summaryrefslogtreecommitdiffstats
path: root/src/file_wim.c
diff options
context:
space:
mode:
authorChristophe Grenier <grenier@cgsecurity.org>2014-08-09 09:46:49 +0200
committerChristophe Grenier <grenier@cgsecurity.org>2014-08-09 09:46:49 +0200
commit8cfbf6b958e0914cbfeeaf66e4aad5ac909165a7 (patch)
tree7cdbef2ddb05e16af69cd09db8013b1acad04e73 /src/file_wim.c
parentcbdb1af017e2da303bddcf8b4f5440eb5ad61760 (diff)
PhotoRec: try to detect .wim size
Diffstat (limited to 'src/file_wim.c')
-rw-r--r--src/file_wim.c57
1 files changed, 57 insertions, 0 deletions
diff --git a/src/file_wim.c b/src/file_wim.c
index 978d48a..d5f66f4 100644
--- a/src/file_wim.c
+++ b/src/file_wim.c
@@ -29,8 +29,11 @@
#include <stdio.h>
#include "types.h"
#include "filegen.h"
+#include "common.h"
+#include "log.h"
static void register_header_check_wim(file_stat_t *file_stat);
+/* http://go.microsoft.com/fwlink/?LinkId=92227 */
const file_hint_t file_hint_wim= {
.extension="wim",
@@ -42,10 +45,64 @@ const file_hint_t file_hint_wim= {
.register_header_check=&register_header_check_wim
};
+struct reshdr_disk_short
+{
+ union {
+ uint64_t flags; /* one byte is a combination of RESHDR_FLAG_XXX */
+ uint64_t size; /* the 7 low-bytes are used to store the size */
+ };
+ uint64_t offset;
+ uint64_t original_size;
+} __attribute__ ((__packed__));
+
+#define RESHDR_GET_SIZE(R) (le64(R.size) & 0x00FFFFFFFFFFFFFF)
+
+struct _WIMHEADER_V1_PACKED
+{
+ char ImageTag[8];
+ uint32_t cbSize;
+ uint32_t dwVersion;
+ uint32_t dwFlags;
+ uint32_t dwCompressionSize;
+ unsigned char gWIMGuid[16];
+ uint16_t usPartNumber;
+ uint16_t usTotalParts;
+ uint32_t dwImageCount;
+ struct reshdr_disk_short rhOffsetTable;
+ struct reshdr_disk_short rhXmlData;
+ struct reshdr_disk_short rhBootMetadata;
+ uint32_t dwBootIndex;
+ struct reshdr_disk_short rhIntegrity;
+ unsigned char bUnused[60];
+} __attribute__ ((__packed__));
+
static int header_check_wim(const unsigned char *buffer, const unsigned int buffer_size, const unsigned int safe_header_only, const file_recovery_t *file_recovery, file_recovery_t *file_recovery_new)
{
+ const struct _WIMHEADER_V1_PACKED *hdr=(const struct _WIMHEADER_V1_PACKED *)buffer;
+ uint64_t size=le32(hdr->cbSize);
+ if(le32(hdr->cbSize) < sizeof(struct _WIMHEADER_V1_PACKED))
+ return 0;
+#ifdef DEBUG_WIM
+ log_info("cbSize %llu\n", (unsigned long long)le32(hdr->cbSize));
+ log_info("dwCompressionSize %llu\n", (unsigned long long)le32(hdr->dwCompressionSize));
+ log_info("rhOffsetTable %llu %llu\n", (unsigned long long)RESHDR_GET_SIZE(hdr->rhOffsetTable), (unsigned long long)le64(hdr->rhOffsetTable.offset));
+ log_info("rhXmlData %llu %llu\n", (unsigned long long)RESHDR_GET_SIZE(hdr->rhXmlData), (unsigned long long)le64(hdr->rhXmlData.offset));
+ log_info("rhBootMetadata %llu %llu\n", (unsigned long long)RESHDR_GET_SIZE(hdr->rhBootMetadata), (unsigned long long)le64(hdr->rhBootMetadata.offset));
+ log_info("rhIntegrity %llu %llu\n", (unsigned long long)RESHDR_GET_SIZE(hdr->rhIntegrity), (unsigned long long)le64(hdr->rhIntegrity.offset));
+#endif
+ if(RESHDR_GET_SIZE(hdr->rhOffsetTable) > 0 && RESHDR_GET_SIZE(hdr->rhOffsetTable) + le64(hdr->rhOffsetTable.offset) > size)
+ size=RESHDR_GET_SIZE(hdr->rhOffsetTable) + le64(hdr->rhOffsetTable.offset);
+ if(RESHDR_GET_SIZE(hdr->rhXmlData) > 0 && RESHDR_GET_SIZE(hdr->rhXmlData) + le64(hdr->rhXmlData.offset) > size)
+ size=RESHDR_GET_SIZE(hdr->rhXmlData) + le64(hdr->rhXmlData.offset);
+ if(RESHDR_GET_SIZE(hdr->rhBootMetadata) > 0 && RESHDR_GET_SIZE(hdr->rhBootMetadata) + le64(hdr->rhBootMetadata.offset) > size)
+ size=RESHDR_GET_SIZE(hdr->rhBootMetadata) + le64(hdr->rhBootMetadata.offset);
+ if(RESHDR_GET_SIZE(hdr->rhIntegrity) > 0 && RESHDR_GET_SIZE(hdr->rhIntegrity) + le64(hdr->rhIntegrity.offset) > size)
+ size=RESHDR_GET_SIZE(hdr->rhIntegrity) + le64(hdr->rhIntegrity.offset);
reset_file_recovery(file_recovery_new);
file_recovery_new->extension=file_hint_wim.extension;
+ file_recovery_new->calculated_file_size=size;
+ file_recovery_new->data_check=&data_check_size;
+ file_recovery_new->file_check=&file_check_size;
return 1;
}