summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorChristophe Grenier <grenier@cgsecurity.org>2008-02-01 01:04:54 +0100
committerChristophe Grenier <grenier@cgsecurity.org>2008-02-01 01:04:54 +0100
commitea6be9bb3167d7af4545fb6b8130c51c9af003f6 (patch)
tree0e63b2750821756bc0acfd12b3fe696213fbf69f
parent6688896c209b0bb5a46aa238ebd6770737626492 (diff)
MS Windows Link support
XBOX GTA San Andreas Save File support
-rw-r--r--src/Makefile.am2
-rw-r--r--src/file_dss.c (renamed from file_dss.c)0
-rw-r--r--src/file_fcp.c (renamed from file_fcp.c)0
-rw-r--r--src/file_lnk.c209
-rw-r--r--src/file_xsv.c65
-rw-r--r--src/photorec.c4
6 files changed, 279 insertions, 1 deletions
diff --git a/src/Makefile.am b/src/Makefile.am
index 73f8fb7..cf1648c 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -19,7 +19,7 @@ fs_H = analyse.h bfs.h bsd.h cramfs.h fat.h fatx.h ext2.h jfs_superblock.h jfs
testdisk_SOURCES = testdisk.c $(base_C) $(base_H) $(fs_C) $(fs_H) testdisk.h adv.c adv.h dir.c dir.h dirpart.c dirpart.h edit.c edit.h ext2_dir.c ext2_dir.h ext2_inc.h fat_adv.c fat_dir.c fat_dir.h geometry.c godmode.c godmode.h intrface.c intrface.h ntfs_adv.c ntfs_dir.c ntfs_dir.h ntfs_fix.c ntfs_inc.h rfs_dir.c rfs_dir.h $(ICON_TESTDISK) next.c next.h dimage.c dimage.h
#ntfs_udl.c ntfs_udl.h
-photorec_SOURCES = photorec.c photorec.h phrecn.c phrecn.h dir.c dir.h ext2p.c ext2p.h ext2_dir.c ext2_dir.h ext2_inc.h fat_dir.c fat_dir.h fatp.c fatp.h filegen.c filegen.h file_7z.c file_a.c file_ab.c file_ace.c file_aif.c file_all.c file_asf.c file_au.c file_bkf.c file_bld.c file_bmp.c file_bz2.c file_cab.c file_cam.c file_cm.c file_crw.c file_ctg.c file_cwk.c file_dat.c file_dbf.c file_dir.c file_djv.c file_doc.c file_dpx.c file_dsc.c file_dss.c file_dta.c file_dv.c file_dwg.c file_elf.c file_evt.c file_exe.c pe.h file_ext.c file_fcp.c file_fh10.c file_fh5.c file_flac.c file_flv.c file_fs.c file_gif.c file_gz.c file_imb.c file_indd.c file_dump.c file_itu.c file_jpg.c file_jpg.h file_kdb.c file_max.c file_mb.c file_mdb.c file_mdf.c file_mid.c file_mkv.c file_mov.c file_mp3.c file_mpg.c file_mrw.c file_mus.c file_mysql.c file_njx.c file_ogg.c file_one.c file_orf.c file_pap.c file_pcx.c file_pdf.c file_png.c file_prc.c file_ps.c file_psd.c file_pst.c file_ptb.c file_qbb.c file_qdf.c file_qxd.c file_ra.c file_raf.c file_rar.c file_raw.c file_rdc.c file_reg.c file_res.c file_riff.c file_rm.c file_rns.c file_rpm.c file_sit.c file_skp.c file_spe.c file_spss.c file_stu.c file_swf.c file_tar.c file_tar.h file_tib.c file_tiff.c file_txt.c file_vmdk.c file_wpd.c file_wmf.c file_x3f.c file_xcf.c file_xm.c file_zip.c memmem.h geometry.c list.c list.h ole.h ntfs_dir.c ntfs_dir.h ntfsp.c ntfsp.h ntfs_inc.h sessionp.c sessionp.h $(base_C) $(base_H) $(fs_C) $(fs_H) $(ICON_PHOTOREC)
+photorec_SOURCES = photorec.c photorec.h phrecn.c phrecn.h dir.c dir.h ext2p.c ext2p.h ext2_dir.c ext2_dir.h ext2_inc.h fat_dir.c fat_dir.h fatp.c fatp.h filegen.c filegen.h file_7z.c file_a.c file_ab.c file_ace.c file_aif.c file_all.c file_asf.c file_au.c file_bkf.c file_bld.c file_bmp.c file_bz2.c file_cab.c file_cam.c file_cm.c file_crw.c file_ctg.c file_cwk.c file_dat.c file_dbf.c file_dir.c file_djv.c file_doc.c file_dpx.c file_dsc.c file_dss.c file_dta.c file_dv.c file_dwg.c file_elf.c file_evt.c file_exe.c pe.h file_ext.c file_fcp.c file_fh10.c file_fh5.c file_flac.c file_flv.c file_fs.c file_gif.c