1 /*
2 * Debug functions
3 *
4 * Copyright (C) 2011-2021, Joachim Metz <joachim.metz@gmail.com>
5 *
6 * Refer to AUTHORS for acknowledgements.
7 *
8 * This program is free software: you can redistribute it and/or modify
9 * it under the terms of the GNU Lesser General Public License as published by
10 * the Free Software Foundation, either version 3 of the License, or
11 * (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU Lesser General Public License
19 * along with this program. If not, see <https://www.gnu.org/licenses/>.
20 */
21
22 #include <common.h>
23 #include <types.h>
24
25 #include "libevtx_debug.h"
26 #include "libevtx_definitions.h"
27 #include "libevtx_libbfio.h"
28 #include "libevtx_libcerror.h"
29 #include "libevtx_libcnotify.h"
30
31 #if defined( HAVE_DEBUG_OUTPUT )
32
33 /* Prints the file flags
34 */
libevtx_debug_print_file_flags(uint32_t file_flags)35 void libevtx_debug_print_file_flags(
36 uint32_t file_flags )
37 {
38 if( ( file_flags & LIBEVTX_FILE_FLAG_IS_DIRTY ) != 0 )
39 {
40 libcnotify_printf(
41 "Is dirty\n" );
42 }
43 if( ( file_flags & LIBEVTX_FILE_FLAG_IS_FULL ) != 0 )
44 {
45 libcnotify_printf(
46 "Is full\n" );
47 }
48 }
49
50 /* Prints the value type
51 */
libevtx_debug_print_value_type(uint8_t value_type)52 void libevtx_debug_print_value_type(
53 uint8_t value_type )
54 {
55 switch( value_type & 0x7f )
56 {
57 case LIBEVTX_VALUE_TYPE_NULL:
58 libcnotify_printf(
59 "NULL" );
60 break;
61
62 case LIBEVTX_VALUE_TYPE_STRING_UTF16:
63 libcnotify_printf(
64 "UTF-16 string" );
65 break;
66
67 case LIBEVTX_VALUE_TYPE_STRING_BYTE_STREAM:
68 libcnotify_printf(
69 "Byte stream string" );
70 break;
71
72 case LIBEVTX_VALUE_TYPE_INTEGER_8BIT:
73 libcnotify_printf(
74 "Integer 8-bit signed" );
75 break;
76
77 case LIBEVTX_VALUE_TYPE_UNSIGNED_INTEGER_8BIT:
78 libcnotify_printf(
79 "Integer 8-bit unsigned" );
80 break;
81
82 case LIBEVTX_VALUE_TYPE_INTEGER_16BIT:
83 libcnotify_printf(
84 "Integer 16-bit signed" );
85 break;
86
87 case LIBEVTX_VALUE_TYPE_UNSIGNED_INTEGER_16BIT:
88 libcnotify_printf(
89 "Integer 16-bit unsigned" );
90 break;
91
92 case LIBEVTX_VALUE_TYPE_INTEGER_32BIT:
93 libcnotify_printf(
94 "Integer 32-bit signed" );
95 break;
96
97 case LIBEVTX_VALUE_TYPE_UNSIGNED_INTEGER_32BIT:
98 libcnotify_printf(
99 "Integer 32-bit unsigned" );
100 break;
101
102 case LIBEVTX_VALUE_TYPE_INTEGER_64BIT:
103 libcnotify_printf(
104 "Integer 64-bit signed" );
105 break;
106
107 case LIBEVTX_VALUE_TYPE_UNSIGNED_INTEGER_64BIT:
108 libcnotify_printf(
109 "Integer 64-bit unsigned" );
110 break;
111
112 case LIBEVTX_VALUE_TYPE_FLOATING_POINT_32BIT:
113 libcnotify_printf(
114 "Floating point 32-bit (single precision)" );
115 break;
116
117 case LIBEVTX_VALUE_TYPE_FLOATING_POINT_64BIT:
118 libcnotify_printf(
119 "Floating point 64-bit (double precision)" );
120 break;
121
122 case LIBEVTX_VALUE_TYPE_BOOLEAN:
123 libcnotify_printf(
124 "Boolean" );
