Rizin
unix-like reverse engineering framework and cli tools
rz_flirt.h
Go to the documentation of this file.
1 // SPDX-FileCopyrightText: 2021-2022 RizinOrg <info@rizin.re>
2 // SPDX-FileCopyrightText: 2021-2022 deroad <wargio@libero.it>
3 // SPDX-FileCopyrightText: 2014-2016 jfrankowski <jody.frankowski@gmail.com>
4 // SPDX-License-Identifier: LGPL-3.0-only
5 
6 #ifndef RZ_FLIRT_H
7 #define RZ_FLIRT_H
8 
9 #include <rz_types.h>
10 #include <rz_list.h>
11 #include <rz_analysis.h>
12 
13 #ifdef __cplusplus
14 extern "C" {
15 #endif
16 
17 #define RZ_FLIRT_NAME_MAX 1024
18 #define RZ_FLIRT_LIBRARY_NAME_MAX 0xFF
19 #define RZ_FLIRT_LIBRARY_NAME_DFL "Built with rizin " RZ_VERSION
20 #define RZ_FLIRT_MAX_PRELUDE_SIZE (32) // this value is choosen as the default for FLIRT, but it can go between 1 and 64
21 
22 /* supported architectures */
23 enum rz_flirt_sig_arch_t {
24  RZ_FLIRT_SIG_ARCH_386 = 0, // Intel 80x86
25  RZ_FLIRT_SIG_ARCH_Z80, // 8085, Z80
26  RZ_FLIRT_SIG_ARCH_I860, // Intel 860
27  RZ_FLIRT_SIG_ARCH_8051, // 8051
28  RZ_FLIRT_SIG_ARCH_TMS, // Texas Instruments TMS320C5x
29  RZ_FLIRT_SIG_ARCH_6502, // 6502
30  RZ_FLIRT_SIG_ARCH_PDP, // PDP11
31  RZ_FLIRT_SIG_ARCH_68K, // Motoroal 680x0
32  RZ_FLIRT_SIG_ARCH_JAVA, // Java
33  RZ_FLIRT_SIG_ARCH_6800, // Motorola 68xx
34  RZ_FLIRT_SIG_ARCH_ST7, // SGS-Thomson ST7
35  RZ_FLIRT_SIG_ARCH_MC6812, // Motorola 68HC12
36  RZ_FLIRT_SIG_ARCH_MIPS, // MIPS
37  RZ_FLIRT_SIG_ARCH_ARM, // Advanced RISC Machines
38  RZ_FLIRT_SIG_ARCH_TMSC6, // Texas Instruments TMS320C6x
39  RZ_FLIRT_SIG_ARCH_PPC, // PowerPC
40  RZ_FLIRT_SIG_ARCH_80196, // Intel 80196
41  RZ_FLIRT_SIG_ARCH_Z8, // Z8
42  RZ_FLIRT_SIG_ARCH_SH, // Renesas (formerly Hitachi) SuperH
43  RZ_FLIRT_SIG_ARCH_NET, // Microsoft Visual Studio.Net
44  RZ_FLIRT_SIG_ARCH_AVR, // Atmel 8-bit RISC processor(s)
45  RZ_FLIRT_SIG_ARCH_H8, // Hitachi H8/300, H8/2000
46  RZ_FLIRT_SIG_ARCH_PIC, // Microchip's PIC
47  RZ_FLIRT_SIG_ARCH_SPARC, // SPARC
48  RZ_FLIRT_SIG_ARCH_ALPHA, // DEC Alpha
49  RZ_FLIRT_SIG_ARCH_HPPA, // Hewlett-Packard PA-RISC
50  RZ_FLIRT_SIG_ARCH_H8500, // Renesas (formerly Hitachi) H8/500
51  RZ_FLIRT_SIG_ARCH_TRICORE, // Tricore
52  RZ_FLIRT_SIG_ARCH_DSP56K, // Motorola DSP5600x
53  RZ_FLIRT_SIG_ARCH_C166, // Siemens C166 family
54  RZ_FLIRT_SIG_ARCH_ST20, // SGS-Thomson ST20
55  RZ_FLIRT_SIG_ARCH_IA64, // Intel Itanium IA64
56  RZ_FLIRT_SIG_ARCH_I960, // Intel 960
57  RZ_FLIRT_SIG_ARCH_F2MC, // Fujitsu F2MC-16
58  RZ_FLIRT_SIG_ARCH_TMS320C54, // Texas Instruments TMS320C54xx
59  RZ_FLIRT_SIG_ARCH_TMS320C55, // Texas Instruments TMS320C55xx
60  RZ_FLIRT_SIG_ARCH_TRIMEDIA, // Trimedia
61  RZ_FLIRT_SIG_ARCH_M32R, // Mitsubishi 32bit RISC
62  RZ_FLIRT_SIG_ARCH_NEC_78K0, // NEC 78K0
63  RZ_FLIRT_SIG_ARCH_NEC_78K0S, // NEC 78K0S
64  RZ_FLIRT_SIG_ARCH_M740, // Mitsubishi 8bit
65  RZ_FLIRT_SIG_ARCH_M7700, // Mitsubishi 16bit
66  RZ_FLIRT_SIG_ARCH_ST9, // ST9+
67  RZ_FLIRT_SIG_ARCH_FR, // Fujitsu FR Family
68  RZ_FLIRT_SIG_ARCH_MC6816, // Motorola 68HC16
69  RZ_FLIRT_SIG_ARCH_M7900, // Mitsubishi 7900
70  RZ_FLIRT_SIG_ARCH_TMS320C3, // Texas Instruments TMS320C3
71  RZ_FLIRT_SIG_ARCH_KR1878, // Angstrem KR1878
72  RZ_FLIRT_SIG_ARCH_AD218X, // Analog Devices ADSP 218X
73  RZ_FLIRT_SIG_ARCH_OAKDSP, // Atmel OAK DSP
74  RZ_FLIRT_SIG_ARCH_TLCS900, // Toshiba TLCS-900
75  RZ_FLIRT_SIG_ARCH_C39, // Rockwell C39
76  RZ_FLIRT_SIG_ARCH_CR16, // NSC CR16
77  RZ_FLIRT_SIG_ARCH_MN102L00, // Panasonic MN10200
78  RZ_FLIRT_SIG_ARCH_TMS320C1X, // Texas Instruments TMS320C1x
79  RZ_FLIRT_SIG_ARCH_NEC_V850X, // NEC V850 and V850ES/E1/E2
