resilience 0.0.2 → 0.1.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 4ce546fb9a6dcfd401ccb8adbfa16bb3147f3a3b
-  data.tar.gz: 6c47f4c2c0c3f89d74a30335928ef8bb991dcd0b
+  metadata.gz: 5c196b5ebd4046ddcc6cd0298b62639063cd9a42
+  data.tar.gz: b70a64738927837777702e75b6a6ff087babc9f7
 SHA512:
-  metadata.gz: 7d25ff402e660223d44333beab243b7281d8382a8a2f31caeea6670e1adef46fc6fd54d218475ecd2b0f7061148b2f0111b297e45ffcbc412886920dbcf23bee
-  data.tar.gz: 9767ac37ea16d858c02d89a217d33a8959509f03c1e7974d8b37d81db05b50576b8501a69ea1392338afafff7a06fae8c8a58dee3418198af1625d5120a1d199
+  metadata.gz: 3383922ed92c83ec17c7478c7053135897efe55effa28f29e908c01707e077b30d1a312aa67f933ee6eed1c1d81b90c3a17b61c042b7dbe2a3e22166cdcaefdf
+  data.tar.gz: f1828e8c195862117c8369c655b3788972edf65c07586f47cc687bf3267d230944b96c8949e8d49a5feaee916270076adeac8e51913da81399c4c6d1e15a74d8

data/bin/axe.rb

@@ -0,0 +1,18 @@
+#!/usr/bin/ruby
+# ReFS File Attribute Extractor
+# Copyright (C) 2015 Red Hat Inc.
+
+require 'resilience'
+
+require 'resilience/cli/all'
+require 'resilience/cli/bin/axe'
+
+include Resilience::CLI
+
+optparse = axe_option_parser
+optparse.parse!
+
+verify_image!
+verify_file!
+parse_image
+write_results

data/bin/fcomp.rb

@@ -0,0 +1,15 @@
+#!/usr/bin/ruby
+# ReFS File Metadata Comparer
+# Copyright (C) 2015 Red Hat Inc.
+
+require 'resilience'
+require 'resilience/cli/all'
+require 'resilience/cli/bin/fcomp'
+
+include Resilience::CLI
+
+optparse = fcomp_option_parser
+optparse.parse!
+
+verify_image!
+write_results parse_image

data/bin/pex.rb

@@ -0,0 +1,16 @@
+#!/usr/bin/ruby
+# ReFS 0x4000 Page Extractor
+# By mmorsi - 2014-07-14
+
+require 'resilience'
+require 'resilience/cli/all'
+require 'resilience/cli/bin/pex'
+
+include Resilience::CLI
+
+optparse = pex_option_parser
+optparse.parse!
+
+verify_image!
+verify_output_dir!
+extract

data/bin/rarser.rb

@@ -0,0 +1,15 @@
+#!/usr/bin/ruby
+# rarser.rb - Ruby ReFS Parser
+# Copyright (C) 2015 Red Hat Inc.
+
+require 'resilience'
+require 'resilience/cli/all'
+require 'resilience/cli/bin/rarser'
+
+include Resilience::CLI
+
+optparse = rarser_option_parser
+optparse.parse!
+
+verify_image!
+write_results parse_image

data/bin/reach.rb

@@ -0,0 +1,16 @@
+#!/usr/bin/ruby
+# ReFS file searcher
+# Copyright (C) 2015 Red Hat Inc.
+
+require 'resilience'
+require 'resilience/cli/all'
+require 'resilience/cli/bin/reach'
+
+include Resilience::CLI
+
+optparse = reach_option_parser
+optparse.parse!
+
+verify_image!
+setup_image
+run_search

data/bin/rex.rb

@@ -2,73 +2,14 @@
 # ReFS File Extractor
 # Copyright (C) 2015 Red Hat Inc.
 
-require 'optparse'
 require 'resilience'
+require 'resilience/cli/all'
+require 'resilience/cli/bin/rex'
 
-def main
-  cli_opts = parse_cli(ARGV)
-  results  = parse_image cli_opts
-  write_results cli_opts, results
-end
+include Resilience::CLI
 
-def write_results(opts, results)
-  dir = opts[:dir]
-  Dir.mkdir(dir) unless File.directory?(dir)
+optparse = rex_option_parser
+optparse.parse!
 
