#include <rz_types.h>
#include <rz_list.h>
#include <rz_analysis.h>

Classes
struct	rz_flirt_tail_byte_t

struct	rz_flirt_function_t

struct	rz_flirt_module_t

struct	rz_flirt_node_t

struct	rz_flirt_sig_info_t

struct	rz_flirt_pat_info_t

struct	rz_flirt_info_t

struct	rz_flirt_compressed_options_t

struct	rz_signature_database_entry_t

struct	rz_signature_db_t

Macros
#define	RZ_FLIRT_NAME_MAX 1024

#define	RZ_FLIRT_LIBRARY_NAME_MAX 0xFF

#define	RZ_FLIRT_LIBRARY_NAME_DFL "Built with rizin " RZ_VERSION

#define	RZ_FLIRT_MAX_PRELUDE_SIZE (32)

#define	RZ_FLIRT_SIG_FILE_DOS_EXE_OLD 0x00000001

#define	RZ_FLIRT_SIG_FILE_DOS_COM_OLD 0x00000002

#define	RZ_FLIRT_SIG_FILE_BIN 0x00000004

#define	RZ_FLIRT_SIG_FILE_DOSDRV 0x00000008

#define	RZ_FLIRT_SIG_FILE_NE 0x00000010

#define	RZ_FLIRT_SIG_FILE_INTELHEX 0x00000020

#define	RZ_FLIRT_SIG_FILE_MOSHEX 0x00000040

#define	RZ_FLIRT_SIG_FILE_LX 0x00000080

#define	RZ_FLIRT_SIG_FILE_LE 0x00000100

#define	RZ_FLIRT_SIG_FILE_NLM 0x00000200

#define	RZ_FLIRT_SIG_FILE_COFF 0x00000400

#define	RZ_FLIRT_SIG_FILE_PE 0x00000800

#define	RZ_FLIRT_SIG_FILE_OMF 0x00001000

#define	RZ_FLIRT_SIG_FILE_SREC 0x00002000

#define	RZ_FLIRT_SIG_FILE_ZIP 0x00004000

#define	RZ_FLIRT_SIG_FILE_OMFLIB 0x00008000

#define	RZ_FLIRT_SIG_FILE_AR 0x00010000

#define	RZ_FLIRT_SIG_FILE_LOADER 0x00020000

#define	RZ_FLIRT_SIG_FILE_ELF 0x00040000

#define	RZ_FLIRT_SIG_FILE_W32RUN 0x00080000

#define	RZ_FLIRT_SIG_FILE_AOUT 0x00100000

#define	RZ_FLIRT_SIG_FILE_PILOT 0x00200000

#define	RZ_FLIRT_SIG_FILE_DOS_EXE 0x00400000

#define	RZ_FLIRT_SIG_FILE_DOS_COM 0x00800000

#define	RZ_FLIRT_SIG_FILE_AIXAR 0x01000000

#define	RZ_FLIRT_SIG_FILE_ALL 0xFFFFFFFF

#define	RZ_FLIRT_SIG_OS_MSDOS 0x0001

#define	RZ_FLIRT_SIG_OS_WIN 0x0002

#define	RZ_FLIRT_SIG_OS_OS2 0x0004

#define	RZ_FLIRT_SIG_OS_NETWARE 0x0008

#define	RZ_FLIRT_SIG_OS_UNIX 0x0010

#define	RZ_FLIRT_SIG_OS_OTHER 0x0020

#define	RZ_FLIRT_SIG_OS_ALL 0xFFFF

#define	RZ_FLIRT_SIG_APP_CONSOLE 0x0001

#define	RZ_FLIRT_SIG_APP_GRAPHICS 0x0002

#define	RZ_FLIRT_SIG_APP_EXE 0x0004

#define	RZ_FLIRT_SIG_APP_DLL 0x0008

#define	RZ_FLIRT_SIG_APP_DRV 0x0010

#define	RZ_FLIRT_SIG_APP_SINGLE_THREADED 0x0020

#define	RZ_FLIRT_SIG_APP_MULTI_THREADED 0x0040

#define	RZ_FLIRT_SIG_APP_16_BIT 0x0080

#define	RZ_FLIRT_SIG_APP_32_BIT 0x0100

#define	RZ_FLIRT_SIG_APP_64_BIT 0x0200

#define	RZ_FLIRT_SIG_APP_ALL 0xFFFF

Typedefs
typedef struct rz_flirt_tail_byte_t	RzFlirtTailByte

typedef struct rz_flirt_function_t	RzFlirtFunction

typedef struct rz_flirt_module_t	RzFlirtModule

typedef struct rz_flirt_node_t	RzFlirtNode

typedef enum rz_flirt_file_type_t	RzFlirtFileType

typedef struct rz_flirt_sig_info_t	RzFlirtSigInfo

typedef struct rz_flirt_pat_info_t	RzFlirtPatInfo

typedef struct rz_flirt_info_t	RzFlirtInfo

typedef struct rz_flirt_compressed_options_t	RzFlirtCompressedOptions

typedef struct rz_signature_database_entry_t	RzSigDBEntry

typedef struct rz_signature_db_t	RzSigDb

Enumerations
enum	rz_flirt_sig_arch_t { RZ_FLIRT_SIG_ARCH_386 = 0 , RZ_FLIRT_SIG_ARCH_Z80 , RZ_FLIRT_SIG_ARCH_I860 , RZ_FLIRT_SIG_ARCH_8051 , RZ_FLIRT_SIG_ARCH_TMS , RZ_FLIRT_SIG_ARCH_6502 , RZ_FLIRT_SIG_ARCH_PDP , RZ_FLIRT_SIG_ARCH_68K , RZ_FLIRT_SIG_ARCH_JAVA , RZ_FLIRT_SIG_ARCH_6800 , RZ_FLIRT_SIG_ARCH_ST7 , RZ_FLIRT_SIG_ARCH_MC6812 , RZ_FLIRT_SIG_ARCH_MIPS , RZ_FLIRT_SIG_ARCH_ARM , RZ_FLIRT_SIG_ARCH_TMSC6 , RZ_FLIRT_SIG_ARCH_PPC , RZ_FLIRT_SIG_ARCH_80196 , RZ_FLIRT_SIG_ARCH_Z8 , RZ_FLIRT_SIG_ARCH_SH , RZ_FLIRT_SIG_ARCH_NET , RZ_FLIRT_SIG_ARCH_AVR , RZ_FLIRT_SIG_ARCH_H8 , RZ_FLIRT_SIG_ARCH_PIC , RZ_FLIRT_SIG_ARCH_SPARC , RZ_FLIRT_SIG_ARCH_ALPHA , RZ_FLIRT_SIG_ARCH_HPPA , RZ_FLIRT_SIG_ARCH_H8500 , RZ_FLIRT_SIG_ARCH_TRICORE , RZ_FLIRT_SIG_ARCH_DSP56K , RZ_FLIRT_SIG_ARCH_C166 , RZ_FLIRT_SIG_ARCH_ST20 , RZ_FLIRT_SIG_ARCH_IA64 , RZ_FLIRT_SIG_ARCH_I960 , RZ_FLIRT_SIG_ARCH_F2MC , RZ_FLIRT_SIG_ARCH_TMS320C54 , RZ_FLIRT_SIG_ARCH_TMS320C55 , RZ_FLIRT_SIG_ARCH_TRIMEDIA , RZ_FLIRT_SIG_ARCH_M32R , RZ_FLIRT_SIG_ARCH_NEC_78K0 , RZ_FLIRT_SIG_ARCH_NEC_78K0S , RZ_FLIRT_SIG_ARCH_M740 , RZ_FLIRT_SIG_ARCH_M7700 , RZ_FLIRT_SIG_ARCH_ST9 , RZ_FLIRT_SIG_ARCH_FR , RZ_FLIRT_SIG_ARCH_MC6816 , RZ_FLIRT_SIG_ARCH_M7900 , RZ_FLIRT_SIG_ARCH_TMS320C3 , RZ_FLIRT_SIG_ARCH_KR1878 , RZ_FLIRT_SIG_ARCH_AD218X , RZ_FLIRT_SIG_ARCH_OAKDSP , RZ_FLIRT_SIG_ARCH_TLCS900 , RZ_FLIRT_SIG_ARCH_C39 , RZ_FLIRT_SIG_ARCH_CR16 , RZ_FLIRT_SIG_ARCH_MN102L00 , RZ_FLIRT_SIG_ARCH_TMS320C1X , RZ_FLIRT_SIG_ARCH_NEC_V850X , RZ_FLIRT_SIG_ARCH_SCR_ADPT , RZ_FLIRT_SIG_ARCH_EBC , RZ_FLIRT_SIG_ARCH_MSP430 , RZ_FLIRT_SIG_ARCH_SPU , RZ_FLIRT_SIG_ARCH_DALVIK , RZ_FLIRT_SIG_ARCH_65C816 , RZ_FLIRT_SIG_ARCH_M16C , RZ_FLIRT_SIG_ARCH_ARC , RZ_FLIRT_SIG_ARCH_UNSP , RZ_FLIRT_SIG_ARCH_TMS320C28 , RZ_FLIRT_SIG_ARCH_DSP96K , RZ_FLIRT_SIG_ARCH_SPC700 , RZ_FLIRT_SIG_ARCH_AD2106X , RZ_FLIRT_SIG_ARCH_PIC16 , RZ_FLIRT_SIG_ARCH_S390 , RZ_FLIRT_SIG_ARCH_XTENSA , RZ_FLIRT_SIG_ARCH_RISCV , RZ_FLIRT_SIG_ARCH_RL78 , RZ_FLIRT_SIG_ARCH_RX , RZ_FLIRT_SIG_ARCH_ANY }

enum	rz_flirt_node_optimization_t { RZ_FLIRT_NODE_OPTIMIZE_NONE = 0 , RZ_FLIRT_NODE_OPTIMIZE_NORMAL , RZ_FLIRT_NODE_OPTIMIZE_MAX }

enum	rz_flirt_file_type_t { RZ_FLIRT_FILE_TYPE_UNKNOWN = 0 , RZ_FLIRT_FILE_TYPE_SIG , RZ_FLIRT_FILE_TYPE_PAT }

Functions
RZ_API ut32	rz_sign_flirt_node_count_nodes (RZ_NONNULL const RzFlirtNode *node)
	Counts the number of FLIRT signatures in the node. More...