125 break;
126
127 case LIBEVTX_VALUE_TYPE_BINARY_DATA:
128 libcnotify_printf(
129 "Binary data" );
130 break;
131
132 case LIBEVTX_VALUE_TYPE_GUID:
133 libcnotify_printf(
134 "GUID" );
135 break;
136
137 case LIBEVTX_VALUE_TYPE_SIZE:
138 libcnotify_printf(
139 "Size" );
140 break;
141
142 case LIBEVTX_VALUE_TYPE_FILETIME:
143 libcnotify_printf(
144 "Filetime" );
145 break;
146
147 case LIBEVTX_VALUE_TYPE_SYSTEMTIME:
148 libcnotify_printf(
149 "Systemtime" );
150 break;
151
152 case LIBEVTX_VALUE_TYPE_NT_SECURITY_IDENTIFIER:
153 libcnotify_printf(
154 "NT Security Identifier (SID)" );
155 break;
156
157 case LIBEVTX_VALUE_TYPE_HEXADECIMAL_INTEGER_32BIT:
158 libcnotify_printf(
159 "Hexadecimal integer 32-bit" );
160 break;
161
162 case LIBEVTX_VALUE_TYPE_HEXADECIMAL_INTEGER_64BIT:
163 libcnotify_printf(
164 "Hexadecimal integer 64-bit" );
165 break;
166
167 case LIBEVTX_VALUE_TYPE_BINARY_XML:
168 libcnotify_printf(
169 "Binary XML" );
170 break;
171
172 default:
173 libcnotify_printf(
174 "UNKNOWN" );
175 break;
176 }
177 }
178
179 /* Prints the read offsets
180 * Returns 1 if successful or -1 on error
181 */
libevtx_debug_print_read_offsets(libbfio_handle_t * file_io_handle,libcerror_error_t ** error)182 int libevtx_debug_print_read_offsets(
183 libbfio_handle_t *file_io_handle,
184 libcerror_error_t **error )
185 {
186 static char *function = "libevtx_debug_print_read_offsets";
187 off64_t offset = 0;
188 size64_t size = 0;
189 int number_of_offsets = 0;
190 int offset_iterator = 0;
191
192 if( file_io_handle == NULL )
193 {
194 libcerror_error_set(
195 error,
196 LIBCERROR_ERROR_DOMAIN_ARGUMENTS,
197 LIBCERROR_ARGUMENT_ERROR_INVALID_VALUE,
198 "%s: invalid file IO handle.",
199 function );
200
201 return( -1 );
202 }
203 if( libbfio_handle_get_number_of_offsets_read(
204 file_io_handle,
205 &number_of_offsets,
206 error ) != 1 )
207 {
208 libcerror_error_set(
209 error,
210 LIBCERROR_ERROR_DOMAIN_RUNTIME,
211 LIBCERROR_RUNTIME_ERROR_GET_FAILED,
212 "%s: unable to retrieve number of offsets read.",
213 function );
214
215 return( -1 );
216 }
217 libcnotify_printf(
218 "Offsets read:\n" );
219
220 for( offset_iterator = 0;
221 offset_iterator < number_of_offsets;
222 offset_iterator++ )
223 {
224 if( libbfio_handle_get_offset_read(
225 file_io_handle,
226 offset_iterator,
227 &offset,
228 &size,
229 error ) != 1 )
230 {
231 libcerror_error_set(
232 error,
233 LIBCERROR_ERROR_DOMAIN_RUNTIME,
234 LIBCERROR_RUNTIME_ERROR_GET_FAILED,
235 "%s: unable to retrieve offset: %d.",
236 function,
237 offset_iterator );
238
239 return( -1 );
240 }
241 libcnotify_printf(
242 "%08" PRIi64 " ( 0x%08" PRIx64 " ) - %08" PRIi64 " ( 0x%08" PRIx64 " ) size: %" PRIi64 "\n",
243 offset,
244 offset,
245 offset + (off64_t) size,
246 offset + (off64_t) size,
247 size );
248 }
249 libcnotify_printf(
250 "\n" );
251
252 return( 1 );
253 }
254
255 #endif /* defined( HAVE_DEBUG_OUTPUT ) */
256
257