Lines Matching refs:needle
36 s_spec *needle, u_int64_t f_offset, char *type) in extract_zip() argument
60 needle->suffix = "sxc"; in extract_zip()
64 needle->suffix = "sxi"; in extract_zip()
68 needle->suffix = "sxw"; in extract_zip()
73 strcat(needle->comment, comment); in extract_zip()
74 needle->suffix = "sx"; in extract_zip()
79 needle->suffix = "zip"; in extract_zip()
97 if (localFH.compressed > needle->max_len) in extract_zip()
98 return foundat + needle->header_len; in extract_zip()
101 return foundat + needle->header_len; in extract_zip()
112 if (strcmp(needle->suffix,"zip")==0) in extract_zip()
114 if (strncmp((char *)foundat, "content.xml", 11) == 0 && strcmp(needle->suffix,"zip")==0) in extract_zip()
118 strcat(needle->comment, comment); in extract_zip()
119 needle->suffix = "sx"; in extract_zip()
124 needle->suffix = "jar"; in extract_zip()
132 needle->suffix = "pptx"; in extract_zip()
136 needle->suffix = "docx"; in extract_zip()
140 needle->suffix = "xlsx"; in extract_zip()
198 bytes_to_search = needle->max_len; in extract_zip()
224 foundat = bm_search(needle->footer, in extract_zip()
225 needle->footer_len, in extract_zip()
228 needle->footer_bm_table, in extract_zip()
229 needle->case_sen, in extract_zip()
256 printf("Found a %s type:=%s\n", needle->suffix, type); in extract_zip()
259 if (strcmp(type,"all")==0 || strcmp(type,needle->suffix)==0) in extract_zip()
262 printf("Writing a %s to disk\n", needle->suffix); in extract_zip()
264 write_to_disk(s, needle, file_size, extractbuf, c_offset + f_offset); in extract_zip()
268 printf("Found a %s\n", needle->suffix); in extract_zip()
289 s_spec *needle, u_int64_t f_offset) in extract_pdf() argument
301 foundat += needle->header_len; /* Jump Past the %PDF HEADER */ in extract_pdf()
309 if (buflen >= needle->max_len) in extract_pdf()
311 bytes_to_search = needle->max_len; in extract_pdf()
326 foundat = bm_search(needle->markerlist[1].value, in extract_pdf()
327 needle->markerlist[1].len, in extract_pdf()
330 needle->markerlist[1].marker_bm_table, in extract_pdf()
331 needle->case_sen, in extract_pdf()
345 foundat = bm_search(needle->markerlist[2].value, in extract_pdf()
346 needle->markerlist[2].len, in extract_pdf()
349 needle->markerlist[2].marker_bm_table, in extract_pdf()
350 needle->case_sen, in extract_pdf()
355 foundat = bm_search(needle->markerlist[0].value, in extract_pdf()
356 needle->markerlist[0].len, in extract_pdf()
359 needle->markerlist[0].marker_bm_table, in extract_pdf()
360 needle->case_sen, in extract_pdf()
374 strcat(needle->comment, comment); in extract_pdf()
376 foundat += needle->markerlist[0].len; in extract_pdf()
386 if (size > needle->max_len) in extract_pdf()
394 foundat -= needle->footer_len; in extract_pdf()
399 foundat = bm_search(needle->footer, in extract_pdf()
400 needle->footer_len, in extract_pdf()
402 needle->footer_len + 9, in extract_pdf()
403 needle->footer_bm_table, in extract_pdf()
404 needle->case_sen, in extract_pdf()
408 foundat += needle->footer_len + 1; in extract_pdf()
412 write_to_disk(s, needle, file_size, extractbuf, c_offset + f_offset); in extract_pdf()
428 foundat = bm_search(needle->footer, in extract_pdf()
429 needle->footer_len, in extract_pdf()
432 needle->footer_bm_table, in extract_pdf()
433 needle->case_sen, in extract_pdf()
438 foundat += needle->footer_len + 1; in extract_pdf()
442 write_to_disk(s, needle, file_size, extractbuf, c_offset + f_offset); in extract_pdf()
