Create example that enumerates a disk image

Velocidex / c-aff4

An AFF4 C++ implementation.

http://docs.aff4.org

Apache License 2.0

186 stars 35 forks source link

Create example that enumerates a disk image #137

Open simsong opened 4 years ago

simsong commented 4 years ago

I have a long-standing issue on bulk_extractor to add AFF4 support. To do this, I need an example that allows me to enumerate all of the bytes in an AFF4 volume.

Is there an example of how to do this?
If not, is this worth doing?

scudette commented 4 years ago

Presumably you will use the C API? In that case it is really simple and it is described in the header

https://github.com/Velocidex/c-aff4/blob/master/aff4/libaff4-c.h

But to keep it simple this API only exposes the first stream (AFF4 files may contain multiple streams)

simsong commented 4 years ago

Correct, that API only exposes the first stream, and AFF4 allows multiple streams and fragmented files. I want to iterate all streams, and then for each stream, I want to get all bytes. Except if stream A consists of a map of streams B and C, and B⋂C=∅, then want an iterator that gives me B and C, but not A.