예제 #1
0
  def test_read_buffer_file_object(self):
    """Tests the read_buffer function on a file-like object."""
    if not unittest.source:
      return

    file_object = open(unittest.source, "rb")

    vhdi_file = pyvhdi.file()

    vhdi_file.open_file_object(file_object)

    vhdi_parent_file = None
    if vhdi_file.parent_identifier:
      vhdi_parent_file = pyvhdi.file()

      parent_filename = os.path.join(
        os.path.dirname(unittest.source), vhdi_file.parent_filename)
      vhdi_parent_file.open(parent_filename, "r")

      vhdi_file.set_parent(vhdi_parent_file)

    file_size = vhdi_file.get_media_size()

    # Test normal read.
    data = vhdi_file.read_buffer(size=4096)

    self.assertIsNotNone(data)
    self.assertEqual(len(data), min(file_size, 4096))

    vhdi_file.close()

    if vhdi_parent_file:
      vhdi_parent_file.close()
예제 #2
0
  def test_read_buffer(self):
    """Tests the read_buffer function."""
    if not unittest.source:
      return

    vhdi_file = pyvhdi.file()

    vhdi_file.open(unittest.source)

    vhdi_parent_file = None
    if vhdi_file.parent_identifier:
      vhdi_parent_file = pyvhdi.file()

      parent_filename = os.path.join(
        os.path.dirname(unittest.source), vhdi_file.parent_filename)
      vhdi_parent_file.open(parent_filename, "r")

      vhdi_file.set_parent(vhdi_parent_file)

    file_size = vhdi_file.get_media_size()

    # Test normal read.
    data = vhdi_file.read_buffer(size=4096)

    self.assertIsNotNone(data)
    self.assertEqual(len(data), min(file_size, 4096))

    if file_size < 4096:
      data = vhdi_file.read_buffer()

      self.assertIsNotNone(data)
      self.assertEqual(len(data), file_size)

    # Test read beyond file size.
    if file_size > 16:
      vhdi_file.seek_offset(-16, os.SEEK_END)

      data = vhdi_file.read_buffer(size=4096)

      self.assertIsNotNone(data)
      self.assertEqual(len(data), 16)

    with self.assertRaises(ValueError):
      vhdi_file.read_buffer(size=-1)

    vhdi_file.close()

    if vhdi_parent_file:
      vhdi_parent_file.close()

    # Test the read without open.
    with self.assertRaises(IOError):
      vhdi_file.read_buffer(size=4096)
예제 #3
0
def extractFile(imageFile,filenames):


  vhdi_file = pyvhdi.file()
  vhdi_file.open(imageFile)
  img_info = vhdi_Img_Info(vhdi_file)
  partitionTable = pytsk3.Volume_Info(img_info)
  for partition in partitionTable:
    print partition.addr, partition.desc, "%ss(%s)" % (partition.start, partition.start * 512), partition.len
    # try:
    if 'NTFS' in partition.desc:
      filesystemObject = pytsk3.FS_Info(img_info, offset=(partition.start*512))
    # except:
    #         print "Partition has no supported file system"
    #         continue
      print "File System Type Dectected ",filesystemObject.info.ftype
      directoryObject = filesystemObject.open_dir(path=dirPath)
      print "Directory:",dirPath
    outputPath = 'ex_differ_file-test2'

  for filename in filenames:
    if not os.path.exists(outputPath):
      os.makedirs(outputPath)
    if not os.path.isdir(str(filename)):
      try:
        ex_path = ('%s/%s' % (outputPath, os.path.basename(str(filename)))).replace('//','/') 

        extractFile = open(ex_path,'w')

        fileobject = filesystemObject.open(str(filename))
        filedata = fileobject.read_random(0,fileobject.info.meta.size)
        extractFile.write(filedata)
        extractFile.close
      except IOError:
        print('cannot open', str(filename))
예제 #4
0
def pyvhdi_test_single_open_close_file_object_with_dereference(filename, mode):
    """Tests single file-like object open and close with dereference."""
    description = (
        "Testing single open close of file-like object with dereference of: "
        "{0:s} with access: {1:s}\t").format(get_filename_string(filename),
                                             get_mode_string(mode))
    print(description, end="")

    error_string = None
    result = True

    try:
        file_object = open(filename, "rb")
        vhdi_file = pyvhdi.file()

        vhdi_file.open_file_object(file_object, mode)
        del file_object
        vhdi_file.close()

    except Exception as exception:
        error_string = str(exception)
        result = False

    if not result:
        print("(FAIL)")
    else:
        print("(PASS)")

    if error_string:
        print(error_string)
    return result
예제 #5
0
    def test_open_close(self):
        """Tests the open and close functions."""
        if not unittest.source:
            return

        vhdi_file = pyvhdi.file()

        # Test open and close.
        vhdi_file.open(unittest.source)
        vhdi_file.close()

        # Test open and close a second time to validate clean up on close.
        vhdi_file.open(unittest.source)
        vhdi_file.close()

        if os.path.isfile(unittest.source):
            with open(unittest.source, "rb") as file_object:

