public class

NativeSignatureDBManager

extends Object
implements IEventListener
java.lang.Object
   ↳ com.pnfsoftware.jeb.core.units.code.asm.sig.NativeSignatureDBManager

Class Overview

Manage a set of INativeSignaturePackage, such that a native item (routine, basic block, instruction or data) can be matched against the INativeSignature contained in these packages. The manager is a singleton handling all analysis.

Conflicts resolution, i.e. when several signature match, and processing of signatures' attributes are the client's responsibility.

Summary

Constants
String SIGLIB_EXTENSION
String SIGLIB_USER_PACKAGE_FOLDER
Public Methods
void activateAutoSigningMode(INativeCodeAnalyzer<IInstruction> gca)
void addFolder(File folder, boolean doRescan)
Add a new folder to search for native signature packages.
NativeSignaturePackageEntry createUserPackage(ProcessorType procType, String packageName, String packageDescription, String packageAuthor)
Create new signature package in user folder (see getUserCreatedPackageFolder().
void deactivateAutoSigningMode(INativeCodeAnalyzer<IInstruction> gca)
List<NativeSignaturePackageEntry> getAvailablePackages()
Provides the list of available signature packages entries.
static NativeSignatureDBManager getInstance(IEnginesContext enginesContext)
List<NativeSignaturePackageEntry> getLoadedPackages()
Provides the list of signature packages entries for which the corresponding signatures are loaded in memory.
int getNumberLoadedSigs()
NativeSignatureGenerator getSignatureGenerator()
File getUserCreatedPackageFolder()
Get the path for the user-created signature package folder, if any, whose name is set to SIGLIB_USER_PACKAGE_FOLDER.
List<NativeSignaturePackageEntry> getUserCreatedPackages(ProcessorType procType)
Provides the list of active signature packages entries that were created by a user with a given processor type.
List<NativeSignaturePackageEntry> getUserCreatedPackages()
Provides the list of active signature packages entries that were created by a user.
NativeSignaturePackageEntry getUserSelectedPackage(INativeCodeAnalyzer<IInstruction> analyzer)
boolean isActive()
boolean isAutoSigningModeActivated(INativeCodeAnalyzer<IInstruction> gca)
void loadDefaultPackages(INativeCodeAnalyzer<IInstruction> gca)
Loads in memory the available packages suitable for the given analysis.
boolean loadPackage(NativeSignaturePackageEntry entry, boolean doMatching)
Loads a specific package entry for all analyzers known to the manager.
boolean loadPackage(INativeCodeAnalyzer<IInstruction> gca, NativeSignaturePackageEntry entry)
Loads a specific package for the given analysis.
List<NativeSignatureMatchResult> match(INativeCodeAnalyzer<? extends IInstruction> _gca, Collection<INativeMethodDataItem> routines, boolean uniqueMatchOnly, boolean maximumConfidenceLevel, boolean includeAlreadyMatched)
Match a list of native routines against the currently loaded signatures packages for this analysis.
void onEvent(IEvent e)
void registerAnalyzer(INativeCodeAnalyzer<IInstruction> gca)
Register an analyzer to be handled by this manager.
void removeAllFolders()
Empties the list of scanned folders
void removeAllPackages()
Empties the list of available packages.
void removeFolder(File folder, boolean doRescan)
Remove a folder from the list of folders to search for native signature packages.
synchronized void rescan(boolean deleteOldEntries)
synchronized void rescan()
Rescan registered folders to register/unregister native signature packages.
void setActive(boolean isActive)
void setUserSelectedPackage(INativeCodeAnalyzer<IInstruction> analyzer, NativeSignaturePackageEntry userSelectedPackage)
void unregisterAnalyzer(INativeCodeAnalyzer<IInstruction> gca)
Unregister an analyzer handled by this manager.
void updateOnDiskPackages(boolean updateExistingSignatures)
Write new signatures into the on disk packages.
[Expand]
Inherited Methods
From class java.lang.Object
From interface com.pnfsoftware.jeb.util.events.IEventListener

Constants

public static final String SIGLIB_EXTENSION

Constant Value: ".siglib"

public static final String SIGLIB_USER_PACKAGE_FOLDER

Constant Value: "custom"

Public Methods

public void activateAutoSigningMode (INativeCodeAnalyzer<IInstruction> gca)

public void addFolder (File folder, boolean doRescan)

Add a new folder to search for native signature packages.

Parameters
doRescan if true all registered folders are scanned for signature packages after the addition

public NativeSignaturePackageEntry createUserPackage (ProcessorType procType, String packageName, String packageDescription, String packageAuthor)

Create new signature package in user folder (see getUserCreatedPackageFolder(). If there is already a package with same name, it will fail.

