Reputation: 697
Parsing A hiberfil.sys file for a png image
As part of my Computer security course, I am parsing a hiberfil.sys file, looking for PNG files. I am trying this in C. I have the logic ready just that, when it comes to pointers and C I am left totally confused. I am not able to compile the following code:
#include<stdio.h>
#include<string.h>
int main(void)
{
FILE* fd = NULL;
FILE* out = NULL;
unsigned char* buff;
unsigned char* chunk[1024];
fd = fopen("hiberfil.sys","r");
out = fopen("a.png","w+");
if(NULL == fd)
{
printf("\n fopen() Error!!!\n");
return 1;
}
fread(buff,2,1,fd);
while(1){
if(*buff==137){
fread(buff,2,1,fd);
if(*buff==80){
fread(buff,2,1,fd);
if(*buff==78){
fread(buff,2,1,fd);
if(*buff==71){
fread(buff,2,1,fd);
if(*buff==13){
fread(buff,2,1,fd);
if(*buff==10){
fread(buff,2,1,fd);
if(*buff==26){
fread(buff,2,1,fd);
if(*buff==10){
int * a,b,c,d,e,f,g,h,i;
*a=137;
*b=80;
*c=78;
*d=71;
*e=13;
*f=10;
*g=26;
*h=10;
fwrite(a,2,1,out);
fwrite(b,2,1,out);
fwrite(c,2,1,out);
fwrite(d,2,1,out);
fwrite(e,2,1,out);
fwrite(f,2,1,out);
fwrite(g,2,1,out);
fwrite(h,2,1,out);
break;
}
else continue;
}
else continue;
}
else continue;
}
else continue;
}
else continue;
}
else continue;
}
else fread(buff,2,1,fd);
}
}
unsigned char type[4]=0;
while(type[0]!=73 || type[1]!=69 || type[2]!=78 || type[3]!=68){
fread(length,sizeof(int),1,fd);
fread(type,4,1,fd);
fread(chunk,length+4,1,fd);
fwrite(length,sizeof(int),1,out);
fwrite(type,4,1,out);
fwrite(chunk,length+8,1,out);
}
fclose(fd);
fclose(out);
return 0;
}
Thanks alot!
PS: Can some one please help me with the formatting of the code block!
Edit with errors
error: invalid type argument of unary ‘*’ (have ‘int’) <<<< Refering to int * pointers
error: initializing argument 1 of ‘size_t fwrite(const void*, size_t, size_t, FILE*)’ <<<< Refering to int length i believe.
They seem trivial to me now, but still a small dosage of explanation would help me. As whats up with these pointers?
Upvotes: 0
Views: 421
Answers (2)
Reputation: 21319
In addition to hmjd's answer you should consider that an array of a type can be indexed. You don't have to dereference only the first item.
So you can say buff[i] (if, say, declared as unsigned char buff[1024];), where i is a size_t or int that you increment while you go.
In general it makes more sense to - as your initial idea seems to have been - read chunks of data and then only read the next chunk if you run into the end of the first chunk while you are still detecting whether it's a PNG file or not.
So basically you read through the hiberfil.sys until you hit the end of the file in a loop. Within this loop you keep track of a single chunk and perhaps the preceding chunk. Could be done as a ring buffer for example. Then you run the detection code over that chunk (separate function, passing the chunk by reference) and - for example - return the offset into the chunk from your detection function. This way you also know the offset into the hiberfil.sys in case you need this and can then extract the PNG file.
Perhaps also read this.
Upvotes: 0
Reputation: 122001
One mistake is:
int * a,b,c,d,e,f,g,h,i;
*a=137;
*b=80;
*c=78;
as only a is an int*, the rest of the variables are of type int. To correct either declare on one line (which is more readable and makes this mistake less likely) or place a * before each variable name.
Another mistake (not a compiler error) is the use of buff, which is an unitialised pointer when it is used:
unsigned char* buff;
/* snip ... */
fread(buff,2,1,fd);
A possible fix is:
unsigned char buff[2]; /* As 2 bytes appears to be required size. */
Upvotes: 1
Related Questions
- How can I extract the .jpg/.png components of an .hpi file?
- Read PNG file with c
- Read a PNG image using Haxe
- Load png image for embedded system
- Save HBITMAP as PNG image using GDI?
- Read a PNG Using Win32 / C++
- Save HICON as a png
- Open a png file and read it's hex values in C
- Turn PNG loading code to use a FILE instead of local resource
- extract a stored png image from a binary file the right way