C Sample Register a New File Type
You can extend Truxton to process new file types. The first step in that process is to create an identifier for that file type and tell Truxton some details about it. You can see this same sample implemented in Python. After creating your new file type, you will need to write an ETL to identify it.
Visual Studio Configuration
The steps to creating a program to register a new file type are:
- Start Visual Studio
- File->New->Project
- Empty Project - C++
- Project name: CreateFileType
- Press "Create" button
- Remove the
x86
configuration - Right button on the CreateFileType project in the Solution Explorer window
- Add->New Item...->C++ File->Add button
- Right button on the CreateFileType project in the Solution Explorer window
- Select Properties
- C/C++->Additional Include Directories: add "C:\Program Files\Truxton\SDK"
- Linker->Additional Library Directories: add "C:\Truxton" (or wherever you generated the
TruxtonCAPI.lib
file)
Source Code
Truxton will automatically create a unique identifier for your file type. This is not recommended as the value is random which will make it difficult to share with other exploitation programs.
#include <stdio.h>
#include <memory.h>
#include <inttypes.h>
#include <TruxtonCAPI.h>
#include <TruxtonFileTypes.h>
#include <TruxtonDefines.h>
#pragma comment (lib, "TruxtonCAPI.lib")
int main(void)
{
uint64_t truxton = truxton_create();
uint64_t file_type = truxton_file_type_create(truxton);
truxton_file_type_set_id(file_type, 11111);
truxton_file_type_set_short_name(file_type, "Acme");
truxton_file_type_set_long_name(file_type, "A new custom type derived from XML");
truxton_file_type_set_extension(file_type, "xm2");
truxton_file_type_set_mime_type(file_type, "text/xml");
truxton_file_type_set_parent_id(file_type, Type_XML);
if (truxton_file_type_save(file_type) == 0)
{
printf("Cannot save file type to the database.\n");
}
uint64_t new_id = truxton_file_type_get_id(file_type);
if (new_id == 0)
{
printf("Failed to create new file type\n");
}
else
{
printf("Created new file type as id %" PRIu64 "\n", new_id);
}
truxton_file_type_destroy(file_type);
truxton_destroy(truxton);
return(0);
}
The PRIu64
in the sample code above is a standard way of formatting a 64-bit unsigned integer in C.
Over the years, different compilers on different operating systems used different format specifiers for things, these PRI
macros, along with some tricky string concatenation the compilers perform for you, allow you to maintain a single code base without a bunch of macro magic.