80  RZ_FLIRT_SIG_ARCH_SCR_ADPT, // Processor module adapter for processor modules written in scripting languages
81  RZ_FLIRT_SIG_ARCH_EBC, // EFI Bytecode
82  RZ_FLIRT_SIG_ARCH_MSP430, // Texas Instruments MSP430
83  RZ_FLIRT_SIG_ARCH_SPU, // Cell Broadband Engine Synergistic Processor Unit
84  RZ_FLIRT_SIG_ARCH_DALVIK, // Android Dalvik Virtual Machine
85  RZ_FLIRT_SIG_ARCH_65C816, // 65802/65816
86  RZ_FLIRT_SIG_ARCH_M16C, // Renesas M16C
87  RZ_FLIRT_SIG_ARCH_ARC, // Argonaut RISC Core
88  RZ_FLIRT_SIG_ARCH_UNSP, // SunPlus unSP
89  RZ_FLIRT_SIG_ARCH_TMS320C28, // Texas Instruments TMS320C28x
90  RZ_FLIRT_SIG_ARCH_DSP96K, // Motorola DSP96000
91  RZ_FLIRT_SIG_ARCH_SPC700, // Sony SPC700
92  RZ_FLIRT_SIG_ARCH_AD2106X, // Analog Devices ADSP 2106X
93  RZ_FLIRT_SIG_ARCH_PIC16, // Microchip 16-bit PIC
94  RZ_FLIRT_SIG_ARCH_S390, // IBM's S390
95  RZ_FLIRT_SIG_ARCH_XTENSA, // Tensilica Xtensa
96  RZ_FLIRT_SIG_ARCH_RISCV, // RISC-V
97  RZ_FLIRT_SIG_ARCH_RL78, // Renesas RL78.
98  RZ_FLIRT_SIG_ARCH_RX, // Renesas RX.
99  RZ_FLIRT_SIG_ARCH_ANY,
100 };
101 
102 /* supported file types */
103 #define RZ_FLIRT_SIG_FILE_DOS_EXE_OLD 0x00000001
104 #define RZ_FLIRT_SIG_FILE_DOS_COM_OLD 0x00000002
105 #define RZ_FLIRT_SIG_FILE_BIN 0x00000004
106 #define RZ_FLIRT_SIG_FILE_DOSDRV 0x00000008
107 #define RZ_FLIRT_SIG_FILE_NE 0x00000010
108 #define RZ_FLIRT_SIG_FILE_INTELHEX 0x00000020
109 #define RZ_FLIRT_SIG_FILE_MOSHEX 0x00000040
110 #define RZ_FLIRT_SIG_FILE_LX 0x00000080
111 #define RZ_FLIRT_SIG_FILE_LE 0x00000100
112 #define RZ_FLIRT_SIG_FILE_NLM 0x00000200
113 #define RZ_FLIRT_SIG_FILE_COFF 0x00000400
114 #define RZ_FLIRT_SIG_FILE_PE 0x00000800
115 #define RZ_FLIRT_SIG_FILE_OMF 0x00001000
116 #define RZ_FLIRT_SIG_FILE_SREC 0x00002000
117 #define RZ_FLIRT_SIG_FILE_ZIP 0x00004000
118 #define RZ_FLIRT_SIG_FILE_OMFLIB 0x00008000
119 #define RZ_FLIRT_SIG_FILE_AR 0x00010000
120 #define RZ_FLIRT_SIG_FILE_LOADER 0x00020000
121 #define RZ_FLIRT_SIG_FILE_ELF 0x00040000
122 #define RZ_FLIRT_SIG_FILE_W32RUN 0x00080000
123 #define RZ_FLIRT_SIG_FILE_AOUT 0x00100000
124 #define RZ_FLIRT_SIG_FILE_PILOT 0x00200000
125 #define RZ_FLIRT_SIG_FILE_DOS_EXE 0x00400000
126 #define RZ_FLIRT_SIG_FILE_DOS_COM 0x00800000
127 #define RZ_FLIRT_SIG_FILE_AIXAR 0x01000000
128 #define RZ_FLIRT_SIG_FILE_ALL 0xFFFFFFFF
129 
130 /* supported os types */
131 #define RZ_FLIRT_SIG_OS_MSDOS 0x0001
132 #define RZ_FLIRT_SIG_OS_WIN 0x0002
133 #define RZ_FLIRT_SIG_OS_OS2 0x0004
134 #define RZ_FLIRT_SIG_OS_NETWARE 0x0008
135 #define RZ_FLIRT_SIG_OS_UNIX 0x0010
136 #define RZ_FLIRT_SIG_OS_OTHER 0x0020
137 #define RZ_FLIRT_SIG_OS_ALL 0xFFFF
138 
139 /* supported app types */
140 #define RZ_FLIRT_SIG_APP_CONSOLE 0x0001
141 #define RZ_FLIRT_SIG_APP_GRAPHICS 0x0002
142 #define RZ_FLIRT_SIG_APP_EXE 0x0004
143 #define RZ_FLIRT_SIG_APP_DLL 0x0008
144 #define RZ_FLIRT_SIG_APP_DRV 0x0010
145 #define RZ_FLIRT_SIG_APP_SINGLE_THREADED 0x0020
146 #define RZ_FLIRT_SIG_APP_MULTI_THREADED 0x0040
147 #define RZ_FLIRT_SIG_APP_16_BIT 0x0080
148 #define RZ_FLIRT_SIG_APP_32_BIT 0x0100
149 #define RZ_FLIRT_SIG_APP_64_BIT 0x0200
150 #define RZ_FLIRT_SIG_APP_ALL 0xFFFF
151 
152 typedef struct rz_flirt_tail_byte_t {
153  ut16 offset; // from pattern_size + crc_length
154  ut8 value;
155 } RzFlirtTailByte;
156 
157 typedef struct rz_flirt_function_t {
158  char name[RZ_FLIRT_NAME_MAX];
159  ut32 offset; // function offset from the module start
160  bool negative_offset; // true if offset is negative, for referenced functions
161  bool is_local; // true if function is static
162  bool is_collision; // true if was an unresolved collision
163 } RzFlirtFunction;
164 
165 typedef struct rz_flirt_module_t {
