[Dropper] + implement Dropper UI strings tab page backend (without su…

…spicious artefacts identification) #182 #181

Signed-off-by: Gheorghita Mutu <gheorghitamutu@gmail.com>

GenericPlugins/Dropper/include/Archives.hpp

@@ -4,15 +4,4 @@
 
 namespace GView::GenericPlugins::Droppper::Archives
 {
-enum class Types { MSCAB, RAR, ZIP };
-
-static const std::map<Types, Metadata> TYPES_MAP{
-    { Types::MSCAB,
-      { "MSCAB",
-        "Cabinet (or CAB) is an archive-file format for Microsoft Windows that supports lossless data compression and embedded digital certificates used for "
-        "maintaining archive integrity.",
-        false } },
-    { Types::RAR, { "RAR", "RAR is a proprietary archive file format that supports data compression, error correction and file spanning.", false } },
-    { Types::ZIP, { "ZIP", "ZIP is an archive file format that supports lossless data compression.", false } },
-};
 } // namespace GView::GenericPlugins::Droppper::Archives

GenericPlugins/Dropper/include/Cryptographic.hpp

@@ -4,79 +4,4 @@
 
 namespace GView::GenericPlugins::Droppper::Cryptographic
 {
-enum class Types {
-    CRC16Table,
-    CRC16Table8bit1,
-    CRC16Table8bit2,
-    CRC32Table,
-    CRC64Table,
-    MD5InitValues,
-    SHA1InitValues,
-    ZinflateLengthStarts,
-    ZinflateLengthExtraBits,
-    ZinflateDistanceStarts,
-    ZinflateDistanceExtraBits,
-    ZdeflateLengthCodes,
-    BlowfishPInit,
-    BlowfishSInit,
-    RijndaelTe0,
-    RijndaelTe1,
-    RijndaelTe2,
-    RijndaelTe3,
-    RijndaelTe4,
-    RijndaelTd0,
-    RijndaelTd1,
-    RijndaelTd2,
-    RijndaelTd3,
-    RijndaelTd4,
-    RC2PITABLE,
-    PKCSDigestDecorationMD2,
-    PKCSDigestDecorationMD5,
-    PKCSDigestDecorationRIPEMD160,
-    PKCSDigestDecorationTiger,
-    PKCSDigestDecorationSHA256,
-    PKCSDigestDecorationSHA384,
-    PKCSDigestDecorationSHA512,
-    RC6Stub,
-};
-
-static const std::string_view DEFAULT_CRC_DESCRIPTION{ "A cyclic redundancy check (CRC) is an error-detecting code commonly used in digital networks and "
-                                                       "storage devices to detect accidental changes to digital data." };
-static const std::string_view MISSING_DESCRIPTION{ "Missing description." };
-
-static const std::map<Types, Metadata> TYPES_MAP{
-    { Types::CRC16Table, { "CRC 16 Table", DEFAULT_CRC_DESCRIPTION, false } },
-    { Types::CRC16Table8bit1, { "CRC 16 Table (8 bit - 1)", DEFAULT_CRC_DESCRIPTION, false } },
-    { Types::CRC16Table8bit2, { "CRC 16 Table (8 bit - 2)", DEFAULT_CRC_DESCRIPTION, false } },
-    { Types::CRC32Table, { "CRC 32 Table", DEFAULT_CRC_DESCRIPTION, false } },
-    { Types::CRC64Table, { "CRC 64 Table", DEFAULT_CRC_DESCRIPTION, false } },
-    { Types::MD5InitValues, { "MD5 Init Values", MISSING_DESCRIPTION, false } },
-    { Types::SHA1InitValues, { "SHA1 Init Values", MISSING_DESCRIPTION, false } },
-    { Types::ZinflateLengthStarts, { "Zinflate LengthStarts", MISSING_DESCRIPTION, false } },