Returns
  • the entry representing the new package, null if the creation failed

public void deactivateAutoSigningMode (INativeCodeAnalyzer<IInstruction> gca)

public List<NativeSignaturePackageEntry> getAvailablePackages ()

Provides the list of available signature packages entries. The corresponding packages are not necessarily loaded.

public static NativeSignatureDBManager getInstance (IEnginesContext enginesContext)

public List<NativeSignaturePackageEntry> getLoadedPackages ()

Provides the list of signature packages entries for which the corresponding signatures are loaded in memory.

public int getNumberLoadedSigs ()

public NativeSignatureGenerator getSignatureGenerator ()

public File getUserCreatedPackageFolder ()

Get the path for the user-created signature package folder, if any, whose name is set to SIGLIB_USER_PACKAGE_FOLDER.

public List<NativeSignaturePackageEntry> getUserCreatedPackages (ProcessorType procType)

Provides the list of active signature packages entries that were created by a user with a given processor type.

Returns
  • list of packages, never null

public List<NativeSignaturePackageEntry> getUserCreatedPackages ()

Provides the list of active signature packages entries that were created by a user.

Returns
  • list of packages, never null

public NativeSignaturePackageEntry getUserSelectedPackage (INativeCodeAnalyzer<IInstruction> analyzer)

public boolean isActive ()

public boolean isAutoSigningModeActivated (INativeCodeAnalyzer<IInstruction> gca)

public void loadDefaultPackages (INativeCodeAnalyzer<IInstruction> gca)

Loads in memory the available packages suitable for the given analysis. The determination of the suitable packages is based on:

  • the processor type of the analysis
  • the detected compiler, if any
Note that only PNF Software packages are loaded by this method. User provided packages have to be manually loaded.

public boolean loadPackage (NativeSignaturePackageEntry entry, boolean doMatching)

Loads a specific package entry for all analyzers known to the manager.

Note: analyzer have to be for the same architecture as the package for the loading to happen.

Parameters
doMatching if true, after the package has been loaded, analyzers will re-match all routines
Returns
  • true if the package was loaded for at least one analysis, false otherwise

public boolean loadPackage (INativeCodeAnalyzer<IInstruction> gca, NativeSignaturePackageEntry entry)

Loads a specific package for the given analysis.

public List<NativeSignatureMatchResult> match (INativeCodeAnalyzer<? extends IInstruction> _gca, Collection<INativeMethodDataItem> routines, boolean uniqueMatchOnly, boolean maximumConfidenceLevel, boolean includeAlreadyMatched)

Match a list of native routines against the currently loaded signatures packages for this analysis. For each routine the algorithm searches for signatures whose all INativeFeatures match the routine.

The result can be incomplete: if a unique match was asked we stop the search as soon as we found two matches and report an incomplete result, see isComplete().

Parameters
uniqueMatchOnly if true the complete results are the ones for which there is only one matching signature
maximumConfidenceLevel if true the matching signatures -- if any -- will all be of the maximum possible level of confidence. For example, if two matching signatures have MEDIUM and one has LOW, only the first two will be kept in the results. Otherwise, all matching signatures are kept.
includeAlreadyMatched if true routines already matched will be re-matched, otherwise they will be ignored
Returns
  • list of results, empty if none

public void onEvent (IEvent e)

public void registerAnalyzer (INativeCodeAnalyzer<IInstruction> gca)

Register an analyzer to be handled by this manager.

public void removeAllFolders ()

Empties the list of scanned folders

public void removeAllPackages ()

Empties the list of available packages.

public void removeFolder (File folder, boolean doRescan)

Remove a folder from the list of folders to search for native signature packages.

Parameters
doRescan if true all registered folders are scanned for signature packages after the removal

public synchronized void rescan (boolean deleteOldEntries)

public synchronized void rescan ()

Rescan registered folders to register/unregister native signature packages. Such package names end with SIGLIB_EXTENSION.

public void setActive (boolean isActive)

public void setUserSelectedPackage (INativeCodeAnalyzer<IInstruction> analyzer, NativeSignaturePackageEntry userSelectedPackage)

public void unregisterAnalyzer (INativeCodeAnalyzer<IInstruction> gca)

Unregister an analyzer handled by this manager.

Note that this method unloads from memory the signatures packages used by the given analysis. Only the signatures storage specific to this analysis will be removed, i.e. if another analysis uses the same package it will stay loaded.

public void updateOnDiskPackages (boolean updateExistingSignatures)

Write new signatures into the on disk packages. These signatures are initially stored in memory into the corresponding entry (see addSignatureToWrite(INativeSignature)). This allows to delay the actual write on disk of the new signatures.

Note: only user-created signature packages can be written into through this method.