RZ_API RZ_OWN RzFlirtNode *	rz_sign_flirt_node_new (RZ_NONNULL RzAnalysis *analysis, ut32 optimization)
	Generates the FLIRT signatures and returns an RzFlirtNode. More...

RZ_API void	rz_sign_flirt_node_free (RZ_NULLABLE RzFlirtNode *node)
	Frees an RzFlirtNode struct. More...

RZ_API void	rz_sign_flirt_info_fini (RZ_NULLABLE RzFlirtInfo *info)
	Frees an RzFlirtInfo struct elements without freeing the pointer. More...

RZ_API bool	rz_sign_flirt_apply (RZ_NONNULL RzAnalysis analysis, RZ_NONNULL const char flirt_file, ut8 expected_arch)
	Parses the FLIRT file and applies the signatures. More...

RZ_API RZ_OWN bool	rz_sign_flirt_parse_header_compressed_pattern_from_buffer (RZ_NONNULL RzBuffer flirt_buf, RZ_NONNULL RzFlirtInfo info)
	Parses the RzBuffer containing a FLIRT structure and returns an RzFlirtInfo. More...

RZ_API RZ_OWN RzFlirtNode *	rz_sign_flirt_parse_compressed_pattern_from_buffer (RZ_NONNULL RzBuffer flirt_buf, ut8 expected_arch, RZ_NULLABLE RzFlirtInfo info)
	Parses the RzBuffer containing a FLIRT structure and returns an RzFlirtNode. More...

RZ_API bool	rz_sign_flirt_write_compressed_pattern_to_buffer (RZ_NONNULL const RzFlirtNode node, RZ_NONNULL RzBuffer buffer, RzFlirtCompressedOptions *options)
	Writes in the the RzBuffer the FLIRT signatures in compressed format. More...

RZ_API RZ_OWN RzFlirtNode *	rz_sign_flirt_parse_string_pattern_from_buffer (RZ_NONNULL RzBuffer flirt_buf, ut32 optimization, RZ_NULLABLE RzFlirtInfo info)
	Parses the RzBuffer containing a FLIRT signature in string format and returns an RzFlirtNode. More...

RZ_API bool	rz_sign_flirt_write_string_pattern_to_buffer (RZ_NONNULL const RzFlirtNode node, RZ_NONNULL RzBuffer buffer)
	Writes in the the RzBuffer the FLIRT signatures in string format. More...

RZ_API void	rz_sign_sigdb_signature_free (RZ_NULLABLE RzSigDBEntry *entry)
	Frees a RzSigDBEntry structure. More...

RZ_API RZ_OWN RzSigDb *	rz_sign_sigdb_new (void)
	Create a new empty `RzSigDb` instance. More...

RZ_API void	rz_sign_sigdb_free (RzSigDb *db)

RZ_API RZ_OWN RzSigDb *	rz_sign_sigdb_load_database (RZ_NONNULL const char *sigdb_path, bool with_details)
	Returns a database of signatures loaded from the signature database path. More...

RZ_API bool	rz_sign_sigdb_add_entry (RZ_NONNULL RzSigDb db, RZ_NONNULL const RzSigDBEntry entry)
	Add a new signature entry to a database. More...

RZ_API bool	rz_sign_sigdb_merge (RZ_NONNULL RzSigDb db, RZ_NONNULL RzSigDb db2)
	Merge the signatures from `db2` into `db`. More...

RZ_API RZ_OWN RzList *	rz_sign_sigdb_list (RZ_NONNULL const RzSigDb *db)
	Return the signature database as a list of entries. More...

Macro Definition Documentation

◆ RZ_FLIRT_LIBRARY_NAME_DFL

#define RZ_FLIRT_LIBRARY_NAME_DFL "Built with rizin " RZ_VERSION

Definition at line 19 of file rz_flirt.h.

◆ RZ_FLIRT_LIBRARY_NAME_MAX

#define RZ_FLIRT_LIBRARY_NAME_MAX 0xFF

Definition at line 18 of file rz_flirt.h.

◆ RZ_FLIRT_MAX_PRELUDE_SIZE

#define RZ_FLIRT_MAX_PRELUDE_SIZE (32)

Definition at line 20 of file rz_flirt.h.

◆ RZ_FLIRT_NAME_MAX

#define RZ_FLIRT_NAME_MAX 1024

Definition at line 17 of file rz_flirt.h.

◆ RZ_FLIRT_SIG_APP_16_BIT

#define RZ_FLIRT_SIG_APP_16_BIT 0x0080

Definition at line 147 of file rz_flirt.h.

◆ RZ_FLIRT_SIG_APP_32_BIT

#define RZ_FLIRT_SIG_APP_32_BIT 0x0100

Definition at line 148 of file rz_flirt.h.

◆ RZ_FLIRT_SIG_APP_64_BIT

#define RZ_FLIRT_SIG_APP_64_BIT 0x0200

Definition at line 149 of file rz_flirt.h.

◆ RZ_FLIRT_SIG_APP_ALL

#define RZ_FLIRT_SIG_APP_ALL 0xFFFF

Definition at line 150 of file rz_flirt.h.

◆ RZ_FLIRT_SIG_APP_CONSOLE

#define RZ_FLIRT_SIG_APP_CONSOLE 0x0001

Definition at line 140 of file rz_flirt.h.

◆ RZ_FLIRT_SIG_APP_DLL

#define RZ_FLIRT_SIG_APP_DLL 0x0008

Definition at line 143 of file rz_flirt.h.

◆ RZ_FLIRT_SIG_APP_DRV

#define RZ_FLIRT_SIG_APP_DRV 0x0010

Definition at line 144 of file rz_flirt.h.

◆ RZ_FLIRT_SIG_APP_EXE

#define RZ_FLIRT_SIG_APP_EXE 0x0004

Definition at line 142 of file rz_flirt.h.

◆ RZ_FLIRT_SIG_APP_GRAPHICS

#define RZ_FLIRT_SIG_APP_GRAPHICS 0x0002

Definition at line 141 of file rz_flirt.h.

◆ RZ_FLIRT_SIG_APP_MULTI_THREADED

#define RZ_FLIRT_SIG_APP_MULTI_THREADED 0x0040

Definition at line 146 of file rz_flirt.h.

◆ RZ_FLIRT_SIG_APP_SINGLE_THREADED

#define RZ_FLIRT_SIG_APP_SINGLE_THREADED 0x0020

Definition at line 145 of file rz_flirt.h.

◆ RZ_FLIRT_SIG_FILE_AIXAR

#define RZ_FLIRT_SIG_FILE_AIXAR 0x01000000

Definition at line 127 of file rz_flirt.h.

◆ RZ_FLIRT_SIG_FILE_ALL

#define RZ_FLIRT_SIG_FILE_ALL 0xFFFFFFFF

Definition at line 128 of file rz_flirt.h.

◆ RZ_FLIRT_SIG_FILE_AOUT

#define RZ_FLIRT_SIG_FILE_AOUT 0x00100000

Definition at line 123 of file rz_flirt.h.

◆ RZ_FLIRT_SIG_FILE_AR

#define RZ_FLIRT_SIG_FILE_AR 0x00010000

Definition at line 119 of file rz_flirt.h.

◆ RZ_FLIRT_SIG_FILE_BIN

#define RZ_FLIRT_SIG_FILE_BIN 0x00000004

Definition at line 105 of file rz_flirt.h.

◆ RZ_FLIRT_SIG_FILE_COFF

#define RZ_FLIRT_SIG_FILE_COFF 0x00000400

Definition at line 113 of file rz_flirt.h.

◆ RZ_FLIRT_SIG_FILE_DOS_COM

#define RZ_FLIRT_SIG_FILE_DOS_COM 0x00800000

Definition at line 126 of file rz_flirt.h.

◆ RZ_FLIRT_SIG_FILE_DOS_COM_OLD

#define RZ_FLIRT_SIG_FILE_DOS_COM_OLD 0x00000002

Definition at line 104 of file rz_flirt.h.

◆ RZ_FLIRT_SIG_FILE_DOS_EXE

#define RZ_FLIRT_SIG_FILE_DOS_EXE 0x00400000

Definition at line 125 of file rz_flirt.h.

◆ RZ_FLIRT_SIG_FILE_DOS_EXE_OLD

#define RZ_FLIRT_SIG_FILE_DOS_EXE_OLD 0x00000001

Definition at line 103 of file rz_flirt.h.

◆ RZ_FLIRT_SIG_FILE_DOSDRV

#define RZ_FLIRT_SIG_FILE_DOSDRV 0x00000008

Definition at line 106 of file rz_flirt.h.

◆ RZ_FLIRT_SIG_FILE_ELF

#define RZ_FLIRT_SIG_FILE_ELF 0x00040000

Definition at line 121 of file rz_flirt.h.

◆ RZ_FLIRT_SIG_FILE_INTELHEX

#define RZ_FLIRT_SIG_FILE_INTELHEX 0x00000020

Definition at line 108 of file rz_flirt.h.

◆ RZ_FLIRT_SIG_FILE_LE

#define RZ_FLIRT_SIG_FILE_LE 0x00000100

Definition at line 111 of file rz_flirt.h.

◆ RZ_FLIRT_SIG_FILE_LOADER

#define RZ_FLIRT_SIG_FILE_LOADER 0x00020000

Definition at line 120 of file rz_flirt.h.

◆ RZ_FLIRT_SIG_FILE_LX

#define RZ_FLIRT_SIG_FILE_LX 0x00000080

Definition at line 110 of file rz_flirt.h.

◆ RZ_FLIRT_SIG_FILE_MOSHEX

#define RZ_FLIRT_SIG_FILE_MOSHEX 0x00000040

Definition at line 109 of file rz_flirt.h.

◆ RZ_FLIRT_SIG_FILE_NE

#define RZ_FLIRT_SIG_FILE_NE 0x00000010

Definition at line 107 of file rz_flirt.h.

◆ RZ_FLIRT_SIG_FILE_NLM

#define RZ_FLIRT_SIG_FILE_NLM 0x00000200

Definition at line 112 of file rz_flirt.h.

