summaryrefslogtreecommitdiff
path: root/src/analysis/scan/matches
diff options
context:
space:
mode:
authorCyrille Bagard <nocbos@gmail.com>2023-10-11 23:16:21 (GMT)
committerCyrille Bagard <nocbos@gmail.com>2023-10-11 23:16:21 (GMT)
commitab6b87b7309e2d00926615f6557016bee6ab0b71 (patch)
treebf69b93d2f0548fc845e68ae1e8519bd33d1da24 /src/analysis/scan/matches
parent404097b7b07b336b427b3682ec2bc48d831cb2e9 (diff)
Add two new functions to ROST grammar: modpath and maxcommon.
Diffstat (limited to 'src/analysis/scan/matches')
-rw-r--r--src/analysis/scan/matches/bytes-int.h3
-rw-r--r--src/analysis/scan/matches/bytes.c56
-rw-r--r--src/analysis/scan/matches/bytes.h6
-rw-r--r--src/analysis/scan/matches/pending.c55
-rw-r--r--src/analysis/scan/matches/pending.h6
5 files changed, 122 insertions, 4 deletions
diff --git a/src/analysis/scan/matches/bytes-int.h b/src/analysis/scan/matches/bytes-int.h
index 6f7e60b..f57cb9f 100644
--- a/src/analysis/scan/matches/bytes-int.h
+++ b/src/analysis/scan/matches/bytes-int.h
@@ -42,6 +42,9 @@ struct _GScanBytesMatch
phys_t start; /* Début du motif représenté */
phys_t len; /* Taille du motif représenté */
+ size_t mod_path_index; /* Indice de construction */
+ bool has_mod_path; /* Validité du champ précédent */
+
};
/* Correspondance trouvée avec une chaîne (classe) */
diff --git a/src/analysis/scan/matches/bytes.c b/src/analysis/scan/matches/bytes.c
index de101c4..f0b97fe 100644
--- a/src/analysis/scan/matches/bytes.c
+++ b/src/analysis/scan/matches/bytes.c
@@ -30,6 +30,7 @@
#include "bytes-int.h"
+#include "../patterns/token.h"
#include "../../../common/cpp.h"
#include "../../../core/logs.h"
@@ -121,6 +122,8 @@ static void g_scan_bytes_match_init(GScanBytesMatch *match)
match->start = VMPA_NO_PHYSICAL;
match->len = VMPA_NO_PHYSICAL;
+ match->has_mod_path = false;
+
}
@@ -285,6 +288,59 @@ phys_t g_scan_bytes_match_get_location(const GScanBytesMatch *match, phys_t *sta
}
+/******************************************************************************
+* *
+* Paramètres : match = informations de correspondance à compléter. *
+* index = indice de la combinaison de modificateurs ciblée. *
+* *
+* Description : Mémorise l'origine d'une correspondance à partir d'un indice.*
+* *
+* Retour : - *
+* *
+* Remarques : - *
+* *
+******************************************************************************/
+
+void g_scan_bytes_match_remember_modifier_path(GScanBytesMatch *match, size_t index)
+{
+ match->mod_path_index = index;
+ match->has_mod_path = true;
+
+}
+
+
+/******************************************************************************
+* *
+* Paramètres : match = informations de correspondance à consulter. *
+* *
+* Description : Retrouve l'origine d'une correspondance à partir d'un indice.*
+* *
+* Retour : Version humainement lisible de la combinaison gagnante. *
+* *
+* Remarques : - *
+* *
+******************************************************************************/
+
+char *g_scan_bytes_match_get_modifier_path(const GScanBytesMatch *match)
+{
+ char *result; /* Combinaison à retourner */
+ GBytesToken *pattern; /* Autre version du motif */
+
+ if (match->has_mod_path)
+ {
+ pattern = G_BYTES_TOKEN(G_SCAN_MATCH(match)->source);
+ result = g_bytes_token_get_modifier_path(pattern, match->mod_path_index);
+ }
+
+ else
+ result = NULL;
+
+ return result;
+
+}
+
+
+
/* ---------------------------------------------------------------------------------- */
/* IMPLEMENTATION DES FONCTIONS DE CLASSE */
/* ---------------------------------------------------------------------------------- */
diff --git a/src/analysis/scan/matches/bytes.h b/src/analysis/scan/matches/bytes.h
index e599ee4..bd7425d 100644
--- a/src/analysis/scan/matches/bytes.h
