[Dropper] + add dummy integration for Dropper with an executables min…

…i plugin - MZPE #182 #181 Signed-off-by: Gheorghita Mutu <gheorghitamutu@gmail.com>
gdt050579 · Apr 7, 2024 · cbd5b72 · cbd5b72
1 parent cae4df7
commit cbd5b72
Show file tree

Hide file tree

Showing 6 changed files with 88 additions and 18 deletions.
diff --git a/GenericPlugins/Dropper/include/Dropper.hpp b/GenericPlugins/Dropper/include/Dropper.hpp
@@ -4,9 +4,11 @@
 #include <memory>
 
 #include "SpecialStrings.hpp"
+#include "Executables.hpp"
 
 using namespace GView::Utils;
 using namespace GView::GenericPlugins::Droppper::SpecialStrings;
+using namespace GView::GenericPlugins::Droppper::Executables;
 
 namespace GView::GenericPlugins::Droppper
 {
@@ -20,7 +22,9 @@ class Instance
     {
         // dummy init for now
         std::unique_ptr<IDrop> a = std::make_unique<IpAddress>(false, true);
+        std::unique_ptr<IDrop> b = std::make_unique<MZPE>();
         droppers.push_back(std::move(a));
+        droppers.push_back(std::move(b));
 
         return true;
     }

diff --git a/GenericPlugins/Dropper/include/Executables.hpp b/GenericPlugins/Dropper/include/Executables.hpp
@@ -0,0 +1,21 @@
+#pragma once
+
+#include "IDrop.hpp"
+
+namespace GView::GenericPlugins::Droppper::Executables
+{
+class MZPE : public IDrop
+{
+  private:
+  public:
+    MZPE() = default;
+
+    virtual const char* GetName() override;
+    virtual ObjectCategory GetGroup() override;
+    virtual const char* GetOutputExtension() override;
+    virtual Priority GetPriority() override;
+    virtual bool ShouldGroupInOneFile() override;
+
+    virtual Result Check(uint64 offset, DataCache& file, unsigned char* prechachedBuffer, uint32 prechachedBufferSize, uint64& start, uint64& end) override;
+};
+} // namespace GView::GenericPlugins::Droppper::Executables
diff --git a/GenericPlugins/Dropper/include/SpecialStrings.hpp b/GenericPlugins/Dropper/include/SpecialStrings.hpp
@@ -4,9 +4,6 @@
 #include <string>
 #include <regex>
 
-inline static const std::string_view IPS_REGEX_ASCII{ R"(([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}(\:[0-9]{1,5})*))" };
-inline static const std::u16string_view IPS_REGEX_UNICODE{ uR"(([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}(\:[0-9]{1,5})*))" };
-
 namespace GView::GenericPlugins::Droppper::SpecialStrings
 {
 class IpAddress : public IDrop
@@ -17,20 +14,7 @@ class IpAddress : public IDrop
     bool unicode{ false };
 
   public:
-    IpAddress(bool caseSensitive, bool unicode)
-    {
-        this->pattern_ascii = std::regex(
-              IPS_REGEX_ASCII.data(),
-              caseSensitive ? std::regex_constants::ECMAScript | std::regex_constants::optimize
-                            : std::regex_constants::icase | std::regex_constants::ECMAScript | std::regex_constants::optimize);
-
-        if (unicode) {
-            this->pattern_unicode = std::wregex(
-                  reinterpret_cast<wchar_t const* const>(IPS_REGEX_UNICODE.data()),
-                  caseSensitive ? std::regex_constants::ECMAScript | std::regex_constants::optimize
-                                : std::regex_constants::icase | std::regex_constants::ECMAScript | std::regex_constants::optimize);
-        }
-    }
+    IpAddress(bool caseSensitive, bool unicode);
 
     virtual const char* GetName() override;
     virtual ObjectCategory GetGroup() override;

diff --git a/GenericPlugins/Dropper/src/CMakeLists.txt b/GenericPlugins/Dropper/src/CMakeLists.txt
@@ -1 +1,4 @@
-target_sources(Dropper PRIVATE Dropper.cpp SpecialStrings/IpAddress.cpp)
+target_sources(Dropper PRIVATE 
+	Dropper.cpp 
+	SpecialStrings/IpAddress.cpp
+	Executables/MZPE.cpp)
diff --git a/GenericPlugins/Dropper/src/Executables/MZPE.cpp b/GenericPlugins/Dropper/src/Executables/MZPE.cpp
@@ -0,0 +1,40 @@
+#include "Executables.hpp"
+
+namespace GView::GenericPlugins::Droppper::Executables
+{
+constexpr uint16 IMAGE_DOS_SIGNATURE = 0x5A4D;
+constexpr uint32 IMAGE_NT_SIGNATURE  = 0x00004550;
+
+const char* MZPE::GetName()
+{
+    return "MZPE";
+}
+
+ObjectCategory MZPE::GetGroup()
+{
+    return ObjectCategory::Executables;
+}
+
+const char* MZPE::GetOutputExtension()
+{
+    return "mzpe";
+}
+
+Priority MZPE::GetPriority()
+{
+    return Priority::Binary;
+}
+
+bool MZPE::ShouldGroupInOneFile()
+{
+    return false;
+}
+
+Result MZPE::Check(uint64 offset, DataCache& file, unsigned char* prechachedBuffer, uint32 prechachedBufferSize, uint64& start, uint64& end)
+{
+    CHECK(IsMagicU16(prechachedBuffer, prechachedBufferSize, IMAGE_DOS_SIGNATURE), Result::NotFound, "");
+
+    return Result::NotFound;
+}
+
+} // namespace GView::GenericPlugins::Droppper::Executables
diff --git a/GenericPlugins/Dropper/src/SpecialStrings/IpAddress.cpp b/GenericPlugins/Dropper/src/SpecialStrings/IpAddress.cpp
@@ -2,6 +2,24 @@
 
 namespace GView::GenericPlugins::Droppper::SpecialStrings
 {
+inline static const std::string_view IPS_REGEX_ASCII{ R"(([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}(\:[0-9]{1,5})*))" };
+inline static const std::u16string_view IPS_REGEX_UNICODE{ uR"(([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}(\:[0-9]{1,5})*))" };
+
+IpAddress::IpAddress(bool caseSensitive, bool unicode)
+{
+    this->pattern_ascii = std::regex(
+          IPS_REGEX_ASCII.data(),
+          caseSensitive ? std::regex_constants::ECMAScript | std::regex_constants::optimize
+                        : std::regex_constants::icase | std::regex_constants::ECMAScript | std::regex_constants::optimize);
+
+    if (unicode) {
+        this->pattern_unicode = std::wregex(
+              reinterpret_cast<wchar_t const* const>(IPS_REGEX_UNICODE.data()),
+              caseSensitive ? std::regex_constants::ECMAScript | std::regex_constants::optimize
+                            : std::regex_constants::icase | std::regex_constants::ECMAScript | std::regex_constants::optimize);
+    }
+}
+
 const char* IpAddress::GetName()
 {
     return "IP Address";