Analysing libreaderex - HinTak/caj2pdf GitHub Wiki

Analysing libreaderex

It is possible to mount and examine the Ubuntu AppImage with:

mount -o ro,loop,offset=187784 CAJViewer-x86_64-buildubuntu1604-201021.AppImage /mnt

Tracing runtime execution

One might like to know how Linux CAJViewer move around and reading a file. This can be achieved by tracing 'seek' and 'read' with the ltrace utility:

ltrace -C -L -x *CAJ*+\*seek\*+*read*@libreaderex_x64.so -o trace-log /mnt/usr/bin/cajviewer

To trace commmunications between the main executables and dll's of the Windows verson of CAJViewer in Wine, set the environmental variable WINEDEBUG=relay .

Be warned that the logs are huge!

The Linux shared library, static analysis

For example, we'd like to see a list of destructors of *Reader classes:

$ nm -C -D /mnt/usr/lib/libreaderex_x64.so  | grep ' T ' | grep Reader::~  | uniq
00000000004b286e T CCAJReader::~CCAJReader()
00000000004b27e8 T CCAJReader::~CCAJReader()
00000000005d9c58 T CKDHReader::~CKDHReader()
00000000005d9bd2 T CKDHReader::~CKDHReader()
0000000000671fc0 T FileReader::~FileReader()
0000000000671f6e T FileReader::~FileReader()
0000000000534ca6 T ImageReader::~ImageReader()
0000000000534c52 T ImageReader::~ImageReader()
00000000004ed5c8 T CCAJSEReader::~CCAJSEReader()
00000000004ed542 T CCAJSEReader::~CCAJSEReader()
00000000006725f4 T StreamReader::~StreamReader()
00000000006725b2 T StreamReader::~StreamReader()
00000000006d7600 T TEBDocReader::~TEBDocReader()
00000000006d74ce T TEBDocReader::~TEBDocReader()
00000000004728c0 T CReader::~CReader()
0000000000472796 T CReader::~CReader()
0000000000671b3a T MemReader::~MemReader()
0000000000671af8 T MemReader::~MemReader()

Or any Decode* methods:

$ nm -C -D /mnt/usr/lib/libreaderex_x64.so  | grep ' T ' | grep ::Decode  | uniq
00000000006bff76 T CParseRigths::DecodeRights(char*, int&)
00000000008138bc T CMd5::Decode(unsigned int*, unsigned char*, unsigned int)
00000000004a6d72 T CAJDoc::DecodeShort(char*, char*)
0000000000530cf2 T CImage::DecodeJbig(void*, unsigned int, unsigned int*)
0000000000530be6 T CImage::DecodeJpeg(char*, int, unsigned int*, int, int, int)
000000000053252a T CImage::DecodeJbig2(void*, unsigned int, unsigned int*)
00000000005326ae T CImage::DecodeJpeg2000(void*, unsigned int, unsigned int*, int, int)
00000000006a7e72 T CMarkup::DecodeCharUTF8(char const*&, char const*)
00000000006a802e T CMarkup::DecodeCharUTF16(unsigned short const*&, unsigned short const*)
00000000005357da T JBigCodec::Decode(int)
0000000000535fbe T JBigCodec::Decode(char*, unsigned int, unsigned int, unsigned int, unsigned int, char*)
0000000000535400 T JBigCodec::Decode1(int)

Of primary interests are perhaps the CImageAutoLoad class and CImage. We can look at them in further details with (requires binutils 2.32+ Feb 2019):

$ objdump -C --disassemble="CImageAutoLoad::PrepareImage()"  /mnt/usr/lib/libreaderex_x64.so
$ objdump -C --disassemble="CImage::DecodeJbig(void*, unsigned int, unsigned int*)"  /mnt/usr/lib/libreaderex_x64.so

Licensing issues?

The Linux shared library contains 8716 public symbols (30 times more than, and unlike the only ~300 in the Windows version). It appears to contain a significant part of Xpdf/libpoppler (many class names prepended with "G" to hide their similarity), FreeType, Zlib, LittleCMS, libiconv, libjpeg, Openssl, Kakadu, to name a few; without acknowledging them.

It is also interesting that there are a few spelling mistakes in C++ class names: CArrawCmdObj / CArrawLineCmdObj / CParseRigths (should be Arrow and Rights).

The windows DLL, static analysis

The Windows CAJViewer is rather less interesting, as it uses import libraries and ordinals. The viewer only uses 93 of the 343 and 356 public symbols in the two versions respectively. winedump -j import ... and winedump -j export looks at the import and export tables respectively:

$ winedump -j import ".../drive_c/Program Files/TTKN/CAJViewer 7.2/CAJVieweru.exe" | grep offset
...
  grAttrs 00000001 offset 000bec1c ReaderEx.dll
  grAttrs 00000001 offset 000bec3c sysinfo.dll
  grAttrs 00000001 offset 000bec5c d2d1.dll

$ winedump -j export ".../drive_c/Program Files/Common Files/TTKN/Bin/ReaderEx.dll"  | grep -v 'by ordinal'
...
  Entry Pt  Ordn  Name
  00123380   161 ?DecodeJpeg2000@CImage@@SAPAV1@PAXKPAKHH@Z
  00123480   162 ?DecodeJpeg@CImage@@SAPAV1@PADHPAKHHH@Z
  00052350   166 DecryptCacheFile
  0005B1F0   308 DumpGetPageInfo
  00083E00   341 SetFontMetric
  000529C0   342 _Java_ReaderEx_CreateRequest@20

$ winedump -j import ".../drive_c/Program Files/TTKN/CAJViewer 7.3/CAJVieweru.exe" | grep offset
...
  grAttrs 00000001 offset 000d3070 ReaderEx.dll
  grAttrs 00000001 offset 000d3090 sysinfo.dll
  grAttrs 00000001 offset 000d30b0 d2d1.dll

$ winedump -j export ".../drive_c/Program Files/Common Files/TTKN/Bin/ReaderEx.dll"  | grep -v 'by ordinal'
...
  Entry Pt  Ordn  Name
  00057080   161 CAJFILE_CombineGetMessage
  0005CB00   162 CAJFILE_SetCombine
  0012E9A0   166 ?DecodeJpeg2000@CImage@@SAPAV1@PAXKPAKHH@Z
  0012EAA0   308 ?DecodeJpeg@CImage@@SAPAV1@PADHPAKHHH@Z
  00053680   345 DecryptCacheFile
  0005D1E0   352 DumpGetPageInfo
  0005F5A0   353 JReaderExLib_UnZip
  0008BF50   354 SetFontMetric
  00062130   355 TestPrinter