166  ut32 crc_length;
167  ut32 crc16; // crc16 of the module after the pattern bytes
168  // until but not including the first variant byte
169  // this is a custom crc16
170  ut32 length; // total length of the module
171  RzList *public_functions;
172  RzList *tail_bytes;
173  RzList *referenced_functions;
174 } RzFlirtModule;
175 
176 typedef struct rz_flirt_node_t {
177  RzList *child_list;
178  RzList *module_list;
179  ut32 length; // length of the pattern
180  ut64 variant_mask; // this is the mask that will define variant bytes in ut8 *pattern_bytes
181  ut8 *pattern_bytes; // holds the pattern bytes of the signature
182  ut8 *pattern_mask; // bool array, if true, byte in pattern_bytes is a variant byte
183 } RzFlirtNode;
184 
185 enum rz_flirt_node_optimization_t {
186  RZ_FLIRT_NODE_OPTIMIZE_NONE = 0,
187  RZ_FLIRT_NODE_OPTIMIZE_NORMAL,
188  RZ_FLIRT_NODE_OPTIMIZE_MAX,
189 };
190 
191 typedef enum rz_flirt_file_type_t {
192  RZ_FLIRT_FILE_TYPE_UNKNOWN = 0,
193  RZ_FLIRT_FILE_TYPE_SIG,
194  RZ_FLIRT_FILE_TYPE_PAT,
195 } RzFlirtFileType;
196 
197 typedef struct rz_flirt_sig_info_t {
198  ut8 version;
199  ut8 architecture;
200  ut32 n_modules;
201  char *name;
202 } RzFlirtSigInfo;
203 
204 typedef struct rz_flirt_pat_info_t {
205  ut32 n_modules;
206 } RzFlirtPatInfo;
207 
208 typedef struct rz_flirt_info_t {
209  RzFlirtFileType type;
210  union {
211  RzFlirtSigInfo sig;
212  RzFlirtPatInfo pat;
213  } u;
214 } RzFlirtInfo;
215 
216 RZ_API ut32 rz_sign_flirt_node_count_nodes(RZ_NONNULL const RzFlirtNode *node);
217 RZ_API RZ_OWN RzFlirtNode *rz_sign_flirt_node_new(RZ_NONNULL RzAnalysis *analysis, ut32 optimization);
218 RZ_API void rz_sign_flirt_node_free(RZ_NULLABLE RzFlirtNode *node);
219 RZ_API void rz_sign_flirt_info_fini(RZ_NULLABLE RzFlirtInfo *info);
220 
221 RZ_API bool rz_sign_flirt_apply(RZ_NONNULL RzAnalysis *analysis, RZ_NONNULL const char *flirt_file, ut8 expected_arch);
222 
223 typedef struct rz_flirt_compressed_options_t {
224  ut8 version;
225  ut8 arch;
226  ut32 file;
227  ut16 os;
228  ut16 app;
229  bool deflate;
230  const char *libname;
231 } RzFlirtCompressedOptions;
232 
233 RZ_API RZ_OWN bool rz_sign_flirt_parse_header_compressed_pattern_from_buffer(RZ_NONNULL RzBuffer *flirt_buf, RZ_NONNULL RzFlirtInfo *info);
234 RZ_API RZ_OWN RzFlirtNode *rz_sign_flirt_parse_compressed_pattern_from_buffer(RZ_NONNULL RzBuffer *flirt_buf, ut8 expected_arch, RZ_NULLABLE RzFlirtInfo *info);
235 RZ_API bool rz_sign_flirt_write_compressed_pattern_to_buffer(RZ_NONNULL const RzFlirtNode *node, RZ_NONNULL RzBuffer *buffer, RzFlirtCompressedOptions *options);
236 
237 RZ_API RZ_OWN RzFlirtNode *rz_sign_flirt_parse_string_pattern_from_buffer(RZ_NONNULL RzBuffer *flirt_buf, ut32 optimization, RZ_NULLABLE RzFlirtInfo *info);
238 RZ_API bool rz_sign_flirt_write_string_pattern_to_buffer(RZ_NONNULL const RzFlirtNode *node, RZ_NONNULL RzBuffer *buffer);
239 
240 typedef struct rz_signature_database_entry_t {
241  char *bin_name;
242  char *arch_name;
243  ut32 arch_bits;
244  const char *base_name;
245  const char *short_path;
246  char *file_path;
247  char *details;
248  ut32 n_modules;
249 } RzSigDBEntry;
250 
251 typedef struct rz_signature_db_t {
252  HtPU *entries;
253 } RzSigDb;
254 
255 RZ_API void rz_sign_sigdb_signature_free(RZ_NULLABLE RzSigDBEntry *entry);
256 RZ_API RZ_OWN RzSigDb *rz_sign_sigdb_new(void);
257 RZ_API void rz_sign_sigdb_free(RzSigDb *db);
258 RZ_API RZ_OWN RzSigDb *rz_sign_sigdb_load_database(RZ_NONNULL const char *sigdb_path, bool with_details);
259 RZ_API bool rz_sign_sigdb_add_entry(RZ_NONNULL RzSigDb *db, RZ_NONNULL const RzSigDBEntry *entry);