◆ RZ_FLIRT_SIG_FILE_OMF

#define RZ_FLIRT_SIG_FILE_OMF 0x00001000

Definition at line 115 of file rz_flirt.h.

◆ RZ_FLIRT_SIG_FILE_OMFLIB

#define RZ_FLIRT_SIG_FILE_OMFLIB 0x00008000

Definition at line 118 of file rz_flirt.h.

◆ RZ_FLIRT_SIG_FILE_PE

#define RZ_FLIRT_SIG_FILE_PE 0x00000800

Definition at line 114 of file rz_flirt.h.

◆ RZ_FLIRT_SIG_FILE_PILOT

#define RZ_FLIRT_SIG_FILE_PILOT 0x00200000

Definition at line 124 of file rz_flirt.h.

◆ RZ_FLIRT_SIG_FILE_SREC

#define RZ_FLIRT_SIG_FILE_SREC 0x00002000

Definition at line 116 of file rz_flirt.h.

◆ RZ_FLIRT_SIG_FILE_W32RUN

#define RZ_FLIRT_SIG_FILE_W32RUN 0x00080000

Definition at line 122 of file rz_flirt.h.

◆ RZ_FLIRT_SIG_FILE_ZIP

#define RZ_FLIRT_SIG_FILE_ZIP 0x00004000

Definition at line 117 of file rz_flirt.h.

◆ RZ_FLIRT_SIG_OS_ALL

#define RZ_FLIRT_SIG_OS_ALL 0xFFFF

Definition at line 137 of file rz_flirt.h.

◆ RZ_FLIRT_SIG_OS_MSDOS

#define RZ_FLIRT_SIG_OS_MSDOS 0x0001

Definition at line 131 of file rz_flirt.h.

◆ RZ_FLIRT_SIG_OS_NETWARE

#define RZ_FLIRT_SIG_OS_NETWARE 0x0008

Definition at line 134 of file rz_flirt.h.

◆ RZ_FLIRT_SIG_OS_OS2

#define RZ_FLIRT_SIG_OS_OS2 0x0004

Definition at line 133 of file rz_flirt.h.

◆ RZ_FLIRT_SIG_OS_OTHER

#define RZ_FLIRT_SIG_OS_OTHER 0x0020

Definition at line 136 of file rz_flirt.h.

◆ RZ_FLIRT_SIG_OS_UNIX

#define RZ_FLIRT_SIG_OS_UNIX 0x0010

Definition at line 135 of file rz_flirt.h.

◆ RZ_FLIRT_SIG_OS_WIN

#define RZ_FLIRT_SIG_OS_WIN 0x0002

Definition at line 132 of file rz_flirt.h.

Typedef Documentation

◆ RzFlirtCompressedOptions

typedef struct rz_flirt_compressed_options_t RzFlirtCompressedOptions

◆ RzFlirtFileType

typedef enum rz_flirt_file_type_t RzFlirtFileType

◆ RzFlirtFunction

typedef struct rz_flirt_function_t RzFlirtFunction

◆ RzFlirtInfo

typedef struct rz_flirt_info_t RzFlirtInfo

◆ RzFlirtModule

typedef struct rz_flirt_module_t RzFlirtModule

◆ RzFlirtNode

typedef struct rz_flirt_node_t RzFlirtNode

◆ RzFlirtPatInfo

typedef struct rz_flirt_pat_info_t RzFlirtPatInfo

◆ RzFlirtSigInfo

typedef struct rz_flirt_sig_info_t RzFlirtSigInfo

◆ RzFlirtTailByte

typedef struct rz_flirt_tail_byte_t RzFlirtTailByte

◆ RzSigDb

typedef struct rz_signature_db_t RzSigDb

◆ RzSigDBEntry

typedef struct rz_signature_database_entry_t RzSigDBEntry

Enumeration Type Documentation

◆ rz_flirt_file_type_t

enum rz_flirt_file_type_t

Enumerator
RZ_FLIRT_FILE_TYPE_UNKNOWN	unknown type
RZ_FLIRT_FILE_TYPE_SIG	`.sig` compressed pattern file
RZ_FLIRT_FILE_TYPE_PAT	`.pat` text format pattern file

Definition at line 191 of file rz_flirt.h.

                                   {
     RZ_FLIRT_FILE_TYPE_UNKNOWN = 0, 
     RZ_FLIRT_FILE_TYPE_SIG, 
     RZ_FLIRT_FILE_TYPE_PAT, 
 } RzFlirtFileType;

◆ rz_flirt_node_optimization_t

enum rz_flirt_node_optimization_t

Enumerator
RZ_FLIRT_NODE_OPTIMIZE_NONE	keeps the structure flattened (keep the tail bytes)
RZ_FLIRT_NODE_OPTIMIZE_NORMAL	optimize the tree structure (keeps the tail bytes)
RZ_FLIRT_NODE_OPTIMIZE_MAX	optimize the tree structure and drops the tail bytes

Definition at line 185 of file rz_flirt.h.

                                   {
     RZ_FLIRT_NODE_OPTIMIZE_NONE = 0, 
     RZ_FLIRT_NODE_OPTIMIZE_NORMAL, 
     RZ_FLIRT_NODE_OPTIMIZE_MAX, 
 };

◆ rz_flirt_sig_arch_t

enum rz_flirt_sig_arch_t

Enumerator
RZ_FLIRT_SIG_ARCH_386
RZ_FLIRT_SIG_ARCH_Z80
RZ_FLIRT_SIG_ARCH_I860
RZ_FLIRT_SIG_ARCH_8051
RZ_FLIRT_SIG_ARCH_TMS
RZ_FLIRT_SIG_ARCH_6502
RZ_FLIRT_SIG_ARCH_PDP
RZ_FLIRT_SIG_ARCH_68K
RZ_FLIRT_SIG_ARCH_JAVA
RZ_FLIRT_SIG_ARCH_6800
RZ_FLIRT_SIG_ARCH_ST7
RZ_FLIRT_SIG_ARCH_MC6812
RZ_FLIRT_SIG_ARCH_MIPS
RZ_FLIRT_SIG_ARCH_ARM
RZ_FLIRT_SIG_ARCH_TMSC6
RZ_FLIRT_SIG_ARCH_PPC
RZ_FLIRT_SIG_ARCH_80196
RZ_FLIRT_SIG_ARCH_Z8
RZ_FLIRT_SIG_ARCH_SH
RZ_FLIRT_SIG_ARCH_NET
RZ_FLIRT_SIG_ARCH_AVR
RZ_FLIRT_SIG_ARCH_H8
RZ_FLIRT_SIG_ARCH_PIC
RZ_FLIRT_SIG_ARCH_SPARC
RZ_FLIRT_SIG_ARCH_ALPHA
RZ_FLIRT_SIG_ARCH_HPPA
RZ_FLIRT_SIG_ARCH_H8500
RZ_FLIRT_SIG_ARCH_TRICORE
RZ_FLIRT_SIG_ARCH_DSP56K
RZ_FLIRT_SIG_ARCH_C166
RZ_FLIRT_SIG_ARCH_ST20
RZ_FLIRT_SIG_ARCH_IA64
RZ_FLIRT_SIG_ARCH_I960
RZ_FLIRT_SIG_ARCH_F2MC
RZ_FLIRT_SIG_ARCH_TMS320C54
RZ_FLIRT_SIG_ARCH_TMS320C55
RZ_FLIRT_SIG_ARCH_TRIMEDIA
RZ_FLIRT_SIG_ARCH_M32R
RZ_FLIRT_SIG_ARCH_NEC_78K0
RZ_FLIRT_SIG_ARCH_NEC_78K0S
RZ_FLIRT_SIG_ARCH_M740
RZ_FLIRT_SIG_ARCH_M7700
RZ_FLIRT_SIG_ARCH_ST9
RZ_FLIRT_SIG_ARCH_FR
RZ_FLIRT_SIG_ARCH_MC6816
RZ_FLIRT_SIG_ARCH_M7900
RZ_FLIRT_SIG_ARCH_TMS320C3
RZ_FLIRT_SIG_ARCH_KR1878
RZ_FLIRT_SIG_ARCH_AD218X
RZ_FLIRT_SIG_ARCH_OAKDSP
RZ_FLIRT_SIG_ARCH_TLCS900
RZ_FLIRT_SIG_ARCH_C39
RZ_FLIRT_SIG_ARCH_CR16
RZ_FLIRT_SIG_ARCH_MN102L00
RZ_FLIRT_SIG_ARCH_TMS320C1X
RZ_FLIRT_SIG_ARCH_NEC_V850X
RZ_FLIRT_SIG_ARCH_SCR_ADPT
RZ_FLIRT_SIG_ARCH_EBC
RZ_FLIRT_SIG_ARCH_MSP430
RZ_FLIRT_SIG_ARCH_SPU
RZ_FLIRT_SIG_ARCH_DALVIK
RZ_FLIRT_SIG_ARCH_65C816
RZ_FLIRT_SIG_ARCH_M16C
RZ_FLIRT_SIG_ARCH_ARC
RZ_FLIRT_SIG_ARCH_UNSP
RZ_FLIRT_SIG_ARCH_TMS320C28
RZ_FLIRT_SIG_ARCH_DSP96K
RZ_FLIRT_SIG_ARCH_SPC700
RZ_FLIRT_SIG_ARCH_AD2106X
RZ_FLIRT_SIG_ARCH_PIC16
RZ_FLIRT_SIG_ARCH_S390
RZ_FLIRT_SIG_ARCH_XTENSA
RZ_FLIRT_SIG_ARCH_RISCV
RZ_FLIRT_SIG_ARCH_RL78
RZ_FLIRT_SIG_ARCH_RX
RZ_FLIRT_SIG_ARCH_ANY

Definition at line 23 of file rz_flirt.h.

