Create a dynamic LibEWF library to access the Expert Witness Format *.E01 and the SMART format *.S01

The LibEWF project is currently hosted at GitHub but the files needed to build the dll shouldn't be downloaded from this location. Instead, per the LibEWF wiki, download a project from this Google drive location

During the writing of this article I downloaded and used libewf-20140608.tar.gz

Download MinGW and start the installation:

At the end of the installation the installation Manager is launched. Do not install anything this way. You can, but I'll show you an easier way to make sure all required packages are installed

At the command prompt (CMD, some call it a DOS box), navigate to the \bin\ folder where you installed MinGW. I have it installed in M:\MinGW, so I would need to go to cd M:\MinGW\bin

Copy and paste following line in the command processor (CMD, command prompt) and press [Enter]:

All the required packages will now install

Unpack the LibEWF project. For this article I unpacked libewf-20140608.tar.gz with an unzip program to my desktop (C:/Users/Peter/Desktop/libewf-20140608)

Start the MinGW console application (called MSYS) via the command processor (CMD), by running:

MSYS will start and looks like this:

Because you will want to copy and paste lines in MSYS you may need to change its properties (certainly after a fresh install).

Right-click on the title bar of the MSYS window and select 'Properties', select the 'Options' tab and tick the 'QuickEdit mode' checkbox, next click 'OK'. You'll notice that a right mouse click on MSYS is in fact a PASTE

Make sure the MinGW directory is mounted. To do this, type (or copy & paste = right mouse click) in MSYS:

Continue in MSYS and navigate to the LibEWF folder. I unpacked the project to my desktop so I copy and pasted:

Continue in MSYS and copy / paste following line:

After a few minutes of building you need to run make in MSYS:

Done ! The resulting dll (libewf-2.dll) will appear in the project's \libewf\.libs\ folder

Check the dll with a dependency checker to see what dlls it uses from the MinGW installation. I checked that already of course and you will need to copy zlib1.dll and libgcc_s_dw2-1.dll from the MinGW installation folder, to the folder where you keep the libewf dll

Lastly, to use the dll with IsoBuster, rename libewf-2.dll to libewf.dll and copy it, together with zlib1.dll and libgcc_s_dw2-1.dll, to the IsoBuster installation /Plugins/ folder. Once located there, IsoBuster will load libewf.dll the moment it needs it.

This step is exactly the same as the one explained before, but if you started from this point on:

The LibEWF project is currently hosted at GitHub but the files needed to build the dll shouldn't be downloaded from this location. Instead, per the LibEWF wiki, download a project from this Google drive location

During the writing of this article I downloaded and used libewf-20140608.tar.gz

Download Borland C++ 5.5 and install it to the suggested default location C:\Borland\BCC55 because the following scripting and code generation depends on that location.

Download the zlib library
Download this project master.zip file, open it and extract generate_bcc32.sh from it (nothing else)
Download libewf-20140608-bcc.patch from this Google drive location, but if you are using a different version of the project you need to look for a patch file for that project. It's also possible that future LibEWF packages won't need the patch file anymore, we'll see.

Because the *.sh script needs to be executed and because the *.patch file needs to be applied first, Unix tools are needed. If you have nothing installed that can deal with it (e.g. CygWin), I suggest the use of MinGW. Installation and use of MinGW was described in a previous part of this article. Let me walk you through what needs to be done:

If MinGW is not yet installed, do exactly what was described in the "Download and install MinGW" part of this article.

At the command prompt (CMD, some call it a DOS box), navigate to the \bin\ folder where you installed MinGW. I have it installed in M:\MinGW, so I would need to go to cd M:\MinGW\bin

Copy and paste following line in the command processor (CMD, command prompt) and press [Enter]:

Patch is needed to be able to apply the *.patch file that you downloaded earlier

Create a new folder (I created /bcc_compile/ on my desktop) and unpack the two libraries zlib-1.2.8.tar.gz and libewf-20140608.tar.gz into this folder. If you're using different versions of these libraries the names will be different as well.

Rename the sub folder zlib-1.2.8 to simply zlib

Copy generate_bcc32.sh and libewf-bcc.patch into the libewf-20140608 sub folder.

Start the MinGW console application (called MSYS) via the command processor (CMD), by running:

For more information on MinGW and how to set it up so that it supports COPY and PASTE, I refer to a previous part in this article.

Continue in MSYS and navigate to the LibEWF folder. I unpacked the project to /bcc_compile/ on my desktop so I copy and pasted:

Continue in MSYS and copy / paste following line:

And next:

The next step is to actually make the dll, but before you do there are some considerations. Make.bat was generated and put in the project folder (\bcc_compile\libewf-20140608\). Open it with a text editor and you'll notice hard coded paths to the BCC32 installation folder (C:\Borland\BCC55\). Hence why I said to install to this folder. The generated *.bcc files also point to the BCC installation folder for includes. If you know what you're doing you can change those paths to a different location, in both the .bat and *.bcc files. Or, in case of the .bat file, simply make them relative and rely on the value in PATH. PATH however is another issue to consider. If you have another Borland/CodeGear/Embarcadero compiler installed, the PATH may very well point to different binaries that will be executed before the BCC 5.5 binaries are considered. So you may want to edit the second line of the .bat file to only use the BCC 5.5 binaries: set PATH=C:\Borland\BCC55\bin.

When you're ready to proceed, navigate to the project folder in the command processor (CMD, command prompt)

And next, still in CMD, run the make.bat file

Everything will compile and the resulting libewf.dll will appear in \libewf-20140608\libewf\ (c:\users\peter\desktop\bcc_compile\libewf-20140608\libewf\ on my system)

With a dependency checker you can see that the dll requires zlib.dll which you will find in the \zlib\ folder (c:\users\peter\desktop\bcc_compile\zlib\ on my system)

To use the dll with IsoBuster, copy it, together with zlib.dll, to the IsoBuster installation \Plugins\ folder. Once located there, IsoBuster will load libewf.dll the moment it needs it.