summaryrefslogtreecommitdiffstats
path: root/src/file_asf.c
diff options
context:
space:
mode:
authorChristophe Grenier <grenier@cgsecurity.org>2014-08-09 09:38:07 +0200
committerChristophe Grenier <grenier@cgsecurity.org>2014-08-09 09:38:07 +0200
commitcc3b8dada5ad9f17d557bbe03a38dc23ee6e8b6c (patch)
tree7fc60089911400960abbc8e768a1e032297b0268 /src/file_asf.c
parent2168da4585364a4591adf8659b59c78d325f31b3 (diff)
PhotoRec: distinguish between asf/wma/wmv extensions
Diffstat (limited to 'src/file_asf.c')
-rw-r--r--src/file_asf.c81
1 files changed, 58 insertions, 23 deletions
diff --git a/src/file_asf.c b/src/file_asf.c
index 8a2fed1..c91ad47 100644
--- a/src/file_asf.c
+++ b/src/file_asf.c
@@ -30,6 +30,7 @@
#include "types.h"
#include "filegen.h"
#include "common.h"
+#include "log.h"
static void register_header_check_asf(file_stat_t *file_stat);
static int header_check_asf(const unsigned char *buffer, const unsigned int buffer_size, const unsigned int safe_header_only, const file_recovery_t *file_recovery, file_recovery_t *file_recovery_new);
@@ -60,46 +61,80 @@ struct asf_file_prop_s {
uint64_t file_date;
} __attribute__ ((__packed__));
+struct asf_stream_prop_s {
+ unsigned char object_id[16];
+ uint64_t object_size;
+ unsigned char stream_type[16];
+} __attribute__ ((__packed__));
+
static int header_check_asf(const unsigned char *buffer, const unsigned int buffer_size, const unsigned int safe_header_only, const file_recovery_t *file_recovery, file_recovery_t *file_recovery_new)
{
- const struct asf_header_obj_s *asf_header_obj=(const struct asf_header_obj_s *)buffer;
- const struct asf_file_prop_s *asf_file_prop=(const struct asf_file_prop_s*)(asf_header_obj+1);
+ const struct asf_header_obj_s *hdr=(const struct asf_header_obj_s*)buffer;
unsigned int i;
- if(le64(asf_header_obj->object_size)<30 ||
- le64(asf_header_obj->object_size)>buffer_size)
+ const struct asf_file_prop_s *prop=(const struct asf_file_prop_s*)(hdr+1);
+ uint64_t size=0;
+ time_t time=0;
+ const char *extension=file_hint_asf.extension;
+ /* Header + File Properties + Stream Properties + Header Extension */
+ if(le64(hdr->object_size)<30 ||
+ le64(hdr->object_size)>buffer_size ||
+ le32(hdr->nbr_header_obj)<4)
return 0;
for(i=0;
- i<le32(asf_header_obj->nbr_header_obj) &&
- (const unsigned char *)(asf_file_prop+1) < buffer + buffer_size;
- i++)
+ i<le32(hdr->nbr_header_obj) &&
+ (const unsigned char *)prop+0x28 < buffer + buffer_size;
+ i++, prop=(const struct asf_file_prop_s *)((const char *)prop + le64(prop->object_size)))
{
+ // ASF_File_Properties_Object // 8CABDCA1-A947-11CF-8EE4-00C00C205365
+ // ASF_Stream_Properties_Object // B7DC0791-A9B7-11CF-8EE6-00C00C205365
static const unsigned char asf_file_prop_id[16]= {
0xa1, 0xdc, 0xab, 0x8c, 0x47, 0xa9, 0xcf, 0x11,
0x8e, 0xe4, 0x00, 0xc0, 0x0c, 0x20, 0x53, 0x65
};
- if(memcmp(asf_file_prop->object_id, asf_file_prop_id, sizeof(asf_file_prop_id))==0)
+ static const unsigned char asf_stream_prop_s[16]= {
+ 0x91, 0x07, 0xdc, 0xb7, 0xb7, 0xa9, 0xcf, 0x11,
+ 0x8e, 0xe6, 0x00, 0xc0, 0x0c, 0x20, 0x53, 0x65
+ };
+ if(le64(prop->object_size) < 0x18)
{
- if(le64(asf_file_prop->file_size) < sizeof(struct asf_header_obj_s) + sizeof(struct asf_file_prop_s))
+ log_info("header_check_asf object_size too small %llu\n", (long long unsigned)le64(prop->object_size));
+ return 0;
+ }
+ if(memcmp(prop->object_id, asf_file_prop_id, sizeof(asf_file_prop_id))==0)
+ {
+ if(le64(prop->object_size) < 0x28)
+ return 0;
+ if(le64(prop->file_size) < sizeof(struct asf_header_obj_s) + sizeof(struct asf_file_prop_s))
return 0;
- reset_file_recovery(file_recovery_new);
- file_recovery_new->extension=file_hint_asf.extension;
- file_recovery_new->calculated_file_size=le64(asf_file_prop->file_size);
- file_recovery_new->data_check=&data_check_size;
- file_recovery_new->file_check=&file_check_size;
- file_recovery_new->time=td_ntfs2utc(le64(asf_file_prop->file_date));
- return 1;
+ size=le64(prop->file_size);
+ time=td_ntfs2utc(le64(prop->file_date));
}
- if( le64(asf_file_prop->object_size)==0 ||
- le64(asf_file_prop->object_size)>1024*1024)
+ else if(memcmp(prop->object_id, asf_stream_prop_s, sizeof(asf_stream_prop_s))==0)
{
- reset_file_recovery(file_recovery_new);
- file_recovery_new->extension=file_hint_asf.extension;
- return 1;
+ const struct asf_stream_prop_s *stream=(const struct asf_stream_prop_s *)prop;
+ const char wma[16]={
+ 0x40, 0x9e, 0x69, 0xf8, 0x4d, 0x5b, 0xcf, 0x11, 0xa8, 0xfd, 0x00, 0x80, 0x5f, 0x5c, 0x44, 0x2b
+ };
+ const char wmv[16]={
+ 0xc0, 0xef, 0x19, 0xbc, 0x4d, 0x5b, 0xcf, 0x11, 0xa8, 0xfd, 0x00, 0x80, 0x5f, 0x5c, 0x44, 0x2b
+ };
+ if(le64(prop->object_size) < 0x28)
+ return 0;
+ if(memcmp(stream->stream_type, wma, sizeof(wma))==0)
+ extension="wma";
+ else if(memcmp(stream->stream_type, wmv, sizeof(wmv))==0)
+ extension="wmv";
}
- asf_file_prop=(const struct asf_file_prop_s *)((const char *)asf_file_prop + le64(asf_file_prop->object_size));
}
reset_file_recovery(file_recovery_new);
- file_recovery_new->extension=file_hint_asf.extension;
+ file_recovery_new->extension=extension;
+ if(size > 0)
+ {
+ file_recovery_new->calculated_file_size=le64(size);
+ file_recovery_new->data_check=&data_check_size;
+ file_recovery_new->file_check=&file_check_size;
+ }
+ file_recovery_new->time=time;
return 1;
}