00001
00002
00003
00004
00005
00006
00007
00008
00009 #include "giis.h"
00010
00011
00012
00013
00014
00015
00016
00017
00018
00019
00020 int read_show_file (int fd, int fp)
00021 {
00022 int i, count = 0;
00023 char buffer[4096], a;
00024 char sbuf[32];
00025 int firstread = 0;
00026 int giis_dump = 0;
00027
00028 if (size == giis_f.info.file_size)
00029 firstread = 1;
00030 else
00031 firstread = 0;
00032
00033 if (firstread)
00034 {
00035
00036 i = read_sample_info_file (giis_f.info.inode_number);
00037
00038 i = read (fd, &sbuf, 32);
00039 if (i != 32)
00040 {
00041 perror ("read():read_sample_info_file()");
00042 printf ("\nError No:%d", errno);
00043 close (fd);
00044 return -1;
00045 }
00046 sbuf[31] = '\0';
00047 if (strcmp (giis_s.info.sdata, sbuf) != 0)
00048 {
00049 printf ("\n\t\t ****** giis dump ******");
00050 printf ("\n\t %s : File Data Modified/Overwritten", giis_f.info.name);
00051 printf ("\n File older Data :");
00052 printf ("\n -------------------");
00053 show_data (giis_s.info.sdata);
00054 printf ("\n Current Disk Data :");
00055 printf ("\n -------------------");
00056
00057 startbyte = 4;
00058 show_data (sbuf);
00059 startbyte = 0;
00060 printf ("\n\tDo You wanna dump the Current data?\n\tPress 1:yes \tPress 0:No");
00061 printf ("\nEnter :");
00062 scanf ("%d", &giis_dump);
00063 if (giis_dump != 1)
00064 {
00065 fileoverwritten = 444;
00066 return 0;
00067 }
00068 else
00069 fileoverwritten = 0;
00070 }
00071
00072 lseek64 (fd, fs.content_offset, 0);
00073 }
00074
00075 while ((count < fs.block_size) && (size > 0))
00076 {
00077
00078
00079
00080 if (size < sizeof (buffer) && size > 0)
00081 {
00082 i = read (fd, &a, 1);
00083 while (size && count < fs.block_size)
00084 {
00085
00086 i = write (fp, &a, 1);
00087 if (i != 1)
00088 ERROR size--;
00089 err_size++;
00090 count++;
00091 i = read (fd, &a, 1);
00092 }
00093 }
00094
00095
00096
00097 if (size >= sizeof (buffer) && (count == 0))
00098 {
00099 i = read (fd, buffer, sizeof (buffer));
00100 if (i != sizeof (buffer))
00101 ERROR i = write (fp, buffer, sizeof (buffer));
00102 if (i != sizeof (buffer))
00103 ERROR size -= sizeof (buffer);
00104 err_size += sizeof (buffer);
00105 count = fs.block_size;
00106
00107 }
00108 }
00109 return (size);
00110 }
00111
00112
00113
00114
00115
00116 int read_dir_info_file ()
00117 {
00118 int i, count = 0;
00119 char dname[50];
00120
00121
00122 fd = open (DIR_INFO_FILE, 0);
00123 if (fd == -1)
00124 {
00125 perror ("open");
00126 return -1;
00127 }
00128 printf ("Enter dir:");
00129 scanf ("%s", dname);
00130 printf ("\n\tName\tinode\tParent-inode\tSearchFlag\n");
00131 i = read (fd, giis_d.buffer, GIIS_DSIZE);
00132
00133 while (i > 0)
00134 {
00135 if (giis_d.info.search_flag == 1)
00136 {
00137 printf ("\n%s\t%lu\t", giis_d.info.name, giis_d.info.inode_number);
00138 printf ("%lu\t%d", giis_d.info.parent_inode_number, giis_d.info.search_flag);
00139
00140 count++;
00141 }
00142 if (strcmp (dname, giis_d.info.name) == 0)
00143 return 1;
00144
00145
00146
00147 i = read (fd, giis_d.buffer, GIIS_DSIZE);
00148 CHECK}
00149
00150 printf ("\n Total No.of Dir : %d", count);
00151 close (fd);
00152 return 1;
00153 }
00154
00155
00156
00157
00158
00159
00160
00161
00162
00163 int read_file_info_file ()
00164 {
00165 int i, fd, count = 0, choice;
00166
00167
00168 char fname[50];
00169 fd = open (FILE_INFO_FILE, 0);
00170 if (fd == -1)