-    { Types::ZinflateLengthExtraBits, { "Zinflate LengthExtraBits", MISSING_DESCRIPTION, false } },
-    { Types::ZinflateDistanceStarts, { "Zinflate DistanceStarts", MISSING_DESCRIPTION, false } },
-    { Types::ZinflateDistanceExtraBits, { "Zinflate DistanceExtraBits", MISSING_DESCRIPTION, false } },
-    { Types::ZdeflateLengthCodes, { "Zdeflate LengthCodes", MISSING_DESCRIPTION, false } },
-    { Types::BlowfishPInit, { "Blowfish P-Init", MISSING_DESCRIPTION, false } },
-    { Types::BlowfishSInit, { "Blowfish S-Init", MISSING_DESCRIPTION, false } },
-    { Types::RijndaelTe0, { "Rijndael Te0", MISSING_DESCRIPTION, false } },
-    { Types::RijndaelTe1, { "Rijndael Te1", MISSING_DESCRIPTION, false } },
-    { Types::RijndaelTe2, { "Rijndael Te2", MISSING_DESCRIPTION, false } },
-    { Types::RijndaelTe3, { "Rijndael Te3", MISSING_DESCRIPTION, false } },
-    { Types::RijndaelTe4, { "Rijndael Te4", MISSING_DESCRIPTION, false } },
-    { Types::RijndaelTd0, { "Rijndael Td0", MISSING_DESCRIPTION, false } },
-    { Types::RijndaelTd1, { "Rijndael Td1", MISSING_DESCRIPTION, false } },
-    { Types::RijndaelTd2, { "Rijndael Td2", MISSING_DESCRIPTION, false } },
-    { Types::RijndaelTd3, { "Rijndael Td3", MISSING_DESCRIPTION, false } },
-    { Types::RijndaelTd4, { "Rijndael Td4", MISSING_DESCRIPTION, false } },
-    { Types::RC2PITABLE, { "RC2 PITABLE", MISSING_DESCRIPTION, false } },
-    { Types::PKCSDigestDecorationMD2, { "PKCS DigestDecoration MD2", MISSING_DESCRIPTION, false } },
-    { Types::PKCSDigestDecorationMD5, { "PKCS DigestDecoration MD5", MISSING_DESCRIPTION, false } },
-    { Types::PKCSDigestDecorationRIPEMD160, { "PKCS DigestDecoration RIPEMD160", MISSING_DESCRIPTION, false } },
-    { Types::PKCSDigestDecorationTiger, { "PKCS DigestDecoration Tiger", MISSING_DESCRIPTION, false } },
-    { Types::PKCSDigestDecorationSHA256, { "PKCS DigestDecoration SHA256", MISSING_DESCRIPTION, false } },
-    { Types::PKCSDigestDecorationSHA384, { "PKCS DigestDecoration SHA384", MISSING_DESCRIPTION, false } },
-    { Types::PKCSDigestDecorationSHA512, { "PKCS DigestDecoration SHA512", MISSING_DESCRIPTION, false } },
-    { Types::RC6Stub, { "RC6 Stub", MISSING_DESCRIPTION, false } },
-};
 } // namespace GView::GenericPlugins::Droppper::Cryptographic

GenericPlugins/Dropper/include/Dropper.hpp

@@ -32,12 +32,9 @@ constexpr std::string_view DEFAULT_BINARY_EXCLUDE_CHARSET{ "" };
 constexpr int32 BINARY_CHARSET_MATRIX_SIZE{ 256 };
 constexpr int8 HEX_NUMBER_SIZE{ 4 };
 
-constexpr std::string_view DEFAULT_STRINGS_CHARSET{ "\\x20\\:-+<>!@#$%^&*()[]{}0-9A-Za-z" };
-constexpr int32 STRINGS_CHARSET_MATRIX_SIZE{ 256 };
-
 struct PluginClassification {
-    ObjectCategory category{};
-    uint32 subcategory{ 0 };
+    Category category{};
+    Subcategory subcategory{};
 };
 
 class Instance
@@ -50,13 +47,15 @@ class Instance
         std::unique_ptr<IDrop> textDropper{ nullptr };
         bool initialized{ false };
 
