PhotoRec: recover AppleSingle/AppleDouble, File Maker Pro .fp7, Heredis - Genealogy .hr9 and Microsoft SQL Server Log Data File .ldf
This commit is contained in:
parent
b5c651da4a
commit
8e6e295828
6 changed files with 283 additions and 0 deletions
|
@ -39,6 +39,7 @@ file_C = filegen.c \
|
|||
file_amr.c \
|
||||
file_apa.c \
|
||||
file_ape.c \
|
||||
file_apple.c \
|
||||
file_arj.c \
|
||||
file_asf.c \
|
||||
file_asm.c \
|
||||
|
@ -90,6 +91,7 @@ file_C = filegen.c \
|
|||
file_flp.c \
|
||||
file_flv.c \
|
||||
file_fob.c \
|
||||
file_fp7.c \
|
||||
file_frm.c \
|
||||
file_fs.c \
|
||||
file_gho.c \
|
||||
|
@ -97,6 +99,7 @@ file_C = filegen.c \
|
|||
file_gpg.c \
|
||||
file_gz.c \
|
||||
file_hds.c \
|
||||
file_hr9.c \
|
||||
file_ico.c \
|
||||
file_ifo.c \
|
||||
file_imb.c \
|
||||
|
@ -105,6 +108,7 @@ file_C = filegen.c \
|
|||
file_itu.c \
|
||||
file_jpg.c \
|
||||
file_kdb.c \
|
||||
file_ldf.c \
|
||||
file_lnk.c \
|
||||
file_logic.c \
|
||||
file_m2ts.c \
|
||||
|
|
63
src/file_apple.c
Normal file
63
src/file_apple.c
Normal file
|
@ -0,0 +1,63 @@
|
|||
/*
|
||||
|
||||
File: file_apple.c
|
||||
|
||||
Copyright (C) 2009 Christophe GRENIER <grenier@cgsecurity.org>
|
||||
|
||||
This software is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation; either version 2 of the License, or
|
||||
(at your option) any later version.
|
||||
|
||||
This program is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
GNU General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU General Public License along
|
||||
with this program; if not, write the Free Software Foundation, Inc., 51
|
||||
Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||
|
||||
*/
|
||||
#ifdef HAVE_CONFIG_H
|
||||
#include <config.h>
|
||||
#endif
|
||||
#ifdef HAVE_STRING_H
|
||||
#include <string.h>
|
||||
#endif
|
||||
#include <stdio.h>
|
||||
#include "types.h"
|
||||
#include "filegen.h"
|
||||
|
||||
static void register_header_check_apple(file_stat_t *file_stat);
|
||||
static int header_check_apple(const unsigned char *buffer, const unsigned int buffer_size, const unsigned int safe_header_only, const file_recovery_t *file_recovery, file_recovery_t *file_recovery_new);
|
||||
|
||||
const file_hint_t file_hint_apple= {
|
||||
.extension="apple",
|
||||
.description="AppleSingle/AppleDouble",
|
||||
.min_header_distance=0,
|
||||
.max_filesize=PHOTOREC_MAX_FILE_SIZE,
|
||||
.recover=1,
|
||||
.enable_by_default=1,
|
||||
.register_header_check=®ister_header_check_apple
|
||||
};
|
||||
|
||||
static const unsigned char apple_header[8]= {
|
||||
0x00, 0x05, 0x16, 0x07, 0x00, 0x02, 0x00, 0x00
|
||||
};
|
||||
|
||||
static void register_header_check_apple(file_stat_t *file_stat)
|
||||
{
|
||||
register_header_check(0, apple_header,sizeof(apple_header), &header_check_apple, file_stat);
|
||||
}
|
||||
|
||||
static int header_check_apple(const unsigned char *buffer, const unsigned int buffer_size, const unsigned int safe_header_only, const file_recovery_t *file_recovery, file_recovery_t *file_recovery_new)
|
||||
{
|
||||
if(memcmp(buffer,apple_header,sizeof(apple_header))==0)
|
||||
{
|
||||
reset_file_recovery(file_recovery_new);
|
||||
file_recovery_new->extension=file_hint_apple.extension;
|
||||
return 1;
|
||||
}
|
||||
return 0;
|
||||
}
|
65
src/file_fp7.c
Normal file
65
src/file_fp7.c
Normal file
|
@ -0,0 +1,65 @@
|
|||
/*
|
||||
|
||||
File: file_fp7.c
|
||||
|
||||
Copyright (C) 2009 Christophe GRENIER <grenier@cgsecurity.org>
|
||||
|
||||
This software is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation; either version 2 of the License, or
|
||||
(at your option) any later version.
