Magic-Mirror/radare2
1
0
Fork 0
mirror of https://github.com/radareorg/radare2.git synced 2024-12-12 07:26:42 +00:00
Code Issues Actions 6 Packages Projects Releases Wiki Activity
db3aa272b0
radare2/libr/sign
History
pancake db3aa272b0 * Add 0xeb (short jmp) in modify asm x86 plugin 
* Add help for 'fs' command
* Added 'fS' command to sort by offset (fSo) or name (fSn)
  - Current r_flag_sort breaks the linkedlist
2010-04-09 11:32:17 +02:00
..
t * Add 0xeb (short jmp) in modify asm x86 plugin 2010-04-09 11:32:17 +02:00
Makefile * Initial import of libr 2009-02-05 22:08:46 +01:00
README * Added support for binarymask hexpairs to search and signatures 2010-04-08 18:01:45 +02:00
sign.c * Added 'f' type of signature 2010-04-08 18:48:39 +02:00

README 

r_sign: signature api for radare2
=================================

Plugins are used to implement data collectors for r_sign.

A data collector is a piece of code that feeds the r_sign
database with information about symbols.

r_sign is configured to weight each attribute with some properties
to be able to determine the semblance between a collector source
information and the playground where r_sign tries to find valid
duplicates of the information stored previously following the
configured attributes and then we have output plugins to 

Plugin types:
=============
collectors - collects initial signatures (libc, libm, ...)        [  INPUT ]
playground - find collected info using the configured attributes  [  INPUT ]
dumpers    - dump the resulting information in ascii              [ OUTPUT ]
             - dump signature
             - dump results of the signature analysis

Items in stored database
========================
Should contain something like:

 // raw byte search //
 typedef struct {
     char *name;
     ut8 *bytes;
     int len;
     RList hits;
 } RSignItem;

We need some way to store other kind of properties for signature types..

r_sign_item_new ();
r_sign_item_add (sign, s_item);


Matchers should allow some ranges.. for example. we can accept two matching sequences with a distance of X

Schematics
-----------
                                             PLUGINS
+-----------+
| collector | (signature file, elf binary, radare database, ida...)
+---.-------+
    |
    |     +------------+
    |     | playground | (plugins to find information on target file)
    |     +------------+
. . | . . . . .| . . . . . . . . . . . . . . . . . . . . . . . . . . . .
    |          |      .
    |     +--------+  .  +----------------+
    `---->| r_sign |---->| signature file | output file (screen, disk)
          +--------+  .  +----------------+
                      .
waka waka!            .
----,----             .
  _            LIB    .                       OUTPUT
 (_<  . . . . . . . . .


                                                      --pancake