Improved continueUntil, added consumeWhile and made the EVTX extractor more complete

2025-04-21 23:36:16 -04:00 · 2019-11-12 11:00:43 +00:00 · 2019-11-12 11:00:43 +00:00 · d3c13b118d
commit d3c13b118d
parent 8e2345cf9e
3 changed files with 11 additions and 10 deletions
--- a/.eslintrc.json
+++ b/.eslintrc.json
@ -47,6 +47,7 @@
        "block-spacing": "error",
        "array-bracket-spacing": "error",
        "comma-spacing": "error",
 	"spaced-comment": ["error", "always"],
        "comma-style": "error",
        "computed-property-spacing": "error",
        "no-trailing-spaces": "warn",
--- a/src/core/lib/FileSignatures.mjs
+++ b/src/core/lib/FileSignatures.mjs
@ -2577,21 +2577,21 @@ export function extractJPEG(bytes, offset) {
 export function extractGIF(bytes, offset) {
    const stream = new Stream(bytes.slice(offset));
-    //Move to application extension block.
+    // Move to application extension block.
    stream.continueUntil([0x21, 0xff]);
-    //Move to Graphic Control Extension for frame #1.
+    // Move to Graphic Control Extension for frame #1.
    stream.continueUntil([0x21, 0xf9]);
    stream.moveForwardsBy(2);
    while (stream.hasMore()) {
-        //Move to Image descriptor.
+        // Move to Image descriptor.
        stream.moveForwardsBy(stream.getBytes(1)[0]+1);
-        //Move past Image descriptor to the image data.
+        // Move past Image descriptor to the image data.
        stream.moveForwardsBy(11);
-        //Loop until next Graphic Control Extension.
+        // Loop until next Graphic Control Extension.
        while (stream.getBytes(2) !== [0x21, 0xf9]) {
            stream.moveBackwardsBy(2);
            stream.moveForwardsBy(stream.getBytes(1)[0]);
@ -2599,7 +2599,7 @@ export function extractGIF(bytes, offset) {
                break;
            stream.moveBackwardsBy(1);
        }
-        //When the end of the file is [0x00, 0x3b], end.
+        // When the end of the file is [0x00, 0x3b], end.
        if (stream.getBytes(1)[0] === 0x3b)
            break;
        stream.moveForwardsBy(1);
@ -3000,7 +3000,7 @@ export function extractGZIP(bytes, offset) {
 export function extractBZIP2(bytes, offset) {
    const stream = new Stream(bytes.slice(offset));
-    //The EOFs shifted between all possible combinations.
+    // The EOFs shifted between all possible combinations.
    const lookingfor = [
        [0x77, 0x24, 0x53, 0x85, 0x09],
        [0xee, 0x48, 0xa7, 0x0a, 0x12],
@ -3014,12 +3014,12 @@ export function extractBZIP2(bytes, offset) {
    for (let i = 0; i < lookingfor.length; i++) {
-        //Continue until an EOF.
+        // Continue until an EOF.
        stream.continueUntil(lookingfor[i]);
        if (stream.getBytes(5).join("") === lookingfor[i].join(""))
            break;
-        //Jump back to the start if invalid EOF.
+        // Jump back to the start if invalid EOF.
        stream.moveTo(0);
    }
    stream.moveForwardsBy(4);
--- a/src/core/lib/Stream.mjs
+++ b/src/core/lib/Stream.mjs
@ -189,7 +189,7 @@ export default class Stream {
            found = true;
            // Loop through the elements comparing them to val.
-            for (let x = length-1; x !== -1; x--) {
+            for (let x = length-1; x+1; x--) {
                if (this.bytes[(this.position-length) + x] !== val[x]) {
                    found = false;