summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorChristophe Grenier <grenier@cgsecurity.org>2018-06-22 19:05:04 +0200
committerChristophe Grenier <grenier@cgsecurity.org>2018-06-22 19:05:04 +0200
commit2d36e835ba016468e3e59f7bd02716a2bb30948d (patch)
tree989bdc00217e794ce2059661a69d24623403656a
parent45259e8a1650f77d38864c3b13b93e14ef6fc714 (diff)
List NTFS system files when expert mode is enabled.
-rw-r--r--src/adv.c12
-rw-r--r--src/dir.h1
-rw-r--r--src/dirpart.c10
-rw-r--r--src/dirpart.h2
-rw-r--r--src/fat1x.c2
-rw-r--r--src/fat32.c4
-rw-r--r--src/fat_adv.c2
-rw-r--r--src/intrface.c8
-rw-r--r--src/ntfs_adv.c20
-rw-r--r--src/ntfs_dir.c7
-rw-r--r--src/ntfs_dir.h2
-rw-r--r--src/ntfs_fix.c4
-rw-r--r--src/ntfs_udl.c2
-rw-r--r--src/ntfsp.c2
-rw-r--r--src/tntfs.c4
15 files changed, 43 insertions, 39 deletions
diff --git a/src/adv.c b/src/adv.c
index 3b2981b..0d53068 100644
--- a/src/adv.c
+++ b/src/adv.c
@@ -411,7 +411,7 @@ static void adv_menu_undelete_selected(disk_t *disk, partition_t *partition, con
(is_part_ntfs(partition) && partition->upart_type!=UP_EXFAT))
ntfs_undelete_part(disk, partition, verbose, current_cmd);
else
- dir_partition(disk, partition, 0, current_cmd);
+ dir_partition(disk, partition, 0, 0, current_cmd);
io_redir_del_redir(disk, partition->part_offset+partition->sborg_offset);
}
else
@@ -420,11 +420,11 @@ static void adv_menu_undelete_selected(disk_t *disk, partition_t *partition, con
(is_part_ntfs(partition) && partition->upart_type!=UP_EXFAT))
ntfs_undelete_part(disk, partition, verbose, current_cmd);
else
- dir_partition(disk, partition, 0, current_cmd);
+ dir_partition(disk, partition, 0, 0, current_cmd);
}
}
-static void adv_menu_list_selected(disk_t *disk, partition_t *partition, const int verbose, char **current_cmd)
+static void adv_menu_list_selected(disk_t *disk, partition_t *partition, const int verbose, const int expert, char **current_cmd)
{
if(partition->sb_offset!=0 && partition->sb_size>0)
{
@@ -433,11 +433,11 @@ static void adv_menu_list_selected(disk_t *disk, partition_t *partition, const i
partition->sb_size,
partition->part_offset+partition->sb_offset,
NULL);
- dir_partition(disk,partition,verbose, current_cmd);
+ dir_partition(disk,partition, verbose, expert, current_cmd);
io_redir_del_redir(disk, partition->part_offset+partition->sborg_offset);
}
else
- dir_partition(disk,partition,verbose, current_cmd);
+ dir_partition(disk, partition, verbose, expert, current_cmd);
}
static void adv_menu_superblock_selected(disk_t *disk, partition_t *partition, const int verbose,const int dump_ind, char**current_cmd)
@@ -605,7 +605,7 @@ void interface_adv(disk_t *disk_car, const int verbose,const int dump_ind, const
break;
case 'l':
case 'L':
- adv_menu_list_selected(disk_car, current_element->part, verbose, current_cmd);
+ adv_menu_list_selected(disk_car, current_element->part, verbose, expert, current_cmd);
rewrite=1;
break;
case 's':
diff --git a/src/dir.h b/src/dir.h
index 6978bca..b2d4f7a 100644
--- a/src/dir.h
