public class

CodelessSignatureManager

extends Object
implements IEventListener
java.lang.Object
   ↳ com.pnfsoftware.jeb.core.units.code.asm.sig.codeless.CodelessSignatureManager

Class Overview

Manage a set of ExecutableModel, such that an unknown binary can be matched against these models (see {#match(INativeCodeUnit, File)), or identified as containing code from the models (see {identifyLibraries(INativeCodeUnit)).

This manager is intended to be used in post analysis 'one shot' style; in particular it does not keep any storage of already loaded/matched signatures.

Summary

Constants
String CODELESS_FOLDER_DEFAULT_NAME
String CODELESS_SIGS_EXTENSION
Public Methods
void addFolder(File folder, boolean doRescan)
List<CodelessSignaturePackageEntry> getAvailablePackages()
Provides the list of available signature packages entries (never null).
static CodelessSignatureManager getInstance(IEnginesContext enginesContext)
INativeCodeUnit<IInstruction> getMatchableUnit()
Search first suitable code unit that can be matched, in current project.
LibraryIdentificationResults identifyLibraries(INativeCodeUnit<IInstruction> codeUnit)
boolean importState(INativeCodeUnit<IInstruction> codeUnit, MatchingState state)
boolean isMatched(INativeCodeUnit<IInstruction> codeUnit, CodelessSignaturePackageEntry entry)
Check if a signature package has been matched against given code unit.
MatchingState match(INativeCodeUnit<IInstruction> codeUnit, CodelessSignaturePackageEntry entry)
Match given unit against given reference model.
void onEvent(IEvent event)
List<CodelessSignaturePackageEntry> scan()
Scan default folder to provide list of available packages.
[Expand]
Inherited Methods
From class java.lang.Object
From interface com.pnfsoftware.jeb.util.events.IEventListener

Constants

public static final String CODELESS_FOLDER_DEFAULT_NAME

Constant Value: "codeless"

public static final String CODELESS_SIGS_EXTENSION

Constant Value: ".codeless-siglib"

Public Methods

public void addFolder (File folder, boolean doRescan)

public List<CodelessSignaturePackageEntry> getAvailablePackages ()

Provides the list of available signature packages entries (never null). The corresponding packages are not necessarily loaded.

public static CodelessSignatureManager getInstance (IEnginesContext enginesContext)

public INativeCodeUnit<IInstruction> getMatchableUnit ()

Search first suitable code unit that can be matched, in current project.

FIXME: replace by a proper search for all compatible units, and let client decides which ones should be matched.

public LibraryIdentificationResults identifyLibraries (INativeCodeUnit<IInstruction> codeUnit)

public boolean importState (INativeCodeUnit<IInstruction> codeUnit, MatchingState state)

public boolean isMatched (INativeCodeUnit<IInstruction> codeUnit, CodelessSignaturePackageEntry entry)

Check if a signature package has been matched against given code unit.

public MatchingState match (INativeCodeUnit<IInstruction> codeUnit, CodelessSignaturePackageEntry entry)

Match given unit against given reference model.

Note that a new Matcher is instantiated each time.

Returns
  • final matching state, null if matching failed

public void onEvent (IEvent event)

public List<CodelessSignaturePackageEntry> scan ()

Scan default folder to provide list of available packages.

This method should be executed once at startup.