[Dropper] + implement Dropper UI objects tab page fronted (wip) #182 #…

…181 Signed-off-by: Gheorghita Mutu <gheorghitamutu@gmail.com>
gdt050579 · May 1, 2024 · b916c81 · b916c81
1 parent 6ec38d3
commit b916c81
Show file tree

Hide file tree

Showing 13 changed files with 566 additions and 374 deletions.
diff --git a/GenericPlugins/Dropper/include/Archives.hpp b/GenericPlugins/Dropper/include/Archives.hpp
@@ -0,0 +1,18 @@
+#pragma once
+
+#include "IDrop.hpp"
+
+namespace GView::GenericPlugins::Droppper::Archives
+{
+enum class Types { MSCAB, RAR, ZIP };
+
+static const std::map<Types, Metadata> TYPES_MAP{
+    { Types::MSCAB,
+      { "MSCAB",
+        "Cabinet (or CAB) is an archive-file format for Microsoft Windows that supports lossless data compression and embedded digital certificates used for "
+        "maintaining archive integrity.",
+        false } },
+    { Types::RAR, { "RAR", "RAR is a proprietary archive file format that supports data compression, error correction and file spanning.", false } },
+    { Types::ZIP, { "ZIP", "ZIP is an archive file format that supports lossless data compression.", false } },
+};
+} // namespace GView::GenericPlugins::Droppper::Archives
diff --git a/GenericPlugins/Dropper/include/Cryptographic.hpp b/GenericPlugins/Dropper/include/Cryptographic.hpp
@@ -0,0 +1,81 @@
+#pragma once
+
+#include "IDrop.hpp"
+
+namespace GView::GenericPlugins::Droppper::Cryptographic
+{
+enum class Types {
+    CRC16Table,
+    CRC16Table8bit1,
+    CRC16Table8bit2,
+    CRC32Table,
+    CRC64Table,
+    MD5InitValues,
+    SHA1InitValues,
+    ZinflateLengthStarts,
+    ZinflateLengthExtraBits,
+    ZinflateDistanceStarts,
+    ZinflateDistanceExtraBits,
+    ZdeflateLengthCodes,
+    BlowfishPInit,
+    BlowfishSInit,
+    RijndaelTe0,
+    RijndaelTe1,
+    RijndaelTe2,
+    RijndaelTe3,
+    RijndaelTe4,
+    RijndaelTd0,
+    RijndaelTd1,
+    RijndaelTd2,
+    RijndaelTd3,
+    RijndaelTd4,
+    RC2PITABLE,
+    PKCSDigestDecorationMD2,
+    PKCSDigestDecorationMD5,
+    PKCSDigestDecorationRIPEMD160,
+    PKCSDigestDecorationTiger,
+    PKCSDigestDecorationSHA256,
+    PKCSDigestDecorationSHA384,
+    PKCSDigestDecorationSHA512,
+    RC6Stub,
+};
+
+static const std::string_view DEFAULT_CRC_DESCRIPTION{ "A cyclic redundancy check (CRC) is an error-detecting code commonly used in digital networks and "
+                                                       "storage devices to detect accidental changes to digital data." };
+
+static const std::map<Types, Metadata> TYPES_MAP{
+    { Types::CRC16Table, { "CRC 16 Table", DEFAULT_CRC_DESCRIPTION, false } },
