summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorChristophe Grenier <grenier@cgsecurity.org>2009-02-15 20:33:58 +0100
committerChristophe Grenier <grenier@cgsecurity.org>2009-02-15 20:33:58 +0100
commit8e6e29582860dd6a52de222d5f4eb063c3923358 (patch)
tree2e080b7fa2f4a7336151ab951fc87193555a0e0f
parentb5c651da4a45ba33f084ab9b5b67179a505c29d3 (diff)
PhotoRec: recover AppleSingle/AppleDouble, File Maker Pro .fp7, Heredis - Genealogy .hr9 and Microsoft SQL Server Log Data File .ldf
-rw-r--r--src/Makefile.am4
-rw-r--r--src/file_apple.c63
-rw-r--r--src/file_fp7.c65
-rw-r--r--src/file_hr9.c75
-rw-r--r--src/file_ldf.c68
-rw-r--r--src/file_list.c8
6 files changed, 283 insertions, 0 deletions
diff --git a/src/Makefile.am b/src/Makefile.am
index abd3140..945df38 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -39,6 +39,7 @@ file_C = filegen.c \
file_amr.c \
file_apa.c \
file_ape.c \
+ file_apple.c \
file_arj.c \
file_asf.c \
file_asm.c \
@@ -90,6 +91,7 @@ file_C = filegen.c \
file_flp.c \
file_flv.c \
file_fob.c \
+ file_fp7.c \
file_frm.c \
file_fs.c \
file_gho.c \
@@ -97,6 +99,7 @@ file_C = filegen.c \
file_gpg.c \
file_gz.c \
file_hds.c \
+ file_hr9.c \
file_ico.c \
file_ifo.c \
file_imb.c \
@@ -105,6 +108,7 @@ file_C = filegen.c \
file_itu.c \
file_jpg.c \
file_kdb.c \
+ file_ldf.c \
file_lnk.c \
file_logic.c \
file_m2ts.c \
diff --git a/src/file_apple.c b/src/file_apple.c
new file mode 100644
index 0000000..4ec0920
--- /dev/null
+++ b/src/file_apple.c
@@ -0,0 +1,63 @@
+/*
+
+ File: file_apple.c
+
+ Copyright (C) 2009 Christophe GRENIER <grenier@cgsecurity.org>
+
+ This software is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write the Free Software Foundation, Inc., 51
+ Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ */
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+#ifdef HAVE_STRING_H
+#include <string.h>
+#endif
+#include <stdio.h>
+#include "types.h"
+#include "filegen.h"
+
+static void register_header_check_apple(file_stat_t *file_stat);
+static int header_check_apple(const unsigned char *buffer, const unsigned int buffer_size, const unsigned int safe_header_only, const file_recovery_t *file_recovery, file_recovery_t *file_recovery_new);
+
+const file_hint_t file_hint_apple= {
+ .extension="apple",
+ .description="AppleSingle/AppleDouble",
+ .min_header_distance=0,
+ .max_filesize=PHOTOREC_MAX_FILE_SIZE,
+ .recover=1,
+ .enable_by_default=1,
+ .register_header_check=&register_header_check_apple
+};
+
+static const unsigned char apple_header[8]= {
+ 0x00, 0x05, 0x16, 0x07, 0x00, 0x02, 0x00, 0x00
+};
+
+static void register_header_check_apple(file_stat_t *file_stat)
+{
+ register_header_check(0, apple_header,sizeof(apple_header), &header_check_apple, file_stat);
+}
+
+static int header_check_apple(const unsigned char *buffer, const unsigned int buffer_size, const unsigned int safe_header_only, const file_recovery_t *file_recovery, file_recovery_t *file_recovery_new)
+{
+ if(memcmp(buffer,apple_header,sizeof(apple_header))==0)
+ {
+ reset_file_recovery(file_recovery_new);
+ file_recovery_new->extension=file_hint_apple.extension;
+ return 1;
+ }
+ return 0;
+}
diff --git a/src/file_fp7.c b/src/file_fp7.c
new file mode 100644
index 0000000..b026079
--- /dev/null
+++ b/src/file_fp7.c
@@ -0,0 +1,65 @@
+/*
+
+ File: file_fp7.c
+
+ Copyright (C) 2009 Christophe GRENIER <grenier@cgsecurity.org>
+
+ This software is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write the Free Software Foundation, Inc., 51
+ Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ */
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+#ifdef HAVE_STRING_H
+#include <string.h>
+#endif
+#include <stdio.h>
+#include "types.h"
+#include "filegen.h"
+
+static void register_header_check_fp7(file_stat_t *file_stat);
+static int header_check_fp7(const unsigned char *buffer, const unsigned int buffer_size, const unsigned int safe_header_only, const file_recovery_t *file_recovery, file_recovery_t *file_recovery_new);
+
+const file_hint_t file_hint_fp7= {
+ .extension="fp7",
+ .description="",
