Package com.pnfsoftware.jeb.core.units.code.asm.analyzer

Class BinaryPatternVerifier

java.lang.Object
com.pnfsoftware.jeb.core.units.code.asm.analyzer.BinaryPatternVerifier
@Ser public class BinaryPatternVerifier extends Object
A collection of binary patterns and a verifier for them. Determine if any one of the pattern matches a provided bytes buffer.

  • Constructor Details

    • BinaryPatternVerifier

      public BinaryPatternVerifier()
      Create an empty binary pattern verifier.

  • Method Details

    • addPatterns

      public void addPatterns(Collection<IBinaryPattern> patterns)
      Add binary patterns to this verifier.
      Parameters:
      patterns - patterns to add

    • addPatterns

      public void addPatterns(IBinaryPattern... patterns)
      Add binary patterns to this verifier.
      Parameters:
      patterns - patterns to add

    • addPattern

      public void addPattern(IBinaryPattern pattern)
      Add a binary pattern to this verifier.
      Parameters:
      pattern - pattern to add

    • getPatterns

      public Collection<IBinaryPattern> getPatterns()
      Get the registered patterns.
      Returns:
      unmodifiable pattern collection

    • clear

      public void clear()
      Remove all registered patterns.

    • getLongestSize

      public int getLongestSize()
      Get the longest registered pattern size.
      Returns:
      longest pattern size in bytes

    • verify

      public IBinaryPattern verify(INativeCodeAnalyzer<?> gca, long address, byte[] buffer, int offset, int offsetEnd)
      Verify a buffer against registered patterns.
      Parameters:
      gca - native code analyzer
      address - address associated with the start of the buffer
      buffer - bytes to verify
      offset - start offset in the buffer
      offsetEnd - end offset in the buffer
      Returns:
      matching pattern, or null if none matched

    • verify

      public IBinaryPattern verify(INativeCodeAnalyzer<?> gca, long address, byte[] buffer, int offset, int offsetEnd, int patternSize)
      Verify a buffer against registered patterns of a given size.
      Parameters:
      gca - native code analyzer
      address - address associated with the start of the buffer
      buffer - bytes to verify
      offset - start offset in the buffer
      offsetEnd - end offset in the buffer
      patternSize - if different from zero, only patterns of this byte size are tested
      Returns:
      matching pattern, or null if none matched

    • verify

      public IBinaryPattern verify(INativeCodeAnalyzer<?> gca, long address, byte[] buffer, int offset, int offsetEnd, int patternSize, int processorMode)
      Verify a buffer against registered patterns.
      Parameters:
      gca - native code analyzer
      address - address associated with the start of the buffer
      buffer - bytes to verify
      offset - start offset in the buffer
      offsetEnd - end offset in the buffer
      patternSize - if different from zero, the verification is only done with the patterns of the given size in bytes
      processorMode - restricted processor mode, matching IBinaryPattern.getProcessorMode(). Use IProcessor.MODE_DEFAULT to test all modes or pick one to restrict verification.
      Returns:
      matching pattern, or null if none matched