                # Test open_file_object and close.
                vhdi_file.open_file_object(file_object)
                vhdi_file.close()

                # Test open_file_object and close a second time to validate clean up on close.
                vhdi_file.open_file_object(file_object)
                vhdi_file.close()

                # Test open_file_object and close and dereferencing file_object.
                vhdi_file.open_file_object(file_object)
                del file_object
                vhdi_file.close()
예제 #6
0
def pyvhdi_test_single_open_close_file_object_with_dereference(
    filename, mode):
  """Tests single file-like object open and close with dereference."""
  description = (
      "Testing single open close of file-like object with dereference of: "
      "{0:s} with access: {1:s}\t").format(
          get_filename_string(filename), get_mode_string(mode))
  print(description, end="")

  error_string = None
  result = True

  try:
    file_object = open(filename, "rb")
    vhdi_file = pyvhdi.file()

    vhdi_file.open_file_object(file_object, mode)
    del file_object
    vhdi_file.close()

  except Exception as exception:
    error_string = str(exception)
    result = False

  if not result:
    print("(FAIL)")
  else:
    print("(PASS)")

  if error_string:
    print(error_string)
  return result
예제 #7
0
def pyvhdi_test_multi_open_close_file(filename, mode):
    """Tests multiple open and close."""
    description = ("Testing multi open close of: {0:s} with access: {1:s}"
                   "\t").format(get_filename_string(filename),
                                get_mode_string(mode))
    print(description, end="")

    error_string = None
    result = True

    try:
        vhdi_file = pyvhdi.file()

        vhdi_file.open(filename, mode)
        vhdi_file.close()
        vhdi_file.open(filename, mode)
        vhdi_file.close()

    except Exception as exception:
        error_string = str(exception)
        result = False

    if not result:
        print("(FAIL)")
    else:
        print("(PASS)")

    if error_string:
        print(error_string)
    return result
예제 #8
0
    def _OpenFileObject(self, path_spec):
        """Opens the file-like object defined by path specification.

    Args:
      path_spec (PathSpec): path specification.

    Returns:
      pyvhdi.file: a file-like object.

    Raises:
      PathSpecError: if the path specification is incorrect.
    """
        if not path_spec.HasParent():
            raise errors.PathSpecError(
                'Unsupported path specification without parent.')

        file_object = resolver.Resolver.OpenFileObject(
            path_spec.parent, resolver_context=self._resolver_context)

        vhdi_file = pyvhdi.file()
        vhdi_file.open_file_object(file_object)

        if vhdi_file.parent_identifier:  # pylint: disable=using-constant-test
            file_system = resolver.Resolver.OpenFileSystem(
                path_spec.parent, resolver_context=self._resolver_context)

            self._OpenParentFile(file_system, path_spec.parent, vhdi_file)

        self._sub_file_objects.append(file_object)

        self._parent_vhdi_files.reverse()
        self._sub_file_objects.reverse()

        return vhdi_file
예제 #9
0
  def test_open_close(self):
    """Tests the open and close functions."""
    if not unittest.source:
      return

    vhdi_file = pyvhdi.file()

    # Test open and close.
    vhdi_file.open(unittest.source)
    vhdi_file.close()

    # Test open and close a second time to validate clean up on close.
    vhdi_file.open(unittest.source)
    vhdi_file.close()

    file_object = open(unittest.source, "rb")

    # Test open_file_object and close.
    vhdi_file.open_file_object(file_object)
    vhdi_file.close()

    # Test open_file_object and close a second time to validate clean up on close.
    vhdi_file.open_file_object(file_object)
    vhdi_file.close()

    # Test open_file_object and close and dereferencing file_object.
    vhdi_file.open_file_object(file_object)
    del file_object
    vhdi_file.close()
예제 #10
0
def pyvhdi_test_multi_open_close_file(filename, mode):
  """Tests multiple open and close."""
  description = (
      "Testing multi open close of: {0:s} with access: {1:s}"
      "\t").format(get_filename_string(filename), get_mode_string(mode))
  print(description, end="")

  error_string = None
  result = True

  try:
    vhdi_file = pyvhdi.file()

    vhdi_file.open(filename, mode)
    vhdi_file.close()
    vhdi_file.open(filename, mode)
    vhdi_file.close()

  except Exception as exception:
    error_string = str(exception)
    result = False

  if not result:
    print("(FAIL)")
  else:
    print("(PASS)")

  if error_string:
    print(error_string)
  return result
예제 #11
0
def pyvhdi_test_seek_file(filename):
    vhdi_file = pyvhdi.file()

    vhdi_file.open(filename, "r")
    result = pyvhdi_test_seek(vhdi_file)
    vhdi_file.close()

    return result
def pyvhdi_test_seek_file(filename):
  vhdi_file = pyvhdi.file()

  vhdi_file.open(filename, "r")
  result = pyvhdi_test_seek(vhdi_file)
  vhdi_file.close()

  return result
예제 #13
0
def pyvhdi_test_seek_file_object(filename):
    file_object = open(filename, "rb")
    vhdi_file = pyvhdi.file()