00171 {
00172 perror ("open");
00173 return -1;
00174 }
00175 printf ("\n\t\tPress 1: All files");
00176 printf ("\n\t\tPress 2: Specific file");
00177 printf ("\n\t\tType in:");
00178 scanf ("%d", &choice);
00179 if (choice == 2)
00180 {
00181 printf ("\n\t\t Enter filename :");
00182 scanf ("%s", fname);
00183 }
00184 else
00185 choice = 1;
00186
00187
00188 i = read (fd, giis_f.buffer, GIIS_FSIZE);
00189 while (i > 0)
00190 {
00191 count++;
00192 printf ("\n ============================================");
00193 printf ("\nFile name :%s", giis_f.info.name);
00194 printf ("\tInode :%u", giis_f.info.inode_number);
00195 printf (" sfragment_flags:%d ", giis_f.info.sfragment_flag);
00196 printf (" dfragment_flags:%d ", giis_f.info.dfragment_flag);
00197 printf (" is_offset %u ", giis_f.info.is_offset);
00198 printf (" id_offset %u ", giis_f.info.id_offset);
00199
00200 printf ("\nRecorded on :%s", giis_f.info.date_time);
00201 printf ("\t\tFile name :%s", giis_f.info.name);
00202 printf ("\nInode :%u", giis_f.info.inode_number);
00203 printf ("\tParent :%u", giis_f.info.parent_inode_number);
00204 printf ("\tSearch Flag: %d", giis_f.info.search_flag);
00205 printf ("\tMode:%d", giis_f.info.mode);
00206 printf ("\nOwner: %d", giis_f.info.owner);
00207 printf ("\tBlocks count:%u", giis_f.info.file_blocks_count);
00208 printf ("\tSize: %u", giis_f.info.file_size);
00209
00210 printf ("\nData blocks :");
00211 for (i = 0; i < EXT3_N_BLOCKS; i++)
00212 printf ("\n[%d]=%u", i, giis_f.info.data_block[i]);
00213 printf ("\nsingles");
00214 printf ("\nis_offset=%u\n id=%u", giis_f.info.is_offset, giis_f.info.id_offset);
00215 printf ("\ns_offy=%lu \t d_offy=%lu", s_offy, d_offy);
00216 printf ("Sample Data :");
00217 read_sample_info_file (giis_f.info.inode_number);
00218
00219
00220
00221 if (giis_f.info.is_offset)
00222 {
00223 read_sind_info_file ();
00224 s_offy += giis_f.info.is_offset;
00225 }
00226
00227 if (giis_f.info.id_offset)
00228 {
00229 read_dind_info_file ();
00230 d_offy += giis_f.info.id_offset;
00231 }
00232 printf ("\nis_offset=%u\n id=%u", giis_f.info.is_offset, giis_f.info.id_offset);
00233 printf ("\ns_offy=%u \t d_offy=%u", s_offy, d_offy);
00234 printf ("\nLast :%u", giis_f.info.last_data_block);
00235
00236 if (strcmp (fname, giis_f.info.name) == 0 && choice == 2)
00237 {
00238 printf ("\n\t\tPress 0:Try next file\n\t\tPress 1:Exit \n\t\tType in:");
00239 scanf ("%d", &i);
00240 if (i != 0)
00241 return 1;
00242
00243 }
00244 if (choice == 1)
00245 {
00246 printf ("\n\t\tPress 0:Continue\n\t\tPress 1 : Stop ");
00247 printf ("\n\t\tEnter your choice:");
00248 scanf ("%d", &i);
00249 if (i == 1)
00250 return 1;
00251 }
00252
00253
00254 i = read (fd, giis_f.buffer, GIIS_FSIZE);
00255 CHECK}
00256 printf ("\n Total No.of Files : %d", count);
00257 close (fd);
00258 return 1;
00259 }
00260
00261
00262
00263
00264
00265
00266
00267
00268
00269 int read_sind_info_file ()
00270 {
00271 int i, fp;
00272 unsigned long iblock[1024];
00273
00274 fp = open (SIND_INFO_FILE, 0);
00275 if (fp == -1)
00276 {
00277 perror ("open");
00278 close (fp);
00279 return -1;
00280 }
00281 lseek (fp, s_offy * sizeof (unsigned long), 0);
00282 read (fp, iblock, giis_f.info.is_offset * sizeof (unsigned long));
00283 CHECK i = 0;
00284 while (i < giis_f.info.is_offset)
00285 {
00286
00287
00288 i++;
00289
00290 }
00291 printf ("\n SIND No.of records :%d", i);
00292 close (fp);
