Skip to content
Browse files

cleaned up usage statement and added lookups for inode, inode status,…

… and filename
  • Loading branch information...
1 parent 1084d1b commit 656b1627109d52d25dfad9d77053c9048debdf89 @superponible committed Oct 10, 2011
Showing with 75 additions and 26 deletions.
  1. +75 −26 srch_strings_wrap
View
101 srch_strings_wrap
@@ -5,51 +5,54 @@
#
# A wrapper around srch_strings. This can be used in place of srch_strings,
# and will forward all command line options to srch_strings. If -b
-# or -d is specified and the proper srch_strings args were given, it will
-# add allocation status, block number, and byte offset within the block
-# to the output of srch_strings.
+# or -d is specified along with "-t d", the additional functionality of
+# this script is available; otherwise, it will just run as normal.
-# filesystem commands used in script
+my $scriptname = "srch_strings_wrap";
+# filesystem commands used in script
my $srch_strings_cmd = "/usr/local/bin/srch_strings";
my $blkstat_cmd = "/usr/local/bin/blkstat";
my $fsstat_cmd = "/usr/local/bin/fsstat";
+my $ifind_cmd = "/usr/local/bin/ifind";
+my $istat_cmd = "/usr/local/bin/istat";
+my $ffind_cmd = "/usr/local/bin/ffind";
# print usage statement
sub usage {
print <<EOF;
-usage: $0 [-h] [-b blocksize] [-d] [-H] [-F delim] [-C] [srch_strings options] [file(s)]
+usage: $scriptname [OPTION(s)] [FILE(s)]
+[-h] [-b blocksize] [-d] [-H] [-F delim] [-C] [srch_strings options] [file(s)]
-$0 is a wrapper for the srch_strings command and can be used in its place.
+$scriptname is a wrapper for the srch_strings command and can be used in its place.
-The -b and -d options enable the additional functionality.
+The -b or -d options enable the additional functionality.
If -b or -d is used and "-t d" is not given, this script will fail.
If neither -b nor -d is given, this functions as standard srch_strings.
The -number argument does not work. Use "-n number" instead.
-File(s) should be filesystem images, not full disk images.
-OPTIONS:
+OPTIONS (wrapper specific):
-h Print this help message
-b blocksize block size of filesystem in imagefile(s)
-d Determine block size of each file argument using fsstat
-H Print a header line
-F delim Delimiter in output, default is tab
-C Output in CSV, with quotes to handle spaces
-
-Usage: srch_strings [option(s)] [file(s)]
- Display printable strings in [file(s)] (stdin by default)
- The options are:
- -a - Scan the entire file, not just the data section
- -f Print the name of the file before each string
- -n number Locate & print any NUL-terminated sequence of at
- -<number> least [number] characters (default 4).
- -t {o,x,d} Print the location of the string in base 8, 10 or 16
- -o An alias for --radix=o
- -e {s,S,b,l,B,L} Select character size and endianness:
- s = 7-bit, S = 8-bit, {b,l} = 16-bit, {B,L} = 32-bit
- -h Display this information
- -v Print the program's version number
+ -O offset offset of partition start if FILE is a disk image
+ (only 1 FILE argument allowed with -O)
+
+OPTIONS (standard srch_strings options)
+ -a - Scan the entire file, not just the data section
+ -f Print the name of the file before each string
+ -n number Locate & print any NUL-terminated sequence of at
+ -<number> least [number] characters (default 4).