+++ b/src/analysis/scan/matches/bytes.h
@@ -60,6 +60,12 @@ GBinContent *g_scan_bytes_match_get_content(const GScanBytesMatch *);
/* Indique la localisation d'une correspondance établie. */
phys_t g_scan_bytes_match_get_location(const GScanBytesMatch *, phys_t *, phys_t *);
+/* Mémorise l'origine d'une correspondance à partir d'un indice. */
+void g_scan_bytes_match_remember_modifier_path(GScanBytesMatch *, size_t);
+
+/* Retrouve l'origine d'une correspondance à partir d'un indice. */
+char *g_scan_bytes_match_get_modifier_path(const GScanBytesMatch *);
+
#endif /* _ANALYSIS_SCAN_MATCHES_BYTES_H */
diff --git a/src/analysis/scan/matches/pending.c b/src/analysis/scan/matches/pending.c
index 9ed4de3..57c63d7 100644
--- a/src/analysis/scan/matches/pending.c
+++ b/src/analysis/scan/matches/pending.c
@@ -48,10 +48,6 @@ static int compare_match_area(const match_area_t *, const match_area_t *);
-
-
-
-
/* ---------------------------------------------------------------------------------- */
/* MEMORISATION D'UNE ZONE BORNEE */
/* ---------------------------------------------------------------------------------- */
@@ -82,6 +78,12 @@ static int compare_match_area(const match_area_t *a, const match_area_t *b)
if (result == 0)
result = sort_unsigned_long_long(a->ttl, b->ttl);
+ if (result == 0)
+ result = sort_unsigned_long_long(a->has_mod_path, b->has_mod_path);
+
+ if (result == 0)
+ result = sort_unsigned_long_long(a->mod_path_index, b->mod_path_index);
+
return result;
}
@@ -293,6 +295,51 @@ void add_pending_match(pending_matches_t *matches, phys_t start, phys_t length)
area->ttl = 1;
+ area->has_mod_path = false;
+
+}
+
+
+/******************************************************************************
+* *
+* Paramètres : matches = suivi de correspondances à compléter. *
+* start = point de départ d'une nouvelle correspondance. *
+* length = taille de la zone couverte. *
+* index = indice de construction pour le motif concerné. *
+* *
+* Description : Ajoute au suivi la définition d'une nouvelle correspondance. *
+* *
+* Retour : - *
+* *
+* Remarques : - *
+* *
+******************************************************************************/
+
+void add_pending_match_with_path(pending_matches_t *matches, phys_t start, phys_t length, size_t index)
+{
+ match_area_t *area; /* Zone à initialiser */
+
+ if (matches->used == matches->allocated)
+ {
+ matches->allocated += PENDING_ALLOC_SIZE;
+
+ matches->areas = realloc(matches->areas, matches->allocated * sizeof(match_area_t));
+
+ }
+
+ area = &matches->areas[matches->used++];
+
+ area->start = start;
+ area->end = start + length;
+
+ assert(matches->content_start <= area->start);
+ assert(area->end <= matches->content_end);
+
+ area->ttl = 1;
+
+ area->mod_path_index = index;
+ area->has_mod_path = true;
+
}
diff --git a/src/analysis/scan/matches/pending.h b/src/analysis/scan/matches/pending.h
index 6df01c9..f4ac7a2 100644
--- a/src/analysis/scan/matches/pending.h
+++ b/src/analysis/scan/matches/pending.h
@@ -41,6 +41,9 @@ typedef struct _match_area_t
unsigned long ttl; /* Durée de vie pour analyse */
+ size_t mod_path_index; /* Indice de construction */
+ bool has_mod_path; /* Validité du champ précédent */
+
} match_area_t;
/* Suivi de correspondances */
@@ -86,6 +89,9 @@ match_area_t * const *get_all_pending_matches(const pending_matches_t *, size_t
/* Ajoute au suivi la définition d'une nouvelle correspondance. */
void add_pending_match(pending_matches_t *, phys_t, phys_t);
+/* Ajoute au suivi la définition d'une nouvelle correspondance. */
+void add_pending_match_with_path(pending_matches_t *, phys_t, phys_t, size_t);
+
/* Etend une zone couverte dans le suivi des correspondances. */
void extend_pending_match_beginning(pending_matches_t *, size_t, phys_t);