00293 return 1;
00294 }
00295
00296
00297
00298
00299
00300
00301
00302
00303 int read_dind_info_file ()
00304 {
00305 int i, fp;
00306 unsigned long iblock[1024];
00307
00308 fp = open (DIND_INFO_FILE, 0);
00309 if (fp == -1)
00310 {
00311 perror ("open");
00312 close (fp);
00313 return -1;
00314 }
00315 lseek (fp, d_offy * sizeof (unsigned long), 0);
00316 read (fp, iblock, giis_f.info.id_offset * sizeof (unsigned long));
00317 CHECK i = 0;
00318
00319 while (i < giis_f.info.id_offset)
00320 {
00321
00322 i++;
00323
00324 }
00325
00326 printf ("\n DIND No.of records :%d", i);
00327 close (fp);
00328 return 1;
00329 }
00330
00331
00332
00333
00334
00335
00336 int read_sample_info_file (unsigned long inode_number)
00337 {
00338 int i, sfp;
00339
00340 sfp = open (SAMPLE_DATA_FILE, 0);
00341 if (sfp == -1)
00342 {
00343 perror ("open");
00344 close (sfp);
00345 return -1;
00346 }
00347 i = read (sfp, giis_s.buffer, GIIS_SSIZE);
00348 while (i > 0)
00349 {
00350 if (giis_s.info.inode_number == inode_number)
00351 {
00352 show_data (giis_s.info.sdata);
00353 close (sfp);
00354 return 1;
00355 }
00356 i = read (sfp, giis_s.buffer, GIIS_SSIZE);
00357 CHECK}
00358 close (sfp);
00359 return 1;
00360 }
00361
00362
00363
00364
00365
00366
00367
00368 void show_data (char buffer[32])
00369 {
00370 int i;
00371 int yes = 0;
00372 printf ("\n\t........ giis analyser : Begins ........");
00373
00374
00375
00376
00377
00378
00379
00380
00381
00382
00383 if ((buffer[startbyte] == 0xffffffff && buffer[startbyte + 1] == 0xffffffd8 &&
00384 buffer[startbyte + 2] == 0xffffffff && buffer[startbyte + 3] == 0xffffffe0))
00385 {
00386 printf ("\n\t\t giis : It's Jpeg");
00387 yes = 444;
00388 }
00389
00390 if (buffer[startbyte] == 0x47 && buffer[startbyte + 1] == 0x49
00391 && buffer[startbyte + 2] == 0x46 && buffer[startbyte + 3] == 0x38)
00392 {
00393 printf ("fname,giis_f.info.name\n\t\t giis : It's GIF");
00394 yes = 444;
00395 }
00396 if (buffer[startbyte] == 0xffffff89 && buffer[startbyte + 1] == 0x50
00397 && buffer[startbyte + 2] == 0x4e && buffer[startbyte + 3] == 0x47)
00398 {
00399 printf ("\n\t\t giis : It's PNG");
00400 yes = 444;
00401 }
00402 if (buffer[startbyte] == 0x49 && buffer[startbyte + 1] == 0x49
00403 && buffer[startbyte + 2] == 0x2a && buffer[startbyte + 3] == 0x00)
00404 {
00405 printf ("\n\t\t giis : It's TIF");
00406 yes = 444;
00407 }
00408 if (buffer[startbyte] == 'B' && buffer[startbyte + 1] == 'M'
00409 && buffer[startbyte + 2] == '?' && buffer[startbyte + 3] == '?'
00410 && buffer[startbyte + 4] == 0x00)
00411 {
00412 printf ("\n\t\t giis : It's BMP ");
00413 yes = 444;
00414 }
00415
00416
00417
00418
00419 if (buffer[startbyte] == 'R' && buffer[startbyte + 1] == 'I'
00420 && buffer[startbyte + 2] == 'F' && buffer[startbyte + 3] == 'F'
00421 && buffer[startbyte + 4] == '?' && buffer[startbyte + 5] == '?'
00422 && buffer[startbyte + 6] == '?' && buffer[startbyte + 7] == '?'
00423 && buffer[startbyte + 8] == 'A' && buffer[startbyte + 9] == 'V'
00424 && buffer[startbyte + 10] == 'I')
00425 {
00426 printf ("\n\t\t giis : It's AVI ");
00427 yes = 444;
00428 }
00429
00430
00431 if (buffer[startbyte] == '?' && buffer[startbyte + 1] == '?'
00432 && buffer[startbyte + 2] == '?' && buffer[startbyte + 3] == '?'
00433 && buffer[startbyte + 4] == '?' && buffer[startbyte + 5] == '?'
00434 && buffer[startbyte + 6] == '?' && buffer[startbyte + 7] == '?'
