Copy Link
Add to Bookmark
Report
NULL mag Issue 05 21 Ripping media from executables
__ _ __ _ _ __
______\ \_\\_______________________\///__________________________//_/ /______
\___\ /___/
| .__ __ |
| | ___ __________/ |________ |
| \ \/ / ____/\ __\_ __ \ |
; > < <_| | | | | | \/ ;
: /__/\_ \__ | |__| |__| :
. \/ |__| .
. .
: H/Q Another Droid BBS - andr01d.zapto.org:9999 :
; ;
+ --- -- - . - --- --- --- - . - -- --- +
: :
| Check files for included files |
: :
` --- -- - . - --- --- --- - . - -- --- '
Its a common practice in the demoscene and not only, to include files,
like music, art, text inside the main executable of an app/demo or in
a separate .data file. The same practice i use for NULL. All music and
files are included in the main executable.
Back then, when you listen to a good song from a demo, there were some
utilities called "rippers" that could extract the included files. Some
of them were damn good and you could find all sort of files in emags
and demos, like .gif, .mod, .s3m, .pcx, .bmp etc. PC games also were
"targets" of file ripping. This way you could have an awesome
wallpaper for your Win3.11 machine from your favorite game.
But how those ripping utils work? First you have to identify that the
target file has a file you want to extract. Almost all file formats
have a unique id, which we can search for and identify them. This id
can be a series of bytes or a string with fixed values or in more
complex occasions can be bytes with calculated values in predefined
positions, even worst... the file format can not be identified.
So lets write a simple program to search for S3M files, which is a
format for track music. First we check the file format. You can find
the format specs here:
https://github.com/lclevy/unmo3/blob/master/spec/s3m.txt
As we see, this file format, has a fixed id in position 45d. So if we
search for this ID in the target file and find we know for sure (or
99%) that a S3M file is included.
Below is a simple Pascal program to search for the ID of the S3M file
format. Instead of searching for the whole 4 byte ID, we search first
to match the first byte, if we find it, check if the second matches
etc. Its more simple this way, instead of reading 4 bytes at once,
check the values, go back to the original position, cause by reading 4
bytes we changed it by 4... etc. etc. etc.
If you compile the program and check the second issue of NULL you will
find a match ;)
+ --- -- - CUT HERE - --- --- --- - . - -- --- '
program filetype;
uses
crt,
sysutils;
var
b:byte;
f:file;
begin
assign(f,paramstr(1));
reset(f,1);
while not eof(f) do begin
blockread(f,b,1);
if chr(b)='S' then begin
blockread(f,b,1);
if chr(b)='C' then begin
blockread(f,b,1);
if chr(b)='R' then begin
blockread(f,b,1);
if chr(b)='M' then begin
writeln('S3M ID found in Position: '+inttostr(filepos(f)-3))
end;
end;
end;
end;
end;
close(f);
end.
+ --- -- - . - --- --- --- - . - -- --- '
_____ _ _ ____ _ _
| _ |___ ___| |_| |_ ___ ___ | \ ___ ___|_|_| | 8888
| | | . | _| | -_| _| | | | _| . | | . | 8 888888 8
|__|__|_|_|___|_| |_|_|___|_| |____/|_| |___|_|___| 8888888888
8888888888
DoNt Be aNoTHeR DrOiD fOR tHe SySteM 88 8888 88
8888888888
/: HaM RaDiO /: ANSi ARt! /: MySTiC MoDS /: DooRS '88||||88'
/: NeWS /: WeATheR /: FiLEs /: SPooKNet ''8888"'
/: GaMeS /: TeXtFiLeS /: PrEPardNeSS /: FsxNet 88
/: TuTors /: bOOkS/PdFs /: SuRVaViLiSM /: ArakNet 8 8 88888888888
888 8888][][][888
TeLNeT : andr01d.zapto.org:9999 [UTC 11:00 - 20:00] 8 888888##88888
SySoP : xqtr eMAiL: xqtr@gmx.com 8 8888.####.888
DoNaTe : https://paypal.me/xqtr 8 8888##88##888