+++ b/src/dir.h
@@ -34,6 +34,7 @@ extern "C" {
#define FLAG_LIST_MASK16 4
#define FLAG_LIST_PATHNAME 8
#define FLAG_LIST_ADS 16
+#define FLAG_LIST_SYSTEM 32
/* capabilities */
#define CAPA_LIST_DELETED 1
#define CAPA_LIST_ADS 2
diff --git a/src/dirpart.c b/src/dirpart.c
index e4c09e9..31a9692 100644
--- a/src/dirpart.c
+++ b/src/dirpart.c
@@ -50,14 +50,14 @@
#include "log.h"
#include "log_part.h"
-static dir_partition_t dir_partition_init(disk_t *disk, const partition_t *partition, const int verbose, dir_data_t *dir_data)
+static dir_partition_t dir_partition_init(disk_t *disk, const partition_t *partition, const int verbose, const int expert, dir_data_t *dir_data)
{
dir_partition_t res=DIR_PART_ENOIMP;
if(is_part_fat(partition))
res=dir_partition_fat_init(disk, partition, dir_data, verbose);
else if(is_part_ntfs(partition))
{
- res=dir_partition_ntfs_init(disk, partition, dir_data, verbose);
+ res=dir_partition_ntfs_init(disk, partition, dir_data, verbose, expert);
if(res!=DIR_PART_OK)
res=dir_partition_exfat_init(disk, partition, dir_data, verbose);
}
@@ -84,7 +84,7 @@ static dir_partition_t dir_partition_init(disk_t *disk, const partition_t *parti
case UP_RFS3:
return dir_partition_reiser_init(disk, partition, dir_data, verbose);
case UP_NTFS:
- return dir_partition_ntfs_init(disk, partition, dir_data, verbose);
+ return dir_partition_ntfs_init(disk, partition, dir_data, verbose, expert);
case UP_EXFAT:
return dir_partition_exfat_init(disk, partition, dir_data, verbose);
default:
@@ -92,7 +92,7 @@ static dir_partition_t dir_partition_init(disk_t *disk, const partition_t *parti
}
}
-dir_partition_t dir_partition(disk_t *disk, const partition_t *partition, const int verbose, char **current_cmd)
+dir_partition_t dir_partition(disk_t *disk, const partition_t *partition, const int verbose, const int expert, char **current_cmd)
{
dir_data_t dir_data;
#ifdef HAVE_NCURSES
@@ -101,7 +101,7 @@ dir_partition_t dir_partition(disk_t *disk, const partition_t *partition, const
dir_partition_t res;
fflush(stderr);
dir_data.local_dir=NULL;
- res=dir_partition_init(disk, partition, verbose, &dir_data);
+ res=dir_partition_init(disk, partition, verbose, expert, &dir_data);
#ifdef HAVE_NCURSES
window=newwin(LINES, COLS, 0, 0); /* full screen */
dir_data.display=window;
diff --git a/src/dirpart.h b/src/dirpart.h
index f78573c..f8c31af 100644
--- a/src/dirpart.h
+++ b/src/dirpart.h
@@ -23,7 +23,7 @@
extern "C" {
#endif
#include "dir.h"
-dir_partition_t dir_partition(disk_t *disk_car, const partition_t *partition, const int verbose, char **current_cmd);
+dir_partition_t dir_partition(disk_t *disk_car, const partition_t *partition, const int verbose, const int expert, char **current_cmd);
#ifdef __cplusplus
} /* closing brace for extern "C" */
#endif
diff --git a/src/fat1x.c b/src/fat1x.c
index a3500e1..90ab49b 100644
--- a/src/fat1x.c
+++ b/src/fat1x.c
@@ -190,7 +190,7 @@ int fat1x_boot_sector(disk_t *disk_car, partition_t *partition, const int verbos
FAT_init_rootdir(disk_car, partition, verbose, current_cmd);