00435 && buffer[startbyte + 8] == 0x6d)
00436 {
00437 printf ("\n\t\t giis : It's Apple Quicktime ");
00438 yes = 444;
00439 }
00440
00441 if ((buffer[startbyte] == 0x00 && buffer[startbyte + 1] == 0x00
00442 && buffer[startbyte + 2] == 0x01 && buffer[startbyte + 3] == 0xffffffba)
00443 || (buffer[startbyte] == 0x00 && buffer[startbyte + 1] == 0x00
00444 && buffer[startbyte + 2] == 0x01 && buffer[startbyte + 3] == 0xffffffb3))
00445 {
00446 printf ("\n\t\t giis : It's MPEG");
00447 yes = 444;
00448 }
00449
00450 if (buffer[startbyte] == 'm' && buffer[startbyte + 1] == 'p'
00451 && buffer[startbyte + 2] == 'g')
00452 {
00453 printf ("\n\t\t giis : It's MPEG");
00454 yes = 444;
00455 }
00456
00457 if (buffer[startbyte] == 'F' && buffer[startbyte + 1] == 'W'
00458 && buffer[startbyte + 2] == 'S')
00459 {
00460 printf ("\n\t\t giis : It's Flash Files");
00461 yes = 444;
00462 }
00463
00464
00465
00466
00467 if (buffer[startbyte] == 0x1f && buffer[startbyte + 1] == 0xffffff8b)
00468 {
00469 printf ("\n\t\t giis : It's GZip");
00470 yes = 444;
00471 }
00472 if (buffer[startbyte] == 0x7f && buffer[startbyte + 1] == 0x45
00473 && buffer[startbyte + 2] == 0x4c && buffer[startbyte + 3] == 0x46)
00474 {
00475 printf ("\n\t\t giis : It's Unix ELF");
00476 yes = 444;
00477 }
00478 if (buffer[startbyte] == 0x50 && buffer[startbyte + 1] == 0x4b
00479 && buffer[startbyte + 2] == 0x03 && buffer[startbyte + 3] == 0x04)
00480 {
00481 printf ("\n\t\t giis : It's Zip");
00482 yes = 444;
00483 }
00484 if (buffer[startbyte] == 0xffffffd0 && buffer[startbyte + 1] == 0xffffffcf
00485 && buffer[startbyte + 2] == 0x11 && buffer[startbyte + 3] == 0xffffffe0
00486 && buffer[startbyte + 4] == 0xffffffa1 && buffer[startbyte + 5] == 0xffffffb1)
00487 {
00488 printf ("\n\t\t giis : It's DOC");
00489 yes = 444;
00490 }
00491
00492 if ((buffer[startbyte] == 0x2e && buffer[startbyte + 1] == 0x72
00493 && buffer[startbyte + 2] == 0x61 && buffer[startbyte + 3] == 0xfffffffd)
00494 || (buffer[startbyte] == '.' && buffer[startbyte + 1] == 'R'
00495 && buffer[startbyte + 2] == 'M' && buffer[startbyte + 3] == 'F'))
00496 {
00497 printf ("\n\t\t giis : It's Real Audio Files");
00498 yes = 444;
00499 }
00500
00501 if (buffer[startbyte] == 0x30 && buffer[startbyte + 1] == 0x26
00502 && buffer[startbyte + 2] == 0xB2 && buffer[startbyte + 3] == 0x75)
00503 {
00504 printf ("\n\t\t giis : It's WMA Files");
00505 yes = 444;
00506 }
00507
00508 if ((buffer[startbyte] == 0xffffffff && buffer[startbyte + 1] == 0xfffffffb
00509 && buffer[startbyte + 2] == 0xffffff90 && buffer[startbyte + 3] == 0x44)
00510 || (buffer[startbyte] == 0xffffffff && buffer[startbyte + 1] == 0xfffffffb
00511 && buffer[startbyte + 2] == 0xffffff90 && buffer[startbyte + 3] == 0x00)
00512 || (buffer[startbyte] == 0x57 && buffer[startbyte + 1] == 0x41
00513 && buffer[startbyte + 2] == 0x56 && buffer[startbyte + 3] == 0x45)
00514 || (buffer[startbyte] == 0xffffffff && buffer[startbyte + 1] == 0xfffffffb
00515 && buffer[startbyte + 2] == 0xffffffD0) || (buffer[startbyte] == 0x49
00516 && buffer[startbyte + 1] == 0x44
00517 && buffer[startbyte + 2] == 0x33)
00518 || (buffer[startbyte] == 0x4C && buffer[startbyte + 1] == 0x41
00519 && buffer[startbyte + 2] == 0x4D && buffer[startbyte + 3] == 0x45))
00520 {
00521 printf ("\n\t\t giis : It's Mp3");
00522 yes = 444;
00523 }
00524
00525 if (buffer[startbyte] == '%' && buffer[startbyte + 1] == 'P'
00526 && buffer[startbyte + 2] == 'D' && buffer[startbyte + 3] == 'F')
00527 {
00528 printf ("\n\t\t giis : It's a PDF File");
00529 yes = 444;
00530 }
00531
00532 if (buffer[startbyte] == 0xed && buffer[startbyte + 1] == 0xab)
00533 {
00534 printf ("\n\t\t giis : It's a Linux rpm File");
00535 yes = 444;
00536 }
00537
00538
00539 if (buffer[startbyte] == 'R' && buffer[startbyte + 1] == 'I'
00540 && buffer[startbyte + 2] == 'F' && buffer[startbyte + 3] == 'F'
00541 && buffer[startbyte + 4] == '?' && buffer[startbyte + 5] == '?'