260 RZ_API bool rz_sign_sigdb_merge(RZ_NONNULL RzSigDb *db, RZ_NONNULL RzSigDb *db2);
261 RZ_API RZ_OWN RzList /*<RzSigDBEntry *>*/ *rz_sign_sigdb_list(RZ_NONNULL const RzSigDb *db);
262 
263 #ifdef __cplusplus
264 }
265 #endif
266 
267 #endif /* RZ_FLIRT_H */
info
RzBinInfo * info(RzBinFile *bf)
Definition: bin_ne.c:86
RZ_API
#define RZ_API
Definition: core_plugin_example.c:36
ut16
uint16_t ut16
Definition: demangler_util.h:30
ut32
uint32_t ut32
Definition: demangler_util.h:31
ut8
uint8_t ut8
Definition: lh5801.h:11
options
static const char struct stat static buf struct stat static buf static vhangup int options
Definition: sflib.h:145
rz_analysis.h
rz_sign_flirt_parse_string_pattern_from_buffer
RZ_API RZ_OWN RzFlirtNode * rz_sign_flirt_parse_string_pattern_from_buffer(RZ_NONNULL RzBuffer *flirt_buf, ut32 optimization, RZ_NULLABLE RzFlirtInfo *info)
Parses the RzBuffer containing a FLIRT signature in string format and returns an RzFlirtNode.
Definition: pat.c:356
rz_sign_flirt_node_free
RZ_API void rz_sign_flirt_node_free(RZ_NULLABLE RzFlirtNode *node)
Frees an RzFlirtNode struct.
Definition: flirt.c:299
rz_sign_sigdb_merge
RZ_API bool rz_sign_sigdb_merge(RZ_NONNULL RzSigDb *db, RZ_NONNULL RzSigDb *db2)
Merge the signatures from db2 into db.
Definition: sigdb.c:184
rz_sign_flirt_parse_header_compressed_pattern_from_buffer
RZ_API RZ_OWN bool rz_sign_flirt_parse_header_compressed_pattern_from_buffer(RZ_NONNULL RzBuffer *flirt_buf, RZ_NONNULL RzFlirtInfo *info)
Parses the RzBuffer containing a FLIRT structure and returns an RzFlirtInfo.
Definition: flirt.c:1062
RzFlirtCompressedOptions
struct rz_flirt_compressed_options_t RzFlirtCompressedOptions
rz_sign_flirt_node_new
RZ_API RZ_OWN RzFlirtNode * rz_sign_flirt_node_new(RZ_NONNULL RzAnalysis *analysis, ut32 optimization)
Generates the FLIRT signatures and returns an RzFlirtNode.
Definition: create.c:355
RzFlirtNode
struct rz_flirt_node_t RzFlirtNode
rz_sign_flirt_info_fini
RZ_API void rz_sign_flirt_info_fini(RZ_NULLABLE RzFlirtInfo *info)
Frees an RzFlirtInfo struct elements without freeing the pointer.
Definition: flirt.c:315
rz_sign_flirt_node_count_nodes
RZ_API ut32 rz_sign_flirt_node_count_nodes(RZ_NONNULL const RzFlirtNode *node)
Counts the number of FLIRT signatures in the node.
Definition: flirt.c:1334
rz_sign_sigdb_new
RZ_API RZ_OWN RzSigDb * rz_sign_sigdb_new(void)
Create a new empty RzSigDb instance.
Definition: sigdb.c:260
RzFlirtModule
struct rz_flirt_module_t RzFlirtModule
rz_sign_flirt_write_string_pattern_to_buffer
RZ_API bool rz_sign_flirt_write_string_pattern_to_buffer(RZ_NONNULL const RzFlirtNode *node, RZ_NONNULL RzBuffer *buffer)
Writes in the the RzBuffer the FLIRT signatures in string format.
Definition: pat.c:529
RzFlirtFunction
struct rz_flirt_function_t RzFlirtFunction
RzFlirtTailByte
struct rz_flirt_tail_byte_t RzFlirtTailByte
rz_sign_sigdb_free
RZ_API void rz_sign_sigdb_free(RzSigDb *db)
Definition: sigdb.c:277
rz_flirt_node_optimization_t
rz_flirt_node_optimization_t
Definition: rz_flirt.h:185
RZ_FLIRT_NODE_OPTIMIZE_NONE
@ RZ_FLIRT_NODE_OPTIMIZE_NONE
keeps the structure flattened (keep the tail bytes)
Definition: rz_flirt.h:186
RZ_FLIRT_NODE_OPTIMIZE_NORMAL
@ RZ_FLIRT_NODE_OPTIMIZE_NORMAL
optimize the tree structure (keeps the tail bytes)
Definition: rz_flirt.h:187
RZ_FLIRT_NODE_OPTIMIZE_MAX
@ RZ_FLIRT_NODE_OPTIMIZE_MAX
optimize the tree structure and drops the tail bytes
Definition: rz_flirt.h:188
rz_sign_flirt_apply
RZ_API bool rz_sign_flirt_apply(RZ_NONNULL RzAnalysis *analysis, RZ_NONNULL const char *flirt_file, ut8 expected_arch)
Parses the FLIRT file and applies the signatures.
