[Extractor-gtk-cvslog] SF.net SVN: extractor-gtk:[121] trunk/extractor/generic.c
Extract files from unusual archive formats
Brought to you by:
someone-guy
Menu
▾
▴
[Extractor-gtk-cvslog] SF.net SVN: extractor-gtk:[121] trunk/extractor/generic.c
|
From: <som...@us...> - 2010-02-18 19:50:48
|
Revision: 121
http://extractor-gtk.svn.sourceforge.net/extractor-gtk/?rev=121&view=rev
Author: someone-guy
Date: 2010-02-18 19:50:36 +0000 (Thu, 18 Feb 2010)
Log Message:
-----------
Add support for detecting and extracting PE executable files.
Modified Paths:
--------------
trunk/extractor/generic.c
Modified: trunk/extractor/generic.c
===================================================================
--- trunk/extractor/generic.c 2009-09-03 14:15:13 UTC (rev 120)
+++ trunk/extractor/generic.c 2010-02-18 19:50:36 UTC (rev 121)
@@ -220,6 +220,43 @@
break;
}
switch ((uint16_t)t) {
+ case TAG(0, 0, 'M', 'Z'): {
+ // PE exe files
+ int pe_size = 0;
+ uint8_t *start = p;
+ int optsize;
+ uint32_t pe_offset;
+ p += 0x3c - 2;
+ pe_offset = get_le32(&p);
+ if (pe_offset < 0x40 || pe_offset > RAMBUF_SZ / 2)
+ break;
+ p += pe_offset - 0x40;
+ if (get_be32(&p) != TAG('P', 'E', 0, 0))
+ break;
+ p += 0x10;
+ optsize = get_le16(&p);
+ p += 2;
+ if (p - start + optsize >= RAMBUF_SZ / 2)
+ break;
+ p += optsize;
+ while (*p) {
+ // find end of last section
+ int sect_end;
+ if (p - start + 40 >= RAMBUF_SZ / 2)
+ break;
+ p += 16;
+ sect_end = get_le32(&p); // size
+ sect_end += get_le32(&p); // offset
+ if (sect_end > pe_size)
+ pe_size = sect_end;
+ p += 16;
+ } while (*p && p - start + 40 < RAMBUF_SZ / 2);
+ add_entry(&list, cnt, "exe");
+ list[cnt].start = fpos - 2;
+ list[cnt].len = pe_size;
+ cnt++;
+ break;
+ }
case TAG(0, 0, 'B', 'M'): {
uint32_t len = get_le32(&p);
uint16_t res1 = get_le16(&p);
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