    vhdi_file.open_file_object(file_object, "r")
    result = pyvhdi_test_seek(vhdi_file)
    vhdi_file.close()

    return result
예제 #14
0
    def test_close(self):
        """Tests the close function."""
        if not unittest.source:
            raise unittest.SkipTest("missing source")

        vhdi_file = pyvhdi.file()

        with self.assertRaises(IOError):
            vhdi_file.close()
def pyvhdi_test_seek_file_object(filename):
  file_object = open(filename, "rb")
  vhdi_file = pyvhdi.file()

  vhdi_file.open_file_object(file_object, "r")
  result = pyvhdi_test_seek(vhdi_file)
  vhdi_file.close()

  return result
예제 #16
0
  def test_close(self):
    """Tests the close function."""
    if not unittest.source:
      return

    vhdi_file = pyvhdi.file()

    with self.assertRaises(IOError):
      vhdi_file.close()
예제 #17
0
  def _OpenParentFile(self, file_system, path_spec, vhdi_file):
    """Opens the parent file.

    Args:
      file_system: the file system (instance of FileSystem).
      path_spec: the path specification of the VHDI file (instance of
                 PathSpec).
      vhdi_file: the VHDI file (instance of pyvhdi.file).

    Raises:
      PathSpecError: if the path specification is incorrect.
    """
    location = getattr(path_spec, u'location', None)
    if not location:
      raise errors.PathSpecError(
          u'Unsupported path specification without location.')

    location_path_segments = file_system.SplitPath(location)

    parent_filename = vhdi_file.parent_filename
    _, _, parent_filename = parent_filename.rpartition(u'\\')

    location_path_segments.pop()
    location_path_segments.append(parent_filename)
    parent_file_location = file_system.JoinPath(location_path_segments)

    # Note that we don't want to set the keyword arguments when not used
    # because the path specification base class will check for unused
    # keyword arguments and raise.
    kwargs = path_spec_factory.Factory.GetProperties(path_spec)

    kwargs[u'location'] = parent_file_location
    if path_spec.parent is not None:
      kwargs[u'parent'] = path_spec.parent

    parent_file_path_spec = path_spec_factory.Factory.NewPathSpec(
        path_spec.type_indicator, **kwargs)

    if not file_system.FileEntryExistsByPathSpec(parent_file_path_spec):
      return

    file_object = resolver.Resolver.OpenFileObject(
        parent_file_path_spec, resolver_context=self._resolver_context)

    vhdi_parent_file = pyvhdi.file()
    vhdi_parent_file.open_file_object(file_object)

    if vhdi_parent_file.parent_identifier:
      self._OpenParentFile(
          file_system, parent_file_path_spec, vhdi_parent_file)

    vhdi_file.set_parent(vhdi_parent_file)

    self._parent_vhdi_files.append(vhdi_parent_file)
    self._sub_file_objects.append(file_object)
예제 #18
0
    def _OpenParentFile(self, file_system, path_spec, vhdi_file):
        """Opens the parent file.

    Args:
      file_system (FileSystem): file system of the VHDI file.
      path_spec (PathSpec): path specification of the VHDI file.
      vhdi_file (pyvhdi.file): VHDI file.

    Raises:
      PathSpecError: if the path specification is incorrect.
    """
        location = getattr(path_spec, 'location', None)
        if not location:
            raise errors.PathSpecError(
                'Unsupported path specification without location.')

        location_path_segments = file_system.SplitPath(location)

        parent_filename = vhdi_file.parent_filename
        _, _, parent_filename = parent_filename.rpartition('\\')

        location_path_segments.pop()
        location_path_segments.append(parent_filename)
        parent_file_location = file_system.JoinPath(location_path_segments)

        # Note that we don't want to set the keyword arguments when not used
        # because the path specification base class will check for unused
        # keyword arguments and raise.
        kwargs = path_spec_factory.Factory.GetProperties(path_spec)

        kwargs['location'] = parent_file_location
        if path_spec.parent is not None:
            kwargs['parent'] = path_spec.parent

        parent_file_path_spec = path_spec_factory.Factory.NewPathSpec(
            path_spec.type_indicator, **kwargs)

        if not file_system.FileEntryExistsByPathSpec(parent_file_path_spec):
            return

        file_object = resolver.Resolver.OpenFileObject(
            parent_file_path_spec, resolver_context=self._resolver_context)

        vhdi_parent_file = pyvhdi.file()
        vhdi_parent_file.open_file_object(file_object)

        if vhdi_parent_file.parent_identifier:
            self._OpenParentFile(file_system, parent_file_path_spec,
                                 vhdi_parent_file)

        vhdi_file.set_parent(vhdi_parent_file)

        self._parent_vhdi_files.append(vhdi_parent_file)
        self._sub_file_objects.append(file_object)
예제 #19
0
def extractFile(imageFile,filenames):