+    { Types::CRC16Table8bit1, { "CRC 16 Table (8 bit - 1)", DEFAULT_CRC_DESCRIPTION, false } },
+    { Types::CRC16Table8bit2, { "CRC 16 Table (8 bit - 2)", DEFAULT_CRC_DESCRIPTION, false } },
+    { Types::CRC32Table, { "CRC 32 Table", DEFAULT_CRC_DESCRIPTION, false } },
+    { Types::CRC64Table, { "CRC 64 Table", DEFAULT_CRC_DESCRIPTION, false } },
+    { Types::MD5InitValues, { "MD5 Init Values", "", false } },
+    { Types::SHA1InitValues, { "SHA1 Init Values", "", false } },
+    { Types::ZinflateLengthStarts, { "Zinflate LengthStarts", "", false } },
+    { Types::ZinflateLengthExtraBits, { "Zinflate LengthExtraBits", "", false } },
+    { Types::ZinflateDistanceStarts, { "Zinflate DistanceStarts", "", false } },
+    { Types::ZinflateDistanceExtraBits, { "Zinflate DistanceExtraBits", "", false } },
+    { Types::ZdeflateLengthCodes, { "Zdeflate LengthCodes", "", false } },
+    { Types::BlowfishPInit, { "Blowfish P-Init", "", false } },
+    { Types::BlowfishSInit, { "Blowfish S-Init", "", false } },
+    { Types::RijndaelTe0, { "Rijndael Te0", "", false } },
+    { Types::RijndaelTe1, { "Rijndael Te1", "", false } },
+    { Types::RijndaelTe2, { "Rijndael Te2", "", false } },
+    { Types::RijndaelTe3, { "Rijndael Te3", "", false } },
+    { Types::RijndaelTe4, { "Rijndael Te4", "", false } },
+    { Types::RijndaelTd0, { "Rijndael Td0", "", false } },
+    { Types::RijndaelTd1, { "Rijndael Td1", "", false } },
+    { Types::RijndaelTd2, { "Rijndael Td2", "", false } },
+    { Types::RijndaelTd3, { "Rijndael Td3", "", false } },
+    { Types::RijndaelTd4, { "Rijndael Td4", "", false } },
+    { Types::RC2PITABLE, { "RC2 PITABLE", "", false } },
+    { Types::PKCSDigestDecorationMD2, { "PKCS DigestDecoration MD2", "", false } },
+    { Types::PKCSDigestDecorationMD5, { "PKCS DigestDecoration MD5", "", false } },
+    { Types::PKCSDigestDecorationRIPEMD160, { "PKCS DigestDecoration RIPEMD160", "", false } },
+    { Types::PKCSDigestDecorationTiger, { "PKCS DigestDecoration Tiger", "", false } },
+    { Types::PKCSDigestDecorationSHA256, { "PKCS DigestDecoration SHA256", "", false } },
+    { Types::PKCSDigestDecorationSHA384, { "PKCS DigestDecoration SHA384", "", false } },
+    { Types::PKCSDigestDecorationSHA512, { "PKCS DigestDecoration SHA512", "", false } },
+    { Types::RC6Stub, { "RC6 Stub", "", false } },
+};
+} // namespace GView::GenericPlugins::Droppper::Cryptographic
diff --git a/GenericPlugins/Dropper/include/Dropper.hpp b/GenericPlugins/Dropper/include/Dropper.hpp
@@ -11,12 +11,18 @@
 #include "Executables.hpp"
 #include "Multimedia.hpp"
 #include "HtmlObjects.hpp"
+#include "Images.hpp"
+#include "Archives.hpp"
+#include "Cryptographic.hpp"
 
