rz-bindgen/doxygen/sigdb_8c_source.html

 // SPDX-FileCopyrightText: 2021 RizinOrg <info@rizin.re>

 // SPDX-FileCopyrightText: 2021 deroad <wargio@libero.it>

 // SPDX-License-Identifier: LGPL-3.0-only


 #include <rz_flirt.h>


 RZ_API void rz_sign_sigdb_signature_free(RZ_NULLABLE RzSigDBEntry *entry) {

     if (!entry) {

         return;

     }

     // base_name points to file_path, so there is no need to call free

     // short_path points to file_path, so there is no need to call free

     free(entry->bin_name);

     free(entry->arch_name);

     free(entry->file_path);

     free(entry);

 }


 static int sigdb_signature_cmp(const RzSigDBEntry *a, const RzSigDBEntry *b) {

     return strcmp(a->short_path, b->short_path);

 }


 static bool sigdb_signature_resolve_details(RzSigDBEntry *entry, size_t path_len, bool with_details) {

     char *bin_end = NULL;

     char *arch_end = NULL;

     char *bits_end = NULL;

     char copy_path[1024] = { 0 };

     RzFlirtNode *node = NULL;

     RzFlirtInfo info = { 0 };

     RzBuffer *buffer = NULL;


 #if __WINDOWS__

     rz_str_replace_char(entry->file_path, '/', '\\');

 #endif

     // expected path elf/x86/64/signature.sig/.pat

     strncpy(copy_path, entry->file_path + path_len, sizeof(copy_path) - 1);

     entry->base_name = rz_file_basename(entry->file_path);

     entry->short_path = entry->file_path + path_len;


     if (!(bin_end = strstr(copy_path, RZ_SYS_DIR))) {

         RZ_LOG_WARN("sigdb: folder structure is invalid (missing bin name).\n");

         return false;

     } else if (!(arch_end = strstr(bin_end + strlen(RZ_SYS_DIR), RZ_SYS_DIR))) {

         RZ_LOG_WARN("sigdb: folder structure is invalid (missing arch name).\n");

         return false;

     } else if (!(bits_end = strstr(arch_end + strlen(RZ_SYS_DIR), RZ_SYS_DIR))) {

         RZ_LOG_WARN("sigdb: folder structure is invalid (missing arch bits).\n");

         return false;

     }


     if (!with_details) {

         goto skip_details;

     }


     buffer = rz_buf_new_file(entry->file_path, O_RDONLY, 0);

     if (!buffer) {

         RZ_LOG_WARN("sigdb: cannot open signature file '%s'.\n", entry->file_path);

         return false;

     }


     if (rz_str_endswith(entry->base_name, ".sig")) {

         bool success = rz_sign_flirt_parse_header_compressed_pattern_from_buffer(buffer, &info);

         rz_buf_free(buffer);

         if (!success) {

             return false;

         }


         entry->details = RZ_STR_DUP(info.u.sig.name);

         entry->n_modules = info.u.sig.n_modules;

     } else {

         node = rz_sign_flirt_parse_string_pattern_from_buffer(buffer, RZ_FLIRT_NODE_OPTIMIZE_NONE, &info);

         rz_buf_free(buffer);

         if (!node) {

             return false;

         }


         entry->n_modules = info.u.pat.n_modules;

     }

     rz_sign_flirt_node_free(node);

     rz_sign_flirt_info_fini(&info);


 skip_details:

     bin_end[0] = 0;

     entry->bin_name = strdup(copy_path);

     arch_end[0] = 0;

     entry->arch_name = strdup(bin_end + strlen(RZ_SYS_DIR));

     bits_end[0] = 0;

     entry->arch_bits = rz_get_input_num_value(NULL, arch_end + strlen(RZ_SYS_DIR));


     return true;

 }


 RZ_API RZ_OWN RzSigDb *rz_sign_sigdb_load_database(RZ_NONNULL const char *sigdb_path, bool with_details) {

     rz_return_val_if_fail(RZ_STR_ISNOTEMPTY(sigdb_path), NULL);

     char glob[1024];

     if (!rz_file_is_directory(sigdb_path)) {

         RZ_LOG_ERROR("sigdb path is unknown or invalid (path: %s)\n", sigdb_path);

         return NULL;

     }

     size_t path_len = strlen(sigdb_path) + 1; // ignoring also the filesystem separator