-        bool binaryCharSetMatrix[BINARY_CHARSET_MATRIX_SIZE]{ true };
+        bool binaryCharSetMatrix[BINARY_CHARSET_MATRIX_SIZE]{};
 
         struct Finding {
             uint64 start;
             uint64 end;
             Result result;
             std::string_view dropperName;
+            Category category;
+            Subcategory subcategory;
         };
 
         GView::Utils::ZonesList zones;
@@ -65,7 +64,7 @@ class Instance
 
         std::set<std::filesystem::path> objectPaths;
 
-        bool stringsCharSetMatrix[STRINGS_CHARSET_MATRIX_SIZE]{ true };
+        bool stringsCharSetMatrix[STRINGS_CHARSET_MATRIX_SIZE]{};
     } context;
 
     uint64 objectId{ 0 };
@@ -78,6 +77,7 @@ class Instance
 
   private:
     bool ProcessBinaryDataCharset(std::string_view include, std::string_view exclude);
+    bool FillCharSetMatrix(bool binaryCharSetMatrix[BINARY_CHARSET_MATRIX_SIZE], std::string_view s, bool value);
 
   public:
     Instance() = default;
@@ -87,16 +87,16 @@ class Instance
     BufferView GetPrecachedBuffer(uint64 offset, DataCache& cache);
     std::optional<std::ofstream> InitLogFile(const std::filesystem::path& p, const std::vector<std::pair<uint64, uint64>>& areas);
     bool WriteSummaryToLog(std::ofstream& f, std::map<std::string_view, uint32>& occurences);
-    bool WriteToLog(std::ofstream& f, uint64 start, uint64 end, Result result, std::unique_ptr<IDrop>& dropper);
+    bool WriteToLog(std::ofstream& f, uint64 start, uint64 end, Result result, std::unique_ptr<IDrop>& dropper, bool writeValue = false);
     bool WriteToFile(std::filesystem::path path, uint64 start, uint64 end, std::unique_ptr<IDrop>& dropper, Result result);
-    bool Process(
+    bool DropObjects(
           const std::vector<PluginClassification>& plugins,
           const std::filesystem::path& path,
           const std::filesystem::path& logPath,
           bool recursive,
           bool writeLog,
           bool highlightObjects);
-    bool ProcessObjects(const std::vector<PluginClassification>& plugins, uint64 offset, uint64 size, bool writeLog, bool recursive);
+    bool ProcessObjects(const std::vector<PluginClassification>& plugins, uint64 offset, uint64 size, bool recursive);
     bool SetHighlighting(bool value, bool warn = false);
 
     bool HandleComputationAreas();
@@ -111,5 +111,15 @@ class Instance
           std::string_view includedCharSet,
           std::string_view excludedCharSet,
           Reference<Window> parentWindow);
+
+    bool DropStrings(
+          bool dropAscii,
+          bool dropUnicode,
+          const std::filesystem::path& path,
+          bool simpleLogFormat,
+          uint32 minimumSize,
+          uint32 maximumSize,
+          std::string_view charSet,
+          bool identifyArtefacts);
 };
 } // namespace GView::GenericPlugins::Droppper

GenericPlugins/Dropper/include/DropperUI.hpp

@@ -7,8 +7,8 @@ namespace GView::GenericPlugins::Droppper
 struct ItemMetadata {
     std::optional<ListViewItem> parent;
     std::vector<ListViewItem> children;
-    ObjectCategory category{ ObjectCategory::Archives };
-    uint32 subcategory{ 0 };
+    Category category{};
+    Subcategory subcategory{};
 };
 
