Пример #1
0
/** \test magic api calls -- make sure memory is shared */
int MagicDetectTest09(void)
{
    const char *result1 = NULL;
    const char *result2 = NULL;
    uint8_t buffer[] = { 0x25, 'P', 'D', 'F', '-', '1', '.', '3', 0x0d, 0x0a};
    size_t buffer_len = sizeof(buffer);
    int retval = 0;

    if (MagicInit() < 0) {
        printf("MagicInit() failure\n");
        return 0;
    }

    result1 = MagicGlobalLookup(buffer, buffer_len);
    if (result1 == NULL || strncmp(result1, "PDF document", 12) != 0) {
        printf("result %p:%s, not \"PDF document\": ", result1,result1?result1:"(null)");
        goto end;
    }

    result2 = MagicGlobalLookup(buffer, buffer_len);
    if (result2 == NULL || strncmp(result2, "PDF document", 12) != 0) {
        printf("result %p:%s, not \"PDF document\": ", result2,result2?result2:"(null)");
        goto end;
    }

    if (result1 != result2) {
        printf("pointers not equal, weird... %p != %p: ", result1, result2);
        goto end;
    }

    retval = 1;
end:
    MagicDeinit();
    return retval;
}
Пример #2
0
/** \test results in valgrind warning about invalid read, tested with
 *        file 5.09 and 5.11 */
static int MagicDetectTest10ValgrindError(void)
{
    const char *result = NULL;
    uint8_t buffer[] = {
        0xFF,0xD8,0xFF,0xE0,0x00,0x10,0x4A,0x46,0x49,0x46,0x00,0x01,0x01,0x01,0x01,0x2C,
        0x01,0x2C,0x00,0x00,0xFF,0xFE,0x00,0x4C,0x53,0x69,0x67,0x6E,0x61,0x74,0x75,0x72,
        0x65,0x3A,0x34,0x31,0x31,0x65,0x33,0x38,0x61,0x61,0x61,0x31,0x37,0x65,0x33,0x30,
        0x66,0x30,0x32,0x38,0x62,0x61,0x30,0x31,0x36,0x32,0x36,0x37,0x66,0x66,0x30,0x31,
        0x36,0x36,0x61,0x65,0x35,0x39,0x65,0x38,0x31,0x39,0x62,0x61,0x32,0x34,0x63,0x39,
        0x62,0x31,0x33,0x37,0x33,0x62,0x31,0x61,0x35,0x61,0x38,0x65,0x64,0x63,0x36,0x30,
        0x65,0x37,0xFF,0xE2,0x02,0x2C,0x49,0x43,0x43,0x5F,0x50,0x52,0x4F,0x46,0x49,0x4C,
        0x45,0x00,0x01,0x01,0x00,0x00,0x02,0x1C,0x41,0x44,0x42,0x45,0x02,0x10,0x00,0x00,
        0x6D,0x6E,0x74,0x72,0x52,0x47,0x42,0x20,0x58,0x59,0x5A,0x20,0x07,0xCF,0x00,0x05,
        0x00,0x09,0x00,0x15,0x00,0x0B,0x00,0x21,0x61,0x63,0x73,0x70,0x41,0x50,0x50,0x4C,
        0x00,0x00,0x00,0x00,0x6E,0x6F,0x6E,0x65,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
    };
    size_t buffer_len = sizeof(buffer);
    int retval = 0;

    if (MagicInit() < 0) {
        printf("MagicInit() failure\n");
        return 0;
    }

    result = MagicGlobalLookup(buffer, buffer_len);
    if (result == NULL || strncmp(result, "JPEG", 4) != 0) {
        printf("result %p:%s, not \"JPEG\": ", result,result?result:"(null)");
        goto end;
    }

    retval = 1;
end:
    MagicDeinit();
    return retval;
}
Пример #3
0
/** \test magic init through api */
int MagicInitTest02(void)
{
    if (g_magic_ctx != NULL) {
        printf("g_magic_ctx != NULL at start of the test: ");
        return 0;
    }

    if (MagicInit() < 0) {
        printf("MagicInit() failure\n");
        return 0;
    }

    if (g_magic_ctx == NULL) {
        printf("g_magic_ctx == NULL: ");
        return 0;
    }