file_gz.c file_imb.c file_indd.c file_dump.c file_itu.c file_jpg.c file_jpg.h file_kdb.c file_lnk.c file_max.c file_mb.c file_mdb.c file_mdf.c file_mid.c file_mkv.c file_mov.c file_mp3.c file_mpg.c file_mrw.c file_mus.c file_mysql.c file_njx.c file_ogg.c file_one.c file_orf.c file_pap.c file_pcx.c file_pdf.c file_png.c file_prc.c file_ps.c file_psd.c file_pst.c file_ptb.c file_qbb.c file_qdf.c file_qxd.c file_ra.c file_raf.c file_rar.c file_raw.c file_rdc.c file_reg.c file_res.c file_riff.c file_rm.c file_rns.c file_rpm.c file_sit.c file_skp.c file_spe.c file_spss.c file_stu.c file_swf.c file_tar.c file_tar.h file_tib.c file_tiff.c file_txt.c file_vmdk.c file_wpd.c file_wmf.c file_x3f.c file_xcf.c file_xm.c file_xsv.c file_zip.c memmem.h geometry.c list.c list.h ole.h ntfs_dir.c ntfs_dir.h ntfsp.c ntfsp.h ntfs_inc.h sessionp.c sessionp.h $(base_C) $(base_H) $(fs_C) $(fs_H) $(ICON_PHOTOREC)
#diskcp_SOURCES = diskcp.c types.h
diff --git a/file_dss.c b/src/file_dss.c
index 5f25432..5f25432 100644
--- a/file_dss.c
+++ b/src/file_dss.c
diff --git a/file_fcp.c b/src/file_fcp.c
index 89d997c..89d997c 100644
--- a/file_fcp.c
+++ b/src/file_fcp.c
diff --git a/src/file_lnk.c b/src/file_lnk.c
new file mode 100644
index 0000000..b5b71d8
--- /dev/null
+++ b/src/file_lnk.c
@@ -0,0 +1,209 @@
+/*
+
+ File: file_lnk.c
+
+ Copyright (C) 2008 Christophe GRENIER <grenier@cgsecurity.org>
+
+ This software is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write the Free Software Foundation, Inc., 51
+ Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+#ifdef HAVE_STRING_H
+#include <string.h>
+#endif
+#include <stdio.h>
+#include "types.h"
+#include "filegen.h"
+#include "common.h"
+#include "log.h"
+
+static void register_header_check_lnk(file_stat_t *file_stat);
+static int header_check_lnk(const unsigned char *buffer, const unsigned int buffer_size, const unsigned int safe_header_only, const file_recovery_t *file_recovery, file_recovery_t *file_recovery_new);
+
+const file_hint_t file_hint_lnk= {
+ .extension="lnk",
+ .description="MS Windows Link",
+ .min_header_distance=0,
+ .max_filesize=PHOTOREC_MAX_FILE_SIZE,
+ .recover=1,
+ .register_header_check=&register_header_check_lnk
+};
+
+static const unsigned char lnk_header[20]= {
+ 'L', 0x00, 0x00, 0x00, /* magic */
+ 0x01, 0x14, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0xc0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x46 /* GUID */
+ };
+
+struct lnk_header_s {
+ uint32_t magic; /* 0h Always 0000004Ch ‘L’ */
+ char guid[16]; /* 4h GUID of shortcut files */
+ uint32_t flags; /* 14h */
+ uint32_t file_attributes; /* 18h */
+ uint64_t time_1; /* 1Ch */
+ uint64_t time_2; /* 24h */
+ uint64_t time_3; /* 2Ch */
+ uint32_t file_length; /* 34h */
+ uint32_t icon_number; /* 38h */
+ uint32_t showWnd_value; /* 3Ch */
+ uint32_t hot_key; /* 40h */
+ uint64_t always_zero; /* 44h */
+} __attribute__ ((__packed__));
+
+/* These constants comes from winedump/lnk.c */
+#define SCF_PIDL 1
+#define SCF_LOCATION 2
+#define SCF_DESCRIPTION 4
+#define SCF_RELATIVE 8
+#define SCF_WORKDIR 0x10
+#define SCF_ARGS 0x20
+#define SCF_CUSTOMICON 0x40
+#define SCF_UNICODE 0x80
+#define SCF_PRODUCT 0x800
+#define SCF_COMPONENT 0x1000
+/* */
+
+static void register_header_check_lnk(file_stat_t *file_stat)
+{
+ register_header_check(0, lnk_header,sizeof(lnk_header), &header_check_lnk, file_stat);
+}
+