459 s_spec *needle, u_int64_t f_offset) in extract_cpp() argument
483 return foundat + needle->header_len; in extract_cpp()
509 foundat = bm_search(needle->footer, in extract_cpp()
510 needle->footer_len, in extract_cpp()
513 needle->footer_bm_table, in extract_cpp()
520 foundat = bm_search(needle->markerlist[0].value, in extract_cpp()
521 needle->markerlist[0].len, in extract_cpp()
524 needle->markerlist[0].marker_bm_table, in extract_cpp()
536 write_to_disk(s, needle, file_size, extractbuf, c_offset + f_offset + start + 1); in extract_cpp()
552 s_spec *needle, u_int64_t f_offset) in extract_htm() argument
563 foundat += needle->header_len; in extract_htm()
575 if (buflen < needle->max_len) in extract_htm()
581 bytes_to_search = needle->max_len; in extract_htm()
586 foundat = bm_search(needle->footer, in extract_htm()
587 needle->footer_len, in extract_htm()
590 needle->footer_bm_table, in extract_htm()
591 needle->case_sen, in extract_htm()
595 file_size = (foundat - buf) + needle->footer_len; in extract_htm()
597 write_to_disk(s, needle, file_size, extractbuf, c_offset + f_offset); in extract_htm()
598 foundat += needle->footer_len; in extract_htm()
715 s_spec *needle, u_int64_t f_offset, char *type) in extract_ole() argument
996 needle->suffix = suffix; in extract_ole()
998 if (!strstr(needle->suffix, type) && strcmp(type,"all")!=0) in extract_ole()
1003 write_to_disk(s, needle, file_size, extractbuf, c_offset + f_offset); in extract_ole()
1038 s_spec *needle, u_int64_t f_offset) in extract_mov() argument
1053 if (atomsize <= 0 || atomsize > needle->max_len) in extract_mov()
1055 return foundat + needle->header_len + 4; in extract_mov()
1064 if (buflen >= needle->max_len) in extract_mov()
1065 return foundat + needle->header_len + 4; in extract_mov()
1129 write_to_disk(s, needle, filesize, extractbuf, c_offset + f_offset - 4); in extract_mov()
1147 s_spec *needle, u_int64_t f_offset) in extract_wmv() argument
1188 if (buflen - (foundat - buf) >= needle->max_len) in extract_wmv()
1189 bytes_to_search = needle->max_len; in extract_wmv()
1194 foundat = bm_search(needle->footer, in extract_wmv()
1195 needle->footer_len, in extract_wmv()
1198 needle->footer_bm_table, in extract_wmv()
1199 needle->case_sen, in extract_wmv()
1220 if (size > 0 && size <= needle->max_len && size <= buflen) in extract_wmv()
1235 write_to_disk(s, needle, file_size, extractbuf, c_offset + f_offset); in extract_wmv()
1250 s_spec *needle, u_int64_t f_offset, char *type) in extract_riff() argument
1262 if (size > 0 && size <= needle->max_len && size <= buflen) in extract_riff()
1269 needle->suffix = "avi"; in extract_riff()
1270 if (!strstr(needle->suffix, type) && strcmp(type,"all")!=0) in extract_riff()
1272 write_to_disk(s, needle, file_size, extractbuf, c_offset + f_offset); in extract_riff()
1277 return buf + needle->header_len; in extract_riff()
1282 return buf + needle->header_len; in extract_riff()
1287 if (size > 0 && size <= needle->max_len && size <= buflen) in extract_riff()
1295 needle->suffix = "wav"; in extract_riff()
1296 if (!strstr(needle->suffix, type) && strcmp(type,"all")!=0) in extract_riff()
1299 write_to_disk(s, needle, file_size, extractbuf, c_offset + f_offset); in extract_riff()
1304 return buf + needle->header_len; in extract_riff()
1309 return buf + needle->header_len; in extract_riff()
1322 s_spec *needle, u_int64_t f_offset) in extract_bmp() argument
1336 return buf + needle->header_len; in extract_bmp()
