how do I use ewfacquire.exe?

[pipizhao-2020]

ewfacquire.exe \.\physicaldrive2 -t D:\E01TEST\test -C test -D test -E 10000 -e test -N test -m removable -M logical -f encase6 -c fast -o 0 -B 32086425600 -S 9083760448406290432 -P 512 -w no -r 2 -g 64 -b 64

This is my Command line parameters,I have read the code a period of time but i don't konw why appear the error below. How do I enter the parameters?

ewfacquire 20210426

Unable to open file(s) or device. libcfile_file_open_wide_with_error_code: no such file: \?\D:\libewf\msvscpp\Release-t. libcfile_file_open_wide: unable to open file. libbfio_file_io_handle_open: unable to open file: \?\D:\libewf\msvscpp\Release-t. libbfio_handle_open: unable to open handle. libbfio_internal_pool_open_handle: unable to open handle. libbfio_internal_pool_open: unable to open entry: 1. libbfio_pool_open: unable to open entry: 1. libsmraw_handle_open_file_io_pool: unable to open pool entry: 1. libsmraw_handle_open_wide: unable to open handle using file IO pool. device_handle_open_smraw_input: unable to open raw input handle. device_handle_open_input: unable to open raw input.

[pipizhao-2020]

btw, if i want to debug ewfacquire, can i write the fixed parameters in the ewfacquire.c?

[joachimmetz]

1. Note that you're using an experimental version of libewf
2. Regarding ewfacquire.exe \.\physicaldrive2 try putting \\.\physicaldrive2 at the end (last option)

btw, if i want to debug ewfacquire, can i write the fixed parameters in the ewfacquire.c?

@pipizhao-2020 I have no idea what you're asking me, can you explain in more detail what you're trying to accomplish?

[pipizhao-2020]

i want to debug the ewfacquire in the visual studio that it can help me to know the rule of creating the E01 file.

[pipizhao-2020]

my purpose is that i want to analysis the E01 file and get all files information in the E01 file.

there is my parameter： ewfacquire.exe \\.\physicaldrive2 -t C:\Users\rder\Desktop\E01File -C test -D test -E 10000 -e test -N test -m removable -M logical -f encase6 -c fast -o 0 -B 32086425600 -S 9083760448406290432 -P 512 -w no -r 2 -g 64 -b 64

is that right?

[joachimmetz]

I repeat: Regarding ewfacquire.exe \.\physicaldrive2 try putting \\.\physicaldrive2 at the end (last option)

[pipizhao-2020]

I repeat: Regarding ewfacquire.exe \.\physicaldrive2 try putting \\.\physicaldrive2 at the end (last option)

you mean : ewfacquire.exe -t C:\Users\rder\Desktop\E01File -C test -D test -E 10000 -e test -N test -m removable -M logical -f encase6 -c fast -o 0 -B 32086425600 -S 9083760448406290432 -P 512 -w no -r 2 -g 64 -b 64 \\.\physicaldrive2 i also have try it.

it appear Unable to open file(s) or device. libsmraw_handle_open_wide: missing basename. device_handle_open_smraw_input: unable to open raw input handle. device_handle_open_input: unable to open raw input.

[joachimmetz]

I'll have a look to see if I can reproduce this, if this is an issue in the experimental version or something in your build. I recommend sticking with the legacy version https://github.com/libyal/libewf-legacy for now

[CholeMT]

I repeat: Regarding ewfacquire.exe \.\physicaldrive2 try putting \\.\physicaldrive2 at the end (last option)

you mean : ewfacquire.exe -t C:\Users\rder\Desktop\E01File -C test -D test -E 10000 -e test -N test -m removable -M logical -f encase6 -c fast -o 0 -B 32086425600 -S 9083760448406290432 -P 512 -w no -r 2 -g 64 -b 64 \\.\physicaldrive2 i also have try it.

it appear Unable to open file(s) or device. libsmraw_handle_open_wide: missing basename. device_handle_open_smraw_input: unable to open raw input handle. device_handle_open_input: unable to open raw input.

I also encountered this problem.I figure out that if you remove "-w no",the command will succeed.btw, I checked the code found that -w needed uint type( but I tried "-w 0" or "-w 1", it also failed.)