 using namespace GView::Utils;
 using namespace GView::GenericPlugins::Droppper::SpecialStrings;
 using namespace GView::GenericPlugins::Droppper::Executables;
 using namespace GView::GenericPlugins::Droppper::Multimedia;
 using namespace GView::GenericPlugins::Droppper::HtmlObjects;
+using namespace GView::GenericPlugins::Droppper::Images;
+using namespace GView::GenericPlugins::Droppper::Archives;
+using namespace GView::GenericPlugins::Droppper::Cryptographic;
 
 namespace GView::GenericPlugins::Droppper
 {

diff --git a/GenericPlugins/Dropper/include/DropperUI.hpp b/GenericPlugins/Dropper/include/DropperUI.hpp
@@ -4,6 +4,13 @@
 
 namespace GView::GenericPlugins::Droppper
 {
+struct ItemMetadata {
+    std::optional<ListViewItem> parent;
+    std::vector<ListViewItem> children;
+    ObjectCategory category{ ObjectCategory::Archives };
+    uint32 subcategory{ 0 };
+};
+
 class DropperUI : public Window
 {
   private:
@@ -24,7 +31,11 @@ class DropperUI : public Window
     Reference<RadioBox> overwriteFile;
     Reference<RadioBox> appendToFile;
 
-    private:
+    Reference<ListView> objectsPlugins;
+    std::vector<ItemMetadata> objectsMetadata;
+    Reference<Label> currentObjectDescription;
+
+  private:
     bool DropBinary();
 
   public:

diff --git a/GenericPlugins/Dropper/include/Executables.hpp b/GenericPlugins/Dropper/include/Executables.hpp
@@ -4,6 +4,35 @@
 
 namespace GView::GenericPlugins::Droppper::Executables
 {
+enum class Types { MZPE, MachO, MachOFat, COFF, ELF };
+
+static const std::map<Types, Metadata> TYPES_MAP{
+    { Types::MZPE,
+      { "MZPE",
+        "Portable Executable (PE) format is a file format for executables, object code, DLLs and others used in 32-bit and 64-bit versions of Windows "
+        "operating systems, and in UEFI environments.",
+        true } },
+    { Types::MachO,
+      { "Mach-O",
+        "Mach-O, short for Mach object file format, is a file format for executables, object code, shared libraries, dynamically loaded code, and core dumps. "
+        "It was developed to replace the a.out format. Mach-O is used by some systems based on the Mach kernel.NeXTSTEP, macOS, and iOS.",
+        false } },
+    { Types::MachOFat,
+      { "Mach-O Fat", "A fat binary is an uncompressed archive format to embed more than one standalone Mach-O object in a single file.", false } },
+    { Types::COFF,
+      { "COFF",
+        "The Common Object File Format (COFF) is a format for executable, object code, and shared library computer files used on Unix systems. It was "
+        "introduced in Unix System V, replaced the previously used a.out format, and formed the basis for extended specifications such as XCOFF and ECOFF, "
+        "before being largely replaced by ELF, introduced with SVR4. COFF and its variants continue to be used on some Unix-like systems, on Microsoft Windows "
+        "(Portable Executable), in UEFI environments and in some embedded development systems.",
+        false } },
+    { Types::ELF,
+      { "ELF",
+        "ELF is short for Executable and Linkable Format. It's a format used for storing binaries, libraries, and core dumps on disks in Linux and Unix-based "
+        "systems.",
+        false } },
+};
+
 class MZPE : public IDrop
 {
   private:

diff --git a/GenericPlugins/Dropper/include/HtmlObjects.hpp b/GenericPlugins/Dropper/include/HtmlObjects.hpp
@@ -4,6 +4,20 @@
 
 namespace GView::GenericPlugins::Droppper::HtmlObjects
 {
+enum class Types { IFrame, Script, XML };
+
+static const std::map<Types, Metadata> TYPES_MAP{
+    { Types::IFrame,
+      { "IFrame",
+        "An inline frame (iframe) is a HTML element that loads another HTML page within the document. It essentially puts another webpage within the parent "
+        "page.",
+        true } },
+    { Types::Script,
+      { "Script", "The <script> HTML element is used to embed executable code or data; this is typically used to embed or refer to JavaScript code. ", true } },
+    { Types::XML,
+      { "XML", "Extensible Markup Language (XML) is a markup language and file format for storing, transmitting, and reconstructing arbitrary data.", true } },
+};
+
 class IFrame : public IDrop
 {
   public:
@@ -30,7 +44,7 @@ class Script : public IDrop
 
     virtual Result Check(uint64 offset, DataCache& file, BufferView precachedBuffer, uint64& start, uint64& end) override;
 };
-class XML : public IDrop
+class XML : public IDrop // TODO: maybe a proper XML parser
 {
   public:
     XML() = default;

diff --git a/GenericPlugins/Dropper/include/IDrop.hpp b/GenericPlugins/Dropper/include/IDrop.hpp
@@ -25,25 +25,37 @@ static const std::map<Result, std::string_view> RESULT_MAP{
 enum class Priority : uint32 { Binary = 0, Text = 1, Count = 2 };
 
 enum class ObjectCategory : uint32 {
-    Archive        = 0,
-    AVStrings      = 1,
-    Cryptographic  = 2,
-    Executables    = 3,
-    HtmlObjects    = 4,
-    Image          = 5,
-    Multimedia     = 6,
-    SpecialStrings = 7,
+    Archives       = 0,
+    Cryptographic  = 1,
+    Executables    = 2,
+    HtmlObjects    = 3,
+    Image          = 4,
+    Multimedia     = 5,
+    SpecialStrings = 6,
 };
 