  # vhdi_file = pyvhdi.file()
  # vhdi_file.open(imageFile)
  # img_info = vhdi_Img_Info(vhdi_file)
  # partitionTable = pytsk3.Volume_Info(img_info)

  if "vhd" in imageFile:
    vhdi_file = pyvhdi.file()
    vhdi_file.open(imageFile)
    img_info = vhdi_Img_Info(vhdi_file)
    partitionTable = pytsk3.Volume_Info(img_info)
  else:
    img_info = pytsk3.Img_Info(imageFile)
    partitionTable = pytsk3.Volume_Info(img_info)

  for partition in partitionTable:
    print partition.addr, partition.desc, "%ss(%s)" % (partition.start, partition.start * 512), partition.len
    # try:
    if 'NTFS' in partition.desc:
      filesystemObject = pytsk3.FS_Info(img_info, offset=(partition.start*512))
      print "File System Type Dectected ",filesystemObject.info.ftype
      directoryObject = filesystemObject.open_dir(path=dirPath)
      print "Directory:",dirPath

    elif 'FAT32' in partition.desc:  # Use DFIR tutorial example to deal with other partitions later on.
      filesystemObject = pytsk3.FS_Info(img_info, offset=(partition.start*512))
      print "File System Type Dectected ",filesystemObject.info.ftype
      directoryObject = filesystemObject.open_dir(path=dirPath)
      print "Directory:",dirPath


    outputPath = 'Evidence_Package'

  for filename in filenames:
    if not os.path.exists(outputPath):
      os.makedirs(outputPath)
    if not os.path.isdir(str(filename)):
      try:
        # ex_path = ('%s/%s' % (outputPath, os.path.basename(str(filename)))).replace('//','/') 
        # ex_path = outputPath + os.sep + os.path.basename(str(filename))
        ex_path = ('%s\%s' % (outputPath, os.path.basename(str(filename)))).replace('//','/') 



        extractFile = open(ex_path,'w')

        fileobject = filesystemObject.open(str(filename))
        filedata = fileobject.read_random(0,fileobject.info.meta.size)
        extractFile.write(filedata)
        extractFile.close
      except IOError:
        print('cannot open', str(filename))
예제 #20
0
    def test_get_offset(self):
        """Tests the get_offset function."""
        if not unittest.source:
            raise unittest.SkipTest("missing source")

        vhdi_file = pyvhdi.file()

        vhdi_file.open(unittest.source)

        offset = vhdi_file.get_offset()
        self.assertIsNotNone(offset)

        vhdi_file.close()
예제 #21
0
def pyvhdi_test_read_file(filename):
  """Tests the read function with a file."""
  vhdi_file = pyvhdi.file()

  vhdi_file.open(filename, "r")

  vhdi_parent_file = None
  if vhdi_file.parent_identifier:
    vhdi_parent_file = pyvhdi.file()

    parent_filename = os.path.join(
      os.path.dirname(filename), vhdi_file.parent_filename)
    vhdi_parent_file.open(parent_filename, "r")

    vhdi_file.set_parent(vhdi_parent_file)

  result = pyvhdi_test_read(vhdi_file)
  vhdi_file.close()

  if vhdi_parent_file:
    vhdi_parent_file.close()

  return result
예제 #22
0
    def test_get_parent_filename(self):
        """Tests the get_parent_filename function and parent_filename property."""
        if not unittest.source:
            raise unittest.SkipTest("missing source")

        vhdi_file = pyvhdi.file()

        vhdi_file.open(unittest.source)

        _ = vhdi_file.get_parent_filename()

        _ = vhdi_file.parent_filename

        vhdi_file.close()
예제 #23
0
def pyvhdi_test_seek_file(filename):
    """Tests the seek function with a file."""
    vhdi_file = pyvhdi.file()

    vhdi_file.open(filename, "r")

    vhdi_parent_file = None
    if vhdi_file.parent_identifier:
        vhdi_parent_file = pyvhdi.file()

        parent_filename = os.path.join(os.path.dirname(filename),
                                       vhdi_file.parent_filename)
        vhdi_parent_file.open(parent_filename, "r")

        vhdi_file.set_parent(vhdi_parent_file)

    result = pyvhdi_test_seek(vhdi_file)
    vhdi_file.close()

    if vhdi_parent_file:
        vhdi_parent_file.close()

    return result
예제 #24
0
    def test_read_buffer_file_object(self):
        """Tests the read_buffer function on a file-like object."""
        if not unittest.source:
            raise unittest.SkipTest("missing source")

        if not os.path.isfile(unittest.source):
            raise unittest.SkipTest("source not a regular file")

        with open(unittest.source, "rb") as file_object:
            vhdi_file = pyvhdi.file()

            vhdi_file.open_file_object(file_object)

            vhdi_parent_file = None
            if vhdi_file.parent_identifier:
                vhdi_parent_file = pyvhdi.file()

                _, _, parent_filename = vhdi_file.parent_filename.rpartition(
                    '\\')
                parent_filename = os.path.join(
                    os.path.dirname(unittest.source), parent_filename)
                vhdi_parent_file.open(parent_filename, "r")

                vhdi_file.set_parent(vhdi_parent_file)

            media_size = vhdi_file.get_media_size()

