[Dropper] + add summary & progress status #182 #181

Signed-off-by: Gheorghita Mutu <gheorghitamutu@gmail.com>
gdt050579 · Apr 12, 2024 · 40b81d9 · 40b81d9
1 parent 77717ba
commit 40b81d9
Show file tree

Hide file tree

Showing 12 changed files with 101 additions and 71 deletions.
diff --git a/GenericPlugins/Dropper/include/Dropper.hpp b/GenericPlugins/Dropper/include/Dropper.hpp
@@ -31,6 +31,8 @@ class Instance
 
     std::map<std::string_view, std::unique_ptr<std::ofstream>> singleFiles;
 
+    inline static constexpr uint32 SEPARATOR_LENGTH = 80;
+
   public:
     Instance()
     {
@@ -82,7 +84,23 @@ class Instance
             stream << "Start Address: " << std::setfill('0') << std::setw(8) << std::hex << std::uppercase << area.first << std::endl;
             stream << "End Address  : " << std::setfill('0') << std::setw(8) << std::hex << std::uppercase << area.second << std::endl;
         }
-        stream << std::setfill('-') << std::setw(59) << '-' << std::endl;
+        stream << std::setfill('-') << std::setw(SEPARATOR_LENGTH) << '-' << std::endl;
+
+        logFile << stream.str();
+        CHECK(logFile.good(), false, "");
+
+        return true;
+    }
+
+    bool WriteSummaryToLog(std::map<std::string_view, uint32>& occurences)
+    {
+        CHECK(logFile.is_open(), false, "");
+
+        std::ostringstream stream;
+        for (const auto& [k, v] : occurences) {
+            stream << std::setfill(' ') << std::left << std::setw(16) << k << ": " << std::right << std::setw(16) << std::dec << v << std::endl;
+        }
+        stream << std::setfill('-') << std::setw(SEPARATOR_LENGTH) << '-' << std::endl;
 
         logFile << stream.str();
         CHECK(logFile.good(), false, "");
@@ -198,16 +216,32 @@ class Instance
 
     bool __Process(Reference<GView::Object> object, uint64 offset, uint64 size)
     {
+        struct Data {
+            uint64 start;
+            uint64 end;
+            Result result;
+            std::string_view dropperName;
+        };
+
+        std::vector<Data> findings;
+        std::map<std::string_view, uint32> occurences;
+
         DataCache& cache  = object->GetData();
         uint64 nextOffset = offset;
 
+        ProgressStatus::Init("Searching...", size, ProgressStatus::Flags::None);
+        LocalString<512> ls;
+        const char* format = "Found [%d] objects...";
         while (offset < size) {
+            if (offset % 1000 == 0) {
+                CHECKBK(ProgressStatus::Update(offset, ls.Format(format, occurences.size())) == false, "");
+            }
+
             auto buffer = GetPrecachedBuffer(offset, cache);
             nextOffset  = offset + 1;
 
             for (uint32 i = 0; i < static_cast<uint32>(Priority::Count); i++) {
                 const auto priority = static_cast<Priority>(i);
-                auto found          = false;
                 for (auto& dropper : context.droppers) {
                     if (dropper->GetPriority() != priority) {
                         continue;
@@ -216,38 +250,31 @@ class Instance
                     uint64 start      = 0;
                     uint64 end        = 0;
                     const auto result = dropper->Check(offset, cache, buffer, start, end);
-                    found             = result != Result::NotFound;
 
-                    switch (result) {
-                    case Result::Buffer:
-                        CHECK(WriteToLog(start, end, result, dropper), false, "");
-                        CHECK(WriteToFile(object, start, end, dropper, result), false, "");
-                        nextOffset = end + 1;
-                        break;
-                    case Result::Ascii:
-                        CHECK(WriteToLog(start, end, result, dropper), false, "");
-                        CHECK(WriteToFile(object, start, end, dropper, result), false, "");
+                    if (result != Result::NotFound) {
+                        const auto name = dropper->GetName();
+                        occurences[name] += 1;
+                        findings.push_back({ start, end, result, name });
                         nextOffset = end + 1;
                         break;
-                    case Result::Unicode:
-                        CHECK(WriteToLog(start, end, result, dropper), false, "");
-                        CHECK(WriteToFile(object, start, end, dropper, result), false, "");
-                        nextOffset = end + 1;
-                        break;
-                    case Result::NotFound:
-                    default:
-                        break;
-                    }
-
-                    if (found) {
-                        break;
                     }
                 }
             }
 
