in reply to Re^5: dynamic extractor based off static references in file (perl)
in thread dynamic extractor based off static references in file (perl)

Here is my code so far. 
open(my $infile, '<', "./file") or die "Cannot open file: $!";
binmode($infile);

open(my $outfile, '>', "./reference1") or die "Cannot create file: $!"
+;
binmode($outfile);

my $buffer = '';
sysseek $infile, 0x15, 0;
sysread $infile, $buffer, 0x03;
syswrite $outfile, $buffer;
$buffer =~ s/(.)/sprintf("%x",ord($1))/eg; #this converts it into hex.
print  $buffer, "\n"; #this prints the converted $buffer (04C0)

[download]
Maybe I am trying to go about this the wrong way.
$buffer = (04C0)
It would be really nice to be able to use $buffer like this but I dont think its possible that way: 
sysseek $infile, $buffer, 1;
sysread $infile, $new, 0x40000;
syswrite $newfile, $new;

[download]
Remember that $buffer contains the 04C0, which is a reference to the actual data further into the file. so I get the reference values with this: 
my $buffer = '';
sysseek $infile, 0x15, 0;
sysread $infile, $buffer, 0x03;
syswrite $outfile, $buffer;

[download]
Then I try to sysseek to that position in the file like this, using the reference i obtained with the code above: 
sysseek $infile, $buffer, 1;
sysread $infile, $new, 0x40000;
syswrite $newfile, $new;

[download]
Also Anonomous Monk, please let me thank you for the help so far. Im not exactly pro at programming, but I know how i want it to work, I am just having a hard time setting this up to work. I feel like i am going in circles now.

Replies are listed 'Best First'.
Re^7: dynamic extractor based off static references in file (perl)
by james289o9 (Acolyte) on Dec 06, 2013 at 18:46 UTC
    Thank you all for helping. i finally got it to work like this: 
    # this gets the reference to the actual data in the file
my $buffer = '';
sysseek $infile, 0x15, 0;
sysread $infile, $buffer, 0x03;
$buffer =~ s/(.)/sprintf("%x",ord($1))/eg;

# this will move the CUR to the actual data as specified from the refe
+rence and will extract it to file.
open(my $newfile, '>', "./file");
my $new;
sysseek $infile,hex($buffer), 0;
sysread $infile, $new, 0x40000;
syswrite $newfile, $new;

    [download]

    If you notice in the second set of sysseek, i had to hex($buffer). That solved the problem and allowed me to input "04C0" i am now extracting the data successfully.
    Thanks to everyone who took their time to help me :)
[reply]
[d/l]
      ridiculous, but what do I care
[reply]
      pack n An unsigned short (16-bit) in "network" (big-endian) order. 
      my $bytes = qq[\4\xC0];
my $ushortbe = unpack q[n], $bytes;
printf qq[0x%04X  0b%b  %d\n], ($ushortbe ) x 3;
__END__
0x04C0  0b10011000000  1216

      [download]

      but in all the code you've pasting you've been reading 3 bytes, a 16 bit integer takes 2 bytes ( 2x8) not 3 , so .... :)

[reply]
[d/l]
        the three bytes i am reading are just references. i am not worried about anything except putting that reference into a variable, then calling that variable to seek to the actual data. this script is just to extract data in a file. say for instance if at 0x15 there is "00 04 C0". this script will read those bytes, then put the reference "00 04 C0" into variable $buffer1 (which is the data location further into the file). then it will get filesize at address 0x1D and put that into $buffer2. then it uses those two references to seek to the actual data further into the file.
        does that help you understand what i am trying to do any better? i am able to extract 25 files (the actual data the references point to) and am able to get the file names and everything with this little script. works a treat for me tbh. if i only read two bytes, then i wouldnt get part of alot of references. the references are never longer than 3 bytes. thats why i used read 0x03.
        this data changes constantly from file to file. the references never changes spots but the actual files swap spots and there is no way to statically seek to and get this info. this is sort of a dynamic extractor. it will extract the data and name the file all in a easy to run script.
        hope you understand. if you want i can send you the file and the script for you to see what im talking about. message me your email or something so you can see what i mean. it really works a treat man, and saves me alot of work from having to manually extracting this data with a hex editor.
        i am about to update the original post with the finished script. take a look at it and see if you can gimme a better way of doing it. like i say i am open to any ideas, and if you want i can send you the file itself and you can use the script to see what i am accomplishing.
[reply]

In Section Seekers of Perl Wisdom