break;
case 'L':
- dir_partition(disk_car, partition, 0,current_cmd);
+ dir_partition(disk_car, partition, 0, 0, current_cmd);
break;
}
}
diff --git a/src/fat32.c b/src/fat32.c
index 73d309a..9ca9da3 100644
--- a/src/fat32.c
+++ b/src/fat32.c
@@ -295,11 +295,11 @@ int fat32_boot_sector(disk_t *disk_car, partition_t *partition, const int verbos
if(strchr(options,'O')==NULL && strchr(options,'B')!=NULL)
{
io_redir_add_redir(disk_car,partition->part_offset,3*disk_car->sector_size,0,buffer_backup_bs);
- dir_partition(disk_car, partition, 0,current_cmd);
+ dir_partition(disk_car, partition, 0, 0, current_cmd);
io_redir_del_redir(disk_car,partition->part_offset);
}
else
- dir_partition(disk_car, partition, 0,current_cmd);
+ dir_partition(disk_car, partition, 0, 0, current_cmd);
break;
case 'R': /* R : rebuild boot sector */
rebuild_FAT_BS(disk_car, partition, verbose, dump_ind, expert, current_cmd);
diff --git a/src/fat_adv.c b/src/fat_adv.c
index ac0a408..5fcfe77 100644
--- a/src/fat_adv.c
+++ b/src/fat_adv.c
@@ -1014,7 +1014,7 @@ static void menu_write_fat_boot_sector(disk_t *disk_car, partition_t *partition,
const upart_type_t old_upart_type=upart_type;
partition->upart_type=upart_type;
io_redir_add_redir(disk_car,partition->part_offset,3*disk_car->sector_size,0,newboot);
- dir_partition(disk_car, partition, verbose, current_cmd);
+ dir_partition(disk_car, partition, verbose, 0, current_cmd);
io_redir_del_redir(disk_car,partition->part_offset);
partition->upart_type=old_upart_type;
}
diff --git a/src/intrface.c b/src/intrface.c
index 12b3ab5..4375d0c 100644
--- a/src/intrface.c
+++ b/src/intrface.c
@@ -87,7 +87,7 @@ static list_part_t *ask_structure_cli(disk_t *disk_car,list_part_t *list_part, c
{
const partition_t *partition=pos->part;
if(partition->sb_offset==0 || partition->sb_size==0)
- dir_partition(disk_car,partition,verbose, current_cmd);
+ dir_partition(disk_car, partition, verbose, 0, current_cmd);
else
{
io_redir_add_redir(disk_car,
@@ -95,7 +95,7 @@ static list_part_t *ask_structure_cli(disk_t *disk_car,list_part_t *list_part, c
partition->sb_size,
partition->part_offset+partition->sb_offset,
NULL);
- dir_partition(disk_car,partition,verbose, current_cmd);
+ dir_partition(disk_car, partition, verbose, 0, current_cmd);
io_redir_del_redir(disk_car, partition->part_offset+partition->sborg_offset);
}
}
@@ -363,7 +363,7 @@ static list_part_t *ask_structure_ncurses(disk_t *disk_car,list_part_t *list_par
const partition_t *partition=pos->part;
char *current_cmd=NULL;
if(partition->sb_offset==0 || partition->sb_size==0)
- dir_partition(disk_car,partition,verbose, &current_cmd);
+ dir_partition(disk_car, partition, verbose, 0, &current_cmd);
else
{
io_redir_add_redir(disk_car,
@@ -371,7 +371,7 @@ static list_part_t *ask_structure_ncurses(disk_t *disk_car,list_part_t *list_par
partition->sb_size,
partition->part_offset+partition->sb_offset,
NULL);
- dir_partition(disk_car,partition,verbose, &current_cmd);
