RAR文件格式研究.doc

RAR文件格式的研究 [摘要] 随着科技的发展，RAR文件的使用已经渗透到人们生活，越来越多的工具被开发出来处理压缩文件，例如Winrar，zip，gzip等等，这些工具都为用户提供了良好的管理界面环境。RAR文件中蕴藏着丰富的个人信息，发掘分析其中的有用线索是调查取证的重要手段，而其首要条件就是需要对RAR文件进行格式解析。本文利用RAR实验室提供的Unrar程序对rar数据文件进行格式解析，从而为证据信息获取提供重要手段。 [关键词] Winrar文件 压缩文件 格式分析 加密解密 Unrar The Research of Rar Files’ Format Abstract With the rapid development and application of computer and network，the usage of RAR files using computer more and more furious, more and more tools which come out for dealing with compressed files, such as winrar, zip, pzip etc. These tools all provide a friendly user-interface. There are rich personal information containing in RAR files. Analyzing and extracting the useable clues is very significant for case-investigation and evidence-gaining. But chiefly you have to parse the file format of RAR files. RAR lab privides the unrar functions which can be used to do the parsing work. These functions will be an important information-gaining tools. Key Words Winrar Files Compressed-File Formats analysis Encryption-and-decryption Unrar function 目录 TOC \o 1-3 \h \z \u HYPERLINK \l _Toc231237806 引言 PAGEREF _Toc231237806 \h 1 HYPERLINK \l _Toc231237807 第一章 RAR简介 PAGEREF _Toc231237807 \h 2 第二章 RAR HYPERLINK \l _Toc231237808 2.1 实例 PAGEREF _Toc231237808 \h 3 HYPERLINK \l _Toc231237809 2.2 文件块结构 PAGEREF _Toc231237809 \h 3 HYPERLINK \l _Toc231237810 2.2.1 标记块 PAGEREF _Toc231237810 \h 4 HYPERLINK \l _Toc231237811 2.2.2 压缩文件头 PAGEREF _Toc231237811 \h 4 HYPERLINK \l _Toc231237812 2.2.3 文件头 PAGEREF _Toc231237812 \h 5 HYPERLINK \l _Toc231237813 2.2.4 结尾块 PAGEREF _Toc231237813 \h 8 HYPERLINK \l _Toc231237814 2.2.5 旧风格的块类型 PAGEREF _Toc231237814 \h 8 HYPERLINK \l _Toc231237815 第三章 RAR文件解压流程 PAGEREF _Toc231237815 \h 11 HYPERLINK \l _Toc231237816 3.1 压缩文件处理步骤 PAGEREF _Toc231237816 \h 11 HYPERLINK \l _Toc231237817 3.2 压缩文件处理流程图 PAGEREF _Toc231237817 \h 13 HYPERLINK \l _Toc231237818 第四章 加密RAR文件数据的处理 PAGEREF _Toc231237818 \h 14 HYPERLINK \l _Toc231237819 4.1 密钥的