Class NativeSignatureDBManager
java.lang.Object
com.pnfsoftware.jeb.core.units.code.asm.sig.NativeSignatureDBManager
- All Implemented Interfaces:
IEventListener
Manage a set of
INativeSignaturePackage
, such that a native item (routine, basic block,
instruction or data) can be matched against the INativeSignature
contained in these
packages. The manager is a singleton handling all analysis.
Conflicts resolution, i.e. when several signature match, and processing of signatures' attributes are the client's responsibility.
-
Field Summary
Fields -
Method Summary
Modifier and TypeMethodDescriptionvoid
void
Add a new folder to search for native signature packages.createUserPackage
(ProcessorType procType, String packageName, String packageDescription, String packageAuthor) Create new signature package in user folder (seegetUserCreatedPackageFolder()
.void
Provides the list of available signature packages entries.static NativeSignatureDBManager
getInstance
(IEnginesContext enginesContext) Provides the list of signature packages entries for which the corresponding signatures are loaded in memory.int
Get the path for the user-created signature package folder, if any, whose name is set toSIGLIB_USER_PACKAGE_FOLDER
.Provides the list of active signature packages entries that were created by a user.getUserCreatedPackages
(ProcessorType procType) Provides the list of active signature packages entries that were created by a user with a given processor type.boolean
isActive()
boolean
void
Loads in memory the available packages suitable for the given analysis.boolean
Loads a specific package for the given analysis.boolean
loadPackage
(NativeSignaturePackageEntry entry, boolean doMatching) Loads a specific package entry for all analyzers known to the manager.match
(INativeCodeAnalyzer<? extends IInstruction> _gca, Collection<INativeMethodDataItem> routines, boolean uniqueMatchOnly, boolean maximumConfidenceLevel, boolean includeAlreadyMatched) Match a list of native routines against the currently loaded signatures packages for this analysis.void
void
Register an analyzer to be handled by this manager.void
Empties the list of scanned foldersvoid
Empties the list of available packages.void
removeFolder
(File folder, boolean doRescan) Remove a folder from the list of folders to search for native signature packages.void
rescan()
Rescan registered folders to register/unregister native signature packages.void
rescan
(boolean deleteOldEntries) void
setActive
(boolean isActive) void
setUserSelectedPackage
(INativeCodeAnalyzer<IInstruction> analyzer, NativeSignaturePackageEntry userSelectedPackage) void
Unregister an analyzer handled by this manager.void
updateOnDiskPackages
(boolean updateExistingSignatures) Write new signatures into the on disk packages.
-
Field Details
-
SIGLIB_EXTENSION
- See Also:
-
SIGLIB_USER_PACKAGE_FOLDER
- See Also:
-
-
Method Details
-
getInstance
-
addFolder
Add a new folder to search for native signature packages.- Parameters:
folder
-doRescan
- if true all registered folders are scanned for signature packages after the addition
-
removeFolder
Remove a folder from the list of folders to search for native signature packages.- Parameters:
folder
-doRescan
- if true all registered folders are scanned for signature packages after the removal
-
removeAllFolders
public void removeAllFolders()Empties the list of scanned folders -
rescan
public void rescan()Rescan registered folders to register/unregister native signature packages. Such package names end withSIGLIB_EXTENSION
. -
rescan
public void rescan(boolean deleteOldEntries) -
getAvailablePackages
Provides the list of available signature packages entries. The corresponding packages are not necessarily loaded. -
removeAllPackages
public void removeAllPackages()Empties the list of available packages. -
getLoadedPackages
Provides the list of signature packages entries for which the corresponding signatures are loaded in memory. -
getUserCreatedPackages
Provides the list of active signature packages entries that were created by a user with a given processor type.- Returns:
- list of packages, never null
-
getUserCreatedPackages
Provides the list of active signature packages entries that were created by a user.- Returns:
- list of packages, never null
-
updateOnDiskPackages
public void updateOnDiskPackages(boolean updateExistingSignatures) Write new signatures into the on disk packages. These signatures are initially stored in memory into the corresponding entry (seeNativeSignaturePackageEntry.addSignatureToWrite(INativeSignature)
). This allows to delay the actual write on disk of the new signatures.Note: only user-created signature packages can be written into through this method.