+static int header_check_lnk(const unsigned char *buffer, const unsigned int buffer_size, const unsigned int safe_header_only, const file_recovery_t *file_recovery, file_recovery_t *file_recovery_new)
+{
+ if(memcmp(buffer,lnk_header,sizeof(lnk_header))==0)
+ {
+ const struct lnk_header_s* lnk_head=(const struct lnk_header_s*)buffer;
+ const uint32_t flags=le32(lnk_head->flags);
+ unsigned int i=0x4c; /* .LNK File Header */
+ unsigned int len;
+ if((flags&SCF_PIDL)!=0)
+ { /* The Shell Item Id List */
+ len=buffer[i]+(buffer[i+1]<<8);
+ log_debug("LNK Shell Item Id List at 0x%04x=%04x\n",
+ i, len);
+ i+=2;
+ i+=len;
+ }
+ /* avoid out of bound read access */
+ if(i+4>=buffer_size)
+ return 0;
+ if((flags&SCF_LOCATION)!=0)
+ { /* File location info */
+ len=buffer[i] + (buffer[i+1]<<8) + (buffer[i+2]<<16) + (buffer[i+3]<<24);
+ log_debug("LNK File location info at 0x%04x=%04x\n", i, len);
+ i+=2;
+ i+=len;
+ }
+ /* avoid out of bound read access */
+ if(i+2>=buffer_size)
+ return 0;
+ if((flags&SCF_DESCRIPTION)!=0)
+ { /* Description string */
+ len=buffer[i]+(buffer[i+1]<<8);
+ log_debug("LNK description string at 0x%04x=%04x\n", i, len);
+ i+=2;
+ if((flags& SCF_UNICODE)!=0)
+ len*=2;
+ i+=len;
+ }
+ /* avoid out of bound read access */
+ if(i+2>=buffer_size)
+ return 0;
+ if((flags&SCF_RELATIVE)!=0)
+ { /* Relative path */
+ len=buffer[i]+(buffer[i+1]<<8);
+ log_debug("LNK relative path at 0x%04x=%04x\n", i, len);
+ i+=2;
+ if((flags& SCF_UNICODE)!=0)
+ len*=2;
+ i+=len;
+ }
+ /* avoid out of bound read access */
+ if(i+2>=buffer_size)
+ return 0;
+ if((flags&SCF_WORKDIR)!=0)
+ { /* Working directory */
+ len=buffer[i]+(buffer[i+1]<<8);
+ log_debug("LNK Working directory at 0x%04x=%04x\n", i, len);
+ i+=2;
+ if((flags& SCF_UNICODE)!=0)
+ len*=2;
+ i+=len;
+ }
+ /* avoid out of bound read access */
+ if(i+2>=buffer_size)
+ return 0;
+ if((flags&SCF_ARGS)!=0)
+ { /* Command line string */
+ len=buffer[i]+(buffer[i+1]<<8);
+ log_debug("LNK Command line string at 0x%04x=%04x\n", i, len);
+ i+=2;
+ if((flags& SCF_UNICODE)!=0)
+ len*=2;
+ i+=len;
+ }
+ /* avoid out of bound read access */
+ if(i+2>=buffer_size)
+ return 0;
+ if((flags&SCF_CUSTOMICON)!=0)
+ { /* Icon filename string */
+ len=buffer[i]+(buffer[i+1]<<8);
+ log_debug("LNK Icon filename string at 0x%04x=%04x\n", i, len);
+ i+=2;
+ if((flags& SCF_UNICODE)!=0)
+ len*=2;
+ i+=len;
+ }
+ /* avoid out of bound read access */
+ if(i+2>=buffer_size)
+ return 0;
+ if((flags&SCF_PRODUCT)!=0)
+ {
+ len=buffer[i]+(buffer[i+1]<<8);
+ log_debug("LNK Icon product at 0x%04x=%04x\n", i, len);
+ i+=2;
+ i+=len;
+ }
+ /* avoid out of bound read access */
+ if(i+2>=buffer_size)
+ return 0;
+ if((flags&SCF_COMPONENT)!=0)
+ {
+ len=buffer[i]+(buffer[i+1]<<8);
+ log_debug("LNK Icon component at 0x%04x=%04x\n", i, len);
+ i+=2;
+ i+=len;
+ }
+ /* avoid out of bound read access */
+ if(i+4>=buffer_size)
+ return 0;
+ /* Extra stuff */
+ len=buffer[i] + (buffer[i+1]<<8) + (buffer[i+2]<<16) + (buffer[i+3]<<24);
+ log_debug("LNK extra stuff at 0x%04x=%04x\n", i, len);
+ i+=4;
+ i+=len;
+ log_debug("LNK size %d (0x%04x)\n", i, i);
+ reset_file_recovery(file_recovery_new);
+ file_recovery_new->extension=file_hint_lnk.extension;
+ file_recovery_new->calculated_file_size=i;
+ file_recovery_new->data_check=&data_check_size;
+ file_recovery_new->file_check=&file_check_size;
+ return 1;
+ }
+ return 0;
+}
diff --git a/src/file_xsv.c b/src/file_xsv.c