1342 if (size <= 100 || size > needle->max_len) in extract_bmp()
1343 return buf + needle->header_len; in extract_bmp()
1358 return buf + needle->header_len; in extract_bmp()
1366 return buf + needle->header_len; in extract_bmp()
1380 strcat(needle->comment, comment); in extract_bmp()
1385 write_to_disk(s, needle, file_size, extractbuf, (c_offset + f_offset)); in extract_bmp()
1401 s_spec *needle, u_int64_t f_offset) in extract_gif() argument
1421 strcat(needle->comment, comment); in extract_gif()
1424 if (buflen - (foundat - buf) >= needle->max_len) in extract_gif()
1425 bytes_to_search = needle->max_len; in extract_gif()
1428 foundat = bm_search(needle->footer, in extract_gif()
1429 needle->footer_len, in extract_gif()
1432 needle->footer_bm_table, in extract_gif()
1433 needle->case_sen, in extract_gif()
1442 file_size = (foundat - buf) + needle->footer_len; in extract_gif()
1447 write_to_disk(s, needle, file_size, extractbuf, c_offset + f_offset); in extract_gif()
1448 foundat += needle->footer_len; in extract_gif()
1467 s_spec *needle, u_int64_t f_offset) in extract_mpg() argument
1491 return buf + needle->header_len; in extract_mpg()
1510 foundat = bm_search(needle->markerlist[0].value, in extract_mpg()
1511 needle->markerlist[0].len, in extract_mpg()
1514 needle->markerlist[0].marker_bm_table, in extract_mpg()
1515 needle->case_sen, in extract_mpg()
1547 if (file_size < needle->max_len) in extract_mpg()
1558 return currentpos + needle->header_len; in extract_mpg()
1596 return currentpos + needle->header_len; in extract_mpg()
1620 return buf + needle->header_len; in extract_mpg()
1627 file_size = (foundat - buf) + needle->footer_len; in extract_mpg()
1629 return buf + needle->header_len; in extract_mpg()
1633 return buf + needle->header_len; in extract_mpg()
1644 write_to_disk(s, needle, file_size, extractbuf, c_offset + f_offset); in extract_mpg()
1655 s_spec *needle, u_int64_t f_offset) in extract_mp4() argument
1687 if (size < needle->max_len) in extract_mp4()
1705 file_size = (foundat - buf) + needle->footer_len; in extract_mp4()
1707 return buf + needle->header_len; in extract_mp4()
1717 write_to_disk(s, needle, file_size, extractbuf, c_offset + f_offset); in extract_mp4()
1730 s_spec *needle, u_int64_t f_offset) in extract_png() argument
1755 strcat(needle->comment, comment); in extract_png()
1806 write_to_disk(s, needle, file_size, extractbuf, c_offset + f_offset); in extract_png()
1821 s_spec *needle, u_int64_t f_offset) in extract_jpeg() argument
1855 return foundat + needle->header_len; //Invalid keep searching in extract_jpeg()
1899 return buf + needle->header_len; in extract_jpeg()
1911 if (buflen - (foundat - buf) >= needle->max_len) in extract_jpeg()
1912 bytes_to_search = needle->max_len; in extract_jpeg()
1917 foundat = bm_search(needle->footer, in extract_jpeg()
1918 needle->footer_len, in extract_jpeg()
1921 needle->footer_bm_table, in extract_jpeg()
1922 needle->case_sen, in extract_jpeg()
1929 file_size = (foundat - buf) + needle->footer_len; in extract_jpeg()
1937 write_to_disk(s, needle, file_size, extractbuf, c_offset + f_offset); in extract_jpeg()
1938 foundat += needle->footer_len; in extract_jpeg()
1956 u_int64_t buflen, s_spec *needle, u_int64_t f_offset) in extract_generic() argument
1968 if (buflen - (foundat - buf) >= needle->max_len) in extract_generic()
1969 bytes_to_search = needle->max_len; in extract_generic()
1973 if(needle->searchtype ==SEARCHTYPE_FORWARD_NEXT) in extract_generic()
