Class CodelessSignatureManager
java.lang.Object
com.pnfsoftware.jeb.core.units.code.asm.sig.codeless.CodelessSignatureManager
- All Implemented Interfaces:
IEventListener
Manage a set of codeless signature models, such that an unknown binary can be matched against
these models (see
match(INativeCodeUnit, CodelessSignaturePackageEntry)), or identified
as containing code from the models (see identifyLibraries(INativeCodeUnit)).
This manager is intended to be used in post analysis 'one shot' style; in particular it does not keep any storage of already loaded/matched signatures.
-
Field Summary
Fields -
Method Summary
Modifier and TypeMethodDescriptionvoidAdd a folder to scan for codeless signature packages.Provides the list of available signature packages entries (never null).static CodelessSignatureManagergetInstance(IEnginesContext enginesContext) Get the singleton codeless signature manager.Search first suitable code unit that can be matched, in current project.identifyLibraries(INativeCodeUnit<IInstruction> codeUnit) Identify libraries present in a code unit.booleanimportState(INativeCodeUnit<IInstruction> codeUnit, MatchingState state) Import a matching state into a code unit.booleanisMatched(INativeCodeUnit<IInstruction> codeUnit, CodelessSignaturePackageEntry entry) Check if a signature package has been matched against given code unit.match(INativeCodeUnit<IInstruction> codeUnit, CodelessSignaturePackageEntry entry) Match given unit against given reference model.voidHandle an event.voidrescan()Rescan registered folders.scan()Scan default folder to provide list of available packages.
-
Field Details
-
CODELESS_SIGS_EXTENSION
Extension of codeless signature package files.- See Also:
-
CODELESS_FOLDER_DEFAULT_NAME
Default folder name for codeless signature packages.- See Also:
-
-
Method Details
-
getInstance
Get the singleton codeless signature manager.- Parameters:
enginesContext- engines context used by the manager- Returns:
- singleton manager
-
addFolder
Add a folder to scan for codeless signature packages.- Parameters:
folder- folder to adddoRescan- if true, scan folders immediately after adding the folder
-
getAvailablePackages
Provides the list of available signature packages entries (never null). The corresponding packages are not necessarily loaded.- Returns:
- available package entries
-
rescan
public void rescan()Rescan registered folders. -
scan
Scan default folder to provide list of available packages.This method should be executed once at startup.
- Returns:
- available package entries
-
isMatched
public boolean isMatched(INativeCodeUnit<IInstruction> codeUnit, CodelessSignaturePackageEntry entry) Check if a signature package has been matched against given code unit.- Parameters:
codeUnit- code unit to queryentry- package entry to query- Returns:
- true if the package has been matched against the code unit
-
getMatchableUnit
Search first suitable code unit that can be matched, in current project.FIXME: replace by a proper search for all compatible units, and let client decides which ones should be matched.
- Returns:
- first matchable code unit, or null
-
match
public MatchingState match(INativeCodeUnit<IInstruction> codeUnit, CodelessSignaturePackageEntry entry) Match given unit against given reference model.Note that a new Matcher is instantiated each time.
- Parameters:
codeUnit- code unit to matchentry- codeless signature package entry to match against- Returns:
- final matching state, null if matching failed
-
importState
Import a matching state into a code unit.- Parameters:
codeUnit- target code unitstate- matching state to import- Returns:
- true if the state was imported
-
identifyLibraries
Identify libraries present in a code unit.- Parameters:
codeUnit- code unit to inspect- Returns:
- library identification results
-
onEvent
Description copied from interface:IEventListenerHandle an event.- Specified by:
onEventin interfaceIEventListener- Parameters:
event- event to handle
-