                          {
     RZ_FLIRT_SIG_ARCH_386 = 0, // Intel 80x86
     RZ_FLIRT_SIG_ARCH_Z80, // 8085, Z80
     RZ_FLIRT_SIG_ARCH_I860, // Intel 860
     RZ_FLIRT_SIG_ARCH_8051, // 8051
     RZ_FLIRT_SIG_ARCH_TMS, // Texas Instruments TMS320C5x
     RZ_FLIRT_SIG_ARCH_6502, // 6502
     RZ_FLIRT_SIG_ARCH_PDP, // PDP11
     RZ_FLIRT_SIG_ARCH_68K, // Motoroal 680x0
     RZ_FLIRT_SIG_ARCH_JAVA, // Java
     RZ_FLIRT_SIG_ARCH_6800, // Motorola 68xx
     RZ_FLIRT_SIG_ARCH_ST7, // SGS-Thomson ST7
     RZ_FLIRT_SIG_ARCH_MC6812, // Motorola 68HC12
     RZ_FLIRT_SIG_ARCH_MIPS, // MIPS
     RZ_FLIRT_SIG_ARCH_ARM, // Advanced RISC Machines
     RZ_FLIRT_SIG_ARCH_TMSC6, // Texas Instruments TMS320C6x
     RZ_FLIRT_SIG_ARCH_PPC, // PowerPC
     RZ_FLIRT_SIG_ARCH_80196, // Intel 80196
     RZ_FLIRT_SIG_ARCH_Z8, // Z8
     RZ_FLIRT_SIG_ARCH_SH, // Renesas (formerly Hitachi) SuperH
     RZ_FLIRT_SIG_ARCH_NET, // Microsoft Visual Studio.Net
     RZ_FLIRT_SIG_ARCH_AVR, // Atmel 8-bit RISC processor(s)
     RZ_FLIRT_SIG_ARCH_H8, // Hitachi H8/300, H8/2000
     RZ_FLIRT_SIG_ARCH_PIC, // Microchip's PIC
     RZ_FLIRT_SIG_ARCH_SPARC, // SPARC
     RZ_FLIRT_SIG_ARCH_ALPHA, // DEC Alpha
     RZ_FLIRT_SIG_ARCH_HPPA, // Hewlett-Packard PA-RISC
     RZ_FLIRT_SIG_ARCH_H8500, // Renesas (formerly Hitachi) H8/500
     RZ_FLIRT_SIG_ARCH_TRICORE, // Tricore
     RZ_FLIRT_SIG_ARCH_DSP56K, // Motorola DSP5600x
     RZ_FLIRT_SIG_ARCH_C166, // Siemens C166 family
     RZ_FLIRT_SIG_ARCH_ST20, // SGS-Thomson ST20
     RZ_FLIRT_SIG_ARCH_IA64, // Intel Itanium IA64
     RZ_FLIRT_SIG_ARCH_I960, // Intel 960
     RZ_FLIRT_SIG_ARCH_F2MC, // Fujitsu F2MC-16
     RZ_FLIRT_SIG_ARCH_TMS320C54, // Texas Instruments TMS320C54xx
     RZ_FLIRT_SIG_ARCH_TMS320C55, // Texas Instruments TMS320C55xx
     RZ_FLIRT_SIG_ARCH_TRIMEDIA, // Trimedia
     RZ_FLIRT_SIG_ARCH_M32R, // Mitsubishi 32bit RISC
     RZ_FLIRT_SIG_ARCH_NEC_78K0, // NEC 78K0
     RZ_FLIRT_SIG_ARCH_NEC_78K0S, // NEC 78K0S
     RZ_FLIRT_SIG_ARCH_M740, // Mitsubishi 8bit
     RZ_FLIRT_SIG_ARCH_M7700, // Mitsubishi 16bit
     RZ_FLIRT_SIG_ARCH_ST9, // ST9+
     RZ_FLIRT_SIG_ARCH_FR, // Fujitsu FR Family
     RZ_FLIRT_SIG_ARCH_MC6816, // Motorola 68HC16
     RZ_FLIRT_SIG_ARCH_M7900, // Mitsubishi 7900
     RZ_FLIRT_SIG_ARCH_TMS320C3, // Texas Instruments TMS320C3
     RZ_FLIRT_SIG_ARCH_KR1878, // Angstrem KR1878
     RZ_FLIRT_SIG_ARCH_AD218X, // Analog Devices ADSP 218X
     RZ_FLIRT_SIG_ARCH_OAKDSP, // Atmel OAK DSP
     RZ_FLIRT_SIG_ARCH_TLCS900, // Toshiba TLCS-900
     RZ_FLIRT_SIG_ARCH_C39, // Rockwell C39
     RZ_FLIRT_SIG_ARCH_CR16, // NSC CR16
     RZ_FLIRT_SIG_ARCH_MN102L00, // Panasonic MN10200
     RZ_FLIRT_SIG_ARCH_TMS320C1X, // Texas Instruments TMS320C1x
     RZ_FLIRT_SIG_ARCH_NEC_V850X, // NEC V850 and V850ES/E1/E2
     RZ_FLIRT_SIG_ARCH_SCR_ADPT, // Processor module adapter for processor modules written in scripting languages
     RZ_FLIRT_SIG_ARCH_EBC, // EFI Bytecode
     RZ_FLIRT_SIG_ARCH_MSP430, // Texas Instruments MSP430
     RZ_FLIRT_SIG_ARCH_SPU, // Cell Broadband Engine Synergistic Processor Unit
     RZ_FLIRT_SIG_ARCH_DALVIK, // Android Dalvik Virtual Machine
     RZ_FLIRT_SIG_ARCH_65C816, // 65802/65816
     RZ_FLIRT_SIG_ARCH_M16C, // Renesas M16C
     RZ_FLIRT_SIG_ARCH_ARC, // Argonaut RISC Core
     RZ_FLIRT_SIG_ARCH_UNSP, // SunPlus unSP
     RZ_FLIRT_SIG_ARCH_TMS320C28, // Texas Instruments TMS320C28x
     RZ_FLIRT_SIG_ARCH_DSP96K, // Motorola DSP96000
     RZ_FLIRT_SIG_ARCH_SPC700, // Sony SPC700
     RZ_FLIRT_SIG_ARCH_AD2106X, // Analog Devices ADSP 2106X
     RZ_FLIRT_SIG_ARCH_PIC16, // Microchip 16-bit PIC
     RZ_FLIRT_SIG_ARCH_S390, // IBM's S390
     RZ_FLIRT_SIG_ARCH_XTENSA, // Tensilica Xtensa
     RZ_FLIRT_SIG_ARCH_RISCV, // RISC-V
     RZ_FLIRT_SIG_ARCH_RL78, // Renesas RL78.
     RZ_FLIRT_SIG_ARCH_RX, // Renesas RX.
     RZ_FLIRT_SIG_ARCH_ANY,
 };

Function Documentation

◆ rz_sign_flirt_apply()

RZ_API bool rz_sign_flirt_apply	(	RZ_NONNULL RzAnalysis *	analysis,
		RZ_NONNULL const char *	flirt_file,
		ut8	expected_arch
	)

Parses the FLIRT file and applies the signatures.

Parameters

analysis	The RzAnalysis structure
flirt_file	The FLIRT file to parse

Returns: true if the signatures were sucessfully applied to the file

Definition at line 1289 of file flirt.c.

                                                                                                                        {
     rz_return_val_if_fail(analysis && RZ_STR_ISNOTEMPTY(flirt_file), false);
     RzBuffer *flirt_buf = NULL;
     RzFlirtNode *node = NULL;
  
     if (expected_arch > RZ_FLIRT_SIG_ARCH_ANY) {
         RZ_LOG_ERROR("FLIRT: unknown architecture %u\n", expected_arch);
         return false;
     }
  
     const char *extension = rz_str_lchr(flirt_file, '.');
     if (RZ_STR_ISEMPTY(extension) || (strcmp(extension, ".sig") != 0 && strcmp(extension, ".pat") != 0)) {
         RZ_LOG_ERROR("FLIRT: unknown extension '%s'\n", extension);
         return false;
     }
  
     if (!(flirt_buf = rz_buf_new_slurp(flirt_file))) {
         RZ_LOG_ERROR("FLIRT: Can't open %s\n", flirt_file);
         return false;
     }
  
     if (!strcmp(extension, ".pat")) {
         node = rz_sign_flirt_parse_string_pattern_from_buffer(flirt_buf, RZ_FLIRT_NODE_OPTIMIZE_MAX, NULL);
     } else {
         node = rz_sign_flirt_parse_compressed_pattern_from_buffer(flirt_buf, expected_arch, NULL);
     }
  
     rz_buf_free(flirt_buf);
     if (node) {
         if (!node_match_functions(analysis, node)) {
             RZ_LOG_ERROR("FLIRT: Error while scanning the file %s\n", flirt_file);
         }
         rz_sign_flirt_node_free(node);
         return true;
     }
     RZ_LOG_ERROR("FLIRT: We encountered an error while parsing the file %s. Sorry.\n", flirt_file);
     return false;
 }

References node_match_functions(), NULL, rz_buf_free(), rz_buf_new_slurp(), RZ_FLIRT_NODE_OPTIMIZE_MAX, RZ_FLIRT_SIG_ARCH_ANY, RZ_LOG_ERROR, rz_return_val_if_fail, rz_sign_flirt_node_free(), rz_sign_flirt_parse_compressed_pattern_from_buffer(), rz_sign_flirt_parse_string_pattern_from_buffer(), RZ_STR_ISEMPTY, RZ_STR_ISNOTEMPTY, and rz_str_lchr().

Referenced by rz_core_analysis_sigdb_apply(), and rz_flirt_scan_handler().

◆ rz_sign_flirt_info_fini()

RZ_API void rz_sign_flirt_info_fini ( RZ_NULLABLE RzFlirtInfo * info )

Frees an RzFlirtInfo struct elements without freeing the pointer.

Parameters

RzFlirtInfo The RzFlirtInfo elements to be freed

Definition at line 315 of file flirt.c.

                                                                    {
     if (!info) {
         return;
     }
     if (info->type == RZ_FLIRT_FILE_TYPE_SIG) {
         free(info->u.sig.name);
     }
     memset(info, 0, sizeof(RzFlirtInfo));
 }

References free(), info(), memset(), RZ_FLIRT_FILE_TYPE_SIG, and rz_bin_info_t::type.

Referenced by rz_core_flirt_dump_file(), and sigdb_signature_resolve_details().

