[Dropper] + add dummy integration for Dropper with a special strings …

…mini plugin - ip address #182 #181

Signed-off-by: Gheorghita Mutu <gheorghitamutu@gmail.com>

GenericPlugins/Dropper/include/Dropper.hpp

@@ -1,68 +1,37 @@
 #pragma once
 
-#include "GView.hpp"
+#include <vector>
+#include <memory>
+
+#include "SpecialStrings.hpp"
+
+using namespace GView::Utils;
+using namespace GView::GenericPlugins::Droppper::SpecialStrings;
 
 namespace GView::GenericPlugins::Droppper
 {
-enum Result {
-    NotFound, // -> nothing found
-    Buffer,   // -> artefact found -> drop it as a buffer
-    Unicode,  // -> artefact found -> drop it as unicode (skip 0)
-    Ascii,    // -> artefact found -> drop it as ascii
-};
-
-class IDrop
+class Instance
 {
-  public:
-    // virtual methods
-    virtual const char* GetName()            = 0; // specific dropper mini-plugin name
-    virtual const char* GetGroup()           = 0; // Archive type recognizer, Archive type recognizer, etc
-    virtual const char* GetOutputExtension() = 0; // dropped file extension
-    virtual bool ShouldGroupInOneFile()      = 0; // URLs, IPs, etc
-
-    // prechachedBufferSize, // max 8
-    virtual Result Check(uint64 offset, DataCache& file, unsigned char* prechachedBuffer, uint32 prechachedBufferSize, uint64& start, uint64& end) = 0;
-
-    virtual uint32 GetPriority() = 0;
-
-    // functii deja existente
-    inline bool is_magic_u16(unsigned char* prechachedBuffer, uint32 prechachedBufferSize, uint16 magic)
-    {
-        if (prechachedBufferSize >= 2) {
-            return *(uint16*) prechachedBuffer == magic;
-        }
-        return false;
-    }
+  private:
+    std::vector<std::unique_ptr<IDrop>> droppers;
 
-    inline bool is_magic_u32(unsigned char* prechachedBuffer, uint32 prechachedBufferSize, uint32 magic)
+  public:
+    bool Init()
     {
-        if (prechachedBufferSize >= 4) {
-            return *(uint32*) prechachedBuffer == magic;
-        }
-        return false;
-    }
+        // dummy init for now        
+        std::unique_ptr<IDrop> a = std::make_unique<IpAddress>();
+        droppers.push_back(std::move(a));
 
-    inline bool is_buffer(uint64 offset, DataCache& file, unsigned char* buffer, uint32 bufferSize)
-    {
-        while (bufferSize) {
-            if (file.GetFromCache(offset) != *buffer) {
-                return false;
-            }
-            buffer++;
-            offset++;
-            bufferSize--;
-        }
         return true;
     }
 
-    inline uint64 parse_ascii(uint64 offset, DataCache& file, bool (*isValidChar)(char ch))
+    bool Process()
     {
-        return 0;
-    }
+        for (auto& dropper : droppers) {
+            // TODO: something
+        }
 
-    inline uint64 parse_unicode(uint64 offset, DataCache& file, bool (*isValidChar)(char ch))
-    {
-        return 0;
+        return true;
     }
 };
 } // namespace GView::GenericPlugins::Droppper