|
||||
|
||||
This program is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
GNU General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU General Public License along
|
||||
with this program; if not, write the Free Software Foundation, Inc., 51
|
||||
Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||
|
||||
*/
|
||||
#ifdef HAVE_CONFIG_H
|
||||
#include <config.h>
|
||||
#endif
|
||||
#ifdef HAVE_STRING_H
|
||||
#include <string.h>
|
||||
#endif
|
||||
#include <stdio.h>
|
||||
#include "types.h"
|
||||
#include "filegen.h"
|
||||
|
||||
static void register_header_check_fp7(file_stat_t *file_stat);
|
||||
static int header_check_fp7(const unsigned char *buffer, const unsigned int buffer_size, const unsigned int safe_header_only, const file_recovery_t *file_recovery, file_recovery_t *file_recovery_new);
|
||||
|
||||
const file_hint_t file_hint_fp7= {
|
||||
.extension="fp7",
|
||||
.description="",
|
||||
.min_header_distance=0,
|
||||
.max_filesize=PHOTOREC_MAX_FILE_SIZE,
|
||||
.recover=1,
|
||||
.enable_by_default=1,
|
||||
.register_header_check=®ister_header_check_fp7
|
||||
};
|
||||
|
||||
static const unsigned char fp7_header[0x14]= {
|
||||
0x00, 0x01, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01,
|
||||
0x00, 0x05, 0x00, 0x02, 0x00, 0x02, 0xc0, 'H',
|
||||
'B', 'A', 'M', '7'
|
||||
};
|
||||
|
||||
static void register_header_check_fp7(file_stat_t *file_stat)
|
||||
{
|
||||
register_header_check(0, fp7_header,sizeof(fp7_header), &header_check_fp7, file_stat);
|
||||
}
|
||||
|
||||
static int header_check_fp7(const unsigned char *buffer, const unsigned int buffer_size, const unsigned int safe_header_only, const file_recovery_t *file_recovery, file_recovery_t *file_recovery_new)
|
||||
{
|
||||
if(memcmp(buffer,fp7_header,sizeof(fp7_header))==0)
|
||||
{
|
||||
reset_file_recovery(file_recovery_new);
|
||||
file_recovery_new->extension=file_hint_fp7.extension;
|
||||
return 1;
|
||||
}
|
||||
return 0;
|
||||
}
|
75
src/file_hr9.c
Normal file
75
src/file_hr9.c
Normal file
|
@ -0,0 +1,75 @@
|
|||
/*
|
||||
|
||||
File: file_hr9.c
|
||||
|
||||
Copyright (C) 2009 Christophe GRENIER <grenier@cgsecurity.org>
|
||||
|
||||
This software is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation; either version 2 of the License, or
|
||||
(at your option) any later version.
|
||||
|
||||
This program is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
GNU General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU General Public License along
|
||||
with this program; if not, write the Free Software Foundation, Inc., 51
|
||||
Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||
|
||||
*/
|
||||
#ifdef HAVE_CONFIG_H
|
||||
#include <config.h>
|
||||
#endif
|
||||
#ifdef HAVE_STRING_H
|
||||
#include <string.h>
|
||||
#endif
|
||||
#include <stdio.h>
|
||||
#include "types.h"
|
||||
#include "filegen.h"
|
||||
|
||||
static void register_header_check_hr9(file_stat_t *file_stat);
|
||||
static int header_check_hr9(const unsigned char *buffer, const unsigned int buffer_size, const unsigned int safe_header_only, const file_recovery_t *file_recovery, file_recovery_t *file_recovery_new);
|
||||
static void file_check_hr9(file_recovery_t *file_recovery);
|
||||
|
||||
const file_hint_t file_hint_hr9= {
|
||||
.extension="hr9",
|
||||
.description="Heredis - Genealogy",
|
||||
.min_header_distance=0,
|
||||
.max_filesize=PHOTOREC_MAX_FILE_SIZE,
|
||||
.recover=1,
|
||||
.enable_by_default=1,
|
||||
.register_header_check=®ister_header_check_hr9
|
||||
};
|
||||
|
||||
static const unsigned char hr9_header[17]= {