     RzSigDb *sigs = rz_sign_sigdb_new();

     if (!sigs) {

         RZ_LOG_ERROR("cannot allocate signature database\n");

         return NULL;

     }


     rz_strf(glob, RZ_JOIN_2_PATHS("%s", "**"), sigdb_path);

     RzList *files = rz_file_globsearch(glob, 10);

     char *file = NULL;

     RzListIter *iter = NULL;

     RzSigDBEntry *sig = NULL;


     rz_list_foreach (files, iter, file) {

         if (!rz_str_endswith(file, ".pat") && !rz_str_endswith(file, ".sig")) {

             continue;

         }


         sig = RZ_NEW0(RzSigDBEntry);

         if (!sig) {

             goto fail;

         }


         sig->file_path = strdup(file);

         if (!sig->file_path || !sigdb_signature_resolve_details(sig, path_len, with_details)) {

             rz_sign_sigdb_signature_free(sig);

             goto fail;

         }

         rz_sign_sigdb_add_entry(sigs, sig);

     }

     rz_list_free(files);

     return sigs;


 fail:

     rz_list_free(files);

     rz_sign_sigdb_free(sigs);

     return NULL;

 }


 RZ_API bool rz_sign_sigdb_add_entry(RZ_NONNULL RzSigDb *db, RZ_NONNULL const RzSigDBEntry *entry) {

     rz_return_val_if_fail(db && entry, NULL);

     return ht_pu_insert(db->entries, entry, 1);

 }


 struct sigdb_move_data_t {

     RzSigDb *src;

     RzSigDb *dst;

 };


 static bool sigdb_move_entry(void *user, const void *k, const ut64 v) {

     struct sigdb_move_data_t *move_data = (struct sigdb_move_data_t *)user;

     rz_sign_sigdb_add_entry(move_data->dst, k);

     ht_pu_delete(move_data->src->entries, k);

     return true;

 }


 RZ_API bool rz_sign_sigdb_merge(RZ_NONNULL RzSigDb *db, RZ_NONNULL RzSigDb *db2) {

     rz_return_val_if_fail(db && db2, NULL);

     struct sigdb_move_data_t opt = {

         .src = db2,

         .dst = db,

     };

     db2->entries->opt.freefn = NULL;

     ht_pu_foreach(db2->entries, sigdb_move_entry, &opt);

     return true;

 }


 static int ut32cmp(int a, int b) {

     if (a < b) {

         return -1;

     }

     if (a > b) {

         return 1;

     }

     return 0;

 }


 static int strcmp_null(const char *a, const char *b) {

     if (!a && !b) {

         return 0;

     }

     if (!a && b) {

         return -1;

     }

     if (a && !b) {

         return 1;

     }

     return strcmp(a, b);

 }


 static int sigdb_entry_cmp(const void *a, const void *b) {

 #define field_cmp(fname, cmpfunction) \

     do { \

         int r = cmpfunction(sa->fname, sb->fname); \

         if (r != 0) { \

             return r; \

         } \

     } while (0)


     const RzSigDBEntry *sa = (const RzSigDBEntry *)a;

     const RzSigDBEntry *sb = (const RzSigDBEntry *)b;

     field_cmp(bin_name, strcmp_null);

     field_cmp(arch_name, strcmp_null);

     field_cmp(arch_bits, ut32cmp);

     field_cmp(base_name, strcmp_null);

     field_cmp(short_path, strcmp_null);

     field_cmp(file_path, strcmp_null);

     field_cmp(details, strcmp_null);

     field_cmp(n_modules, ut32cmp);

     return 0;

 #undef field_cmp

 }


 static ut32 sigdb_entry_hash(const void *k) {

     const RzSigDBEntry *s = (const RzSigDBEntry *)k;

     ut32 r = sdb_hash(s->bin_name);

     r ^= sdb_hash(s->arch_name);

     r ^= s->arch_bits;

     r ^= sdb_hash(s->short_path);

     return r;

 }


 static void ht_pu_sigdb_freekv(HtPUKv *kv) {

     if (!kv) {

         return;

     }

     rz_sign_sigdb_signature_free(kv->key);

 }


 RZ_API RZ_OWN RzSigDb *rz_sign_sigdb_new(void) {

     RzSigDb *db = RZ_NEW0(RzSigDb);

     if (!db) {

         return NULL;

