summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorCyrille Bagard <nocbos@gmail.com>2024-11-03 12:09:36 (GMT)
committerCyrille Bagard <nocbos@gmail.com>2024-11-03 12:09:36 (GMT)
commit59a9138a3ac546e2ae707b447f1b4ad977ff6eed (patch)
tree6b43eb8f18dff871a7b0e4a3acb95e2f0099d868
parent26b247483301d117b2be9e4ff2763da847948096 (diff)
Define a function to compute entropy.
-rw-r--r--src/common/Makefile.am1
-rw-r--r--src/common/entropy.c82
-rw-r--r--src/common/entropy.h37
3 files changed, 120 insertions, 0 deletions
diff --git a/src/common/Makefile.am b/src/common/Makefile.am
index 7f0fe4e..7925b66 100644
--- a/src/common/Makefile.am
+++ b/src/common/Makefile.am
@@ -52,6 +52,7 @@ libcommon4_la_SOURCES = \
compiler.h \
datatypes.h \
dllist.h dllist.c \
+ entropy.h entropy.c \
environment.h environment.c \
extstr.h extstr.c \
fnv1a.h fnv1a.c \
diff --git a/src/common/entropy.c b/src/common/entropy.c
new file mode 100644
index 0000000..1f3adfa
--- /dev/null
+++ b/src/common/entropy.c
@@ -0,0 +1,82 @@
+
+/* Chrysalide - Outil d'analyse de fichiers binaires
+ * entropy.c - calcul de l'entropie d'un contenu binaire
+ *
+ * Copyright (C) 2024 Cyrille Bagard
+ *
+ * This file is part of Chrysalide.
+ *
+ * Chrysalide is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * Chrysalide is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with Chrysalide. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+
+#include "entropy.h"
+
+
+#include <math.h>
+#include <string.h>
+
+
+
+/******************************************************************************
+* *
+* Paramètres : data = séquence d'octets à traiter. *
+* len = quantité de ces octets. *
+* *
+* Description : Détermine l'entropie d'un contenu binaire. *
+* *
+* Retour : Valeur d'entropie du contenu fourni. *
+* *
+* Remarques : - *
+* *
+******************************************************************************/
+
+double compute_entropy(const bin_t *data, size_t len)
+{
+ double result; /* Valeur calculée à renvoyer */
+ unsigned long counters[256]; /* Décompte des valeurs */
+ const bin_t *d_max; /* Borne de fin de parcours #1 */
+ const bin_t *d_iter; /* Boucle de parcours #1 */
+ double log_2;
+ unsigned long *c_max; /* Borne de fin de parcours #2 */
+ unsigned long *c_iter; /* Boucle de parcours #2 */
+ double freq; /* Fréquence liée à une valeur */
+
+ result = 0.0;
+
+ memset(counters, 0, sizeof(counters));
+
+ d_max = data + len;
+
+ for (d_iter = data; d_iter < d_max; d_iter++)
+ counters[*d_iter]++;
+
+ log_2 = log(256.0);
+
+ c_max = counters + 256;
+
+ for (c_iter = counters; c_iter < c_max; c_iter++)
+ {
+ if (*c_iter == 0lu)
+ continue;
+
+ freq = ((double)*c_iter) / ((double)len);
+
+ result -= freq * (log(freq) / log_2);
+
+ }
+
+ return result;
+
+}
diff --git a/src/common/entropy.h b/src/common/entropy.h
new file mode 100644
index 0000000..f747149
--- /dev/null
+++ b/src/common/entropy.h
@@ -0,0 +1,37 @@
+
+/* Chrysalide - Outil d'analyse de fichiers binaires
+ * entropy.h - prototypes pour le calcul de l'entropie d'un contenu binaire
+ *
+ * Copyright (C) 2024 Cyrille Bagard
+ *
+ * This file is part of Chrysalide.
+ *
+ * Chrysalide is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * Chrysalide is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with Chrysalide. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+
+#ifndef _COMMON_ENTROPY_H
+#define _COMMON_ENTROPY_H
+
+
+#include "../arch/archbase.h"
+
+
+
+/* Détermine l'entropie d'un contenu binaire. */
+double compute_entropy(const bin_t *, size_t);
+
+
+
+#endif /* _COMMON_ENTROPY_H */