Definition: flirt.c:1289
RzSigDBEntry
struct rz_signature_database_entry_t RzSigDBEntry
RzFlirtInfo
struct rz_flirt_info_t RzFlirtInfo
rz_sign_sigdb_list
RZ_API RZ_OWN RzList * rz_sign_sigdb_list(RZ_NONNULL const RzSigDb *db)
Return the signature database as a list of entries.
Definition: sigdb.c:294
RzSigDb
struct rz_signature_db_t RzSigDb
RzFlirtSigInfo
struct rz_flirt_sig_info_t RzFlirtSigInfo
rz_sign_flirt_parse_compressed_pattern_from_buffer
RZ_API RZ_OWN RzFlirtNode * rz_sign_flirt_parse_compressed_pattern_from_buffer(RZ_NONNULL RzBuffer *flirt_buf, ut8 expected_arch, RZ_NULLABLE RzFlirtInfo *info)
Parses the RzBuffer containing a FLIRT structure and returns an RzFlirtNode.
Definition: flirt.c:1136
RzFlirtPatInfo
struct rz_flirt_pat_info_t RzFlirtPatInfo
rz_sign_flirt_write_compressed_pattern_to_buffer
RZ_API bool rz_sign_flirt_write_compressed_pattern_to_buffer(RZ_NONNULL const RzFlirtNode *node, RZ_NONNULL RzBuffer *buffer, RzFlirtCompressedOptions *options)
Writes in the the RzBuffer the FLIRT signatures in compressed format.
Definition: flirt.c:1580
RzFlirtFileType
enum rz_flirt_file_type_t RzFlirtFileType
rz_flirt_sig_arch_t
rz_flirt_sig_arch_t
Definition: rz_flirt.h:23
RZ_FLIRT_SIG_ARCH_I860
@ RZ_FLIRT_SIG_ARCH_I860
Definition: rz_flirt.h:26
RZ_FLIRT_SIG_ARCH_M740
@ RZ_FLIRT_SIG_ARCH_M740
Definition: rz_flirt.h:64
RZ_FLIRT_SIG_ARCH_TMS320C28
@ RZ_FLIRT_SIG_ARCH_TMS320C28
Definition: rz_flirt.h:89
RZ_FLIRT_SIG_ARCH_SPC700
@ RZ_FLIRT_SIG_ARCH_SPC700
Definition: rz_flirt.h:91
RZ_FLIRT_SIG_ARCH_TMSC6
@ RZ_FLIRT_SIG_ARCH_TMSC6
Definition: rz_flirt.h:38
RZ_FLIRT_SIG_ARCH_M7700
@ RZ_FLIRT_SIG_ARCH_M7700
Definition: rz_flirt.h:65
RZ_FLIRT_SIG_ARCH_ST7
@ RZ_FLIRT_SIG_ARCH_ST7
Definition: rz_flirt.h:34
RZ_FLIRT_SIG_ARCH_65C816
@ RZ_FLIRT_SIG_ARCH_65C816
Definition: rz_flirt.h:85
RZ_FLIRT_SIG_ARCH_M32R
@ RZ_FLIRT_SIG_ARCH_M32R
Definition: rz_flirt.h:61
RZ_FLIRT_SIG_ARCH_6502
@ RZ_FLIRT_SIG_ARCH_6502
Definition: rz_flirt.h:29
RZ_FLIRT_SIG_ARCH_MC6812
@ RZ_FLIRT_SIG_ARCH_MC6812
Definition: rz_flirt.h:35
RZ_FLIRT_SIG_ARCH_386
@ RZ_FLIRT_SIG_ARCH_386
Definition: rz_flirt.h:24
RZ_FLIRT_SIG_ARCH_F2MC
@ RZ_FLIRT_SIG_ARCH_F2MC
Definition: rz_flirt.h:57
RZ_FLIRT_SIG_ARCH_I960
@ RZ_FLIRT_SIG_ARCH_I960
Definition: rz_flirt.h:56
RZ_FLIRT_SIG_ARCH_UNSP
@ RZ_FLIRT_SIG_ARCH_UNSP
Definition: rz_flirt.h:88
RZ_FLIRT_SIG_ARCH_EBC
@ RZ_FLIRT_SIG_ARCH_EBC
Definition: rz_flirt.h:81
RZ_FLIRT_SIG_ARCH_C39
@ RZ_FLIRT_SIG_ARCH_C39
Definition: rz_flirt.h:75
RZ_FLIRT_SIG_ARCH_68K
@ RZ_FLIRT_SIG_ARCH_68K
Definition: rz_flirt.h:31
RZ_FLIRT_SIG_ARCH_M7900
@ RZ_FLIRT_SIG_ARCH_M7900
Definition: rz_flirt.h:69
RZ_FLIRT_SIG_ARCH_AD218X