     }

     HtPUOptions opt = { 0 };

     opt.cmp = sigdb_entry_cmp,

     opt.hashfn = sigdb_entry_hash,

     opt.freefn = ht_pu_sigdb_freekv;

     db->entries = ht_pu_new_opt(&opt);

     if (!db->entries) {

         free(db);

         return NULL;

     }

     return db;

 }


 RZ_API void rz_sign_sigdb_free(RzSigDb *db) {

     if (!db) {

         return;

     }

     ht_pu_free(db->entries);

     free(db);

 }


 static bool sigdb_to_list(void *user, const void *k, const ut64 v) {

     RzList *l = (RzList *)user;

     rz_list_append(l, (void *)k);

     return true;

 }


 RZ_API RZ_OWN RzList /*<RzSigDBEntry *>*/ *rz_sign_sigdb_list(RZ_NONNULL const RzSigDb *db) {

     rz_return_val_if_fail(db, NULL);


     RzList *res = rz_list_new();

     if (!res) {

         return NULL;

     }

     ht_pu_foreach(db->entries, sigdb_to_list, res);

     rz_list_sort(res, (RzListComparator)sigdb_signature_cmp);

     return res;

 }

sb
static SblHeader sb
Definition: bin_mbn.c:26

info
RzBinInfo * info(RzBinFile *bf)
Definition: bin_ne.c:86

RZ_API
#define RZ_API
Definition: core_plugin_example.c:36

NULL
#define NULL
Definition: cris-opc.c:27

r
#define r
Definition: crypto_rc6.c:12

ut32
uint32_t ut32
Definition: demangler_util.h:31

k
const char * k
Definition: dsignal.c:11

v
const char * v
Definition: dsignal.c:12

files
checking print the parsed form of the magic use in n conjunction with m to debug a new magic file n before installing it n output MIME type special files
Definition: file_opts.h:46

free
RZ_API void Ht_() free(HtName_(Ht) *ht)
Definition: ht_inc.c:130

rz_list_new
RZ_API RZ_OWN RzList * rz_list_new(void)
Returns a new initialized RzList pointer (free method is not initialized)
Definition: list.c:235

rz_list_sort
RZ_API void rz_list_sort(RZ_NONNULL RzList *list, RZ_NONNULL RzListComparator cmp)
Sorts via merge sort or via insertion sort a list.
Definition: list.c:743

rz_list_append
RZ_API RZ_BORROW RzListIter * rz_list_append(RZ_NONNULL RzList *list, void *data)
Appends at the end of the list a new element.
Definition: list.c:288

rz_list_free
RZ_API void rz_list_free(RZ_NONNULL RzList *list)
Empties the list and frees the list pointer.
Definition: list.c:137

strdup
return strdup("=SP	r13\n" "=LR	r14\n" "=PC	r15\n" "=A0	r0\n" "=A1	r1\n" "=A2	r2\n" "=A3	r3\n" "=ZF	zf\n" "=SF	nf\n" "=OF	vf\n" "=CF	cf\n" "=SN	or0\n" "gpr	lr	.32	56	0\n" "gpr	pc	.32	60	0\n" "gpr	cpsr	.32	64	0	____tfiae_________________qvczn\n" "gpr	or0	.32	68	0\n" "gpr	tf	.1	64.5	0	thumb\n" "gpr	ef	.1	64.9	0	endian\n" "gpr	jf	.1	64.24	0	java\n" "gpr	qf	.1	64.27	0	sticky_overflow\n" "gpr	vf	.1	64.28	0	overflow\n" "gpr	cf	.1	64.29	0	carry\n" "gpr	zf	.1	64.30	0	zero\n" "gpr	nf	.1	64.31	0	negative\n" "gpr	itc	.4	64.10	0	if_then_count\n" "gpr	gef	.4	64.16	0	great_or_equal\n" "gpr	r0	.32	0	0\n" "gpr	r1	.32	4	0\n" "gpr	r2	.32	8	0\n" "gpr	r3	.32	12	0\n" "gpr	r4	.32	16	0\n" "gpr	r5	.32	20	0\n" "gpr	r6	.32	24	0\n" "gpr	r7	.32	28	0\n" "gpr	r8	.32	32	0\n" "gpr	r9	.32	36	0\n" "gpr	r10	.32	40	0\n" "gpr	r11	.32	44	0\n" "gpr	r12	.32	48	0\n" "gpr	r13	.32	52	0\n" "gpr	r14	.32	56	0\n" "gpr	r15	.32	60	0\n" "gpr	r16	.32	64	0\n" "gpr	r17	.32	68	0\n")

