[Dropper] + implement Dropper UI strings tab page frontend (without s…

…uspicious artefacts dialog) #182 #181

Signed-off-by: Gheorghita Mutu <gheorghitamutu@gmail.com>

GenericPlugins/Dropper/include/Dropper.hpp

@@ -27,11 +27,14 @@ using namespace GView::GenericPlugins::Droppper::Cryptographic;
 
 namespace GView::GenericPlugins::Droppper
 {
-constexpr std::string_view DEFAULT_INCLUDE_CHARSET{ "\\x00-\\xff" };
-constexpr std::string_view DEFAULT_EXCLUDE_CHARSET{ "" };
-constexpr int32 CHARSET_MATRIX_SIZE{ 256 };
+constexpr std::string_view DEFAULT_BINARY_INCLUDE_CHARSET{ "\\x00-\\xff" };
+constexpr std::string_view DEFAULT_BINARY_EXCLUDE_CHARSET{ "" };
+constexpr int32 BINARY_CHARSET_MATRIX_SIZE{ 256 };
 constexpr int8 HEX_NUMBER_SIZE{ 4 };
 
+constexpr std::string_view DEFAULT_STRINGS_CHARSET{ "\\x20\\:-+<>!@#$%^&*()[]{}0-9A-Za-z" };
+constexpr int32 STRINGS_CHARSET_MATRIX_SIZE{ 256 };
+
 struct PluginClassification {
     ObjectCategory category{};
     uint32 subcategory{ 0 };
@@ -47,7 +50,7 @@ class Instance
         std::unique_ptr<IDrop> textDropper{ nullptr };
         bool initialized{ false };
 
-        bool textMatrix[CHARSET_MATRIX_SIZE]{ true };
+        bool binaryCharSetMatrix[BINARY_CHARSET_MATRIX_SIZE]{ true };
 
         struct Finding {
             uint64 start;
@@ -61,6 +64,8 @@ class Instance
         std::map<std::string_view, uint32> occurences;
 
         std::set<std::filesystem::path> objectPaths;
+
+        bool stringsCharSetMatrix[STRINGS_CHARSET_MATRIX_SIZE]{ true };
     } context;
 
     uint64 objectId{ 0 };

GenericPlugins/Dropper/include/DropperUI.hpp

@@ -26,8 +26,8 @@ class DropperUI : public Window
     Reference<RadioBox> computeForSelection;
 
     Reference<TextField> binaryFilename;
-    Reference<TextField> includedCharset;
-    Reference<TextField> excludedCharset;
+    Reference<TextField> binaryIncludedCharset;
+    Reference<TextField> binaryExcludedCharset;
 
     Reference<CheckBox> checkboxOpenDroppedFile;
     Reference<RadioBox> overwriteFile;
@@ -45,6 +45,19 @@ class DropperUI : public Window
     Reference<CheckBox> openDroppedObjects;
     Reference<CheckBox> highlightObjects;
 
+    std::filesystem::path stringsFilename;
+    Reference<TextField> stringsLogFilename;
+    Reference<CheckBox> dropAsciiStrings;
+    Reference<CheckBox> dropUnicodeStrings;
+    Reference<RadioBox> logDumpSimple;
+    Reference<RadioBox> logDumpTabular;
+    Reference<TextField> minimumStringSize;
+    Reference<TextField> maximumStringSize;
+    Reference<TextField> stringsCharset;
+    Reference<CheckBox> identifyStringsArtefacts;
+    Reference<CheckBox> openArtefactsInView;
+    Reference<CheckBox> openStringsLogFile;
+
   private:
     bool DropBinary();
     const std::vector<PluginClassification> GetActivePlugins();

GenericPlugins/Dropper/src/Dropper.cpp

@@ -240,7 +240,7 @@ bool Instance::ProcessObjects(const std::vector<PluginClassification>& plugins,
 