@ RZ_FLIRT_SIG_ARCH_AD218X
Definition: rz_flirt.h:72
RZ_FLIRT_SIG_ARCH_ARM
@ RZ_FLIRT_SIG_ARCH_ARM
Definition: rz_flirt.h:37
RZ_FLIRT_SIG_ARCH_8051
@ RZ_FLIRT_SIG_ARCH_8051
Definition: rz_flirt.h:27
RZ_FLIRT_SIG_ARCH_ST20
@ RZ_FLIRT_SIG_ARCH_ST20
Definition: rz_flirt.h:54
RZ_FLIRT_SIG_ARCH_TMS320C1X
@ RZ_FLIRT_SIG_ARCH_TMS320C1X
Definition: rz_flirt.h:78
RZ_FLIRT_SIG_ARCH_AD2106X
@ RZ_FLIRT_SIG_ARCH_AD2106X
Definition: rz_flirt.h:92
RZ_FLIRT_SIG_ARCH_S390
@ RZ_FLIRT_SIG_ARCH_S390
Definition: rz_flirt.h:94
RZ_FLIRT_SIG_ARCH_SH
@ RZ_FLIRT_SIG_ARCH_SH
Definition: rz_flirt.h:42
RZ_FLIRT_SIG_ARCH_ANY
@ RZ_FLIRT_SIG_ARCH_ANY
Definition: rz_flirt.h:99
RZ_FLIRT_SIG_ARCH_PDP
@ RZ_FLIRT_SIG_ARCH_PDP
Definition: rz_flirt.h:30
RZ_FLIRT_SIG_ARCH_TRIMEDIA
@ RZ_FLIRT_SIG_ARCH_TRIMEDIA
Definition: rz_flirt.h:60
RZ_FLIRT_SIG_ARCH_M16C
@ RZ_FLIRT_SIG_ARCH_M16C
Definition: rz_flirt.h:86
RZ_FLIRT_SIG_ARCH_NEC_V850X
@ RZ_FLIRT_SIG_ARCH_NEC_V850X
Definition: rz_flirt.h:79
RZ_FLIRT_SIG_ARCH_TMS320C55
@ RZ_FLIRT_SIG_ARCH_TMS320C55
Definition: rz_flirt.h:59
RZ_FLIRT_SIG_ARCH_NEC_78K0
@ RZ_FLIRT_SIG_ARCH_NEC_78K0
Definition: rz_flirt.h:62
RZ_FLIRT_SIG_ARCH_H8500
@ RZ_FLIRT_SIG_ARCH_H8500
Definition: rz_flirt.h:50
RZ_FLIRT_SIG_ARCH_TMS320C54
@ RZ_FLIRT_SIG_ARCH_TMS320C54
Definition: rz_flirt.h:58
RZ_FLIRT_SIG_ARCH_ALPHA
@ RZ_FLIRT_SIG_ARCH_ALPHA
Definition: rz_flirt.h:48
RZ_FLIRT_SIG_ARCH_RISCV
@ RZ_FLIRT_SIG_ARCH_RISCV
Definition: rz_flirt.h:96
RZ_FLIRT_SIG_ARCH_80196
@ RZ_FLIRT_SIG_ARCH_80196
Definition: rz_flirt.h:40
RZ_FLIRT_SIG_ARCH_SPU
@ RZ_FLIRT_SIG_ARCH_SPU
Definition: rz_flirt.h:83
RZ_FLIRT_SIG_ARCH_TMS320C3
@ RZ_FLIRT_SIG_ARCH_TMS320C3
Definition: rz_flirt.h:70
RZ_FLIRT_SIG_ARCH_TMS
@ RZ_FLIRT_SIG_ARCH_TMS
Definition: rz_flirt.h:28
RZ_FLIRT_SIG_ARCH_FR
@ RZ_FLIRT_SIG_ARCH_FR
Definition: rz_flirt.h:67
RZ_FLIRT_SIG_ARCH_DSP56K
@ RZ_FLIRT_SIG_ARCH_DSP56K
Definition: rz_flirt.h:52
RZ_FLIRT_SIG_ARCH_OAKDSP
@ RZ_FLIRT_SIG_ARCH_OAKDSP
Definition: rz_flirt.h:73
RZ_FLIRT_SIG_ARCH_SPARC
@ RZ_FLIRT_SIG_ARCH_SPARC
Definition: rz_flirt.h:47
RZ_FLIRT_SIG_ARCH_TRICORE
@ RZ_FLIRT_SIG_ARCH_TRICORE
Definition: rz_flirt.h:51
RZ_FLIRT_SIG_ARCH_ST9
@ RZ_FLIRT_SIG_ARCH_ST9
Definition: rz_flirt.h:66
RZ_FLIRT_SIG_ARCH_RL78
@ RZ_FLIRT_SIG_ARCH_RL78
Definition: rz_flirt.h:97
RZ_FLIRT_SIG_ARCH_MC6816
@ RZ_FLIRT_SIG_ARCH_MC6816
Definition: rz_flirt.h:68
RZ_FLIRT_SIG_ARCH_NET
@ RZ_FLIRT_SIG_ARCH_NET
Definition: rz_flirt.h:43
RZ_FLIRT_SIG_ARCH_Z80
@ RZ_FLIRT_SIG_ARCH_Z80
Definition: rz_flirt.h:25
RZ_FLIRT_SIG_ARCH_DALVIK
@ RZ_FLIRT_SIG_ARCH_DALVIK
Definition: rz_flirt.h:84
RZ_FLIRT_SIG_ARCH_C166
@ RZ_FLIRT_SIG_ARCH_C166
Definition: rz_flirt.h:53