iter
Definition: test_winkernel.cpp:47

s
static RzSocket * s
Definition: rtr.c:28

rz_return_val_if_fail
#define rz_return_val_if_fail(expr, val)
Definition: rz_assert.h:108

rz_buf_free
RZ_API void rz_buf_free(RzBuffer *b)
Free all internal data hold by the buffer and the buffer.
Definition: buf.c:1253

rz_buf_new_file
RZ_API RZ_OWN RzBuffer * rz_buf_new_file(const char *file, int perm, int mode)
Creates a new buffer from a file.
Definition: buf.c:317

rz_file_basename
RZ_API const char * rz_file_basename(const char *path)
Definition: file.c:83

rz_file_is_directory
RZ_API bool rz_file_is_directory(const char *str)
Definition: file.c:167

rz_file_globsearch
RZ_API RzList * rz_file_globsearch(const char *globbed_path, int maxdepth)
Definition: file.c:1263

rz_flirt.h

rz_sign_flirt_parse_string_pattern_from_buffer
RZ_API RZ_OWN RzFlirtNode * rz_sign_flirt_parse_string_pattern_from_buffer(RZ_NONNULL RzBuffer *flirt_buf, ut32 optimization, RZ_NULLABLE RzFlirtInfo *info)
Parses the RzBuffer containing a FLIRT signature in string format and returns an RzFlirtNode.
Definition: pat.c:356

rz_sign_flirt_node_free
RZ_API void rz_sign_flirt_node_free(RZ_NULLABLE RzFlirtNode *node)
Frees an RzFlirtNode struct.
Definition: flirt.c:299

rz_sign_flirt_parse_header_compressed_pattern_from_buffer
RZ_API RZ_OWN bool rz_sign_flirt_parse_header_compressed_pattern_from_buffer(RZ_NONNULL RzBuffer *flirt_buf, RZ_NONNULL RzFlirtInfo *info)
Parses the RzBuffer containing a FLIRT structure and returns an RzFlirtInfo.
Definition: flirt.c:1062

rz_sign_flirt_info_fini
RZ_API void rz_sign_flirt_info_fini(RZ_NULLABLE RzFlirtInfo *info)
Frees an RzFlirtInfo struct elements without freeing the pointer.
Definition: flirt.c:315

RZ_FLIRT_NODE_OPTIMIZE_NONE
@ RZ_FLIRT_NODE_OPTIMIZE_NONE
keeps the structure flattened (keep the tail bytes)
Definition: rz_flirt.h:186

RzListComparator
int(* RzListComparator)(const void *value, const void *list_data)
Definition: rz_list.h:33

RZ_LOG_WARN
#define RZ_LOG_WARN(fmtstr,...)
Definition: rz_log.h:56

RZ_LOG_ERROR
#define RZ_LOG_ERROR(fmtstr,...)
Definition: rz_log.h:58

rz_get_input_num_value
RZ_API ut64 rz_get_input_num_value(RzNum *num, const char *input_value)
Definition: unum.c:743

RZ_STR_ISNOTEMPTY
#define RZ_STR_ISNOTEMPTY(x)
Definition: rz_str.h:68

rz_str_replace_char
RZ_API int rz_str_replace_char(char *s, int a, int b)
Definition: str.c:169

RZ_STR_DUP
#define RZ_STR_DUP(x)
Definition: rz_str.h:69

rz_str_endswith
RZ_API bool rz_str_endswith(RZ_NONNULL const char *str, RZ_NONNULL const char *needle)
Checks if a string ends with a specifc sequence of characters (case sensitive)
Definition: str.c:3329

rz_strf
#define rz_strf(buf,...)
Convenience macro for local temporary strings.
Definition: rz_str.h:59

