You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
231 lines
7.5 KiB
231 lines
7.5 KiB
diff --git a/api.c b/api.c
|
|
index e3ee339..67463a6 100755
|
|
--- a/api.c
|
|
+++ b/api.c
|
|
@@ -478,7 +478,7 @@ int dump_dirent(int which_one)
|
|
{
|
|
int i;
|
|
char *p;
|
|
- short unknown;
|
|
+ // short unknown;
|
|
struct OLE_DIR *dir;
|
|
|
|
dir = (struct OLE_DIR *) &buffer[which_one * sizeof(struct OLE_DIR)];
|
|
@@ -493,7 +493,7 @@ int dump_dirent(int which_one)
|
|
p = dir->name;
|
|
if (*p < ' ')
|
|
{
|
|
- unknown = *((short *)p);
|
|
+ //unknown = *((short *)p);
|
|
|
|
//fprintf (stderr, "%04x\t", unknown);
|
|
p += 2; /* step over unknown short */
|
|
diff --git a/engine.c b/engine.c
|
|
index 85add5f..4a1ef13 100755
|
|
--- a/engine.c
|
|
+++ b/engine.c
|
|
@@ -316,7 +316,6 @@ int search_chunk(f_state *s, unsigned char *buf, f_info *i, u_int64_t chunk_size
|
|
//u_int64_t buf_off = 0;
|
|
|
|
unsigned char *foundat = buf;
|
|
- unsigned char *current_pos = NULL;
|
|
unsigned char *header_pos = NULL;
|
|
unsigned char *newbuf = NULL;
|
|
unsigned char *ind_ptr = NULL;
|
|
@@ -461,7 +460,6 @@ int search_chunk(f_state *s, unsigned char *buf, f_info *i, u_int64_t chunk_size
|
|
}
|
|
|
|
c_offset = (foundat - buf);
|
|
- current_pos = foundat;
|
|
|
|
/*Now lets analyze the file and see if we can determine its size*/
|
|
|
|
@@ -511,12 +509,12 @@ int search_chunk(f_state *s, unsigned char *buf, f_info *i, u_int64_t chunk_size
|
|
newbuf = read_from_disk(c_offset + f_offset, i, needle->max_len);
|
|
if (newbuf == NULL)
|
|
break;
|
|
- current_pos = extract_file(s,
|
|
- c_offset,
|
|
- newbuf,
|
|
- needle->max_len,
|
|
- needle,
|
|
- f_offset);
|
|
+ extract_file(s,
|
|
+ c_offset,
|
|
+ newbuf,
|
|
+ needle->max_len,
|
|
+ needle,
|
|
+ f_offset);
|
|
|
|
/*Lets put the fp back*/
|
|
fseeko(i->handle, saveme, SEEK_SET);
|
|
diff --git a/extract.c b/extract.c
|
|
index 9639117..4fecde5 100755
|
|
--- a/extract.c
|
|
+++ b/extract.c
|
|
@@ -553,7 +553,6 @@ unsigned char *extract_htm(f_state *s, u_int64_t c_offset, unsigned char *founda
|
|
{
|
|
unsigned char *buf = foundat;
|
|
unsigned char *extractbuf = NULL;
|
|
- unsigned char *currentpos = NULL;
|
|
|
|
int bytes_to_search = 0;
|
|
int i = 0;
|
|
@@ -582,7 +581,6 @@ unsigned char *extract_htm(f_state *s, u_int64_t c_offset, unsigned char *founda
|
|
}
|
|
|
|
/*Store the current position and search for the HTML> tag*/
|
|
- currentpos = foundat;
|
|
foundat = bm_search(needle->footer,
|
|
needle->footer_len,
|
|
foundat,
|
|
@@ -1146,15 +1144,15 @@ unsigned char *extract_mov(f_state *s, u_int64_t c_offset, unsigned char *founda
|
|
unsigned char *extract_wmv(f_state *s, u_int64_t c_offset, unsigned char *foundat, u_int64_t buflen,