◆ rz_sign_flirt_node_count_nodes()

RZ_API ut32 rz_sign_flirt_node_count_nodes ( RZ_NONNULL const RzFlirtNode * node )

Counts the number of FLIRT signatures in the node.

Parameters

flirt_file The FLIRT node to use to count

Returns: Number of signatures

Definition at line 1334 of file flirt.c.

                                                                                {
     rz_return_val_if_fail(node, 0);
     ut32 count = 0;
     RzListIter *it;
     RzFlirtNode *child;
     rz_list_foreach (node->child_list, it, child) {
         count += rz_sign_flirt_node_count_nodes(child);
     }
     if (rz_list_length(node->module_list) > 0) {
         count += 1;
     }
     return count;
 }

References count, rz_list_length(), rz_return_val_if_fail, and rz_sign_flirt_node_count_nodes().

Referenced by rz_core_flirt_create_file(), rz_sign_flirt_node_count_nodes(), rz_sign_flirt_parse_compressed_pattern_from_buffer(), rz_sign_flirt_parse_string_pattern_from_buffer(), and rz_sign_flirt_write_compressed_pattern_to_buffer().

◆ rz_sign_flirt_node_free()

RZ_API void rz_sign_flirt_node_free ( RZ_NULLABLE RzFlirtNode * node )

Frees an RzFlirtNode struct.

Parameters

RzFlirtNode The RzFlirtNode to be freed

Definition at line 299 of file flirt.c.

                                                                    {
     if (!node) {
         return;
     }
     free(node->pattern_mask);
     free(node->pattern_bytes);
     rz_list_free(node->module_list);
     rz_list_free(node->child_list);
     free(node);
 }

References free(), and rz_list_free().

Referenced by flirt_create_child(), flirt_create_child_from_analysis(), flirt_node_optimize(), flirt_node_shorten_and_insert(), flirt_pat_parse_line(), parse_tree(), rz_core_flirt_convert_file(), rz_core_flirt_create_file(), rz_core_flirt_dump_file(), rz_sign_flirt_apply(), rz_sign_flirt_node_new(), rz_sign_flirt_parse_string_pattern_from_buffer(), and sigdb_signature_resolve_details().

◆ rz_sign_flirt_node_new()

RZ_API RZ_OWN RzFlirtNode* rz_sign_flirt_node_new	(	RZ_NONNULL RzAnalysis *	analysis,
		ut32	optimization
	)

Generates the FLIRT signatures and returns an RzFlirtNode.

Parameters

analysis	The RzAnalysis structure to derive the signatures.
optimization	Optimization to apply after creation of the flatten nodes.

Returns: Generated FLIRT root node.

Definition at line 355 of file create.c.

                                                                                                       {
     rz_return_val_if_fail(analysis && analysis->coreb.core, NULL);
     if (optimization > RZ_FLIRT_NODE_OPTIMIZE_MAX) {
         RZ_LOG_ERROR("FLIRT: optimization value is invalid (%u > RZ_FLIRT_NODE_OPTIMIZE_MAX).\n", optimization);
         return NULL;
     }
  
     if (rz_list_length(analysis->fcns) < 1) {
         RZ_LOG_ERROR("FLIRT: There are no analyzed functions. Have you run 'aa'?\n");
         return NULL;
     }
     bool tail_bytes = optimization != RZ_FLIRT_NODE_OPTIMIZE_MAX;
     RzFlirtNode *root = RZ_NEW0(RzFlirtNode);
     if (!root) {
         RZ_LOG_ERROR("FLIRT: cannot allocate root node.\n");
         return NULL;
     }
     root->child_list = rz_list_newf((RzListFree)rz_sign_flirt_node_free);
  
     RzListIter *it;
     RzAnalysisFunction *func;
     rz_list_foreach (analysis->fcns, it, func) {
         ut64 func_size = rz_analysis_function_linear_size(func);
         if (!func->name) {
             RZ_LOG_ERROR("FLIRT: function at 0x%" PFMT64x " has a null name. skipping function...\n", func->addr);
             continue;
         } else if ((func->type != RZ_ANALYSIS_FCN_TYPE_FCN &&
                    func->type != RZ_ANALYSIS_FCN_TYPE_LOC &&
                    func->type != RZ_ANALYSIS_FCN_TYPE_SYM) ||
             func_size < 1 ||
             starts_with_flag(func->name, "imp.") ||
             starts_with_flag(func->name, "sym.imp.")) {
             continue;
         }
  
         if (func_size > ST32_MAX) {
             RZ_LOG_ERROR("FLIRT: this function exceeds the max size allowed by iob->read_at.\n");
             RZ_LOG_ERROR("FLIRT: this should never happen. please open a bug report.\n");
             goto fail;
         }
  
         ut8 *pattern = malloc(func_size);
         if (!pattern) {
             RZ_LOG_ERROR("FLIRT: cannot allocate function buffer.\n");
             goto fail;
         }
  
         if (!analysis->iob.read_at(analysis->iob.io, func->addr, pattern, (int)func_size)) {
             RZ_LOG_WARN("FLIRT: couldn't read function %s at 0x%" PFMT64x ".\n", func->name, func->addr);
             free(pattern);
             continue;
         }
  
         ut8 *mask = rz_analysis_mask(analysis, func_size, pattern, func->addr);
         if (!mask) {
             RZ_LOG_ERROR("FLIRT: cannot calculate pattern mask.\n");
             free(pattern);
             goto fail;
         } else if (!is_valid_mask_prelude(mask, func_size)) {
             free(pattern);
             free(mask);
             continue;
         }
  
         for (ut32 i = func_size - 1; i > 1; --i) {
             if (mask[i] != 0xFF) {
                 func_size--;
                 continue;
             }
             break;
         }
  
         RzFlirtNode *child = flirt_create_child_from_analysis(analysis, func, pattern, mask, func_size, tail_bytes);
         RZ_FREE(pattern);
         free(mask);
         if (!child || !rz_list_append(root->child_list, child)) {
             RZ_LOG_ERROR("FLIRT: cannot append child to root list.\n");
             rz_sign_flirt_node_free(child);
             goto fail;
         }
     }
  
     if (rz_list_length(root->child_list) < 1) {
         RZ_LOG_ERROR("FLIRT: cannot create signature file when i do not have signatures.\n");
         goto fail;
     }
  
     if (optimization == RZ_FLIRT_NODE_OPTIMIZE_NONE) {
         rz_list_sort(root->child_list, (RzListComparator)flirt_compare_node);
     } else if (!flirt_node_optimize(root)) {
         goto fail;
     }
  
     return root;
  
 fail:
     rz_sign_flirt_node_free(root);
     return NULL;
 }

References rz_analysis_function_t::addr, fail, flirt_compare_node(), flirt_create_child_from_analysis(), flirt_node_optimize(), free(), i, is_valid_mask_prelude(), malloc(), mask, rz_analysis_function_t::name, NULL, PFMT64x, root, RZ_ANALYSIS_FCN_TYPE_FCN, RZ_ANALYSIS_FCN_TYPE_LOC, RZ_ANALYSIS_FCN_TYPE_SYM, rz_analysis_function_linear_size(), rz_analysis_mask(), RZ_FLIRT_NODE_OPTIMIZE_MAX, RZ_FLIRT_NODE_OPTIMIZE_NONE, RZ_FREE, rz_list_append(), rz_list_length(), rz_list_newf(), rz_list_sort(), RZ_LOG_ERROR, RZ_LOG_WARN, RZ_NEW0, rz_return_val_if_fail, rz_sign_flirt_node_free(), ST32_MAX, starts_with_flag, rz_analysis_function_t::type, and ut64().

Referenced by rz_core_flirt_create_file().

◆ rz_sign_flirt_parse_compressed_pattern_from_buffer()

RZ_API RZ_OWN RzFlirtNode* rz_sign_flirt_parse_compressed_pattern_from_buffer	(	RZ_NONNULL RzBuffer *	flirt_buf,
		ut8	expected_arch,
		RZ_NULLABLE RzFlirtInfo *	info
	)

Parses the RzBuffer containing a FLIRT structure and returns an RzFlirtNode.

Parses the RzBuffer containing a FLIRT structure and returns an RzFlirtNode if expected_arch matches the id or RZ_FLIRT_SIG_ARCH_ANY is set.

Parameters

flirt_buf	The buffer to read
expected_arch	The expected arch to be used for the buffer
info	Pointer to a RzFlirtInfo that can be used to get info about the sig file

Returns: Parsed FLIRT node

Definition at line 1136 of file flirt.c.

                                                                                                                                                                 {
     rz_return_val_if_fail(flirt_buf && expected_arch <= RZ_FLIRT_SIG_ARCH_ANY, NULL);
  
     ut8 *name = NULL;
     ut8 *buf = NULL, *decompressed_buf = NULL;
     RzBuffer *rz_buf = NULL;
     int size, decompressed_size;
     RzFlirtNode *node = NULL;
     RzFlirtNode *ret = NULL;
     idasig_v5_t *header = NULL;
     idasig_v6_v7_t *v6_v7 = NULL;
     idasig_v8_v9_t *v8_v9 = NULL;
     idasig_v10_t *v10 = NULL;
  
