Application Security Testing: An Integral Part of DevOps
Environment: VC5 SP3, NT4 SP4
Levente Farkas - For the suggestion of how the class might be implemented
Roger Allen - For further advice on the reading and writing of the data
Jamie Thornback - For help with the callback procedures
Tim Johnson - For his CShellFileOp class which is used briefly in this class
Please note that this class does not contain any compression algorithms so the resulting executable with be the size of the sum of it's parts. The class could easily be extended to add compression in the future if anyone wishes.
Description of the Self-Extracting (SFX) executable
The SFX file which this class creates consists of an extraction executable with the data files appended to the end of it. The data on the end of the file does not affect the executable image and so the file executes as if the data wasn't even there. So to extract the data, the executable must first detach the data from itself and then create the approriate files. The way I have chosen to do this is to write a 'Table of Contents' (TOC) after the data which can be read by the extractor to find out where the various files are stored in the data segment.
The layout of the TOC is as follows:-
Starting from the end of the archive and working backwards :-
10 bytes - Signature (Identifier for SFX archive)
4 bytes - Number of files in archive
Table of Contents
This section contains one record in the following format for each file
4 bytes - Length of filename
variable length - Filename
4 bytes - Length of File
4 bytes - Offset in archive to data
Each file is written (uncompressed) here in the order of the TOC
After this is the extractor executable.
How To Use it
Having said all that, you don't need to know any of that stuff above to use it. All you need to do is create an instance of CSelfExtractor and then call AddFile() to add in all the files that you want to include. Next call Create() to create the archive.
The demo project consists of two projects - 'Extractor' which is the executable which extracts the archive and Self Extractor which is the program for building Self Extracting archives. Self Extractor allows you to specify an external extractor program to use for the archive or alternatively you can use the extractor which has been compiled into the program inside the resources. Read the source code to find out more.
As always, expect bugs. Don't shout if you can't get it to work. The demos are just as they sound - demos. They are not fully implemented and fully tested release software, they are an example of how the classes should be used. The demos make use of classes written by other people at CodeGuru so any bugs in those should be directed at their respective authors.