[Clamav-devel] Breaking it Down
saidelikelist at gmail.com
Tue Nov 17 04:44:48 EST 2015
This is something I try to do as well. Eg: I've managed to do it quite
easily for the cab.c. Browsing the ole2 code, here is my understanding:
- the main function extracting the ole2 is "cli_ole2_extract". It is called
in "cli_scanole2". So this function gives us how "cli_ole2_extract" is
called. Basically, a temporary directory is created (to hold the extracted
files), and the "cli_ole2_extract" is called with the directory "char *dir"
as first parameter, a "cli_ctx *ctx" pointer as the second argument and a
"struct uniqu *vba" as third argument.
- the idea is to use the same logic and try to abstract what we don't need.
We keep the "char* dir" argument because it is where the files will be
extracted. We keep the "struct uniq *vba" argument as well because it is
the output of the function (so no dependency). The only question is: what
to do with the "cli_ctx* ctx" argument?
- the first idea is to get rid of the "ctx" argument. It only requires
understanding what it contains and modify the C code a bit so the "ctx" use
is replaced by some hardcoded values?
- the second idea is to keep the "ctx" argument. So we need to initialise
it before calling "cli_ole2_extract". The idea would be to execute all the
required code leading to the "cli_ole2_extract" function. Checking where it
is called, we can see it is called by "magic_scandesc" so I would start
with this function. I've not checked yet but maybe there is some code to
actually do the "ctx" initialisation.
Still browsing the code so I may come up with new ideas.
On 16 November 2015 at 23:28, thrucque <thrucque at gmail.com> wrote:
> I'd like to do some testing of various parts of clamav functionality -
> specifically the ole2 extraction logic. Would it be possible to create a
> stand alone ole2_extract binary from the code in ole2_extract.c, and pass
> it files to extract the ole data from? I have had a stab, however my c
> skills are (shamefully) weak. Is this goal possible to some who knows c, or
> would it involve some serious rewriting (thus negating the point of testing
> the code)?
> any help / pointers appreciated.
> Please submit your patches to our Bugzilla: http://bugs.clamav.net
More information about the clamav-devel