search

cgsecurity / testdisk

TestDisk & PhotoRec
https://www.cgsecurity.org/
GNU General Public License v2.0
1.58k stars 195 forks source link

Merge with binwalk into a more powerful tool #48

Open KOLANICH opened 6 years ago

KOLANICH commented 6 years ago

Photorec is just a fast binwalk without features useful for re but with features useful for recovery. I guess combining all the features in a single app may be beneficial.

KOLANICH commented 6 years ago

What would be the details of your proposal?

The proposal is hard to achieve.

Do you think about a plan to achieve it?

1 transform photorec into a library. More precisely, it's obvious that at least the following class (I know that photorec is written in plain C, but let's think about it in OOP terms) will be needed:

struct FileFormatDescription{
  std::vector<byte> signature;
  size_t offsetFromSignature;
  std::function<size_t, FileFormatDescription&, size_t start, size_t end> callback;
};
struct Config{
  Config(std::vector<FileFormatDescription> &, std::function<size_t, FileFormatDescription&, size_t start, size_t end> genericCallback);
};
struct PhotorecAPI{
  PhotorecAPI(BinaryStream s, Config c);

};

First a specialized callback is called, then the generic one. If a pointer to callback is zero it is not called. Callbacks return the size of a stream. The impl is not required to accept the passed pointers, instead photorec should accept the size returned and behave accordingly.

2 create python bindings for that library 3 modify binwalk to use that library: it initializes the object, photorec scans for signatures, but when encounters a one it passes control to binwalk via callbacks. 4 start to translate stable binwalk code into c