new file mode 100644
index 0000000..716b7cb
--- /dev/null
+++ b/src/file_xsv.c
@@ -0,0 +1,65 @@
+/*
+
+ File: file_xsv.c
+
+ Copyright (C) 2008 Christophe GRENIER <grenier@cgsecurity.org>
+ Thanks to Günter Schäffler
+
+ This software is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write the Free Software Foundation, Inc., 51
+ Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+#ifdef HAVE_STRING_H
+#include <string.h>
+#endif
+#include <stdio.h>
+#include "types.h"
+#include "filegen.h"
+
+static void register_header_check_xsv(file_stat_t *file_stat);
+static int header_check_xsv(const unsigned char *buffer, const unsigned int buffer_size, const unsigned int safe_header_only, const file_recovery_t *file_recovery, file_recovery_t *file_recovery_new);
+
+const file_hint_t file_hint_xsv= {
+ .extension="xsv",
+ .description="XBOX GTA San Andreas Save File",
+ .min_header_distance=0,
+ .max_filesize=PHOTOREC_MAX_FILE_SIZE,
+ .recover=1,
+ .register_header_check=&register_header_check_xsv
+};
+
+static const unsigned char xsv_header[9]= {'B','L','O','C', 'K', 'L', 0xDC, 0x1D, 'd'};
+
+static void register_header_check_xsv(file_stat_t *file_stat)
+{
+ register_header_check(20, xsv_header,sizeof(xsv_header), &header_check_xsv, file_stat);
+}
+
+static int header_check_xsv(const unsigned char *buffer, const unsigned int buffer_size, const unsigned int safe_header_only, const file_recovery_t *file_recovery, file_recovery_t *file_recovery_new)
+{
+ if(memcmp(buffer + 20, xsv_header, sizeof(xsv_header))==0)
+ {
+ reset_file_recovery(file_recovery_new);
+ file_recovery_new->extension=file_hint_xsv.extension;
+ file_recovery_new->calculated_file_size=202772;
+ file_recovery_new->data_check=&data_check_size;
+ file_recovery_new->file_check=&file_check_size;
+ return 1;
+ }
+ return 0;
+}
diff --git a/src/photorec.c b/src/photorec.c
index f019904..2bc2e44 100644
--- a/src/photorec.c
+++ b/src/photorec.c
@@ -138,6 +138,7 @@ extern const file_hint_t file_hint_indd;
extern const file_hint_t file_hint_itunes;
extern const file_hint_t file_hint_jpg;
extern const file_hint_t file_hint_kdb;
+extern const file_hint_t file_hint_lnk;
extern const file_hint_t file_hint_max;
extern const file_hint_t file_hint_mb;
extern const file_hint_t file_hint_mdb;
@@ -194,6 +195,7 @@ extern const file_hint_t file_hint_wmf;
extern const file_hint_t file_hint_x3f;
extern const file_hint_t file_hint_xcf;
extern const file_hint_t file_hint_xm;
+extern const file_hint_t file_hint_xsv;
extern const file_hint_t file_hint_zip;
static alloc_data_t *update_search_space(const file_recovery_t *file_recovery, alloc_data_t *list_search_space, alloc_data_t **new_current_search_space, uint64_t *offset, const unsigned int blocksize);
@@ -810,6 +812,7 @@ int main( int argc, char **argv )
{ .enable=1, .file_hint=&file_hint_indd },
{ .enable=1, .file_hint=&file_hint_itunes },
{ .enable=1, .file_hint=&file_hint_kdb },
+ { .enable=1, .file_hint=&file_hint_lnk },
{ .enable=1, .file_hint=&file_hint_jpg },
{ .enable=1, .file_hint=&file_hint_max },
{ .enable=1, .file_hint=&file_hint_mb },
@@ -867,6 +870,7 @@ int main( int argc, char **argv )
{ .enable=1, .file_hint=&file_hint_x3f },
{ .enable=1, .file_hint=&file_hint_xcf },
{ .enable=1, .file_hint=&file_hint_xm },
+ { .enable=1, .file_hint=&file_hint_xsv },
{ .enable=1, .file_hint=&file_hint_zip },
{ .enable=0, .file_hint=NULL }
};