             offset = nextOffset;
         }
 
+        WriteSummaryToLog(occurences);
+        for (const auto& f : findings) {
+            for (auto& dropper : context.droppers) {
+                if (dropper->GetName() == f.dropperName) {
+                    CHECK(WriteToLog(f.start, f.end, f.result, dropper), false, "");
+                    CHECK(WriteToFile(object, f.start, f.end, dropper, f.result), false, "");
+                    break;
+                }
+            }
+        }
+
         return true;
     }
 };

diff --git a/GenericPlugins/Dropper/include/Executables.hpp b/GenericPlugins/Dropper/include/Executables.hpp
@@ -10,11 +10,11 @@ class MZPE : public IDrop
   public:
     MZPE() = default;
 
-    virtual const char* GetName() override;
-    virtual ObjectCategory GetGroup() override;
-    virtual const char* GetOutputExtension() override;
-    virtual Priority GetPriority() override;
-    virtual bool ShouldGroupInOneFile() override;
+    virtual const std::string_view GetName() const override;
+    virtual ObjectCategory GetGroup() const override;
+    virtual const std::string_view GetOutputExtension() const override;
+    virtual Priority GetPriority() const override;
+    virtual bool ShouldGroupInOneFile() const override;
 
     virtual Result Check(uint64 offset, DataCache& file, BufferView precachedBuffer, uint64& start, uint64& end) override;
 };

diff --git a/GenericPlugins/Dropper/include/IDrop.hpp b/GenericPlugins/Dropper/include/IDrop.hpp
@@ -45,33 +45,33 @@ class IDrop
 {
   public:
     // virtual methods
-    virtual const char* GetName()            = 0; // specific dropper mini-plugin name
-    virtual ObjectCategory GetGroup()        = 0; // archive type recognizer, executables type, etc
-    virtual const char* GetOutputExtension() = 0; // dropped file extension
-    virtual Priority GetPriority()           = 0; // get plugin priority
-    virtual bool ShouldGroupInOneFile()      = 0; // URLs, IPs, etc
+    virtual const std::string_view GetName() const            = 0; // specific dropper mini-plugin name
+    virtual ObjectCategory GetGroup() const                   = 0; // archive type recognizer, executables type, etc
+    virtual const std::string_view GetOutputExtension() const = 0; // dropped file extension
+    virtual Priority GetPriority() const                      = 0; // get plugin priority
+    virtual bool ShouldGroupInOneFile() const                 = 0; // URLs, IPs, etc
 
     // prechachedBufferSize -> max 8
     virtual Result Check(uint64 offset, DataCache& file, BufferView precachedBuffer, uint64& start, uint64& end) = 0;
 
     // functii deja existente
-    inline bool IsMagicU16(BufferView precachedBuffer, uint16 magic)
+    inline bool IsMagicU16(BufferView precachedBuffer, uint16 magic) const
     {
         if (precachedBuffer.GetLength() >= 2) {
             return *reinterpret_cast<const uint16*>(precachedBuffer.GetData()) == magic;
         }
         return false;
     }
 
-    inline bool IsMagicU32(BufferView precachedBuffer, uint32 magic)
+    inline bool IsMagicU32(BufferView precachedBuffer, uint32 magic) const
     {
         if (precachedBuffer.GetLength() >= 4) {
             return *reinterpret_cast<const uint32*>(precachedBuffer.GetData()) == magic;
         }
         return false;
     }
 
-    inline bool IsMagicU64(BufferView precachedBuffer, uint64 magic)
+    inline bool IsMagicU64(BufferView precachedBuffer, uint64 magic) const
     {
         if (precachedBuffer.GetLength() >= 8) {
             return *reinterpret_cast<const uint64*>(precachedBuffer.GetData()) == magic;

diff --git a/GenericPlugins/Dropper/include/Multimedia.hpp b/GenericPlugins/Dropper/include/Multimedia.hpp
@@ -10,11 +10,11 @@ class PNG : public IDrop
   public:
     PNG() = default;
 
