mirror of
https://github.com/gchq/CyberChef.git
synced 2024-11-16 08:58:30 +01:00
Improved continueUntil, added consumeWhile and made the EVTX extractor more complete
This commit is contained in:
parent
eb81b9217e
commit
d240d65c5f
2 changed files with 58 additions and 11 deletions
|
@ -3348,11 +3348,11 @@ export function extractEVTX(bytes, offset) {
|
|||
while (stream.hasMore()) {
|
||||
|
||||
// Loop through ELFCHNKs.
|
||||
if (stream.getBytes(7).join("") === [0x45, 0x6c, 0x66, 0x43, 0x68, 0x6e, 0x6b].join(""))
|
||||
stream.moveForwardsBy(0xfff9);
|
||||
else
|
||||
if (stream.getBytes(7).join("") !== [0x45, 0x6c, 0x66, 0x43, 0x68, 0x6e, 0x6b].join(""))
|
||||
break;
|
||||
stream.moveForwardsBy(0xfff9);
|
||||
}
|
||||
stream.consumeWhile(0x00);
|
||||
return stream.carve();
|
||||
}
|
||||
|
||||
|
|
|
@ -155,17 +155,64 @@ export default class Stream {
|
|||
}
|
||||
|
||||
// val is an array
|
||||
let found = false;
|
||||
while (!found && this.position < this.length) {
|
||||
while (++this.position < this.length && this.bytes[this.position] !== val[0]) {
|
||||
continue;
|
||||
|
||||
|
||||
/**
|
||||
* Build's the skip forward table from the value to be searched.
|
||||
*
|
||||
* @param val
|
||||
* @param len
|
||||
*/
|
||||
function preprocess(val, len) {
|
||||
const skiptable = new Array();
|
||||
val.forEach(function(element, index) {
|
||||
skiptable[element] = len - index;
|
||||
});
|
||||
return skiptable;
|
||||
}
|
||||
|
||||
const length = val.length;
|
||||
|
||||
const initial = val[length-1];
|
||||
|
||||
this.position = length;
|
||||
|
||||
// Get the skip table.
|
||||
const skiptable = preprocess(val, length);
|
||||
let found = true;
|
||||
|
||||
while (this.position < this.length) {
|
||||
|
||||
// Until we hit the final element of val in the stream.
|
||||
while ((this.position < this.length) && (this.bytes[this.position++] !== initial));
|
||||
|
||||
found = true;
|
||||
for (let i = 1; i < val.length; i++) {
|
||||
if (this.position + i > this.length || this.bytes[this.position + i] !== val[i])
|
||||
|
||||
// Loop through the elements comparing them to val.
|
||||
for (let x = length-1; x != -1; x--) {
|
||||
if (this.bytes[(this.position-length) + x] !== val[x]) {
|
||||
found = false;
|
||||
|
||||
// If element is not equal to val's element then jump forward by the correct amount.
|
||||
this.position += skiptable[val[x]];
|
||||
break;
|
||||
}
|
||||
}
|
||||
if (found) {
|
||||
this.position = (this.position - length);
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Consume bytes if it matches the supplied value.
|
||||
*
|
||||
* @param val
|
||||
*/
|
||||
consumeWhile(val) {
|
||||
while ((this.position < this.length) && (this.bytes[this.position++] === val));
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
Loading…
Reference in a new issue