java.lang.Object | |
↳ | com.pnfsoftware.jeb.core.units.code.asm.sig.NativeSignatureDBManager |
Manage a set of INativeSignaturePackage
, such that a native item (routine, basic block,
instruction or data) can be matched against the INativeSignature
contained in these
packages. The manager is a singleton handling all analysis.
Conflicts resolution, i.e. when several signature match, and processing of signatures' attributes are the client's responsibility.
Constants | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
String | SIGLIB_EXTENSION | ||||||||||
String | SIGLIB_USER_PACKAGE_FOLDER |
Public Methods | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
void | activateAutoSigningMode(INativeCodeAnalyzer<IInstruction> gca) | ||||||||||
void |
addFolder(File folder, boolean doRescan)
Add a new folder to search for native signature packages.
| ||||||||||
NativeSignaturePackageEntry |
createUserPackage(ProcessorType procType, String packageName, String packageDescription, String packageAuthor)
Create new signature package in user folder (see
getUserCreatedPackageFolder() . | ||||||||||
void | deactivateAutoSigningMode(INativeCodeAnalyzer<IInstruction> gca) | ||||||||||
List<NativeSignaturePackageEntry> |
getAvailablePackages()
Provides the list of available signature packages entries.
| ||||||||||
static NativeSignatureDBManager | getInstance(IEnginesContext enginesContext) | ||||||||||
List<NativeSignaturePackageEntry> |
getLoadedPackages()
Provides the list of signature packages entries for which the corresponding signatures are
loaded in memory.
| ||||||||||
int | getNumberLoadedSigs() | ||||||||||
NativeSignatureGenerator | getSignatureGenerator() | ||||||||||
File |
getUserCreatedPackageFolder()
Get the path for the user-created signature package folder, if any, whose name is set to
SIGLIB_USER_PACKAGE_FOLDER . | ||||||||||
List<NativeSignaturePackageEntry> |
getUserCreatedPackages(ProcessorType procType)
Provides the list of active signature packages entries that were created by a user with a
given processor type.
| ||||||||||
List<NativeSignaturePackageEntry> |
getUserCreatedPackages()
Provides the list of active signature packages entries that were created by a user.
| ||||||||||
NativeSignaturePackageEntry | getUserSelectedPackage(INativeCodeAnalyzer<IInstruction> analyzer) | ||||||||||
boolean | isActive() | ||||||||||
boolean | isAutoSigningModeActivated(INativeCodeAnalyzer<IInstruction> gca) | ||||||||||
void |
loadDefaultPackages(INativeCodeAnalyzer<IInstruction> gca)
Loads in memory the available packages suitable for the given analysis.
| ||||||||||
boolean |
loadPackage(NativeSignaturePackageEntry entry, boolean doMatching)
Loads a specific package entry for all analyzers known to the manager.
| ||||||||||
boolean |
loadPackage(INativeCodeAnalyzer<IInstruction> gca, NativeSignaturePackageEntry entry)
Loads a specific package for the given analysis.
| ||||||||||
List<NativeSignatureMatchResult> |
match(INativeCodeAnalyzer<? extends IInstruction> _gca, Collection<INativeMethodDataItem> routines, boolean uniqueMatchOnly, boolean maximumConfidenceLevel, boolean includeAlreadyMatched)
Match a list of native routines against the currently loaded signatures packages for this
analysis.
| ||||||||||
void | onEvent(IEvent e) | ||||||||||
void |
registerAnalyzer(INativeCodeAnalyzer<IInstruction> gca)
Register an analyzer to be handled by this manager.
| ||||||||||
void |
removeAllFolders()
Empties the list of scanned folders
| ||||||||||
void |
removeAllPackages()
Empties the list of available packages.
| ||||||||||
void |
removeFolder(File folder, boolean doRescan)
Remove a folder from the list of folders to search for native signature packages.
| ||||||||||
synchronized void | rescan(boolean deleteOldEntries) | ||||||||||
synchronized void |
rescan()
Rescan registered folders to register/unregister native signature packages.
| ||||||||||
void | setActive(boolean isActive) | ||||||||||
void | setUserSelectedPackage(INativeCodeAnalyzer<IInstruction> analyzer, NativeSignaturePackageEntry userSelectedPackage) | ||||||||||
void |
unregisterAnalyzer(INativeCodeAnalyzer<IInstruction> gca)
Unregister an analyzer handled by this manager.
| ||||||||||
void |
updateOnDiskPackages(boolean updateExistingSignatures)
Write new signatures into the on disk packages.
|
[Expand]
Inherited Methods | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
From class
java.lang.Object
| |||||||||||
From interface
com.pnfsoftware.jeb.util.events.IEventListener
|
Add a new folder to search for native signature packages.
doRescan | if true all registered folders are scanned for signature packages after the addition |
---|
Create new signature package in user folder (see getUserCreatedPackageFolder()
. If
there is already a package with same name, it will fail.
Provides the list of available signature packages entries. The corresponding packages are not necessarily loaded.
Provides the list of signature packages entries for which the corresponding signatures are loaded in memory.
Get the path for the user-created signature package folder, if any, whose name is set to
SIGLIB_USER_PACKAGE_FOLDER
.
Provides the list of active signature packages entries that were created by a user with a given processor type.
Provides the list of active signature packages entries that were created by a user.
Loads in memory the available packages suitable for the given analysis. The determination of the suitable packages is based on:
Loads a specific package entry for all analyzers known to the manager.
Note: analyzer have to be for the same architecture as the package for the loading to happen.
doMatching | if true, after the package has been loaded, analyzers will re-match all routines |
---|
Loads a specific package for the given analysis.
Match a list of native routines against the currently loaded signatures packages for this analysis. For each routine the algorithm searches for signatures whose all INativeFeatures match the routine.
The result can be incomplete: if a unique match was asked we stop the search as soon as we
found two matches and report an incomplete result, see
isComplete()
.
uniqueMatchOnly | if true the complete results are the ones for which there is only one matching signature |
---|---|
maximumConfidenceLevel | if true the matching signatures -- if any -- will all be of the
maximum possible level of confidence. For example, if two matching signatures have
MEDIUM and one has LOW , only the
first two will be kept in the results. Otherwise, all matching signatures are
kept. |
includeAlreadyMatched | if true routines already matched will be re-matched, otherwise they will be ignored |
Register an analyzer to be handled by this manager.
Empties the list of scanned folders
Empties the list of available packages.
Remove a folder from the list of folders to search for native signature packages.
doRescan | if true all registered folders are scanned for signature packages after the removal |
---|
Rescan registered folders to register/unregister native signature packages. Such package
names end with SIGLIB_EXTENSION
.
Unregister an analyzer handled by this manager.
Note that this method unloads from memory the signatures packages used by the given analysis. Only the signatures storage specific to this analysis will be removed, i.e. if another analysis uses the same package it will stay loaded.
Write new signatures into the on disk packages. These signatures are initially stored in
memory into the corresponding entry (see
addSignatureToWrite(INativeSignature)
). This allows to
delay the actual write on disk of the new signatures.
Note: only user-created signature packages can be written into through this method.