|
||||
0xc0, 0xde, 0xca, 0xfe, 0x00, 0x00, 0x00, 0x00,
|
||||
'H', 'e', 'r', 'e', 'd', 'i', 's', 0x99,
|
||||
0x20
|
||||
};
|
||||
|
||||
static void register_header_check_hr9(file_stat_t *file_stat)
|
||||
{
|
||||
register_header_check(0, hr9_header,sizeof(hr9_header), &header_check_hr9, file_stat);
|
||||
}
|
||||
|
||||
static int header_check_hr9(const unsigned char *buffer, const unsigned int buffer_size, const unsigned int safe_header_only, const file_recovery_t *file_recovery, file_recovery_t *file_recovery_new)
|
||||
{
|
||||
if(memcmp(buffer,hr9_header,sizeof(hr9_header))==0)
|
||||
{
|
||||
reset_file_recovery(file_recovery_new);
|
||||
file_recovery_new->extension=file_hint_hr9.extension;
|
||||
file_recovery_new->file_check=file_check_hr9;
|
||||
return 1;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
static void file_check_hr9(file_recovery_t *file_recovery)
|
||||
{
|
||||
const unsigned char hr9_footer[4]= {0xc0, 0xde, 0xca, 0xfe};
|
||||
file_search_footer(file_recovery, hr9_footer, sizeof(hr9_footer));
|
||||
if(file_recovery->file_size>0)
|
||||
file_recovery->file_size+=0x50-4;
|
||||
}
|
68
src/file_ldf.c
Normal file
68
src/file_ldf.c
Normal file
|
@ -0,0 +1,68 @@
|
|||
/*
|
||||
|
||||
File: file_ldf.c
|
||||
|
||||
Copyright (C) 2009 Christophe GRENIER <grenier@cgsecurity.org>
|
||||
|
||||
This software is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation; either version 2 of the License, or
|
||||
(at your option) any later version.
|
||||
|
||||
This program is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
GNU General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU General Public License along
|
||||
with this program; if not, write the Free Software Foundation, Inc., 51
|
||||
Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||
|
||||
*/
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
#include <config.h>
|
||||
#endif
|
||||
#ifdef HAVE_STRING_H
|
||||
#include <string.h>
|
||||
#endif
|
||||
#include <stdio.h>
|
||||
#include "types.h"
|
||||
#include "filegen.h"
|
||||
|
||||
|
||||
static void register_header_check_ldf(file_stat_t *file_stat);
|
||||
static int header_check_ldf(const unsigned char *buffer, const unsigned int buffer_size, const unsigned int safe_header_only, const file_recovery_t *file_recovery, file_recovery_t *file_recovery_new);
|
||||
|
||||
const file_hint_t file_hint_ldf= {
|
||||
.extension="ldf",
|
||||
.description="Microsoft SQL Server Log Data File",
|
||||
.min_header_distance=0,
|
||||
.max_filesize=PHOTOREC_MAX_FILE_SIZE,
|
||||
.recover=1,
|
||||
.enable_by_default=1,
|
||||
.register_header_check=®ister_header_check_ldf
|
||||
};
|
||||
|
||||
static const unsigned char ldf_header[4]= { 0x01, 0x0f, 0x00, 0x00 };
|
||||
|
||||
static void register_header_check_ldf(file_stat_t *file_stat)
|
||||
{
|
||||
register_header_check(0, ldf_header,sizeof(ldf_header), &header_check_ldf, file_stat);
|
||||
}
|
||||
|
||||
static int header_check_ldf(const unsigned char *buffer, const unsigned int buffer_size, const unsigned int safe_header_only, const file_recovery_t *file_recovery, file_recovery_t *file_recovery_new)
|
||||
{
|
||||
if(buffer[0x00]==0x01 && buffer[0x01]==0x0f && buffer[0x02]==0x00 && buffer[0x03]==0x00 &&
|
||||
buffer[0x08]==0x00 && buffer[0x09]==0x00 && buffer[0x0a]==0x00 && buffer[0x0b]==0x00 &&
|
||||
buffer[0x0c]==0x00 && buffer[0x0d]==0x00 && buffer[0x0e]==0x00 && buffer[0x0f]==0x00 &&
|
||||
buffer[0x10]==0x00 && buffer[0x11]==0x00 && buffer[0x12]==0x00 && buffer[0x13]==0x00 &&
|
||||