     ParseStatus ps = { 0 };
  
     if (!(ps.version = flirt_parse_version(flirt_buf))) {
         goto exit;
     }
  
     if (ps.version < 5 || ps.version > 10) {
         RZ_LOG_ERROR("FLIRT: Unsupported flirt signature version\n");
         goto exit;
     }
  
     if (!(header = RZ_NEW0(idasig_v5_t))) {
         goto exit;
     }
  
     parse_v5_header(flirt_buf, header);
  
     if (expected_arch != RZ_FLIRT_SIG_ARCH_ANY && header->arch != expected_arch) {
         RZ_LOG_ERROR("FLIRT: the binary architecture did not match the .sig one.\n");
         goto exit;
     }
  
     if (ps.version >= 6) {
         if (!(v6_v7 = RZ_NEW0(idasig_v6_v7_t))) {
             goto exit;
         }
         if (!parse_v6_v7_header(flirt_buf, v6_v7)) {
             goto exit;
         }
  
         if (ps.version >= 8) {
             if (!(v8_v9 = RZ_NEW0(idasig_v8_v9_t))) {
                 goto exit;
             }
             if (!parse_v8_v9_header(flirt_buf, v8_v9)) {
                 goto exit;
             }
  
             if (ps.version >= 10) {
                 if (!(v10 = RZ_NEW0(idasig_v10_t))) {
                     goto exit;
                 }
                 if (!parse_v10_header(flirt_buf, v10)) {
                     goto exit;
                 }
             }
         }
     }
  
     name = malloc(header->library_name_len + 1);
     if (!name) {
         RZ_LOG_ERROR("FLIRT: failed to allocate library name\n");
         goto exit;
     }
  
     if (rz_buf_read(flirt_buf, name, header->library_name_len) != header->library_name_len) {
         RZ_LOG_ERROR("FLIRT: failed to read library name\n");
         goto exit;
     }
  
     name[header->library_name_len] = '\0';
  
     size = rz_buf_size(flirt_buf) - rz_buf_tell(flirt_buf);
     buf = malloc(size);
     if (!buf) {
         RZ_LOG_ERROR("FLIRT: failed to allocate buffer for signature body\n");
         goto exit;
     }
  
     if (rz_buf_read(flirt_buf, buf, size) != size) {
         RZ_LOG_ERROR("FLIRT: failed to read signature body\n");
         goto exit;
     }
  
     if (header->features & IDASIG_FEATURE_COMPRESSED) {
         if (ps.version >= 5 && ps.version < 7) {
             if (!(decompressed_buf = rz_inflate_ignore_header(buf, size, NULL, &decompressed_size))) {
                 RZ_LOG_ERROR("FLIRT: Failed to decompress buffer.\n");
                 goto exit;
             }
         } else if (ps.version >= 7) {
             if (!(decompressed_buf = rz_inflate(buf, size, NULL, &decompressed_size))) {
                 RZ_LOG_ERROR("FLIRT: Failed to decompress buffer.\n");
                 goto exit;
             }
         } else {
             RZ_LOG_ERROR("FLIRT: Sorry we do not support compressed signatures with version %d.\n", ps.version);
             goto exit;
         }
  
         RZ_FREE(buf);
         buf = decompressed_buf;
         size = decompressed_size;
     }
     rz_buf = rz_buf_new_with_pointers(buf, size, false);
     if (!rz_buf) {
         RZ_LOG_ERROR("FLIRT: failed to allocate new RzBuffer\n");
         goto exit;
     }
     ps.buffer = rz_buf;
  
     if (!(node = RZ_NEW0(RzFlirtNode))) {
         RZ_LOG_ERROR("FLIRT: failed to allocate root RzFlirtNode\n");
         goto exit;
     }
  
     if (parse_tree(&ps, node)) {
         ret = node;
     } else {
         free(node);
     }
  
     if (info && ret) {
         info->type = RZ_FLIRT_FILE_TYPE_SIG;
         info->u.sig.version = ps.version;
         info->u.sig.architecture = header->arch;
         info->u.sig.n_modules = rz_sign_flirt_node_count_nodes(ret);
         info->u.sig.name = (char *)name;
         name = NULL;
     }
  
 exit:
     free(buf);
     rz_buf_free(rz_buf);
     free(header);
     free(v6_v7);
     free(v8_v9);
     free(v10);
     free(name);
     return ret;
 }

References parse_status_t::buffer, test-lz4-list::exit, flirt_parse_version(), free(), header, IDASIG_FEATURE_COMPRESSED, info(), malloc(), NULL, parse_tree(), parse_v10_header(), parse_v5_header(), parse_v6_v7_header(), parse_v8_v9_header(), rz_buf_free(), rz_buf_new_with_pointers(), rz_buf_read(), rz_buf_size(), rz_buf_tell(), RZ_FLIRT_FILE_TYPE_SIG, RZ_FLIRT_SIG_ARCH_ANY, RZ_FREE, rz_inflate(), rz_inflate_ignore_header(), RZ_LOG_ERROR, RZ_NEW0, rz_return_val_if_fail, rz_sign_flirt_node_count_nodes(), rz_bin_info_t::type, and parse_status_t::version.

Referenced by rz_core_flirt_convert_file(), rz_core_flirt_dump_file(), and rz_sign_flirt_apply().

◆ rz_sign_flirt_parse_header_compressed_pattern_from_buffer()

RZ_API RZ_OWN bool rz_sign_flirt_parse_header_compressed_pattern_from_buffer	(	RZ_NONNULL RzBuffer *	flirt_buf,
		RZ_NONNULL RzFlirtInfo *	info
	)

Parses the RzBuffer containing a FLIRT structure and returns an RzFlirtInfo.

Parses the RzBuffer containing a FLIRT structure and returns an RzFlirtNode if expected_arch matches the id or RZ_FLIRT_SIG_ARCH_ANY is set.

Parameters

flirt_buf	The buffer to read
expected_arch	The expected arch to be used for the buffer
info	Pointer to a RzFlirtInfo that can be used to get info about the sig file

Returns: Parsed FLIRT node

Definition at line 1062 of file flirt.c.

                                                                                                                                            {
     rz_return_val_if_fail(flirt_buf && info, false);
  
     bool res = false;
     ut8 *name = NULL;
     idasig_v5_t v5 = { 0 };
     idasig_v6_v7_t v6_v7 = { 0 };
     idasig_v8_v9_t v8_v9 = { 0 };
     idasig_v10_t v10 = { 0 };
  
     if (!parse_v5_header(flirt_buf, &v5)) {
         RZ_LOG_ERROR("FLIRT: invalid sig header.\n");
         goto exit;
     }
  
     if (memcmp((const char *)v5.magic, "IDASGN", 6)) {
         RZ_LOG_ERROR("FLIRT: invalid sig magic.\n");
         goto exit;
     }
  
     if (v5.version < 5 || v5.version > 10) {
         RZ_LOG_ERROR("FLIRT: Unsupported flirt signature version\n");
         goto exit;
     }
  
     if (v5.version >= 6 && !parse_v6_v7_header(flirt_buf, &v6_v7)) {
         goto exit;
     }
  
     if (v5.version >= 8 && !parse_v8_v9_header(flirt_buf, &v8_v9)) {
         goto exit;
     }
  
     if (v5.version >= 10 && !parse_v10_header(flirt_buf, &v10)) {
         goto exit;
     }
  
     name = malloc(v5.library_name_len + 1);
     if (!name) {
         RZ_LOG_ERROR("FLIRT: failed to allocate library name\n");
         goto exit;
     }
  
     if (rz_buf_read(flirt_buf, name, v5.library_name_len) != v5.library_name_len) {
         RZ_LOG_ERROR("FLIRT: failed to read library name\n");
         goto exit;
     }
  
     name[v5.library_name_len] = '\0';
  
     info->type = RZ_FLIRT_FILE_TYPE_SIG;
     info->u.sig.version = v5.version;
     info->u.sig.architecture = v5.arch;
     info->u.sig.n_modules = v5.version < 6 ? v5.old_n_functions : v6_v7.n_functions;
     info->u.sig.name = (char *)name;
     name = NULL;
     res = true;
  
 exit:
     free(name);
     return res;
 }

References idasig_v5_t::arch, test-lz4-list::exit, free(), info(), idasig_v5_t::library_name_len, idasig_v5_t::magic, malloc(), idasig_v6_v7_t::n_functions, NULL, idasig_v5_t::old_n_functions, parse_v10_header(), parse_v5_header(), parse_v6_v7_header(), parse_v8_v9_header(), rz_buf_read(), RZ_FLIRT_FILE_TYPE_SIG, RZ_LOG_ERROR, rz_return_val_if_fail, rz_bin_info_t::type, and idasig_v5_t::version.

Referenced by sigdb_signature_resolve_details().

◆ rz_sign_flirt_parse_string_pattern_from_buffer()

RZ_API RZ_OWN RzFlirtNode* rz_sign_flirt_parse_string_pattern_from_buffer	(	RZ_NONNULL RzBuffer *	flirt_buf,
		ut32	optimization,
		RZ_NULLABLE RzFlirtInfo *	info
	)

Parses the RzBuffer containing a FLIRT signature in string format and returns an RzFlirtNode.

Parameters

flirt_buf	The buffer to read
optimization	Optimization to apply after creation of the flatten nodes.
info	Pointer to a RzFlirtInfo that can be used to get info about the pat file

Returns: Parsed FLIRT node

Definition at line 356 of file pat.c.

                                                                                                                                                             {
     rz_return_val_if_fail(flirt_buf, NULL);
  
     if (optimization > RZ_FLIRT_NODE_OPTIMIZE_MAX) {
         RZ_LOG_ERROR("FLIRT: optimization value is invalid (%u > RZ_FLIRT_NODE_OPTIMIZE_MAX).\n", optimization);
         return NULL;
     }
  
     char buffer[PAT_LINE_BUFFER_SIZE];
     const char *buffer_end = buffer + sizeof(buffer);
     ut32 line_num = 1;
     char *newline = NULL;
     st64 read = 0;
     RzFlirtNode *root = NULL;
     RzStrBuf *line = NULL;
  
     root = RZ_NEW0(RzFlirtNode);
     if (!root) {
         RZ_LOG_ERROR("FLIRT: cannot allocate root node\n");
         return NULL;
     }
  
     root->child_list = rz_list_newf((RzListFree)rz_sign_flirt_node_free);
     if (!root->child_list) {
         free(root);
         RZ_LOG_ERROR("FLIRT: cannot allocate root node child list\n");
         return NULL;
     }
  
     line = rz_strbuf_new("");
     if (!line) {
         rz_sign_flirt_node_free(root);
         RZ_LOG_ERROR("FLIRT: cannot allocate line buffer\n");
         return NULL;
     }
  