1975 foundat+=needle->header_len; in extract_generic()
1976 foundat = bm_search(needle->header, in extract_generic()
1977 needle->header_len, in extract_generic()
1980 needle->footer_bm_table, in extract_generic()
1981 needle->case_sen, in extract_generic()
1984 else if(needle->searchtype ==SEARCHTYPE_ASCII) in extract_generic()
2014 return foundat+needle->header_len; in extract_generic()
2017 else if (needle->footer == NULL || strlen((char *)needle->footer) < 1) in extract_generic()
2027 printf("footer is not NULL %p\n", needle->footer); in extract_generic()
2029 foundat = bm_search(needle->footer, in extract_generic()
2030 needle->footer_len, in extract_generic()
2033 needle->footer_bm_table, in extract_generic()
2034 needle->case_sen, in extract_generic()
2041 printf("found %s!!!\n", needle->footer); in extract_generic()
2043 if(needle->searchtype ==SEARCHTYPE_FORWARD_NEXT || needle->searchtype ==SEARCHTYPE_ASCII) in extract_generic()
2049 file_size = (foundat - buf) + needle->footer_len; in extract_generic()
2054 file_size = needle->max_len; in extract_generic()
2059 file_size = needle->max_len; in extract_generic()
2072 write_to_disk(s, needle, file_size, extractbuf, c_offset + f_offset); in extract_generic()
2074 if(needle->searchtype !=SEARCHTYPE_ASCII) in extract_generic()
2077 foundat += needle->header_len; in extract_generic()
2091 s_spec *needle, u_int64_t f_offset) in extract_exe() argument
2149 strcat(needle->comment, comment); in extract_exe()
2221 strcpy(needle->suffix, "dll"); in extract_exe()
2222 write_to_disk(s, needle, file_size, extractbuf, c_offset + f_offset); in extract_exe()
2223 strcpy(needle->suffix, "exe"); in extract_exe()
2227 write_to_disk(s, needle, file_size, extractbuf, c_offset + f_offset); in extract_exe()
2230 foundat += needle->header_len; in extract_exe()
2241 s_spec *needle, u_int64_t f_offset) in extract_reg() argument
2247 if(sizeofreg < 0 || sizeofreg > needle->max_len) in extract_reg()
2257 write_to_disk(s, needle, file_size , extractbuf, c_offset + f_offset); in extract_reg()
2268 s_spec *needle, u_int64_t f_offset) in extract_rar() argument
2302 strcat(needle->comment, comment); in extract_rar()
2308 strcat(needle->comment, comment); in extract_rar()
2332 strcat(needle->comment, comment); in extract_rar()
2335 if (buflen - (foundat - buf) >= needle->max_len) in extract_rar()
2336 bytes_to_search = needle->max_len; in extract_rar()
2341 foundat = bm_search(needle->footer, in extract_rar()
2342 needle->footer_len, in extract_rar()
2345 needle->footer_bm_table, in extract_rar()
2346 needle->case_sen, in extract_rar()
2392 strcat(needle->comment, comment); in extract_rar()
2398 strcat(needle->comment, comment); in extract_rar()
2399 foundat = bm_search(needle->footer, in extract_rar()
2400 needle->footer_len, in extract_rar()
2403 needle->footer_bm_table, in extract_rar()
2404 needle->case_sen, in extract_rar()
2433 write_to_disk(s, needle, tot_file_size, extractbuf, c_offset + f_offset); in extract_rar()
2445 s_spec *needle, u_int64_t f_offset) in extract_file() argument
2447 if (needle->type == JPEG) in extract_file()
2449 return extract_jpeg(s, c_offset, foundat, buflen, needle, f_offset); in extract_file()
2451 else if (needle->type == GIF) in extract_file()
2453 return extract_gif(s, c_offset, foundat, buflen, needle, f_offset); in extract_file()
2455 else if (needle->type == PNG) in extract_file()
2457 return extract_png(s, c_offset, foundat, buflen, needle, f_offset); in extract_file()