     ProgressStatus::Init("Searching...", size);
     LocalString<512> ls;
-    const char* format          = "[%llu/%llu] bytes... Found [%u] objects.";
+    const char* format          = "[%llu/%llu] bytes... Found [%u] object(s).";
     constexpr uint64 CHUNK_SIZE = 10000;
     uint64 chunks               = offset / CHUNK_SIZE;
     uint64 toUpdate             = chunks * CHUNK_SIZE;
@@ -437,7 +437,7 @@ bool Instance::DropBinaryData(
 
             for (int32 i = 0; i < bf.GetLength(); i++) {
                 const auto c = bf[i];
-                if (context.textMatrix[c]) {
+                if (context.binaryCharSetMatrix[c]) {
                     droppedFile << c;
                 }
             }
@@ -450,7 +450,7 @@ bool Instance::DropBinaryData(
             while (bf.IsValid() && !bf.Empty()) {
                 for (int32 i = 0; i < bf.GetLength(); i++) {
                     const auto c = bf[i];
-                    if (context.textMatrix[c]) {
+                    if (context.binaryCharSetMatrix[c]) {
                         droppedFile << c;
                     }
                 }
@@ -495,12 +495,12 @@ static std::optional<int32> HexToByte(std::string_view s)
 
 bool Instance::ProcessBinaryDataCharset(std::string_view include, std::string_view exclude)
 {
-    if (include == DEFAULT_INCLUDE_CHARSET && exclude == DEFAULT_EXCLUDE_CHARSET) {
-        memset(context.textMatrix, true, CHARSET_MATRIX_SIZE);
+    if (include == DEFAULT_BINARY_INCLUDE_CHARSET && exclude == DEFAULT_BINARY_EXCLUDE_CHARSET) {
+        memset(context.binaryCharSetMatrix, true, BINARY_CHARSET_MATRIX_SIZE);
         return true;
     }
 
-    memset(context.textMatrix, false, CHARSET_MATRIX_SIZE);
+    memset(context.binaryCharSetMatrix, false, BINARY_CHARSET_MATRIX_SIZE);
 
     const auto ValidateHex = [](std::string_view s) -> bool {
         CHECK(s[0] == '\\', false, "");
@@ -542,7 +542,7 @@ bool Instance::ProcessBinaryDataCharset(std::string_view include, std::string_vi
                     }
                 }
 
-                memset(context.textMatrix + *v1, value, static_cast<uint64>(*v2) - *v1 + 1);
+                memset(context.binaryCharSetMatrix + *v1, value, static_cast<uint64>(*v2) - *v1 + 1);
             } break;
             default: {
                 const auto v1 = s[i] - '0';
@@ -562,7 +562,7 @@ bool Instance::ProcessBinaryDataCharset(std::string_view include, std::string_vi
                     }
                 }
 
-                memset(context.textMatrix + v1, value, static_cast<uint64>(v2) - v1 + 1);
+                memset(context.binaryCharSetMatrix + v1, value, static_cast<uint64>(v2) - v1 + 1);
             } break;
             }
         }

GenericPlugins/Dropper/src/DropperUI.cpp

@@ -21,17 +21,26 @@ constexpr int32 RADIO_GROUP_COMPUTATION = 1;
 constexpr int32 RADIO_ID_FILE           = 1;
 constexpr int32 RADIO_ID_SELECTION      = 2;
 