     bool tail_bytes = optimization != RZ_FLIRT_NODE_OPTIMIZE_MAX;
     do {
         if (newline && rz_strbuf_length(line) > 0) {
             char *p = newline + 1;
             pat_dbg("%05u: %s\n", line_num, rz_strbuf_get(line));
             bool parsed = flirt_pat_parse_line(root, line, line_num, tail_bytes);
             rz_strbuf_fini(line);
             rz_strbuf_init(line);
             if (!parsed) {
                 break;
             }
             line_num++;
             if (p < buffer_end && *p) {
                 if ((newline = strchr(p, '\n'))) {
                     newline[0] = 0;
                 }
                 rz_strbuf_append(line, p);
             }
             continue;
         }
         memset(buffer, 0, sizeof(buffer));
         if ((read = rz_buf_read(flirt_buf, (ut8 *)buffer, sizeof(buffer) - 1)) < 1) {
             break;
         }
         if ((newline = strchr(buffer, '\n'))) {
             newline[0] = 0;
         }
         rz_strbuf_append(line, buffer);
     } while (true);
  
     if (rz_strbuf_length(line) > 0) {
         flirt_pat_parse_line(root, line, line_num, tail_bytes);
     }
  
     rz_strbuf_free(line);
  
     if (optimization == RZ_FLIRT_NODE_OPTIMIZE_NONE) {
         rz_list_sort(root->child_list, (RzListComparator)flirt_compare_node);
     } else if (!flirt_node_optimize(root)) {
         rz_sign_flirt_node_free(root);
         return NULL;
     }
  
     if (info) {
         info->type = RZ_FLIRT_FILE_TYPE_PAT;
         info->u.pat.n_modules = rz_sign_flirt_node_count_nodes(root);
     }
  
     return root;
 }

References flirt_compare_node(), flirt_node_optimize(), flirt_pat_parse_line(), free(), info(), setup::line, memset(), NULL, p, pat_dbg, PAT_LINE_BUFFER_SIZE, read(), root, rz_buf_read(), RZ_FLIRT_FILE_TYPE_PAT, RZ_FLIRT_NODE_OPTIMIZE_MAX, RZ_FLIRT_NODE_OPTIMIZE_NONE, rz_list_newf(), rz_list_sort(), RZ_LOG_ERROR, RZ_NEW0, rz_return_val_if_fail, rz_sign_flirt_node_count_nodes(), rz_sign_flirt_node_free(), rz_strbuf_append(), rz_strbuf_fini(), rz_strbuf_free(), rz_strbuf_get(), rz_strbuf_init(), rz_strbuf_length(), rz_strbuf_new(), st64, and rz_bin_info_t::type.

Referenced by rz_core_flirt_convert_file(), rz_core_flirt_dump_file(), rz_sign_flirt_apply(), and sigdb_signature_resolve_details().

◆ rz_sign_flirt_write_compressed_pattern_to_buffer()

RZ_API bool rz_sign_flirt_write_compressed_pattern_to_buffer	(	RZ_NONNULL const RzFlirtNode *	node,
		RZ_NONNULL RzBuffer *	buffer,
		RzFlirtCompressedOptions *	options
	)

Writes in the the RzBuffer the FLIRT signatures in compressed format.

Parameters

node	The FLIRT node to use as input
buffer	The buffer to write to

Returns: Parsed FLIRT node

Definition at line 1580 of file flirt.c.

                                                                                                                                                                  {
     rz_return_val_if_fail(node && buffer && options, false);
     RzBuffer *body = buffer;
  
     if (options->version < 5 || options->version > 10) {
         RZ_LOG_ERROR("FLIRT: unsupported sig type version %u\n", options->version);
         return false;
     } else if (options->arch >= RZ_FLIRT_SIG_ARCH_ANY) {
         RZ_LOG_ERROR("FLIRT: unsupported architecture %u\n", options->arch);
         return false;
     } else if (RZ_STR_ISEMPTY(options->libname)) {
         RZ_LOG_ERROR("FLIRT: library name is empty\n");
         return false;
     }
  
     size_t library_name_len = strlen(options->libname);
     if (library_name_len > RZ_FLIRT_LIBRARY_NAME_MAX) {
         RZ_LOG_ERROR("FLIRT: library name is too big. max size is %u\n", RZ_FLIRT_LIBRARY_NAME_MAX);
         return false;
     }
  
     if (options->deflate) {
         if (options->version < 7) {
             RZ_LOG_ERROR("FLIRT: cannot deflate body due FLIRT version being < 7\n");
             return false;
         }
  
         body = rz_buf_new_empty(0);
         if (!body) {
             RZ_LOG_ERROR("FLIRT: cannot allocate body buffer\n");
             return false;
         }
     }
  
     ut8 tmp[32];
     ut32 n_functions = rz_sign_flirt_node_count_nodes(node);
  
     // magic
     rz_buf_append_string(buffer, "IDASGN");
  
     // version
     rz_buf_append_le_bits(buffer, tmp, options->version, 8);
  
     // arch
     rz_buf_append_le_bits(buffer, tmp, options->arch, 8);
  
     // file_types (little endian)
     rz_buf_append_le_bits(buffer, tmp, options->file, 32);
  
     // os_types (little endian)
     rz_buf_append_le_bits(buffer, tmp, options->os, 16);
  
     // app_types (little endian)
     rz_buf_append_le_bits(buffer, tmp, options->app, 16);
  
     // features (little endian)
     rz_buf_append_le_bits(buffer, tmp, options->deflate ? IDASIG_FEATURE_COMPRESSED : IDASIG_FEATURE_NONE, 16);
  
     // n_functions (little endian) - used only in v5.
     rz_buf_append_le_bits(buffer, tmp, options->version >= 6 ? 0 : n_functions, 16);
  
     // crc16 (little endian)
     rz_buf_append_le_bits(buffer, tmp, 0, 16);
  
     // ctype (little endian)
     memset(tmp, 0, 12);
     rz_buf_append_bytes(buffer, tmp, 12);
  
     // library_name_len (max 255)
     rz_buf_append_le_bits(buffer, tmp, library_name_len, 8);
  
     // crc16_ctypes (little endian)
     rz_buf_append_le_bits(buffer, tmp, IDASIG_FEATURE_NONE, 16);
  
     if (options->version >= 6) {
         // n_functions (little endian)
         rz_buf_append_le_bits(buffer, tmp, n_functions, 32);
     }
  
     if (options->version >= 8) {
         // pattern_size (little endian) - we always use 32 bytes prelude
         rz_buf_append_le_bits(buffer, tmp, 32, 16);
     }
  
     if (options->version >= 10) {
         // unknown (little endian)
         rz_buf_append_le_bits(buffer, tmp, 0, 16);
     }
  
     // library name
     rz_buf_append_string(buffer, options->libname);
  
     if (!flirt_write_node(node, body, options->version)) {
         rz_buf_free(body);
         return false;
     }
  
     bool ret = true;
     if (options->deflate) {
         ut64 block_size = 1ull << 20; // 1 Mb
         if (!rz_deflatew_buf(body, buffer, block_size, NULL, 15)) {
             RZ_LOG_ERROR("FLIRT: cannot deflate body\n");
             ret = false;
         }
         rz_buf_free(body);
     }
     return ret;
 }

References flirt_write_node(), IDASIG_FEATURE_COMPRESSED, IDASIG_FEATURE_NONE, memset(), NULL, options, rz_buf_append_bytes(), rz_buf_append_le_bits, rz_buf_append_string(), rz_buf_free(), rz_buf_new_empty(), rz_deflatew_buf(), RZ_FLIRT_LIBRARY_NAME_MAX, RZ_FLIRT_SIG_ARCH_ANY, RZ_LOG_ERROR, rz_return_val_if_fail, rz_sign_flirt_node_count_nodes(), RZ_STR_ISEMPTY, autogen_x86imm::tmp, and ut64().

Referenced by rz_core_flirt_convert_file(), and rz_core_flirt_create_file().

◆ rz_sign_flirt_write_string_pattern_to_buffer()

RZ_API bool rz_sign_flirt_write_string_pattern_to_buffer	(	RZ_NONNULL const RzFlirtNode *	root,
		RZ_NONNULL RzBuffer *	buffer
	)

Writes in the the RzBuffer the FLIRT signatures in string format.

Parameters

root	The FLIRT root node to use as input
buffer	The buffer to write to

Returns: Parsed FLIRT node

Definition at line 529 of file pat.c.

                                                                                                                           {
     rz_return_val_if_fail(root && buffer, false);
     // 4154554889FD534889F3C60700E8........C6441DFF004189C485C07515BE2E 07 FAEE 003B :0000@ Curl_gethostname ^000E gethostname ^0027 strchr ........4885C07403C600004489E05B5D415CC3
     RzStrBuf sb;
  
     RzListIter *it;
     RzFlirtNode *child;
     rz_list_foreach (root->child_list, it, child) {
         rz_strbuf_init(&sb);
         if (!flirt_pat_write_line(child, buffer, &sb)) {
             return false;
         }
         rz_strbuf_fini(&sb);
     }
     rz_buf_append_string(buffer, "---\n");
     return true;
 }

References flirt_pat_write_line(), root, rz_buf_append_string(), rz_return_val_if_fail, rz_strbuf_fini(), rz_strbuf_init(), and sb.

Referenced by rz_core_flirt_convert_file(), and rz_core_flirt_create_file().

◆ rz_sign_sigdb_add_entry()

RZ_API bool rz_sign_sigdb_add_entry	(	RZ_NONNULL RzSigDb *	db,
		RZ_NONNULL const RzSigDBEntry *	entry
	)

Add a new signature entry to a database.

Parameters

db	Database of signatures
entry	Single signature entry to add to the database

Returns: true if the signature entry was correctly added to the database, false otherwise

Definition at line 158 of file sigdb.c.

                                                                                                   {
     rz_return_val_if_fail(db && entry, NULL);
     return ht_pu_insert(db->entries, entry, 1);
 }

References NULL, and rz_return_val_if_fail.

Referenced by rz_sign_sigdb_load_database(), and sigdb_move_entry().

◆ rz_sign_sigdb_free()

RZ_API void rz_sign_sigdb_free ( RzSigDb * db )

Definition at line 277 of file sigdb.c.

                                             {
     if (!db) {
         return;
     }
     ht_pu_free(db->entries);
     free(db);
 }

References rz_signature_db_t::entries, and free().

Referenced by analysis_sigdb_add(), and rz_sign_sigdb_load_database().

◆ rz_sign_sigdb_list()

RZ_API RZ_OWN RzList* rz_sign_sigdb_list ( RZ_NONNULL const RzSigDb * db )

Return the signature database as a list of entries.