            # Test normal read.
            data = vhdi_file.read_buffer(size=4096)

            self.assertIsNotNone(data)
            self.assertEqual(len(data), min(media_size, 4096))

            vhdi_file.close()

            if vhdi_parent_file:
                vhdi_parent_file.close()
예제 #25
0
def pyvhdi_test_single_open_close_file(filename, mode):
  """Tests a single open and close."""
  description = (
      "Testing single open close of: {0:s} with access: {1:s}"
      "\t").format(get_filename_string(filename), get_mode_string(mode))
  print(description, end="")

  error_string = None
  result = True

  try:
    vhdi_file = pyvhdi.file()

    vhdi_file.open(filename, mode)
    vhdi_file.close()

  except TypeError as exception:
    expected_message = (
        "{0:s}: unsupported string object type.").format(
            "pyvhdi_file_open")

    if not filename and str(exception) == expected_message:
      pass

    else:
      error_string = str(exception)
      result = False

  except ValueError as exception:
    expected_message = (
        "{0:s}: unsupported mode: w.").format(
            "pyvhdi_file_open")

    if mode != "w" or str(exception) != expected_message:
      error_string = str(exception)
      result = False

  except Exception as exception:
    error_string = str(exception)
    result = False

  if not result:
    print("(FAIL)")
  else:
    print("(PASS)")

  if error_string:
    print(error_string)
  return result
예제 #26
0
def pyvhdi_test_read_file_object(filename):
    """Tests the read function with a file-like object."""
    file_object = open(filename, "rb")
    vhdi_file = pyvhdi.file()

    vhdi_file.open_file_object(file_object, "r")

    vhdi_parent_file = None
    if vhdi_file.parent_identifier:
        vhdi_parent_file = pyvhdi.file()

        parent_filename = os.path.join(os.path.dirname(filename),
                                       vhdi_file.parent_filename)
        vhdi_parent_file.open(parent_filename, "r")

        vhdi_file.set_parent(vhdi_parent_file)

    result = pyvhdi_test_read(vhdi_file)
    vhdi_file.close()

    if vhdi_parent_file:
        vhdi_parent_file.close()

    return result
예제 #27
0
def pyvhdi_test_seek_file_object(filename):
  """Tests the seek function with a file-like object."""
  file_object = open(filename, "rb")
  vhdi_file = pyvhdi.file()

  vhdi_file.open_file_object(file_object, "r")

  vhdi_parent_file = None
  if vhdi_file.parent_identifier:
    vhdi_parent_file = pyvhdi.file()

    parent_filename = os.path.join(
      os.path.dirname(filename), vhdi_file.parent_filename)
    vhdi_parent_file.open(parent_filename, "r")

    vhdi_file.set_parent(vhdi_parent_file)

  result = pyvhdi_test_seek(vhdi_file)
  vhdi_file.close()

  if vhdi_parent_file:
    vhdi_parent_file.close()

  return result
예제 #28
0
    def test_get_media_size(self):
        """Tests the get_media_size function and media_size property."""
        if not unittest.source:
            raise unittest.SkipTest("missing source")

        vhdi_file = pyvhdi.file()

        vhdi_file.open(unittest.source)

        media_size = vhdi_file.get_media_size()
        self.assertIsNotNone(media_size)

        self.assertIsNotNone(vhdi_file.media_size)

        vhdi_file.close()
예제 #29
0
    def test_get_disk_type(self):
        """Tests the get_disk_type function and disk_type property."""
        if not unittest.source:
            raise unittest.SkipTest("missing source")

        vhdi_file = pyvhdi.file()

        vhdi_file.open(unittest.source)

        disk_type = vhdi_file.get_disk_type()
        self.assertIsNotNone(disk_type)

        self.assertIsNotNone(vhdi_file.disk_type)

        vhdi_file.close()
예제 #30
0
def pyvhdi_test_single_open_close_file(filename, mode):
    """Tests a single open and close."""
    description = ("Testing single open close of: {0:s} with access: {1:s}"
                   "\t").format(get_filename_string(filename),
                                get_mode_string(mode))
    print(description, end="")

    error_string = None
    result = True

    try:
        vhdi_file = pyvhdi.file()

        vhdi_file.open(filename, mode)
        vhdi_file.close()

    except TypeError as exception:
        expected_message = ("{0:s}: unsupported string object type."
                            ).format("pyvhdi_file_open")

        if not filename and str(exception) == expected_message:
            pass

        else:
            error_string = str(exception)
            result = False

    except ValueError as exception:
        expected_message = (
            "{0:s}: unsupported mode: w.").format("pyvhdi_file_open")

        if mode != "w" or str(exception) != expected_message:
            error_string = str(exception)
            result = False

    except Exception as exception:
        error_string = str(exception)
        result = False

    if not result:
        print("(FAIL)")
    else:
        print("(PASS)")

    if error_string:
        print(error_string)
    return result
예제 #31
0
def pyvhdi_test_single_open_close_file(filename, mode):
  if not filename:
    filename_string = "None"
  else:
    filename_string = filename

  print("Testing single open close of: {0:s} with access: {1:s}\t".format(
      filename_string, get_mode_string(mode)))