-    virtual const char* GetName() override;
-    virtual ObjectCategory GetGroup() override;
-    virtual const char* GetOutputExtension() override;
-    virtual Priority GetPriority() override;
-    virtual bool ShouldGroupInOneFile() override;
+    virtual const std::string_view GetName() const override;
+    virtual ObjectCategory GetGroup() const override;
+    virtual const std::string_view GetOutputExtension() const override;
+    virtual Priority GetPriority() const override;
+    virtual bool ShouldGroupInOneFile() const override;
 
     virtual Result Check(uint64 offset, DataCache& file, BufferView precachedBuffer, uint64& start, uint64& end) override;
 };

diff --git a/GenericPlugins/Dropper/include/SpecialStrings.hpp b/GenericPlugins/Dropper/include/SpecialStrings.hpp
@@ -15,18 +15,18 @@ class SpecialStrings : public IDrop
     GView::Regex::Matcher matcherUnicode{};
 
   public:
-    virtual ObjectCategory GetGroup() override;
-    virtual Priority GetPriority() override;
-    virtual bool ShouldGroupInOneFile() override;
+    virtual ObjectCategory GetGroup() const override;
+    virtual Priority GetPriority() const override;
+    virtual bool ShouldGroupInOneFile() const override;
 };
 
 class IpAddress : public SpecialStrings
 {
   public:
     IpAddress(bool caseSensitive, bool unicode);
 
-    virtual const char* GetName() override;
-    virtual const char* GetOutputExtension() override;
+    virtual const std::string_view GetName() const override;
+    virtual const std::string_view GetOutputExtension() const override;
 
     virtual Result Check(uint64 offset, DataCache& file, BufferView precachedBuffer, uint64& start, uint64& end) override;
 };
@@ -35,8 +35,8 @@ class EmailAddress : public SpecialStrings
   public:
     EmailAddress(bool caseSensitive, bool unicode);
 
-    virtual const char* GetName() override;
-    virtual const char* GetOutputExtension() override;
+    virtual const std::string_view GetName() const override;
+    virtual const std::string_view GetOutputExtension() const override;
 
     virtual Result Check(uint64 offset, DataCache& file, BufferView precachedBuffer, uint64& start, uint64& end) override;
 };
@@ -45,8 +45,8 @@ class Filepath : public SpecialStrings
   public:
     Filepath(bool caseSensitive, bool unicode);
 
-    virtual const char* GetName() override;
-    virtual const char* GetOutputExtension() override;
+    virtual const std::string_view GetName() const override;
+    virtual const std::string_view GetOutputExtension() const override;
 
     virtual Result Check(uint64 offset, DataCache& file, BufferView precachedBuffer, uint64& start, uint64& end) override;
 };

diff --git a/GenericPlugins/Dropper/src/Dropper.cpp b/GenericPlugins/Dropper/src/Dropper.cpp
@@ -21,8 +21,9 @@ PLUGIN_EXPORT bool Run(const string_view command, Reference<GView::Object> objec
         auto instance = Instance();
         if (!instance.Process(object)) {
             Dialogs::MessageBox::ShowError("Dropper", "Failed extracting objects!");
+        } else {
+            Dialogs::MessageBox::ShowNotification("Dropper", "Objects extracted.");
         }
-        Dialogs::MessageBox::ShowNotification("Dropper", "Objects extracted.");
         return true;
     }
     return false;

diff --git a/GenericPlugins/Dropper/src/Executables/MZPE.cpp b/GenericPlugins/Dropper/src/Executables/MZPE.cpp
@@ -169,27 +169,27 @@ enum class DirectoryType : uint8 {
     COMDescriptor = 14
 };
 
-const char* MZPE::GetName()
+const std::string_view MZPE::GetName() const
 {
     return "MZPE";
 }
 
-ObjectCategory MZPE::GetGroup()
+ObjectCategory MZPE::GetGroup() const
 {
     return ObjectCategory::Executables;
 }
 
-const char* MZPE::GetOutputExtension()
+const std::string_view MZPE::GetOutputExtension() const
 {
     return "mzpe";
 }
 
-Priority MZPE::GetPriority()
+Priority MZPE::GetPriority() const
 {
     return Priority::Binary;
 }
 
