mirror of
https://github.com/radareorg/radare2.git
synced 2025-02-10 16:23:08 +00:00
f499ca67e7
- Used to determine function preludes
- On x86: "zf prelude 5589e5"
- we can probably merge this type into a formattable
zignature named
- Remove old code in sign.c
r_sign: signature api for radare2
=================================
Plugins are used to implement data collectors for r_sign.
A data collector is a piece of code that feeds the r_sign
database with information about symbols.
r_sign is configured to weight each attribute with some properties
to be able to determine the semblance between a collector source
information and the playground where r_sign tries to find valid
duplicates of the information stored previously following the
configured attributes and then we have output plugins to
Plugin types:
=============
collectors - collects initial signatures (libc, libm, ...) [ INPUT ]
playground - find collected info using the configured attributes [ INPUT ]
dumpers - dump the resulting information in ascii [ OUTPUT ]
- dump signature
- dump results of the signature analysis
Items in stored database
========================
Should contain something like:
// raw byte search //
typedef struct {
char *name;
ut8 *bytes;
int len;
RList hits;
} RSignItem;
We need some way to store other kind of properties for signature types..
r_sign_item_new ();
r_sign_item_add (sign, s_item);
Matchers should allow some ranges.. for example. we can accept two matching sequences with a distance of X
Schematics
-----------
PLUGINS
+-----------+
| collector | (signature file, elf binary, radare database, ida...)
+---.-------+
|
| +------------+
| | playground | (plugins to find information on target file)
| +------------+
. . | . . . . .| . . . . . . . . . . . . . . . . . . . . . . . . . . . .
| | .
| +--------+ . +----------------+
`---->| r_sign |---->| signature file | output file (screen, disk)
+--------+ . +----------------+
.
waka waka! .
----,---- .
_ LIB . OUTPUT
(_< . . . . . . . . .
--pancake