Package com.pnfsoftware.jeb.core.units.code.asm.sig.codeless

Class CodelessSignatureManager

java.lang.Object

com.pnfsoftware.jeb.core.units.code.asm.sig.codeless.CodelessSignatureManager

All Implemented Interfaces:

IEventListener

public class CodelessSignatureManager
extends Object
implements IEventListener

Manage a set of ExecutableModel, such that an unknown binary can be matched against these models (see {match(INativeCodeUnit, CodelessSignaturePackageEntry)), or identified as containing code from the models (see {identifyLibraries(INativeCodeUnit)).

This manager is intended to be used in post analysis 'one shot' style; in particular it does not keep any storage of already loaded/matched signatures.

Field Summary

Fields

Modifier and Type	Field	Description
static final String	CODELESS_FOLDER_DEFAULT_NAME
static final String	CODELESS_SIGS_EXTENSION

Method Summary

Modifier and Type	Method	Description
void	addFolder(File folder, boolean doRescan)
List<CodelessSignaturePackageEntry>	getAvailablePackages()	Provides the list of available signature packages entries (never null).
static CodelessSignatureManager	getInstance(IEnginesContext enginesContext)
INativeCodeUnit<IInstruction>	getMatchableUnit()	Search first suitable code unit that can be matched, in current project.
LibraryIdentificationResults	identifyLibraries(INativeCodeUnit<IInstruction> codeUnit)
boolean	importState(INativeCodeUnit<IInstruction> codeUnit, MatchingState state)
boolean	isMatched(INativeCodeUnit<IInstruction> codeUnit, CodelessSignaturePackageEntry entry)	Check if a signature package has been matched against given code unit.
MatchingState	match(INativeCodeUnit<IInstruction> codeUnit, CodelessSignaturePackageEntry entry)	Match given unit against given reference model.
void	onEvent(IEvent event)
void	rescan()
List<CodelessSignaturePackageEntry>	scan()	Scan default folder to provide list of available packages.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

CODELESS_SIGS_EXTENSION

public static final String CODELESS_SIGS_EXTENSION

See Also:

• Constant Field Values

CODELESS_FOLDER_DEFAULT_NAME

public static final String CODELESS_FOLDER_DEFAULT_NAME

See Also:

• Constant Field Values

Method Details

getInstance

public static CodelessSignatureManager getInstance(IEnginesContext enginesContext)

addFolder

public void addFolder(File folder,
 boolean doRescan)

getAvailablePackages

public List<CodelessSignaturePackageEntry> getAvailablePackages()

Provides the list of available signature packages entries (never null). The corresponding packages are not necessarily loaded.

rescan

public void rescan()

scan

public List<CodelessSignaturePackageEntry> scan()

Scan default folder to provide list of available packages.

This method should be executed once at startup.

isMatched

public boolean isMatched(INativeCodeUnit<IInstruction> codeUnit,
 CodelessSignaturePackageEntry entry)

Check if a signature package has been matched against given code unit.

getMatchableUnit

public INativeCodeUnit<IInstruction> getMatchableUnit()

Search first suitable code unit that can be matched, in current project.

FIXME: replace by a proper search for all compatible units, and let client decides which ones should be matched.

match

public MatchingState match(INativeCodeUnit<IInstruction> codeUnit,
 CodelessSignaturePackageEntry entry)

Match given unit against given reference model.

Note that a new Matcher is instantiated each time.

Returns:

final matching state, null if matching failed

importState

public boolean importState(INativeCodeUnit<IInstruction> codeUnit,
 MatchingState state)

identifyLibraries

public LibraryIdentificationResults identifyLibraries(INativeCodeUnit<IInstruction> codeUnit)

onEvent

public void onEvent(IEvent event)

Specified by:

onEvent in interface IEventListener