 static const std::map<ObjectCategory, std::string_view> OBJECT_CATEGORY_MAP{
-    { ObjectCategory::Archive, "Archive" },         { ObjectCategory::AVStrings, "AV Strings" },           { ObjectCategory::Cryptographic, "Cryptographic" },
-    { ObjectCategory::Executables, "Executables" }, { ObjectCategory::HtmlObjects, "HtmlObjects" },        { ObjectCategory::Image, "Image" },
-    { ObjectCategory::Multimedia, "Multimedia" },   { ObjectCategory::SpecialStrings, "Special Strings" },
+    { ObjectCategory::Archives, "Archives" },
+    { ObjectCategory::Cryptographic, "Cryptographic" },
+    { ObjectCategory::Executables, "Executables" },
+    { ObjectCategory::HtmlObjects, "HtmlObjects" },
+    { ObjectCategory::Image, "Image" },
+    { ObjectCategory::Multimedia, "Multimedia" },
+    { ObjectCategory::SpecialStrings, "Special Strings" },
+};
+
+static const std::map<ObjectCategory, std::string_view> OBJECT_DECRIPTION_MAP{
+    { ObjectCategory::Archives, "Identifies various archive formats." },
+    { ObjectCategory::Cryptographic, "Identifies various cryptographic tables or magics." },
+    { ObjectCategory::Executables, "Identifies various executables formats." },
+    { ObjectCategory::HtmlObjects, "Identifies various objects usually embedded into HTMLs files." },
+    { ObjectCategory::Image, "Indentifies various image file formats." },
+    { ObjectCategory::Multimedia, "Identifies various multimedia formats." },
+    { ObjectCategory::SpecialStrings, "Identifies special string classes (IPs, URLs, etc.)." },
 };
 
 static const std::map<ObjectCategory, ColorPair> OBJECT_CATEGORY_COLOR_MAP{
-    { ObjectCategory::Archive, ColorPair{ .Foreground = Color::White, .Background = Color::Black } },
-    { ObjectCategory::AVStrings, ColorPair{ .Foreground = Color::White, .Background = Color::DarkBlue } },
+    { ObjectCategory::Archives, ColorPair{ .Foreground = Color::White, .Background = Color::Black } },
     { ObjectCategory::Cryptographic, ColorPair{ .Foreground = Color::White, .Background = Color::DarkGreen } },
     { ObjectCategory::Executables, ColorPair{ .Foreground = Color::White, .Background = Color::Teal } },
     { ObjectCategory::HtmlObjects, ColorPair{ .Foreground = Color::White, .Background = Color::DarkRed } },
@@ -52,6 +64,12 @@ static const std::map<ObjectCategory, ColorPair> OBJECT_CATEGORY_COLOR_MAP{
     { ObjectCategory::SpecialStrings, ColorPair{ .Foreground = Color::Black, .Background = Color::Silver } },
 };
 
+struct Metadata {
+    const std::string_view name;
+    const std::string_view description;
+    const bool availability;
+};
+
 class IDrop
 {
   public:

diff --git a/GenericPlugins/Dropper/include/Images.hpp b/GenericPlugins/Dropper/include/Images.hpp
@@ -0,0 +1,40 @@
+#pragma once
+
+#include "IDrop.hpp"
+
+namespace GView::GenericPlugins::Droppper::Images
+{
+enum class Types { BMP, JPG, PNG, GIF };
+
+static const std::map<Types, Metadata> TYPES_MAP{
+    { Types::BMP,
+      { "BMP",
+        "The BMP file format or bitmap, is a raster graphics image file format used to store bitmap digital images, independently of the display device.",
+        false } },
+    { Types::JPG,
+      { "JPG",
+        "JP(E)G (Joint Photographic Experts Group) is a commonly used method of lossy compression for digital images, particularly "
+        "for those images produced by digital photography.",
+        false } },
+    { Types::PNG, { "PNG", "Portable Network Graphics is a raster-graphics file format that supports lossless data compression.", false } },
+    { Types::GIF,
+      { "GIF",
+        "GIF stands for Graphics Interchange Format. GIF is a raster file format designed for relatively basic images that appear mainly on the internet.",
+        false } },
+};
+
+class PNG : public IDrop
+{
+  private:
+  public:
+    PNG() = default;
+
+    virtual const std::string_view GetName() const override;
+    virtual ObjectCategory GetGroup() const override;
+    virtual const std::string_view GetOutputExtension() const override;
+    virtual Priority GetPriority() const override;
+    virtual bool ShouldGroupInOneFile() const override;
+
+    virtual Result Check(uint64 offset, DataCache& file, BufferView precachedBuffer, uint64& start, uint64& end) override;
+};
+} // namespace GView::GenericPlugins::Droppper::Images
diff --git a/GenericPlugins/Dropper/include/Multimedia.hpp b/GenericPlugins/Dropper/include/Multimedia.hpp
@@ -4,18 +4,15 @@
 