-constexpr int32 CHECKBOX_ID_OPEN_DROPPED_FILE         = 1;
-constexpr int32 CHECKBOX_ID_RECURSIVE_OBJECTS         = 2;
-constexpr int32 CHECKBOX_ID_WRITE_LOG_OBJECTS         = 3;
-constexpr int32 CHECKBOX_ID_OPEN_LOG_OBJECTS          = 4;
-constexpr int32 CHECKBOX_ID_OPEN_DROPPED_OBJECTS      = 5;
-constexpr int32 CHECKBOX_ID_HIGHLIGHT_DROPPED_OBJECTS = 6;
+constexpr int32 CHECKBOX_ID_OPEN_DROPPED_FILE          = 1;
+constexpr int32 CHECKBOX_ID_RECURSIVE_OBJECTS          = 2;
+constexpr int32 CHECKBOX_ID_WRITE_LOG_OBJECTS          = 3;
+constexpr int32 CHECKBOX_ID_OPEN_LOG_OBJECTS           = 4;
+constexpr int32 CHECKBOX_ID_OPEN_DROPPED_OBJECTS       = 5;
+constexpr int32 CHECKBOX_ID_HIGHLIGHT_DROPPED_OBJECTS  = 6;
+constexpr int32 CHECKBOX_ID_DROP_ASCII_STRINGS         = 7;
+constexpr int32 CHECKBOX_ID_DROP_UNICODE_STRINGS       = 8;
+constexpr int32 CHECKBOX_ID_OPEN_STRINGS_LOG_FILE      = 9;
+constexpr int32 CHECKBOX_ID_IDENTIFY_STRINGS_ARTEFACTS = 10;
+constexpr int32 CHECKBOX_ID_OPEN_STRINGS_ARTEFACTS     = 11;
 
 constexpr int32 RADIO_GROUP_BINARY_DATA_FILE = 2;
 constexpr int32 RADIO_ID_OVERWRITE_FILE      = 1;
 constexpr int32 RADIO_ID_APPEND_TO_FILE      = 2;
 
+constexpr int32 RADIO_GROUP_STRING_DUMP_FORMAT = 3;
+constexpr int32 RADIO_ID_STRING_DUMP_SIMPLE    = 1;
+constexpr int32 RADIO_ID_STRING_DUMP_TABULAR   = 2;
+
 constexpr int32 CMD_BINARY_DATA_DROP                    = 1;
 constexpr int32 CMD_BINARY_OBJECTS_DROP                 = 2;
 constexpr int32 CMD_BINARY_OBJECTS_HIGHLIGHTING         = 3;
@@ -82,10 +91,10 @@ DropperUI::DropperUI(Reference<GView::Object> object) : Window("Dropper", "d:c,w
     this->binaryFilename = Factory::TextField::Create(tpb, droppedFilename.filename().u16string(), "x:15%,y:3,w:84%");
 
     Factory::Label::Create(tpb, "CharSet to include (a-z,\\x01-\\x05)", "x:2%,y:5,w:97%");
-    this->includedCharset = Factory::TextField::Create(tpb, DEFAULT_INCLUDE_CHARSET, "x:2%,y:6,w:97%");
+    this->binaryIncludedCharset = Factory::TextField::Create(tpb, DEFAULT_BINARY_INCLUDE_CHARSET, "x:2%,y:6,w:97%");
 
     Factory::Label::Create(tpb, "CharSet to exclude (a-z,\\x01-\\x05)", "x:2%,y:8,w:97%");
-    this->excludedCharset = Factory::TextField::Create(tpb, DEFAULT_EXCLUDE_CHARSET, "x:2%,y:9,w:97%");
+    this->binaryExcludedCharset = Factory::TextField::Create(tpb, DEFAULT_BINARY_EXCLUDE_CHARSET, "x:2%,y:9,w:97%");
 
     this->checkboxOpenDroppedFile = Factory::CheckBox::Create(tpb, "Open dro&pped file", "x:2%,y:11,w:96%", CHECKBOX_ID_OPEN_DROPPED_FILE);
     this->overwriteFile = Factory::RadioBox::Create(tpb, "Over&write file", "x:2%,y:13,w:96%", RADIO_GROUP_BINARY_DATA_FILE, RADIO_ID_OVERWRITE_FILE, true);
@@ -208,6 +217,47 @@ DropperUI::DropperUI(Reference<GView::Object> object) : Window("Dropper", "d:c,w
 