+ .min_header_distance=0,
+ .max_filesize=PHOTOREC_MAX_FILE_SIZE,
+ .recover=1,
+ .enable_by_default=1,
+ .register_header_check=&register_header_check_fp7
+};
+
+static const unsigned char fp7_header[0x14]= {
+ 0x00, 0x01, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01,
+ 0x00, 0x05, 0x00, 0x02, 0x00, 0x02, 0xc0, 'H',
+ 'B', 'A', 'M', '7'
+};
+
+static void register_header_check_fp7(file_stat_t *file_stat)
+{
+ register_header_check(0, fp7_header,sizeof(fp7_header), &header_check_fp7, file_stat);
+}
+
+static int header_check_fp7(const unsigned char *buffer, const unsigned int buffer_size, const unsigned int safe_header_only, const file_recovery_t *file_recovery, file_recovery_t *file_recovery_new)
+{
+ if(memcmp(buffer,fp7_header,sizeof(fp7_header))==0)
+ {
+ reset_file_recovery(file_recovery_new);
+ file_recovery_new->extension=file_hint_fp7.extension;
+ return 1;
+ }
+ return 0;
+}
diff --git a/src/file_hr9.c b/src/file_hr9.c
new file mode 100644
index 0000000..023b105
--- /dev/null
+++ b/src/file_hr9.c
@@ -0,0 +1,75 @@
+/*
+
+ File: file_hr9.c
+
+ Copyright (C) 2009 Christophe GRENIER <grenier@cgsecurity.org>
+
+ This software is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write the Free Software Foundation, Inc., 51
+ Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ */
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+#ifdef HAVE_STRING_H
+#include <string.h>
+#endif
+#include <stdio.h>
+#include "types.h"
+#include "filegen.h"
+
+static void register_header_check_hr9(file_stat_t *file_stat);
+static int header_check_hr9(const unsigned char *buffer, const unsigned int buffer_size, const unsigned int safe_header_only, const file_recovery_t *file_recovery, file_recovery_t *file_recovery_new);
+static void file_check_hr9(file_recovery_t *file_recovery);
+
+const file_hint_t file_hint_hr9= {
+ .extension="hr9",
+ .description="Heredis - Genealogy",
+ .min_header_distance=0,
+ .max_filesize=PHOTOREC_MAX_FILE_SIZE,
+ .recover=1,
+ .enable_by_default=1,
+ .register_header_check=&register_header_check_hr9
+};
+
+static const unsigned char hr9_header[17]= {
+ 0xc0, 0xde, 0xca, 0xfe, 0x00, 0x00, 0x00, 0x00,
+ 'H', 'e', 'r', 'e', 'd', 'i', 's', 0x99,
+ 0x20
+};
+
+static void register_header_check_hr9(file_stat_t *file_stat)
+{
+ register_header_check(0, hr9_header,sizeof(hr9_header), &header_check_hr9, file_stat);
+}
+
+static int header_check_hr9(const unsigned char *buffer, const unsigned int buffer_size, const unsigned int safe_header_only, const file_recovery_t *file_recovery, file_recovery_t *file_recovery_new)
+{
+ if(memcmp(buffer,hr9_header,sizeof(hr9_header))==0)
+ {
+ reset_file_recovery(file_recovery_new);
+ file_recovery_new->extension=file_hint_hr9.extension;
+ file_recovery_new->file_check=file_check_hr9;
+ return 1;
+ }
+ return 0;
+}
+
+static void file_check_hr9(file_recovery_t *file_recovery)
+{
+ const unsigned char hr9_footer[4]= {0xc0, 0xde, 0xca, 0xfe};
+ file_search_footer(file_recovery, hr9_footer, sizeof(hr9_footer));
+ if(file_recovery->file_size>0)
+ file_recovery->file_size+=0x50-4;
+}
diff --git a/src/file_ldf.c b/src/file_ldf.c
new file mode 100644
index 0000000..ee6815a
--- /dev/null
+++ b/src/file_ldf.c
@@ -0,0 +1,68 @@
+/*
+
+ File: file_ldf.c
+
+ Copyright (C) 2009 Christophe GRENIER <grenier@cgsecurity.org>
+
+ This software is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write the Free Software Foundation, Inc., 51
+ Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+#ifdef HAVE_STRING_H
+#include <string.h>
+#endif
+#include <stdio.h>
+#include "types.h"
+#include "filegen.h"
+
+
+static void register_header_check_ldf(file_stat_t *file_stat);
+static int header_check_ldf(const unsigned char *buffer, const unsigned int buffer_size, const unsigned int safe_header_only, const file_recovery_t *file_recovery, file_recovery_t *file_recovery_new);
+
+const file_hint_t file_hint_ldf= {
+ .extension="ldf",
+ .description="Microsoft SQL Server Log Data File",
+ .min_header_distance=0,
+ .max_filesize=PHOTOREC_MAX_FILE_SIZE,
+ .recover=1,
+ .enable_by_default=1,