2459 else if (needle->type == BMP) in extract_file()
2461 return extract_bmp(s, c_offset, foundat, buflen, needle, f_offset); in extract_file()
2463 else if (needle->type == RIFF) in extract_file()
2465 needle->suffix = "rif"; in extract_file()
2466 return extract_riff(s, c_offset, foundat, buflen, needle, f_offset, "all"); in extract_file()
2468 else if (needle->type == AVI) in extract_file()
2470 return extract_riff(s, c_offset, foundat, buflen, needle, f_offset, "avi"); in extract_file()
2472 else if (needle->type == WAV) in extract_file()
2474 needle->suffix = "rif"; in extract_file()
2475 return extract_riff(s, c_offset, foundat, buflen, needle, f_offset, "wav"); in extract_file()
2477 else if (needle->type == WMV) in extract_file()
2479 return extract_wmv(s, c_offset, foundat, buflen, needle, f_offset); in extract_file()
2481 else if (needle->type == OLE) in extract_file()
2483 needle->suffix = "ole"; in extract_file()
2484 return extract_ole(s, c_offset, foundat, buflen, needle, f_offset, "all"); in extract_file()
2486 else if (needle->type == DOC) in extract_file()
2488 return extract_ole(s, c_offset, foundat, buflen, needle, f_offset, "doc"); in extract_file()
2490 else if (needle->type == PPT) in extract_file()
2492 return extract_ole(s, c_offset, foundat, buflen, needle, f_offset, "ppt"); in extract_file()
2494 else if (needle->type == XLS) in extract_file()
2496 needle->suffix = "ole"; in extract_file()
2497 return extract_ole(s, c_offset, foundat, buflen, needle, f_offset, "xls"); in extract_file()
2499 else if (needle->type == PDF) in extract_file()
2501 return extract_pdf(s, c_offset, foundat, buflen, needle, f_offset); in extract_file()
2503 else if (needle->type == CPP) in extract_file()
2505 return extract_cpp(s, c_offset, foundat, buflen, needle, f_offset); in extract_file()
2507 else if (needle->type == HTM) in extract_file()
2509 return extract_htm(s, c_offset, foundat, buflen, needle, f_offset); in extract_file()
2511 else if (needle->type == MPG) in extract_file()
2513 return extract_mpg(s, c_offset, foundat, buflen, needle, f_offset); in extract_file()
2515 else if (needle->type == MP4) in extract_file()
2517 return extract_mp4(s, c_offset, foundat, buflen, needle, f_offset); in extract_file()
2519 else if (needle->type == ZIP) in extract_file()
2521 return extract_zip(s, c_offset, foundat, buflen, needle, f_offset, "all"); in extract_file()
2523 else if (needle->type == RAR) in extract_file()
2525 return extract_rar(s, c_offset, foundat, buflen, needle, f_offset); in extract_file()
2527 else if (needle->type == SXW) in extract_file()
2529 return extract_zip(s, c_offset, foundat, buflen, needle, f_offset, "sxw"); in extract_file()
2531 else if (needle->type == SXC) in extract_file()
2533 return extract_zip(s, c_offset, foundat, buflen, needle, f_offset, "sxc"); in extract_file()
2535 else if (needle->type == SXI) in extract_file()
2537 return extract_zip(s, c_offset, foundat, buflen, needle, f_offset, "sxi"); in extract_file()
2539 else if (needle->type == EXE) in extract_file()
2541 return extract_exe(s, c_offset, foundat, buflen, needle, f_offset); in extract_file()
2543 else if (needle->type == MOV || needle->type == VJPEG) in extract_file()
2545 return extract_mov(s, c_offset, foundat, buflen, needle, f_offset); in extract_file()
2547 else if (needle->type == CONF) in extract_file()
2549 return extract_generic(s, c_offset, foundat, buflen, needle, f_offset); in extract_file()