1 /*
2 
3     File: file_vmdk.c
4 
5     Copyright (C) 2007 Christophe GRENIER <grenier@cgsecurity.org>
6 
7     This software is free software; you can redistribute it and/or modify
8     it under the terms of the GNU General Public License as published by
9     the Free Software Foundation; either version 2 of the License, or
10     (at your option) any later version.
11 
12     This program is distributed in the hope that it will be useful,
13     but WITHOUT ANY WARRANTY; without even the implied warranty of
14     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
15     GNU General Public License for more details.
16 
17     You should have received a copy of the GNU General Public License along
18     with this program; if not, write the Free Software Foundation, Inc., 51
19     Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
20 
21  */
22 
23 #ifdef HAVE_CONFIG_H
24 #include <config.h>
25 #endif
26 #ifdef HAVE_STRING_H
27 #include <string.h>
28 #endif
29 #include <stdio.h>
30 #include "types.h"
31 #include "filegen.h"
32 #include "common.h"
33 
34 static void register_header_check_vmdk(file_stat_t *file_stat);
35 
36 const file_hint_t file_hint_vmdk= {
37   .extension="vmdk",
38   .description="VMWare",
39   .max_filesize=(uint64_t)2048*1024*1024*1024,
40   .recover=1,
41   .enable_by_default=1,
42   .register_header_check=&register_header_check_vmdk
43 };
44 
45 /* http://www.vmware.com/app/vmdk/?src=vmdk */
46 typedef struct {
47   uint32_t magic;
48   uint32_t version;
49   uint32_t flags;
50   uint32_t disk_sectors;
51   uint32_t granularity;
52   uint32_t l1dir_offset;
53   uint32_t l1dir_size;
54   uint32_t file_sectors;
55   uint32_t cylinders;
56   uint32_t heads;
57   uint32_t sectors_per_track;
58 } VMDK3Header;
59 
60 typedef struct {
61   uint32_t magic;
62   uint32_t version;
63   uint32_t flags;
64   int64_t capacity;
65   int64_t granularity;
66   int64_t desc_offset;
67   int64_t desc_size;
68   int32_t num_gtes_per_gte;
69   int64_t rgd_offset;
70   int64_t gd_offset;
71   int64_t grain_offset;
72   char filler[1];
73   char check_bytes[4];
74 } __attribute__((gcc_struct,__packed__)) VMDK4Header;
75 
header_check_vmdk3(const unsigned char * buffer,const unsigned int buffer_size,const unsigned int safe_header_only,const file_recovery_t * file_recovery,file_recovery_t * file_recovery_new)76 static int header_check_vmdk3(const unsigned char *buffer, const unsigned int buffer_size, const unsigned int safe_header_only, const file_recovery_t *file_recovery, file_recovery_t *file_recovery_new)
77 {
78   const VMDK3Header *hdr=(const VMDK3Header *)buffer;
79   const unsigned int cluster_sectors = le32(hdr->granularity);
80   if(cluster_sectors==0)
81     return 0;
82   reset_file_recovery(file_recovery_new);
83 #ifdef DJGPP
84   file_recovery_new->extension="vmd";
85 #else
86   file_recovery_new->extension=file_hint_vmdk.extension;
87 #endif
88   file_recovery_new->min_filesize=512;
89   return 1;
90 }
91 
header_check_vmdk4(const unsigned char * buffer,const unsigned int buffer_size,const unsigned int safe_header_only,const file_recovery_t * file_recovery,file_recovery_t * file_recovery_new)92 static int header_check_vmdk4(const unsigned char *buffer, const unsigned int buffer_size, const unsigned int safe_header_only, const file_recovery_t *file_recovery, file_recovery_t *file_recovery_new)
93 {
94   const VMDK4Header *hdr=(const VMDK4Header *)buffer;
95   const unsigned int cluster_sectors = le64(hdr->granularity);
96   const unsigned int l2_size = le32(hdr->num_gtes_per_gte);
97   const uint32_t l1_entry_sectors = l2_size * cluster_sectors;
98   if (l1_entry_sectors <= 0)
99     return 0;
100   reset_file_recovery(file_recovery_new);
101 #ifdef DJGPP
102   file_recovery_new->extension="vmd";
103 #else
104   file_recovery_new->extension=file_hint_vmdk.extension;
105 #endif
106   file_recovery_new->min_filesize=512;
107   return 1;
108 }
109 
register_header_check_vmdk(file_stat_t * file_stat)110 static void register_header_check_vmdk(file_stat_t *file_stat)
111 {
112   static const unsigned char vmdk_header3_1[8]= { 'C','O','W','D', 0x01, 0x00, 0x00, 0x00};
113   static const unsigned char vmdk_header4_1[8]= { 'K','D','M','V', 0x01, 0x00, 0x00, 0x00};
114   static const unsigned char vmdk_header4_2[8]= { 'K','D','M','V', 0x02, 0x00, 0x00, 0x00};
115   static const unsigned char vmdk_header4_3[8]= { 'K','D','M','V', 0x03, 0x00, 0x00, 0x00};
116   register_header_check(0, vmdk_header3_1,sizeof(vmdk_header3_1), &header_check_vmdk3, file_stat);
117   register_header_check(0, vmdk_header4_1,sizeof(vmdk_header4_1), &header_check_vmdk4, file_stat);
118   register_header_check(0, vmdk_header4_2,sizeof(vmdk_header4_2), &header_check_vmdk4, file_stat);
119   register_header_check(0, vmdk_header4_3,sizeof(vmdk_header4_3), &header_check_vmdk4, file_stat);
120 }
121