 class DropperUI : public Window

GenericPlugins/Dropper/include/Executables.hpp

@@ -4,44 +4,15 @@
 
 namespace GView::GenericPlugins::Droppper::Executables
 {
-enum class Types { MZPE, MachO, MachOFat, COFF, ELF };
-
-static const std::map<Types, Metadata> TYPES_MAP{
-    { Types::MZPE,
-      { "MZPE",
-        "Portable Executable (PE) format is a file format for executables, object code, DLLs and others used in 32-bit and 64-bit versions of Windows "
-        "operating systems, and in UEFI environments.",
-        true } },
-    { Types::MachO,
-      { "Mach-O",
-        "Mach-O, short for Mach object file format, is a file format for executables, object code, shared libraries, dynamically loaded code, and core dumps. "
-        "It was developed to replace the a.out format. Mach-O is used by some systems based on the Mach kernel.NeXTSTEP, macOS, and iOS.",
-        false } },
-    { Types::MachOFat,
-      { "Mach-O Fat", "A fat binary is an uncompressed archive format to embed more than one standalone Mach-O object in a single file.", false } },
-    { Types::COFF,
-      { "COFF",
-        "The Common Object File Format (COFF) is a format for executable, object code, and shared library computer files used on Unix systems. It was "
-        "introduced in Unix System V, replaced the previously used a.out format, and formed the basis for extended specifications such as XCOFF and ECOFF, "
-        "before being largely replaced by ELF, introduced with SVR4. COFF and its variants continue to be used on some Unix-like systems, on Microsoft Windows "
-        "(Portable Executable), in UEFI environments and in some embedded development systems.",
-        false } },
-    { Types::ELF,
-      { "ELF",
-        "ELF is short for Executable and Linkable Format. It's a format used for storing binaries, libraries, and core dumps on disks in Linux and Unix-based "
-        "systems.",
-        false } },
-};
-
 class MZPE : public IDrop
 {
   private:
   public:
     MZPE() = default;
 
     virtual const std::string_view GetName() const override;
-    virtual ObjectCategory GetGroup() const override;
-    virtual uint32 GetSubGroup() const override;
+    virtual Category GetGroup() const override;
+    virtual Subcategory GetSubGroup() const override;
     virtual const std::string_view GetOutputExtension() const override;
     virtual Priority GetPriority() const override;
     virtual bool ShouldGroupInOneFile() const override;

GenericPlugins/Dropper/include/HtmlObjects.hpp

@@ -4,28 +4,14 @@
 
 namespace GView::GenericPlugins::Droppper::HtmlObjects
 {
-enum class Types { IFrame, Script, XML };
-
-static const std::map<Types, Metadata> TYPES_MAP{
-    { Types::IFrame,
-      { "IFrame",
-        "An inline frame (iframe) is a HTML element that loads another HTML page within the document. It essentially puts another webpage within the parent "
-        "page.",
-        true } },
-    { Types::Script,
-      { "Script", "The <script> HTML element is used to embed executable code or data; this is typically used to embed or refer to JavaScript code. ", true } },
-    { Types::XML,
-      { "XML", "Extensible Markup Language (XML) is a markup language and file format for storing, transmitting, and reconstructing arbitrary data.", true } },
-};
-
 class IFrame : public IDrop
 {
   public:
     IFrame() = default;
 
     virtual const std::string_view GetName() const override;
-    virtual ObjectCategory GetGroup() const override;
-    virtual uint32 GetSubGroup() const override;
+    virtual Category GetGroup() const override;
+    virtual Subcategory GetSubGroup() const override;
     virtual const std::string_view GetOutputExtension() const override;
     virtual Priority GetPriority() const override;
     virtual bool ShouldGroupInOneFile() const override;
@@ -38,8 +24,8 @@ class Script : public IDrop
     Script() = default;
 
     virtual const std::string_view GetName() const override;
-    virtual ObjectCategory GetGroup() const override;
-    virtual uint32 GetSubGroup() const override;
+    virtual Category GetGroup() const override;
+    virtual Subcategory GetSubGroup() const override;
     virtual const std::string_view GetOutputExtension() const override;
     virtual Priority GetPriority() const override;
     virtual bool ShouldGroupInOneFile() const override;
@@ -52,8 +38,8 @@ class XML : public IDrop // TODO: maybe a proper XML parser
     XML() = default;
 
     virtual const std::string_view GetName() const override;
-    virtual ObjectCategory GetGroup() const override;
-    virtual uint32 GetSubGroup() const override;
+    virtual Category GetGroup() const override;
+    virtual Subcategory GetSubGroup() const override;
     virtual const std::string_view GetOutputExtension() const override;
     virtual Priority GetPriority() const override;
     virtual bool ShouldGroupInOneFile() const override;