-bool MZPE::ShouldGroupInOneFile()
+bool MZPE::ShouldGroupInOneFile() const
 {
     return false;
 }

diff --git a/GenericPlugins/Dropper/src/Multimedia/PNG.cpp b/GenericPlugins/Dropper/src/Multimedia/PNG.cpp
@@ -5,27 +5,27 @@ namespace GView::GenericPlugins::Droppper::Multimedia
 // https://en.wikipedia.org/wiki/PNG#File_format
 constexpr uint64 IMAGE_PNG_MAGIC = 0x0A1A0A0D474E5089;
 
-const char* PNG::GetName()
+const std::string_view PNG::GetName() const
 {
     return "PNG";
 }
 
-ObjectCategory PNG::GetGroup()
+ObjectCategory PNG::GetGroup() const
 {
     return ObjectCategory::Multimedia;
 }
 
-const char* PNG::GetOutputExtension()
+const std::string_view PNG::GetOutputExtension() const
 {
     return "png";
 }
 
-Priority PNG::GetPriority()
+Priority PNG::GetPriority() const
 {
     return Priority::Binary;
 }
 
-bool PNG::ShouldGroupInOneFile()
+bool PNG::ShouldGroupInOneFile() const
 {
     return false;
 }
@@ -49,6 +49,8 @@ Result PNG::Check(uint64 offset, DataCache& file, BufferView precachedBuffer, ui
         found = chunk_length != 0;
     } while (found);
 
+    CHECK(end - start >= 67, Result::NotFound, ""); // https://belkadan.com/blog/2024/01/The-Biggest-Smallest-PNG/#:~:text=The%20smallest%20PNG%20file%20is,or%20a%201x1%20gray%20image.
+
     return Result::Buffer;
 }
 

diff --git a/GenericPlugins/Dropper/src/SpecialStrings/EmailAddress.cpp b/GenericPlugins/Dropper/src/SpecialStrings/EmailAddress.cpp
@@ -15,12 +15,12 @@ EmailAddress::EmailAddress(bool caseSensitive, bool unicode)
     this->matcherUnicode.Init(EMAIL_REGEX_UNICODE, unicode, caseSensitive);
 }
 
-const char* EmailAddress::GetName()
+const std::string_view EmailAddress::GetName() const
 {
     return "Email Address";
 }
 
-const char* EmailAddress::GetOutputExtension()
+const std::string_view EmailAddress::GetOutputExtension() const
 {
     return "email";
 }

diff --git a/GenericPlugins/Dropper/src/SpecialStrings/Filepath.cpp b/GenericPlugins/Dropper/src/SpecialStrings/Filepath.cpp
@@ -17,12 +17,12 @@ Filepath::Filepath(bool caseSensitive, bool unicode)
     this->matcherUnicode.Init(PATH_REGEX_UNICODE, unicode, caseSensitive);
 }
 
-const char* Filepath::GetName()
+const std::string_view Filepath::GetName() const
 {
     return "Filepath";
 }
 
-const char* Filepath::GetOutputExtension()
+const std::string_view Filepath::GetOutputExtension() const
 {
     return "filepath";
 }

diff --git a/GenericPlugins/Dropper/src/SpecialStrings/IpAddress.cpp b/GenericPlugins/Dropper/src/SpecialStrings/IpAddress.cpp
@@ -17,12 +17,12 @@ IpAddress::IpAddress(bool caseSensitive, bool unicode)
     this->matcherUnicode.Init(IPS_REGEX_UNICODE, unicode, caseSensitive);
 }
 
-const char* IpAddress::GetName()
+const std::string_view IpAddress::GetName() const
 {
     return "IP Address";
 }
 
-const char* IpAddress::GetOutputExtension()
+const std::string_view IpAddress::GetOutputExtension() const
 {
     return "ip";
 }

diff --git a/GenericPlugins/Dropper/src/SpecialStrings/SpecialStrings.cpp b/GenericPlugins/Dropper/src/SpecialStrings/SpecialStrings.cpp
@@ -4,17 +4,17 @@
 
 namespace GView::GenericPlugins::Droppper::SpecialStrings
 {
-ObjectCategory SpecialStrings::GetGroup()
+ObjectCategory SpecialStrings::GetGroup() const
 {
     return ObjectCategory::SpecialStrings;
 }
 
-Priority SpecialStrings::GetPriority()
+Priority SpecialStrings::GetPriority() const
 {
     return Priority::Text;
 }
 
-bool SpecialStrings::ShouldGroupInOneFile()
+bool SpecialStrings::ShouldGroupInOneFile() const
 {
     return true;
 }