From 264be7bafd7ab92ddadc5c0d9d5c4489c9cda5d4 Mon Sep 17 00:00:00 2001
From: Cyrille Bagard <nocbos@gmail.com>
Date: Tue, 18 Sep 2018 09:09:16 +0200
Subject: Loaded APK files using a Python script.

---
 plugins/python/apkfiles/apkfiles.py  | 43 ++++++++++++++++++------------------
 src/analysis/contents/encapsulated.c | 15 ++++++++-----
 2 files changed, 30 insertions(+), 28 deletions(-)

diff --git a/plugins/python/apkfiles/apkfiles.py b/plugins/python/apkfiles/apkfiles.py
index c45f8c9..0cffdd7 100644
--- a/plugins/python/apkfiles/apkfiles.py
+++ b/plugins/python/apkfiles/apkfiles.py
@@ -2,6 +2,10 @@
 # -*- coding: utf-8 -*-
 
 from pychrysalide import PluginModule
+from pychrysalide.analysis.contents import EncapsulatedContent
+from pychrysalide.analysis.contents import MemoryContent
+from pychrysalide.core import _global
+import io
 import zipfile
 
 
@@ -18,41 +22,36 @@ class ApkFiles(PluginModule):
             'desc' : 'Add suppport for the APK file format',
             'version' : '0.1',
 
-            'actions' : [ PluginModule.PGA_PLUGIN_INIT ]
+            'actions' : [ PluginModule.PGA_CONTENT_EXPLORER ]
 
         }
 
         return desc
 
 
-    def init(self):
-        """Initialize the plugin."""
+    def handle_content(self, action, content, wid, status):
+        """Process an operation on a binary content."""
 
-        return True
+        assert(action == PluginModule.PGA_CONTENT_EXPLORER)
 
+        pseudo_file = io.BytesIO(content.data)
 
-    def get_action(self):
-        """Register the plugin for given actions."""
+        if zipfile.is_zipfile(pseudo_file):
 
-        return Plugin.PGA_FORMAT_MATCHER
+            zf = zipfile.ZipFile(pseudo_file)
 
+            if zf.namelist().count('classes.dex') > 0 \
+               and zf.namelist().count('AndroidManifest.xml') > 0:
 
-    def is_matching(self, filename, data):
-        """Define if the given file can be handled."""
+                explorer = _global().content_explorer
 
-        if not zipfile.is_zipfile(filename):
-            return Plugin.MFA_NONE, None, None
+                for name in zf.namelist():
 
-        zf = zipfile.ZipFile(filename)
+                    f = zf.open(name, 'r')
+                    data = f.read()
+                    f.closed
 
-        if zf.namelist().count('classes.dex') > 0 \
-                and zf.namelist().count('AndroidManifest.xml') > 0:
+                    mem_content = MemoryContent(data)
+                    encaps_content = EncapsulatedContent(content, name, mem_content)
 
-            f = zf.open('classes.dex', 'r')
-            data = f.read()
-            f.closed
-
-            return Plugin.MFA_RELOAD, None, bytearray(data)
-
-        else:
-            return Plugin.MFA_NONE, None, None
+                    explorer.populate_group(wid, encaps_content)
diff --git a/src/analysis/contents/encapsulated.c b/src/analysis/contents/encapsulated.c
index e307e6b..74795ea 100644
--- a/src/analysis/contents/encapsulated.c
+++ b/src/analysis/contents/encapsulated.c
@@ -225,11 +225,9 @@ static void g_encaps_content_interface_init(GBinContentInterface *iface)
 
 static void g_encaps_content_dispose(GEncapsContent *content)
 {
-    if (content->base != NULL)
-        g_object_unref(content->base);
+    g_clear_object(&content->base);
 
-    if (content->endpoint != NULL)
-        g_object_unref(content->endpoint);
+    g_clear_object(&content->endpoint);
 
     G_OBJECT_CLASS(g_encaps_content_parent_class)->dispose(G_OBJECT(content));
 
@@ -281,6 +279,9 @@ GBinContent *g_encaps_content_new(GBinContent *base, const char *path, GBinConte
 
     result = g_object_new(G_TYPE_ENCAPS_CONTENT, NULL);
 
+    g_object_ref(base);
+    g_object_ref(endpoint);
+
     result->base = base;
     result->path = strdup(path);
     result->endpoint = endpoint;
@@ -349,10 +350,12 @@ GBinContent *g_encaps_content_new_from_xml(xmlXPathContextPtr context, const cha
             endpoint = NULL;/// TODO
 
             if (endpoint != NULL)
+            {
                 result = g_encaps_content_new(original, target, endpoint);
+                g_object_unref(G_OBJECT(endpoint));
+            }
 
-            else
-                g_object_unref(G_OBJECT(original));
+            g_object_unref(G_OBJECT(original));
 
         }
         else
-- 
cgit v0.11.2-87-g4458