6
* By Jesse Kornblum and Kris Kendall
8
* This is a work of the US Government. In accordance with 17 USC 105,
9
* copyright protection is not available for any work of the US Government.
11
* This program is distributed in the hope that it will be useful, but
12
* WITHOUT ANY WARRANTY; without even the implied warranty of
13
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
15
* Modification by Nick Mikus 11-04-05
22
/* Allows us to open standard input in binary mode by default
23
See http://gnuwin32.sourceforge.net/compile.html for more */
24
int _CRT_fmode = _O_BINARY;
27
void catch_alarm(int signum)
29
signal_caught = signum;
30
signal(signum, catch_alarm);
33
void register_signal_handler(void)
37
if (signal(SIGINT, catch_alarm) == SIG_IGN)
38
signal(SIGINT, SIG_IGN);
39
if (signal(SIGTERM, catch_alarm) == SIG_IGN)
40
signal(SIGTERM, SIG_IGN);
44
/* Note: I haven't found a way to get notified of
45
console resize events in Win32. Right now the statusbar
46
will be too long or too short if the user decides to resize
47
their console window while foremost runs.. */
49
/* RBF - Handle TTY events */
51
// The function setttywidth is in the old helpers.c
52
// signal(SIGWINCH, setttywidth);
58
fprintf(stderr, "Try `%s -h` for more information.%s", __progname, NEWLINE);
61
/* The usage function should, at most, display 22 lines of text to fit
65
fprintf(stderr, "%s version %s by %s.%s", __progname, VERSION, AUTHOR, NEWLINE);
67
"%s %s [-v|-V|-h|-T|-Q|-q|-a|-w-d] [-t <type>] [-s <blocks>] [-k <size>] \n\t[-b <size>] [-c <file>] [-o <dir>] [-i <file] %s%s",
72
fprintf(stderr, "-V - display copyright information and exit%s", NEWLINE);
73
fprintf(stderr, "-t - specify file type. (-t jpeg pdf ...) %s", NEWLINE);
74
fprintf(stderr, "-d - turn on indirect block detection (for UNIX file-systems) %s", NEWLINE);
75
fprintf(stderr, "-i - specify input file (default is stdin) %s", NEWLINE);
77
"-a - Write all headers, perform no error detection (corrupted files) %s",
80
"-w - Only write the audit file, do not write any detected files to the disk %s",
83
"-o - set output directory (defaults to %s)%s",
84
DEFAULT_OUTPUT_DIRECTORY,
87
"-c - set configuration file to use (defaults to %s)%s",
91
"-q - enables quick mode. Search are performed on 512 byte boundaries.%s",
93
fprintf(stderr, "-Q - enables quiet mode. Suppress output messages. %s", NEWLINE);
95
/* RBF - What should verbose mode be? */
96
fprintf(stderr, "-v - verbose mode. Logs all messages to screen%s", NEWLINE);
99
void process_command_line(int argc, char **argv, f_state *s)
105
while ((i = getopt(argc, argv, "o:b:c:t:s:i:k:hqmQTadvVw")) != -1)
111
set_mode(s, mode_verbose);
115
set_mode(s, mode_ind_blk);
119
set_mode(s, mode_write_audit); /*Only write audit*/
123
set_mode(s, mode_write_all); /*Write all headers*/
127
set_block(s, atoi(optarg));
131
set_output_directory(s, optarg);
135
set_mode(s, mode_quick);
139
set_mode(s, mode_quiet);
143
set_config_file(s, optarg);
147
set_mode(s, mode_multi_file);
150
set_chunk(s, atoi(optarg));
154
set_skip(s, atoi(optarg));
158
set_input_file(s, optarg);
162
s->time_stamp = TRUE;
167
/*See if we have multiple file types to define*/
168
ptr1 = ptr2 = optarg;
173
if (!set_search_def(s, ptr1, 0))
184
if (!set_search_def(s, ptr1, 0))
205
printf("%s%s", VERSION, NEWLINE);
207
/* We could just say printf(COPYRIGHT), but that's a good way
208
to introduce a format string vulnerability. Better to always
209
use good programming practice... */
210
printf("%s", COPYRIGHT);
227
int main(int argc, char **argv)
230
FILE *testFile = NULL;
231
f_state *s = (f_state *)malloc(sizeof(f_state));
237
__progname = basename(argv[0]);
240
/*Initialize the global state struct*/
241
if (initialize_state(s, argc, argv))
242
fatal_error(s, "Unable to initialize state");
244
register_signal_handler();
245
process_command_line(argc, argv, s);
249
if (s->num_builtin == 0)
252
/*Nothing specified via the command line or the conf
253
file so default to all builtin search types*/
254
set_search_def(s, "all", 0);
257
if (create_output_directory(s))
258
fatal_error(s, "Unable to open output directory");
260
if (!get_mode(s, mode_write_audit))
265
if (open_audit_file(s))
266
fatal_error(s, "Can't open audit file");
268
/* Scan for valid files to open */
269
while (*argv != NULL)
271
testFile = fopen(*argv, "rb");
275
dir = opendir(*argv);
276
if(!strstr(s->config_file,*argv)!=0 && !dir)
278
//fprintf(stderr,"Testing %s against %s\n",*argv,s->config_file);
282
if(dir) closedir(dir);
291
set_mode(s, mode_multi_file);
295
while (*argv != NULL)
298
//printf("*argv=%s\n",*argv);
299
testFile = fopen(*argv, "rb");
304
dir = opendir(*argv);
305
if(!strstr(s->config_file,*argv)!=0 && !dir)
307
set_input_file(s, *argv);
310
if(dir) closedir(dir);
316
if (input_files == 0)
319
//printf("using stdin\n");
325
/*Lets try to clean up some of the extra sub_dirs*/
328
if (close_audit_file(s))
331
/* Hells bells. This is bad, but really, what can we do about it?
332
Let's just report the error and try to get out of here! */
333
print_error(s, AUDIT_FILE_NAME, "Error closing audit file");