Definition at line 294 of file sigdb.c.

                                                                          {
     rz_return_val_if_fail(db, NULL);
  
     RzList *res = rz_list_new();
     if (!res) {
         return NULL;
     }
     ht_pu_foreach(db->entries, sigdb_to_list, res);
     rz_list_sort(res, (RzListComparator)sigdb_signature_cmp);
     return res;
 }

References NULL, rz_list_new(), rz_list_sort(), rz_return_val_if_fail, sigdb_signature_cmp(), and sigdb_to_list().

Referenced by rz_core_analysis_sigdb_list().

◆ rz_sign_sigdb_load_database()

RZ_API RZ_OWN RzSigDb* rz_sign_sigdb_load_database	(	RZ_NONNULL const char *	sigdb_path,
		bool	with_details
	)

Returns a database of signatures loaded from the signature database path.

Parameters

sigdb_path	The signature database path/location
with_details	When true, opens each signature within the db for extra details

Returns: List of entries

Definition at line 105 of file sigdb.c.

                                                                                                          {
     rz_return_val_if_fail(RZ_STR_ISNOTEMPTY(sigdb_path), NULL);
     char glob[1024];
     if (!rz_file_is_directory(sigdb_path)) {
         RZ_LOG_ERROR("sigdb path is unknown or invalid (path: %s)\n", sigdb_path);
         return NULL;
     }
     size_t path_len = strlen(sigdb_path) + 1; // ignoring also the filesystem separator
     RzSigDb *sigs = rz_sign_sigdb_new();
     if (!sigs) {
         RZ_LOG_ERROR("cannot allocate signature database\n");
         return NULL;
     }
  
     rz_strf(glob, RZ_JOIN_2_PATHS("%s", "**"), sigdb_path);
     RzList *files = rz_file_globsearch(glob, 10);
     char *file = NULL;
     RzListIter *iter = NULL;
     RzSigDBEntry *sig = NULL;
  
     rz_list_foreach (files, iter, file) {
         if (!rz_str_endswith(file, ".pat") && !rz_str_endswith(file, ".sig")) {
             continue;
         }
  
         sig = RZ_NEW0(RzSigDBEntry);
         if (!sig) {
             goto fail;
         }
  
         sig->file_path = strdup(file);
         if (!sig->file_path || !sigdb_signature_resolve_details(sig, path_len, with_details)) {
             rz_sign_sigdb_signature_free(sig);
             goto fail;
         }
         rz_sign_sigdb_add_entry(sigs, sig);
     }
     rz_list_free(files);
     return sigs;
  
 fail:
     rz_list_free(files);
     rz_sign_sigdb_free(sigs);
     return NULL;
 }

References fail, rz_signature_database_entry_t::file_path, files, NULL, rz_file_globsearch(), rz_file_is_directory(), RZ_JOIN_2_PATHS, rz_list_free(), RZ_LOG_ERROR, RZ_NEW0, rz_return_val_if_fail, rz_sign_sigdb_add_entry(), rz_sign_sigdb_free(), rz_sign_sigdb_new(), rz_sign_sigdb_signature_free(), rz_str_endswith(), RZ_STR_ISNOTEMPTY, rz_strf, sigdb_signature_resolve_details(), and strdup().

Referenced by analysis_sigdb_add().

◆ rz_sign_sigdb_merge()

RZ_API bool rz_sign_sigdb_merge	(	RZ_NONNULL RzSigDb *	db,
		RZ_NONNULL RzSigDb *	db2
	)

Merge the signatures from db2 into db.

Data within db2 is moved into db, making it empty.

Parameters

db	Database of signatures to extend
db2	Database of signatures that need to be merged into `db`

Returns: true if the databases were correctly merged, false otherwise

Definition at line 184 of file sigdb.c.

                                                                                  {
     rz_return_val_if_fail(db && db2, NULL);
     struct sigdb_move_data_t opt = {
         .src = db2,
         .dst = db,
     };
     db2->entries->opt.freefn = NULL;
     ht_pu_foreach(db2->entries, sigdb_move_entry, &opt);
     return true;
 }

References rz_signature_db_t::entries, NULL, rz_return_val_if_fail, sigdb_move_entry(), and sigdb_move_data_t::src.

Referenced by analysis_sigdb_add().

◆ rz_sign_sigdb_new()

RZ_API RZ_OWN RzSigDb* rz_sign_sigdb_new ( void )

Create a new empty RzSigDb instance.

Definition at line 260 of file sigdb.c.

                                                {
     RzSigDb *db = RZ_NEW0(RzSigDb);
     if (!db) {
         return NULL;
     }
     HtPUOptions opt = { 0 };
     opt.cmp = sigdb_entry_cmp,
     opt.hashfn = sigdb_entry_hash,
     opt.freefn = ht_pu_sigdb_freekv;
     db->entries = ht_pu_new_opt(&opt);
     if (!db->entries) {
         free(db);
         return NULL;
     }
     return db;
 }

References rz_signature_db_t::entries, free(), ht_pu_sigdb_freekv(), NULL, RZ_NEW0, sigdb_entry_cmp(), and sigdb_entry_hash().

Referenced by rz_core_analysis_sigdb_list(), and rz_sign_sigdb_load_database().

◆ rz_sign_sigdb_signature_free()

RZ_API void rz_sign_sigdb_signature_free ( RZ_NULLABLE RzSigDBEntry * entry )

Frees a RzSigDBEntry structure.

Parameters

[in] entry The RzSigDBEntry to free

Definition at line 12 of file sigdb.c.

                                                                           {
     if (!entry) {
         return;
     }
     // base_name points to file_path, so there is no need to call free
     // short_path points to file_path, so there is no need to call free
     free(entry->bin_name);
     free(entry->arch_name);
     free(entry->file_path);
     free(entry);
 }

References free().

Referenced by ht_pu_sigdb_freekv(), and rz_sign_sigdb_load_database().

Classes

Macros

Typedefs

Enumerations

Functions

Macro Definition Documentation

◆ RZ_FLIRT_LIBRARY_NAME_DFL

◆ RZ_FLIRT_LIBRARY_NAME_MAX

◆ RZ_FLIRT_MAX_PRELUDE_SIZE

◆ RZ_FLIRT_NAME_MAX

◆ RZ_FLIRT_SIG_APP_16_BIT

◆ RZ_FLIRT_SIG_APP_32_BIT

◆ RZ_FLIRT_SIG_APP_64_BIT

◆ RZ_FLIRT_SIG_APP_ALL

◆ RZ_FLIRT_SIG_APP_CONSOLE

◆ RZ_FLIRT_SIG_APP_DLL

◆ RZ_FLIRT_SIG_APP_DRV

◆ RZ_FLIRT_SIG_APP_EXE

◆ RZ_FLIRT_SIG_APP_GRAPHICS

◆ RZ_FLIRT_SIG_APP_MULTI_THREADED

◆ RZ_FLIRT_SIG_APP_SINGLE_THREADED

◆ RZ_FLIRT_SIG_FILE_AIXAR

◆ RZ_FLIRT_SIG_FILE_ALL

◆ RZ_FLIRT_SIG_FILE_AOUT

◆ RZ_FLIRT_SIG_FILE_AR

◆ RZ_FLIRT_SIG_FILE_BIN

◆ RZ_FLIRT_SIG_FILE_COFF

◆ RZ_FLIRT_SIG_FILE_DOS_COM

◆ RZ_FLIRT_SIG_FILE_DOS_COM_OLD

◆ RZ_FLIRT_SIG_FILE_DOS_EXE

◆ RZ_FLIRT_SIG_FILE_DOS_EXE_OLD

◆ RZ_FLIRT_SIG_FILE_DOSDRV

◆ RZ_FLIRT_SIG_FILE_ELF

◆ RZ_FLIRT_SIG_FILE_INTELHEX

◆ RZ_FLIRT_SIG_FILE_LE

◆ RZ_FLIRT_SIG_FILE_LOADER

◆ RZ_FLIRT_SIG_FILE_LX

◆ RZ_FLIRT_SIG_FILE_MOSHEX

◆ RZ_FLIRT_SIG_FILE_NE

◆ RZ_FLIRT_SIG_FILE_NLM

◆ RZ_FLIRT_SIG_FILE_OMF

◆ RZ_FLIRT_SIG_FILE_OMFLIB

◆ RZ_FLIRT_SIG_FILE_PE

◆ RZ_FLIRT_SIG_FILE_PILOT

◆ RZ_FLIRT_SIG_FILE_SREC

◆ RZ_FLIRT_SIG_FILE_W32RUN

◆ RZ_FLIRT_SIG_FILE_ZIP

◆ RZ_FLIRT_SIG_OS_ALL

◆ RZ_FLIRT_SIG_OS_MSDOS

◆ RZ_FLIRT_SIG_OS_NETWARE

◆ RZ_FLIRT_SIG_OS_OS2

◆ RZ_FLIRT_SIG_OS_OTHER

◆ RZ_FLIRT_SIG_OS_UNIX

◆ RZ_FLIRT_SIG_OS_WIN

Typedef Documentation

◆ RzFlirtCompressedOptions

◆ RzFlirtFileType

◆ RzFlirtFunction

◆ RzFlirtInfo

◆ RzFlirtModule

◆ RzFlirtNode

◆ RzFlirtPatInfo

◆ RzFlirtSigInfo

◆ RzFlirtTailByte

◆ RzSigDb

◆ RzSigDBEntry

Enumeration Type Documentation

◆ rz_flirt_file_type_t

◆ rz_flirt_node_optimization_t

◆ rz_flirt_sig_arch_t

Function Documentation

◆ rz_sign_flirt_apply()

◆ rz_sign_flirt_info_fini()

◆ rz_sign_flirt_node_count_nodes()

◆ rz_sign_flirt_node_free()

◆ rz_sign_flirt_node_new()

◆ rz_sign_flirt_parse_compressed_pattern_from_buffer()

◆ rz_sign_flirt_parse_header_compressed_pattern_from_buffer()

◆ rz_sign_flirt_parse_string_pattern_from_buffer()

◆ rz_sign_flirt_write_compressed_pattern_to_buffer()