-
createUserPackage
public NativeSignaturePackageEntry createUserPackage(ProcessorType procType, String packageName, String packageDescription, String packageAuthor) Create new signature package in user folder (seegetUserCreatedPackageFolder()
. If there is already a package with same name, it will fail.- Parameters:
procType
-packageName
-packageDescription
-packageAuthor
-- Returns:
- the entry representing the new package, null if the creation failed
-
loadDefaultPackages
Loads in memory the available packages suitable for the given analysis. The determination of the suitable packages is based on:- the processor type of the analysis
- the detected compiler, if any
- Parameters:
gca
-
-
loadPackage
Loads a specific package entry for all analyzers known to the manager.Note: analyzer have to be for the same architecture as the package for the loading to happen.
- Parameters:
entry
-doMatching
- if true, after the package has been loaded, analyzers will re-match all routines- Returns:
- true if the package was loaded for at least one analysis, false otherwise
-
loadPackage
public boolean loadPackage(INativeCodeAnalyzer<IInstruction> gca, NativeSignaturePackageEntry entry) Loads a specific package for the given analysis.- Parameters:
gca
-entry
-- Returns:
-
activateAutoSigningMode
-
deactivateAutoSigningMode
-
isAutoSigningModeActivated
-
registerAnalyzer
Register an analyzer to be handled by this manager.- Parameters:
gca
-
-
unregisterAnalyzer
Unregister an analyzer handled by this manager.Note that this method unloads from memory the signatures packages used by the given analysis. Only the signatures storage specific to this analysis will be removed, i.e. if another analysis uses the same package it will stay loaded.
- Parameters:
gca
-
-
getNumberLoadedSigs
public int getNumberLoadedSigs() -
setActive
public void setActive(boolean isActive) -
isActive
public boolean isActive() -
match
public List<NativeSignatureMatchResult> match(INativeCodeAnalyzer<? extends IInstruction> _gca, Collection<INativeMethodDataItem> routines, boolean uniqueMatchOnly, boolean maximumConfidenceLevel, boolean includeAlreadyMatched) Match a list of native routines against the currently loaded signatures packages for this analysis. For each routine the algorithm searches for signatures whose allINativeFeatures
match the routine.The result can be incomplete: if a unique match was asked we stop the search as soon as we found two matches and report an incomplete result, see
NativeSignatureMatchResult.isComplete()
.- Parameters:
_gca
-routines
-uniqueMatchOnly
- if true the complete results are the ones for which there is only one matching signaturemaximumConfidenceLevel
- if true the matching signatures -- if any -- will all be of the maximum possible level of confidence. For example, if two matching signatures haveINativeSignature.ConfidenceLevel.MEDIUM
and one hasINativeSignature.ConfidenceLevel.LOW
, only the first two will be kept in the results. Otherwise, all matching signatures are kept.includeAlreadyMatched
- if true routines already matched will be re-matched, otherwise they will be ignored- Returns:
- list of results, empty if none
-
getSignatureGenerator
-
getUserCreatedPackageFolder
Get the path for the user-created signature package folder, if any, whose name is set toSIGLIB_USER_PACKAGE_FOLDER
. -
getUserSelectedPackage
public NativeSignaturePackageEntry getUserSelectedPackage(INativeCodeAnalyzer<IInstruction> analyzer) -
setUserSelectedPackage
public void setUserSelectedPackage(INativeCodeAnalyzer<IInstruction> analyzer, NativeSignaturePackageEntry userSelectedPackage) -
onEvent
- Specified by:
onEvent
in interfaceIEventListener
-