  result = True
  try:
    vhdi_file = pyvhdi.file()

    vhdi_file.open(filename, mode)
    vhdi_file.close()

  except TypeError as exception:
    expected_message = (
        "{0:s}: unsupported string object type.").format(
            "pyvhdi_file_open")

    if not filename and str(exception) == expected_message:
      pass

    else:
      print(str(exception))
      result = False

  except ValueError as exception:
    expected_message = (
        "{0:s}: unsupported mode: w.").format(
            "pyvhdi_file_open")

    if mode != "w" or str(exception) != expected_message:
      print(str(exception))
      result = False

  except Exception as exception:
    print(str(exception))
    result = False

  if not result:
    print("(FAIL)")
  else:
    print("(PASS)")
  return result
예제 #32
0
def pyvhdi_test_single_open_close_file_object(filename, mode):
  print ("Testing single open close of file-like object of: {0:s} with access: "
         "{1:s}\t").format(filename, get_mode_string(mode))

  try:
    file_object = open(filename, mode)
    vhdi_file = pyvhdi.file()

    vhdi_file.open_file_object(file_object, mode)
    vhdi_file.close()

  except:
    print "(FAIL)"
    return False

  print "(PASS)"
  return True
예제 #33
0
def pyvhdi_test_seek_file_no_open(filename):
    print("Testing seek of offset without open:\n")

    vhdi_file = pyvhdi.file()

    result = False
    try:
        vhdi_file.seek(0, os.SEEK_SET)
    except Exception as exception:
        print(str(exception))
        result = True

    if not result:
        print("(FAIL)")
    else:
        print("(PASS)")
    return result
def pyvhdi_test_seek_file_no_open(filename):
  print("Testing seek of offset without open:\n")

  vhdi_file = pyvhdi.file()

  result = False
  try:
    vhdi_file.seek(0, os.SEEK_SET)
  except Exception as exception:
    print(str(exception))
    result = True

  if not result:
    print("(FAIL)")
  else:
    print("(PASS)")
  return result
예제 #35
0
def pyvhdi_test_multi_open_close_file(filename, mode):
  print "Testing multi open close of: {0:s} with access: {1:s}\t".format(
      filename, get_mode_string(mode))

  try:
    vhdi_file = pyvhdi.file()

    vhdi_file.open(filename, mode)
    vhdi_file.close()
    vhdi_file.open(filename, mode)
    vhdi_file.close()

  except:
    print "(FAIL)"
    return False

  print "(PASS)"
  return True
예제 #36
0
def pyvhdi_test_single_open_close_file(filename, mode):
    if not filename:
        filename_string = "None"
    else:
        filename_string = filename

    print("Testing single open close of: {0:s} with access: {1:s}\t".format(
        filename_string, get_mode_string(mode)))

    result = True
    try:
        vhdi_file = pyvhdi.file()

        vhdi_file.open(filename, mode)
        vhdi_file.close()

    except TypeError as exception:
        expected_message = ("{0:s}: unsupported string object type."
                            ).format("pyvhdi_file_open")

        if not filename and str(exception) == expected_message:
            pass

        else:
            print(str(exception))
            result = False

    except ValueError as exception:
        expected_message = (
            "{0:s}: unsupported mode: w.").format("pyvhdi_file_open")

        if mode != "w" or str(exception) != expected_message:
            print(str(exception))
            result = False

    except Exception as exception:
        print(str(exception))
        result = False

    if not result:
        print("(FAIL)")
    else:
        print("(PASS)")
    return result
예제 #37
0
  def test_open(self):
    """Tests the open function."""
    if not unittest.source:
      return

    vhdi_file = pyvhdi.file()

    vhdi_file.open(unittest.source)

    with self.assertRaises(IOError):
      vhdi_file.open(unittest.source)

    vhdi_file.close()

    with self.assertRaises(TypeError):
      vhdi_file.open(None)

    with self.assertRaises(ValueError):
      vhdi_file.open(unittest.source, mode="w")
예제 #38
0
def image_handle(imageFile, sha1Hash):

  vhdi_file = pyvhdi.file()
  vhdi_file.open(imageFile)
  img_info = vhdi_Img_Info(vhdi_file)
  partitionTable = pytsk3.Volume_Info(img_info)
  for partition in partitionTable:
    print partition.addr, partition.desc, "%ss(%s)" % (partition.start, partition.start * 512), partition.len

    if 'NTFS' in partition.desc:
      filesystemObject = pytsk3.FS_Info(img_info, offset=(partition.start*512))

      print "File System Type Dectected ",filesystemObject.info.ftype
      directoryObject = filesystemObject.open_dir(path=dirPath)
      print "Directory:",dirPath

      dic = directoryRecurse(filesystemObject, directoryObject,[], sha1Hash)

  return dic
예제 #39
0
    def test_open(self):
        """Tests the open function."""
        if not unittest.source:
            raise unittest.SkipTest("missing source")

        vhdi_file = pyvhdi.file()

        vhdi_file.open(unittest.source)

        with self.assertRaises(IOError):
            vhdi_file.open(unittest.source)

        vhdi_file.close()