|
|
s_spec *needle, u_int64_t f_offset)
|
|
{
|
|
-
|
|
- unsigned char *currentpos = NULL;
|
|
+#ifdef DEBUG
|
|
+ u_int64_t fileObjHeaderSize = 0;
|
|
+#endif
|
|
unsigned char *header = foundat;
|
|
unsigned char *extractbuf = NULL;
|
|
unsigned char *buf = foundat;
|
|
unsigned int size = 0;
|
|
u_int64_t file_size = 0;
|
|
u_int64_t headerSize = 0;
|
|
- u_int64_t fileObjHeaderSize = 0;
|
|
int numberofHeaderObjects = 0;
|
|
int reserved[2];
|
|
int bytes_to_search = 0;
|
|
@@ -1184,7 +1182,6 @@ unsigned char *extract_wmv(f_state *s, u_int64_t c_offset, unsigned char *founda
|
|
return foundat;
|
|
}
|
|
|
|
- currentpos = foundat;
|
|
if (buflen - (foundat - buf) >= needle->max_len)
|
|
bytes_to_search = needle->max_len;
|
|
else
|
|
@@ -1201,7 +1198,9 @@ unsigned char *extract_wmv(f_state *s, u_int64_t c_offset, unsigned char *founda
|
|
if (foundat)
|
|
{
|
|
foundat += 16; /*jump to the headersize*/
|
|
+#ifdef DEBUG
|
|
fileObjHeaderSize = htoll(foundat, FOREMOST_LITTLE_ENDIAN);
|
|
+#endif
|
|
//printx(foundat,0,8);
|
|
foundat += 24; //Jump to the file size obj
|
|
size = htoi(foundat, FOREMOST_LITTLE_ENDIAN);
|
|
@@ -1401,7 +1400,6 @@ unsigned char *extract_gif(f_state *s, u_int64_t c_offset, unsigned char *founda
|
|
s_spec *needle, u_int64_t f_offset)
|
|
{
|
|
unsigned char *buf = foundat;
|
|
- unsigned char *currentpos = foundat;
|
|
unsigned char *extractbuf = NULL;
|
|
int bytes_to_search = 0;
|
|
unsigned short width = 0;
|
|
@@ -1420,7 +1418,6 @@ unsigned char *extract_gif(f_state *s, u_int64_t c_offset, unsigned char *founda
|
|
sprintf(comment, " (%d x %d)", width, height);
|
|
strcat(needle->comment, comment);
|
|
|
|
- currentpos = foundat;
|
|
if (buflen - (foundat - buf) >= needle->max_len)
|
|
bytes_to_search = needle->max_len;
|
|
else
|
|
@@ -1821,7 +1818,6 @@ unsigned char *extract_jpeg(f_state *s, u_int64_t c_offset, unsigned char *found
|
|
s_spec *needle, u_int64_t f_offset)
|
|
{
|
|
unsigned char *buf = foundat;
|
|
- unsigned char *currentpos = NULL;
|
|
|
|
unsigned char *extractbuf = NULL;
|
|
unsigned short headersize;
|
|
@@ -1899,8 +1895,6 @@ unsigned char *extract_jpeg(f_state *s, u_int64_t c_offset, unsigned char *found
|
|
return buf + needle->header_len;
|
|
}
|
|
|
|
- currentpos = foundat;
|
|
-
|
|
//sprintf("Searching for footer\n");
|
|
if (buflen < (foundat - buf)) {
|
|
#ifdef DEBUG
|
|
@@ -2094,19 +2088,21 @@ unsigned char *extract_exe(f_state *s, u_int64_t c_offset, unsigned char *founda
|
|
unsigned char *extractbuf = NULL;
|
|
u_int64_t file_size = 0;
|
|
unsigned short pe_offset = 0;
|
|
- unsigned int SizeOfCode = 0;
|
|
- unsigned int SizeOfInitializedData = 0;
|
|