-  results[:files].each do |name, contents|
-    puts "Got #{name}"
-    path = "#{dir}/#{name}".delete("\0")
-    File.write(path, contents)
-  end
-end
-
-def parse_image(opts)
-  file         = File.open(opts[:image], 'rb')
-  image        = Resilience::OnImage.image
-  image.file   = file
-  image.offset = opts[:offset]
-  image.opts   = opts
-
-  image.parse
-  files        = image.root_dir.files
-  dirs         = image.root_dir.dirs
-  {:files => files, :dirs => dirs}
-end
-
-def parse_cli(cli)
-  opts   = {}
-  parser = OptionParser.new do |popts|
-    popts.on("-h", "--help", "Print help message") do
-      puts parser
-      exit
-    end
-
-    popts.on("-i", "--image path", "Path to the disk image to parse") do |path|
-      opts[:image] = path
-    end
-
-    popts.on("-o", "--offset bytes", "Start of volume with ReFS filesystem") do |offset|
-      opts[:offset] = offset.to_i
-    end
-
-    popts.on("-d", "--dir dir", "Output directory") do |dir|
-      opts[:dir] = dir
-    end
-  end
-
-  begin
-    parser.parse!(cli)
-  rescue OptionParser::InvalidOption
-    puts parser
-    exit
-  end
-
-  if !opts[:image] || !opts[:offset] || !opts[:dir]
-    puts "--image, --offset, and --dir params are needed"
-    exit 1
-  end
-
-  opts
-end
-
-main if __FILE__ == $0
+verify_image!
+write_results parse_image

data/bin/rinfo.rb

@@ -0,0 +1,19 @@
+#!/usr/bin/ruby
+#
+# ReFS Filesystem Info
+# Copyright (C) 2015 Red Hat Inc.
+###########################################################
+
+require 'resilience'
+require 'resilience/cli/all'
+require 'resilience/cli/bin/rinfo'
+
+include Resilience::CLI
+
+optparse = rinfo_option_parser
+optparse.parse!
+
+boot2offset
+verify_image!
+parse_image
+dump_info

data/lib/resilience.rb

@@ -2,12 +2,17 @@
 # ReFS Parser (expiremental)
 # Copyright (C) 2015 Red Hat Inc.
 
+require 'resilience/core_ext'
+
 require 'resilience/mixins'
 require 'resilience/constants'
 
+require 'resilience/conf'
 require 'resilience/fs_dir'
 require 'resilience/attribute'
+require 'resilience/page'
 require 'resilience/image'
 
 require 'resilience/dirs'
 require 'resilience/tables'
+require 'resilience/trees'

data/lib/resilience/attribute.rb

@@ -6,23 +6,40 @@ module Resilience
   class Attribute
     include OnImage
 
+    attr_accessor :pos
     attr_accessor :bytes
 
     def initialize(args={})
-      @bytes = args[:bytes] if args.key?(:bytes)
+      @pos   = args[:pos]
+      @bytes = args[:bytes]
+    end
+
+    def empty?
+      bytes.nil? || bytes.empty?
     end
 
     def self.read
-      pos      = image.pos
-      attr_len = image.read(4).unpack('L').first
+      pos = image.pos
+      packed = image.read(4)
+      return new if packed.nil?
+      attr_len = packed.unpack('L').first
       return new if attr_len == 0
 
       image.seek pos
-      new(:bytes => image.read(attr_len))
+      value = image.read(attr_len)
+      new(:pos => pos, :bytes => value)
     end
 
     def unpack(format)
       bytes.unpack(format)
     end
+
+    def [](key)
+      return bytes[key]
+    end
+
+    def to_s
+      bytes.collect { |a| a.to_s(16) }.join(' ')
+    end
   end
 end # module Resilience

data/lib/resilience/cli/all.rb

@@ -0,0 +1,14 @@
+#!/usr/bin/ruby
+# Resilience CLI
+#
+# Licensed under the MIT license
+# Copyright (C) 2015 Red Hat, Inc.
+###########################################################
+
+require 'resilience/cli/default'
+require 'resilience/cli/image'
+require 'resilience/cli/output'
+require 'resilience/cli/metadata'
+require 'resilience/cli/file'
+require 'resilience/cli/disk'
+require 'resilience/cli/conf'

data/lib/resilience/cli/bin/axe.rb

@@ -0,0 +1,34 @@
+# Resilience axe cli util
+#
+# Licensed under the MIT license
+# Copyright (C) 2015 Red Hat, Inc.
+###########################################################
+
+require 'optparse'
+
+def axe_option_parser
+  OptionParser.new do |opts|
+    default_options     opts
+    image_options       opts
+    file_select_options opts
+  end
+end
+
+def validate_file!(file)
+  if file.nil?
+    puts "File #{conf.file} not found"
+    exit 1
+  end
+end
+
+def write_results
+  file = image.root_dir.files.at(conf.file)
+  validate_file!(file)
+  puts "File: #{file.fullname} attributes: "
+  file.metadata_attrs.each_index { |attr_index|
+    attr = file.metadata_attrs[attr_index]
+    print "Attribute #{attr_index}: "
+    print attr.collect { |b| b.to_s(16) }.join(' ')
+    puts "\n\n"
+  }
+end