    MagicDeinit();

    if (g_magic_ctx != NULL) {
        printf("g_magic_ctx != NULL at end of the test: ");
        return 0;
    }

    return 1;
}
Пример #4
0
/** \test magic api calls -- lookup */
int MagicDetectTest08(void)
{
    const char *result = NULL;
    uint8_t buffer[] = {
        0x50, 0x4b, 0x03, 0x04, 0x14, 0x00, 0x00, 0x08,
        0x00, 0x00, 0x52, 0x7b, 0x86, 0x3c, 0x8b, 0x70,
        0x96, 0x08, 0x1c, 0x00, 0x00, 0x00, 0x1c, 0x00,
        0x00, 0x00, 0x08, 0x00, 0x00, 0x00, 0x6d, 0x69,

        0x6d, 0x65, 0x74, 0x79, 0x70, 0x65, 0x61, 0x70,
        0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f,
        0x6e, 0x2f, 0x76, 0x6e, 0x64, 0x2e, 0x73, 0x75,
        0x6e, 0x2e, 0x78, 0x6d, 0x6c, 0x2e, 0x62, 0x61,

        0x73, 0x65, 0x50, 0x4b, 0x03, 0x04, 0x14, 0x00,
        0x00, 0x08, 0x00, 0x00, 0x52, 0x7b, 0x86, 0x3c,
        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
        0x00, 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00,

        0x4d, 0x45, 0x54, 0x41, 0x2d, 0x49, 0x4e, 0x46,
        0x2f, 0x50, 0x4b, 0x03, 0x04, 0x14, 0x00, 0x00,
        0x08, 0x08, 0x00, 0xa8, 0x42, 0x1d, 0x37, 0x5d,
        0xa7, 0xb2, 0xc1, 0xde, 0x01, 0x00, 0x00, 0x7e,

        0x04, 0x00, 0x00, 0x0b, 0x00, 0x00, 0x00, 0x63,
        0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x2e, 0x78,
        0x6d, 0x6c, 0x95, 0x54, 0x4d, 0x6f, 0xdb, 0x30,

        0x0c, 0xbd, 0xe7, 0x57, 0x18, 0x02, 0x06, 0x6c,
        0x07, 0xc5, 0xe9, 0xb6, 0xc3, 0x22, 0xc4, 0x29,
        0x86, 0x7d, 0x00, 0x05, 0x8a, 0x9d, 0xb2, 0x43,
        0x8f, 0xb2, 0x24, 0xa7, 0xc2, 0x64, 0xc9, 0x15,
    };
    size_t buffer_len = sizeof(buffer);
    int retval = 0;

    if (MagicInit() < 0) {
        printf("MagicInit() failure\n");
        return 0;
    }

    result = MagicGlobalLookup(buffer, buffer_len);
    if (result == NULL || strcmp(result, "OpenOffice.org 1.x Database file") != 0) {
        printf("result %p:%s, not \"OpenOffice.org 1.x Database file\": ", result,result?result:"(null)");
        goto end;
    }

    retval = 1;
end:
    MagicDeinit();
    return retval;
}
Пример #5
0
/** \test magic api calls -- lookup */
int MagicDetectTest07(void)
{
    const char *result = NULL;
    uint8_t buffer[] = {
        0x50, 0x4b, 0x03, 0x04, 0x14, 0x00, 0x00, 0x00,
        0x00, 0x00, 0x0b, 0x55, 0x2a, 0x36, 0x5e, 0xc6,
        0x32, 0x0c, 0x27, 0x00, 0x00, 0x00, 0x27, 0x00,
        0x00, 0x00, 0x08, 0x00, 0x00, 0x00, 0x6d, 0x69,

        0x6d, 0x65, 0x74, 0x79, 0x70, 0x65, 0x61, 0x70,
        0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f,
        0x6e, 0x2f, 0x76, 0x6e, 0x64, 0x2e, 0x6f, 0x61,
        0x73, 0x69, 0x73, 0x2e, 0x6f, 0x70, 0x65, 0x6e,

        0x64, 0x6f, 0x63, 0x75, 0x6d, 0x65, 0x6e, 0x74,
        0x2e, 0x74, 0x65, 0x78, 0x74, 0x50, 0x4b, 0x03,
        0x04, 0x14, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0b,
        0x55, 0x2a, 0x36, 0x00, 0x00, 0x00, 0x00, 0x00,