- unsigned int SizeOfUninitializedData = 0;
|
|
- unsigned int rva = 0;
|
|
unsigned int offset = 0;
|
|
unsigned short sections = 0;
|
|
- unsigned int sizeofimage = 0;
|
|
unsigned int raw_section_size = 0;
|
|
- unsigned int size_of_headers = 0;
|
|
unsigned short dll = 0;
|
|
unsigned int sum = 0;
|
|
unsigned short exe_char = 0;
|
|
+#ifdef DEBUG
|
|
+ unsigned int SizeOfInitializedData = 0;
|
|
+ unsigned int SizeOfUninitializedData = 0;
|
|
+ unsigned int SizeOfCode = 0;
|
|
+ unsigned int rva = 0;
|
|
+ unsigned int sizeofimage = 0;
|
|
+ unsigned int size_of_headers = 0;
|
|
unsigned int align = 0;
|
|
+#endif
|
|
int i = 0;
|
|
time_t compile_time = 0;
|
|
struct tm *ret_time;
|
|
@@ -2167,14 +2163,16 @@ unsigned char *extract_exe(f_state *s, u_int64_t c_offset, unsigned char *founda
|
|
|
|
foundat += 0x18; /*Jump to opt header should be 0x0b 0x01*/
|
|
|
|
+#ifdef DEBUG
|
|
SizeOfCode = htoi(&foundat[4], FOREMOST_LITTLE_ENDIAN);
|
|
SizeOfInitializedData = htoi(&foundat[8], FOREMOST_LITTLE_ENDIAN);
|
|
SizeOfUninitializedData = htoi(&foundat[12], FOREMOST_LITTLE_ENDIAN);
|
|
rva = htoi(&foundat[16], FOREMOST_LITTLE_ENDIAN);
|
|
align = htoi(&foundat[36], FOREMOST_LITTLE_ENDIAN);
|
|
-
|
|
sizeofimage = htoi(&foundat[56], FOREMOST_LITTLE_ENDIAN);
|
|
size_of_headers = htoi(&foundat[60], FOREMOST_LITTLE_ENDIAN);
|
|
+#endif
|
|
+
|
|
foundat += 224;
|
|
|
|
/*Start of sections*/
|
|
@@ -2193,13 +2191,13 @@ unsigned char *extract_exe(f_state *s, u_int64_t c_offset, unsigned char *founda
|
|
sum = offset + raw_section_size;
|
|
}
|
|
|
|
- /*
|
|
+#ifdef DEBUG
|
|
printf("rva is %d sum= %d\n",rva,sum);
|
|
printf("soi is %d,soh is %d \n",sizeofimage,size_of_headers);
|
|
printf("we are off by %d\n",sum-buflen);
|
|
printf("soc=%d ,soidr=%d, souid=%d\n",SizeOfCode,SizeOfInitializedData,SizeOfUninitializedData);
|
|
printf("fs=%d ,extr=%d\n",SizeOfCode+SizeOfInitializedData,SizeOfUninitializedData);
|
|
- */
|
|
+#endif
|
|
file_size = sum;
|
|
if (file_size < 512 || file_size > 4 * MEGABYTE)
|
|
{
|
|
@@ -2267,7 +2265,6 @@ unsigned char *extract_rar(f_state *s, u_int64_t c_offset, unsigned char *founda
|
|
{
|
|
unsigned char *buf = foundat;
|
|
unsigned char *extractbuf = NULL;
|
|
- u_int64_t file_size = 0;
|
|
unsigned short headersize = 0;
|
|
unsigned short flags = 0;
|
|
unsigned int filesize = 0;
|
|
@@ -2424,8 +2421,6 @@ unsigned char *extract_rar(f_state *s, u_int64_t c_offset, unsigned char *founda
|
|
|
|
/*We found the EOF, write the file to disk and return*/
|
|
tot_file_size = (foundat - buf);
|
|
- if (tot_file_size > buflen)
|
|
- file_size = buflen;
|
|
|
|
extractbuf = buf;
|
|
write_to_disk(s, needle, tot_file_size, extractbuf, c_offset + f_offset);
|