+ dir_partition(disk_car, partition, verbose, 0, &current_cmd);
io_redir_del_redir(disk_car, partition->part_offset+partition->sborg_offset);
}
rewrite=1;
diff --git a/src/ntfs_adv.c b/src/ntfs_adv.c
index 738ed0f..159eac8 100644
--- a/src/ntfs_adv.c
+++ b/src/ntfs_adv.c
@@ -114,14 +114,14 @@ static void ntfs_write_boot_sector(disk_t *disk, partition_t *partition, const u
disk->sync(disk);
}
-static void ntfs_list(disk_t *disk, partition_t *partition,const unsigned char *newboot, char **current_cmd)
+static void ntfs_list(disk_t *disk, partition_t *partition, const unsigned char *newboot, char **current_cmd, const int expert)
{
io_redir_add_redir(disk,partition->part_offset,NTFS_SECTOR_SIZE,0,newboot);
- dir_partition(disk, partition, 0, current_cmd);
+ dir_partition(disk, partition, 0, expert, current_cmd);
io_redir_del_redir(disk,partition->part_offset);
}
-static void menu_write_ntfs_boot_sector_cli(disk_t *disk_car, partition_t *partition, const unsigned char *orgboot, const unsigned char *newboot, char **current_cmd)
+static void menu_write_ntfs_boot_sector_cli(disk_t *disk_car, partition_t *partition, const unsigned char *orgboot, const unsigned char *newboot, char **current_cmd, const int expert)
{
const struct ntfs_boot_sector *org_ntfs_header=(const struct ntfs_boot_sector *)orgboot;
const struct ntfs_boot_sector *ntfs_header=(const struct ntfs_boot_sector *)newboot;
@@ -139,7 +139,7 @@ static void menu_write_ntfs_boot_sector_cli(disk_t *disk_car, partition_t *parti
skip_comma_in_command(current_cmd);
if(check_command(current_cmd,"list",4)==0)
{
- ntfs_list(disk_car, partition, newboot, current_cmd);
+ ntfs_list(disk_car, partition, newboot, current_cmd, expert);
}
else if(check_command(current_cmd,"dump",4)==0)
{
@@ -168,7 +168,7 @@ static void menu_write_ntfs_boot_sector_cli(disk_t *disk_car, partition_t *parti
}
#ifdef HAVE_NCURSES
-static void menu_write_ntfs_boot_sector_ncurses(disk_t *disk_car, partition_t *partition, const unsigned char *orgboot, const unsigned char *newboot)
+static void menu_write_ntfs_boot_sector_ncurses(disk_t *disk_car, partition_t *partition, const unsigned char *orgboot, const unsigned char *newboot, const int expert)
{
const struct ntfs_boot_sector *org_ntfs_header=(const struct ntfs_boot_sector *)orgboot;
const struct ntfs_boot_sector *ntfs_header=(const struct ntfs_boot_sector *)newboot;
@@ -220,7 +220,7 @@ static void menu_write_ntfs_boot_sector_ncurses(disk_t *disk_car, partition_t *p
break;
case 'l':
case 'L':
- ntfs_list(disk_car, partition, newboot, NULL);
+ ntfs_list(disk_car, partition, newboot, NULL, expert);
break;
case 'q':
case 'Q':
@@ -230,7 +230,7 @@ static void menu_write_ntfs_boot_sector_ncurses(disk_t *disk_car, partition_t *p
}
#endif
-static void create_ntfs_boot_sector(disk_t *disk_car, partition_t *partition, const unsigned int cluster_size, const uint64_t mft_lcn, const uint64_t mftmirr_lcn, const uint32_t mft_record_size, const uint32_t index_block_size, char**current_cmd)