RZ_FLIRT_SIG_ARCH_6800
@ RZ_FLIRT_SIG_ARCH_6800
Definition: rz_flirt.h:33
RZ_FLIRT_SIG_ARCH_SCR_ADPT
@ RZ_FLIRT_SIG_ARCH_SCR_ADPT
Definition: rz_flirt.h:80
RZ_FLIRT_SIG_ARCH_PIC16
@ RZ_FLIRT_SIG_ARCH_PIC16
Definition: rz_flirt.h:93
RZ_FLIRT_SIG_ARCH_AVR
@ RZ_FLIRT_SIG_ARCH_AVR
Definition: rz_flirt.h:44
RZ_FLIRT_SIG_ARCH_HPPA
@ RZ_FLIRT_SIG_ARCH_HPPA
Definition: rz_flirt.h:49
RZ_FLIRT_SIG_ARCH_ARC
@ RZ_FLIRT_SIG_ARCH_ARC
Definition: rz_flirt.h:87
RZ_FLIRT_SIG_ARCH_Z8
@ RZ_FLIRT_SIG_ARCH_Z8
Definition: rz_flirt.h:41
RZ_FLIRT_SIG_ARCH_MSP430
@ RZ_FLIRT_SIG_ARCH_MSP430
Definition: rz_flirt.h:82
RZ_FLIRT_SIG_ARCH_H8
@ RZ_FLIRT_SIG_ARCH_H8
Definition: rz_flirt.h:45
RZ_FLIRT_SIG_ARCH_RX
@ RZ_FLIRT_SIG_ARCH_RX
Definition: rz_flirt.h:98
RZ_FLIRT_SIG_ARCH_PPC
@ RZ_FLIRT_SIG_ARCH_PPC
Definition: rz_flirt.h:39
RZ_FLIRT_SIG_ARCH_KR1878
@ RZ_FLIRT_SIG_ARCH_KR1878
Definition: rz_flirt.h:71
RZ_FLIRT_SIG_ARCH_PIC
@ RZ_FLIRT_SIG_ARCH_PIC
Definition: rz_flirt.h:46
RZ_FLIRT_SIG_ARCH_DSP96K
@ RZ_FLIRT_SIG_ARCH_DSP96K
Definition: rz_flirt.h:90
RZ_FLIRT_SIG_ARCH_MIPS
@ RZ_FLIRT_SIG_ARCH_MIPS
Definition: rz_flirt.h:36
RZ_FLIRT_SIG_ARCH_TLCS900
@ RZ_FLIRT_SIG_ARCH_TLCS900
Definition: rz_flirt.h:74
RZ_FLIRT_SIG_ARCH_JAVA
@ RZ_FLIRT_SIG_ARCH_JAVA
Definition: rz_flirt.h:32
RZ_FLIRT_SIG_ARCH_NEC_78K0S
@ RZ_FLIRT_SIG_ARCH_NEC_78K0S
Definition: rz_flirt.h:63
RZ_FLIRT_SIG_ARCH_IA64
@ RZ_FLIRT_SIG_ARCH_IA64
Definition: rz_flirt.h:55
RZ_FLIRT_SIG_ARCH_XTENSA
@ RZ_FLIRT_SIG_ARCH_XTENSA
Definition: rz_flirt.h:95
RZ_FLIRT_SIG_ARCH_MN102L00
@ RZ_FLIRT_SIG_ARCH_MN102L00
Definition: rz_flirt.h:77
RZ_FLIRT_SIG_ARCH_CR16
@ RZ_FLIRT_SIG_ARCH_CR16
Definition: rz_flirt.h:76
rz_sign_sigdb_load_database
RZ_API RZ_OWN RzSigDb * rz_sign_sigdb_load_database(RZ_NONNULL const char *sigdb_path, bool with_details)
Returns a database of signatures loaded from the signature database path.
Definition: sigdb.c:105
rz_flirt_file_type_t
rz_flirt_file_type_t
Definition: rz_flirt.h:191
RZ_FLIRT_FILE_TYPE_PAT
@ RZ_FLIRT_FILE_TYPE_PAT
.pat text format pattern file
Definition: rz_flirt.h:194
RZ_FLIRT_FILE_TYPE_SIG
@ RZ_FLIRT_FILE_TYPE_SIG
.sig compressed pattern file
Definition: rz_flirt.h:193
RZ_FLIRT_FILE_TYPE_UNKNOWN
@ RZ_FLIRT_FILE_TYPE_UNKNOWN
unknown type
Definition: rz_flirt.h:192
RZ_FLIRT_NAME_MAX
#define RZ_FLIRT_NAME_MAX
Definition: rz_flirt.h:17
rz_sign_sigdb_add_entry
RZ_API bool rz_sign_sigdb_add_entry(RZ_NONNULL RzSigDb *db, RZ_NONNULL const RzSigDBEntry *entry)
Add a new signature entry to a database.
Definition: sigdb.c:158
rz_sign_sigdb_signature_free
RZ_API void rz_sign_sigdb_signature_free(RZ_NULLABLE RzSigDBEntry *entry)
Frees a RzSigDBEntry structure.
