Hi meph This is something I try to do as well. Eg: I've managed to do it quite easily for the cab.c. Browsing the ole2 code, here is my understanding: - the main function extracting the ole2 is "cli_ole2_extract". It is called in "cli_scanole2". So this function gives us how "cli_ole2_extract" is called. Basically, a temporary directory is created (to hold the extracted files), and the "cli_ole2_extract" is called with the directory "char *dir" as first parameter, a "cli_ctx *ctx" pointer as the second argument and a "struct uniqu *vba" as third argument. - the idea is to use the same logic and try to abstract what we don't need. We keep the "char* dir" argument because it is where the files will be extracted. We keep the "struct uniq *vba" argument as well because it is the output of the function (so no dependency). The only question is: what to do with the "cli_ctx* ctx" argument? - the first idea is to get rid of the "ctx" argument. It only requires understanding what it contains and modify the C code a bit so the "ctx" use is replaced by some hardcoded values? - the second idea is to keep the "ctx" argument. So we need to initialise it before calling "cli_ole2_extract". The idea would be to execute all the required code leading to the "cli_ole2_extract" function. Checking where it is called, we can see it is called by "magic_scandesc" so I would start with this function. I've not checked yet but maybe there is some code to actually do the "ctx" initialisation.
Still browsing the code so I may come up with new ideas. Regards C On 16 November 2015 at 23:28, thrucque <[email protected]> wrote: > Hi, > > I'd like to do some testing of various parts of clamav functionality - > specifically the ole2 extraction logic. Would it be possible to create a > stand alone ole2_extract binary from the code in ole2_extract.c, and pass > it files to extract the ole data from? I have had a stab, however my c > skills are (shamefully) weak. Is this goal possible to some who knows c, or > would it involve some serious rewriting (thus negating the point of testing > the code)? > > any help / pointers appreciated. > > meph. > _______________________________________________ > http://lurker.clamav.net/list/clamav-devel.html > Please submit your patches to our Bugzilla: http://bugs.clamav.net > > http://www.clamav.net/contact.html#ml > _______________________________________________ http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our Bugzilla: http://bugs.clamav.net http://www.clamav.net/contact.html#ml