buffer[0x14]==0x00 && buffer[0x15]==0x00 && buffer[0x16]==0x02 && buffer[0x17]==0x00 &&
|
||||
buffer[0x18]==0x63 && buffer[0x19]==0x00 && buffer[0x1A]==0x00 && buffer[0x1B]==0x00)
|
||||
{
|
||||
reset_file_recovery(file_recovery_new);
|
||||
file_recovery_new->extension=file_hint_ldf.extension;
|
||||
return 1;
|
||||
}
|
||||
return 0;
|
||||
}
|
|
@ -41,6 +41,7 @@ extern const file_hint_t file_hint_amd;
|
|||
extern const file_hint_t file_hint_amr;
|
||||
extern const file_hint_t file_hint_apa;
|
||||
extern const file_hint_t file_hint_ape;
|
||||
extern const file_hint_t file_hint_apple;
|
||||
extern const file_hint_t file_hint_arj;
|
||||
extern const file_hint_t file_hint_asf;
|
||||
extern const file_hint_t file_hint_asm;
|
||||
|
@ -93,6 +94,7 @@ extern const file_hint_t file_hint_fasttxt;
|
|||
extern const file_hint_t file_hint_flp;
|
||||
extern const file_hint_t file_hint_flv;
|
||||
extern const file_hint_t file_hint_fob;
|
||||
extern const file_hint_t file_hint_fp7;
|
||||
extern const file_hint_t file_hint_frm;
|
||||
extern const file_hint_t file_hint_fs;
|
||||
extern const file_hint_t file_hint_gho;
|
||||
|
@ -100,6 +102,7 @@ extern const file_hint_t file_hint_gif;
|
|||
extern const file_hint_t file_hint_gpg;
|
||||
extern const file_hint_t file_hint_gz;
|
||||
extern const file_hint_t file_hint_hds;
|
||||
extern const file_hint_t file_hint_hr9;
|
||||
extern const file_hint_t file_hint_ico;
|
||||
extern const file_hint_t file_hint_ifo;
|
||||
extern const file_hint_t file_hint_imb;
|
||||
|
@ -108,6 +111,7 @@ extern const file_hint_t file_hint_iso;
|
|||
extern const file_hint_t file_hint_itunes;
|
||||
extern const file_hint_t file_hint_jpg;
|
||||
extern const file_hint_t file_hint_kdb;
|
||||
extern const file_hint_t file_hint_ldf;
|
||||
extern const file_hint_t file_hint_logic;
|
||||
extern const file_hint_t file_hint_lnk;
|
||||
extern const file_hint_t file_hint_m2ts;
|
||||
|
@ -214,6 +218,7 @@ file_enable_t list_file_enable[]=
|
|||
{ .enable=0, .file_hint=&file_hint_amr },
|
||||
{ .enable=0, .file_hint=&file_hint_apa },
|
||||
{ .enable=0, .file_hint=&file_hint_ape },
|
||||
{ .enable=0, .file_hint=&file_hint_apple },
|
||||
{ .enable=0, .file_hint=&file_hint_arj },
|
||||
{ .enable=0, .file_hint=&file_hint_asf },
|
||||
{ .enable=0, .file_hint=&file_hint_asm },
|
||||
|
@ -265,6 +270,7 @@ file_enable_t list_file_enable[]=
|
|||
{ .enable=0, .file_hint=&file_hint_flp },
|
||||
{ .enable=0, .file_hint=&file_hint_flv },
|
||||
{ .enable=0, .file_hint=&file_hint_fob },
|
||||
{ .enable=0, .file_hint=&file_hint_fp7 },
|
||||
{ .enable=0, .file_hint=&file_hint_frm },
|
||||
{ .enable=0, .file_hint=&file_hint_fs },
|
||||
{ .enable=0, .file_hint=&file_hint_gho },
|
||||
|
@ -272,6 +278,7 @@ file_enable_t list_file_enable[]=
|
|||
{ .enable=0, .file_hint=&file_hint_gpg },
|
||||
{ .enable=0, .file_hint=&file_hint_gz },
|
||||
{ .enable=0, .file_hint=&file_hint_hds },
|
||||
{ .enable=0, .file_hint=&file_hint_hr9 },
|
||||
{ .enable=0, .file_hint=&file_hint_ico },
|
||||
{ .enable=0, .file_hint=&file_hint_ifo },
|
||||
{ .enable=0, .file_hint=&file_hint_imb },
|
||||
|
@ -280,6 +287,7 @@ file_enable_t list_file_enable[]=
|
|||
{ .enable=0, .file_hint=&file_hint_itunes },
|
||||
{ .enable=0, .file_hint=&file_hint_jpg },
|
||||
{ .enable=0, .file_hint=&file_hint_kdb },
|
||||
{ .enable=0, .file_hint=&file_hint_ldf },
|
||||
{ .enable=0, .file_hint=&file_hint_logic},
|
||||
{ .enable=0, .file_hint=&file_hint_lnk },
|
||||
{ .enable=0, .file_hint=&file_hint_m2ts },
|
||||
|
|
Loading…
Reference in a new issue