summaryrefslogtreecommitdiffstats
path: root/src/file_exe.c
diff options
context:
space:
mode:
authorChristophe Grenier <grenier@cgsecurity.org>2010-05-21 09:00:30 +0200
committerChristophe Grenier <grenier@cgsecurity.org>2010-05-21 09:00:30 +0200
commita8ea983693475107c463907af944280b0a719326 (patch)
tree5cff7440b400d137ea073b11d2847699f8c78235 /src/file_exe.c
parentbc71c42c22613592514cfe955bcb2410ae4f560e (diff)
PhotoRec: extract the exe filename from InteralName if available
Diffstat (limited to 'src/file_exe.c')
-rw-r--r--src/file_exe.c56
1 files changed, 35 insertions, 21 deletions
diff --git a/src/file_exe.c b/src/file_exe.c
index e1f80f8..712b470 100644
--- a/src/file_exe.c
+++ b/src/file_exe.c
@@ -232,6 +232,12 @@ static char OriginalFilename[34]={
'F', 0x0, 'i', 0x0, 'l', 0x0, 'e', 0x0, 'n', 0x0, 'a', 0x0, 'm', 0x0, 'e', 0x0,
0x0, 0x0
};
+
+static char InternalName[24]={
+ 'I', 0x0, 'n', 0x0, 't', 0x0, 'e', 0x0, 'r', 0x0, 'n', 0x0, 'a', 0x0, 'l', 0x0,
+ 'N', 0x0, 'a', 0x0, 'm', 0x0, 'e', 0x0
+};
+
static unsigned int ReadUnicodeStr(const char *buffer, unsigned int pos, const unsigned int len)
{
for(; pos+2<len && (buffer[pos]!='\0' || buffer[pos+1]!='\0'); pos+=2)
@@ -246,35 +252,22 @@ static unsigned int ReadUnicodeStr(const char *buffer, unsigned int pos, const u
return pos;
}
-static void PEVersion(FILE *file, const unsigned int offset, const unsigned int length, const char *old_filename)
+static int PEVersion_aux(const char*buffer, const unsigned int length, const char *old_filename, const char *needle, const unsigned int needle_len, const int force_ext)
{
- char *buffer;
unsigned int pos=0;
unsigned int end=length;
- if(length==0 || length > 1024*1024)
- return;
- if(fseek(file, offset, SEEK_SET)<0)
- return ;
- buffer=(char*)MALLOC(length);
- if(fread(buffer, length, 1, file) != 1)
- {
- free(buffer);
- return ;
- }
while(1)
{
const struct PE_index *PE_index;
pos=(pos + 3) & 0xfffffffc; /* align on a 4-byte boundary */
if(pos + 6 > end)
{
- free(buffer);
- return ;
+ return -1;
}
PE_index=(const struct PE_index*)&buffer[pos];
if(le16(PE_index->len)==0 && le16(PE_index->val_len)==0)
{
- free(buffer);
- return ;
+ return -1;
}
{
const char *stringName=&buffer[pos+6];
@@ -303,8 +296,8 @@ static void PEVersion(FILE *file, const unsigned int offset, const unsigned int
{
int do_rename=0;
PE_index=(const struct PE_index*)&buffer[pt];
- if(pt+6+sizeof(OriginalFilename) < end &&
- memcmp(&buffer[pt+6], OriginalFilename, sizeof(OriginalFilename))==0)
+ if(pt+6+needle_len < end &&
+ memcmp(&buffer[pt+6], needle, needle_len)==0)
{
do_rename=1;
}
@@ -313,9 +306,8 @@ static void PEVersion(FILE *file, const unsigned int offset, const unsigned int
{
if(do_rename)
{
- file_rename_unicode(old_filename, buffer, end, pt, NULL, 0);
- free(buffer);
- return ;
+ file_rename_unicode(old_filename, buffer, end, pt, NULL, force_ext);
+ return 0;
}
#ifdef DEBUG_EXE
log_info(": ");
@@ -334,6 +326,28 @@ static void PEVersion(FILE *file, const unsigned int offset, const unsigned int
}
}
}
+ return -1;
+}
+
+static void PEVersion(FILE *file, const unsigned int offset, const unsigned int length, const char *old_filename)
+{
+ char *buffer;
+ if(length==0 || length > 1024*1024)
+ return;
+ if(fseek(file, offset, SEEK_SET)<0)
+ return ;
+ buffer=(char*)MALLOC(length);
+ if(fread(buffer, length, 1, file) != 1)
+ {
+ free(buffer);
+ return ;
+ }
+ if(PEVersion_aux(buffer, length, old_filename, OriginalFilename, sizeof(OriginalFilename), 0)==0)
+ {
+ free(buffer);
+ return;
+ }
+ PEVersion_aux(buffer, length, old_filename, InternalName, sizeof(InternalName), 1);
free(buffer);
}