GenericPlugins/Dropper/include/IDrop.hpp

@@ -0,0 +1,86 @@
+#pragma once
+
+#include "GView.hpp"
+
+using namespace GView::Utils;
+
+namespace GView::GenericPlugins::Droppper
+{
+enum class Result : uint32 {
+    NotFound = 0, // -> nothing found
+    Buffer,       // -> artefact found -> drop it as a buffer
+    Unicode,      // -> artefact found -> drop it as unicode (skip 0)
+    Ascii,        // -> artefact found -> drop it as ascii
+};
+
+enum class Priority : uint32 { Binary = 0, Text = 1 };
+
+enum class ObjectCategory : uint32 {
+    Archive        = 0,
+    AVStrings      = 1,
+    Cryptographic  = 2,
+    Executables    = 3,
+    HtmlObjects    = 4,
+    Image          = 5,
+    Multimedia     = 6,
+    SpecialStrings = 7,
+};
+
+class IDrop
+{
+  public:
+    // virtual methods
+    virtual const char* GetName()            = 0; // specific dropper mini-plugin name
+    virtual ObjectCategory GetGroup()        = 0; // archive type recognizer, executables type, etc
+    virtual const char* GetOutputExtension() = 0; // dropped file extension
+    virtual Priority GetPriority()           = 0; // get plugin priority
+    virtual bool ShouldGroupInOneFile()      = 0; // URLs, IPs, etc
+
+    // prechachedBufferSize -> max 8
+    virtual Result Check(uint64 offset, DataCache& file, unsigned char* prechachedBuffer, uint32 prechachedBufferSize, uint64& start, uint64& end) = 0;
+
+    // functii deja existente
+    inline bool is_magic_u16(unsigned char* prechachedBuffer, uint32 prechachedBufferSize, uint16 magic)
+    {
+        if (prechachedBufferSize >= 2) {
+            return *(uint16*) prechachedBuffer == magic;
+        }
+        return false;
+    }
+
+    inline bool is_magic_u32(unsigned char* prechachedBuffer, uint32 prechachedBufferSize, uint32 magic)
+    {
+        if (prechachedBufferSize >= 4) {
+            return *(uint32*) prechachedBuffer == magic;
+        }
+        return false;
+    }
+
+    inline bool is_buffer(uint64 offset, DataCache& file, unsigned char* buffer, uint32 bufferSize)
+    {
+        while (bufferSize) {
+            if (file.GetFromCache(offset) != *buffer) {
+                return false;
+            }
+            buffer++;
+            offset++;
+            bufferSize--;
+        }
+        return true;
+    }
+
+    inline uint64 parse_ascii(uint64 offset, DataCache& file, bool (*isValidChar)(char ch))
+    {
+        // dummy body
+        const auto a = file.Get(offset, 1, true);
+        return isValidChar(*(char*) a.GetData());
+    }
+
+    inline uint64 parse_unicode(uint64 offset, DataCache& file, bool (*isValidChar)(uint16 ch))
+    {
+        // dummy body
+        const auto a = file.Get(offset, 2, true);
+        return isValidChar(*(uint16*) a.GetData());
+    }
+};
+} // namespace GView::GenericPlugins::Droppper

GenericPlugins/Dropper/include/SpecialStrings.hpp

@@ -0,0 +1,20 @@
+#pragma once
+
+#include "IDrop.hpp"
+
+namespace GView::GenericPlugins::Droppper::SpecialStrings
+{
+class IpAddress : public IDrop
+{
+  public:
+    IpAddress() = default;
+
+    virtual const char* GetName() override;
+    virtual ObjectCategory GetGroup() override;
+    virtual const char* GetOutputExtension() override;
+    virtual Priority GetPriority() override;
+    virtual bool ShouldGroupInOneFile() override;
+
+    virtual Result Check(uint64 offset, DataCache& file, unsigned char* prechachedBuffer, uint32 prechachedBufferSize, uint64& start, uint64& end) override;
+};
+} // namespace GView::GenericPlugins::Droppper::SpecialStrings

GenericPlugins/Dropper/src/CMakeLists.txt

@@ -1 +1 @@
-target_sources(Dropper PRIVATE Dropper.cpp)
+target_sources(Dropper PRIVATE Dropper.cpp SpecialStrings/IpAddress.cpp)

GenericPlugins/Dropper/src/Dropper.cpp

@@ -18,7 +18,9 @@ extern "C" {
 PLUGIN_EXPORT bool Run(const string_view command, Reference<GView::Object> object)
 {
     if (command == "Dropper") {
-        // TODO: implementation
+        auto instance = Instance();
+        CHECK(instance.Init(), false, "");
+        CHECK(instance.Process(), false, "");
         return true;
     }
     return false;

GenericPlugins/Dropper/src/SpecialStrings/IpAddress.cpp

@@ -0,0 +1,35 @@
+#include "SpecialStrings.hpp"
+
+namespace GView::GenericPlugins::Droppper::SpecialStrings
+{
+const char* IpAddress::GetName()
+{
+    return "IP Address";
+}
+
+ObjectCategory IpAddress::GetGroup()
+{
+    return ObjectCategory::SpecialStrings;
+}
+
+const char* IpAddress::GetOutputExtension()
+{
+    return "ip";
+}
+
+Priority IpAddress::GetPriority()
+{
+    return Priority::Text;
+}
+
+bool IpAddress::ShouldGroupInOneFile()
+{
+    return true;
+}
+
+Result IpAddress::Check(uint64 offset, DataCache& file, unsigned char* prechachedBuffer, uint32 prechachedBufferSize, uint64& start, uint64& end)
+{
+    return Result::NotFound;
+}
+
+} // namespace GView::GenericPlugins::Droppper::SpecialStrings