+ -t {o,x,d} Print the location of the string in base 8, 10 or 16
+ -o An alias for --radix=o
+ -e {s,S,b,l,B,L} Select character size and endianness:
+ s = 7-bit, S = 8-bit, {b,l} = 16-bit, {B,L} = 32-bit
+ -h Display this information
+ -v Print the program's version number
EOF
}
@@ -131,15 +134,18 @@ if (!$opts{'d'} && !$opts{'b'} || !$opts{'d'} && $blksize == 1) {
if ($opts{'H'}) {
my $filename_print = "";
if ($opts{'f'}) {
- $filename_print = "${csv}FILENAME${csv}${delim}";
+ $filename_print = "${csv}IMG FILE${csv}${delim}";
}
- print "${filename_print}${csv}STATUS${csv}${delim}${csv}BLOCK${csv}${delim}${csv}OFFSET${csv}${delim}${csv}BYTE OFFSET${csv}${delim}${csv}STRING${csv}\n";
+ print "${filename_print}${csv}FILENAME${csv}${delim}${csv}ISTATUS${csv}${delim}${csv}INODE${csv}${delim}${csv}BSTATUS${csv}${delim}${csv}BLOCK${csv}${delim}${csv}OFFSET${csv}${delim}${csv}BYTE OFFSET${csv}${delim}${csv}STRING${csv}\n";
}
# loop through each of the file arguments at the end of the command line
foreach (@files) {
my $file = $_;
my %status = (); # tracks allocated/not allocated block status
+ my %inode = (); # tracks inodes of blocks
+ my %istatus = (); # tracks allocated/not allocated inode status
+ my %filename = (); # tracks filenames
# if -d specified, use fsstat to get block size
if ($opts{'d'}) {
open (FS, "$fsstat_cmd $file |") || die "$fsstat_cmd $file: $!\n";
@@ -176,6 +182,49 @@ if (!$opts{'d'} && !$opts{'b'} || !$opts{'d'} && $blksize == 1) {
}
}
+ # get inode number for block
+ unless (length($inode{$blk})) {
+ open(IF, "$ifind_cmd $file -d $blk |") || die "$ifind_cmd $file -d $blk: $!\n";
+ while (<IF>) {
+ next unless (/\d+|Inode not found/);
+ chomp;
+ if (/^I/) {
+ $inode{$blk} = "NF";
+ } else {
+ $inode{$blk} = $_;
+ }
+ last;
+ }
+ }
+
+ # get inode allocation status
+ if ($inode{$blk} eq "NF") {
+ $istatus{$inode{$blk}} = "NF";
+ } else {
+ unless (length($istatus{$inode{$blk}})) {
+ open(BS, "$istat_cmd $file $inode{$blk} |") || die "$istat_cmd $file $inode{$blk}: $!\n";
+ while (<BS>) {
+ next unless (/Allocated/);
+ ($istatus{$inode{$blk}} = $_) =~ s/[^NA]//g;
+ last;
+ }
+ }
+ }
+
+ # get filename
+ if ($inode{$blk} ne "NF") {
+ unless (length($filename{$inode{$blk}})) {
+ open(FF, "$ffind_cmd $file $inode{$blk} |") || die "$ffind_cmd $file $inode{$blk}: $!\n";
+ while (<FF>) {
+ chomp;
+ $filename{$inode{$blk}} = $_;
+ last;
+ }
+ }
+ } else {
+ $filename{$inode{$blk}} = "FILENAME_NF";
+ }
+
# print srch_strings output with optional filename, block status, block number, byte offset
if ($opts{'C'}) {
$string =~ s/\"/\"\"/g;
@@ -184,7 +233,7 @@ if (!$opts{'d'} && !$opts{'b'} || !$opts{'d'} && $blksize == 1) {
if ($opts{'f'}) {
$filename_print = "${csv}${file}${csv}${delim}";
}
- print "${filename_print}${csv}$status{$blk}${csv}${delim}${csv}${blk}${csv}${delim}${csv}${blk_offset}${csv}${delim}${csv}${bytes}${csv}${delim}${csv}${string}${csv}\n";
+ print "${filename_print}${csv}$filename{$inode{$blk}}${csv}${delim}${csv}$istatus{$inode{$blk}}${csv}${delim}${csv}$inode{$blk}${csv}${delim}${csv}$status{$blk}${csv}${delim}${csv}${blk}${csv}${delim}${csv}${blk_offset}${csv}${delim}${csv}${bytes}${csv}${delim}${csv}${string}${csv}\n";
}
close SS_OUT;
}

0 comments on commit 656b162

Please sign in to comment.
Something went wrong with that request. Please try again.