Magic-Mirror/radare2
1
0
Fork 0
mirror of https://github.com/radareorg/radare2.git synced 2025-02-13 18:32:56 +00:00
Code Issues Actions 7 Packages Projects Releases Wiki Activity
radare2/libr/sign
History
pancake f2563a7509 * Export 'srwx' perms of sections in rabin2 -rS 
- Handled by 'S' command
* Added dummy 'z' command to handle zignaturez
  - Added more dummy 'az' commands
  - RCore now depends on RSign
* Some refactoring and speedup in _update method of RSearch
  - Added support for distance search (maybe buggy and incomplete atm)
  - Fix binary mask for keywords after previous commit
* Added 'r_str_rwx*' helper functions in r_util
2010-04-08 12:29:47 +02:00
..
t
* Apply some fixes of packaging bugs notified by debian
2010-03-15 17:15:48 +01:00
Makefile
* Initial import of libr
2009-02-05 22:08:46 +01:00
README
* Export 'srwx' perms of sections in rabin2 -rS
2010-04-08 12:29:47 +02:00
sign.c
* Export 'srwx' perms of sections in rabin2 -rS
2010-04-08 12:29:47 +02:00

README 

r_sign: signature api for radare2
=================================

Commandline:
============
z


Plugins are used to implement data collectors for r_sign.

A data collector is a piece of code that feeds the r_sign
database with information about symbols.

r_sign is configured to weight each attribute with some properties
to be able to determine the semblance between a collector source
information and the playground where r_sign tries to find valid
duplicates of the information stored previously following the
configured attributes and then we have output plugins to 

Plugin types:
=============
collectors - collects initial signatures (libc, libm, ...)        [  INPUT ]
playground - find collected info using the configured attributes  [  INPUT ]
dumpers    - dump the resulting information in ascii              [ OUTPUT ]
             - dump signature
             - dump results of the signature analysis

Items in stored database
========================
Should contain something like:

 // raw byte search //
 typedef struct {
     char *name;
     ut8 *bytes;
     int len;
     RList hits;
 } RSignItem;

We need some way to store other kind of properties for signature types..

r_sign_item_new ();
r_sign_item_add (sign, s_item);


Matchers should allow some ranges.. for example. we can accept two matching sequences with a distance of X

Schematics
-----------
                                             PLUGINS
+-----------+
| collector | (signature file, elf binary, radare database, ida...)
+---.-------+
    |
    |     +------------+
    |     | playground | (plugins to find information on target file)
    |     +------------+
. . | . . . . .| . . . . . . . . . . . . . . . . . . . . . . . . . . . .
    |          |      .
    |     +--------+  .  +----------------+
    `---->| r_sign |---->| signature file | output file (screen, disk)
          +--------+  .  +----------------+
                      .
waka waka!            .
----,----             .
  _            LIB    .                       OUTPUT
 (_<  . . . . . . . . .


                                                      --pancake