        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x1a,
        0x00, 0x00, 0x00, 0x43, 0x6f, 0x6e, 0x66, 0x69,
        0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e,
        0x73, 0x32, 0x2f, 0x73, 0x74, 0x61, 0x74, 0x75,

        0x73, 0x62, 0x61, 0x72, 0x2f, 0x50, 0x4b, 0x03,
        0x04, 0x14, 0x00, 0x08, 0x00, 0x08, 0x00, 0x0b,
    };
    size_t buffer_len = sizeof(buffer);
    int retval = 0;

    if (MagicInit() < 0) {
        printf("MagicInit() failure\n");
        return 0;
    }

    result = MagicGlobalLookup(buffer, buffer_len);
    if (result == NULL || strcmp(result, "OpenDocument Text") != 0) {
        printf("result %p:%s, not \"OpenDocument Text\": ", result,result?result:"(null)");
        goto end;
    }

    retval = 1;
end:
    MagicDeinit();
    return retval;
}
Пример #6
0
/** \test magic api calls -- lookup */
int MagicDetectTest07(void)
{
    const char *result = NULL;
    uint8_t buffer[] = {
        0x50, 0x4b, 0x03, 0x04, 0x14, 0x00, 0x00, 0x00,
        0x00, 0x00, 0x0b, 0x55, 0x2a, 0x36, 0x5e, 0xc6,
        0x32, 0x0c, 0x27, 0x00, 0x00, 0x00, 0x27, 0x00,
        0x00, 0x00, 0x08, 0x00, 0x00, 0x00, 0x6d, 0x69,

        0x6d, 0x65, 0x74, 0x79, 0x70, 0x65, 0x61, 0x70,
        0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f,
        0x6e, 0x2f, 0x76, 0x6e, 0x64, 0x2e, 0x6f, 0x61,
        0x73, 0x69, 0x73, 0x2e, 0x6f, 0x70, 0x65, 0x6e,

        0x64, 0x6f, 0x63, 0x75, 0x6d, 0x65, 0x6e, 0x74,
        0x2e, 0x74, 0x65, 0x78, 0x74, 0x50, 0x4b, 0x03,
        0x04, 0x14, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0b,
        0x55, 0x2a, 0x36, 0x00, 0x00, 0x00, 0x00, 0x00,

        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x1a,
        0x00, 0x00, 0x00, 0x43, 0x6f, 0x6e, 0x66, 0x69,
        0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e,
        0x73, 0x32, 0x2f, 0x73, 0x74, 0x61, 0x74, 0x75,

        0x73, 0x62, 0x61, 0x72, 0x2f, 0x50, 0x4b, 0x03,
        0x04, 0x14, 0x00, 0x08, 0x00, 0x08, 0x00, 0x0b,
    };
    size_t buffer_len = sizeof(buffer);

    FAIL_IF(MagicInit() < 0);

    result = MagicGlobalLookup(buffer, buffer_len);
    FAIL_IF_NULL(result);

    char *str = strstr(result, "OpenDocument Text");
    if (str == NULL) {
        printf("result %s, not \"OpenDocument Text\": ", str);
        FAIL;
    }

    MagicDeinit();
    PASS;
}
Пример #7
0
/** \test magic api calls -- lookup */
int MagicDetectTest06(void)
{
    const char *result = NULL;
    uint8_t buffer[] = {
        0xd0, 0xcf, 0x11, 0xe0, 0xa1, 0xb1, 0x1a, 0xe1,
        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
        0x3e, 0x00, 0x03, 0x00, 0xfe, 0xff, 0x09, 0x00,

        0x06, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
        0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
        0x96, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
        0x00, 0x10, 0x00, 0x00, 0x98, 0x00, 0x00, 0x00,