 namespace GView::GenericPlugins::Droppper::Multimedia
 {
-class PNG : public IDrop
-{
-  private:
-  public:
-    PNG() = default;
 
-    virtual const std::string_view GetName() const override;
-    virtual ObjectCategory GetGroup() const override;
-    virtual const std::string_view GetOutputExtension() const override;
-    virtual Priority GetPriority() const override;
-    virtual bool ShouldGroupInOneFile() const override;
+enum class Types { RIFF, SWF };
 
-    virtual Result Check(uint64 offset, DataCache& file, BufferView precachedBuffer, uint64& start, uint64& end) override;
+static const std::map<Types, Metadata> TYPES_MAP{
+    { Types::RIFF,
+      { "RIFF",
+        "Resource Interchange File Format (RIFF) is a generic file container format for storing data in tagged chunks. It is primarily used for audio and "
+        "video, though it can be used for arbitrary data.",
+        false } },
+    { Types::SWF, { "SWF", "SWF is a defunct Adobe Flash file format that was used for multimedia, vector graphics and ActionScript.", false } },
 };
 } // namespace GView::GenericPlugins::Droppper::Multimedia
diff --git a/GenericPlugins/Dropper/include/SpecialStrings.hpp b/GenericPlugins/Dropper/include/SpecialStrings.hpp
@@ -6,6 +6,33 @@
 
 namespace GView::GenericPlugins::Droppper::SpecialStrings
 {
+enum class Types { Email, Filepath, IP, Registry, URL, Wallet };
+
+static const std::map<Types, Metadata> TYPES_MAP{
+    { Types::Email, { "Email address", "An email address identifies an email box to which messages are delivered.", true } },
+    { Types::Filepath, { "Filepath", "A path is a string of characters used to uniquely identify a location in a directory structure.", true } },
+    { Types::IP,
+      { "IP address",
+        "An Internet Protocol address is a numerical label such as 192.0.2.1 that is assigned to a device connected to a computer network that uses the "
+        "Internet Protocol for communication.",
+        true } },
+    { Types::Registry,
+      { "Registry entry",
+        "The Windows Registry is a hierarchical database that stores low-level settings for the Microsoft Windows operating system and for applications that "
+        "opt to use the registry.",
+        true } },
+    { Types::URL,
+      { "URL",
+        "A uniform resource locator, colloquially known as an address on the Web, is a reference to a resource that specifies its location on a computer "
+        "network and a mechanism for retrieving it.",
+        true } },
+    { Types::Email,
+      { "Wallet address",
+        "A wallet address, a unique identifier in the blockchain, is a randomly generated series of alphanumeric characters that corresponds to a specific "
+        "cryptocurrency stored in a blockchain wallet.",
+        true } },
+};
+
 class SpecialStrings : public IDrop
 {
   protected:
@@ -80,6 +107,8 @@ class Registry : public SpecialStrings
 
     virtual Result Check(uint64 offset, DataCache& file, BufferView precachedBuffer, uint64& start, uint64& end) override;
 };
+
+// text class has a separate purpose
 class Text : public SpecialStrings
 {
   private:
@@ -93,7 +122,7 @@ class Text : public SpecialStrings
     virtual const std::string_view GetOutputExtension() const override;
 
     virtual Result Check(uint64 offset, DataCache& file, BufferView precachedBuffer, uint64& start, uint64& end) override;
-    
+
     bool SetMinLength(uint32 minLength);
     bool SetMaxLength(uint32 maxLength);
 };