     /* end objects tab page area*/
 
+    /* init strings tab page area*/
+
+    stringsFilename = object->GetPath();
+    {
+        std::u16string f = stringsFilename.filename().u16string().append(u".strings");
+        stringsFilename  = stringsFilename.parent_path() / f;
+    }
+
+    Factory::Label::Create(tps, "Description: identify various string(s) and dump them to a file", "x:2%,y:1,w:97%");
+
+    Factory::Label::Create(tps, "Filename", "x:2%,y:3,w:13%");
+    this->stringsLogFilename = Factory::TextField::Create(tps, stringsFilename.filename().u16string(), "x:15%,y:3,w:84%");
+
+    this->dropAsciiStrings   = Factory::CheckBox::Create(tps, "Dr&op ascii strings", "x:2%,y:5,w:28%", CHECKBOX_ID_DROP_ASCII_STRINGS);
+    this->dropUnicodeStrings = Factory::CheckBox::Create(tps, "Drop unicode str&ings", "x:2%,y:6,w:28%", CHECKBOX_ID_DROP_UNICODE_STRINGS);
+    this->dropAsciiStrings->SetChecked(true);
+    this->dropUnicodeStrings->SetChecked(true);
+
+    this->logDumpSimple = Factory::RadioBox::Create(tps, "Dump &simple format", "x:32%,y:5,w:28%", RADIO_GROUP_STRING_DUMP_FORMAT, RADIO_ID_STRING_DUMP_SIMPLE);
+    this->logDumpTabular =
+          Factory::RadioBox::Create(tps, "Dump &tabular format", "x:32%,y:6,w:28%", RADIO_GROUP_STRING_DUMP_FORMAT, RADIO_ID_STRING_DUMP_TABULAR, true);
+
+    Factory::Label::Create(tps, "Min. string size", "x:62%,y:5,w:20%");
+    Factory::Label::Create(tps, "Max. string size", "x:62%,y:6,w:20%");
+
+    Factory::Label::Create(tps, "M&in. string size", "x:62%,y:5,w:20%");
+    Factory::Label::Create(tps, "M&ax. string size", "x:62%,y:6,w:20%");
+    this->minimumStringSize = Factory::TextField::Create(tps, "4", "x:82%,y:5,w:10%");
+    this->maximumStringSize = Factory::TextField::Create(tps, "", "x:82%,y:6,w:10%");
+
+    Factory::Label::Create(tps, "CharSet to use (a-z,\\x01-\\x05)", "x:2%,y:8,w:38%");
+    this->stringsCharset = Factory::TextField::Create(tps, DEFAULT_STRINGS_CHARSET, "x:42%,y:8,w:57%");
+
+    this->openStringsLogFile = Factory::CheckBox::Create(tps, "Open log fi&le", "x:2%,y:10,w:28%", CHECKBOX_ID_OPEN_STRINGS_LOG_FILE);
+
+    this->identifyStringsArtefacts =
+          Factory::CheckBox::Create(tps, "Identify suspicious art&efacts", "x:2%,y:12,w:38%", CHECKBOX_ID_IDENTIFY_STRINGS_ARTEFACTS);
+    this->openArtefactsInView = Factory::CheckBox::Create(tps, "Open artefacts in &list", "x:2%,y:13,w:38%", CHECKBOX_ID_OPEN_STRINGS_ARTEFACTS);
+
+    /* end strings tab page area */
+
     /* init type info tab page area */
 
     // TODO: (optional?) callbacks in type plugins
@@ -264,10 +314,10 @@ const std::vector<PluginClassification> DropperUI::GetActivePlugins()
 
 bool DropperUI::DropBinary()
 {
-    auto include = static_cast<std::string>(this->includedCharset->GetText());
+    auto include = static_cast<std::string>(this->binaryIncludedCharset->GetText());
     include.erase(remove_if(include.begin(), include.end(), isspace), include.end());
 
-    auto exclude = static_cast<std::string>(this->excludedCharset->GetText());
+    auto exclude = static_cast<std::string>(this->binaryExcludedCharset->GetText());
     exclude.erase(remove_if(exclude.begin(), exclude.end(), isspace), exclude.end());
 
     if (instance.DropBinaryData(