        with self.assertRaises(TypeError):
            vhdi_file.open(None)

        with self.assertRaises(ValueError):
            vhdi_file.open(unittest.source, mode="w")
예제 #40
0
def pyvhdi_test_single_open_close_file_object(filename, mode):
    print(("Testing single open close of file-like object of: {0:s} "
           "with access: {1:s}\t").format(filename, get_mode_string(mode)))

    result = True
    try:
        file_object = open(filename, "rb")
        vhdi_file = pyvhdi.file()

        vhdi_file.open_file_object(file_object, mode)
        vhdi_file.close()

    except Exception as exception:
        print(str(exception))
        result = False

    if not result:
        print("(FAIL)")
    else:
        print("(PASS)")
    return result
예제 #41
0
def pyvhdi_test_seek_file_no_open(filename):
  print("Testing seek of offset without open:\t", end="")

  vhdi_file = pyvhdi.file()

  error_string = ""
  result = False
  try:
    vhdi_file.seek(0, os.SEEK_SET)
  except Exception as exception:
    error_string = str(exception)
    result = True

  if not result:
    print("(FAIL)")
  else:
    print("(PASS)")

  if error_string:
    print(error_string)
  return result
예제 #42
0
def pyvhdi_test_single_open_close_file_object(filename, mode):
  print(("Testing single open close of file-like object of: {0:s} "
         "with access: {1:s}\t").format(filename, get_mode_string(mode)))

  result = True
  try:
    file_object = open(filename, "rb")
    vhdi_file = pyvhdi.file()

    vhdi_file.open_file_object(file_object, mode)
    vhdi_file.close()

  except Exception as exception:
    print(str(exception))
    result = False

  if not result:
    print("(FAIL)")
  else:
    print("(PASS)")
  return result
예제 #43
0
def pyvhdi_test_multi_open_close_file(filename, mode):
  print("Testing multi open close of: {0:s} with access: {1:s}\t".format(
      filename, get_mode_string(mode)))

  result = True
  try:
    vhdi_file = pyvhdi.file()

    vhdi_file.open(filename, mode)
    vhdi_file.close()
    vhdi_file.open(filename, mode)
    vhdi_file.close()

  except Exception as exception:
    print(str(exception))
    result = False

  if not result:
    print("(FAIL)")
  else:
    print("(PASS)")
  return result
예제 #44
0
  def test_open_file_object(self):
    """Tests the open_file_object function."""
    if not unittest.source:
      return

    file_object = open(unittest.source, "rb")

    vhdi_file = pyvhdi.file()

    vhdi_file.open_file_object(file_object)

    with self.assertRaises(IOError):
      vhdi_file.open_file_object(file_object)

    vhdi_file.close()

    # TODO: change IOError into TypeError
    with self.assertRaises(IOError):
      vhdi_file.open_file_object(None)

    with self.assertRaises(ValueError):
      vhdi_file.open_file_object(file_object, mode="w")
예제 #45
0
파일: images.py 프로젝트: tmzos78/carpe
def SelectImage(img_type, files):
    if img_type == "raw":
        return pytsk3.Img_Info(files)

    elif img_type == "ewf":
        filename = pyewf.glob(*files)
        ewf_handle = pyewf.handle()
        ewf_handle.open(filename)
        return ewf_img_info(ewf_handle)

    elif img_type == "vmdk":
        vmdk_handle = pyvmdk.handle()
        vmdk_handle.open(files)
        return vmdk_img_info(vmdk_handle)

    elif img_type == "vhdi":
        vhdi_handle = pyvhdi.file()
        vhdi_handle.open(files)
        return vhdi_img_info(vhdi_handle)

    elif img_type == "qcow":
        return QcowImgInfo(files[0])
예제 #46
0
def pyvhdi_test_multi_open_close_file(filename, mode):
    print("Testing multi open close of: {0:s} with access: {1:s}\t".format(
        filename, get_mode_string(mode)))

    result = True
    try:
        vhdi_file = pyvhdi.file()

        vhdi_file.open(filename, mode)
        vhdi_file.close()
        vhdi_file.open(filename, mode)
        vhdi_file.close()

    except Exception as exception:
        print(str(exception))
        result = False

    if not result:
        print("(FAIL)")
    else:
        print("(PASS)")
    return result
예제 #47
0
def pyvhdi_test_seek_file_no_open(filename):
  """Tests the seek function with a file without open."""
  description = "Testing seek of offset without open:\t"
  print(description, end="")

  vhdi_file = pyvhdi.file()

  error_string = None
  result = False
  try:
    vhdi_file.seek(0, os.SEEK_SET)
  except Exception as exception:
    error_string = str(exception)
    result = True

  if not result:
    print("(FAIL)")
  else:
    print("(PASS)")

  if error_string:
    print(error_string)
  return result
예제 #48
0
def pyvhdi_test_read_file_no_open(filename):
  """Tests the read function with a file without open."""
  description = "Testing read of without open:\t"
  print(description, end="")

  vhdi_file = pyvhdi.file()

  error_string = None
  result = False
  try:
    vhdi_file.read(size=4096)
  except Exception as exception:
    error_string = str(exception)
    result = True