Definition: sigdb.c:12
rz_list.h
rz_types.h
RZ_NULLABLE
#define RZ_NULLABLE
Definition: rz_types.h:65
RZ_OWN
#define RZ_OWN
Definition: rz_types.h:62
RZ_NONNULL
#define RZ_NONNULL
Definition: rz_types.h:64
buffer
Definition: buffer.h:15
entry
Definition: zipcmp.c:77
name
Definition: z80asm.h:102
rz_analysis_t
Definition: rz_analysis.h:553
rz_buf_t
Definition: rz_buf.h:43
rz_flirt_compressed_options_t
Definition: rz_flirt.h:223
rz_flirt_compressed_options_t::version
ut8 version
FLIRT version (supported only from v5 to v10)
Definition: rz_flirt.h:224
rz_flirt_compressed_options_t::app
ut16 app
FLIRT app type (RZ_FLIRT_SIG_APP_*)
Definition: rz_flirt.h:228
rz_flirt_compressed_options_t::file
ut32 file
FLIRT file type (RZ_FLIRT_SIG_FILE_*)
Definition: rz_flirt.h:226
rz_flirt_compressed_options_t::arch
ut8 arch
FLIRT arch type (RZ_FLIRT_SIG_ARCH_*)
Definition: rz_flirt.h:225
rz_flirt_compressed_options_t::os
ut16 os
FLIRT os type (RZ_FLIRT_SIG_OS_*)
Definition: rz_flirt.h:227
rz_flirt_compressed_options_t::libname
const char * libname
Definition: rz_flirt.h:230
rz_flirt_compressed_options_t::deflate
bool deflate
Definition: rz_flirt.h:229
rz_flirt_function_t
Definition: rz_flirt.h:157
rz_flirt_function_t::negative_offset
bool negative_offset
Definition: rz_flirt.h:160
rz_flirt_function_t::offset
ut32 offset
Definition: rz_flirt.h:159
rz_flirt_function_t::is_collision
bool is_collision
Definition: rz_flirt.h:162
rz_flirt_function_t::is_local
bool is_local
Definition: rz_flirt.h:161
rz_flirt_info_t
Definition: rz_flirt.h:208
rz_flirt_info_t::pat
RzFlirtPatInfo pat
Pat info.
Definition: rz_flirt.h:212
rz_flirt_info_t::u
union rz_flirt_info_t::@278 u
rz_flirt_info_t::sig
RzFlirtSigInfo sig
Sig info.
Definition: rz_flirt.h:211
rz_flirt_info_t::type
RzFlirtFileType type
Flirt file type.
Definition: rz_flirt.h:209
rz_flirt_module_t
Definition: rz_flirt.h:165
rz_flirt_module_t::crc_length
ut32 crc_length
Definition: rz_flirt.h:166
rz_flirt_module_t::referenced_functions
RzList * referenced_functions
Definition: rz_flirt.h:173
rz_flirt_module_t::length
ut32 length
Definition: rz_flirt.h:170
rz_flirt_module_t::public_functions
RzList * public_functions
Definition: rz_flirt.h:171
rz_flirt_module_t::tail_bytes
RzList * tail_bytes
Definition: rz_flirt.h:172
rz_flirt_module_t::crc16
ut32 crc16
Definition: rz_flirt.h:167
rz_flirt_node_t
Definition: rz_flirt.h:176
rz_flirt_node_t::child_list
RzList * child_list
Definition: rz_flirt.h:177
rz_flirt_node_t::module_list
RzList * module_list
Definition: rz_flirt.h:178
rz_flirt_node_t::pattern_mask
ut8 * pattern_mask
Definition: rz_flirt.h:182
rz_flirt_node_t::pattern_bytes
ut8 * pattern_bytes
Definition: rz_flirt.h:181
rz_flirt_node_t::variant_mask
ut64 variant_mask
Definition: rz_flirt.h:180
rz_flirt_node_t::length
ut32 length
Definition: rz_flirt.h:179
rz_flirt_pat_info_t
Definition: rz_flirt.h:204
rz_flirt_pat_info_t::n_modules
ut32 n_modules
FLIRT pat total number of modules/signatures contained.
Definition: rz_flirt.h:205
rz_flirt_sig_info_t
Definition: rz_flirt.h:197
rz_flirt_sig_info_t::architecture
ut8 architecture
FLIRT sig architecture/processor id.
Definition: rz_flirt.h:199
rz_flirt_sig_info_t::n_modules
ut32 n_modules
FLIRT sig total number of modules/signatures contained.
Definition: rz_flirt.h:200
rz_flirt_sig_info_t::name
char * name
FLIRT sig name.
Definition: rz_flirt.h:201
rz_flirt_sig_info_t::version
ut8 version
FLIRT sig version.
Definition: rz_flirt.h:198
rz_flirt_tail_byte_t
Definition: rz_flirt.h:152
rz_flirt_tail_byte_t::offset
ut16 offset
Definition: rz_flirt.h:153
rz_flirt_tail_byte_t::value
ut8 value
Definition: rz_flirt.h:154
rz_list_t
Definition: rz_list.h:18
rz_signature_database_entry_t
Definition: rz_flirt.h:240
rz_signature_database_entry_t::arch_name
char * arch_name
RzAsmPlugin name.
Definition: rz_flirt.h:242
rz_signature_database_entry_t::bin_name
char * bin_name
RzBinPlugin name (elf64 and pe64 are named as elf and pe)
Definition: rz_flirt.h:241
rz_signature_database_entry_t::details
char * details
signature name / description (only for .sig files)
Definition: rz_flirt.h:247
rz_signature_database_entry_t::n_modules
ut32 n_modules
signature number of modules
Definition: rz_flirt.h:248
rz_signature_database_entry_t::base_name
const char * base_name
basename of file
Definition: rz_flirt.h:244
rz_signature_database_entry_t::short_path
const char * short_path
Short path without sigdb path.
Definition: rz_flirt.h:245
rz_signature_database_entry_t::file_path
char * file_path
full path to the signature file
Definition: rz_flirt.h:246
rz_signature_database_entry_t::arch_bits
ut32 arch_bits
Architecture bits.
Definition: rz_flirt.h:243
rz_signature_db_t
Definition: rz_flirt.h:251
rz_signature_db_t::entries
HtPU * entries
Definition: rz_flirt.h:252
ut64
ut64(WINAPI *w32_GetEnabledXStateFeatures)()