[Dropper] + add Text mini-plugin for Dropper #182 #181

Signed-off-by: Gheorghita Mutu <gheorghitamutu@gmail.com>
gdt050579 · Apr 12, 2024 · ce3cb6c · ce3cb6c
1 parent bb2e1c7
commit ce3cb6c
Show file tree

Hide file tree

Showing 5 changed files with 70 additions and 3 deletions.
diff --git a/GenericPlugins/Dropper/include/Dropper.hpp b/GenericPlugins/Dropper/include/Dropper.hpp
@@ -41,7 +41,7 @@ class Instance
             context.droppers.emplace_back(std::make_unique<MZPE>());
             context.droppers.emplace_back(std::make_unique<PNG>());
 
-            bool isCaseSensitive = false;
+            bool isCaseSensitive = true;
             bool useUnicode      = true;
 
             // strings
@@ -51,6 +51,7 @@ class Instance
             context.droppers.emplace_back(std::make_unique<Registry>(isCaseSensitive, useUnicode));
             context.droppers.emplace_back(std::make_unique<Wallet>(isCaseSensitive, useUnicode));
             context.droppers.emplace_back(std::make_unique<Filepath>(isCaseSensitive, useUnicode));
+            context.droppers.emplace_back(std::make_unique<Text>(isCaseSensitive, useUnicode));
         }
     }
 

diff --git a/GenericPlugins/Dropper/include/SpecialStrings.hpp b/GenericPlugins/Dropper/include/SpecialStrings.hpp
@@ -80,4 +80,14 @@ class Registry : public SpecialStrings
 
     virtual Result Check(uint64 offset, DataCache& file, BufferView precachedBuffer, uint64& start, uint64& end) override;
 };
+class Text : public SpecialStrings
+{
+  public:
+    Text(bool caseSensitive, bool unicode);
+
+    virtual const std::string_view GetName() const override;
+    virtual const std::string_view GetOutputExtension() const override;
+
+    virtual Result Check(uint64 offset, DataCache& file, BufferView precachedBuffer, uint64& start, uint64& end) override;
+};
 } // namespace GView::GenericPlugins::Droppper::SpecialStrings
diff --git a/GenericPlugins/Dropper/src/CMakeLists.txt b/GenericPlugins/Dropper/src/CMakeLists.txt
@@ -5,6 +5,7 @@ target_sources(Dropper PRIVATE
 	SpecialStrings/Filepath.cpp
 	SpecialStrings/IpAddress.cpp
 	SpecialStrings/Registry.cpp
+	SpecialStrings/Text.cpp
 	SpecialStrings/URL.cpp
 	SpecialStrings/Wallet.cpp
 	Executables/MZPE.cpp

diff --git a/GenericPlugins/Dropper/src/SpecialStrings/Text.cpp b/GenericPlugins/Dropper/src/SpecialStrings/Text.cpp
@@ -0,0 +1,53 @@
+#include "SpecialStrings.hpp"
+
+#include <string>
+
+namespace GView::GenericPlugins::Droppper::SpecialStrings
+{
+static const std::string_view TEXT_REGEX_ASCII{ R"(^([a-zA-Z .0-9\_\<\>\(\)@]{10,}))" };
+static const std::string_view TEXT_REGEX_UNICODE{ R"(^(([a-zA-Z .0-9\_\<\>\(\)@]\x00){10,}))" };
+
+Text::Text(bool caseSensitive, bool unicode)
+{
+    this->unicode       = unicode;
+    this->caseSensitive = caseSensitive;
+    this->matcherAscii.Init(TEXT_REGEX_ASCII, unicode, caseSensitive);
+    this->matcherUnicode.Init(TEXT_REGEX_UNICODE, unicode, caseSensitive);
+}
+
+const std::string_view Text::GetName() const
+{
+    return "Text";
+}
+
+const std::string_view Text::GetOutputExtension() const
+{
+    return "text";
+}
+
+Result Text::Check(uint64 offset, DataCache& file, BufferView precachedBuffer, uint64& start, uint64& end)
+{
+    CHECK(precachedBuffer.GetLength() > 0, Result::NotFound, "");
+    CHECK(IsAsciiPrintable(precachedBuffer.GetData()[0]), Result::NotFound, "");
+
+    auto buffer = file.Get(offset, file.GetCacheSize() / 12, false);
+    CHECK(buffer.GetLength() >= 10, Result::NotFound, "");
+
+    if (this->matcherAscii.Match(buffer, start, end)) {
+        start += offset;
+        end += offset;
+        return Result::Ascii;
+    }
+
+    CHECK(unicode, Result::NotFound, "");
+    CHECK(precachedBuffer.GetData()[1] == 0, Result::NotFound, ""); // we already checked ascii printable
+
+    if (this->matcherUnicode.Match(buffer, start, end)) {
+        start += offset;
+        end += offset;
+        return Result::Unicode;
+    }
+
+    return Result::NotFound;
+}
+} // namespace GView::GenericPlugins::Droppper::SpecialStrings
diff --git a/GenericPlugins/Dropper/src/SpecialStrings/Wallet.cpp b/GenericPlugins/Dropper/src/SpecialStrings/Wallet.cpp
@@ -6,8 +6,10 @@ namespace GView::GenericPlugins::Droppper::SpecialStrings
 {
 // bitcoin + ethereum + stellar
 
-static const std::string_view WALLET_REGEX_ASCII{ R"(^((bc1|[13])[a-zA-HJ-NP-Z0-9]{25,39})|(0x[a-fA-F0-9]{40})|(G[a-zA-Z0-9]{55}))" };
-static const std::string_view WALLET_REGEX_UNICODE{ R"(^((b\x00c\x001\x00|([13]\x00))([a-zA-HJ-NP-Z0-9]\x00){25,39})|(0x\x00([a-fA-F0-9]\x00){40})|(G\x00([a-zA-Z0-9]\x00){55}))" };
+static const std::string_view WALLET_REGEX_ASCII{ R"(^(((bc1|[13])[a-zA-HJ-NP-Z0-9]{25,39})|(0x[a-fA-F0-9]{40})|(G[a-zA-Z0-9]{55})))" };
+static const std::string_view WALLET_REGEX_UNICODE{
+    R"(^(((b\x00c\x001\x00|([13]\x00))([a-zA-HJ-NP-Z0-9]\x00){25,39})|(0x\x00([a-fA-F0-9]\x00){40})|(G\x00([a-zA-Z0-9]\x00){55})))"
+};
 
 Wallet::Wallet(bool caseSensitive, bool unicode)
 {