  if not result:
    print("(FAIL)")
  else:
    print("(PASS)")

  if error_string:
    print(error_string)
  return result
예제 #49
0
def pyvhdi_test_single_open_close_file(filename, mode):
  if not filename:
    filename_string = "None"
  else:
    filename_string = filename

  print "Testing single open close of: {0:s} with access: {1:s}\t".format(
      filename_string, get_mode_string(mode))

  try:
    vhdi_file = pyvhdi.file()

    vhdi_file.open(filename, mode)
    vhdi_file.close()

  except TypeError, exception:
    if (not filename and
        exception.message == "pyvhdi_file_open: unsupported string object type."):
      pass

    else:
      print "(FAIL)"
      return False
예제 #50
0
def pyvhdi_test_seek_file_no_open(filename):
    """Tests the seek function with a file without open."""
    description = "Testing seek of offset without open:\t"
    print(description, end="")

    vhdi_file = pyvhdi.file()

    error_string = None
    result = False
    try:
        vhdi_file.seek(0, os.SEEK_SET)
    except Exception as exception:
        error_string = str(exception)
        result = True

    if not result:
        print("(FAIL)")
    else:
        print("(PASS)")

    if error_string:
        print(error_string)
    return result
예제 #51
0
  def _OpenFileObject(self, path_spec):
    """Opens the file-like object defined by path specification.

    Args:
      path_spec (PathSpec): path specification.

    Returns:
      pyvhdi.file: a file-like object.

    Raises:
      PathSpecError: if the path specification is incorrect.
    """
    if not path_spec.HasParent():
      raise errors.PathSpecError(
          'Unsupported path specification without parent.')

    file_object = resolver.Resolver.OpenFileObject(
        path_spec.parent, resolver_context=self._resolver_context)

    vhdi_file = pyvhdi.file()
    vhdi_file.open_file_object(file_object)

    if vhdi_file.parent_identifier:
      file_system = resolver.Resolver.OpenFileSystem(
          path_spec.parent, resolver_context=self._resolver_context)

      try:
        self._OpenParentFile(file_system, path_spec.parent, vhdi_file)
      finally:
        file_system.Close()

    self._sub_file_objects.append(file_object)

    self._parent_vhdi_files.reverse()
    self._sub_file_objects.reverse()

    return vhdi_file
예제 #52
0
  def _OpenFileObject(self, path_spec):
    """Opens the file-like object defined by path specification.

    Args:
      path_spec: the path specification (instance of path.PathSpec).

    Returns:
      A file-like object.

    Raises:
      PathSpecError: if the path specification is incorrect.
    """
    if not path_spec.HasParent():
      raise errors.PathSpecError(
          u'Unsupported path specification without parent.')

    # TODO: add parent image support.
    file_object = resolver.Resolver.OpenFileObject(
        path_spec.parent, resolver_context=self._resolver_context)

    vhdi_file = pyvhdi.file()
    vhdi_file.open_file_object(file_object)

    return vhdi_file
예제 #53
0
  def test_seek_offset(self):
    """Tests the seek_offset function."""
    if not unittest.source:
      return

    vhdi_file = pyvhdi.file()

    vhdi_file.open(unittest.source)

    vhdi_parent_file = None
    if vhdi_file.parent_identifier:
      vhdi_parent_file = pyvhdi.file()

      parent_filename = os.path.join(
        os.path.dirname(unittest.source), vhdi_file.parent_filename)
      vhdi_parent_file.open(parent_filename, "r")

      vhdi_file.set_parent(vhdi_parent_file)

    file_size = vhdi_file.get_media_size()

    vhdi_file.seek_offset(16, os.SEEK_SET)

    offset = vhdi_file.get_offset()
    self.assertEqual(offset, 16)

    vhdi_file.seek_offset(16, os.SEEK_CUR)

    offset = vhdi_file.get_offset()
    self.assertEqual(offset, 32)

    vhdi_file.seek_offset(-16, os.SEEK_CUR)

    offset = vhdi_file.get_offset()
    self.assertEqual(offset, 16)

    vhdi_file.seek_offset(-16, os.SEEK_END)

    offset = vhdi_file.get_offset()
    self.assertEqual(offset, file_size - 16)

    vhdi_file.seek_offset(16, os.SEEK_END)

    offset = vhdi_file.get_offset()
    self.assertEqual(offset, file_size + 16)

    with self.assertRaises(IOError):
      vhdi_file.seek_offset(-1, os.SEEK_SET)

    with self.assertRaises(IOError):
      vhdi_file.seek_offset(-32 - file_size, os.SEEK_CUR)

    with self.assertRaises(IOError):
      vhdi_file.seek_offset(-32 - file_size, os.SEEK_END)

    with self.assertRaises(IOError):
      vhdi_file.seek_offset(0, -1)

    vhdi_file.close()

    if vhdi_parent_file:
      vhdi_parent_file.close()

    # Test the seek without open.
    with self.assertRaises(IOError):
      vhdi_file.seek_offset(16, os.SEEK_SET)