C Sample Register a New File Type

From truxwiki.com
Jump to navigation Jump to search

You can extend Truxton to process new file types. The first step in that process is to create an identifier for that file type and tell Truxton some details about it. You can see this same sample implemented in Python. After creating your new file type, you will need to write an ETL to identify it.

Visual Studio Configuration

The steps to creating a program to register a new file type are:

  1. Start Visual Studio
  2. File->New->Project
  3. Empty Project - C++
  4. Project name: CreateFileType
  5. Press "Create" button
  6. Remove the x86 configuration
  7. Right button on the CreateFileType project in the Solution Explorer window
  8. Add->New Item...->C++ File->Add button
  9. Right button on the CreateFileType project in the Solution Explorer window
  10. Select Properties
  11. C/C++->Additional Include Directories: add "C:\Program Files\Truxton\SDK"
  12. Linker->Additional Library Directories: add "C:\Truxton" (or wherever you generated the TruxtonCAPI.lib file)

Source Code

Truxton will automatically create a unique identifier for your file type. This is not recommended as the value is random which will make it difficult to share with other exploitation programs.

#include <stdio.h>
#include <memory.h>
#include <inttypes.h>
#include <TruxtonCAPI.h>
#include <TruxtonFileTypes.h>
#include <TruxtonDefines.h>
#pragma comment (lib, "TruxtonCAPI.lib")

int main(void)
{
  uint64_t truxton = truxton_create();

  uint64_t file_type = truxton_file_type_create(truxton);

  truxton_file_type_set_id(file_type, 11111);
  truxton_file_type_set_short_name(file_type, "Acme");
  truxton_file_type_set_long_name(file_type, "A new custom type derived from XML");
  truxton_file_type_set_extension(file_type, "xm2");
  truxton_file_type_set_mime_type(file_type, "text/xml");
  truxton_file_type_set_parent_id(file_type, Type_XML);

  if (truxton_file_type_save(file_type) == 0)
  {
    printf("Cannot save file type to the database.\n");
  }

  uint64_t new_id = truxton_file_type_get_id(file_type);

  if (new_id == 0)
  {
    printf("Failed to create new file type\n");
  }
  else
  {
    printf("Created new file type as id %" PRIu64 "\n", new_id);
  }

  truxton_file_type_destroy(file_type);
  truxton_destroy(truxton);

  return(0);
}


The PRIu64 in the sample code above is a standard way of formatting a 64-bit unsigned integer in C. Over the years, different compilers on different operating systems used different format specifiers for things, these PRI macros, along with some tricky string concatenation the compilers perform for you, allow you to maintain a single code base without a bunch of macro magic.