Package com.pnfsoftware.jeb.core.units.code.asm.sig

Class NativeSignatureDBManager

java.lang.Object
com.pnfsoftware.jeb.core.units.code.asm.sig.NativeSignatureDBManager
All Implemented Interfaces:
IEventListener
public class NativeSignatureDBManager extends Object implements IEventListener
Manage a set of INativeSignaturePackage, such that a native item (routine, basic block, instruction or data) can be matched against the INativeSignature contained in these packages. The manager is a singleton handling all analysis.

Conflicts resolution, i.e. when several signature match, and processing of signatures' attributes are the client's responsibility.

  • Field Details

    • SIGLIB_EXTENSION

      public static final String SIGLIB_EXTENSION
      Extension of native signature package files.
      See Also:

    • SIGLIB_USER_PACKAGE_FOLDER

      public static final String SIGLIB_USER_PACKAGE_FOLDER
      Default folder name for user-created signature packages.
      See Also:

  • Method Details

    • getInstance

      public static NativeSignatureDBManager getInstance(IEnginesContext enginesContext)
      Get the singleton native signature database manager.
      Parameters:
      enginesContext - engines context used by the manager
      Returns:
      singleton manager

    • addFolder

      public void addFolder(File folder, boolean doRescan)
      Add a new folder to search for native signature packages.
      Parameters:
      folder - folder to add
      doRescan - if true all registered folders are scanned for signature packages after the addition

    • removeFolder

      public void removeFolder(File folder, boolean doRescan)
      Remove a folder from the list of folders to search for native signature packages.
      Parameters:
      folder - folder to remove
      doRescan - if true all registered folders are scanned for signature packages after the removal

    • removeAllFolders

      public void removeAllFolders()
      Empties the list of scanned folders

    • rescan

      public void rescan()
      Rescan registered folders to register/unregister native signature packages. Such package names end with SIGLIB_EXTENSION.

    • rescan

      public void rescan(boolean deleteOldEntries)
      Rescan registered folders to register/unregister native signature packages.
      Parameters:
      deleteOldEntries - true to remove entries for packages that were not found again

    • getAvailablePackages

      public List<NativeSignaturePackageEntry> getAvailablePackages()
      Provides the list of available signature packages entries. The corresponding packages are not necessarily loaded.
      Returns:
      available package entries

    • removeAllPackages

      public void removeAllPackages()
      Empties the list of available packages.

    • getLoadedPackages

      public List<NativeSignaturePackageEntry> getLoadedPackages()
      Provides the list of signature packages entries for which the corresponding signatures are loaded in memory.
      Returns:
      loaded package entries

    • getUserCreatedPackages

      public List<NativeSignaturePackageEntry> getUserCreatedPackages(ProcessorType procType)
      Provides the list of active signature packages entries that were created by a user with a given processor type.
      Parameters:
      procType - target processor type
      Returns:
      list of packages, never null

    • getUserCreatedPackages

      public List<NativeSignaturePackageEntry> getUserCreatedPackages()
      Provides the list of active signature packages entries that were created by a user.
      Returns:
      list of packages, never null

    • updateOnDiskPackages

      public void updateOnDiskPackages(boolean updateExistingSignatures)
      Write new signatures into the on disk packages. These signatures are initially stored in memory into the corresponding entry (see NativeSignaturePackageEntry.addSignatureToWrite(INativeSignature)). This allows to delay the actual write on disk of the new signatures.

      Note: only user-created signature packages can be written into through this method.

      Parameters:
      updateExistingSignatures - if true, matching existing signatures are replaced

    • createUserPackage

      public NativeSignaturePackageEntry createUserPackage(ProcessorType procType, String packageName, String packageDescription, String packageAuthor)
      Create new signature package in user folder (see getUserCreatedPackageFolder(). If there is already a package with same name, it will fail.
      Parameters:
      procType - target processor type
      packageName - package name
      packageDescription - package description
      packageAuthor - package author
      Returns:
      the entry representing the new package, null if the creation failed

    • loadDefaultPackages

      public void loadDefaultPackages(INativeCodeAnalyzer<IInstruction> gca)
      Loads in memory the available packages suitable for the given analysis. The determination of the suitable packages is based on:
      • the processor type of the analysis
      • the detected compiler, if any
      Note that only PNF Software packages are loaded by this method. User provided packages have to be manually loaded.
      Parameters:
      gca - analyzer for which packages should be loaded

    • loadPackage

      public boolean loadPackage(NativeSignaturePackageEntry entry, boolean doMatching)
      Loads a specific package entry for all analyzers known to the manager.

      Note: analyzer have to be for the same architecture as the package for the loading to happen.

