Problems parsing a Microsoft compound document
I'm having a bit of a struggle wrestling with the compound document format.
I'm working in C at the moment but am having problems with locating the directory sector.
I can obtain the compound doc header which is trivial and I know the formula for finding a file offset of a sector id (secid + 1 << sec_size
), but whenever I use this formula to convert the secid
to fileoffset
for the directory I get random values.
Can someone help me understand how I resolve secid
offsets properly and maybe also how to develop secid
chains from the sector allocation table in a compound document?
Here is an example of what I've tried:
comp_doc_header* cdh((comp_doc_header*)buffer);
printf("cdoc header:%d\n", sizeof(cd_dir_entry));
if(cdh->rev_num == 0x003E)printf("rev match\n");
//check magic number
if(cdh->comp_doc_id[0] != (unsigned char)0xD0 ||
cdh->comp_doc_id[1] != (unsigned char)0xCF ||
cdh->comp_doc_id[2] != (unsigned char)0x11 ||
cdh->comp_doc_id[3] != (unsigned 开发者_开发问答char)0xE0 ||
cdh->comp_doc_id[4] != (unsigned char)0xA1 ||
cdh->comp_doc_id[5] != (unsigned char)0xB1 ||
cdh->comp_doc_id[6] != (unsigned char)0x1A ||
cdh->comp_doc_id[7] != (unsigned char)0xE1)
return 0;
buffer += 512;
//here i try and get the first directory entry
cd_dir_entry* cde((cd_dir_entry*)&buffer[(cdh->first_sector_id + 1) << 512]);
EDIT:
(secid + 1) * 512
should be (secid + 1) * sec_size
Is this C
? I can't parse your first or last posted lines
cd_dir_entry* cde((cd_dir_entry*)&buffer[(cdh->first_sector_id + 1) << 512]);
It appears you're declaring cde
as a function that returns a pointer to a cd_dir_entry; but the parameter prototype is all wrong ... so you're calling the function and multiplying the result by cd_dir_entry
and promptly ignoring the result of the multiplication.
Edit
My simplification trying to understand the line
cd_dir_entry* cde(<cast>&buffer[(cdh->first_sector_id + 1) << 512]);
cd_dir_entry* cde(<cast>&buffer[<elem>]);
cd_dir_entry* cde(<parameter>);
/* this is either a function prototype */
/* or a multiplication with `cd_dir_entry` and the value returned from cde() */
/* in either case it does nothing (no side-effects present), */
/* unless cde messes with global variables */
精彩评论