info,
TSK_TCHARtype 
)

Create an index for an open hash database.

Parameters
hdb_info Open hash database to index
type Text of hash database type
Returns
1 on error

References tsk_error_reset(), tsk_error_set_errno(), and tsk_error_set_errstr().

Referenced by TskHdbInfo::createIndex().

TSK_HDB_INFO* tsk_hdb_open ( TSK_TCHARfile_path,
TSK_HDB_OPEN_ENUM  flags 
)

Opens an existing hash database.

Parameters
file_path Path to database or database index file.
flags Flags for opening the database.
Returns
Pointer to a struct representing the hash database or NULL on error.

References idxonly_open(), PRIttocTSK, tsk_error_reset(), tsk_error_set_errno(), tsk_error_set_errstr(), TSK_HDB_DBTYPE_ENCASE_ID, TSK_HDB_DBTYPE_HK_ID, TSK_HDB_DBTYPE_IDXONLY_ID, TSK_HDB_DBTYPE_INVALID_ID, TSK_HDB_DBTYPE_MD5SUM_ID, TSK_HDB_DBTYPE_NSRL_ID, TSK_HDB_DBTYPE_SQLITE_ID, and TSK_HDB_OPEN_IDXONLY.

Referenced by TskHdbInfo::open().

uint8_t tsk_hdb_rollback_transaction ( TSK_HDB_INFOhdb_info )

Rolls back a transaction on a hash database.

Parameters
hdb_info A hash database info object
Returns
1 on error, 0 on success

References TSK_HDB_INFO::db_type, TSK_HDB_INFO::transaction_in_progress, tsk_error_reset(), tsk_error_set_errno(), and tsk_error_set_errstr().

Copyright © 2007-2020 Brian Carrier. (carrier -at- sleuthkit -dot- org)
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.

AltStyle によって変換されたページ (->オリジナル) /