      Parameters:
      entry - package entry to load
      doMatching - if true, after the package has been loaded, analyzers will re-match all routines
      Returns:
      true if the package was loaded for at least one analysis, false otherwise

    • loadPackage

      public boolean loadPackage(INativeCodeAnalyzer<IInstruction> gca, NativeSignaturePackageEntry entry)
      Loads a specific package for the given analysis.
      Parameters:
      gca - analyzer for which to load the package
      entry - package entry to load
      Returns:
      true if the package was loaded

    • activateAutoSigningMode

      public void activateAutoSigningMode(INativeCodeAnalyzer<IInstruction> gca)
      Activate automatic native signature creation for an analyzer.
      Parameters:
      gca - analyzer for which auto signing should be activated

    • deactivateAutoSigningMode

      public void deactivateAutoSigningMode(INativeCodeAnalyzer<IInstruction> gca)
      Deactivate automatic native signature creation for an analyzer.
      Parameters:
      gca - analyzer for which auto signing should be deactivated

    • isAutoSigningModeActivated

      public boolean isAutoSigningModeActivated(INativeCodeAnalyzer<IInstruction> gca)
      Determine whether automatic native signature creation is active for an analyzer.
      Parameters:
      gca - analyzer to query
      Returns:
      true if auto signing is active

    • registerAnalyzer

      public void registerAnalyzer(INativeCodeAnalyzer<IInstruction> gca)
      Register an analyzer to be handled by this manager.
      Parameters:
      gca - analyzer to register

    • unregisterAnalyzer

      public void unregisterAnalyzer(INativeCodeAnalyzer<IInstruction> gca)
      Unregister an analyzer handled by this manager.

      Note that this method unloads from memory the signatures packages used by the given analysis. Only the signatures storage specific to this analysis will be removed, i.e. if another analysis uses the same package it will stay loaded.

      Parameters:
      gca - analyzer to unregister

    • getNumberLoadedSigs

      public int getNumberLoadedSigs()
      Count loaded signatures across registered analyzers.
      Returns:
      number of loaded signatures

    • setActive

      public void setActive(boolean isActive)
      Enable or disable native signature matching.
      Parameters:
      isActive - true to enable matching

    • isActive

      public boolean isActive()
      Determine whether native signature matching is enabled.
      Returns:
      true if matching is enabled

    • match

      public List<NativeSignatureMatchResult> match(INativeCodeAnalyzer<? extends IInstruction> _gca, Collection<INativeMethodDataItem> routines, boolean uniqueMatchOnly, boolean maximumConfidenceLevel, boolean includeAlreadyMatched)
      Match a list of native routines against the currently loaded signatures packages for this analysis. For each routine the algorithm searches for signatures whose all INativeFeature match the routine.

      The result can be incomplete: if a unique match was asked we stop the search as soon as we found two matches and report an incomplete result, see NativeSignatureMatchResult.isComplete().

      Parameters:
      _gca - analyzer owning the routines
      routines - routines to match
      uniqueMatchOnly - if true the complete results are the ones for which there is only one matching signature
      maximumConfidenceLevel - if true the matching signatures -- if any -- will all be of the maximum possible level of confidence. For example, if two matching signatures have INativeSignature.ConfidenceLevel.MEDIUM and one has INativeSignature.ConfidenceLevel.LOW, only the first two will be kept in the results. Otherwise, all matching signatures are kept.
      includeAlreadyMatched - if true routines already matched will be re-matched, otherwise they will be ignored
      Returns:
      list of results, empty if none

    • getSignatureGenerator

      public NativeSignatureGenerator getSignatureGenerator()
      Get the signature generator used by this manager.
      Returns:
      signature generator

    • getUserCreatedPackageFolder

      public File getUserCreatedPackageFolder()
      Get the path for the user-created signature package folder, if any, whose name is set to SIGLIB_USER_PACKAGE_FOLDER.
      Returns:
      user-created package folder, possibly null

    • getUserSelectedPackage

      public NativeSignaturePackageEntry getUserSelectedPackage(INativeCodeAnalyzer<IInstruction> analyzer)
      Get the user-selected signature package for an analyzer.
      Parameters:
      analyzer - analyzer to query
      Returns:
      selected package entry, possibly null

    • setUserSelectedPackage

      public void setUserSelectedPackage(INativeCodeAnalyzer<IInstruction> analyzer, NativeSignaturePackageEntry userSelectedPackage)
      Set the user-selected signature package for an analyzer.
      Parameters:
      analyzer - analyzer to update
      userSelectedPackage - selected package entry

    • onEvent

      public void onEvent(IEvent e)
      Handle project save events by flushing pending user-created package updates.
      Specified by:
      onEvent in interface IEventListener
      Parameters:
      e - event to handle