Mirrors_Framework/ghidra
1
0
Fork 0
mirror of https://github.com/NationalSecurityAgency/ghidra.git synced 2026-05-29 07:18:16 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

GP-3270 improve AIFF embedded media search

Browse Source 
Don't trigger on 'FORM....AIFF' pattern unless it has a valid size
value.

Add AIFC since its the same thing with slightly different magic bytes.
This commit is contained in:
dev747368
2023-03-29 23:20:19 +00:00
parent edc7515e29
commit bb457b9a6a
2 changed files with 53 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Ghidra/Features/Base/src/main/java/ghidra/app/plugin/core/analysis/EmbeddedMediaAnalyzer.java
+4 -1
View File
@@ -85,7 +85,10 @@ public class EmbeddedMediaAnalyzer extends AbstractAnalyzer {
AUDataType.MAGIC, AUDataType.MAGIC_MASK);
addByteSearchPattern(searcher, program, foundMedia, new AIFFDataType(), "AIFF",
AIFFDataType.MAGIC, AIFFDataType.MAGIC_MASK);
AIFFDataType.MAGIC_AIFF, AIFFDataType.MAGIC_MASK);
addByteSearchPattern(searcher, program, foundMedia, new AIFFDataType(), "AIFC",
AIFFDataType.MAGIC_AIFC, AIFFDataType.MAGIC_MASK);
searcher.search(program, searchSet, monitor);