File: ntgrep.c

package info (click to toggle)
ntfs 971218-4
  • links: PTS
  • area: main
  • in suites: hamm, slink
  • size: 692 kB
  • ctags: 670
  • sloc: ansic: 7,774; sh: 1,509; makefile: 232
file content (122 lines) | stat: -rw-r--r-- 2,745 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
 
/*
 *  ntgrep.c
 *
 *  Copyright (C) 1995-1997 Martin von Lwis
 *  Copyright (C) 1997 Rgis Duchesne
 */

#include "types.h"
#include "struct.h"
#include "nttools.h"
#include "dump.h"
#include <stdio.h>
#include <stdlib.h>
#ifdef HAVE_GETOPT_H
#include <getopt.h>
#else
#define getopt_long(a,v,o,ol,x)        getopt(a,v,o)
#endif
#include <unistd.h>

#define GREP_DISPLAY_SIZE 512

char *short_opts="af:o:inCB:bc:";
#ifdef HAVE_GETOPT_H
struct option options[]={
	{"filesystem",1,0,'f'},
	{"offset",1,0,'o'},
	{"ignorecase",0,0,'i'},
	{"ascii",0,0,'a'},
	{"nodump",0,0,'n'},
	{"continue",0,0,'C'},
	{"cluster",1,0,'c'},
	{"blocksize",1,0,'B'},
	{"bytes",0,0,'b'},
	{0,0,0,0}
};
#endif

void usage(void)
{
	fprintf(stderr,"ntgrep <options> string\n"
		"  --filesystem, -f device  use device as volume\n"
		"  --offset, -o n           start at offset n\n"
		"  --ignorecase, -i         do caseless search\n"
		"  --ascii, -a              search for ASCII string (default is Unicode)\n"
		"  --nodump, -n             display only location, don't dump context\n"
		"  --continue, -C           continue searching until end of volume\n"
		"  --cluster, -c n          start at cluster n\n"
		"  --blocksize, -b n        dump n bytes around the location\n"
		"  --bytes                  string is given as hex bytes\n"
		);
}

int main(int argc,char *argv[])
{
	int c;
	int ignore_case=0,ascii=0,cont=0,bytes=0;
	char *device=0;
	ntfs_size_t offset=0;
	int blocksize=GREP_DISPLAY_SIZE;
	ntfs_size_t pos,length;
	char match[2048];
	char *in;
	extern int opterr,optind;
	extern char* optarg;
	ntfs_volume *volume;

	opterr=1;
	while((c=getopt_long(argc,argv,short_opts,options,NULL))>0)
		switch(c)
		{
		case 'f': device=optarg;break;
		case 'o': offset=strtol(optarg,NULL,0);break;
		case 'i': ignore_case=1;break;
		case 'a': ascii=1;break;
		case 'C': cont=1;break;
		case 'c': offset=strtol(optarg,NULL,0)*512/*FIXME*/;break;
		case 'B': blocksize=strtol(optarg,NULL,0);break;
		case 'b': bytes=1;break;
		}
	if(optind==argc){
		usage();
		return 1;
	}
	in=argv[optind];
	if(bytes)
	{	char buf[3];
	buf[2]='\0';
	for(length=0;*in && *(in+1);in+=2,length++)
	{	buf[0]=in[0];
	buf[1]=in[1];
	match[length]=strtol(buf,NULL,16);
	}
	}
	else if(ascii)
	{	strcpy(match,in);
	length=strlen(in);
	}else
		for(length=0;*in;in++,length+=2)
		{	match[length]=*in;
		match[length+1]='\0';
		}
	volume=ntfs_open_volume(device,0,0,1);
	do{
		pos=grep(volume,offset,-1,match,length,ignore_case);
		if(pos==-1)
			fprintf(stderr,"Not found\n");
		else{
			printf("0x%X\n",pos);
			pos=(pos/blocksize)*blocksize;
			dump(volume,pos,pos,blocksize);
			offset=pos+blocksize;
		}
	}while(cont);
	return 0;
}

/*
 * Local variables:
 * c-file-style: "linux"
 * End:
 */