RZ_SYS_DIR
#define RZ_SYS_DIR
Definition: rz_types.h:218

RZ_NULLABLE
#define RZ_NULLABLE
Definition: rz_types.h:65

RZ_OWN
#define RZ_OWN
Definition: rz_types.h:62

RZ_NEW0
#define RZ_NEW0(x)
Definition: rz_types.h:284

RZ_JOIN_2_PATHS
#define RZ_JOIN_2_PATHS(p1, p2)
Definition: rz_types.h:224

RZ_NONNULL
#define RZ_NONNULL
Definition: rz_types.h:64

sdb_hash
RZ_API ut32 sdb_hash(const char *key)
Definition: util.c:22

O_RDONLY
#define O_RDONLY
Definition: sftypes.h:486

b
#define b(i)
Definition: sha256.c:42

a
#define a(i)
Definition: sha256.c:41

ut32cmp
static int ut32cmp(int a, int b)
Definition: sigdb.c:195

sigdb_signature_cmp
static int sigdb_signature_cmp(const RzSigDBEntry *a, const RzSigDBEntry *b)
Definition: sigdb.c:24

rz_sign_sigdb_merge
RZ_API bool rz_sign_sigdb_merge(RZ_NONNULL RzSigDb *db, RZ_NONNULL RzSigDb *db2)
Merge the signatures from db2 into db.
Definition: sigdb.c:184

strcmp_null
static int strcmp_null(const char *a, const char *b)
Definition: sigdb.c:205

ht_pu_sigdb_freekv
static void ht_pu_sigdb_freekv(HtPUKv *kv)
Definition: sigdb.c:250

rz_sign_sigdb_new
RZ_API RZ_OWN RzSigDb * rz_sign_sigdb_new(void)
Create a new empty RzSigDb instance.
Definition: sigdb.c:260

field_cmp
#define field_cmp(fname, cmpfunction)

rz_sign_sigdb_free
RZ_API void rz_sign_sigdb_free(RzSigDb *db)
Definition: sigdb.c:277

sigdb_move_entry
static bool sigdb_move_entry(void *user, const void *k, const ut64 v)
Definition: sigdb.c:168

rz_sign_sigdb_list
RZ_API RZ_OWN RzList * rz_sign_sigdb_list(RZ_NONNULL const RzSigDb *db)
Return the signature database as a list of entries.
Definition: sigdb.c:294

sigdb_signature_resolve_details
static bool sigdb_signature_resolve_details(RzSigDBEntry *entry, size_t path_len, bool with_details)
Definition: sigdb.c:28

rz_sign_sigdb_load_database
RZ_API RZ_OWN RzSigDb * rz_sign_sigdb_load_database(RZ_NONNULL const char *sigdb_path, bool with_details)
Returns a database of signatures loaded from the signature database path.
Definition: sigdb.c:105

sigdb_entry_cmp
static int sigdb_entry_cmp(const void *a, const void *b)
Definition: sigdb.c:218

sigdb_to_list
static bool sigdb_to_list(void *user, const void *k, const ut64 v)
Definition: sigdb.c:285

rz_sign_sigdb_add_entry
RZ_API bool rz_sign_sigdb_add_entry(RZ_NONNULL RzSigDb *db, RZ_NONNULL const RzSigDBEntry *entry)
Add a new signature entry to a database.
Definition: sigdb.c:158

sigdb_entry_hash
static ut32 sigdb_entry_hash(const void *k)
Definition: sigdb.c:241

rz_sign_sigdb_signature_free
RZ_API void rz_sign_sigdb_signature_free(RZ_NULLABLE RzSigDBEntry *entry)
Frees a RzSigDBEntry structure.
Definition: sigdb.c:12

buffer
Definition: buffer.h:15

entry
Definition: zipcmp.c:77

file
Definition: gzappend.c:170

rz_buf_t
Definition: rz_buf.h:43

rz_flirt_info_t
Definition: rz_flirt.h:208

rz_flirt_node_t
Definition: rz_flirt.h:176

rz_list_iter_t
Definition: rz_list.h:13

rz_list_t
Definition: rz_list.h:18

rz_signature_database_entry_t
Definition: rz_flirt.h:240

rz_signature_database_entry_t::file_path
char * file_path
full path to the signature file
Definition: rz_flirt.h:246

rz_signature_db_t
Definition: rz_flirt.h:251

rz_signature_db_t::entries
HtPU * entries
Definition: rz_flirt.h:252

sigdb_move_data_t
Definition: sigdb.c:163

sigdb_move_data_t::dst
RzSigDb * dst
Definition: sigdb.c:165

sigdb_move_data_t::src
RzSigDb * src
Definition: sigdb.c:164

fail
#define fail(test)
Definition: tests.h:29

ut64
ut64(WINAPI *w32_GetEnabledXStateFeatures)()