+static void create_ntfs_boot_sector(disk_t *disk_car, partition_t *partition, const unsigned int cluster_size, const uint64_t mft_lcn, const uint64_t mftmirr_lcn, const uint32_t mft_record_size, const uint32_t index_block_size, const int expert, char**current_cmd)
{
unsigned char orgboot[NTFS_SECTOR_SIZE];
unsigned char newboot[NTFS_SECTOR_SIZE];
@@ -300,11 +300,11 @@ static void create_ntfs_boot_sector(disk_t *disk_car, partition_t *partition, co
}
if(*current_cmd!=NULL)
{
- menu_write_ntfs_boot_sector_cli(disk_car, partition, orgboot, newboot, current_cmd);
+ menu_write_ntfs_boot_sector_cli(disk_car, partition, orgboot, newboot, current_cmd, expert);
return ;
}
#ifdef HAVE_NCURSES
- menu_write_ntfs_boot_sector_ncurses(disk_car, partition, orgboot, newboot);
+ menu_write_ntfs_boot_sector_ncurses(disk_car, partition, orgboot, newboot, expert);
#endif
}
@@ -626,7 +626,7 @@ int rebuild_NTFS_BS(disk_t *disk_car, partition_t *partition, const int verbose,
if(index_block_size%512!=0 || index_block_size==0)
index_block_size=4096;
log_info("ntfs_find_mft: index_block_size %u\n",index_block_size);
- create_ntfs_boot_sector(disk_car,partition, sectors_per_cluster*disk_car->sector_size, mft_lcn, mftmirr_lcn, mft_record_size, index_block_size,current_cmd);
+ create_ntfs_boot_sector(disk_car,partition, sectors_per_cluster*disk_car->sector_size, mft_lcn, mftmirr_lcn, mft_record_size, index_block_size, expert, current_cmd);
/* TODO: ask if the user want to continue the search of MFT */
}
else
diff --git a/src/ntfs_dir.c b/src/ntfs_dir.c
index 05866ab..878aa33 100644
--- a/src/ntfs_dir.c
+++ b/src/ntfs_dir.c
@@ -197,7 +197,8 @@ static int ntfs_td_list_entry( struct ntfs_dir_struct *ls, const ntfschar *name
#endif
result = 0; /* These are successful */
- if (MREF(mref) < FILE_first_user && filename[0] == '$') /* Hide system file */
+ if ((ls->dir_data->param & FLAG_LIST_SYSTEM)!=FLAG_LIST_SYSTEM &&
+ MREF(mref) < FILE_first_user && filename[0] == '$') /* Hide system file */
goto freefn;
result = -1; /* Everything else is bad */
@@ -460,7 +461,7 @@ static void dir_partition_ntfs_close(dir_data_t *dir_data)
}
#endif
-dir_partition_t dir_partition_ntfs_init(disk_t *disk_car, const partition_t *partition, dir_data_t *dir_data, const int verbose)
+dir_partition_t dir_partition_ntfs_init(disk_t *disk_car, const partition_t *partition, dir_data_t *dir_data, const int verbose, const int expert)
{
#if defined(HAVE_LIBNTFS) || defined(HAVE_LIBNTFS3G)
struct ntfs_device *dev;
@@ -522,6 +523,8 @@ dir_partition_t dir_partition_ntfs_init(disk_t *disk_car, const partition_t *par
strncpy(dir_data->current_directory,"/",sizeof(dir_data->current_directory));
dir_data->current_inode=FILE_root;
dir_data->param=FLAG_LIST_ADS;
+ if(expert!=0)
+ dir_data->param|=FLAG_LIST_SYSTEM;
dir_data->verbose=verbose;
dir_data->capabilities=CAPA_LIST_ADS;
dir_data->get_dir=&ntfs_dir;
diff --git a/src/ntfs_dir.h b/src/ntfs_dir.h
index da888e8..06abcb5 100644
--- a/src/ntfs_dir.h
+++ b/src/ntfs_dir.h
@@ -23,7 +23,7 @@
extern "C" {
#endif