        0x01, 0x00, 0x00, 0x00, 0xfe, 0xff, 0xff, 0xff,
        0x00, 0x00, 0x00, 0x00, 0x90, 0x00, 0x00, 0x00,
        0x97, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff,
        0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
    };
    size_t buffer_len = sizeof(buffer);
    int retval = 0;

    if (MagicInit() < 0) {
        printf("MagicInit() failure\n");
        return 0;
    }

    result = MagicGlobalLookup(buffer, buffer_len);
    if (result == NULL || strcmp(result, MICROSOFT_OFFICE_DOC) != 0) {
        printf("result %p:%s, not \"Microsoft Office Document\": ", result,result?result:"(null)");
        goto end;
    }

    retval = 1;

end:
    MagicDeinit();
    return retval;
}
Пример #8
0
/** \test magic api calls -- lookup */
int MagicDetectTest05(void)
{
    const char *result = NULL;
    uint8_t buffer[] = { 0x25, 'P', 'D', 'F', '-', '1', '.', '3', 0x0d, 0x0a};
    size_t buffer_len = sizeof(buffer);
    int retval = 0;

    if (MagicInit() < 0) {
        printf("MagicInit() failure\n");
        return 0;
    }

    result = MagicGlobalLookup(buffer, buffer_len);
    if (result == NULL || strncmp(result, "PDF document", 12) != 0) {
        printf("result %p:%s, not \"PDF document\": ", result,result?result:"(null)");
        goto end;
    }

    retval = 1;
end:
    MagicDeinit();
    return retval;
}
Пример #9
0
UINT GetStackBacktrace
(
UINT ifrStart,          // How many stack elements to skip before starting. 
UINT cfrTotal,          // How many elements to trace after starting.
DWORD_PTR* pdwEip,      // Array to be filled with stack addresses.
SYM_INFO* psiSymbols,   // This array is filled with symbol information.
                        // It should be big enough to hold cfrTotal elts.
                        // If NULL, no symbol information is stored.
CONTEXT * pContext      // Context to use (or NULL to use current)
)
{
    STATIC_CONTRACT_NOTHROW;
    STATIC_CONTRACT_GC_NOTRIGGER;
    STATIC_CONTRACT_CANNOT_TAKE_LOCK;
    
    UINT        nElements   = 0;
    DWORD_PTR*  pdw         = pdwEip;
    SYM_INFO*   psi         = psiSymbols;

    MagicInit();

    memset(pdwEip, 0, cfrTotal*sizeof(DWORD_PTR));

    if (psiSymbols)
    {
        memset(psiSymbols, 0, cfrTotal * sizeof(SYM_INFO));
    }

    if (!g_fLoadedImageHlp)
    {
        return 0;
    }

    CONTEXT context;
    if (pContext == NULL)
    {
        ClrCaptureContext(&context);
    }
    else
    {   
        memcpy(&context, pContext, sizeof(CONTEXT));
    }

#ifdef _WIN64
    STACKFRAME64 stkfrm;
    memset(&stkfrm, 0, sizeof(STACKFRAME64));
#else
    STACKFRAME stkfrm;
    memset(&stkfrm, 0, sizeof(STACKFRAME));
#endif

    stkfrm.AddrPC.Mode      = AddrModeFlat;
    stkfrm.AddrStack.Mode   = AddrModeFlat;
    stkfrm.AddrFrame.Mode   = AddrModeFlat;
#if defined(_M_IX86)
    stkfrm.AddrPC.Offset    = context.Eip;
    stkfrm.AddrStack.Offset = context.Esp;
    stkfrm.AddrFrame.Offset = context.Ebp;  // Frame Pointer
#endif

#ifndef _TARGET_X86_
    // If we don't have a user-supplied context, then don't skip any frames.
    // So ignore this function (GetStackBackTrace)
    // ClrCaptureContext on x86 gives us the ESP/EBP/EIP of its caller's caller
    // so we don't need to do this.
    if (pContext == NULL)
    {
        ifrStart += 1;        
    }
#endif // !_TARGET_X86_

    for (UINT i = 0; i < ifrStart + cfrTotal; i++)
    {
        if (!_StackWalk(IMAGE_FILE_MACHINE_NATIVE,
                        g_hProcess,
                        GetCurrentThread(),
                        &stkfrm,
                        &context,
                        NULL,
                        (PFUNCTION_TABLE_ACCESS_ROUTINE)FunctionTableAccess,
                        (PGET_MODULE_BASE_ROUTINE)GetModuleBase,
                        NULL))
        {
            break;
        }

        if (i >= ifrStart)
        {
            *pdw++ = stkfrm.AddrPC.Offset;
            nElements++;

            if (psi)
            {
                FillSymbolInfo(psi++, stkfrm.AddrPC.Offset);
            }   
        }
    }

    LOCAL_ASSERT(nElements == (UINT)(pdw - pdwEip));
    return nElements;
}