data/lib/resilience/cli/bin/fcomp.rb

@@ -0,0 +1,28 @@
+# Resilience rcomp cli util
+#
+# Licensed under the MIT license
+# Copyright (C) 2015 Red Hat, Inc.
+###########################################################
+
+require 'optparse'
+
+def fcomp_option_parser
+  OptionParser.new do |opts|
+    default_options    opts
+    image_options      opts
+  end
+end
+
+def write_results(image)
+  puts "Analyzed:"
+  puts "#{image.root_dir.files.collect { |f| f.fullname }.join("\n")}"
+  different_bytes = image.root_dir.files.bytes_diff
+  0.upto(different_bytes.size-1) do |byte_index|
+    next if different_bytes[byte_index].nil?
+    puts "Byte 0x#{byte_index.to_s(16)} differs".red.bold
+    different_bytes[byte_index].each do |file, byte|
+      print " 0x#{byte.unpack('C*').first.to_s(16)}".blue
+    end
+    puts
+  end
+end

data/lib/resilience/cli/bin/pex.rb

@@ -0,0 +1,43 @@
+# Resilience pex cli util
+#
+# Licensed under the MIT license
+# Copyright (C) 2015 Red Hat, Inc.
+###########################################################
+
+require 'optparse'
+
+def pex_option_parser
+  OptionParser.new do |opts|
+    default_options    opts
+    image_options      opts
+    output_fs_options  opts
+  end
+end
+
+def target_clusters
+  @target_clusters ||= [0x1e,  0x20,  0x21,  0x22,  0x28, 0x29,
+                        0x2a,  0x2b,  0x2c,  0x2d,  0x2e, 0x2f,
+                        0x30,  0x31,  0x32,  0x33,  0x34, 0x35,
+                        0x36,  0x37,  0x38,
+                        0x2c0, 0x2c1, 0x2c2, 0x2c3, 0x2c4,
+                        0x2c5, 0x2c6, 0x2c7, 0x2c8, 0x2cc,
+                        0x2cd, 0x2ce, 0x2cf]
+end
+
+def extract
+  create_output_dir!
+  setup_image
+
+  target_clusters.each do |cluster|
+    extract_cluster cluster
+  end
+end
+
+def extract_cluster(cluster)
+  out = File.open("#{conf.dir}/#{cluster.to_s(16)}", 'wb')
+  offset = cluster * PAGE_SIZE
+  image.seek(offset)
+  contents = image.read(PAGE_SIZE)
+  out.write contents
+  out.close
+end

data/lib/resilience/cli/bin/rarser.rb

@@ -0,0 +1,72 @@
+# Resilience rarser cli util
+#
+# Licensed under the MIT license
+# Copyright (C) 2015 Red Hat, Inc.
+###########################################################
+
+require 'optparse'
+
+def rarser_option_parser
+  conf.pages = true
+
+  OptionParser.new do |opts|
+    default_options   opts
+    image_options     opts
+    metadata_options  opts
+  end
+end
+
+
+def page_attribute_output(page)
+  output = page.attributes.collect { |attribute|
+    "  #{attribute.to_s[0...10]}...\n"
+  }.join
+
+  " Attributes:\n" + output
+end
+
+def page_output(page)
+  page_out = "Page      #{page.id.indented(4).blue.bold}: "                   \
+             "number    #{page.virtual_page_number.indented(3).blue.bold} - " \
+             "sequence  #{page.sequence.indented(2).blue.bold} - "            \
+             "object id #{page.object_id.indented(2).blue.bold} - "           \
+             "records   #{page.entries.indented(2).blue.bold}\n"
+
+  page_out += page_attribute_output(page) if conf.attributes? && page.has_attributes?
+  page_out
+end
+
+def pages_output
+  image.pages.collect { |page_id, page| page_output(page) }.join
+end
+
+def object_table_output
+  return "" unless conf.object_table?
+
+  output = image.object_table.pages.collect { |obj_id, cluster|
+    "#{obj_id.big_endian_str[0..4]} | #{cluster.big_endian_str}\n"
+  }.join
+
+  "\nObject table:\n" \
+  "Obj   | Cluster\n" \
+  "-------------\n#{output}"
+end
+
+def object_tree_output
+  return "" unless conf.object_tree?
+
+  output = image.object_tree.map.collect { |obj, refs|
+    references = refs.collect { |ref| ref[0..4] }.join(', ')
+    "#{obj[0..4]} -> #{references}\n"
+  }.join
+
+  "\nObject tree:\n" \
+  "-------------\n#{output}"
+end
+
+def write_results(image)
+  puts header_output
+  puts pages_output
+  puts object_table_output
+  puts object_tree_output
+end