-dir_partition_t dir_partition_ntfs_init(disk_t *disk_car, const partition_t *partition, dir_data_t *dir_data, const int verbose);
+dir_partition_t dir_partition_ntfs_init(disk_t *disk_car, const partition_t *partition, dir_data_t *dir_data, const int verbose, const int expert);
const char*td_ntfs_version(void);
#ifdef __cplusplus
diff --git a/src/ntfs_fix.c b/src/ntfs_fix.c
index 4cee6c7..e0157a2 100644
--- a/src/ntfs_fix.c
+++ b/src/ntfs_fix.c
@@ -167,7 +167,7 @@ int repair_MFT(disk_t *disk_car, partition_t *partition, const int verbose, cons
dir_data_t dir_data;
/* Use MFT */
io_redir_add_redir(disk_car, mftmirr_pos, mftmirr_size_bytes, 0, buffer_mft);
- res1=dir_partition_ntfs_init(disk_car,partition,&dir_data,verbose);
+ res1=dir_partition_ntfs_init(disk_car, partition, &dir_data, verbose, 0);
if(res1==DIR_PART_ENOSYS)
{
display_message("Can't determine which MFT is correct, ntfslib is missing.\n");
@@ -195,7 +195,7 @@ int repair_MFT(disk_t *disk_car, partition_t *partition, const int verbose, cons
io_redir_del_redir(disk_car,mftmirr_pos);
/* Use MFT mirror */
io_redir_add_redir(disk_car, mft_pos, mftmirr_size_bytes, 0, buffer_mftmirr);
- res2=dir_partition_ntfs_init(disk_car,partition,&dir_data,verbose);
+ res2=dir_partition_ntfs_init(disk_car, partition, &dir_data, verbose, 0);
if(res2==DIR_PART_OK)
{
file_info_t dir_list;
diff --git a/src/ntfs_udl.c b/src/ntfs_udl.c
index 071d6f0..ecbac2d 100644
--- a/src/ntfs_udl.c
+++ b/src/ntfs_udl.c
@@ -1635,7 +1635,7 @@ int ntfs_undelete_part(disk_t *disk_car, const partition_t *partition, const int
#ifdef HAVE_NCURSES
WINDOW *window;
#endif
- dir_partition_t res=dir_partition_ntfs_init(disk_car,partition,&dir_data,verbose);
+ dir_partition_t res=dir_partition_ntfs_init(disk_car, partition, &dir_data, verbose, 0);
#ifdef HAVE_NCURSES
window=newwin(LINES, COLS, 0, 0); /* full screen */
dir_data.display=window;
diff --git a/src/ntfsp.c b/src/ntfsp.c
index b2f5e19..6da6822 100644
--- a/src/ntfsp.c
+++ b/src/ntfsp.c
@@ -60,7 +60,7 @@
unsigned int ntfs_remove_used_space(disk_t *disk_car,const partition_t *partition, alloc_data_t *list_search_space)
{
dir_data_t dir_data;
- switch(dir_partition_ntfs_init(disk_car,partition,&dir_data,0))
+ switch(dir_partition_ntfs_init(disk_car, partition, &dir_data, 0, 0))
{
case DIR_PART_ENOIMP:
case DIR_PART_ENOSYS:
diff --git a/src/tntfs.c b/src/tntfs.c
index 9594f8e..a1ae87d 100644
--- a/src/tntfs.c
+++ b/src/tntfs.c
@@ -282,11 +282,11 @@ int ntfs_boot_sector(disk_t *disk, partition_t *partition, const int verbose, co
if(strchr(options,'O')==NULL && strchr(options,'B')!=NULL)
{
io_redir_add_redir(disk,partition->part_offset,NTFS_BOOT_SECTOR_SIZE,0,buffer_backup_bs);
- dir_partition(disk, partition, 0,current_cmd);
+ dir_partition(disk, partition, 0, expert, current_cmd);
io_redir_del_redir(disk,partition->part_offset);
}
else
- dir_partition(disk, partition, 0,current_cmd);
+ dir_partition(disk, partition, 0, expert, current_cmd);
break;
case 'M':
repair_MFT(disk, partition, verbose, expert, current_cmd);