00542 && buffer[startbyte + 6] == '?' && buffer[startbyte + 7] == '?'
00543 && buffer[startbyte + 8] == 'W' && buffer[startbyte + 9] == 'A'
00544 && buffer[startbyte + 10] == 'V' && buffer[startbyte + 11] == 'E')
00545 {
00546 printf ("\n\t\t giis : It's WAV files ");
00547 yes = 444;
00548 }
00549 if (buffer[startbyte] == 0x30 && buffer[startbyte + 1] == 0x26
00550 && buffer[startbyte + 2] == 0xb2 && buffer[startbyte + 3] == 0x75
00551 && buffer[startbyte + 4] == 0x8e && buffer[startbyte + 5] == 0x66
00552 && buffer[startbyte + 6] == 0xcf && buffer[startbyte + 7] == 0x11
00553 && buffer[startbyte + 8] == 0xa6 && buffer[startbyte + 9] == 0xd9
00554 && buffer[startbyte + 10] == 0x00 && buffer[startbyte + 11] == 0xAA
00555 && buffer[startbyte + 12] == 0x00 && buffer[startbyte + 13] == 0x62
00556 && buffer[startbyte + 14] == 0xCE)
00557 {
00558
00559 printf ("\n\t\t giis : It's WMV files ");
00560 yes = 444;
00561 }
00562 if (buffer[startbyte] == 'R' && buffer[startbyte + 1] == 'a'
00563 && buffer[startbyte + 2] == 'r' && buffer[startbyte + 3] == '!')
00564 {
00565 printf ("\n\t\t giis : It's a Rar File");
00566 yes = 444;
00567 }
00568
00569 if (buffer[startbyte] == 0xca && buffer[startbyte + 1] == 0xfe
00570 && buffer[startbyte + 2] == 0xba && buffer[startbyte + 3] == 0xbe)
00571 {
00572 printf ("\n\t\t giis : It's a Java File");
00573 yes = 444;
00574 }
00575 if (buffer[startbyte] == '<' && buffer[startbyte + 1] == 'h'
00576 && buffer[startbyte + 2] == 't' && buffer[startbyte + 3] == 'm'
00577 && buffer[startbyte + 1] == 'l')
00578 {
00579 printf ("\n\t\t giis : It's a html File");
00580 yes = 444;
00581 }
00582
00583
00584 if (yes == 0)
00585 {
00586 printf ("\n\t Unable to Detect File Type - Found Data : \n");
00587 for (i = 0; i < 32; i++)
00588 {
00589 if (buffer[i] >= 32 && buffer[i] < 128)
00590 {
00591 if (buffer[i] != 10)
00592 printf ("%c", buffer[i]);
00593 else
00594 printf ("%x", buffer[i]);
00595 }
00596 }
00597
00598 }
00599 printf ("\n\t........Ends ........");
00600
00601 }
00602
00603
00604
00605
00606
00607
00608 int file_repeated (char fname[50])
00609 {
00610 int i, fd, exists = 0;
00611 union u_file_recover_info temp_giis_f;
00612
00613 fd = open (FILE_INFO_FILE, 0);
00614 if (fd == -1)
00615 {
00616 perror ("open");
00617 return -1;
00618 }
00619 i = read (fd, temp_giis_f.buffer, GIIS_FSIZE);
00620 while (i > 0)
00621 {
00622 if (strcmp (fname, temp_giis_f.info.name) == 0)
00623 {
00624 exists++;
00625 }
00626 i = read (fd, temp_giis_f.buffer, GIIS_FSIZE);
00627 CHECK}
00628
00629 close (fd);
00630 return exists;
00631 }