+ .register_header_check=&register_header_check_ldf
+};
+
+static const unsigned char ldf_header[4]= { 0x01, 0x0f, 0x00, 0x00 };
+
+static void register_header_check_ldf(file_stat_t *file_stat)
+{
+ register_header_check(0, ldf_header,sizeof(ldf_header), &header_check_ldf, file_stat);
+}
+
+static int header_check_ldf(const unsigned char *buffer, const unsigned int buffer_size, const unsigned int safe_header_only, const file_recovery_t *file_recovery, file_recovery_t *file_recovery_new)
+{
+ if(buffer[0x00]==0x01 && buffer[0x01]==0x0f && buffer[0x02]==0x00 && buffer[0x03]==0x00 &&
+ buffer[0x08]==0x00 && buffer[0x09]==0x00 && buffer[0x0a]==0x00 && buffer[0x0b]==0x00 &&
+ buffer[0x0c]==0x00 && buffer[0x0d]==0x00 && buffer[0x0e]==0x00 && buffer[0x0f]==0x00 &&
+ buffer[0x10]==0x00 && buffer[0x11]==0x00 && buffer[0x12]==0x00 && buffer[0x13]==0x00 &&
+ buffer[0x14]==0x00 && buffer[0x15]==0x00 && buffer[0x16]==0x02 && buffer[0x17]==0x00 &&
+ buffer[0x18]==0x63 && buffer[0x19]==0x00 && buffer[0x1A]==0x00 && buffer[0x1B]==0x00)
+ {
+ reset_file_recovery(file_recovery_new);
+ file_recovery_new->extension=file_hint_ldf.extension;
+ return 1;
+ }
+ return 0;
+}
diff --git a/src/file_list.c b/src/file_list.c
index c6249d6..53f7daf 100644
--- a/src/file_list.c
+++ b/src/file_list.c
@@ -41,6 +41,7 @@ extern const file_hint_t file_hint_amd;
extern const file_hint_t file_hint_amr;
extern const file_hint_t file_hint_apa;
extern const file_hint_t file_hint_ape;
+extern const file_hint_t file_hint_apple;
extern const file_hint_t file_hint_arj;
extern const file_hint_t file_hint_asf;
extern const file_hint_t file_hint_asm;
@@ -93,6 +94,7 @@ extern const file_hint_t file_hint_fasttxt;
extern const file_hint_t file_hint_flp;
extern const file_hint_t file_hint_flv;
extern const file_hint_t file_hint_fob;
+extern const file_hint_t file_hint_fp7;
extern const file_hint_t file_hint_frm;
extern const file_hint_t file_hint_fs;
extern const file_hint_t file_hint_gho;
@@ -100,6 +102,7 @@ extern const file_hint_t file_hint_gif;
extern const file_hint_t file_hint_gpg;
extern const file_hint_t file_hint_gz;
extern const file_hint_t file_hint_hds;
+extern const file_hint_t file_hint_hr9;
extern const file_hint_t file_hint_ico;
extern const file_hint_t file_hint_ifo;
extern const file_hint_t file_hint_imb;
@@ -108,6 +111,7 @@ extern const file_hint_t file_hint_iso;
extern const file_hint_t file_hint_itunes;
extern const file_hint_t file_hint_jpg;
extern const file_hint_t file_hint_kdb;
+extern const file_hint_t file_hint_ldf;
extern const file_hint_t file_hint_logic;
extern const file_hint_t file_hint_lnk;
extern const file_hint_t file_hint_m2ts;
@@ -214,6 +218,7 @@ file_enable_t list_file_enable[]=
{ .enable=0, .file_hint=&file_hint_amr },
{ .enable=0, .file_hint=&file_hint_apa },
{ .enable=0, .file_hint=&file_hint_ape },
+ { .enable=0, .file_hint=&file_hint_apple },
{ .enable=0, .file_hint=&file_hint_arj },
{ .enable=0, .file_hint=&file_hint_asf },
{ .enable=0, .file_hint=&file_hint_asm },
@@ -265,6 +270,7 @@ file_enable_t list_file_enable[]=
{ .enable=0, .file_hint=&file_hint_flp },
{ .enable=0, .file_hint=&file_hint_flv },
{ .enable=0, .file_hint=&file_hint_fob },
+ { .enable=0, .file_hint=&file_hint_fp7 },
{ .enable=0, .file_hint=&file_hint_frm },
{ .enable=0, .file_hint=&file_hint_fs },
{ .enable=0, .file_hint=&file_hint_gho },
@@ -272,6 +278,7 @@ file_enable_t list_file_enable[]=
{ .enable=0, .file_hint=&file_hint_gpg },
{ .enable=0, .file_hint=&file_hint_gz },
{ .enable=0, .file_hint=&file_hint_hds },
+ { .enable=0, .file_hint=&file_hint_hr9 },
{ .enable=0, .file_hint=&file_hint_ico },
{ .enable=0, .file_hint=&file_hint_ifo },
{ .enable=0, .file_hint=&file_hint_imb },
@@ -280,6 +287,7 @@ file_enable_t list_file_enable[]=
{ .enable=0, .file_hint=&file_hint_itunes },
{ .enable=0, .file_hint=&file_hint_jpg },
{ .enable=0, .file_hint=&file_hint_kdb },
+ { .enable=0, .file_hint=&file_hint_ldf },
{ .enable=0, .file_hint=&file_hint_logic},
{ .enable=0, .file_hint=&file_hint_lnk },
{ .enable=0, .file_hint=&file_hint_m2ts },